Category Archive: Uncategorized

SEGA’s new SEGA Forever collection brings classic games to mobile for free

SEGA is bringing some of your favorite games to mobile in new, free-to-play formats that include ads as a way to drive revenue, support offline play and other more modern features like cloud saves. The games can also be rendered ad-free with a one-time $1.99 purchase, which is a really good deal given the pedigree of some of these titles, and what you might pay elsewhere to get re-released versions of classic console games.

The SEGA Forever collection already has five titles you can get at launch, including Sonic The Hedgehog, Phantasy Star II, Comix Zone, Kid Chameleon and Altered Beast. Each of these will be available on both the Google Play Store and the App Store for iOS devices (with iMessage sticker packs for each included in the bundle).

image

image

image

 

SEGA’s not stopping with those five, however – the plan is to launch new additions to the collection every two weeks, which should mean you’ll eventually see all your boxes ticked in terms of SEGA console nostalgia. This will expand to cover multiple console generations over time, SEGA says, and includes both “official emulations and ported games.”

Classic games likely have a finite shelf life, so it makes sense that we’d see companies do whatever they can to extract all of their value before that time runs out. But for gamers, this new model is a welcome change, since it means you can casually enjoy classics without putting down any money at all, and getting the ad-free upgrade isn’t going to break the bank.

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Do Not Disturb While Driving feature rolls out in Apple’s newest iOS 11 beta

With the release of iOS 11’s latest beta on Wednesday, testers can now get their hands on one of the new mobile operating system’s most important — if not most glamorous — new features: a long-needed “Do Not Disturb While Driving” mode. Announced in June at Apple’s Worldwide Developer Conference, the feature aims to combat the very dangerous practice of texting from behind the wheel, while also switching off other alerts that entice people to look at their phones while driving.

Distracted driving has become a national safety crisis because of the rise of smartphones. According to statistics from the U.S. Department of Transportation, 10 percent of fatal crashes, 15 percent of injury crashes and 14 percent of all police-reported motor vehicle traffic crashes were attributed to distracted driving — a blanket term that broadly encompasses cell phone use, as well as other in-car activity like adjusting the radio or climate controls, for example.

In 2015, 3,477 people were killed because of distracted driving, and 391,000 were additionally injured.

A number of third parties have approached the problem by offering mobile applications that prevent texting while the vehicle is in motion, but these can only really be integrated at the system level on Android devices. Because iOS applications run in a “sandbox” environment, they can’t interfere with iOS functions — like preventing someone from texting. Carriers have then stepped in with their own measures, like AT&T’s DriveMode, but these focus on silencing calls and text alerts, but not push notifications from apps.

Because of iOS’s lack of a built-in feature, app makers have come up with all sorts of workarounds, such as the use of external hardware, for example. But more often than not, iOS apps could only offer a monitoring solution, rather than a tool to actually block the activity. Other app makers haven’t even bothered trying to port their solution to iOS.

Apple’s “Do Not Disturb While Driving” feature isn’t a tool to fully prevent texting or alerts while in a moving vehicle. Instead, it offers to clamp down on distractions at a system level in a way that Apple has never before offered.

The feature, when active, will be able to tell if you’re in a car when your phone is connected to the car’s USB connection or Bluetooth. It will also be able to use the iPhone’s sensors to determine your speed, even if your phone isn’t connected to a car.

“It’s all about keeping your eyes on the road,” Apple Senior Vice President of Software Engineering Craig Federighi said when introducing the feature at WWDC in June. “When you’re driving, you don’t need to respond to these kind of messages. In fact, you don’t need to see them,” he said while showing a demo where the phone was receiving push notifications from apps like Twitter, Tinder and Words with Friends.

However, the iPhone itself is not on total lockdown. CarPlay functionality still works, for example. You can also still play your music or get navigation assistance through maps and other routing software. Plus, you can configure DND While Driving by choosing which contacts can always get through — similar to how iOS’s “Do Not Disturb” mode works today.

But when the car is in motion, anyone else who texts will get an automated response that reads: “I’m driving with Do Not Disturb turned on. I’ll see your message when I get where I’m going.” A second text also gives them a way to break through and get your attention in the case of an emergency by telling them, “If this is urgent, reply ‘urgent’ to send a notification through with your original message.”

