Monthly Archives: January 2017

It’s no secret that Microsoft wants customers to update to Windows 10, the latest version of the company’s operating system. With extended support for the older Windows 7 OS set to expire in 2020, Redmond has been pushing companies to start migrating to the latest OS for a while now.

But Microsoft gave some added urgency to the situation in a blog post from its German subsidiary, saying that even with the security upgrades offered by extended support, Windows 7 can no longer be considered adequately protected against the current environment of malware and other hacking tools.

Doesn’t Meet the Requirements of Modern Tech

“Today, Windows 7 can no longer keep up with the increased security requirements,” Milad Aslaner, senior product marketing manager for Windows Commercial and Cyber Security, said in the blog on the German site. Aslaner said that enterprises that have been holding off upgrading to the new operating system will incur higher operating costs in the form of higher maintenance fees, time lost due to malware attacks and increased need for technical support.

In addition, Aslaner said that many hardware manufacturers are no longer producing drivers for the seven-year-old system, making it impossible for the OS to recognize some newer peripherals. “Today, it does not meet the requirements of modern technology, nor the high security requirements of IT departments,” according to Markus Nitschke, head of Windows at Microsoft Deutschland.

New Security Features

Basic support for Windows 7 was discontinued in January 2015. Since that time, users have been able to receive security upgrades, but no new upgrades to its functionality. Furthermore, Aslaner said that the older system is based on security architecture that is now outdated.

Microsoft said that enterprise clients in particular should begin migrating sensitive data over to the new platform as quickly as possible, or face “enormous dangers” from new cyberattacks the older system was never designed to protect against.

Windows 10, meanwhile, features a whole suite of security features that make the system safer than older systems, according to Microsoft. For example, two new zero-day exploits that the company was forced to patch in November for its older operating systems were ineffective against the latest version of Windows 10.

The new OS comes with some new built-in protections, such as Windows Hello, a biometric security system that allows users to log in using fingerprint, facial or iris recognition, obviating the need to use insecure passwords that can be easily stolen from a database, according to Microsoft.

Windows 10 also comes with Windows Defender Advanced Threat Protection, a cloud-based threat analytics package that uses machine learning, behavior and pattern recognition to detect when a breach has occurred or recognize incoming attacks as they happen.

Whether companies decide to heed Microsoft’s warnings is unclear. Many companies stuck with Windows XP long after Microsoft had discontinued its primary support, and many may also be slow to migrate to Windows 10.

via:  enterprise-security-today

Simon Smith of eVestigator manages to crack a case, and reverse the irreversible! In absolutely what would have been an impossible situation, a disgruntled staff member broadcasted defamatory material to over 1,000 clients of a training Academy to all its’ past and present students stating that the male teacher is a paedophile. In desperation, the owner came to me for help.

“After tracking the attack which was sent out to the companies mailing list by ‘SurveyMonkey’, and using my techniques to get an IP address (which was not easy) I felt a sigh of relief. However, only to find he had used a VPN service with a no logging policy that literally never kept logs. Through strategic investigation I monitored the banking records of the company and the staff member had used the company credit card to subscribe to a VPN service”, he purchased a lifetime subscription many years back and ‘forgot’ about it (human error is one of the biggest slip ups) Mr. Smith said.

Mr. Smith went on to say, “human strategy and psychology is part of the game in Cybercrime. So I thought I would download the client and give some of the servers a test to see what IP addresses I might find. SurveyMonkey were helpful by providing me with the USER-AGENT request variable which came in handy, because when I connected to the very VPN service that the only other staff member who had access and control to whom had suddenly quit, not only did I get a match on the IP, but a match on the USER-AGENT. The computer he used was one of the  company’s property. The only one that was a MAC, and therefore led  to be able to convince a court beyond reasonable doubt on the chances of allocation of IP, date/time of connection to that server, User-Agent, the date he was sacked matching the date of the conduct and more.

So that’s Reverse-IP Tracing even if you have a VPN for you.”

“Case Closed! Busted”, said Mr. Smith.

The moral of the story is, you are not always protected if you commit a crime behind a VPN that contains no logs of your identity. There are many other things cyber investigators use to track you down.

If your just trying to protect your privacy for many other legitimate reason not to commit crimes then a VPN is still what you should be using.

via:  linkedin

A free IoT scanner from BeyondTrust looks for at-risk devices so organizations can pinpoint and address vulnerabilities.

