How An Entire Nation Became Russia's Test Lab for Cyberwar
… The Cyber-Cassandras said
this would happen. For decades they
warned that hackers would soon make the leap beyond purely digital mayhem and
start to cause real, physical damage to the world. In 2009, when the NSA’s Stuxnet malware
silently accelerated a few hundred Iranian nuclear centrifuges until they
destroyed themselves, it seemed to offer a preview of this new era. “This has a whiff of August 1945,” Michael
Hayden, former director of the NSA and the CIA, said in a speech. “Somebody
just used a new weapon, and this weapon will not be put back in the box.”
Now, in Ukraine, the quintessential cyberwar scenario has
come to life. Twice. On separate occasions, invisible saboteurs
have turned off the electricity to hundreds of thousands of people. Each blackout lasted a matter of hours, only
as long as it took for scrambling engineers to manually switch the power on
again. But as proofs of concept, the
attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of
hackers stopping the gears of modern society has become a reality.
Another attack against a state, but probably not state
sponsored?
Spear Phishing Campaign Targets Palestinian Law Enforcement
Palestinian law enforcement
agencies and other targets within Palestine were targeted in a spear phishing
campaign delivering malware to remotely control infected systems, Talos
researchers reveal.
The actor behind this campaign “has appeared to have used
genuine documents stolen from Palestinian sources as well as a controversial
music video as part of the attack,” Talos says. The attacker also referenced TV show
characters and included German language words within the attack, researchers
discovered.
Information on these attacks initially emerged in March
from Chinese security firm Qihoo 360, and in early April, when researchers at
Palo Alto Networks and ClearSky revealed four malware families being used in targeted campaigns in the
Middle East: Windows-based Kasperagent and Micropsia, and Android-focused SecureUpdate and
Vamp.
Last week, ThreatConnect shared some additional information on
Kasperagent, sayung the threat was mainly used as a reconnaissance
tool and downloader, but that newer samples can also steal passwords from browsers,
take screenshots, log keystrokes, execute arbitrary commands, and exfiltrate
files.
A security heads-up!
Microsoft admits to disabling third-party antivirus code if
Win 10 doesn't like it
Windows 10 does disable some third-party security
software, Microsoft has admitted, but because of compatibility – not
competitive – issues.
Redmond is currently being sued by security house
Kaspersky Lab in the EU, Germany and Russia over alleged anti-competitive behavior because it
bundles the Windows Defender security suite into its latest operating system. Kaspersky (and others) claim Microsoft is up
to its Internet Explorer shenanigans again, but that’s not so, said the
operating system giant.
Be careful with your facts.
Deep Root Analytics Downplays Giant Voter Data 'Oops'
A data contractor working on behalf of the Republican
National Committee earlier this month allowed the personal data of 198 million
voters to be exposed online, marking the largest ever leak of voter data in
history, according to the cybersecurity firm that discovered the incident.
Deep
Root Analytics left 1.1 terabytes of sensitive information -- including
names, home addresses, dates of birth, phone numbers and voter registration
information -- on a publicly accessible Amazon Web Server, according to UpGuard.
… The previous
record for a voter data leak was the exposure of 100 million records in Mexico,
UpGuard reported.
Deep Root acknowledged that "a number of files"
within its storage system had been accessed but claimed that the exposed
database had not been built for any specific client. Rather, it was the firm's "proprietary
analysis" meant for television advertising purposes.
The information accessed consisted of voter data that
already was publicly available and readily provided by state government
offices, Deep Root maintained.
… Based on
information made available about the leak, it appears that Amazon Web Services
is not responsible for the incident, said Mark Nunnikhoven, vice president for
cloud research at Trend Micro.
"From the little technical detail that is available,
it appears as if the company managing the data left it exposed to the
public," he told the E-Commerce Times. "This is not
the default setting for the service they used. Making data publicly available is a feature of
this service, but one that requires explicit configuration."
Good news. Bad news.
Time to Detect Compromise Improves, While Detection to
Containment Worsens: Report
Throughout 2016, Trustwave investigated hundreds of data
breaches in 21 different countries, and conducted thousands of penetration
tests across databases, networks and applications. An analysis of key findings from this activity
is presented in the 2017 Trustwave Global Security Report published Tuesday (PDF).
The result is a mixed bag. Overall, security defenses have slightly improved,
but attacks continue to evolve. Detection
is improving. Trustwave says the median time to detect a compromise has decreased
from 80.5 days in 2015 to 49 days in 2016. The difference between self-detected and
third-party detections is, however, dramatic: just 16 days for self-detected and 65 days for externally
detected.
Golly gee willikers!
Could this be happening here too?
Jordan Pearson reports:
For over a year, Canadian
military, intelligence, police, and border agencies have been meeting to
develop and coordinate their biometric capabilities, which use biological
markers like facial recognition and iris scanning to identify individuals.