The fact that there’s a way to bypass the setting is key to its adoption.

People worry about being disconnected from their devices for periods of time because they fear that someone won’t be able to reach them in case of an emergency, or other urgent situations. Though we somehow managed to get by before smartphones were ubiquitous, it’s nearly impossible to go back to that state. We’re always connected, and we can’t seem not to be — even if it’s during a short commute to work or school.

Parents also can choose to enable the new Do Not Disturb While Driving feature for their teenage drivers by enabling it in the Restrictions (parental controls) menu in iOS’s Settings. You also can turn it off and on for yourself from the newly revamped Control Center, where a widget is available that lets you enable the feature with a push of a button.

While on, your phone’s screen is dark and only critical alerts get through. The feature’s settings also let you customize the text that’s sent and specify who will receive it (Contacts, Favorites, etc.)

Plus, if you’re a passenger, you can opt to temporarily disable the feature.

Apple is fairly late to the game with this distracted driving prevention feature. Android already offers Auto Reply through Android Auto on any modern Android phone. But despite its delay in getting here, the feature is one of the most significant to arrive with iOS 11.

iOS 11 is currently in beta, and will be released to the public this September.

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Man Fined $4,000 for ‘Liking’ Facebook Comments

Read very carefully before hitting the Like button on Facebook — it could land you in court.

Reacting to content on Facebook can be achieved by commenting, sharing or probably the most popular method: hitting that Like button. However, a court in Switzerland just convicted a man on defamation claims simply for “Liking” libelous comments posted on the social network.

The comments posted on Facebook referred to an animal rights activist who was accused of “antisemitism, racism and fascism.” To be clear, the man in court did not write these comments, he simply hit the Like button for them. These Likes were made between July and September 2015. That’s before Facebook expanded the Like button to include several other reactions.

According to CNN, the court in Zurich decided to convict the man on several counts of defamation for hitting the Like button. The reason given was his clicking of the Like button constituted “indirectly endorsing” the comments. But further to that, the court also recognized the act of liking the comments as “further distribution” of them. A statement made by the court said, “The defendant clearly endorsed the unseemly content and made it his own.”

Reacting to content on Facebook can be achieved by commenting, sharing or probably the most popular method: hitting that Like button. However, a court in Switzerland just convicted a man on defamation claims simply for “Liking” libelous comments posted on the social network.

Although the defendant has the right to appeal, his punishment for being found guilty amounts to a $4,100 fine. As for Facebook, they are declining to comment on the court case beyond stating the social network sees “no direct link” to the company.

Regardless of what comments were made on Facebook, should the act of hitting the Like button result in a lawsuit? What’s more clear is, if the comments are libelous, then the person who wrote them can be pursued for prosecution.

However you feel about this court case, it’s important to keep in mind such action can be taken against an individual. Does the expansion of the Like button to include several types of reaction to a comment make the situation better or worse? I guess we won’t know that until another Facebook Like button lawsuit happens.

 

via:  entrepreneur


Save pagePDF pageEmail pagePrint page

Hackers are Using Your Phone Number to Steal Your Personal Data

You’ve probably noticed that you are required to give your cell phone number when signing up for a new account on popular websites such as Facebook, Gmail, and plenty more. Intended to be an additional safety feature for your account, hackers are now using this added precaution to their advantage.

Hackers have developed “social engineering” tactics in order to gain access to your account. With just your phone number and your email, full name, or the last 4 digits of your social security number, scammers can convince customer service representatives to reset passwords, disclose personal information, and more over the phone. It is easier than ever to impersonate someone’s identity over the phone and cyber criminals are taking full advantage of this.

To protect yourself from an identity breach (as described above) it is most important that you remain aware of this threat. Stay on the lookout for suspicious activity on any of your accounts online and make sure to never disclose your phone number online or to anyone you don’t know. Anyone can use this information to breach your online accounts and steal you identity. Listed below are a few of the most popular companies that require your phone number when making an account. These are some of the most popular sites that criminals attempt to breach through the “phone number method”.

Companies are working on new ways to combat these issues but the system is not perfect. Hackers always seem to be one step ahead of everyone else, so it is impossible to rule out the possibility of one of these attacks. With more than 70% of cyber risk coming from human error, you can mitigate your cyber risk with cyber awareness training and employee education.

