News & Updates

Enlarge / Swatting suspect Tyler Barriss depicted in a 2015 mug shot released by Glendale police. (credit: Glendale Police Department)

A Los Angeles man accused of making a hoax phone call that led to the death of an innocent man in Wichita, Kansas, has been charged with involuntary manslaughter. 25-year-old Tyler Barriss was arrested in Los Angeles late last month, and authorities there extradited him to Kansas. He made his first appearance in a Kansas courtroom on Friday, court records show.

Authorities believe that Barriss made a hoax phone call that sent police to the home of an innocent man, Andrew Finch, on December 28. Finch opened the door with his hands up. But when he briefly lowered his hands toward his waistband, a police officer shot him, believing that Finch could be reaching for a gun.

The incident appears to have originated with an online feud over a $1.50 Call of Duty bet. One of the parties to that dispute reportedly approached online user SWAuTistic, who had a reputation for initiating “swatting” pranks against online gamers. SWAuTistic called the Wichita police, pretending to be a deranged man who had already shot his father and threatened to shoot other members of his family.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Analysis conducted by SolarWinds on the impact on the performance of the Spectre/Meltdown patches on its own Amazon Web Services infrastructure revealed serious performance degradation.

SolarWinds, the vendor of IT Management Software & Monitoring Tools, has analyzed the impact on the performance of Meltdown and Spectre security patches on its own Amazon Web Services infrastructure.

The results are disconcerting, the company has graphically represented the performance of “a Python worker service tier” on paravirtualized AWS instances.

The CPU usage jumped up to roughly 25% just after Amazon restarted the PV instance used by the company.

“As you can see from the following chart taken from a Python worker service tier, when we rebooted our PV instances on Dec 20th ahead of the maintenance date, we saw CPU jumps of roughly 25%.” states the analysis published by SolarWinds.

 

The company also monitored the performance of its EC2 instances noticing a degradation while Amazon was rolling out the Meltdown patches.

“AWS was able to live patch HVM instances with the Meltdown mitigation patches without requiring instance reboots. From what we observed, these patches started rolling out about Jan 4th, 00:00 UTC in us-east-1 and completed around 20:00 UTC for EC2 HVM instances in us-east-1. ” continues the analysis.

“CPU bumps like this were noticeable across several different service tiers:”

Summarizing, the packet rate drops up to 40% on its Kafka cluster, while CPU utilization spiked by around 25 percent on Cassandra.

The deployment of the patches had also some positive effects, CPU utilization rates decreased. The company issued an update on Jan 12, 2018.

“As of 10:00 UTC this morning we are noticing a step reduction in CPU usage across our instances. It is unclear if there are additional patches being rolled out, but CPU levels appear to be returning to pre-HVM patch levels.” states the firm.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini

(Security Affairs – Meltdown patches, Amazon)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post Spectre/Meltdown patches had a significant impact on SolarWinds’s AWS infrastructure appeared first on Security Affairs.

Source: Security affairs

The cybersecurity threat landscape has never been more extensive and is most likely to grow exponentially in 2018.

Although the original creators of Mirai DDoS botnet have already been arrested and jailed, the variants of the infamous IoT malware are still in the game due to the availability of its source code on the Internet.

Security researchers have spotted a new variant of infamous Mirai


Source: http://feeds.feedburner.com/TheHackersNews

BlackWallet.co was victims of a DNS hijacking attack, on January 13 the attackers have stolen over $400,000 from users’ accounts (roughly 670,000 Lumens).

The spike in cryptocurrency values is attracting cybercriminals, the last victim is the BlackWallet.co a web-based wallet application for the Stellar Lumen cryptocurrency (XLM).

The platform was victims of a DNS hijacking attack, on January 13 the attackers have stolen over $400,000 from users’ accounts (roughly 670,000 Lumens).

According to Bleeping Computer, the attackers collected 669,920 Lumens, which is about $400,192 at the current XML/USD exchange rate.

Stellar Lumen today is considered as the eight most popular cryptocurrency.

The attackers hijacked the DNS entry of the BlackWallet.co domain and redirected it to a server they operated, as result of the attack, the application suspended its service.

Technically users were logging to the bogus domain entering their credentials, then the attackers used them to access the account and steal the funds.