Businesses will struggle to stay secure as the IoT permeates the workplace. An estimated 200 billion connected devices are projected to be in use by 2020, creating a broad new attack vector for cybercriminals.

“Properly discovering [risks], classifying them, and putting them under a vulnerability management practice is the only way to mitigate their risks,” explains Morey Haber, VP of technology at BeyondTrust.

The Retina IoT (RIoT) Scanner, which the company released this week, is a free vulnerability assessment tool that displays IoT risk from an attacker’s point of view. Businesses can use it to scan their perimeters and identify at-risk devices other tools may not detect.

Most IoT products lack embedded security measures. This group of devices has already become the target of malware, specifically Mirai, which demonstrated how organizations could be unaware of their devices being used for attack without searching DNS logs or other traffic.

The scanner helps businesses find devices that may be compromised before this happens, Haber explains.

Security pros can use vulnerability reports to learn the make and model of present IoT devices, the subnets they’re on, which vulnerabilities are present, and whether they are contributing to Shadow IT projects; for example, a group of cameras or rogue devices being deployed by a specific user.

However, before you download, it’s worth noting there are a few things RIoT doesn’t do.

“While it does have prescriptive guidance for vulnerability remediation, it does not have automatic patch management like the rest of Retina for Windows devices,” explains Haber.

He notes the FTC has offered a $100,000 award to a company that can discover an innovative way of managing and patching IoT devices, a problem that can be severe considering the diverse match of vendors and devices operating differently.

via:  darkreading

Fresh on the heels of introducing new TV models at CES, and touting its 13 percent share of the smart TV market, Roku today is rolling out a revamped mobile application aimed at making it easier to access its most popular features, including search and the remote control, while also introducing a new way to find things to watch.

The company has long offered a handy companion app that works with its streaming media player devices and smart TVs – devices that are used by 13 million people on a monthly basis. The earlier version of the app offered a simple interface with vertically aligned buttons for remote, search, “My Feed” (a personalized section of things you want to watch), the Channel Store, and “Play on Roku” (a casting option).

Today, Roku says it’s moving the navigation to the bottom of the app. That’s a more traditional design than the big buttons it used before. However, the buttons themselves have changed. Now, from left to right, you can access Channels, a new section called “What’s On,” the Remote, a “Photos+” section, and the app’s settings.

When you first launch the app, you’ll be presented with a list of the channels you have installed. You can then tap the channel you want, after which the remote will immediately appear, so you can continue to navigate to the show or movie you want to watch. The Channel Store is still available too, in a separate tab.

“What’s On” is a new section, and it essentially replaces the prior “My Feed” button.

My Feed was Roku’s first attempt at personalizing its experience for end users, by offering a way to track your favorite shows and movies. When there were new episodes available, you’d be alerted through a notification in the feed. You could also track upcoming movies, so you’d know when they were available to stream.

The goal was to make it easier to keep up with content across services in the fragmented streaming landscape by centralizing these updates.

With “What’s On,” Roku instead turns its attention to more generalized suggestions with a curated list of the best entertainment available to rent, buy or stream for free. Here you’ll find other content grouping by theme, too – like Superhero movies or top kids’ shows, deals, and free episodes, for example. “My Feed” is still available in this section, but much further down – nearly at the bottom.

While “My Feed” was useful if you took the work to customize it and keep it updated with the shows you were currently watching, in today’s binge-watch era where we power through entire shows, seasons and movies, the feed’s content would quickly become dated. You’d have to constantly tweak the feed to keep it tuned into what shows you’re watching now.

“What’s On,” then, makes sense, as it focuses on more generally interesting things to watch, and could serve as a starting point to see what’s new in streaming.

Meanwhile, Roku has also updated the mobile remote to better resemble its real-world counterpart in terms of the button layout. It’s now easier to use with one hand, with buttons and the directional pad being moved closer together. There’s a new channels icon at the top, too, which lets you quickly jump from one channel to another without switching screens.

Finally, Photos+ lets you quickly share music, photos, or videos from your library to Roku, or create your own customized Roku screensaver with your own content.

The updated app (Roku ver. 4.0) is arriving today on both the iOS App Store and Google Play.

via:  techcrunch

For millions of Americans, the smartphone has become one of the most important tools in their lives. Your phone tracks your movements, absorbs emails and text messages and notifies you of every birthday and appointment. Every second, information floods your smartphone. Unless you switch them off, your apps are working round the clock, obeying your every setting and preference.

