News & Updates

Enlarge (credit: Tesla)

The release of the Model 3 was supposed to be the moment when Tesla finally made a car that was affordable for the masses.

“In terms of price, it’ll be $35,000,” Musk said at the March 2016 Model 3 announcement event. “And I want to emphasize that even if you buy no options at all, this will still be an amazing car.”

For the last two years, Tesla’s page for the Model 3 has touted a starting price of $35,000. “Model 3 achieves up to 310 miles of range while starting at only $35,000 before incentives,” the page read on Thursday morning.

Read 9 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / “OMG I love this song.” (credit: Warner Bros.)

Today, we present the third and final installment of my interview British astronomer Stephen Webb on the subject of Fermi’s paradox. Please check out parts one and two if you missed them. Otherwise, press play on the embedded player, or pull up the transcript—both of which are below.

We open by talking about some of the amazing instruments and projects that are coming online in the coming decade—both to extend the search for extraterrestrial life and to advance the much broader field of astrophysics. There’s some profoundly exciting gear on the horizon, which will do business under such wild and whimsical names as “The Extremely Large Telescope.”

We then talk about some of the signals this new apparatus might detect, which could be highly suggestive of life. Either oxygen or methane in a distant planet’s atmosphere would be electrifying, but not entirely definitive proof. Both of them together put the matter beyond a reasonable doubt (although there would still be many doubters, to be sure).

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Messages like this one would have come up every time hackers pushed a modified app to their victims. But YOLO, apparently. (credit: Cisco Talos)

In what appears to be a case of highly focused social engineering against a small group of iPhone users, malicious actors managed to get 13 iPhones registered on their rogue mobile device management (MDM) servers and then pushed out applications that allowed the hackers to track the locations of the phones and read victims’ SMS messages.

The attacks, reported by Cisco’s Talos, used the “BOptions” sideloading technique to modify versions of legitimate applications, including WhatsApp and Telegram. The initiative inserted additional libraries into the application packages, and the modified applications were then deployed to the 13 victim iPhones via the rogue mobile device management systems.

“The malicious code inserted into these apps is capable of collecting and exfiltrating information from the device, such as the phone number, serial number, location, contacts, user’s photos, SMS, and Telegram and WhatsApp chat messages,” wrote Talos researchers Warren Mercer, Paul Rascagneres, and Andrew Williams in a post on the attack. “Such information can be used to manipulate a victim or even use it for blackmail or bribery.”

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / The 10.5-inch iPad Pro. (credit: Andrew Cunningham)

Adobe is working on a full version of the popular photo-editing program Photoshop for Apple’s iPad, according to a Bloomberg report. Sources claim the software company plans to announce the new app at its annual MAX conference this October, with the app’s launch scheduled for sometime in 2019.

The new app would reportedly allow users to run a full version of Photoshop on an iPad and continue edits on another device like a desktop PC. Scott Belsky, Adobe’s Creative Cloud product head, told Bloomberg that the company is working on “cross-platform iteration of Photoshop and other applications,” but he declined to provide a timeline for their release.

“My aspiration is to get these on the market as soon as possible,” Belsky said. “There’s a lot required to take a product as sophisticated and powerful as Photoshop and make that work on a modern device like the iPad. We need to bring our products into this cloud-first collaborative era.”

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Ron Amadeo

As someone who spends a lot of time with smartphones, I often get asked, “Hey Ron, what Android phone should I buy?” The high-end answer is usually easy: buy a Pixel phone. But not everyone is willing to shell out $650+ for a smartphone, especially the types of casual users that ask for advice. Beyond the flagship smartphones, things get more difficult within the Android ecosystem. Motorola under Google used to be great at building a non-flagship phone, but since the company was sold to Lenovo (which gutted the update program), it has been tough to find a decent phone that isn’t super expensive.

Enter HMD’s Nokia phones, an entire lineup of cheap smartphones ranging from $100 to $400. HMD recently launched the second generation of its lineup, with phones like the Nokia 2.1, 3.1, and 5.1. We recently spent time with the highest end phone in this series that happens to be one of the few HMD devices for sale in the US: the Nokia 6.1. And for $269, you get a pretty spectacular-sounding package of a Snapdragon 630, a 5.5-inch 1080p screen, stock Android 8.1, fast updates, and a metal body.

Read 46 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Talos Team have uncovered a “highly targeted” campaign leveraging a mobile malware distributed through a bogus MDM service

Security experts from Talos Team have uncovered a “highly targeted” campaign leveraging a mobile malware that has been active at least since August 2015. The researchers believe that cyberspies are operating from China and they found spying on 13 selected iPhones in the same country.

Attackers were abusing a mobile device management (MDM) service that normally allows large enterprises to control devices being used by the employees and enforce policies.

The access to the MDM service used by a company could allow an attacker to control employees’ devices and deploy malware and the targeted devices.

bogus MDM service

“Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices.” reads the analysis published by Cisco Talos.

