Month: April 2020

Google’s medical AI was super accurate in a lab. Real life was a different story, so they need to tweak

Posted on by Robin Edgar

The covid-19 pandemic is stretching hospital resources to the breaking point in many countries in the world. It is no surprise that many people hope  AI could speed up patient screening and ease the strain on clinical staff. But a study from Google Health—the first to look at the impact of a deep-learning tool in Read more about Google’s medical AI was super accurate in a lab. Real life was a different story, so they need to tweak[…]

NSO Employee Abused Phone Hacking Tech to Target a Love Interest

Posted on by Robin Edgar

An employee of controversial surveillance vendor NSO Group abused access to the company’s powerful hacking technology to target a love interest, Motherboard has learned. The previously unreported news is a serious abuse of NSO’s products, which are typically used by law enforcement and intelligence agencies. The episode also highlights that potent surveillance technology such as Read more about NSO Employee Abused Phone Hacking Tech to Target a Love Interest[…]

How Spies Snuck Malware Into the Google Play Store—Again and Again: by upgrading a vetted app

Posted on by Robin Edgar

At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India. Unlike most of the shady apps found Read more about How Spies Snuck Malware Into the Google Play Store—Again and Again: by upgrading a vetted app[…]

Space Launch Market for Heavy Lift Vehicles: Charts and Data Set of Addressable Launches 2007–2018

Posted on by Robin Edgar

In 2019, the U.S. Air Force (USAF) asked the RAND Corporation to independently analyze the heavy lift space launch market to assess how potential USAF decisions in the near term could affect domestic launch providers and the market in general. RAND’s analysis was published as Assessing the Impact of U.S. Air Force National Security Space Read more about Space Launch Market for Heavy Lift Vehicles: Charts and Data Set of Addressable Launches 2007–2018[…]

We could have pwned Microsoft Teams with a GIF, claims Israeli infosec outfit

Posted on by Robin Edgar

A vulnerability existed in Microsoft’s Slack for Suits tool, Teams, that could have let a remote attacker take over accounts by simply sending a malicious GIF, infosec researchers claim. The pwn-with-GIF vuln was possible, said Cyberark, thanks to two compromisable Microsoft subdomains along with a carefully crafted animated image file. Although it was a responsibly Read more about We could have pwned Microsoft Teams with a GIF, claims Israeli infosec outfit[…]

Nine million logs of Brits’ road journeys spill onto the internet from password-less number-plate camera dashboard

Posted on by Robin Edgar

In a blunder described as “astonishing and worrying,” Sheffield City Council’s automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal. The ANPR camera system’s internal management dashboard could be accessed by simply entering its IP address into a web browser. Read more about Nine million logs of Brits’ road journeys spill onto the internet from password-less number-plate camera dashboard[…]

Journalist Allegedly Spied on Zoom Meetings of Rivals in Hilariously Dumb Ways

Posted on by Robin Edgar

Financial Times reporter Mark Di Stefano allegedly spied on Zoom meetings at rival newspapers the Independent and the Evening Standard to get scoops on staff cuts and furloughs due to the coronavirus pandemic, according to a report from the UK’s Independent. And Di Stefano he did a comedically bad job of covering his tracks. Di Read more about Journalist Allegedly Spied on Zoom Meetings of Rivals in Hilariously Dumb Ways[…]

Australian contact-tracing app leaks telling info and increases chances of third-party tracking, say security folks. That’s OK says maker, you download worse stuff as games.

Posted on by Robin Edgar

The design of Australia’s COVIDSafe contact-tracing app creates some unintended surveillance opportunities, according to a group of four security pros who unpacked its .APK file. Penned by independent security researcher Chris Culnane, University of Melbourne tutor, cryptography researcher and masters student Eleanor McMurtry, developer Robert Merkel and Australian National University associate professor and Thinking Security Read more about Australian contact-tracing app leaks telling info and increases chances of third-party tracking, say security folks. That’s OK says maker, you download worse stuff as games.[…]

UNESCO Suggests COVID-19 Is A Reason To Create… Eternal Copyright

Posted on by Robin Edgar

Yes, we’ve seen lots of folks using COVID-19 to push their specific agendas forward, but this one is just bizarre. UNESCO (the United Nations Educational, Scientific and Cultural Organization) is an organization that is supposed to be focused on developing education and culture around the globe. From any objective standpoint, you’d think it would be Read more about UNESCO Suggests COVID-19 Is A Reason To Create… Eternal Copyright[…]

PSA: New Character Bug in Messages Causing iOS Devices to Crash [Updated]

Posted on by Robin Edgar

There appears to be a new character-linked bug in Messages, Mail, and other apps that can cause the iPhone, iPad, Mac, and Apple Watch to crash when receiving a specific string of characters. Image from Twitter In this particular case, the character string involves the Italian flag emoji along with characters in the Sindhi language, Read more about PSA: New Character Bug in Messages Causing iOS Devices to Crash [Updated][…]

Windows 10 Update: Would You Like Deleted Files And Blue Screens With That?

