News & Updates

(credit: FotoGuy 49057)

On Tuesday evening, Wells Fargo announced that the bank’s CEO, John Stumpf, would forfeit $41 million in uninvested equity and forego his salary in the wake of a scandal that has hurt the bank’s reputation. The news comes on the heels of a new Labor Department investigation into the bank’s practices, as well as the filing of a proposed $7.2 billion class-action lawsuit by several ex-employees who claim they were forced to “choose between keeping their jobs and opening unauthorized accounts,” according to CNN Money.

In early September, federal consumer protection regulators announced that thousands of Wells Fargo employees had temporarily opened at least 2 million fake accounts to goose their sales quotas by using real customers’ names without their consent, going so far as to move money from authorized accounts into unauthorized accounts to make them look real. In some cases, the movement of money triggered overdraft and minimum balance fees for the customers.

About 500,000 of the fake accounts were credit card accounts—the rest were debit accounts. In a hearing held by the Senate Banking Committee last week, Stumpf admitted that he was unsure if any of the fake accounts harmed customers’ credit ratings.

Read 8 remaining paragraphs | Comments


Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed.

If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a botnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over


Good news, the social network giant Facebook finally announced the availability of the open source OSquery developer kit for Windows.

Facebook announced to have completed the porting of its detection open-source tool OSquery to Windows. The tool allows users to monitor networks and to detect potential malicious activities, such as the presence of malicious codes.

The cross-platform tool, that is available on GitHub, was first released in 2014, but it was only supported on Ubuntu, CentOS, and Mac OS X operating systems.

Now Facebook announced the release of the Windows version of the OSquery tool.


“Today, we’re excited to announce the availability of an OSquery developer kit for Windows! Security teams can now build customized osquery solutions for their Windows networks.” reads the Facebook’s announcement.

OSquery is a component that is able to scan every machine on an infrastructure collecting a huge amount of information on their operations in real-time. Data gathered by the tool allows to quickly search for malicious behavior and eradicate the threat, for this reason, this technique is defined “threat hunting.”

“With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes. Having timely, reliable visibility into operations running throughout your network is critical to quickly identify and investigate anomalies.” continues the announcement.

“For example, osquery allows our Facebook security team to fetch data about all browser extensions running on our corporate network. We then compare that information to threat intelligence data to quickly identify malicious extensions and remove them. This proactive technique, known as “threat hunting,” is an important enhancement to traditional detection-based security, but not yet offered by many commercial agents.”

Experts at Facebook suggest administrators that want to run the developer kit for Windows to check the official documentation, the tool is easy to install and use.

“The osquery developer kit for Windows includes documentation, the development environment, and a single script to get you started. Once you install the build, you can start coding right away.”

The full documentation of the development process of the developer kit for Windows is available on the blog post by Trail of Bits.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Facebook, threat hunting)

The post Good news, the Facebook OSquery tool is now available also for Windows appeared first on Security Affairs.

Source: Security affairs

Experts from Carbon Black have spotted a new Adware campaign leveraging on sophisticated obfuscation techniques borrowed from Operation Aurora.

Security experts from Carbon Black have spotted a new Adware campaign leveraging on very sophisticated obfuscation techniques.

The Adware campaign was used by crooks to spread ransomware and according to the malware researchers using tactics to similarities to the nation-state attack known as Operation Aurora.

Carbon Black published a report that detailed the complex obfuscation techniques implemented by threat actors behind the campaign.
“Earlier this week, Carbon Black, in conjunction with the Cb User Exchange Community, discovered anomalies related to well-known Adware variants, including OpenCandy and Dealply, and trojanized Chromium, using highly sophisticated evasion techniques (previously observed by Carbon Black associated with nation-state attacks — specifically Operation Aurora, which targeted major companies including Google, Adobe, etc).” reads the report published by Carbon Black”These obfuscation techniques easily evade sandboxing and other intrusion detection techniques due to Binary Fragmentation. “
As explained in the post, the first clue was spotted by the experts casually when the customer noticed unusual use of command line argument activity that was specific of the Operation Aurora attack.  The attack was known as “cmdline:cop AND cmdline:/b” as explained in the report.

“Just for fun, I asked my customer to the run the query: cmdline:copy AND cmdline:/b. Cb Response showed they had three hits. I bolted upright in my chair. Three years ago, I stumbled upon this attack vector and I’d never seen it since… until last week.” continues the report.

“As we began to triage the event, we began to see .dat files being joined to form all sorts of unusual file types including .txt, .png, .log, .ico, & .dll files. It was highly irregular”

operation aurora like-attack

“So, now for the ‘stranger’ part. As we began to walk backward up the process tree, we began noticing that the parent processes launching these rather advanced obfuscation techniques were ‘routine’ adware, flagged multiple times by Virus Total.” 

The experts from Carbon Black received other similar support requests from their customers that experienced the same attack. According to the malware researchers, the victims from several industries were targeted by variants of adware used to deliver the Enigma ransomware.