 

WATCH: 60 Minutes Shows How Easiliy Your Phone Can Be Hacked

 

 

via:  securable


Save pagePDF pageEmail pagePrint page

New Mac Malware-as-a-Service offerings

A couple weeks ago, two new Malware-as-a-Service (MaaS) offerings for the Mac became available. These two offerings – a backdoor named MacSpy and a ransomware app named MacRansom – were discovered by Catalin Cimpanu of Bleeping Computer on May 25.

Cimpanu evidently had some trouble getting hold of samples, but on Friday analysis of MacRansomwas posted by Fortinet and analysis of MacSpy was posted by AlienVault.

Both of these malware programs were advertised through Tor websites, claiming them to be “The most sophisticated Mac spyware/ransomware ever, for free.” Neither programs were directly available, but could only be obtained by emailing the authors at protonmail[dot]com email addresses.

Behavior

Despite the claims of sophistication, these malware programs are not particularly advanced. The programs provided to both Fortinet and AlienSpy were simple command-line executable files that, when run, copy themselves into the user’s Library folder.

MacSpy:

~/Library/.DS_Stores/updated

MacRansom:

~/Library/.FS_Store

Because the .DS_Stores folder and the .FS_Store file both have names starting with a period, they are hidden from view unless the user has done something to show invisible files.

As part of the installation, these programs also create LaunchAgent files for persistence – a not at all original method.

MacSpy:

~/Library/LaunchAgents/com.apple.webkit.plist

MacRansom:

~/Library/LaunchAgents/com.apple.finder.plist

Some recent malware has had the capability to customize the install locations and names, but there’s no indication in the reports from Fortinet and AlienVault that such a feature is available in MacSpy or MacRansom, making these quite easy to detect.

MacRansom is created with a custom “trigger date,” after which time the malware detonates and encrypts the files in the user’s home folder, as well as on any connected volumes, such as external hard drives. As happened with KeRanger, which had a 3-day delay before encrypting, this delay will likely mean that few people who are using security software will actually be affected, as the malware will probably be detected before it encrypts anything.

Further, the encryption uses a symmetric key – meaning that the same key is used both to encrypt and to decrypt – that is only 8 bytes in length, making it rather weak and relatively easy to decrypt. However, the key creation process involves a random number and the resulting key is apparently not saved to the hard drive or communicated back to the authors in any way, making it impossible to decrypt the files except via brute force.

After encryption, the malware will display a pop-up alert informing the user of what must be done to decrypt the files, and will continue to reappear even if the user clicks the “Destroy [sic] My Mac” button. The malware does not save any copies of that information to files on the hard drive, as is typical of most ransomware.

MacSpy is fairly simple spyware, which gathers data into temporary files and sends those files periodically back to a Tor command & control (C&C) server via unencrypted http. It will exfiltrate the following data:

  • Screenshots (taken every 30 seconds)
  • Audio captured via microphone
  • Keystrokes*
  • Clipboard contents
  • iCloud photos
  • Browser data

In the case of keylogging, the malware requires an admin password, which can be provided in the email requesting a copy of the malware. This requires that the attacker knows the password for the target Mac in advance.

If the attacker pays for the malware, they will get additional capabilities, such as more general file exfiltration, access to social media, help with packaging the executable into a Trojan form (such as a fake image file), and code signing.

Analysis avoidance

Although neither of these programs is particularly sophisticated, they both do include some reasonably effective analysis avoidance features. Both include three methods for determining whether they are being analyzed by a researcher, in which case they shut down and do not display their malicious behaviors.

First, they will check to see if they are being run by a debugger, using a call to ptrace.

They will also parse the output from the shell command sysctl hw.model for the word “Mac”, terminating if that is not found. In a virtual machine, this command will not return the model identifier for the hardware, but will instead return a value specific to the virtualization software being used. Thus, if the output does not contain “Mac,” it is most likely being run in a virtual machine, and the most likely reason for that is that it’s being analyzed by a security researcher.

Another virtual machine check that is performed is a check for the number of logical and physical CPUs. Since the number of CPUs is simulated in a virtual machine, this is another fairly reliable indicator that the malware is under analysis.

