By EditorDavid from Slashdot's Flash-in-the-pan department
An anonymous reader quotes an article from BankInfoSecurity:
Security experts are once again warning enterprises to immediately update -- or delete -- all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.... The bug exists in Adobe Flash Player 126.96.36.199 and earlier versions -- running on Windows, Mac, Linux, and Chrome OS -- and "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system."
Thursday Adobe released an updated version of Flash patching 36 separate vulnerabilities, including the critical vulnerability which "if exploited would allow malicious native-code to execute, potentially without a user being aware." While applauding Adobe's quick response, researchers at Kaspersky Lab say it's already been exploited in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and BankInfoSecurity writes that "The latest warning over this campaign reinforces just how often APT attackers target Flash, thus making a potential business case for banning it for inside the enterprise."Read Replies (0)
By manishs from Slashdot's this-should-be-fun department
Even if you pay only a fraction of your time on security news, you probably already know Mikko Hypponen (Twitter, Wikipedia). He is the Chief Research Officer at F-Secure, a security firm he joined over two decades ago. Hypponen has assisted law enforcement in the United States, Europe and Asia on cybercrime cases, and has also made several appearances on BBC, TED talks, TEDx, DLD, SXSW, Black Hat, DEF CON, and Google Zeitgeist among others. He has also written for CNN, The New York Times, Wired, and BetaNews. Hypponen has closely watched computers, networks, and security spaces grow over the years. In 2011, Hypponen tracked down the authors of the first PC virus in history -- Brain.A. Whether you want to know about the early days of malware -- when they were mostly created by hobbyists, or an inside view of the challenges security firms face today, or how exactly does one keep himself or herself safe in the increasingly terrifying world, use the comments section to leave your question.Read Replies (0)
By EditorDavid from Slashdot's data-field-maneuvers department
The Air Force now says it will be able to recover those 100,000 investigation files dating back to 2004, after "aggressively leveraging all vendor and department capabilities." An anonymous reader quotes a report from Government Executive about the mysteriously corrupted database:
In a short, four-sentence statement released midday on Wednesday, service officials said the Air Force continues to investigate the embarrassing incident in which the files and their backups were corrupted. "Through extensive data recovery efforts over the weekend and this week, the Air Force has been able to regain access to the data in the Air Force Inspector General Automated Case Tracking System..." the statement reads. Earlier on Wednesday, the Air Force chief of staff said that the effort to recover the files involved Lockheed Martin and Oracle, the two defense contractors that run the database, plus Air Force cyber and defense cyber crime personnel.
The Chief of Staff hopes "there won't be a long-term impact, other than making sure we understand exactly what happened, how it happened and how we keep it from ever happening again." The Air Force is conducting an independent review, while Lockheed Martin is now also performing a separate internal review.Read Replies (0)
By EditorDavid from Slashdot's envelope,-please department
chicksdaddy shares an article from Security Ledger: The Pwnies, a long-running awards ceremony that is the hacker community's equivalent of The Oscars (or at least The People's Choice Awards) is adding an award for "Junk Hacking" to its 2016 roster... [I]n a nod to the security industry's penchant for stunt hacking and the technology industry's penchant for unwarranted complexity, the award will be given to researchers who "discovered and performed the most needlessly sophisticated attack against the most needlessly Internet-enabled 'Thing.'"
Among other new categories that are being added are Pwnies for the "Best Cryptographic Attack," the "Best Backdoor," and the closely related "Best Stunt Hack," awarded to "the researchers, their PR team, and participating journalists for the best, most high-profile, and fear-inducing public spectacle that resulted in the most panic-stricken phone calls from our less-technical friends and family members"... Anyone can nominate a recipient for a Pwnie using the organizationâ(TM)s web site.
Though the award targets pointless products on the Internet of Things, one judge points out that "It may be that there's some exploit in your connected toothbrush that could also be used against a home security system..."Read Replies (0)
By EditorDavid from Slashdot's check-please department
Business have lost over $3 billion because of compromised e-mail accounts, the FBI reports, citing "a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments." 22,143 business have been affected -- 14,302 within the U.S. -- with a total dollar loss of $3,086,250,090, representing an increase of 1,300% since January of 2015.
