News & Updates

Enlarge / LONDON: A President Trump impersonator poses in a mock-up of the Oval Office to promote the global release of James Patterson and Bill Clinton’s book, The President is Missing at Waterloo Station. (credit: Eamonn M. McCormack / Getty Images)

If you hadn’t heard, former President William Jefferson Clinton and well-established mass-production author James Patterson have collaborated on a novel titled The President is Missing. The book is a political cyber-thriller of sorts, the second such book from a member of the Clinton family—that is, if you count Hillary Clinton’s What Happened as one. And just as with with Ms. Clinton’s book, The President is Missing gives shout outs to Russian hacking groups, mentioning Fancy Bear by name.

The President is Missing is, however, a work of fiction. At 513 pages in hardcover, it’s slightly slimmer than the recently-released Department of Justice Office of the Inspector General report on the FBI’s conduct during the Clinton email investigation, and certainly better paced—with Patterson’s trademarked five-to-10 page chapters cutting it up for easy digestion. The prose is largely marked by Patterson’s hand as well, but there are places where Clinton’s voice pushes through (and not always for the better)—particularly in the passages of first-person narration from the protagonist, President Jon Duncan, which are laden with Democratic talking points and the moral weight of every presidential decision.

The plot, in brief, is this: a Democratic president from a southern state is on the verge of facing an impeachment (sound familiar?) in the midst of a national security crisis. A terrorist mastermind has managed to plant “wiper” malware in every computer in the United States. Racing against time, the president disguises himself, exits the White House through a secret tunnel, and meets in person with the hacker who helped distribute the malware while a crack mercenary hit squad led by a pregnant Bosnian sniper attempts to take the hacker and President Duncan out.

Read 7 remaining paragraphs | Comments


The post Two Critical flaws affect Schneider Electric U.motion Builder. Patch them now! appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: Bethesda)

LOS ANGELES—The first Rage didn’t generate much buzz amongst fans of first-person shooters when it shipped in 2010, but one of id Software’s later titles (the 2016 Doom reboot) made a big splash. With Rage 2, publisher Bethesda is hoping that some of the post-Doom goodwill can elevate this low-profile franchise to popularity.

The publisher partnered id’s FPS veterans with Avalanche Studios (Just CauseMad Max) to make this sequel open world. The first game had a veneer that made it look open-world, even though it was just as enclosed as Doom.

I played Rage 2 at Bethesda’s E3 booth this week, and unfortunately I can only judge the id Software side of that partnership. The demo I played was a linear, corridor-crawling action shooter experience with no open-world aspects. When I asked a Bethesda rep why that was, he told me that the company wanted Rage fans to be sure that the gunplay is still just as good even though the game is going open world. I think it’s more likely that the open-world part of the full game (which is slated to launch in spring 2019) just isn’t ready to be played yet.

Read 9 remaining paragraphs | Comments


A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal

20% discount

Kindle Edition

Paper Copy

Digging The Deep Web

Once again thank you!

·      Crooks used a KilllDisk wiper in an attack against Banco de Chile as diversion for a SWIFT hack
·      Search Engines in Russia cannot link to banned VPN services and Internet proxy services
·      Experts warn hackers have already stolen over $20 Million from Ethereum clients exposing interface on port 8545
·      Former GCHQ chief Hannigan warns of Russias aggressive approach to the cyberspace
·      InvisiMole Spyware is a powerful malware that went undetected for at least five years
·      South Korean Cryptocurrency Exchange Coinrail hacked, hackers stole over $40M worth of ICO tokens
·      Crooks used multi-stage attacks aimed at Russian Service Centers
·      North Korea-linked Lazarus APT behind recent ActiveX attacks
·      Operation WireWire – Law enforcement arrested 74 individuals involved in BEC scams
·      VMware addresses a critical remote code execution vulnerability in AirWatch Agent
·      Dixons Carphone data breach, 5.9 million payment cards exposed
·      June 12 2018 Historic Edition of Cyber Defense eMagazine Has Arrived. Over 150 pages…
·      Microsoft Patch Tuesday updates for June 2018 addresses 11 Critical RCE Flaws
·      PyRoMineIoT spreads via EternalRomance exploit and targets targets IoT devices in Iran and Saudi Arabia.
·      Researcher found 43 Million email addresses leaked by the Trik spam botnet
·      2018 Russia World Cup : Russian cyber spy may hack travelers mobile devices
·      Analysis of the evolution of exploit kits in the threat landscape
·      Analyzing the SAP June 2018 Security Patch Day
·      China-linked Emissary Panda APT group targets National Data Center in Asia
·      European Parliament decides to ban Kaspersky products because are malicious
·      A new Meltdown-like flaw tracked as LazyFP affects Intel CPUs
·      A new MuddyWater Campaign spreads Powershell-based PRB-Backdoor
·      Experts released a free decryptor for Everbe Ransomware
·      Mysterybot, a new LokiBot-Linked Android Trojan Emerges
·      SigSpoof GnuPG flaw could be exploited to spoof message signatures
·      Europol dismantled the Rex Mundi hacker crew, it arrested another member of the gang
·      Singapore was hit by an unprecedented number of attacks during the Trump-Kim Summit
·      Syscoin Github has been breached, hacker replaced Syscoin Windows client with tainted version

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 167 – News of the week appeared first on Security Affairs.

Source: Security affairs

Tammy Perez / ATX TV Festival

AUSTIN, Texas—If you ask Graham Yost—prolific TV producer with a resume including Band of Brothers, The Pacific, and Justified—accuracy in on-screen military portrayals is a relatively new phenomenon, similar to how tech ranging from the latest hacker tools to futuristic autonomous bots have recently become increasingly grounded in reality. Ground zero for this idea won’t surprise any fans of this particular entertainment genre.

