News & Updates

Linux is considered as one of the most favorite operating systems for hackers and security researchers. The open source operating system is often used for building technologies as it offers developers much room for modifications.

Linux is used on many hardware platforms, servers, gaming platforms, and much more. So it is essential for anyone, who want to become a Linux pro or seeking a


Source: http://feeds.feedburner.com/TheHackersNews

The Blizzard Mountain Expansion for Forza Horizon 3 is coming on Dec. 13. Set amidst extreme alpine settings, players will explore a snowy mountain playground in eight new vehicles – including the 2016 Ford GYMKHANA 9 Focus RS RX. All in brand new race events have been specifically designed for spectacular mountain racing in this […]

The post Forza Horizon 3 Blizzard Mountain Expansion Announced – New Cars, Races, Maps, Mods, & More appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

Zcash (ZEC) is a new cryptocurrency that promises a total anonymity, it is already attracting a great interest from miners and of course cybercriminals.

Zcash (ZEC) is the cryptocurrency of the moment, it was presented on October, 2016 and respect the popular Bitcoin it is totally anonymous. With this premise, the Zcash has attracted a great interest from investors, miners and of course cybercriminals.

A few hours, 1 ZEC reached $30,000, and this is normal considering that there was a high request and only a few dozen coins available. Now the situation is normal, the value of a ZEC declined compared to the one of the Bitcoin, at the time of writing, it is 0.07 – 0.01 ZEC/BTC (around $70).

According to the experts from Kaspersky Lab, despite this drop, Zcash mining remains among the most profitable compared to other cryptocurrencies, this means more opportunity for cyber criminals that started creating botnets for mining.

“In November, we recorded several incidents where Zcash mining software was installed on users’ computers without permission. Because these software programs are not malicious in themselves, most anti-malware programs do not react to them, or detect them as potentially unwanted programs (PUP). Kaspersky Lab products detect them as not-a-virus:RiskTool.Win64.BitCoinMiner.” reads a blog post published by Kaspersky.

Crooks are distributing Zcash miners through pirated software via torrents, but the experts still haven’t seen any cases of mass-mailings campaign with this specific purpose.

Kaspersky also discovered a couple of websites distributing mining programs:

http://execsuccessnow[.]com/wp-includes/m/nheqminer.exe
https://a.pomf[.]cat/qzwzfx.exe

Anyway, malware researchers believe that it is only a matter of time, criminal organizations will their botnets to deliver the miner on already infected systems or to spread the threat.

Consider that an average machine is able to mine about 20 hashes per second. A botnet composed of one thousand computers can mine about 20,000 hashes a second, that at current prices correspond to $6,200 a month in net profits.

The researchers explained that the most popular mining software to date is nheqminer from the mining pool Micemash, which allows earning payments in both bitcoins and  Zcash.

“Both are detected by Kaspersky Lab products, with the respective verdicts not-a-virus:RiskTool.Win64.BitCoinMiner.bez and not-a-virus:RiskTool.Win64.BitCoinMiner.bfa.” continues Kaspersky.

The researchers explained that also for Zcash is possible to ‘snoop’ on some of the wallets used by criminal organizations and discovery the amount of money they received. (i.e. https://explorer.zcha.in/accounts/t1eVeeBYfPPLgonvi1zk8e9SnrhZdoCBAeM)

Zcash allows two types of wallets, completely private purses (z-address) and public wallets like the one shown above (t-address).

“At the current time, the completely private wallets are not very popular (they are not supported by exchanges), and are only used to store around 1% of all existing Zcash coins.”

Kaspersky has spotted roughly 1,000 unique users who have some version of the Zcash miners installed on their machine under a different name, a circumstance that suggests their computers were infected.

 

Give a look at the analysis published by Kaspersky for more information.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Zcash (ZEC), cybercrime) 

 

The post Zcash cryptocurrency, a new opportunity for cyber criminals appeared first on Security Affairs.

Source: Security affairs

Our concern is BioWare seems to be focusing on things that don’t necessarily scream Mass Effect Andromeda. Everyone enjoys a good combat mechanic, sure. But a LOT of people cite Mass Effect 1 as the best in the franchise despite having the poorest combat and technical problems out the door. How is BioWare approaching Mass […]

The post Mass Effect Andromeda Isn’t A New Concept – BioWare Is Revisiting A Previous IP To Deliver ME:A appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

How many Internet-connected devices do you have in your home? I am surrounded by around 25 such devices.

