Russian Spies Rush to Exploit the Latest Flash Zero Day and More Security News This Week

There’s nothing like a hefty security freakout to start the week, and the Key Reinstallation AttackWi-Fi vulnerability—you know it as Krack—announced on Monday fit the bill. The bug is in the ubiquitous WPA2 Wi-Fi protocol, so while it fortunately doesn’t impact every single device that exists, it does affect a significant portion of them. And many will likely never receive protective patches, a longstanding and critical security problem that particularly affects the Internet of Things. The relative simplicity of the Krack bug itself also highlights the importance of making technical standards accessible to researchers for review and feedback.

Google announced a new tier of account security this week called Advanced Protection that uses physical authentication tokens, advanced scanning, and siloing to help defend particularly at-risk accounts (or anyone who wants to be very cautious). And after its disastrous corporate breach, Equifax is receiving a thorough public shaming. Researchers also discovered that for just $ 1,000 they can exploit mobile advertising networks to track people’s movements in both cyberspace and the real world. Not great!

US-Iranian relations are tense and could nudge Iran’s cyber operations. And crooks have a new favorite hustle called “cryptojacking” that can secretly use your devices to mine cryptocurrency when you visit infected websites. Highs and lows.

And there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Flash Patched Its Recent Zero Day, So Russian Hackers Are Using It While They Can

Kaspersky Labs researchers announced a new Adobe Flash vulnerability on Monday, noting that unidentified hackers exploited the bug in an attack on October 10, using a compromised Microsoft Word document to deliver FinSpy malware. Adobe coordinated with Kaspersky to issue a patch on the day of the disclosure. In the wake of the patch, researchers at the security firm Proofpoint observed the hackers doubling down to exploit the flaw before potential targets widely adopt the fix. The group, which Proofpoint says is the Russia-backed collective Fancy Bear, launched an email spearphishing campaign that targeted state departments and aerospace companies. But researchers say the operation was sloppy, and that the group has followed this pattern in the past.

Microsoft Didn’t Disclose 2013 Breach of a Sensitive Vulnerability Database

Sophisticated hackers breached Microsoft’s internal vulnerability-tracking database more than four years ago, but the company didn’t publicly disclose the incident. Five former Microsoft employees told Reuters that the company was aware of the intrusion in 2013. The database would have contained critical vulnerabilities in Microsoft’s widely used software products, including Windows, and may have even included code for exploiting those flaws. Such information would be a gold mine for foreign government-backed hackers or third-party criminals alike, and could have facilitated breaches and espionage at the time.

Reuters’ sources said in separate interviews that Microsoft never connected the breach to any other attacks, and that the company didn’t disclose the incident, because doing so would have pushed attackers to exploit the vulnerabilities before they were patched. Microsoft presumably patched everything in the compromised database years ago, though. Reuters’ sources say that the Microsoft did at least improve its internal security in response to the hack. The incident was part of a rash of attacks that also hit Apple, Facebook, and Twitter. The group behind these hacks is still unidentified, but is known by different researchers as Morpho, Butterfly, and Wild Neutron, and is still active today.

UK Concludes That Iran, Not Russia or North Korea, Hacked Officials’ Email Accounts

Investigators in the United Kingdom concluded last week that Iranian government-backed hackers were behind a June email network intrusion that targeted numerous members of parliament and Prime Minister Theresa May. Every MP uses the network, but the hackers specifically looked for accounts protected by weak passwords or reused ones that had leaked online after other breaches. The parliamentary digital services team told the Guardian that it was making email security changes in response to the attack. The incident underscores Iran’s ongoing digital offensive initiatives. Though the country has been less focused on Western targets in the last few years, it is still an active threat around the world. Recently, US President Donald Trump has worked to undermine the Iran nuclear deal, but Theresa May and other European leaders say they want to preserve it.

