Monthly Archives: March 2017

The 16GB iPhone is dead.

The new, limited-edition red iPhone 7/7 Plus and upgraded 9.7-inch iPad aren’t the only things Apple has to share today. The company is also increasing the storage across all iPhone SE and iPad Mini 4 configurations. The lowest-capacity 4-inch iPhone SE is now 32GB, up from 16GB, and the 64GB model has been scrapped in favor of a 128GB version. Basically, Apple has doubled the storage and finally killed off the last 16GB iPhone, but good news: The prices haven’t changed. The new 32GB iPhone SE costs $399/£379 (the same price as the old 16GB device), while the 128GB model comes in at $499/£479. Both will go on sale this Friday, March 24th.

For the iPad Mini 4, Apple has simply done away with the 32GB and 64GB models, introducing a new, lone 128GB config. You’re getting an even better deal here, since you’re only expected to pay as much as the 32GB was worth for quadruple the storage — though it makes sense customers should get more bang for their buck since the internals of the Mini 4 are lagging behind Apple’s other iPads. The 128GB tablet goes on sale for $399/£419 for the WiFi-only model, and $529/£549 if you add LTE connectivity.

via:  engadget

The technology could be used by Apple to offer quick access for disabled people.

Apple has acquired the Workflow automation app, which allows iOS users to trigger a sequence of tasks across apps with a single tap.

A spokesman for Apple confirmed on Wednesday the company’s acquisition of DeskConnect, the developer of the app, and the Workflow app, but did not provide further details.

Workflow, developed for the iPhone, iPad, and Apple Watch, allows users to drag and drop combinations of actions to create workflows that interact with the apps and content on the device. It won an Apple design award in 2015 at its annual Worldwide Developers Conference.

Some of the examples of tasks for which Workflow can be used are making animated GIFs, adding a home screen icon to call a loved one and tweeting a song the user has been listening to, according to a description of the app.

Apple is keeping the app alive on its App Store and it has been made free, according to TechCrunch, which first reported the acquisition.

The company, which typically comments on its acquisitions with the standard line that “Apple buys smaller technology companies from time to time, and we generally do not discuss our purpose or plans,” on Wednesday went on to comment about the benefits of the app.

The app was selected for the Apple design award “because of its outstanding use of iOS accessibility features, in particular an outstanding implementation for VoiceOver with clearly labeled items, thoughtful hints, and drag/drop announcements, making the app usable and quickly accessible to those who are blind or low-vision,” Apple told TechCrunch.

It isn’t clear at this point how the app will be integrated with Apple’s offerings. Besides offering a standalone Workflow app, Apple may possibly look at integrating the technology into iOS with Siri being the key interface for many users, particularly for disabled people.

via:  networkworld

At some point in your career, you will make mistakes—small mistakes, big mistakes, even career-defining mistakes. I am writing this in retrospect because during the course of my job duties, I recently made a mistake. The details are irrelevant, but I wanted to share my experience with making mistakes in the professional world.

Mistakes and human error in Information Security account for 70 percent of the initial intrusion vectors for attackers, states the 2016 Verizon Data Breach Investigations Report. This report suggests that, “basic security hygiene is what matters the most in terms of effective defensive countermeasures.” Security starts with you. Understanding the impact of what a careless mistake could mean to the security of your organization and to your personal reputation as a security practitioner could very well be detrimental.

In one case, an employee working in the finance department of a wire and cable manufacturer was sent an email claiming to be from the company’s executive, demanding to have 40 million Euros transferred to a bank account in the Czech Republic. This is one instance where a mistake caused a company an incredible financial hardship due to human error.

When making mistakes, especially as a security practitioner, it is important that you look yourself as a brand. You are your personal brand—your brand is defined by your actions. If you have good actions, then your brand will sell very well. If you promote your brand, there will be a higher demand for it.

However, in the case of an event where you just made a royal mistake, it’s time to think about your options.

If you are genuinely unsure if you made this error, it is important that you first seek clarity. It has been extremely important in my life to take ownership and accountability for my mistakes. But don’t be a martyr. Every mistake comes with a prolific opportunity to grow from it, but if it wasn’t your mistake, then you are hurting your brand without gaining the opportunity to grow. My first suggestion to you if you are unsure of the mistake is to find the evidence.