It’s not just your PC, smartphone, and tablet that are connected to the Internet. Today our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks.

However, when it comes to security, people generally ignore to


Source: http://feeds.feedburner.com/TheHackersNews

If you came across a celebrity sex video on Facebook featuring Jessica Alba or any other celebrity, just avoid clicking it.

Another Facebook scam is circulating across the social networking website that attempts to trick Facebook users into clicking on a link for a celebrity sex tape that instead downloads malware onto their computers.

Once installed, the malware would force web browsers to


Source: http://feeds.feedburner.com/TheHackersNews

Skyblivion intends to take the older game and use the Skyrim Special Edition’s engine. The story, characters, items, etc. are the same as the old one. It just uses the newer game’s engine. Skyblivion is really great because it uses Skyrim’s engine and it’s gameplay mechanics, too. Furthermore, it also retains the Oblivion map, NPCs, […]

The post Skyrim Special Edition Mod Aims To Recreate The Original The Elder Scrolls IV Oblivion Game appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

Building on the strengths of its predecessors, The Last Guardian presents a majestic and memorable adventure. We know a lot of you must be having trouble beating some of the trophies, so we decided to help you guys with this The Last Guardian guide. The Last Guardian That Hits the Spot Trophy Guide Sometimes when […]

The post The Last Guardian Tips & Tricks – That Hits the Spot Trophy Guide appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

A PricewaterhouseCoopers SAP software, the Automated Controls Evaluator (ACE), is affected by a critical security flaw that could be exploited by hackers.

A software developed by PricewaterhouseCoopers for SAP systems, the Automated Controls Evaluator (ACE), is affected by a critical security flaw.

The vulnerability was discovered by the security firm ESNC who analyzed the tool. The Automated Controls Evaluator (ACE) is a diagnostic SAP tool that extracts security and configuration data from SAP systems in order to analyze them in order to discover backdoors (such as configuration, customization and security settings) and misconfiguration that could be exploited by attackers to commit fraud.”

“The purpose of this tool is to analyze SAP security settings and identify privileged access and potential segregation of duties issues accurately and efficiently”; and – “The ABAP files introduce no changes to the production systems and settings”. states the PricewaterhouseCoopers website.

The researchers from ESNC have discovered that the PwC ACE software is affected by a remotely exploitable security flaw that could be exploited to inject and execute malicious ABAP code on the remote SAP system. The potential impact on the companies that uses the tool is critical, the vulnerability may allow an attacker bypass change management control, bypass segregation of duty restrictions, and of course, manipulate accounting documents and financial results exposing the business to fraudulent activities.

“This security vulnerability may allow an attacker to manipulate accounting documents and financial results, bypass change management controls, and bypass segregation of duties restrictions,” states the advisory published by ESNC.

“This activity may result in fraud, theft or manipulation of sensitive data including PII such as customer master data and HR payroll information, unauthorized payment transactions and transfer of money.” “The attacks may be executed from the local network via SAPGui, or from the public Internet via http/https ICF services such as WebGui and Report, if the systems are accessible.”

The vulnerability affects version 8.10.304, and potentially also earlier versions might also be affected.

A PricewaterhouseCoopers spokeswoman tried to downplay the issue by explaining that the company is not aware of any problem with his software.

“The code referenced in this bulletin is not included in the current version of the software which is available to all of our clients,” a PwC spokeswoman told The Reg. “The bulletin describes a hypothetical and unlikely scenario – we are not aware of any situation in which it has materialized.”

The Reg highlighted the difficulties faced by ESNC in reporting the issue to PricewaterhouseCoopers. The flaw was reported in August, but PwC initially didn’t provide a response, then its lawyers sent an email to the security researchers to “desist” their investigation.

Below the Vulnerability Timeline shared by ESNC

  • 19.08.2016 PwC contacted
  • 22.08.2016 Meeting with PwC, informed them about the impact and the details of the vulnerability and responsible disclosure
  • 05.09.2016 Asked PwC about updates and whether a patch is available
  • 13.09.2016 Received a Cease & Desist letter from PwC lawyers
  • 18.11.2016 Informed that 90 days have passed and ESNC is planning to release a security advisory; asked for any details PwC can share about this matter including risk, affected versions, how to obtain a patch
  • 22.11.2016 Received another Cease & Desist letter from PwC lawyers
  • 07.12.2016 Public disclosure

This is a wrong approach to cyber security.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – PricewaterhouseCoopers SAP tool, hacking) 

The post Critical flaw in PricewaterhouseCoopers SAP security tool, but PwC tries downplay it appeared first on Security Affairs.