If any of these checks fail, the malware terminates.

Fortunately, because the malware isn’t signed, it’s possible to hack the executables to bypass these anti-analysis checks and then analyze it in a virtual machine.

About the authors

The websites for the malware include an “About Us” section, in which the authors provide some information about their motivations:

We are engineers at Yahoo and Facebook. During our years as security researchers we found that there lacks sophisticated malware for Mac users. As Apple products gain popularity in recent years, according to our survey data, more people are switching to MacOS than ever before. We believed people were in need of such programs on MacOS, so we made these tools available for free. Unlike most hackers on the darknet, we are professional developers with extensive experience in software development and vast interest in surveillance. You can depend on our software as billions of users world-wide rely on our clearnet products.

I suspect that a lot of this is probably not accurate. I seriously doubt that they would really give away information about their former employers, which would provide a clue that could be used to help track them down and could be used as evidence in a trial. Further, as a security professional myself, it’s rather laughable that the best a security researcher could do for persistence is a launch agent.

Also, the lack of any way to decrypt files in a ransomware app is extremely amateurish. This means that 2/3 of the Mac ransomware that has ever existed has had no means for decrypting files so that users who pay will get none of their data back in return. Hopefully, this will make victims of future Mac ransomware reluctant to pay, which will, in turn, make it unprofitable to develop such malware in the future.

All these factors mean that these hackers undoubtedly do not have the qualifications they claim to have and are actually amateur developers with a tendency towards crime.

Disinfection

The presence of any of the following items is an indicator of infection:

~/Library/LaunchAgents/com.apple.webkit.plist
~/Library/LaunchAgents/com.apple.finder.plist
~/Library/.DS_Stores/
~/Library/.FS_Store

Malwarebytes for Mac will detect these as OSX.MacSpy and OSX.MacRansom.

If you were infected with MacSpy, after removing it, you should be sure to change all your passwords, as they might have been compromised by the keylogging, screen captures and/or clipboard exfiltration. If your work computer has been compromised, contact your IT department to alert them to the issue; otherwise, your accounts or other information leaked could potentially give a criminal inside access to your company’s servers.

If you had a MacRansom infection and didn’t get your data encrypted, consider yourself very lucky. Start backing up your computer regularly if you didn’t already and avoid leaving the backup drive connected all the time.

If you did have data encrypted by the ransomware, it’s possible that it could be decrypted by an expert in cryptography. Although we don’t currently have information about decrypting such files, we will update this article in the future if a method for doing so is identified.

 

via:  malwarebytes


Save pagePDF pageEmail pagePrint page

Google launches its AI-powered jobs search engine

Looking for a new job is getting easier. Google today launched a new jobs search feature right on its search result pages that lets you search for jobs across virtually all of the major online job boards like LinkedIn, Monster, WayUp, DirectEmployers, CareerBuilder and Facebook and others. Google will also include job listings its finds on a company’s homepage.

The idea here is to give job seekers an easy way to see which jobs are available without having to go to multiple sites only to find duplicate postings and lots of irrelevant jobs.

 

With this new feature, is now available in English on desktop and mobile, all you have to type in is a query like “jobs near me,” “writing jobs” or something along those lines and the search result page will show you the new job search widget that lets you see a broad range of jobs. From there, you can further refine your query to only include full-time positions, for example. When you click through to get more information about a specific job, you also get to see Glassdoor and Indeed ratings for a company.

You can also filter jobs by industry, location, when they were posted, and employer. Once you find a query that works, you can also turn on notifications so you get an immediate alert when a new job is posted that matches your personalized query.

“Finding a job is like dating,” Nick Zakrasek, Google’s product manager for this project, told me. “Each person has a unique set of preferences and it only takes one person to fill this job.”

To create this comprehensive list, Google first has to remove all of the duplicate listings that employers post to all of these job sites. Then, its machine learning-trained algorithms sift through and categorize them. These job sites often already use at least some job-specific markup to help search engines understand that something is a job posting (though often, the kind of search engine optimization that worked when Google would only show 10 blue links for this type of query now clutters up the new interface with long, highly detailed job titles, for example).

