Problems? See this thread at archive.org.
Amazon mourns 'terrible tragedy' as police video shows trail of wreckage after cargo-plane crash
https://www.businessinsider.com/amazon-prime-air-crash-amazon-mourns-terrible-tragedy-2019-2
![[IMG]](images/storyImages/5c73b42d1631a35232316654-750-563.jpg)
-
Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints
Direct-to-memory attacks now account for 57 per cent of hacks, apparently
https://www.theregister.co.uk/2019/02/26/malware_ibm_powershell/
-
A hacker intercepted your Wi-Fi traffic and stole your contacts, passwords, and financial data. Here’s how.
https://hackernoon.com/a-hacker-int...sswords-financial-data-heres-how-4fc0df9ff152
![[IMG]](images/storyImages/1_YeOjk5wvk_MKwhQZYlyaTw.jpeg)
Introduction
As the holiday season was in full swing, a hacker sporting a hoodie, sitting in a car with antennae on the dashboard and a computer on his lap, sat in a parking lot outside a popular cafe chain. Passersby, busied and high on holiday cheer, buzzed in and out and sometimes even stayed for a while.Vasudev, jclausius, 6730b and 1 other person like this. -
New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild
https://amp.thehackernews.com/thn/2019/03/update-google-chrome-hack.html
![[IMG]](images/storyImages/chrome.png)
You must update your Google Chrome immediately to the latest version of the web browsing application.
Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.
The vulnerability, assigned as CVE-2019-5786, affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux. -
Everyone take care: LinkedIn Phishing messages are so many these days:
The link will try to give you look and feel that you are using OneDrive, but look at the link in the address bar you will notice it's another website. My Antivirus Blocked it as below.
Last edited: Mar 9, 2019Vasudev likes this. -
Windows 10 Now Automatically Uninstalls Updates That Cause Problems
https://thehackernews.com/2019/03/windows-buggy-updates.html
![[IMG]](images/storyImages/microsoft-windows-software-updates.png)
Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays?
Don't worry.
Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects a startup failure, which could be due to incompatibility or issues in new software.hmscott likes this. -
Cool, now MS can introduce MS patented "mistakes" coming or going.
Maybe we can get a nice patch install / uninstall flipping repeating cycle going?
6 Minutes ago:
MS Update: Patch time!
MS De-Update: Nope, not that one!
MS Update: Patch time!
MS De-Update: Nope, not that one!
MS Update: Patch time!
MS De-Update: Nope, not that one!
MS Update: Patch time!
MS De-Update: Remove patches from last 4 minutes...
1 minute later:
MS Update: Patch time!
PC Owner: Game time?
MS De-Update: Nope, Patch Time!
Last edited: Mar 13, 2019Dr. AMK likes this. -
Mass shootings at mosques in Christchurch, New Zealand
At least 49 people were killed and 20 seriously injured, after mass shootings at two mosques in the New Zealand city of Christchurch.
https://edition.cnn.com/asia/live-news/new-zealand-christchurch-shooting-intl/index.html
https://www.theguardian.com/world/l...d-as-police-respond-to-critical-incident-live
Last edited: Mar 15, 2019 -
Android ad fraud scheme drained users' batteries and data
It mostly affected apps that use Twitter's MoPub ad platform.
https://www.engadget.com/2019/03/22/android-ad-fraud-scheme-drained-batteries/
BuzzFeed News has confirmed a massive ad fraud scheme, which was originally uncovered by at least two fraud detection firms, that drained users' batteries and data. The scheme begins by hijacking the in-app advertisements of developers using Twitter's MoPub ad platform. It then silently runs autoplaying video ads behind legit banner advertisements, with the users being none the wiser. And since the video ads are still marked as completed even though none of the viewers got to see them, the scheme also rips off hapless advertisers.
Protected Media, one of the anti-fraud firms that discovered the scheme, absolved Twitter of any wrongdoing -- the social network itself was merely exploited by the fraud's masterminds. Upon investigating the fraudulent ads, the firm named Israeli company Aniview and its subsidiary OutStream Media as part of the scheme. Outstream created the banners and codes the investigators found in the dodgy ads.
That discovery corroborates a previous investigation by DoubleVerify, another fraud detection firm, which spotted the same MO late last year. DoubleVerify learned that the illegal video ads used Aniview's player, and it also found 60 million ad calls made for fraudulent video ads every month.
Aniview (Israeli company), however, denied any involvement. Company chief Alon Carmel told BuzzFeed News that the perpetrator is an unknown bad actor who created an account on the platform and used the banner ad images designed by Outstream Media. "To be crystal clear, another customer on Aniview's [self-serve] platform used this [video ad] player and is responsible for this activity and we took actions immediately to stop this activity. We are fighting against bad activities, pushing and focus on clean and legit activities and should not be blamed or framed for bad use of our platform," he said.
