News & Updates

Enlarge (credit: BTC Keychain)

The price of ether, the cryptocurrency of the Ethereum network, has fallen below $500 for the first time this year. The decline comes days after a senior official from the Securities and Exchange Commission acknowledged that the agency had “dozens” of open investigations into initial coin offerings. The price of ether has fallen 19 percent in the last 24 hours, from $580 to $470.

“We’re doing obviously a lot in the crypto space, and we’re seeing a lot in the crypto space,” said Stephanie Avakian, co-director of the SEC’s Enforcement Division, at a conference on Thursday. “We are very active, and I would just expect to see more and more.”

The SEC’s decision to aggressively police cryptocurrency offerings is particularly significant for the Ethereum community because many new cryptocurrency offerings are built on top of the Ethereum platform. People creating a new token on the Ethereum blockchain need to buy ether, the currency used to pay for Ethereum transactions. So if aggressive SEC enforcement ends the Initial Coin Offering (ICO) boom—which seems to be cooling anyway—it would remove a major factor that pushed ether’s value upward during 2017.

Read 3 remaining paragraphs | Comments


Enlarge / images from the prehistoric site of Olorgesailie, Kenya (credit: Human Origins Program, Smithsonian)

Three new studies suggest that early humans in East Africa started doing much more complex things—making more sophisticated tools, trading with neighboring groups for better stone, and maybe even using symbols to communicate—in order to survive rapid climate shifts 320,000 ago. Those findings may support the theory that bigger social networks, more complicated tool-making technology, and symbolic thinking helped drive early humans to evolve larger brains by the Middle Pleistocene, around 200,000 years ago.

But that kind of development doesn’t just happen. Brains are expensive organs to maintain, in terms of the energy required to keep them nourished and oxygenated, and that size upgrade would have come at a cost. To succeed, bigger brains would have to offer enough of a survival advantage to outweigh the extra burdens they entail.

For that to be the case, humans’ ability to survive and reproduce would have to depend on the things we might need such a big brain for, like communicating with lots of other humans in more complex ways or making and using more complex tools. That’s why many paleoanthropologists have suggested that the kinds of cultural developments we see in Middle Stone Age sites in East Africa could have been responsible. Cultural development, in other words, drove the physical evolution of our brains in a really major way.

Read 20 remaining paragraphs | Comments


Enlarge (credit: ITVS)

AUSTIN, Texas—If you’ve ever asked yourself how long a Black Mirror episode might take to turn into real life, the new documentary People’s Republic of Desire has an answer: roughly four years.

Really, the best way to describe this feature-length look at Chinese Internet streamers is to point to the British series’ first-season episode “Fifteen Million Merits,” which aired in 2011 and starred Get Out‘s Daniel Kaluuya. The episode imagined a future, Internet-driven popularity contest that tore people’s lives apart. According to the filmmakers behind People’s Republic of Desire, that episode’s level of life-bending insanity had already unfolded in China by 2015, fueled largely by the millions-strong video-sharing site YY. And the results aren’t pretty.

The result, with its millimeter-range focus on major YY personalities, deservedly won this week’s South by Southwest jury prize for best documentary. Though it leaves some questions and topics unexplored, People’s Republic of Desire still delivers a fascinating, character-driven story that Internet fans in the West should pay particular heed to—especially as live-streaming services develop and mature on our side of the Pacific.

Read 19 remaining paragraphs | Comments


A new cyber attack against a Saudi petrochemical plant made the headlines, hackers attempted to hit the infrastructure in August.

Do you remember the powerful cyber attack that in 2014 hit computers at Saudi Aramco?

A new cyber attack against a petrochemical plant in Saudi Arabia made the headlines, hackers attempted to hit the infrastructure in August.

The news was reported by the New York Times, hackers hit the petrochemical plant in Saudi Arabia with sabotage purposes, and fortunately, the attack failed only because of a code glitch.

“In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to sabotage the firm’s operations and trigger an explosion.” reported The New York Times.