All day long your phone is churning private data through its circuitry, and if criminals can break into your phone, they can steal all kinds of things, from banking details to compromising photos and video. These thieves don’t have to steal your actual phone. They may not even be located in the same country.

How do they do it? Spyware, which is kind of like a computer virus, except instead of messing up your hard drive, it enables strangers to snoop on you. Skilled hackers can install spyware on your phone without you even realizing it.

Once it’s on your phone, spyware can record everything you do, from sending text messages to shooting video of your family reunion. Hackers may break into private accounts, commandeer email and even blackmail their victims.

Keep in mind, “spyware” is a vague and multi-faceted term, and it’s not always malevolent. Some parents install a kind of spyware on their kids’ smartphones in order to keep track of their activities. Managers sometimes keep tabs on their employees by watching what they do on their company computers. I don’t endorse this behavior, and I think there are much healthier ways of watching kids and employees, but this kind of spyware isn’t intended to ruin your life.

Don’t click strange links. The easiest way to avoid contracting spyware is this: Don’t click strange links. If you receive an email from a suspicious stranger, don’t open it. If you receive an email or text from someone you do know but the message seems peculiar, contact your friend by phone or social media to see whether the message was intended.

This might sound obvious, but sometimes our curiosity gets the better of us. When a link appears, some of us struggle to avoid clicking it, just because we want to know where it leads. Other times, an authentic-looking email is actually a phishing scam in disguise. If you’re the least bit doubtful, don’t click.

Lock your phone. Some types of phones are more susceptible to spyware than others. (More about this below). But owners can dramatically reduce their chances of infection by locking their phones. A simple PIN will deter most hackers.

Also avoid lending your phone to strangers. Yes, some people honestly forget their chargers at home and urgently need to call their spouses. But a clever con artist only needs your unlocked phone for a minute to cause a lot of damage. In this case, being a Good Samaritan is risky business.

Androids and spyware. The bad news is this: Android phones are particularly vulnerable to spyware. It’s simple to install a spying app on any Android gadget, but only once you get past the lock screen.

To protect yourself, make sure you have the lock screen turned on and no one knows the PIN, password or pattern. You can make it even harder by blocking the installation of third-party apps. To do this, go to Settings; Security and uncheck the Unknown Sources option. It won’t stop a really knowledgeable snoop, but it could stump less-savvy ones.

iPhones and spyware. Apple users can get pretty smarmy about their products. If you own an iPhone, you probably already know that your phone is far safer from malware than Android gadgets. A recent “Forbes” study showed that nearly 97 percent of all known malware threats only affect Android devices.

That’s good news for Mac addicts, but it can also make owners overconfident. Last August, Apple had to release an extremely critical iOS update to patch a security threat. Before the update, an attacker could take over and fully control an iPhone remotely just by clicking the right link.

Investigators learned that this kind of attack was called Trident, and the spyware was called Pegasus. The latest iOS was partly designed to prevent these exploits from damaging your iPhone. This is just one reason you should keep your iPhone up to date.

To get the latest version of iOS, go to Settings; General; Software Update. Your device will then automatically check for the latest version of the Apple operating system.

Secondhand smartphones. Beware the secondhand smartphone. Sometimes they’re handy, because a jail-broken phone is cheap and disposable and may work with many service providers. But they may also come with spyware already installed.

Buying a secondhand phone is a common practice, especially if you’re traveling in a foreign country or you’re between contracts and just need something for the short-term. If you have any suspicions about your phone, your best tactic is to reset factory settings. It’s inconvenient, but it might save you a lot of heartache down the line.

via:  enterprise-security-today

Microsoft today unveiled the newest addition to its Office 365 suite with the debut of an application for shift workers and management, called StaffHub. The program is aimed at those who don’t tend to work from desktop computers and have different schedules from week to week, such as in retail, hospitality, restaurants and other industries.

The program was originally introduced in “preview” last fall, with the goal of collecting user feedback ahead of its public launch. Since then, more than 1,000 businesses have signed up for the service, including a large winery in California and a hospitality company that uses it to staff their hotels.

Explains Office 365 General Manager Bryan Goode, Microsoft believes that addressing the needs of shift workers with a software platform like StaffHub is an untapped market.

“There’s half a billion frontline staff workers in the world,” he says. “Most companies, though, haven’t actually provided digital tools for these folks…but companies are starting to recognize the benefits of moving some of these offline processes and taking them online.”

However, what StaffHub is really up against is the old way of doing things: paper schedules, bulletin boards, phone calls and other manual processes, Goode notes.