This initiative—details of which
were revealed to Motherboard in documents obtained through an access to
information request—shows that the Canadian government is reigniting its focus
on biometrics after a similar attempt a decade ago fizzled out. According to these documents, which include
emails, meeting agendas, and briefing reports, the meetings are an effort to
coordinate the critical mass of biometrics programs that exist across many
government agencies, particularly those relating to national security.
Read more on Motherboard.
For all me smartphone-packing students.
This could get nasty.
Walmart Gears Up Anti-Amazon Stance in Wake of Whole Foods
Deal
Days after arch-rival Amazon announced plans
to buy Whole Foods for $13.7 billion, Walmart
is apparently ramping up its defense.
That acquisition takes square aim at
Walmart's bread-and-butter grocery business by giving the online retailer 465
new retail locations—thus a much bigger brick-and-mortar presence.
Now, Walmart is
telling some partners and suppliers that their software services should not run
on Amazon Web Services cloud infrastructure,
according to the
Wall Street Journal.
… A Walmart
spokesman told the Journal that some suppliers do use
AWS services, but that in some cases, the retailer is wary of putting sensitive
data on a competitor's servers.
Open is good.
Librarian highlights open access document discovery services
by Sabrina
I. Pacifici on Jun 20, 2017
Getting serious about open access discovery — Is open access
getting too big to ignore? – “…Still for whatever reason, suddenly services
built around helping users find free full text began to emerge all at the same
time..”
[From the
article:
With all the intense interest Unpaywall
is getting (See coverage in academic sites like Nature,
Science,
Chronicle
of Higher education, as well as more mainstream tech sites like Techcruch,
Gimzo),
you might be surprised to know that Unpaywall isn’t in fact the first
tool that promises to help users unlock paywalls by finding free
versions.
Predecessors like Open Access button (3K users), Lazy Scholar button (7k Users), Google
Scholar button (1.2 million users) all existed before Unpaywall
(70k users) and are arguably every bit as capable as Unpaywall
and yet remained a niche service for years.
I think some of my students are a bit over-prepared.
Want to Work for Jaguar Land Rover? Start Playing Phone Games
The carmaker announced
on Monday that it would be recruiting 5,000 people this year, including
1,000 electronics and software engineers. The catch? It wants potential employees to download an
app with a series of puzzles that it says will test for the engineering skills
it hopes to bring in.
While traditional
applicants will still be considered, people who successfully complete the app’s
puzzles will “fast-track their way into employment,” said Jaguar Land Rover,
which is owned by Tata Motors of India.
(Related). Have I
detected a trend?
Good at Texting? It Might Land You a Job
Your next job interview might happen via text message. Srsly.
Claiming that prospective hires are too slow to pick up
the phone or respond to emails, employers are trying out apps that allow them
to screen candidates and conduct early-stage interviews with texts.
Not sure I want to share this with my students.
Microsoft’s Dictate uses Cortana’s speech recognition to
enable dictation in Office
Dictate, a
new project from Microsoft’s experimental R&D group, Microsoft Garage, is
launching today to offer a way to type using your voice in Office programs
including Outlook, Word and PowerPoint. Available as an add-in for Microsoft’s
software, Dictate is powered by the same speech recognition technology that
Cortana uses in order to convert your speech to text.
This is also same speech recognition and A.I. used
in Microsoft Cognitive Services, including Microsoft Translator, the
company says in an announcement about the new add-in.
… An introductory
video posted this morning to YouTube offers a preview of how the software works in Word,
PowerPoint, and Outlook.
… It also at
launch supports more than 20 languages for dictation, and can translate in
real-time into 60 languages. This is
perhaps its most clever trick, as that means you can speak in your language, while Dictate types it out in another.
(Related). However,
it is clear this is coming.
When AI Can Transcribe Everything
Two companies—Trint,
a start-up in London, and SwiftScribe, a
subsidiary of Baidu based out of its U.S. headquarters in Silicon Valley—have
begun to offer browser-based tools that can convert recordings of up to an hour
into text with a word-error rate of 5 percent or less.
Interesting.
Nextdoor, now in 160,000 neighborhoods globally, expands to
Germany
Nextdoor,
the social network that connects you with people in your neighborhood, is
taking another step up in its global growth, after launching in the Netherlands
and the UK last year. Today, the company
is opening for business in Germany,
the largest internet market in Europe.
The move comes as Nextdoor says it is now used in 160,000
neighborhoods across the US, UK and Netherlands, with about 145,000 of those in
its home market of the US, and the company continues to grow at a steady pace.
“We are
growing 100 percent year over year have done that since inception,”
said co-founder and CEO Nirav Tolia in an interview. This works out to adding around 100 new
neighborhoods every day.
For the toolkit!
this simple one-page site holds 19 PDF tools and
converters that can save you a lot of work. Think of it as a Swiss Army knife for your PDF
workflow.
- Convert PDF to any document format.
- Convert from Word, Excel, PowerPoint, or from popular image formats to PDF.
- A collection of free PDF utility tools to edit a PDF document.
The interface is neat and there are no annoying
advertisements. You don’t need to register and sign-in to use the site.
Another toolkit item.
No comments:
Post a Comment