Saudi petrochemical plant attack

The investigators did not attribute the attack to a specific threat actor, but people interviewed by the NYT under a condition of anonymity explained that the cyber attacks likely aimed to cause a blast that would have guaranteed casualties.

The cyberattack did not have dramatic consequences due to an error in the malicious code that shut down the system instead of destroying it.

The attack seems to be the result of an operation conducted by a foreign government, it is the evidence of a dangerous escalation in international hacking that could inflict serious physical damage.

The NYT said that sources declined to name the company operating the plant as well as the government suspected to have powered the cyber attack.

” the attackers were sophisticated and had plenty of time and resources, an indication that they were most likely supported by a government, according to more than a dozen people, including cybersecurity experts who have looked into the attack and asked not to be identified because of the confidentiality of the continuing investigation.” continues the newspaper.

“The only thing that prevented an explosion was a mistake in the attackers’ computer code, the investigators said.”

Security experts interviewed by the NYT said that due to the level of sophistication of the attack on the Saudi petrochemical plant only a few Government could have baked the offensive, including Iran, China, Russia, Israel and the United States.

The Saudi Arabian Government did not comment the event, its infrastructure is under incessant attacks.

Saudi Arabia was targeted several times by APT, the most clamorous attack was conducted with the Shamoon wiper in 2012 against computers in the Saudi energy sector in 2012.

Computers at Saudi Aramco, one of the world’s biggest oil companies, was disrupted by Shamoon in what is believed to be the country’s worst cyber attack yet.

In the attack against Saudi Aramco Shamoon wipe data on over 30,000 computers and rewrite the hard drive MBR (Master Boot Record) with an image of a burning US flag.

Early 2107, Saudi authorities warned of a new wave of attacks that leveraged the Shamoon 2 malware targeting the country.

In January 2017, the Saudi Arabian labor ministry had been attacked and also a chemical firm reported a network disruption.

On Nov. 2017, 2016, a cyberattack paralyzed a number of computers of Saudi government wiping their hard drives. According to the experts at the Saudi National Cyber Security Centre, the attackers aimed to disrupt government computers.

The attackers leveraged the Powershell, but at the time of writing Government experts it did not comment on the source of the attack.

A few days later, the same attack hit other Saudi targets with the same wiper.

According to the New York Times, the August attack was “much more dangerous” than Shamoon, according to The New York Times, and likely aimed to send a political message — investigators said the code had been custom-built with no obvious financial motive.

“The attack in August was not a Shamoon attack. It was much more dangerous.” continues NYT.

“Investigators believe a nation-state was responsible because there was no obvious profit motive, even though the attack would have required significant financial resources. And the computer code had not been seen in any earlier assaults. Every hacking tool had been custom built.”

The attribution of the attack in this phase is quite impossible, in recent years the tensions between Iran and Saudi Arabia have steadily escalated and the conflict shifted in the cyberspace.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;


Pierluigi Paganini

(Security Affairs – Saudi petrochemical plant, malware)

The post Hackers tried to cause a blast at a Saudi petrochemical plant appeared first on Security Affairs.

Source: Security affairs

After roughly three years of commercial viability, virtual reality seems to have excelled within a different realm than the one I typically wonder about: the film festival. Events like Sundance, Tribeca, and South By Southwest already overflow with weird, not-quite-accessible films about real-world drama, emotions, and nonsensical stories. And today, the only venue that fits those works better than arthouse theaters, quite frankly, is the ornate, vision-filling VR headset.

But filmmakers aren’t just descending onto hardware like HTC Vive, Oculus Rift, and Samsung GearVR in a boring, flash-in-the-pan manner. At SXSW 2018 in particular, they’re finally exhibiting a proficiency in two equally important extremes: what VR can sell that normal films cannot, and what VR must compromise or let go of for the sake of a better film experience.