Even if Aniview isn't really involved and has truly squashed all the bad activities originating from its platform, Android users will likely still come across more fraudulent video ads in the future. According to Protected Media, several ad tech companies like Aniview engaged in and even started similar illegal ad schemes in the past.
hmscott likes this. -
-
NASA isn't happy about India's anti-satellite missile test
But this is far from the first time a country has destroyed a satellite with a missile and caused a ruckus.
https://www.popsci.com/india-anti-satellite-missile-test-space-debris
-
The problem is that we have living humans in orbit in the ISS that is a huge target for debris hurtling in space that can damage or destroy the ISS living environment, and blowing satellites up in orbit will make things much worse, NASA says 44% worse:
" At the Q&A session, Bridenstine explained that NASA and the military had assessed the debris field last week, and determined the risk of small debris impacting the ISS was increased by 44 percent, over a period of 10 days. (This came in spite of previous comments from Lieutenant General David Thompson, vice commander of U.S. Air Force Space Command the week before, who said,according to Reuters, that the ISS at that point was not at risk.) Bridenstine said NASA had identified about 400 pieces of orbital debris created by the event (and in all likelihood, there were probably 10 times as many fragments produced). Only about 60 pieces were large enough (at least 10 centimeters in diameter) to be actively tracked."
The more intelligent, thoughtful, meaningful non-destructive test would be the "near miss".
Like above ground nuclear testing, I thought there were international rules to stop destructive in orbit testing...
Hmm, it sounds like India might get a bill in the mail...
India's Anti-Satellite Missile Test Is a Big Deal. Here's Why.
By Doris Elin Salazar 11 days ago
https://www.space.com/india-anti-satellite-test-significance.html
"NASA Administrator Jim Bridenstine touched on testing that creates space debris in a U.S. House of Representatives hearing on NASA's proposed budget on March 27.
" Debris ends up being there for a long time. If we wreck space, we're not getting it back," Bridenstine said. "And it's also important to note that creating debris fields intentionally is wrong ... because some people like to test anti-satellite capabilities intentionally and create orbital debris fields that we today are still dealing with. And those same countries come to us for space situational awareness because of the debris field that they themselves created.
"And that's being provided by the American taxpayer, not just to them, but to the entire world for free," he added. "The entire world [has to] step up and say, 'If you're going to do this, you're going to pay a consequence.' And right now, the consequence is not being paid."Last edited: Apr 9, 2019 -
Great country, land of peace and diversity New Zealand.
The New Zealand Air Force draws the name of the Allah in solidarity with Muslim victims ... A free lesson in the military ethics of all countries of the world.
New Zealand shooting: PM Jacinda Ardern lays wreath at mosque, embraces mourners of Christchurch
Last edited: Apr 9, 2019Vasudev likes this. -
Microsoft publishes SECCON framework for securing Windows 10
https://www.zdnet.com/google-amp/ar...shes-seccon-framework-for-securing-windows-10
Microsoft publishes simple guide for securing Windows 10 PCs based on five DEFCON-like security access levels.
Microsoft published today a generic "security configuration framework" that contains guidance for systems administrators about the basic security settings they should be applying in order to secure Windows 10 devices.
"We sat down and asked ourselves this question: if we didn't know anything at all about your environment, what security policies and security controls would we suggest you implement first?," said Chris Jackson, Principal Program Manager at Microsoft.
The end result was what Microsoft has named the SECCON framework, which organizes Windows 10 devices into one of five distinct security configurations.
"Mimicking the DEFCON levels used to determine alert state by the United States Armed Forces, lower numbers indicate a higher degree of security hardening," Jackson said.
The five possible Windows 10 SECCON security configuration levels are:
![[IMG]](images/storyImages/security-configuration-framework.png)
-
Hackers publish personal data on thousands of US police officers and federal agents
https://techcrunch.com/2019/04/12/police-data-hack/
A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned. -
![[IMG]](images/storyImages/outlook-logo.jpg)
Hackers had access to Outlook.com accounts - Microsoft informs them by mail
good Morning
Anyone who uses Outlook.com and receives a mail from Microsoft should not immediately declare it as spam. Because Microsoft is currently writing to an unknown number of Outlook.com users whose data was viewed by hackers.
Yoo trust Micro$oft? The spy company nr.1. Nope. -
Unpatched Internet Explorer Zero-Day Exploit Lets Hackers Steal Files hothardware.com | April 14, 2019
Microsoft is hoping for a big browser comeback with the Chromium-based version of the Microsoft Edge browser, there’s another browser in the company’s repertoire that many people have already forgotten about. Of course, we’re talking about the “undead” Internet Explorer.
Microsoft has responded to Page's research by stating, "We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case."