 

Users on Reddit and other communities promptly spread the news of the hack.

The attackers immediately started moving funds from the XLM account to Bittrex, a cryptocurrency exchange, in the attempt to launder them by converting in other digital currency.

blackwallet hacked

The situation is critical, admins are asking Bittrex to block the attackers’ operations before is too late.

“I am the creator of Blackwallet. Blackwallet was compromised today, after someone accessed my hosting provider account. He then changed the dns settings to those of its fraudulent website (which was a copy of blackwallet).” the Blackwallet creator wrote on Reddit.

“Hacker wallet is: https://stellarchain.io/address/GBH4TZYZ4IRCPO44CBOLFUHULU2WGALXTAVESQA6432MBJMABBB4GIYI

I’ve contacted both SDF and Bittrex to ask them to block the bittrex’s account of the hacker. I’ve contacted my hosting provider to disable my account and my websites.

Hacker sent the funds to a bittrex account. This might lead to an identity.”

According to the BlackWallet admin, the incident took place after someone accessed his hosting provider account.

The creator of the web-based wallet application is trying to collect more info about the hack from his hosting provider.

“If you ever entered your key on blackwallet, you may want to move your funds to a new wallet using the stellar account viewer,” he added. “Please note however that blackwallet was only an account viewer and that no keys were stored on the server!” he added in the statement.

In December, the popular cryptocurrency exchange EtherDelta suffered a similar incident, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789) as well as a large number of tokens.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini

(Security Affairs – hacking, Lumens)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post Blackwallet hacked, hackers stole $400,000 from users’ accounts through DNS hijacking appeared first on Security Affairs.

Source: Security affairs

I think everybody, myself included, has at least once tried to download a video from YouTube or another such online streaming service. Who wouldn’t want to listen to their favorite track on the go or watch a sitcom on their smartphones, while commuting to & from work? Frankly speaking, it is not a crime to […]

The post KeepVid Pro Review: Best YouTube to MP4 Converter, MP3 Downloader and Video Recorder appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

Researcher @unixfreaxjp spotted the first time ever in the history of computer engineering a Linux malware designed to infect ARC CPU, this new Linux ELF malware was dubbed MIRAI OKIRU.

In August 2016 the researcher @ from @ team first spotted the dreaded Mirai botnet, now the same researcher is announcing a new big earthquake in the malware community.

 spotted the first time ever in the history of computer engineering a Linux malware designed to infect ARC CPU, this new Linux ELF malware was dubbed MIRAI OKIRU.

This is the first time that a malware specifically targets ARC-based systems, the Mirai Okiru was undetected by almost all the antivirus engines at the time of its discovery.

Mirai ARC OKIRU

“!! Please be noted of this fact, and be ready for the bigger impact on infection Mirai (specially Okiru) to devices that hasn’t been infected yet.” said 

The Linux IoT threat landscape is rapidly changing, crooks will start targeting IoT devices based on ARC CPU.

“From this day, the landscape of #Linux #IoT infection will change. #ARC cpu has produced #IoT dervices more than 1 billion per year. So these devices are what the hackers want to aim to infect #ELF #malware with their #DDoS cannons. It’s a serious threat will be. #MalwareMustDie!” wrote MMD.

As highlighted by the colleague  the impact of such botnet could be devastating, it has been estimated that ARC embedded processors are shipped in more than 1.5 billion products per year. This means that the number of the potentially exposed devices is enormous, and a so powerful botnet could be used for a multitude of malicious purposes.

“ARC (Argonaut RISC Core) embedded processors are a family of 32-bit CPUs originally designed by ARC International. They are widely used in SoC devices for storage, home, mobile, automotive, and Internet of Things applications. ARC processors have been licensed by more than 200 organizations and are shipped in more than 1.5 billion products per year.” reads Wikipedia.

#Mirai #Okiru variant is very dangerous, if you see how the coder made specific “innovative modification” in its variant codes+encryption you’ll see what I mean, & now they are the 1st malware to aim #ARC core. These guys can make greater chaos if not be stopped. Mark my word” wrote MalwareMustDie.

It is very important to understand that the Mirai Satori variant is very different from Okiru as explained by MalwareDustdie.