I went eyes-on with nearly two dozen VR experiences at SXSW 2018, and I’ll be honest, some of them were rough. Some filmmakers still think that a 360-degree video that forces viewers to crane their neck and hunt around for content is a good idea (geez, please stop making those). Others packed far too much visual noise or too many unnecessary interactions into a 3D world that never answered the important question of why its content and message was better in VR than on a flat screen.

Read 44 remaining paragraphs | Comments


An unsecured Amazon S3 bucket, managed by a Walmart jewelry partner MBM Company Inc, left personal and contact information of 1.3 million customers exposed to the public internet.

A new case of an Amazon S3 bucket left open online, this time personal data belonging to 1.3 million customers of Walmart jewelry partner MBM Company have been exposed.

Experts at Kromtech Security discovered in February an Amazon S3 bucket named “walmartsql”  containing an MSSQL database backup, named MBMWEB_backup_2018_01_13_003008_2864410.bak. The name suggests that the backup may have been public since January 13, 2018, some of the records included in the archive are dated back 2000.

The archive contained names, addresses, zip codes, phone numbers, e-mail addresses, IP addresses, and, most also plain text passwords of MBM Company. The archive contained internal MBM mailing lists, encrypted credit card details, payment details, promo codes, and item orders.

“On February 6th, 2018 researchers at Kromtech security came across another publicly accessible Amazon s3 bucket.  This one contained a MSSQL database backup, which was found to hold the personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, ip addresses, and, most shockingly, plain text passwords, for shopping accounts of over 1.3 million people (1,314,193 to be exact) throughout the US and Canada.” reads a blog post published by Kromtech.

“At first glance the data appeared to belong to Walmart as the storage bucket was named ‘walmartsql’, but upon further investigation by Kromtech researchers it was discovered that the MSSQL database backup inside actually belonged to MBM Company Inc., a jewelry company based in Chicago, IL, which operates mainly under the name  Limogés Jewelry.”

Walmart jewelry partner MBM Company Inc data leak

This is another case of poor security, the IT staff that was managing the archive left the backup exposed online through an unsecured Amazon S3 bucket, and they did not adopt any further measure to protect information stored in the database.

Passwords were stored in the plain text, which is great negligence, taking into account the problem with many users re-using passwords for multiple accounts, including email accounts.” said Bob Diachenko, head of communications for Kromtech.

Kromtech experts notified Walmart of the public Amazon S3 bucket, the company promptly secured the storage bucket but was unable to comment on MBM Company Inc.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;


Pierluigi Paganini

(Security Affairs – Walmart jewelry partner MBM Company Inc, data leak)

The post Unsecured AWS S3 bucket managed by Walmart jewelry partner exposes data of 1.3M customers appeared first on Security Affairs.

Source: Security affairs

While US-CERT warns of cyber attacks against critical infrastructure in the energy sectors, Russia-linked Sofacy APT is targeting a government agency in Europe.

Last week the US Government announced sanctions against five Russian entities and 19 individuals, including the FSB, the military intelligence agency GRU.

Despite the sanctions, Russian hackers continue to target entities worldwide, including US organizations.

The Russian spy agencies and the individuals are accused of trying to influence the 2016 presidential election and launching massive NotPetya ransomware campaign and other attacks on businesses in the energy industry.

Last year, the Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert to warn of attacks on US critical infrastructure powered by Russian threat actors. The US-CERT blamed the APT group tracked as Dragonfly, Crouching Yeti, and Energetic Bear.

Now the US-CERT updated its alert by providing further info that and officially linking the above APT groups to the Kremlin.

The Alert (TA18-074A) warns of “Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors,” it label the attackers as “Russian government cyber actors.”

“This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.” reads the alert

“It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks.” 

According to the DHS, based on the analysis of indicators of compromise, the Dragonfly threat actor is still very active and its attacks are ongoing.

“DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” continues the alert. “After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).”

The Russian Government has always denied the accusations, in June 2017 Russian President Putin declared that patriotic hackers may have powered attacks against foreign countries and denied the involvement of Russian cyberspies.