That seems like a half-baked response to us, and it seems as though this exploit should have Microsoft's full attention rather than simply being "considered." Nice
-
-
How Apple’s iCloud authentication system fails to protect your account when using a browser
Apple’s 2FA iCloud system is generally very diligent about securing your account, especially when you have two devices, but it has one key flaw.
-------------------------------------------
ASUS Updates Security Certificates of Motherboards, Graphics Cards, Mini PCs, Workstations![[IMG]](images/storyImages/kstar.gif)
Guru3d.com | Apr 15, 2019
ASUS is releasing this advisory to provide information related to the new implementation of a tiered certificate structure that upgrades the security infrastructure of our expanding software ecosystem...
The upgrade requires the current code-signing certificate of several ASUS products to be revoked. This revocation can cause some existing software utilities to trigger a Windows Security dialog box, and may prevent legitimate ASUS programs, such as Aura, AI Suite III, GPU Tweak II and others, from running normally when users attempt to execute the associated 'Setup.exe' or 'AsusSetup.exe' file.Last edited: Apr 15, 2019 -
Another sad day,
Paris prosecutor opens an investigation into the Notre Dame fire
https://edition.cnn.com/world/live-news/notre-dame-fire/index.html
From CNN’s Saskya Vandoorne
![[IMG]](images/storyImages/932620ae-519e-4ecc-b1f2-304d297fbf02.jpeg)
LUDOVIC MARIN/AFP/Getty Images
The Paris prosecutor’s office has opened an investigation into the devastating fire at Notre Dame Cathedral, a spokesperson told CNN on Monday.
Prosecutors will be investigating an "involuntary destruction by fire,” the spokesperson said.
Notre Dame cathedral spire collapses
Notre-Dame fire: Treasures that make it so special
https://www.bbc.com/news/world-europe-47937775
![[IMG]](images/storyImages/p076l244.jpg)
Media captionThere were gasps from the crowd at the moment Notre-Dame’s spire fell
A catastrophic fire has engulfed the Notre-Dame cathedral in Paris, destroying its roof, toppling the spire and threatening the remaining structure of the building.
The deputy mayor of Paris, Emmanuel Gregoire, said the cathedral had suffered "colossal damages", and the emergency services were trying to salvage the art and other priceless pieces stored in the cathedral.
The wooden interior has been destroyed.
But which other features in the 850-year-old Gothic structure make it stand out in a city of iconic buildings?Last edited: Apr 15, 2019Spartan@HIDevolution and Papusan like this. -
Microsoft's work with Chinese military university raises eyebrows
APRIL 12, 2019
https://phys.org/news/2019-04-microsoft-chinese-military-university-eyebrows.html
"Xinjiang is home to most of China's Uighur ethnic minority and has been under heavy police surveillance in recent years after violent inter-ethnic tensions
Microsoft has been collaborating with researchers linked to a Chinese military-backed university on artificial intelligence, elevating concerns that US firms are contributing to China's high-tech surveillance and censorship apparatus.
Over the past year, researchers at Microsoft Research Asia in Beijing have co-authored at least three papers with scholars affiliated with China's National University of Defence Technology (NUDT), which is overseen by the Central Military Commission.
The research covers a number of AI topics, such as face analysis and machine reading, which enables computers to parse and understand online text.
While it is not unusual for US and Chinese scholars to conduct joint research, Microsoft's work with the military-backed NUDT comes amid increasing scrutiny around China-US academic partnerships, as well as China's high-tech surveillance drive in the northwest region of Xinjiang.
"The new methods and technologies described in their joint papers could very well be contributing to China's crackdown on minorities in Xinjiang, for which they are using facial recognition technology," said Helena Legarda, a research associate at the Mercator Institute for China Studies, who focuses on China's foreign and security policies.
"Many of these advanced technologies are dual-use, so they could also contribute to the PLA's (People's Liberation Army's) modernisation and informatisation drive, helping the Chinese military move closer to the 2049 goal of being a world-class military," she added.
In an email, a Microsoft spokesman told AFP that the company's researchers "conduct fundamental research with leading scholars and experts from around the world to advance our understanding of technology."
In each case, the research "fully complies with US and local laws" and is published to "ensure transparency so everyone can benefit from our work," he said Thursday.
'Raw material'
The growing concerns around human rights violations in Xinjiang have also added pressure to US firms with business in the region, where some one million Uighurs and other mostly Muslim Turkic language-speaking minorities are held in re-education camps, according to a UN panel of experts.
In February, US biotechnology manufacturer Thermo Fisher announced it would stop selling equipment used to create a DNA database of the Uighur minority to China.
That same month, a security researcher exposed a massive database compiled by Chinese tech firm SenseNets, which stored the personal information and tracked the locations of 2.6 million people in Xinjiang.
At the time of the data leak, Microsoft was listed as one of SenseNets' partners. The company declined to comment.