Source: Security affairs

Motherboard published an interesting blog post which includes further details on the cost of StingRay phone surveillance equipment.

A couple of years ago I published a post on Stingray Technology trying to explain how governments track cellular devices.

A StingRay is an IMSI-catcher (International Mobile Subscriber Identity) designed and commercialized by the Harris Corporation. At the time of the article, the cellular surveillance system was costing as much as $400,000 in the basic configuration, and its price varied with add-ons ordered by the agency.

The IMSI-catcher is a surveillance solution used by military and intelligence agencies for telephone eavesdropping. It allows for intercepting mobile phone traffic and tracking movements of mobile phone users. Essentially, an IMSI catcher operates as a bogus mobile cell tower that sits between the target mobile phone and the service provider’s real towers. The IMSI catcher runs a Man In the Middle (MITM) attack that could not be detected by the users without using specific products that secure communication on mobile devices.

The use of the IMSI-catcher is raising a heated debate in the United States because devices like StingRay and other similar cellphone tracking solutions are being widely adopted by law enforcement agencies across the country.

StingRay allows law enforcement to intercept calls and Internet traffic, send fake texts, inject malware on a mobile device, and to locate the targets.

Now Curtis Waltman from Motherboard published an interesting blog post which provided further details on the cost of the StingRay phone surveillance tool.

Waltman published data provided by the Rochester Police Department in New York that responded to the Cell Site Simulator Census, an initiative that census the cellphone surveillance equipment use and policy.

“A mapping of police departments and agencies nationwide that are using IMSI catcher (Stingray) technology. Included in this mapping is a focus on the policies, procedure and contractual agreements that department’s are formulating as they adopt the controversial surveillance device.” states the description for the census.

Data shared by Motherboard are very interesting and provides useful insights about their surveillance systems, their components, and prices. It a “completely unredacted quote list of Harris Corporation products”.

Documents shared by the Rochester Police Department show clearly how Harris sells the Stingray equipment to law enforcement.

According to the documents, devices are often sold in packages, like the StingRay II Vehicular System that is offered for sale with devices (i.e. Three different kinds of Harris’ Harpoon signal amplifiers) that allow its use for a patrol vehicle.

How much cost a StingRay II Vehicular System?

The package includes a laptop, three kinds of software for accessing different types of cellular networks, and an AmberJack cellphone tracker goes for a grand total of $148,000.

“The Amberjack is an important accessory for the surveillance systems like Stingray, Gossamer, and Kingfish. It is a direction-finding system antenna that is used for cellular device tracking. It costs nearly $35,015″ I wrote in a blog post published early this year.

The prices for the AmberJack is quite similar I published early this year.

According to documents published by Motherboard, The KingFish package, Harris Corporations smaller, mobile version of the StingRay, is sold for $157,000.

The single KingFish device is not so expensive as I have reported early this year.

“Kingfish is a surveillance transceiver that is used by law enforcement and intelligence agencies to track cellular devices and exfiltrate information from mobile devices over a targeted area. It could be concealed in a briefcase and allows gathering of unique identity codes and shows connections between phones and numbers being dialed. Its cost is slightly higher than $25,000.” 

The Rochester PD expressed its interest for the entire KingFish, except the laptop.

The company is including in the surveillance packages also training activities that go for $12,000.

“These packages also come with the option of a training package, costing $12,000, and a one year maintenance package that will cost $169,000 if your department decided to splurge for the whole line of Harris’ products (this was 2011 so the 4G network cell site simulator the HailStorm wasn’t released yet.) Training isn’t included interestingly enough, so police departments are more or less forced to pay for training on these complicated and powerful devices.” states the post published by Motherboard.

The note at the end of the document provides also further details of the surveillance technology, including the specifications required to use the equipment in a real scenario.

“The StingRay and Kingfish can be run out of a car’s cigarette lighter, while the StingRay II requires a 2000W power inverter. That is hungrier for power than almost any household appliance, save a dryer or oven.” continues the post.

If you are interested in StingRay surveillance technology, give a look at the article “StingRay Technology: How Government Tracks Cellular Devices

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Surveillance, Law enforcement) 

The post How much cost a StingRay? Surveillance is a profitable business appeared first on Security Affairs.

Source: Security affairs