A few days ago, cyber security experts at Palo Alto Networks uncovered hacking campaigns launched by Sofacy against an unnamed European government agency leveraging an updated variant of the DealersChoice tool.

“On March 12 and March 14, we observed the Sofacy group carrying out an attack on a European government agency involving an updated variant of DealersChoice.” reads the analysis published by PaloAlto Networks.

“The updated DealersChoice documents used a similar process to obtain a malicious Flash object from a C2 server, but the inner mechanics of the Flash object contained significant differences in comparison to the original samples we analyzed. One of the differences was a particularly clever evasion technique.”

The attacks uncovered by PaloAlto aimed at a government organization in Europe used a spear phishing email referencing the “Underwater Defence & Security” conference, which will take place in the U.K. later this month.

While previous versions of DealersChoice loaded a malicious Flash object as soon as the bait document was opened, the samples analyzed by PaloAlto that were related to the last attacks include the Flash object on page three of the document and it’s only loaded if users scroll down to it.

“The user may not notice the Flash object on the page, as Word displays it as a tiny black box in the document, as seen in Figure 1. This is an interesting anti-sandbox technique, as it requires human interaction prior to the document exhibiting any malicious activity.” states the analysis.

Sofacy APT

Early February, experts from Kaspersky highlighted a shift focus in the Sofacy APT group’s interest, from NATO member countries and Ukraine to towards the Middle East and Central Asia.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – energy firms, critical infrastructure)

The post Russia-linked Sofacy APT targets an unnamed European Government agency appeared first on Security Affairs.

Source: Security affairs

VMware has addressed a denial-of-service (DoS) vulnerability, tracked as CVE-2018-6957, in its Workstation 12.x and 14.x and Fusion 10.1.1. and 10.x on OS X products.

The affected VMware solutions can be attacked by opening a large number of VNC sessions. The DoS vulnerability was discovered by Lilith Wyatt of Cisco Talos, the flaw could be exploited on Workstation and Fusion only if the VNC has been manually enabled.

VNC implementation in VMware solutions is used for remote management purposes.

“VMware Workstation and Fusion contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions.” reads the security advisory published by VMware.

The company issued the security patches in Workstation 14.1.1 and Fusion 10.1.1.,  VMware also shared details about a workaround for Workstation 12.x and Fusion 8.x releases that involves setting a password for the VNC connection.

While VMware has classified the vulnerability as “important,” Cisco Talos has ranked it as a “high severity” flaw and assigned it a CVSS score of 7.5.

Experts at Cisco Talos confirmed that an attacker can trigger the flaw on a targeted server and cause the virtual machine to shut down by opening a large number of VNC sessions.

“Since the VMware VNC server is naturally multi-threaded, there are locks and semaphores and mutexes to deal with shared variables.” reads the advisory published by Talos.

“The VNC server also maintains a global variable that indicates the amount of locks that are currently used, that is incremented by certain events.”


Talos published the Proof-of-Concept exploit code:

# There are obviously better ways to do this
for x in `seq 0 $(( 0xffffff/2 ))`; do echo “doop” | ncat <targetIP> <VNCPort>; done

“Regardless, the important thing to note here is that the incrementing instruction (lock xadd cs:MxLockCounter, eax😉 is the only cross-reference to the MxLockCounter global variable, meaning it never gets decremented.” continues Talos.

“Thus, as long as and attacker can initiate a bunch of TCP connection to the VNC server (each successful connection increments it twice), without even sending any other datagrams, an attacker can eventually shutdown the connected virtual machine.”

Below the timeline for the flaw:

2017-07-13 – Vendor Disclosure
2018-03-15 – Public Release

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;


Pierluigi Paganini

(Security Affairs –  CVE-2018-6957, DoS vulnerability)

The post VMware addresses a DoS flaw in Workstation and Fusion products appeared first on Security Affairs.

Source: Security affairs