Police Did Social Media Surveillance on New York Black Lives Matter Group

The Black Lives Matter Global Network chapter in the Rockland County, New York filed a federal lawsuit in August claiming that local Clarkstown police conducted illegal surveillance on it throughout 2015. Clarkstown police records from the Strategic Intelligence Unit describe social-media surveillance targeted at BLM members. The documents even show evidence that a lead detective told the Strategic Intelligence Unit supervisor to stop the surveillance, but this didn’t end the program. BLM is alleging that Clarkstown police engaged in racial profiling, and violated the group members’ rights to free speech and assembly.

Millions of Crucial Cryptography Keys Weakened By Trusted Generator

A flaw in how a popular code base generates cryptographic keys has ruined the security of millions of encryption schemes. The generator appeared in two security certification standards used my numerous governments and large corporations worldwide, meaning that the flawed keys are meant to protect particularly sensitive platforms and data. German chipmaker Infineon developed the software, which has included the key generating flaw since 2012 or possibly earlier. Attackers could exploit the bug to figure out the private part of a key from its public component. From there they could do things like manipulate digitally signed software, disable other network protections, or, of course, decrypt sensitive data. The situation affects Estonia’s much-touted secure digital ID system. Infineon, Microsoft, and Google warn that the flaw will undermine their Trusted Platform Module products until customers generate new, more robust keys. Estonia has announced plans to update the keys used for its national IDs.

Tech

Famed Architect’s Lawsuit Against Google Just Got Much More Serious

Eli Attia alleges he wasn’t the only one mistreated by the search giant.

A long-running lawsuit filed against Google by a prominent architect has just gotten much broader.

Last week, the Superior Court of California granted a motion adding racketeering charges to the civil case being pursued against Google by Eli Attia, an expert in high-rise construction. Attia claims Google stole his idea for an innovative building design method – and now he wants to prove that it does the same thing frequently.

Attia’s suit was originally filed in 2014, four years after he began discussions with Google (prior to its reorganization as Alphabet) about developing software based on a set of concepts he called Engineered Architecture. Attia has said Engineered Architecture, broadly described as a modular approach to building, would revolutionize the design and construction of large buildings. Attia developed the concepts based on insights gleaned from his high-profile architecture career, and has called them his life’s work.

Google executives including Google X cofounder Astro Teller came to share his enthusiasm, and championed developing software based on Engineered Architecture as one of the company’s “moonshots.” But Attia claims the company later used his ideas without fulfilling an agreement to pay to license them.

Get Data Sheet, Fortune’s technology newsletter.

Attia’s suit names not just Google, but individual executives including founders Larry Page and Sergey Brin. It also names Flux Factory, the unit Attia’s suit alleges was spun off specifically to capitalize on his ideas.

Speaking to the San Jose Mercury News, Attia’s lawyer claims Google told Attia his project had been cancelled, “when in fact they were going full blast on it.” Flux Factory is now known as Flux, and touts itself as “the first company launched by Google X.”

Attia’s suit will now also seek to prove that his case is representative of a much broader pattern of behavior by Alphabet. According to court documents, the motion to add racketeering charges hinged on six similar incidents. Those incidents aren’t specified in the latest court proceedings, but Alphabet has faced a similar trade-secrets battle this summer over X’s Project Loon, which has already led to Loon being stripped of some patents.

The idea of racketeering charges entering the picture will surprise many who associate them with violent organized criminals. But under RICO statutes, civil racketeering suits can be brought by private litigants against organizations and individuals alleged to have engaged in ongoing misdeeds. The broader use of racketeering charges has slowly gained ground since the introduction of RICO laws in the 1960s, with some famous instances including suits against Major League Baseball and even the Los Angeles Police Department.

Tech

How Uber is designing an app that works in more than 400 cities

Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f99181%2fc3e4764a5df54e25b074a03dff0ddbff

Feed-twFeed-fb

Uber may have been the target of considerable (and deserved) flack for its new logo in February, but the rideshare company has bigger design challenges on its mind than simply rebranding.

Uber wants to make transportation “as reliable as running water,” Ethan Eismann, Uber’s director of product design, said at the Semi Permanent design event in Sydney Thursday. To do that, they’re going to need an app that works in more than 400 cities and counting.