If in your search you do indeed find that it was entirely you and you are the problem, the second piece to the puzzle for is to accept ownership. I have seen people go to vast means to deny, deny and deny. In all aspects of my life, this has never worked to my favor. You need to accept that you can, will, and do make mistakes in life.

Taking accountability for your mistake comes with a price tag. There will be some level of consequences for your mistake. We will call consequences “amendments” because to amend something is to change it, and that is exactly what you need to do.

The worst thing that could ever come out of this is for you to be wrong once then continue to be wrong for the rest of your life. so call your consequences “amendments.” You want to change the impact of your mistake.

Changing the impact of your mistake could mean a lot of things. However, it starts by asking those you’ve impacted, “How can I change things?” This seems simple but the magic in this is meaning it. I’ve done this enough to know that people will feel if you are sincere or not.

Amending may very well be not behaving that way from that point forward; it may be a financial payment, it may even be jail time (let’s hope not). Whatever it may be, I have learned that walking away with an action step is the only way to repair your brand. It starts with asking that question. Seek an agreement between you and those affected.

Carrying out your obligation to agreement is the only way to repair your brand. I must warn you that entering into this agreement and not carrying out the obligation to the full extent will demolish any credibility you might have beyond repair. It’s very serious and you must treat it so.

Handling mistakes this way has proven to be the most effective way to overcome and grow beyond any obstacle I have ever faced thus far.

Remember:

1. Seek Clarity
2. Accountability
3. Amendments

And remember that security starts with you.

via:  tripwire

Cybellum researchers say the problem can affects all processes, won’t go away anytime soon.

A zero-day attack called Double Agent can take over antivirus software on Windows machines and turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives.

Based on a 15-year-old feature in Windows from XP through Windows 10, the attack is effective against all 14 antivirus products tested by security vendor Cybellum – and would also be effective against pretty much every other process running on the machines.

Double Agent was discovered by Cybellum researchers and has not been seen in the wild.

“The attack was reported to all the major vendors which approved the vulnerability and are currently working on finding a solution and releasing a patch,” according to a Cybellum blog. All the vendors were notified more than 90 days ago, which is the standard length of time for responsibly disclosing vulnerabilities and giving vendors time to fix them.

In this case two out of 14 antivirus vendors that have been notified have taken steps to deal with the problem – AVG and Malwarebytes, says Slava Bronfman Cybellum’s CEO. The other 12 that have been notified are Avast, Avira, Bitdefender, Trend Micro, Comodo, ESET, F-Secure, Kaspersky, McAfee, Panda, Quick Heal and Norton.

UPDATE: Trend Micro has issued this statement: “At this time, we have confirmed that Titanium is the only product affected by this vulnerability, and we do have a patch in the works to be published as an urgent security bulletin later this morning.” That bulletin is here.

UPDATE: Kaspersky Lab issued this statement: “Kaspersky Lab would like to thank Cybellum Technologies LTD for discovering and reporting the vulnerability which made a DLL Hijacking attack possible via an undocumented feature of Microsoft Application Verifier. The detection and blocking of this malicious scenario has been added to all Kaspersky Lab products from March 22, 2017.”

UPDATE: Comodo Vice President of Worldwide Engineering Egemen Tas wrote a post about this including: “No we are not vulnerable to this AppVerifier injection…For this attack to be successful, [the] malware author should be able to bypass [Comodo Internet Security] protection. CIS by-default allows only whitelisted applications to modify such critical keys. Non-whitelisted applications will be either blocked or sandboxed rendering the attack ineffective.”

UPDATE: Norton issued this statement: “After investigating this issue we confirmed that this PoC does not exploit a product vulnerability within Norton Security. It is an attempt to bypass an installed security product and would require physical access to the machine and admin privileges to be successful. We remain committed to protecting our customers and have developed and deployed additional detection and blocking protections to users in the unlikely event they are targeted.”

Double Agent takes advantage of a quirk of Microsoft Application Verifier, a tool that detects and fixes bugs in native applications. This is performed by something known as a “verifier provider DLL” that gets loaded into the applications at runtime.

Microsoft Application Verifier allows creating new verifier DLLs and registering them with a set of keys for it that get stored in the registry. “Once a DLL has been registered as a verifier provider DLL for a process, it would permanently be injected by the Windows Loader into the process every time the process starts, even after reboots/updates/reinstalls/patches/etc.,” Cybellum says. In other words, the DLL persists.