Once you find a job, Google will direct you to the job site to start the actual application process. For jobs that appeared on multiple sites, Google will link you to the one with the most complete job posting. “We hope this will act as an incentive for sites to share all the pertinent details in their listings for job seekers,” a Google spokesperson told me.

As for the actual application process itself, Google doesn’t want to get in the way here and it’s not handling any of the process after you have found a job on its service.

It’s worth noting that Google doesn’t try to filter jobs based on what it already knows. As Zakrasek quipped, the fact that you like to go fishing doesn’t mean you are looking for a job on a fishing boat, after all.

Google is very clear about the fact that it doesn’t want to directly compete with Monster, CareerBuilder and similar sites. It currently has no plans to let employers posts jobs directly to its jobs search engine for example (though that would surely be lucrative). “We want to do what we do best: search,” Zakrasek said. “We want the players in the ecosystem to be more successful.” Anything beyond that is not in Google’s wheelhouse, he added.

Monster.com’s CTO Conal Thompson echoed this in a written statement when I asked him how this cooperation with Google will change the competitive landscape for job sites. “Google’s new job search product aligns with our core strategy and will allow candidates to explore jobs from across the web and refine search criteria to meet their unique needs,” he wrote. “Yes, as with anything, there will be some challenges and adjustments to existing job posting sites; the biggest perhaps being for those that are currently driven by SEO.”

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Google Adds New Behavior-Based Malware Scanner To Every Android Device

google-play-protect-android-app-scanning

In order to keep its billions of users safe, Google has introduced another security defense for its Android devices, called Google Play Protect.

Google Play Protect, which is part of the Google Play Store app, uses machine learning and app usage analysis to weed out the dangerous and malicious apps, which have always been albatross around the tech giant’s neck.

Since Google Play Protect actually comes with the Google Play Store, users do not need to install or activate this security feature separately.

 

Google Play Protect for Android devices consists:

  • App scanning
  • Anti-Theft Measures
  • Browser Protection
Play Protect’s App Scanning Feature

Google Play Protect is an always-on service on devices which said to scan 50 billion apps each day across a billion Android devices to ensure they are safe.

Google already has a number of security measures in place to help keep your smartphones safe, including Verify Apps and its Bouncer service, but once apps are uploaded to the Play Store and installed on your device, Google does not have anything in place to monitor the behavior of those apps – something that most malware apps were abusing.

Running automatically in the background, Google Play Protect is actually built into devices, which will not only analyze apps before appearing on the Play Store, but also monitor them once installed on the device, including apps that have been installed from third-party stores as well.

For this, Google makes use of machine learning algorithms that automatically compares app behavior and distinguishes those acting abnormally, and if encounters any malicious app, it warns you or even disables the app to prevent further harm.


Google says it works around the clock to keep up with the latest threats

Google says the new machine learning system regularly updates to help Android ecosystem stay one step ahead of any potential threats by always looking out for “new risks, identifying potentially harmful apps and keeping them off your device or removing them.”

Play Protect’s Anti-Theft Measures

With the introduction of Google Play Protect, Android Device Manager has been replaced with Find My Device, use to locate lost and misplaced devices.

You can use the browser or any other device to remotely call, locate, and lock, your Android device or even erase the data to protect sensitive information remotely.

Find My Device is the same old solution, but Google included it into the Google Play Protect program.

Play Protect’s Browser Protection

With Safe Browsing feature in Chrome, Play Protect lets users stay safe while browsing the Internet.

Usually, virus, malware and worm land on to your smartphones and computers via malicious web browsers. So, if you visit any website that is acting suspicious, Safe Browsing feature will warn you and block websites that feel sketchy or seems to be unsafe for you.

Google Play Protect service will be rolling out to Android devices over the coming weeks.

 

via:  thehackernews


Save pagePDF pageEmail pagePrint page

Select Restaurant chain hit with POS data breach

The Ohio-based Select Restaurant chain reported it suffered a point-of-sale breach during which customer payment card information was compromised.

The breach took place between October 36, 2016 and February 3, 2017 at 12 of the company’s restaurants, which are located across the United States, the company said in a written statement. The breach was noticed on March 30 when a third-party vendor reported that some unusual activity was taking place within its system. It was then confirmed on April 26 that some customer payment card information may have been compromised, including cardholder’s name, card number, expiration date and CVV.