To address the needs of this different kind of work environment, StaffHub takes schedules and puts them online. But it’s more than just another calendaring application.

Managers, who may have access to desktop or laptop computers, may use the web version of StaffHub to create the staff schedules in the program, but employees will likely only use StaffHub from their mobile phones.

When adding shifts, managers can take advantage of a variety of features to differentiate the types of shifts, ranging from custom labels (like “day,” “opening,” “night,” etc.) to color coding, and they can also enter in notes about the work that needs to be done during the shift in question.

The program also makes it simple to update shifts from week to week, by offering a “Copy last schedule” feature that lets managers use the prior week’s shift as a starting point before making changes.

Schedules can be viewed by day, week or month, as needed, and the program has tools for handling common requests, like time off, vacations, sick leave and more.

Where StaffHub becomes more interesting is on mobile devices.

Here, there are comparisons that can be made with Slack, though Microsoft, when asked, dismissed the idea that Slack was a competitor.

However, there are many overlapping features between the two programs — staff can privately chat, one on one, with one another in the app, and the app can host multiple group chats, too.

For example, managers could use their team chat to make informal announcements or share files. The chats support photo sharing, as well, which could be useful for showing the manager something out on the floor that needs their input.

Plus, the app can be used for sharing internal resources — like an employee handbook hosted on SharePoint, a file uploaded from a computer, a video or a file stored on another cloud service like Dropbox. Files will display inline when clicked, making it easy for staff to view them on their phone.

Plus, Microsoft envisions StaffHub as an app platform of sorts, another similarity with Slack. However, Microsoft’s focus is on connecting with line-of-business apps, like a time-clock application, for example. (So it’s like Slack, but without the GIFs — something that may appeal to the target market.)

Staff can swap shifts with other workers in the mobile app and request time off — requests that get routed to a manager for approval. Push notifications are used to alert users of these requests and approvals along with other updates, private notes, chats and more.

The software is available starting now as a part of Office 365 commercial plans. (K1-E5, for those who know the lingo — or entry-level through enterprise, for those who don’t.)

StaffHub is available for web, iOS and Android in Chinese (Simplified), English, Spanish, Russian, Japanese, French, Brazilian-Portuguese, German, Korean, Italian, Chinese (Traditional), Dutch, Turkish, Swedish and Danish.

via:  techcrunch

It’s a story that’s been told thousands, if not millions of times, already.

One wrong click and bam! Files taken hostage by unbreakable encryption and there’s nothing you can do but give up — or pay the ransom.

There’s a reason that cyber criminals who run ransomware offer customer support and are raking in cash in numbers that need to measured in billions. And it’s the same reason that 193 different ransomware families were discovered between May 2012 and May 2016, with an average of 15 new families identified each month during Q3 of 2016.

The reason is simple: It works.

So we’re likely to see new iterations of the same threat adapted to spread more easily until it stops being so effective.

One of the keys to slowing this epidemic is… you. If you and the people around you are easy targets, criminals will keep cashing in on the same trick.

As Melissa explained earlier this year, there are five ways to fight back against ransomware threats — and they just happen to protect you from most online scams — so let’s review how to fight ransomware like your files depend on it, because they do:

1. Change your mind.
   
2. Fight forward — with backups.
   The fight against ransomware begins, with reliable backups of your files.
3. Keep all software up to date.
   Ransomware often exploits flaws in old software to edge in and take control of your files.
4. Beware of email, especially attachments.
   Be suspicious of links and attachments in emails. Remember, the post office and the IRS don’t send ZIP files. And a document telling you to “Enable Content” is likely a trap. So:
   
5. Run reliable security software.
   Use software with a layered approach that can block known ransomware variants and new threats — software like F-Secure SAFE, which you can try for free.

If you’re reading this and you’re already infected, F-Secure Labs has some recovery tips. But we’re very sorry; there is no recovery process for ransomware that’s as effective as prevention.

via:  f-secure

This attack requires no clicks and takes advantage of your outdated apps.

Cybersecurity experts obsessively repeat two types of advice:

1. Use stronger passwords.
2. Update your software.

Today’s security alert is all about the importance of applying software updates as soon as possible after they’re released.

At the moment, cybercriminals are using a swarm of malicious domains to launch drive-by attacks against unsuspecting users.

The campaign works by injecting malicious scripts into insecure or compromised systems. Victims can get infected simply by browsing the compromised or infected websites, without clicking on anything. What exposes them to this attack are outdated versions of the following apps: Flash Player, Silverlight, Internet Explorer or Edge.