This vulnerability is actually an undocumented feature of Microsoft Application Verifierl, Bronfman says, so it’s unlikely to be removed anytime soon.

Bronfman says there’s no particular flaw with the antivirus platforms; the DLLs could be inserted into any process. Cybellum chose to attack them because they make an effective attack surface: they are trusted by other applications on the computers, including other security software.

“Antivirus is most important attack we could do,” he says. “If you attack an organization, not just consumer, you can get full control over the organization. No other security examines the antivirus. It will bypass all the huge stack of security products you might have.”

The workaround being used by AVG and Malwarebytes involves patching the antivirus software to look for any process trying to write to the antivirus registry and then block it, he says. “Antivirus is in the kernel with a driver that can see almost everything,” he says.

Meanwhile organizations might try increasing diligence about downloads to stop Double Agent from accessing machines.

Cybellum says that three years ago Microsoft provided a new design concept that antivirus vendors could use that is called Protected Process and is meant specifically to protect antivirus software. Vendors could write their platforms so they are considered protected processes that would only allow trusted, signed code to load on them. So the code would be protected from any code-injection attack, including Double Agent.

Bronfman says executing the attack could be done by someone with the skills of a script kiddie. The attack code can be downloaded directly from a malicious Web site or opening a malicious attachment, he says.

via:  networkworld

Well, there’s some good news for hackers and bug bounty hunters!

Both tech giants Google and Microsoft have raised the value of the payouts they offer security researchers, white hat hackers and bug hunters who find high severity flaws in their products.

While Microsoft has just doubled its top reward from $15,000 to $30,000, Google has raised its high reward from $20,000 to $31,337, which is a 50 percent rise plus a bonus $1,337 or ‘leet’ award.

In past few years, every major company, from Apple to P*rnHub and Netgear, had started Bug Bounty Programs to encourage hackers and security researchers to find and responsibly report bugs in their services and get rewarded.

But since more and more bug hunters participating in bug bounty programs at every big tech company, common and easy-to-spot bugs are hardly left now, and if any, they hardly make any severe impact.

Sophisticated and remotely exploitable vulnerabilities are a thing now, which takes more time and effort than ever to discover.

So, it was needed to encourage researchers in helping companies find high-severity vulnerabilities that have become harder to identify.

Until now, Google offered $20,000 for remote code execution (RCE) flaws and $10,000 for an unrestricted file system or database access bugs. But these rewards have now been increased to $31,337 and $13,337, respectively.

For earning the top notch reward of $31,337 from the tech giant, you need to find command injections, sandbox escapes and deserialization flaws in highly sensitive apps, such as Google Search, Chrome Web Store, Accounts, Wallet, Inbox, Code Hosting, Google Play, App Engine, and Chromium Bug Tracker.

Types of vulnerabilities in the unrestricted file system or database access category that can earn you up to $13,337 if they affect highly sensitive services include unsandboxed XML eXternal Entity (XXE) and SQL injection bugs.

Since the launch of its bug bounty program in 2010, Google has paid out over $9 Million, including $3 Million awarded last year.

Microsoft has also increased its bug bounty payouts from $20,000 to $30,000 for vulnerabilities including cross-site scripting (XSS), cross-site request forgery (CSRF), unauthorized cross-tenant data tampering or access (for multi-tenant services), insecure direct object references injection, server-side code execution, and privilege escalation bugs, in its Outlook and Office services.

Both the tech giants are trying their best to eliminate any lucrative vulnerability or backdoor into their software and products to avoid any hacking attempts and make them more secure.

Hackers will get the payout reward after submitting the vulnerabilities along with a valid working proof-of-concept.

So, what are you waiting for? Go and Grab them all!

via:  thehackernews

Office 365, OneDrive, Xbox among services impacted a week after Azure Storage went down.

A handful of hosted Microsoft services, including Office 365 SaaS apps, OneDrive cloud storage and xBox Live platforms experienced an outage on Tuesday into Wednesday, according to Microsoft and services that track outages.

DownDetector.com found that Office 365 had elevated reported error rates on Tuesday afternoon ET. It’s unclear which Office 365 services or how many users were impacted though.

Microsoft confirmed on its @xBoxSupport Twitter account that customers were having trouble signing into the service on Tuesday evening ET. As of Wednesday morning ET, Microsoft reports that its OneDrive cloud storage system is experiencing error rates with some customers not being able to sign into the service.

