“Hey there! This is your boss. Please send
$1,000,000 to Tony Soprano, care of the Bank of Nigeria.” Do
companies actually do it like that?
Brian Krebs reports:
Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
Ubiquiti, a San Jose based maker of networking technology for service providers and enterprises, disclosed the attack in a quarterly financial report filed this week with the U.S. Securities and Exchange Commission (SEC). The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department.
Read more on KrebsOnSecurity.com.
Santayana was right,
"Those who do not learn history are doomed to repeat it."
This seems to be particularly true with the history of Computer
Security.
Darren Pauli reports:
Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max.
The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open “world readable” folder.
“Any unprivileged processes or apps can steal user’s fingerprints by reading this file,” the team says, adding that the images can be made into clear prints by adding some padding.
Read more on The
Register.
[From
the article:
It is one of four vulnerability scenarios in which
biometric data normally secure in an Android phone's TrustedZone can
be pilfered.
Long suspected. Call them mercenaries,
contractors, friends of the government – whatever. What happens if
these guys cross the line in service to the Russian government?
Cyber
crimes against NATA and its members
by Sabrina
I. Pacifici on Aug 9, 2015
Via Atlantic Council – New
Twists in Russia’s Cyber Campaign Against NATO and Its Members
By Sam Jones, Financial Times: “Russia’s aggressive
actions in cyber space are all carefully
designed to fall short of warranting any kind of serious military or
aggressive response. One of Moscow’s new favoured
tactics is to arm crime
syndicates with sophisticated hacking tools and
malware and subcontract them to undertake operations against
adversaries or to mount
so-called “false flag” attacks [Can
the hack in Chinese? Bob] to muddy the water around
attribution, says a senior US military cyber command officer.”
More jobs for my Computer Security students?
Hackers swarmed a Tesla
sedan in a 'hacking village' at the infamous Def Con conference on
Saturday as the high-tech electric car maker recruited talent to
protect against cyber-attacks.
It was the second year in a row the
California-based company was at the world's largest gathering of
hackers in Las Vegas, and came on the heels of a massive recall of
Fiat Chrysler
Automobiles vehicles to patch a flaw that could let them be
remotely commandeered.
… Tesla recruiters were on hand, along with
members of the California-based company's security team.
Tesla cars are highly computerized. New features
as well as software updates are pushed out to vehicles over wireless
Internet connections.
"They are not messing with our software,"
Brooklyn said with only a hint of hesitation.
She knew of no cyber-attacks
aimed at Tesla cars, at Def
Con or anywhere else.
… They referred to Tesla sedans as data
centers on wheels, and urged great care when trying to hack vehicles
that could be racing along at 100 mph (160 km) or so.
"As cars become more connected, we need to
think about them a lot more like smartphones where you are constantly
testing and improving products to make they as secure as you can,"
Brooklyn said.
Are you keeping an eye on the old home town?
Following your favorite university sports? Stalking an old
girlfriend? Override your phone's location...
Blockfeed
App Surfaces Hyper Local News
… And that’s where Blockfeed
comes in. This New York city-based startup is aggregating local news
sources, from small blogs to established newspapers, geolocating
relevant news stories to a hyper local location — such as a
particular street or block — and then serving those stories to
readers based on where they happen to be at the time they open the
mobile app. Thanks to smartphone location-positioning tech, knowing
a reader’s location is trivial.
… Currently the app is live in New York City
only, after soft launching on iOS
at the start of last month. Thus far it’s gained around 900 active
users without any marketing. It’s launching on Android
today, and stepping up the noise.
Another Copyright article for my IT Governance
students.
Earlier this year, Facebook’s increased focus on
video — which began with it introducing
autoplay video in 2013 — began to show real results. In April,
the company reported that it received more
than 4 billion video views every day. If you make videos or want
to sell advertising against them, this is great news: a giant
platform with unparalleled reach is finally paying attention to you.
But then popular YouTuber Hank Green leveled
a number of allegations at Facebook’s video team, including a
charge of rampant copyright infringement from Facebook users who are
uploading videos from YouTube and other platforms without creators’
consent. Facebook has responded that it has measures in place to
address copyright infringement, including allowing users to report
stolen content and suspending accounts guilty of repeated violations.
But that has done little to satisfy content
creators, whose support Facebook needs as it works to challenge
YouTube’s dominance. Green and other video makers are increasingly
disgruntled, and Facebook’s weak denials could lead to expensive
lawsuits. Meanwhile, the failure to protect against copyright
infringement could ward off the advertisers whose ads will eventually
come to Facebook video. If Facebook doesn’t act quickly, it risks
alienating the two groups it needs most to establish itself as a
next-generation video platform.
For my students who write – that's all of them.
Hemingway
Editor Updated in Time for the New School Year
Last year I featured
the Hemingway App Editor as a good tool to help students analyze
their own writing. Hemingway
is a free tool designed to help you analyze your writing. Hemingway
offers a bunch of information about the passage you've written or
copied and pasted into the site. Hemingway highlights the parts of
your writing that use passive voice, adverbs, and overly complex
sentences. All of those factors are accounted for in generating a
general readability score for your passage.
This summer the Hemingway
Editor was updated
to offer a few more features. The Hemingway Editor now provides
tools for formatting the text that you write in the web version of
Hemingway. You can now create bullet lists, change font size and
style, write numbered lists, and indent paragraphs.
… StoryToolz
offers a tool similar to Hemingway that you may also want to check
out.
For all my students.
IT Salary
Survey 2015
by Sabrina
I. Pacifici on Aug 9, 2015
ComputerWorld
29th Annual Report It Salary Survey: “After years of tight
budgets, employers are boosting pay to attract and retain hot IT
talent. Our survey of more than 4,800 tech workers reveals who’s
getting the cash — and how you can too.. Topics include: Cash Is
Back!; IT Pay All the Numbers; Job Seekers Call the Shots; Security
Talent Is Red-Hot.”
Amusement for my programing students.
How I wrote
a Twitter bot to automatically enter contests
...and ended up winning on average 4 contests per
day, every day, for about 9 months straight.
No comments:
Post a Comment