“In some historical military films, there have been some training of actors, but I think a lot of this really starts with Dale Dye and [Saving] Private Ryan [1998],” Yost says during ATX TV Festival’s panel on modern military television. “That set a template for people, and we wouldn’t have done Band without it. In fact, when the cast of Band gets together every year, the day they pick for their reunion is the first day of bootcamp. That’s when they felt they came together as a unit.”

Read 17 remaining paragraphs | Comments


Eric Bangeman

CHICAGO—When you think of Land Rover, what comes to mind? For me, it’s two things: ancient off-roaders trekking about the African savannah in the nature documentaries of my youth, and modern, well-appointed luxury SUVs. Nearly 50 years later, Land Rover is trying to meld the two worlds with a large, two-door SUV that can drive through three feet of water. It’s the Range Rover SV Coupe, and it starts at $295,000. A limited edition—only 999 will be sold—the luxury SUV is intended to evoke the early days of Range Rover (think two-door Series I-III), but it comes with several ultra-luxurious twists.

We got our first glimpse of the SV Coupe at the last Geneva Auto Show, but when I found out there was one on display at a Land Rover dealership not far from my house—even with a price tag one digit too large for my tastes—my curiosity was piqued. I spent about a half-hour there being introduced to a pre-production SV Coupe in a look-but-don’t-touch encounter.

Read 6 remaining paragraphs | Comments


Enlarge / A LEGO app using Apple’s new ARKit features. (credit: Apple)

Augmented reality (AR) has played prominently in nearly all of Apple’s events since iOS 11 was introduced, Tim Cook has said he believes it will be as revolutionary as the smartphone itself, and AR was Apple’s biggest focus in sessions with developers at WWDC this year.

But why? Most users don’t think the killer app for AR has arrived yet—unless you count Pokémon Go. The use cases so far are cool, but they’re not necessary and they’re arguably a lot less cool on an iPhone or iPad screen than they would be if you had glasses or contacts that did the same things.

From this year’s WWDC keynote to Apple’s various developer sessions hosted at the San Jose Convention Center and posted online for everyone to view, though, it’s clear that Apple is investing heavily in augmented reality for the future.

Read 56 remaining paragraphs | Comments


The Europol announced that several French nationals were arrested in the past year on suspicion of being involved with notorious Rex Mundi crime gang.

Another success of the Europol made the headlines, the European police announced that several French nationals were arrested in the past year on suspicion of being involved with notorious hacker group known as Rex Mundi (“King of the World”).

The Rex Mundi crime group has been active since at least 2012. it hacked into the systems of several organizations worldwide and attempted to blackmail them.

The list of the victims is long and includes AmeriCash Advance, Webassur, Drake International, Buy Way, Hoststar,, Numericable, Habeas, AlfaNet, Domino’s Pizza, and the Swiss bank Banque Cantonale de Geneve (BCGE).

The hackers used to steal sensitive information from the victims, then they demanded fees for not disclosing the stolen data.

The operation coordinated by the Europol was launched in May 2017 after the group targeted a UK-based company. Crooks stole significant amounts of customer data from the company, then attempted to blackmail it by demanding the payment of a bitcoin ransom of nearly €580,000 ($670,000) for not disclosing the incident. The group also requested more than €825,000 ($776,000) for details on the hack.

The hackers also asked the victim additional €210,000 ($240,000) for each day the payment was delayed.

“A 25-year-old coder was arrested on 18 May by the Royal Thai Police based on a French international arrest warrant. The arrest of this young cybercriminal was the eight in an international operation supported by Europol and the Joint Cybercrime Action Taskforce (J-CAT)  that started exactly one year ago.” reads the announcement published by the Europol.

“In May 2017 a British-based company was the victim of a cyber-attack during which a large amount of customer data was compromised. The attack was immediately claimed by an organisation called Rex Mundi.”

After the victim reported the incident to the authorities, the UK’s Metropolitan Police, the French National Police and Europol launched a joint operation that lead to the identification of a French national.

“Within an hour, Europol’s 24/7 Operational Centre was able to link the available information to a French national,” continues the Europol.

In June 2017, the authorities identified and arrested five suspects, two were arrested in October 2017 and one on May 18, 2018.

All of the suspects are French nationals and they were all arrested by French police, except for the last arrest, which took place in Thailand.

The last member of the crew is a 25-year-old developer that was arrested last month by the Royal Thai Police.

The leader of the Rex Mundi group admitted blackmailing the company but claimed to have hired hackers on the Dark Web to hack the victims.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(Security Affairs – Rex Mundi, cybercrime)

The post Europol dismantled the Rex Mundi hacker crew, it arrested another member of the gang appeared first on Security Affairs.

Source: Security affairs

Enlarge / The Facebook logo is displayed at the 2018 CeBIT technology trade fair on June 12, 2018 in Hanover, Germany. (credit: Alexander Koerner/Getty Images)

Earlier this week, Facebook submitted nearly 500 pages worth of written responses to dozens of US senators’ questions stemming from CEO Mark Zuckerberg’s April 2018 testimony before two committees.

In the documents, the company attempted to provide clarity to the lingering concerns many lawmakers had. While seemingly trying to be forthright overall, Facebook was also evasive when responding to certain critical questions.

Notably, Facebook declined to promise to share the results of its post-Cambridge Analytica investigation with the public or even Congress. The social media giant also wouldn’t say if it had ever turned off a feature for privacy reasons.

Read 24 remaining paragraphs | Comments