The company is now working with a forensics firm to determine the extent of the breach and to identify anyone who may have been affected. Select did not know how many people were potentially impacted by the breach.

The chain is recommending that any guests who frequented one of its establishments involved in the breach review their bank and credit card accounts to search for irregularities.

The list of affected restaurants can be seen here.

 

via:  scmagazine


Save pagePDF pageEmail pagePrint page

Erebus Linux ransomware attack demanded $1.62 million from South Korean firm

South Korean firm NAYANA was hit with a Linux ransomware attack that demanded an unprecedented 550 Bitcoins (BTC) or $1.62 million ransom.

Erebus ransomware attack demanded NAYANA demanded $1.62M.

Erebus ransomware attack demanded NAYANA demanded $1.62M.

The attack occurred on June 10, 2017, and on June 12, 2017, the company announced the attack. On June 14, 2017 the web hosting company was eventually able to negotiate down to the ransom to 397.6 BTC, nearly $1.01 million, to be paid in three installments, according to a June 19 blog post.

The threat actors used the Erebus ransomware to infect 153 Linux servers and 3,400 businesses sites hosted by NAYANA and as of June 19, 2017, two of the three payments have already been made. The final payment is expected to be made one the first and second batches of servers have been successfully recovered.

A local exploit may have been used in the attack though it is unclear exactly what exploits were used to infect the system as there isn’t a clear understanding of what vulnerabilities are in the systems.

Researchers said it’s worth noting the ransomware is limited in terms of coverage and is heavily concentrated in South Korea. Other samples however, have been submitted from security researchers in Ukraine and Romania.

Erebus was first spotted in a spate of malvertising attacks in September 2016 and then reemerged in February 2017 using a method to bypass Windows’ User Account Control. The recent Linux variant was similar to the updated variant discovered in February 2017, with OS-specific changes in the way it gains access to the system, Trend Micro Director of Hybrid Cloud Security Steve Neville told SC Media.

“The Windows version leveraged a strategy of bypassing the User Access Controls (UAC) to gain elevated privilege in order to execute,” Neville said. “The Linux version leverages a similar mechanism in Linux, but also adds a fake Bluetooth service to ensure that the ransomware is executed even after the system or server is rebooted.”

Researchers warn to always make sure all of their systems are patched and up to date to prevent infection as well as the backing up of critical files.

 

via:  scmagazine


Save pagePDF pageEmail pagePrint page

Fashion Retailer Buckle Finds Malware on PoS Systems

The Buckle, Inc., a fashion retailer that operates more than 450 stores across the United States, informed customers on Friday that malware had been found on some of its point-of-sale (PoS) systems.

Buckle suffers credit card breach

According to the retailer, malware was present on PoS systems at some of its stores between October 28, 2016, and April 14, 2017. The company has called in outside experts to investigate the incident and help secure its network.

The malware was designed to steal data from a card’s magnetic stripe, including cardholder name, account number and expiration date, but The Buckle believes the malware did not collect data from all transactions conducted via infected PoS systems.

The company pointed out that all its stores support EMV (chip card) technology, which makes it significantly more difficult to clone cards using stolen data. Nevertheless, the compromised payment card data can still be useful to cybercriminals, particularly for card-not-present fraud.

 

The Buckle said there was no evidence that social security numbers, email addresses or physical addresses were obtained by the attackers, and there is no indication that its website and online store are affected.

“As part of Buckle’s response, connections between Buckle’s network and potentially malicious external IP addresses were blocked, potentially compromised systems were isolated, and malware-related files residing on Buckle’s systems were eradicated.

Additionally, Buckle reported a potential incident to the payment card brands and is cooperating with them regarding this incident,” the company said in a statement.

The Buckle has advised customers to keep an eye out for any suspicious activity on their payment card, and immediately report any unauthorized charges to the card issuer. A list of affected stores has not been made available.

The Buckle’s announcement comes just two weeks after big box department store chain Kmart, which operates more than 700 stores, informed customers of a payment card breach and a couple months after 200 Brooks Brothers Stores were Hit by Payment Card Breach.

 

via:  securityweek


Save pagePDF pageEmail pagePrint page