Microsoft

Microsoft’s Office 365 Status Dashboard shows ongoing issues with customers signing into OneDrive on Wednesday morning ET.

The cause of these issues are unclear, but Microsoft does note that its Azure cloud storage service had “increased latency accessing Azure resources” and “login failures” on both Tuesday and Wednesday.

This all comes just a week after Azure’s storage service experienced increased error rates. That Azure storage disruption happened a week after a major AWS outage that took down many retail websites across the Internet.

via:  networkworld

The unauthorized use of personal file-sharing apps at work is a growing problem that can no longer be swept under the rug and ignored.

The unauthorized use of personal file-sharing apps at work is a growing problem that can no longer be swept under the rug and ignored. On one hand these services, such as Dropbox and Google G Suite, can help employees to collaborate and share information.  On the other, they often lack adequate security controls. That means countless numbers of employees around the world who share company information through such platforms are inadvertently putting their organizations at risk of information security breaches and data loss. 

Most employees don’t realize the dangers that can arise from the unsanctioned use of personal file sharing services in the business environment. A survey conducted by M-Files found at least 50 per cent of employees have used unauthorized file sharing and sync solutions to share or store sensitive company information. 

The real problem is that when employees use consumer file sharing services to share company information that data is taken outside of the company’s IT environment, often onto external servers and where data’s privacy settings are beyond the control of the enterprise. This reality increases the risks of data leakage, security vulnerabilities, and ultimately damage to the business.

Why are employees using their personal file sharing apps at work?

The unauthorized use of personal file-sharing apps represents a battle between usability and security. Employees who use these services are sending a clear message: They cannot afford slowdowns or be expected to jump through perceived hoops to send and share information and files that enable them to do their jobs. If organizations do not provide the tools that employees need to share information and collaborate with internal and external entities – or if the processes are too difficult to use – then users will take matters into their own hands.

Said another way, the fact that unauthorized use of personal file sharing apps are gaining a foothold in organizations points to an unmet need.  Employees find these tools more accessible and easier to use than ones provided by their company. They want simple, intuitive solutions that are mobile friendly and more like the consumer apps they use in their personal lives. Unfortunately, too few companies have equipped their employees with enterprise software applications that meet that expectation. This in turn is fuelling the continued unauthorized, unsupported and unmonitored use of personal file-sharing apps in the workplace.

Corporate IT is not completely blind the problem. According to a recent ESG survey, an overwhelming 70 per cent of IT managers said they know or believe that their employees have business data residing within their personal file-sharing accounts. Apparently, they are ignoring the threat or don’t know how to effectively address the issue.

Some companies have tried implementing strict policies banning the use of these services, but these rules are difficult to enforce. Tracking information and documents in an increasingly mobile work environment is daunting, especially with the growing volume and variety of content being generated and stored in multiple business applications and cloud environments.

The reality is, trying to forbid employees from seeking alternatives is a losing proposition if the official, sanctioned software is not as good as the consumer options. Organizations need to balance security and data protection against their employees need for a simple solution for sharing documents and collaborating with individuals and businesses outside of their organization.

What’s the solution?

Clearly, a key to success for organizations looking to curb the use of unauthorized file sharing is to ensure that company-provided solutions are as simple to use as their personal apps. Give employees a solution that makes it easy for them to collaborate and share information, and it will take away the incentive for them to look elsewhere.

Fortunately, there are solutions that allow companies to maintain strict control over their information assets without stifling collaboration. Using the right technologies can provide employees with the convenience, ease of use and speed they demand, while IT managers retain control, visibility, and security.

That’s where enterprise content management (ECM) systems come into play. Next generation ECM solutions provide an intelligent yet easy-to-use approach that meets the usability needs of employees without compromising security and data governance. In other words, ECM systems provide the best of both worlds.

What’s more, modern ECM systems also provide organizations audit trails and granular, metadata-driven access controls that can enable companies to know who accessed what and when – and even block user accounts, if needed.

And there are other benefits as well.  For example, ECM solutions can deliver built-in version control and workflow capabilities to ensure employees have easy access to most up-to-date information. They also provide faster and more intuitive search capabilities that can be extended with integrations to business content residing within existing business systems and repositories. Businesses get the necessary levels of control and security they need for storing and sharing content – while employees benefit from using a collaboration tool that is just as easy to use as popular consumer-grade file-sharing platforms.

