Investigators have warned consumers they face potentially fatal risks after 99% of fake Apple chargers failed a basic safety test. From a report on BBC: Trading Standards, which commissioned the checks, said counterfeit electrical goods bought online were an "unknown entity." Of 400 counterfeit chargers, only three were found to have enough insulation to protect against electric shocks. It comes as Apple has complained of a "flood" of fakes being sold on Amazon. Apple revealed in October that it was suing a third-party vendor, which it said was putting customers "at risk" by selling power adapters masquerading as those sold by the Californian tech firm.
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust. From a report on Reuters: Russia's domestic intelligence agency, the Federal Security Service (FSB), said that the servers to be used in the alleged cyber attack were located in the Netherlands and registered to a Ukrainian web hosting company called BlazingFast. The attack, which was to target major national and provincial banks in several Russian cities, was meant to start on Dec. 5, the FSB said in a statement. "It was planned that the cyber attack would be accompanied by a mass send-out of SMS messages and publications in social media of a provocative nature regarding a crisis in the Russian banking system, bankruptcies and license withdrawals," it said. "The FSB is carrying out the necessary measures to neutralize threats to Russia's economic and information security."
More than 100,000 people in the UK have had their internet access cut after a string of service providers were hit by what is believed to be a coordinated cyber-attack, taking the number affected in Europe up to about a million. From a report on The Guardian, shared by reader JoshTops: TalkTalk, one of Britain's biggest service providers, the Post Office and the Hull-based KCom were all affected by the malware known as the Mirai worm, which is spread via compromised computers. The Post Office said 100,000 customers had experienced problems since the attack began on Sunday and KCom put its figure at about 10,000 customers since Saturday. Earlier this week, Germany's Deutsche Telekom said up to 900,000 of its customers had lost their internet connection as part of the same incident.
AirDroid is a popular Android application that allows users to send and receive text messages and transfer files and see notifications from their computer. Zimperium, a mobile security company, recently released details of several major security vulnerabilities in the application, allowing attackers on the same network to access user information and execute code on a user's device. Since there are between 10 and 50 million installations of the app, many users may be imperiled by AirDroid. Android Police reports: The security issues are mainly due to AirDroid using the same HTTP request to authorize the device and send usage statistics. The request is encrypted, but uses a hardcoded key in the AirDroid application (so essentially, everyone using AirDroid has the same key). Attackers on the same network an intercept the authentication request (commonly known as a Man-in-the-middle attack) using the key extracted from any AirDroid APK to retrieve private account information. This includes the email address and password associated with the AirDroid account. Attackers using a transparent proxy can intercept the network request AirDroid sends to check for add-on updates, and inject any APK they want. AirDroid would then notify the user of an add-on update, then download the malicious APK and ask the user to accept the installation. Zimperium notified AirDroid of these security flaws on May 24, and a few days later, AirDroid acknowledged the problem. Zimperium continued to follow up until AirDroid informed them of the upcoming 4.0 release, which was made available last month. Zimperium later discovered that version 4.0 still had all these same issues, and finally went public with the security vulnerabilities today.
plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named "Avalanche," estimated to have involved as many as 500,000 infected computers worldwide on a daily basis. A Europol release says: "The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked." Sean Gallagher writes via Ars Technica: "The domains seized have been 'sinkholed' to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the U.S. portion of the takedown. 'The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,' the FBI and DOJ said in their joint statement. In 2010, an Anti-Phishing Working Group report called out Avalanche as 'the world's most prolific phishing gang,' noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). 'During that time, it targeted more than 40 major financial institutions, online services, and job search providers,' APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time."
Security researchers have warned of flaws in medical implants in what they say could have fatal consequences. The flaws were found in the radio-based communications used to update implants, including pacemakers, and read data from them. From a BBC report:By exploiting the flaws, the researchers were able to adjust settings and even switch off gadgets. The attacks were also able to steal confidential data about patients and their health history. A software patch has been created to help thwart any real-world attacks. The flaws were found by an international team of security researchers based at the University of Leuven in Belgium and the University of Birmingham.