According to the lead of the Advanced Consulting Team for Carbon Black, Benjamin Tedesco, the obfuscation techniques borrowed by the Operation Aurora were able to easily evade sandboxing and other detection mechanisms.

Once compromised the target machine, the malware used in the campaign was able to drop more payloads to perform other malicious activities.

This campaign is the demonstration that even behind an adware campaign, it is possible to find a very sophisticated threat.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Adware, Hacking)

The post Adware Campaign borrows Obfuscation Techniques from Operation Aurora attack appeared first on Security Affairs.

Source: Security affairs

The Google Logo for India Independence Day 2014. (credit: Google Doodles)

Google’s new instant messaging client Allo doesn’t seem like a compelling product. Allo is missing many of the basic features you might expect in an instant messaging app: it only works with one device at a time, it doesn’t work on a desktop or laptop computer, it doesn’t support tablets very well, it doesn’t use a Google account, and it doesn’t support SMS. Allo has had a curiously incomplete product launch, and many Google users are left wondering what the company was thinking.

Allo’s limitations are deal breakers for many people in the hyper-connected developed world who are accustomed to multiple devices and a few GBs of Internet connectivity. But what if you’re not in a developed country? Google hasn’t explicitly come out and said so, but Allo’s features and Google’s actions around the launch of Allo all point to it being targeted at developing countries, and one developing country in particular: India. When viewed through the lens of the average person in India, Allo’s “incomplete” launch, odd design decisions, and missing features suddenly make sense.

Google <3 India

Google’s love affair with India is no secret. Google is all about scale and having huge numbers of users, and if you look at a list of countries by population, China is first with 1.38 billion people; India is second with 1.32 billion people; and the United States is third, with 324 million people. Google would love to go to China, but that would mean dealing with the censorship-happy Chinese government, so India is the biggest country in the world where Google can freely do business. India is also the home country of Google CEO Sundar Pichai.

Read 17 remaining paragraphs | Comments


Enlarge / Two current-gen Apple Watch Sport models. (credit: Andrew Cunningham)

On Tuesday, health insurance giant Aetna announced that it’s starting a new app-based health program that will exclusively rely on Apple products—namely, the iPhone, iPad, and Apple Watch. As part of the program, Aetna will subsidize Apple Watches for select customers as well as offer the smartwatches at no cost to their own 50,000 employees beginning in early 2017.

The news from Aetna, which covers about 23 million people nationwide, may please its Apple-loving customers. But no one will be as happy as Apple, which has recently pushed for its devices to be fashioned into medical hubs. Earlier this year, the company unveiled CareKit, an open source platform for creating healthcare apps.

In a joint statement with Aetna, Apple CEO Tim Cook said the following:

Read 5 remaining paragraphs | Comments


Enlarge / FCC commissioner Jessica Rosenworcel (right) has asked her colleagues to investigate how Hofstra University forced journalists to stop using their own Wi-Fi during the presidential debate. (credit: Bloomberg / Getty Images Press)

One of the members of the Federal Communications Commission, Jessica Rosenworcel, has asked the agency to investigate the Monday evening ban on journalists’ Wi-Fi personal hotspots at the presidential debate held at Hofstra University.

As Ars reported on Monday evening, the host venue demanded that journalists pay $200 to access the event’s Wi-Fi and were told to shut down their own hotspots or leave the debate. At least one photo, taken by Kenneth Vogel of Politico, showed a handheld device that was being used to scan for and locate “rogue” Wi-Fi networks.

Read 4 remaining paragraphs | Comments


An Altera Stratix V developer board, which uses the same kind of FPGA as Microsoft is deploying in Azure. (credit: Altera)

Microsoft is embarking on a major upgrade of its Azure systems. New hardware the company is installing in its 34 datacenters around the world still contains the mix of processors, RAM, storage, and networking hardware that you’ll find in any cloud system, but to these Microsoft is adding something new: field programmable gate arrays (FPGAs), highly configurable processors that can be rewired using software in order to provide hardware accelerated implementations of software algorithms.

The company first investigated using FPGAs to accelerate the Bing search engine. In “Project Catapult,” Microsoft added off-the-shelf FPGAs on PCIe cards from Altera (now owned by Intel) to some Bing servers and programmed those FPGAs to perform parts of the Bing ranking algorithm in hardware. The result was a 40-fold speed-up compared to a software implementation running on a regular CPU.

A common next step after achieving success with an FPGA is to then create an application specific integrated circuit (ASIC) to make a dedicated, hardcoded equivalent to the FPGA. This is what Microsoft did with the Holographic Processing Unit in its HoloLens headset, for example, because the ASIC has greatly reduced power consumption and size. But the Bing team stuck with FPGAs because their algorithms change dozens of times a year. An ASIC would take many months to produce, meaning that by the time it arrived, it would already be obsolete.

Read 12 remaining paragraphs | Comments