Of course technology can only do so much, there also needs to be awareness, education and training so that employees are knowledgeable about the dangers involved. Employees need to understand what tools they can and can’t use, and what information they can and can’t share. They need to know that unauthorized file sharing is risky business that can cause data security nightmares.

But to address the root of the problem, companies need to take proactive steps to provide an alternate solution that is equally fast and easy to use, but also provides the necessary levels of control and security – such as next generation ECM systems. 

After all, sharing files and other information with colleagues and clients should be easy and convenient. What it shouldn’t be is a security risk.

via:  itproportal

Security researchers published details yesterday on a new ransomware for Mac, which calls itself “Patcher.” The file-encrypting ransomware program finds its way onto macOS systems through BitTorrent websites, masquerading as an Adobe Premiere CC or Office 2016 patcher. Intego’s malware research team has updated its VirusBarrier anti-virus definitions to detect all components of the ransomware, identified as OSX/Filecoderand OSX/Filecoder.fs.

What is the Infection Vector?

A torrent claiming to contain a patcher for Adobe Premiere CC 2017 or Office 2016 is the only delivery mechanism known so far. Macs running OS X 10.11.x El Capitan and macOS 10.12.x are at risk.

Patcher was found on the bittorrent site seedpeer[.]eu

Patcher does not appear to be concerned about where it runs or if any security software is present. The application is signed with a key that is not signed by Apple.

codesign -dv /Users/intego/Desktop/Office\ 2016\ Patcher.app
Executable=/Users/intego/Desktop/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher
Identifier=NULL.prova
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=507 flags=0x2(adhoc) hashes=11+3 location=embedded
Signature=adhoc
Info.plist entries=22
TeamIdentifier=not set
Sealed Resources version=2 rules=12 files=14
Internal requirements count=0 size=12

The bundle identifier “NULL.prova” was found in another application, named “prova,” which is similar in appearance.

prova application

codesign -dv /Users/intego/Desktop/prova.app
Executable=/Users/intego/Desktop/prova.app/Contents/MacOS/prova
Identifier=NULL.prova
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=411 flags=0x2(adhoc) hashes=8+3 location=embedded
Signature=adhoc
Info.plist entries=22
TeamIdentifier=not set
Sealed Resources version=2 rules=12 files=14
Internal requirements count=0 size=12

The prova application, designed to have the same or similar ransomware functionality, does not appear to be functional and may just have been a test run leading up to the currently discussed Patcher app.

According to the researchers, the application appears to be poorly coded as the window is transparent. A quick overview in the code confirms that it was written using Swift:

0000000100008098 dq 0x0000000000000040 ; DATA XREF=-[_TtC34Adobe_Premiere_Pro_CC_2017_Patcher11AppDelegate count]+4, -[_TtC34Adobe_Premiere_Pro_CC_2017_Patcher11AppDelegate setCount:]+4, sub_100001940+105, -[_TtC34Adobe_Premiere_Pro_CC_2017_Patcher11AppDelegate init]+105, sub_100001ee0+31, 0x100007460
00000001000080a0 dq __swift_FORCE_LOAD_$_swiftFoundation
00000001000080a8 dq __swift_FORCE_LOAD_$_swiftObjectiveC
00000001000080b0 dq __swift_FORCE_LOAD_$_swiftDarwin
00000001000080b8 dq __swift_FORCE_LOAD_$_swiftIOKit
00000001000080c0 dq __swift_FORCE_LOAD_$_swiftDispatch
00000001000080c8 dq __swift_FORCE_LOAD_$_swiftCoreGraphics
00000001000080d0 dq __swift_FORCE_LOAD_$_swiftAppKit
00000001000080d8 dq __swift_FORCE_LOAD_$_swiftCoreImage
00000001000080e0 dq __swift_FORCE_LOAD_$_swiftXPC
00000001000080e8 dq __swift_FORCE_LOAD_$_swiftQuartzCore
00000001000080f0 dq __swift_FORCE_LOAD_$_swiftCoreData

Code between the Adobe Premiere CC and Office 2016 applications are the same.

Patcher’s application window

Clicking the START button immediately starts the encryption process, and the window shows progress in 3 steps.

Progress window, step 0 of 3

Progress window, step 2 of 3

By the time the window shows step 2/3, an infected Mac will see its desktop loaded with text files. Of course, the progress window is just there to delay the user while all the files are encrypted in the background. Even if the application is quit at this point it will be too late, because when the text files appear on the desktop all of the contents in the Users folder is already encrypted. When the window shows step 2/3, it’s already done; step 3/3 never comes and the application just sits there indefinitely.