Eismann spoke with Mashable Australia after the event to discuss how the platform is approaching this considerable design task, when everything from traffic conditions to mobile coverage to local customs are enormously different in each city. Read more…

More about Design, Australia, Uber, Tech, and Apps Software


All articles

Weekend Business Update: Mercari joins the unicorns, Snapchat data leaked, and more.

WUFI
It’s the first weekend of March, and spring is around the corner. But if the weather where you live is anything like here in Amsterdam, you’re likely stuck inside hiding from freezing rain, sleet, or some other bothersome, moist form of precipitation. A perfect time to play catch up with the state of the tech industry, in other words. At Index we spend every day gathering news on tech companies from around the world so that there’s a convenient platform for tech enthusiasts everywhere to access that data. In this series, we catch you up every week on what’s been…

This story continues at The Next Web


All articles

Facebook is down, go do something more fun while it recovers [Update: It’s back!]

Screen Shot 2015-09-24 at 12.37.14 PM
Facebook is down for many users around the world, according to DownDetector.co.uk and reports on Twitter. It’s the second outage within a week for the social network, and many people are unable to log in and view those critical status messages, Pages and other updates. These problems don’t tend to last too long, but we’ve asked Facebook for a statement on the situation and will update here when normal service resumes. Until then, go fly a kite or something. Update: An intermittent service is coming back for some users but the site still isn’t back to normal. Some users are also still…

This story continues at The Next Web


All articles

RISC Networks Finds That IT Teams Require More Effective Data than…

Leader in Cloud and Data Center Analytics to demonstrate new Application Centric Visualization technology at AWS re:Invent 2015 in Las Vegas from October 6 – 9, 2015

(PRWeb September 24, 2015)

Read the full story at http://www.prweb.com/releases/2015/09/prweb12979745.htm

RSS-4


All articles

Everything Oculus announced today: $99 Gear VR, Touch release date, Minecraft, and more

It's coming soon.

It’s Oculus Connect keynote day, and the company had a lot of stuff to announce despite a claim that consumers shouldn’t get too excited about the event in Los Angeles.

Here are all the big announcements:

Samsung’s $ 99 Gear VR

While Oculus is planning to release the amazing new Rift headset in Q1 2016, one of its biggest partners, Samsung, revealed it will release the consumer version of Gear VR in November for just $ 99. This will work with Samsung’s Galaxy S6, S6 Edge, S6 Edge+, and Note 5.

From VentureBeat

Gaming is in its golden age, and big and small players alike are maneuvering like kings and queens in A Game of Thrones. Register now for our GamesBeat 2015 event, Oct. 12-Oct.13, where we’ll explore strategies in the new world of gaming.

Oculus SDK 1.0 is coming in November

Both Rift and Gear VR will need a lot of VR content, and Oculus is planning to update its software-development kit to help studios do exactly that. One of the big things this SDK will come with is direct drivers — this will enable the headset to work without having to fiddle with setting up the Rift as an external monitor.

Oculus Arcade

This is a 1980s-style arcade simulator that enables you to feel like you’re playing Pac-Man at a stand-up machine.

Trailer for Rift games

 

Twitch, Hulu, Netflix, and more to support Oculus Video

netflix-virtual-reality-app

Developers are working on plenty of games for virtual reality, but Oculus is expecting all kinds of content to make the leap to its Rift and Gear VR systems. That includes video services like Netflix and Hulu — the latter of which revealed it is planning to build VR-native videos.

“Oculus Ready” PCs

You’re gonna need a beefy PC to use an Oculus Rift, but you won’t need to guess if certain systems will work. Oculus announced it will work with hardware manufacturers like Dell, Alienware, and Asus on a line of “Oculus Ready” rigs that cost less than $ 1,000.

Minecraft comes to Rift

Microsoft is planning to make the Windows 10 Edition of its block-building game Minecraft compatible with Xbox One.

Oculus is working on its equivalent of Xbox Live and the App Store

Facebook, the owner of Oculus VR, has said that it won’t try to make a lot of money on the Rift hardware. That means it’s going to make the real cash on the app and software side. And we saw a little bit of that today when the company revealed how its platform will handle social features, analytics, and distribution.