“At this time, we don’t know how the attacker managed to enroll the targeted devices. Enrollment could be done through physical access to the devices, or most likely by using social engineering to entice a user to register”

hack-iphone-using-mdm-server

To enroll an iOS device into the MDM service requires a user to manually install enterprise development certificate. Enterprises can obtain such kind of certificates through the Apple Developer Enterprise Program.

Enterprise can deliver MDM configuration file through email or a webpage for over-the-air enrollment service using the Apple Configurator.

“MDM uses the Apple Push Notification Service (APNS) to deliver a wake-up message to a managed device. The device then connects to a predetermined web service to retrieve commands and return results,” reads Apple about MDM.

Cisco’s Talos experts believe that attackers used either social engineering techniques, such as a fake tech support-style call or gaining in some way a physical access to the targeted devices.

The threat actors behind this campaign used the BOptions sideloading technique to inject malicious code to legitimate apps, including the messaging apps WhatsApp and Telegram that were then deployed through the MDM service onto the 13 targeted devices in India.

The BOptions sideloading technique allowed the attacker to inject a dynamic library in the application that implements spyware capabilities. The malicious code allows that attacker of collecting and exfiltrating information from the targeted device, including the phone number, serial number, location, contacts, user’s photos, SMS and Telegram and WhatsApp chat messages.

It is still a mystery how attackers tricked victims into installing a certificate authority on the iPhone and how they added the 13 targeted iPhones into their rogue MDM service.

Exfiltrated data and information about the compromised devices were sent to a remote server located at hxxp[:]//techwach[.]com

Among the tainted apps used by the attackers, there was also PrayTime, an application that notifies users when it is time to pray.

“Talos identified another legitimate app executing malicious code during this campaign in India. PrayTime is used to give the user a notification when it’s time to pray,” continues the analysis.

“The purpose is to download and display specific ads to the user. This app also leverages private frameworks to read the SMS messages on the device it is installed on and uploads these to the C2 server.”

Talos was not able to attribute the attack to a specific actor either which are its motivations, they were only able to find evidence suggesting the attackers were operating from India. Experts noticed that attackers planted a “false flag” by posing as a Russian threat actor.

“The certificate was issued in September 2017 and contains an email address located in Russia. Our investigation suggests that the attacker is not based out of Russia. We assume this is a false flag to point researchers toward the idea of a “classical Russian hacker.” False flags are becoming more common in malware, both sophisticated and simple. It’s an attempt to muddy the waters for the analysts/researchers to direct blame elsewhere.” continues the analysis.

Talos shared its findings with Apple that quickly revoked 3 certificates used in this campaign.

Further details, including IoCs are reported in the analysis shared by Talos.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – MDM service, India)


The post Mobile Malware Campaign targets users in India through rogue MDM service appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: (C)SouthtyrolarchaeologymuseumEuracM.Samadelli)

In his final days, the Iceman ate a hearty mountaineer’s diet of red deer, wild goat, and whole grain einkorn wheat—but he may also have accidentally eaten toxic ferns.

Even after being chewed up, swallowed, partially digested in Ötzi’s stomach, and then frozen in a glacier for 5,300 years, some bits of Ötzi’s last meal are still recognizable, at least under a microscope. Frank Maixner of the Eurac Research Institute for Mummy Studies and his colleagues saw compact bits of fatty tissue and bundles of muscle fibers, mixed with pollen from a genus of wheat called einkorn, which grows wild in the region but also includes some of the earliest domesticated wheat species. Mixed in with the partly-digested food bits, however, were spores from a fern called bracken, which is toxic to humans and other animals if not properly prepared.

Red meat and healthy whole grains

Chemically, the remnants of Ötzi’s partially digested meal contained a compound called phytanic acid, which is a hallmark of fat or dairy products from ruminants like cattle, deer, and goats. There were also minerals like calcium, iron, magnesium, sodium, and zinc, all of which are found in red meat and dairy products. And among the 167 different animal and plant proteins in the samples, Maixner and his colleagues found six that are specific to structures in the long contracting threads in ibex skeletal muscles—leg of wild goat, perhaps. Another protein in the mix is found only in deer muscles.

Read 13 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Security researchers have uncovered a “highly targeted” mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.

The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices


Source: http://feeds.feedburner.com/TheHackersNews

Enlarge / We need your help to produce a new newsletter to chronicle the dynamic launch industry. (credit: Aurich Lawson/background image United Launch Alliance)

Welcome to Edition 1.08 of the Rocket Report! This week there is no shortage of news about SpaceX, as well as the race to become the first nation (or company) to build the first super-booster since the Saturn V rocket. Also, a company plans to launch 300km north of the Arctic Circle.

As always, we welcome reader submissions, and if you don’t want to miss an issue, please subscribe using the box below. Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

Virgin Galactic signs deal to launch from Italy. Virgin Galactic and a pair of Italian companies have signed a framework agreement aimed at bringing Virgin Galactic’s suborbital space tourism launcher to a future spaceport in Italy. The spaceplane would be based at Taranto-Grottaglie Airport, which Italian public-private partners aim to turn into a spaceport. The spaceport could become active as early as 2020, GeekWire reports.

Read 28 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/