Any new data created while Patcher is running will not be encrypted by the ransomware. Patcher appears to focus only on data that was present when the application was first started.

The original data that was encrypted is deleted using rm, Patcher then attempts to wipe the free space on the drive with diskutil to make sure the original data is really gone. Luckily, the author made a mistake in the ransomware:

It tries to execute /usr/bin/diskutil, however the path to diskutil in macOS is /usr/sbin/diskutil.

This mistake may give a user the chance to recover some of the deleted data by using tools such as Data Rescue. If the ransomware is discovered promptly, which shouldn’t be a problem as the numerous text files on the desktop are a solid indicator that something is wrong, and the Mac is shut down, data recovery may have a chance. The longer the Mac is powered on, the greater the chances are the deleted files are overwritten.

It is also possible to interrupt Patcher simply by quitting the application. Patcher is very slow, taking a good 30 seconds to encrypt a 250MB video file, so it will need a decent amount of time to encrypt a typical user folder, which can be hundreds of gigabytes. If the user suspects the application is not working or is not what it claims to be, it can be closed and the encrypting of data will stop.

Where Does Filecoder Install?

Filecoder is a stand-alone application that does not install files on the system to keep itself alive after a restart. It simply takes your user home folder and encrypts everything in it. The application appears to disable itself, so it cannot be launched again. When it’s done disabling itself, it goes after any mounted network volumes and connected external drives. It leaves the system folder, library and applications folders alone, going only after files in the Users folder.

As soon as Patcher runs, the user will see text files popping up on the desktop and in other user home folders, with names like “README.txt” and “DECRYPT!.txt.” Opening these text files will present the following information:

NOT YOUR LANGUAGE? USE https://translate.google.com

What happened to your files ?
All of your files were protected by a strong encryption method.

What do I do ?

So , there are two ways you can choose: wait for a miracle or start obtaining BITCOIN NOW! , and restore YOUR DATA the easy way
If You have really valuable DATA, you better NOT WASTE YOUR TIME, because there is NO other way to get your files, except make a PAYMENT

FOLLOW THESE STEPS:
1) learn how to buy bitcoin https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version)
2)send 0.25 BTC to 1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb
3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com
4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (If you can not wait 24 hours make a payment of 0.45 BTC your files will be unlocked in max 10 minutes)

KEEP IN MIND THAT YOUR DECRYPTION KEY WILL NOT BE STORED ON MY SERVER FOR MORE THAN 1 WEEK SINCE YOUR FILE GET CRYPTED,THEN THERE WON’T BE ANY METHOD TO RECOVER YOUR FILES, DON’T WASTE YOUR TIME!

After your data is encrypted, you are instructed to pay 0.25 bitcoin ($280) to have your files unlocked within 24 hours. If you’re in a rush, however, you can pay 0.45 bitcoin ($500) and your files will be unlocked in 10 minutes or less.

Looking at the previously mentioned prova application, the readme.txt mentions the same bitcoin address but a different email address: “rihofoj@zainmax.net.” In Patcher, the name ‘rihofoj’ uses the mailinator service instead of the zainmax.net domain.

Even if one would be inclined to pay the ransom (which we do NOT recommend), there is a problem. Filecoder never actually sends a decryption key to a server or makes a network connection of any kind. This means the ransomware author does not have a way to unlock your files even if you pay.

When the patcher application is launched, everything currently in your home folder is encrypted. Any new files or folders, even those created while the patcher is running, are not touched. A reboot will have you greeted with a “Sign in to iCloud” window, just like the one you see when you first log in to your Mac. You’ll also find all your settings and preferences reverted to default as your Library folder, including the Preferences, Accounts, Saved Application state, and other, are now encrypted.

Encrypted contents of the User folder

Patcher changes the modification date of the encrypted files to February 13, 2010, for reasons unknown at this time.

Should Mac Users be Concerned?

While this ransomware was currently only found on a BitTorrent site, it could have posed as a fake Flash Player update or other delivery mechanism, thus able to reach a far greater audience. The ransomware is very basic and makes no attempts to hide itself or stay alive after reboots, but if it makes its way onto your Mac and gets a chance to run, it will thoroughly ruin your week. The torrent file carrying the ransomware was found on two BitTorrent sites and appears to have no active seeds, so it cannot be downloaded at the time of writing this article, slightly minimizing the risk. However, Patcher may be hiding in other places not yet discovered.