  1. From what we observe so far. these two types are very different, (among of several common similar characteristic), we think it is good to have different rules to detect Mirai variant Okiru and Satori
  2. Some simple highlights to differ Okiru to Satori variant:
  • The config is different, Okiru variant’s config is encrypted in two parts w/ telnet bombardment password encrypted, Satori does not split it in 2parts and doesn’t encrypt brute default passwords. Also Okiru’s telnet attack login information is a bit longer (can be up to 114 credentials, max counted), while Satori is having different and shorter database.
  • Satori seem to have “TSource Engine Query” common Distributed “Reflective” (DRDoS) attack function via random UDP, while Okiru does not seem to have this function,
  • The infection follow up commands written in both Okiru and Satori in their configurations are a bit different, showing possibility that they don’t seem sharing a same “herding environment”,
  • (up to) Four types of router attack exploit code has only being spotted hard coded in Okiru variant, yet Satori does not use these exploits at all,
  • Satori (see VT comment part for reversed code) is using small embedded ELF trojan downloaders to download other architecture binaries which were coded differently compared to Okiru ones (see reversed code is in VT comment),
  • (there are more minors stuff too that you can notice using the pictures shown in previous points, like differences in usage of watchdog, the usage of command “echo -en x…” etc)

wrote MalwareMustDie.

 ARC Core CPU base compiled Mirai Okiru ELF malware (botnet client) (ELF 32-bit LSB executable, ARC Cores Tangent-A5, version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, for GNU/Linux 4.8.0, stripped).

The risk that someone could build a powerful Mirai Okiru botnet composed of a billion device is concrete.

Researchers from MalwareMustDie published the Yara rules for the threat

https://github.com/unixfreaxjp/rules/blob/master/malware/MALW_Mirai_Okiru_ELF.yar

and IoCs:

  • MD5: 9c677dd17279a43325556ec5662feba0
  • MD5: 24fc15a4672680d92af7edb2c3b2e957

Stay tuned …

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Criteo.DisplayAd({
“zoneid”: 1082811,
“async”: false});

Pierluigi Paganini

(Security Affairs – Mirai Okiru botnet, Linux malware)

Criteo.DisplayAd({
“zoneid”: 1063289,
“async”: false});

Criteo.DisplayAd({
“zoneid”: 321967,
“async”: false});

The post Mirai Okiru botnet targets for first time ever in the history ARC-based IoT devices appeared first on Security Affairs.

Source: Security affairs

On Saturday, January 13, Hawaiians received a terrifying message on their phones, repeated on television and radio stations, which had received a similar alert: “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.”

But actually, it was something of a drill, in that the Hawaii Emergency Management Agency (HI-EMA) was running a routine test at the end of a shift and accidentally sent the message state-wide.

Unfortunately, it took 38 minutes for the agency to correct the alert with a second alert. Although state leaders quickly tweeted out corrections, Hawaiians who were waiting for an all-clear from the same outlet spent more than half an hour in suspense.

Read 15 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

If there’s one thing that builds up a large amount of data over time – it’s cache! Cleaning cache can not only give you some extra storage space but also speed up your android phone considerably. To keep your android phone performance levels high, it’s highly recommended to use one of the cache cleaner apps […]

The post Top 10 Best Cache Cleaner Apps for Android appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

From your seat at home, an AGDQ run like this looks simple. Behind the scenes, though, is a constant swarm of action to get everything running smoothly.

Of all the millions of video game streams that run each year on Twitch—from individuals at home to professional eSports tournaments—there’s nothing quite like the Games Done Quick marathons. Each year since 2010 (and twice a year since 2011), hundreds of speedrunners gather to play games as quickly as possible for seven days straight in a non-stop tag-team that only takes short breaks for set up and on-stream interviews.

In the process, hundreds of thousands of viewers donate millions of dollars for charity (over $4 million in 2017 alone), with their donation messages shared on stream.

While the production looks relatively simple from the viewer’s side of the Twitch stream—a video of the gameplay screen, a smaller webcam view of the player, a donation counter, a timer, etc.—a lot of work goes on behind the scenes to keep the games running and the donations flowing smoothly for an entire week. To see what things were like from the other side, I headed down to Herndon, Virginia, earlier this week to see some of the work that goes into making the Awesome Games Done Quick (AGDQ) marathon into the well-oiled machine that it is.

Read 26 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/