State-sponsored hackers have conducted a series of destructive attacks on Saudi Arabia over the last two weeks, erasing data and wreaking havoc in the computer banks of the agency running the country's airports and hitting five additional targets, according to two people familiar with an investigation into the breach. From a report on Bloomberg: Saudi Arabia said after inquiries from Bloomberg News that "several" government agencies were targeted in attacks that came from outside the kingdom, according to state media. Although a probe by Saudi authorities is still in its early stages, the people said digital evidence suggests the attacks emanated from Iran. That could present President-elect Donald Trump with a major national security challenge as he steps into the Oval Office. The use of offensive cyber weapons by a nation is relatively rare and the scale of the latest attacks could trigger a tit-for-tat cyber war in a region where capabilities have mushroomed ever since an attack on Saudi Aramco in 2012.
An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.
President-elect Donald Trump will have access to a system which can send unblockable texts to every phone in the United States once he becomes the president. From a report on NYMag: These 90-character messages, known as Wireless Emergency Alerts (or WEAs), are part of a program put in place after Congress passed the Warning, Alert, and Response Network (WARN) Act, in 2006. WEAs allow for targeted messages to be sent to every cell phone getting a signal from certain geographically relevant cell towers (or, in a national emergency, all of them). While it'd be a true nightmare to get screeching alerts from your phone that "Loser Senate Democrats still won't confirm great man Peter Thiel to Supreme Court. Sad!", there are some checks and balances on this. While President-elect Trump hasn't shown much impulse control when it comes to his favorite mass-messaging service, Twitter, the process for issuing a WEA isn't as simple as typing out a 90-character alert from a presidential smartphone and hitting "Send." All WEAs must be issued through FEMA's Integrated Public Alert Warning System, meaning that an emergency alert from the president still has at least one layer to pass through before being issued. While FEMA is under control of the executive branch (the head of FEMA is selected by the president, and reports to the Department of Homeland Security), the agency would have a vested interest in not seeing their alert system bent toward, uh, non-emergency ends.
SourceForge announced on Wednesday that it is introducing HTTPS for all project websites on its platform. Once a project has been moved to HTTPS, old domain will automatically redirect to their new counterparts, resulting in no loss of traffic or inconvenience. From a blog post on the site: With a single click, projects can opt-in to switch their web hosting from http://name.sourceforge.net to https://name.sourceforge.io. Project admins can find this option in the Admin page, under "HTTPS", naturally.There's also a guide to assist developers with the transition. SourceForge launched HTTPS support for SourceForge.net back in February, but this rolls out HTTPS support to individual project websites hosted on SourceForge. There's also a Site News section on the website now where you can read about all SourceForge changes and improvements over the past year since SourceForge was acquired by BIZX, such as eliminating the DevShare program and scanning all projects for malware.
Reader Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims' Google accounts in the process. The malware campaign, known as Gooligan, is a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that's not the main concern for victims. The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users' Google credentials.Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.
An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.
An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.
The Internet Archive, a digital library nonprofit that preserves billions of webpages for the historical record, is building a backup archive in Canada after the election of Donald Trump. The Verge adds: Today, it began collecting donations for the Internet Archive of Canada, intended to create a copy of the archive outside the United States. "On November 9th in America, we woke up to a new administration promising radical change," writes founder Brewster Kahle. "It was a firm reminder that institutions like ours, built for the long-term, need to design for change. For us, it means keeping our cultural materials safe, private and perpetually accessible. It means preparing for a web that may face greater restrictions. It means serving patrons in a world in which government surveillance is not going away; indeed it looks like it will increase."