How to Tell if Your Mac is Infected

If you see files on your desktop or any other folder in your user directory with a .crypt extension, along with text files with names such as “README.txt,” “README_.txt,” “README-!.txt,” “README!!.txt,” “DECRYPT!.txt,” “HOW_TO_DECRYPT_!.txt” and “DECRYPT_!.txt,” your Mac probably fell victim to Filecoder.

Clear signs your Mac was hit by Patcher

How to Protect Yourself from Patcher Ransomware

Unfortunately, malware is no surprise when downloading software from BitTorrent sources, so a surefire way to protect yourself from Patcher ransomware is to only get software directly from the source, such as the App Store or from the vendor’s official website. (Yup, this means you gotta pay for it if the software isn’t free.)

Furthermore, Apple has pushed an update to its XProtect anti-virus signatures to version 2089 on Mavericks, Yosemite, El Capitan, and Sierra, detecting some components of this threat as OSX.Findzip.A. However, Apple appears to miss the prova occurrence or any iteration that can modify the README.txt name. During our testing, running the Patcher application does not generate a GateKeeper warning nor does it ask for a password.

Users of Intego VirusBarrier with up-to-date malware definitions can detect all of the components of the ransomware, identified as OSX/Filecoder and OSX/Filecoder.fs, and block it if it makes its way onto your system.

Manually removing Patcher is as simple as deleting the Adobe Premiere CC 2017 or Office 2016 patcher applications. In this case, it is far more important to keep Patcher from ever getting on your system. There are no other files to delete, and a backup of your data will have to be restored as your user folder is now fully encrypted. This scenario can be seen as complete data loss and highlights the importance of having a solid and smart backup strategy.

The best way to protect yourself from ransomware is to plan ahead, before disaster strikes, and we therefore encourage you to have a look our guide to help you stay safe from ransomware: A Layman’s Guide to Ransomware Protection.

via:  intego

When walking outside just isn’t good enough.

Accuweather

Checking the weather report is usually a colorless, simple experience — a glance at an app to see the five day forecast or check the news for any major storms or events. If you have a Samsung Gear VR device, however, your daily forecast could soon be an experience. AccuWeather’s new VR experience promises to offer immersive weather news, innovative forecasts and 360-degree video of severe weather events. o of severe weather events.

It sounds like one of the least exciting VR experiences imaginable, and indeed — the screenshots on the app’s store page preview little more than a wrap-around VR view of temperature, humidity and UV Index charts. The draw is more about seeing extreme weather in action — 360-degree clipslike a close up video of a tornado in Colorado, for instance. AccuWeather says new videos will be added each week, and hopes to provide users with an educational perspective on the Earth’s most exciting weather events. The app is available on the Oculus Store for free starting today.

via:  engadget

Customers will be able to run tiny workloads free of charge.

Google is letting its customers get a taste of its cloud for free, without a time-limited trial. The company quietly launched a new “Always Free” tier on Thursday that lets people use small amounts of its public cloud services without charge, beyond the company’s limited-time trial.

The tier includes — among other things — 1 f1-micro compute instance, 5 GB per month of Regional Storage and 60 minutes per month of access to the Cloud Speech API. Using the free tier requires users to provide a credit card that Google can automatically bill for any use over the limits.

In addition, the cloud provider expanded its free trial so that users get $300 in credits that they can use for up to 12 months. Google will halt users’ workloads if they eat up all of the credits before the end of 12 months.

The free offerings are meant to help attract users to Google Cloud Platform at a time when the company is competing against Amazon Web Services, Microsoft Azure and other public cloud providers for developers’ time and attention.

Google’s Always Free tier is somewhat similar to what AWS offers its customers. For example, both platforms allow users to run workloads using their respective event-driven compute services, AWS Lambda and Google Functions.

One thing that sets Google apart is its willingness to hand out a free virtual machine.

Google previously offered a 60-day free trial with $300 in credits. An extended trial was one of the cloud provider’s most-requested features, since the short time limit often wasn’t enough for a full proof-of-concept test.

The Always Free benefits are available from Google’s us-west-1, us-central-1 and us-east-1 regions. It’s unclear if the company plans to offer them in other countries.

via:  itworld