This is the short version of how it happens:

A total of 8 vulnerabilities scattered over several product versions might cause serious trouble for many users. That’s because RIG exploit kit will detect these unpatched vulnerabilities and then download Cerber ransomware by taking advantage of them.

Antivirus detection for this malicious campaign is low, as you’ll see in the details below.

Vulnerabilities exploited in the attack

The following apps – which you may also be using – can expose your system to a costly ransomware attack.

Affected software: Adobe Air, Adobe Air Sdk, Air Sdk Compiler, Adobe Flash Player

Vulnerability:CVE-2015-8651; can Execute Code, Overflow
CVSS Score: 9.1
This vulnerability includes 11 security holes in 4 products (see CVE link for details).
Patched on December 28, 2015.

Affected software: Adobe Flash Player, 99 vulnerable versions, see CVE link below for details.
Vulnerability:CVE-2015-5122; can cause Denial of Service, Execute Code, Memory corruption
CVSS Score: 10
Patched on July 10, 2015.

Affected software: Adobe Flash Player version 21.0.0.226
Vulnerability:CVE-2016-4117; can Execute Code
CVSS Score: 10
Patched on May 12, 2016.

Affected software: Adobe Flash Player, 14 vulnerable versions, see CVE link below for details.
Vulnerability:CVE-2016-1019; can cause Denial of Service, Execute Code
CVSS Score: 10
Patched on April 5, 2016.

USEFUL TIP: If you need a quick way to check what Flash version your system is running, go to this link provided by Adobe and find out. Flash is a notorious source of vulnerabilities for its users, so reading this guide we put together may help you understand why and what you can do about it.

Affected software: Microsoft Edge
Vulnerability: CVE-2016-7200; can cause Denial of Service, Execute Code, Overflow, Memory corruption
CVSS Score: 7.6
Patched on November 8, 2016.

Affected software: Microsoft Edge
Vulnerability:CVE-2016-7201; can cause can cause Denial of Service, Execute Code, Overflow, Memory corruption
CVSS Score: 7.6
Patched on November 8, 2016.

Affected software: Internet Explorer versions 9, 10, 11
Vulnerability: CVE-2016-3298;  can obtain information
CVSS Score: 3.6
Patched on October 11, 2016.

Affected software: Silverlight version 5.0
Vulnerability: CVE-2016-0034; can cause Denial of Service, Execute Code
CVSS Score: 9.3
Patched in January 12, 2016.

To give you an example about what could happen if an attacker successfully exploits this vulnerability, here are some details shared by Microsoft last year:

In a web-browsing scenario, an attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This last bit is another good reminder to use a standard account on a daily basis, instead of using an administrator account.

The current drive-by campaign uses the following domains (sanitized for your protection):

mind.pci [.] news – Detection: 4/69 on VirusTotal

fun.rum [.] news – Detection: 5/68 on VirusTotal

open.oral [.] news – Detection: 4/69 on VirusTotal

one.pinot [.] news – Detection: 2/68 on VirusTotal

top.penile [.] news – Detection: 4/68 on VirusTotal

end.prayer [.] news – Detection: 5/68 on VirusTotal

top.rvlife [.] news – Detection: 2/68 on VirusTotal

old.prepaid [.] news – Detection: 2/68 on VirusTotal

see.pancreatic [.] news – Detection: 4/69 on VirusTotal

one.salesforce [.] news – Detection: 5/68 on VirusTotal

new.phonesystem [.] news – Detection: 2/68 on VirusTotal

All these domains are part of the so-called Pseudo-Darkleech gateway, which was also used in distributing Cerber ransomware in December 2016 and CrypMIC ransomware earlier, in September 2016.

The RIG exploit kit used in this malicious campaign is the Empire Pack version (RIG-E). This is what the Empire Pack panel looks like:

If this hasn’t persuaded you to automate your updates, maybe cyber security experts and their stories will convince you.

As you can see, cybercriminals often use vulnerabilities already patched by the software developer in their attacks, because they know that most users fail to apply updates when they’re released.

In spite of the wave of attacks, many Internet users still choose to ignore updates, but we hope that alerts such as this one will change their mind and make them more aware of the key security layer that updates represent.

via:  heimdalsecurity

If you’ve followed international news on business, tech or even politics lately, you’re likely to have seen the word “encryption” pop up all over the place. But while it’s often mentioned in the context of billion-dollar tech companies and superstar whistleblowers, it’s easy to forget that easy access to encryption greatly benefits even normal web users like you and me.