Oculus Touch trailer and release date

The incredible Oculus Touch controllers, which brings your hands into VR, aren’t coming out until Q2 of 2016. But here’s a trailer to show what they can do.

Oculus Medium

Oculus chief executive officer Brendan Iribe said that every new platform needs a paint app, and Medium is what his company is calling its take on 3D drawing.

Epic reveals new Oculus Touch demo Bullet Train

More information:

Powered by VBProfiles


All articles

Google says its voice search system is now more accurate, especially in noisy places

Google voice search on the web.

If you’ve noticed Google doing a better job of understanding what you say using speech recognition on your smartphone lately, you’re not crazy. Google’s voice search has indeed become more accurate, thanks to advances in artificial intelligence, the tech company announced today.

“Today, we’re happy to announce we built even better neural network acoustic models using Connectionist Temporal Classification (CTC) and sequence discriminative training techniques,” Google Speech Team members Haşim Sak, Andrew Senior, Kanishka Rao, Françoise Beaufays and Johan Schalkwyk wrote in a blog post today. “These models are a special extension of recurrent neural networks (RNNs) that are more accurate, especially in noisy environments, and they are blazingly fast!”

The new models are working in the Google app for iOS and Android, as well as dictation on Android, which works inside of some third-party apps, the team members wrote.

From VentureBeat

Location, location, location — Not using geolocation to reach your mobile customers? Your competitors are. Find out what you’re missing.

Google has reported improvements in voice search not once but twice this year. Clearly the company has been investing in the underlying technology. RNNs are one increasingly popular approach to doing deep learning, a type of artificial intelligence, and Google is widely thought to have a deep bench in deep learning.

But Apple and Microsoft, among others, have also been working to improve their voice recognition capabilities. Meanwhile, Facebook is also doing more in the area, having acquired a speech recognition company, Wit.ai, some months ago.

Speech could become more important as an input to searching the Web in the years to come. Baidu’s Andrew Ng, who is known for his work on the so-called Google Brain, last year predicted that within five years “50 percent of queries will be on speech or images.”

“In addition to requiring much lower computational resources, the new models are more accurate, robust to noise, and faster to respond to voice search queries — so give it a try, and happy (voice) searching!” wrote Sak, Senior, Rao, Beaufays, and Schalkwyk.

Read the full blog post for more detail on how the team managed to get the new performance gains.

More information:

Powered by VBProfiles


All articles

A Wedding Ring Spins More Like a Boomerang Than a Coin  

Spin a coin on a flat surface, and it spirals much like a planet orbiting a star — at least until it runs out of steam and rattles to a stop on the table. But spin a wedding ring the same way, and it will make a surprising abrupt turn, following a trajectory more like a boomerang.

Read more…


All articles

New, Insanely High-Resolution Pluto Images Include More Color—and Weird “Snakeskin” Textures

A fresh batch of images straight from the New Horizons downlink give us just what we’ve been waiting for: color views of Pluto! Ridiculously high resolution detail! Strange new snakeskin textures! Plus a first look at how methane is involved in shaping these crazy ice landscapes.

Read more…


All articles

Microsoft adds more features to its cloud-hosted Team Foundation Service

ubuntu 9.10 cloud server cds

Image by osde8info
ubuntu 9.10 cloud server cds

Microsoft adds more features to its cloud-hosted Team Foundation Service
Microsoft first previewed plans for a cloud-based version of its Team Foundation Server — its source-control and software-development-project-tracking tool — a year ago. The company made available a technical preview of Team Foundation Service at the …
Read more on ZDNet (blog)

Cracking the Cloud: An Amazon Web Services Primer
It's nice to imagine the cloud as an idyllic server room—with faux grass, no less!—but there's actually far more going on than you'd think. Photo: Tom Raftery/Flickr By Matthew Braga Maybe you're a Dropbox devotee. Or perhaps you really like …
Read more on Wired News