Using social engineering or "computer intrusion techniques," the attackers target employees responsible for wire transfers (or issuing checks) using five scenarios, which include bogus invoices or executive requests for a wire transfer of funds, with some attackers even impersonating a corporate law firm. "Victims report that IP addresses frequently trace back to free domain registrars," warns the FBI's Internet Crime Complaint Center, which also urges businesses to avoid free web-based e-mail accounts.Read Replies (0)
By BeauHD from Slashdot's let's-settle-this department
New submitter monkeyman.kix quotes a report from Gizmodo: Even though it sounded like we may be getting close to ending the battle between the fan film Axanar and the studios that own Star Trek, the latest court action hints that it's just starting. Last month at a Star Trek fan event, J.J. Abrams indicated that they believed that CBS and Paramount's lawsuit against the fan film Axanar would be settled. At the time, he said that Star Trek Beyond director Justin Lin was "outraged by this as a longtime fan" and that they both realized "this was not an appropriate way to deal with the fans." Except that the legal proceedings haven't stopped yet. The parties were back in court today, with CBS and Paramount (the plaintiffs) taking center stage. The state of the case is this: Paramount and CBS sued Axanar Productions for copyright infringement in late 2015. The judge rejected the defendant's motion to dismiss the case, finding that the studios had sufficient cause and provided enough notice to the fan film to proceed. He also dismissed a separate brief, refusing to decide on whether Klingon as a language was copyrightable. The Hollywood Reporter writes: "Now, instead of asking for an extension, Paramount and CBS have filed their own answer to the counterclaim admitting public statements, saying such items speak for themselves, but otherwise acting as though the lawsuit is moving forward. The plaintiffs, for example, deny that the works in controversy represent a fair use of their copyrights. "Read Replies (0)
By BeauHD from Slashdot's time-a-time-out department
schwit1 quotes a report from ScienceAlert: Two scientists have come up with a depressing new hypothesis that attempts to explain why cancer is so hard to stop. Maybe, they suggest, cancer's not working against us. Maybe the disease is actually an evolutionary 'final checkpoint' that stops faulty DNA from being passed down to the next generation. To be clear, this is just a hypothesis. It hasn't been tested experimentally, and, more importantly, no one is suggesting that anyone should die of cancer. In fact, it's quite the opposite -- the researchers say that this line of thinking could help us to better understand the disease, and come up with more effective treatment strategies, like immunotherapy, even if a cure might not be possible. So let's step back a second here, because why are our bodies trying to kill us? The idea behind the paper is based on the fact that, in the healthy body, there are a whole range of inbuilt safeguards, or 'checkpoints,' that stop DNA mutations from being passed onto new cells. One of the most important of these checkpoints is apoptosis, or programmed cell death. Whenever DNA is damaged and can't be fixed, cells are marked for apoptosis, and are quickly digested by the immune system -- effectively 'swallowing' the problem. No mess, no fuss. But the new hypothesis suggests that when apoptosis -- and the other safeguards -- don't work like they're supposed to, cancer just might be the final 'checkpoint' that steps in and gets rid of the rogue cells before their DNA can be passed on... by, uh, killing us, and removing our genetic material from the gene pool.Read Replies (0)
By BeauHD from Slashdot's cover-your-arse department
An anonymous reader writes: In Google Fiber's updated terms, the company now says they "require the use of binding arbitration to resolve disputes rather than jury trials or class actions." Ars Technica reports: "While the clause allows cases in small claims court, it otherwise forces customers to waive the right to bring legal actions against the ISP. Arbitration must be sought on an individual basis, as the clause also prevents class arbitration. The previous terms of service did not have the binding arbitration clause, though they did limit Google Fiber's liability to the amount customers pay to use the services." The good news: customers can opt out of the change. The bad news: they have 30 days. "According to the terms, the new agreement kicks in within 30 days of accepting the new language. Customers can, however, during that time period use this online form (you must be logged in to your Fiber account to access it) to opt out of this change and future changes to the arbitration agreement," writes The Consumerist. Ars Technica reports that Google told them customers have 60 days to opt out. "An e-mail sent to customers on June 14 says the new terms of service will apply unless they call to cancel service within 30 days. If customers do nothing, they will have "accepted" the terms at that 30-day mark. After that, customers who remain with Google Fiber have another 30 days to opt out of the new terms using the online form," writes Ars.Read Replies (0)
By BeauHD from Slashdot's increased-demand department
An anonymous reader quotes a report from Network World: Ahead of Apple's WWDC keynote this year, one of the more bizarre and sketchy rumors we saw take shape claimed that Apple was planning to deliver iMessage to Android. As is typically the case, the rumor mill took this somewhat ridiculous rumor and ran with it. The only problem is that some people were so busy trying to figure out the ramifications of iMessage hitting Android that they didn't take a step back and try and figure out if this is something Apple would even contemplate in the first place. Remember, every move Apple makes is strategic and geared towards making more money, either via device sales or software. That being the case, iMessage on Android would not only be a free app, but it would also eliminate a user-experience advantage of iOS. Interestingly enough, Walt Mossberg of The Verge asked a senior Apple executive about the rumor whereupon the nameless executive all but indicated that iMessage will never be coming to Android. Walt Mossberg writes: "First, he said, Apple considers its own user base of 1 billion active devices to provide a large enough data set for any possible AI learning the company is working on. And, second, having a superior messaging platform that only worked on Apple devices would help sales of those device -- the company's classic (and successful) rationale for years."Read Replies (0)