The History of Encryption

To understand encryption today, we must first look into the past. From around 1500 B.C. all the way to 40 years ago, encrypting text followed pretty much the same routine. People who wanted to pass encrypted messages to one another had to use something called symmetric encryption. This meant that there was one secret code (key), which would both to turn readable messages (plaintext) into an unreadable mess (ciphertext) and back to readable form.

This had two main problems: Firstly, all the communicating parties had to share copies of the secret key with each other. This meant either meeting to physically share the key or using a trusted courier. Secondly, keeping this communication private relied on all parties keeping the key to themselves.  If multiple people used the same key, everyone’s communication would be vulnerable if just one person was careless or compromised.

Public-Key Encryption

When  asymmetric encryption (more commonly known as public-key encryption) was invented and made public in 1976, it was a bigger deal than anyone could imagine. This system uses two keys instead of one. First there is the public key, the only purpose of which is to let the sender to encrypt plaintext into ciphertext. After the message has been encrypted, nobody (not even the sender) can open the message except for the person with the private key.

A simple way to understand this is to think of a post box with two keys to it. The public key lets you put letters in the box, but not look inside. The owner of the private key is the only one who has access to the contents of the box. The two keys are mathematically linked, but it’s not possible to use the readily available public key to get the private key. I know it sounds like magic, but it’s actually just an application of modular arithmetic.

Hard to Understand, Easy to Use

Now we know how encryption works, but what’s in it for the average person? You, like a lot of people, might be thinking “I have nothing to hide online, so why should I go through all the trouble of encrypting what I do?” First of all, there really is no hassle. The process of sending and receiving encrypted messages requires insanely complex equations, but machines do it for you. For instance, messages sent via services such as Whatsapp are automatically end-to-end encrypted so that nobody else except the people involved in the chat can see them, not even the service providers themselves.

A VPN app like our own Freedome also encrypts ALL your traffic automatically, protecting your information while hiding your tracks online.  As F-Secure researcher Christine Bejerasco puts it pretty brilliantly in the video below:

“With VPN you become this online ninja, who is coming from somewhere and going somewhere else, but they don’t know exactly who you are or where you’re from”.

Why is Encryption So Important?

The average user should consider this: is your life really the open book you might think it is? If your web history, emails and instant messages contain no information you’d wouldn’t mind sharing with the world, then I applaud you. But the fact is, most of us do have secrets. Governments think they have the right to know them under the guise of security, criminals want to profit from them, and anyone who wishes you harm can intercept your online communications with increasing ease. Encryption doesn’t solve all of that, but it goes a long way towards keeping others out of your business.

The internet has given citizens of the world unprecedented power to communicate with each other, share ideas and together make this planet a better place to be on. Encryption lets us do this even in the face of censorship and repression, making its continued existence and legality all the more worth fighting for.

“You might think that you have nothing to hide, but you have everything to protect”.
– Mikko Hyppönen, F-Secure CRO

via:  f-secure

Budget airline AirAsia is the latest corporate to get into hackathons. The company just revealed plans to host its first-ever hack event on March 18 at its headquarters in Kuala Lumpur, Malaysia.

“AIRVOLUTION 2017” — yes, all caps and a cheesy name  — is, as you’d expect, focused on air travel and related themes although the final challenge will be announced on the day of the event. The top prize RM 25,000 (around $5,600) in cash alongside five sets of return flights to any AirAsia destination, and 100,000 of the company’s “Big” loyalty points.

There’s space for 20 selected teams to compete, with the only stipulation being that they must be from one of the 26 countries covered by AirAsia flights. Applications are open from now until 19 February 2017. Selected teams will be notified 3 March and those based outside of Malaysia will have their flights covered by AirAsia.

The event, which includes Microsoft among its sponsors, is aimed at injecting fresh ideas and thinking into the 13-year-old airline, according to CEO Tony Fernandes, who last year said he wanted to make AirAsia a “digital airline.”

“This year marks the emergence of AirAsia as a digital airline, and I believe this event can spur the kind of radical, creative thinking that will ensure AirAsia remains on the leading edge,” he said in a statement.

AirAsia is by no means the first travel company, or even airline, to embrace hackathons. Emirates, Singapore Airlines and Malaysia Airlines all run events, while British Airways has gone one step further with its own in-flight hackathon in 2013.

via:  techcrunch