New submitter petersike writes: If you're using iCloud to sync your calendar across your devices, chances are you just received a bunch of spammy invites over the last few days. Many users are reporting fake events about Black Friday 'deals' coming from Chinese users. If you're looking for cheap Ray-Ban or Louis Vuitton knockoffs, you might find these invites useful. Otherwise, you might be wondering: why is this a thing? If you use your calendar for work, you already rely on calendar invites to invite other people to meetings and events. All major calendar backends support this feature -- Google Calendar, Microsoft Exchange and Apple's iCloud. And it's quite a convenient feature as you only need to enter an email address to send these invitations. You don't need to be in the same company or even in your recipient's address book. But it's also yet another inbox -- and like every inbox out there, it can get abused.
The more drones being sold around the world increases the likelihood of them being used as part of a criminal act. For example, ISIS has been using drones in Iraq to carry and drop explosives. In an effort to protect consumers, an Australian and U.S. company called DroneShield has announced a product called the DroneGun. The DroneGun "allows for a controlled management of drone payload, such as explosives, with no damage to common drone models or the surrounding environment," the maker says on its website, "due to the drones generally responding via a vertical controlled landing on the spot, or returning back to the starting point (assisting to track the operator)." The Next Web reports: DroneGun, a handheld anti-drone device, has a range of 1.2 miles. It also looks like an unlockable item in a first-person shooter. The "gun" uses a jammer to disable electronic communication across the 2.4 and 5.8 GHz frequencies. Blocking these frequencies cuts off communication between the drone and pilot (or GPS) and forces it to land safely or return to its operator -- which assists in tracking the offending party. At 13 pounds, it's a bit cumbersome, but still capable of being operated by one person. It's also mostly a point-and-shoot device and doesn't require specialized training to use. DroneGun isn't approved for use in the United States -- thanks, FCC. If approved the device could provide a useful tool for taking down drones at airports, over crowded spaces, and in war zones.
Copyright holders asked Google to remove more than 1,000,000,000 allegedly infringing links from its search engine over the past twelve months, TorrentFreak reports. According to stats provided in Google's Transparency Report for the past one year, Google was asked to remove over one billion links -- or 1,007,741,143 links. From the article: More than 90 percent of the links, 908,237,861 were in fact removed. The rest of the reported links were rejected because they were invalid, not infringing, or duplicates of earlier requests. In total, Google has now processed just over two billion allegedly infringing URLs from 945,000 different domains. That the second billion took only a year, compared to several years for the first, shows how rapidly the volume of takedown requests is expanding. At the current rate, another billion will be added by the end of next summer. Most requests, over 50 million, were sent in for the website 4shared.com. However, according to the site's operators many of the reported URLs point to the same files, inflating the actual volume of infringing content.
From a report on Reuters: Anticipating a more protectionist US technology visa programme under a Donald Trump administration, India's $150 billion IT services sector will speed up acquisitions in the United States and recruit more heavily from college campuses there. Indian companies including Tata Consultancy Services, Infosys, and Wipro have long used H1-B skilled worker visas to fly computer engineers to the US, their largest overseas market, temporarily to service clients. Staff from those three companies accounted for around 86,000 new H1-B workers in 2005-14. The US currently issues close to that number of H1-B visas each year. President-elect Trump's campaign rhetoric, and his pick for Attorney General of Senator Jeff Sessions, a long-time critic of the visa programme, have many expecting a tighter regime.
An anonymous reader shares a report on The Register: Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances. Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS. From there Duffy found a package labeled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host. Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances. Duffy says all Azure RHEL images are configured without GPG validation checks meaning all would accept malicious package updates on their next run of yum updates.
An anonymous reader writes: A recent iOS update to 10.1.1 fix Apple's Health application has had unintended consequences for many users -- shutdown at 30% battery remaining and lack of audio using Apple Earpods. Users on an Apple forum report that the battery indicator jumps from 30% to 1% (dubbed the 30% bug) and a reboot is required where the phone then runs for a few more hours. Some have taken the iPhone back to receive a replacement only to find the same thing happens. Apple has not responded to the 11 pages of forum complaints but apparently, Genius Bar staff have identified unusual discharging of the battery -- which does not make sense if a reboot temporarily fixes the issue and returns the battery indicator to 30%. It also appears to affect all versions of iPhone that support iOS 10.x.