But experts have also stressed that, in the case of NUDT, Microsoft's co-published work is open and publicly accessible.
"The authors are basically sharing with the rest of the world how to replicate their approaches, models, and results," said Andy Chun, an adjunct computer science professor at City University of Hong Kong.
That allows others to potentially "build upon, enhance and expand this research," he said.
Microsoft Research Asia also tends to focus on long-term research or projects that are not immediately transferable to applications, such as those that could be used to monitor or suppress a population of people, pointed out Yu Zhou, a professor at Vassar College, who studies globalisation and China's high-tech industry.
And while such concerns are certainly valid, it may be difficult for AI researchers to avoid China, she told AFP.
"It's a field where Chinese researchers have made quite a lot of advancements, and they are generating data which is the raw material for this industry -— so how are you going to avoid that?""
Is Microsoft AI Helping To Deliver China's 'Shameful' Xinjiang Surveillance State?
Zak Doffman, Mar 15, 2019, 07:07am
https://www.forbes.com/sites/zakdof...lance-state-but-its-complicated/#72a0a34e3061
"When an ethical hacker exposed the SenseNets data breach, shining a light on the technologies including facial recognition being used to track Xinjiang Muslims in real time, there followed an online debate as to whether Microsoft 'partnered' with SenseNets, and whether they were aware of the inclusion of their technology in the dystopian surveillance program that has drawn international condemnation for the subjugation of the Muslim Uighur population of Xinjiang Province.
The breach by the Shenzhen-based facial recognition company exposed a database of more than 2.5 million records: names and addresses; ID card numbers; dates of birth; passport photographs; employer details; and, most alarmingly, 6.5 million records relating to the GPS locations passed by those individuals in the prior 24 hours.
Information shared online appears to show the use of Microsoft technology (GitHub and Azure) within the SenseNets program, although Microsoft denies any partnership or commercial relationship with either SenseNets or its parent company. If the information that has been shared publicly is correct, and Azure Cognitive Services are being used, then either this has been procured through a different source or even personally by one or more of the developers themselves. If the technology was there, then it is quite likely to have been (or still be) a fundamental part of the program.
Microsoft has its own complicated relationship with facial recognition. At the World Economic Forum in Davos this year, CEO Satya Nadella said that “one of the things that I feel today is, in the marketplace, there’s competition; there’s no discrimination between the right use and the wrong use of facial recognition.”
And nowhere is that lack of discrimination between right and wrong more of an issue than in Xinjiang.
Victor Gevers, the hacker responsible for publishing the breach and sharing the Microsoft related information, tweeted at the time of the SenseNets breach that, "the company 微软 also known as Microsoft has been a precious partner who has turned more than once a blind eye to the (technical) / (mal)practices of the engineers of SenseNets. From pirated versions of Windows servers to offering Azure Cognitive services for Face (recognition)."..." See site for more...
Microsoft worked with Chinese military university on AI
One paper detailed new AI method which would have applications for surveillance
Wed, Apr 10, 2019, 08:28
Madhumita Murgia in London, Yuan Yang in Beijing
https://www.irishtimes.com/business...h-chinese-military-university-on-ai-1.3855553
How Microsoft Helped Build China’s Nightmare Surveillance | China Uncensored
China Uncensored
Published on Apr 15, 2019
Did you know Microsoft, Google, and many other Western tech companies have partnered with Chinese military universities for research into cutting edge technology, including artificial intelligence, computer deep learning and facial recognition cameras and software. The fruits of this research are currently being used to persecute the ethnic Uighur Muslims of Xinjiang. Even MIT is in on the action.
Last edited: Apr 16, 20196.|THE|1|BOSS|.9 and Papusan like this. -
Google Helps Police Identify Devices Close to Crime Scenes Using Location Data
https://thehackernews.com/2019/04/google-location-tracking.html
![[IMG]](images/storyImages/google-sensorvault-location-tracking-history.jpg)
It's no secret that Google tracks you everywhere, even when you keep Google's Location History feature disabled.
As revealed by an Associated Press investigation in 2018, other Google apps like Maps or daily weather update service on Android allows the tech giant to continuously collect your precise latitude and longitude.Papusan likes this.
All about Security, News, Events and Incidents
Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.
![[IMG]](https://1.bp.blogspot.com/-m1SpQgbOlpA/XIdwhTf9jvI/AAAAAAAAzfI/ZsGaUH5S5uA8XEOH962m3e0m7BvRT99XQCLcBGAs/s728-e100/microsoft-windows-software-updates.png)
![[IMG]](https://1.bp.blogspot.com/-KwF8FWMEF_Q/XLRsfsKvrHI/AAAAAAAAzxI/2ixrwLiLZEk5NVyeOWcM0zuKl0v5dY6QQCLcBGAs/s728-e100/google-sensorvault-location-tracking-history.jpg){kind=tracking}