Posted on by Robin Edgar

As users complain of blue screens of death, deleted files and reboot loops, here’s what you need to know about this Windows 10 update. There’s a lot of truth in the notion that you can’t please all the people all of the time, as Microsoft knows only too well. With Windows 10 now installed on Read more about Windows 10 Update: Would You Like Deleted Files And Blue Screens With That?[…]

US Navy wants to reinstate fired captain of coronavirus-hit aircraft carrier as another destroyer has a breakout of covid-19

Posted on by Robin Edgar

In an extraordinary reversal, the U.S. Navy has recommended reinstating the fired captain of the coronavirus-hit aircraft carrier Theodore Roosevelt, whose crew hailed him as their hero for risking his job to safeguard their lives, officials said on Friday. The Navy’s leadership made the recommendation to reinstate Captain Brett Crozier to Defense Secretary Mark Esper Read more about US Navy wants to reinstate fired captain of coronavirus-hit aircraft carrier as another destroyer has a breakout of covid-19[…]

‘Zombie’ Satellite shutdown in 1972 Found alive By Amateur Radio Operator On COVID-19 Lockdown

Posted on by Robin Edgar

There are more than 2,000 active satellites orbiting Earth. At the end of their useful lives, many will simply burn up as they reenter the atmosphere. But some will continue circling as “zombie” satellites — neither alive nor quite dead. “Most zombie satellites are satellites that are no longer under human control, or have failed Read more about ‘Zombie’ Satellite shutdown in 1972 Found alive By Amateur Radio Operator On COVID-19 Lockdown[…]

Facebook Accuses NSO Group of Using U.S. Servers for Spying, infecting phones via WhatsApp

Posted on by Robin Edgar

In a filing released on Thursday in federal court in Oakland, California, lawyers representing the social media giant alleged that NSO Group had used a network of remote servers in California to hack into phones and devices that were used by attorneys, journalists, human rights activists, government officials and others. NSO Group has argued that Read more about Facebook Accuses NSO Group of Using U.S. Servers for Spying, infecting phones via WhatsApp[…]

Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and more than 50 more

Posted on by Robin Edgar

It has been called the “most extreme surveillance in the history of Western democracy.” It has not once but twice been found to be illegal. It sparked the largest ever protest of senior lawyers who called it “not fit for purpose.” And now the UK’s Investigatory Powers Act of 2016 – better known as the Read more about Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and more than 50 more[…]

Incredible New Map of Moon Shows Its Every Nook and Cranny

Posted on by Robin Edgar

The colors divide the map into geologic units; scientists divide the Moon’s geologic history into a different eras, so a color represents the kind of rock and its era. For example, yellow on the map represents Copernican craters—the rim, wall, and floor of bright material from the Moon’s Copernican period, which lasted from a billion Read more about Incredible New Map of Moon Shows Its Every Nook and Cranny[…]

Stripe Payment Provider is Silently Recording Your Movements On its Customers’ Websites

Posted on by Robin Edgar

Among startups and tech companies, Stripe seems to be the near-universal favorite for payment processing. When I needed paid subscription functionality for my new web app, Stripe felt like the natural choice. After integration, however, I discovered that Stripe’s official JavaScript library records all browsing activity on my site and reports it back to Stripe. Read more about Stripe Payment Provider is Silently Recording Your Movements On its Customers’ Websites[…]

IBM No-auth remote root exec exploit in Data Risk Manager (an enterprise security program!) drops after Big Blue snubs bug report

Posted on by Robin Edgar

IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure. At least some versions of the Linux-powered suite included four exploitable holes, identified and, at first, privately disclosed by security researcher Pedro Ribeiro at no charge. Three are considered to be critical, and one is high risk. Read more about IBM No-auth remote root exec exploit in Data Risk Manager (an enterprise security program!) drops after Big Blue snubs bug report[…]

Zoom sex party moderation: app uses machine-learning to patrol nudity – will it record them to put up on the web?

Posted on by Robin Edgar

As Rolling Stone reported, the app is now playing host to virtual sex parties,  “play parties,” and group check-ins which have become, as one host said, “the mutual appreciation jerk-off society.” According to Zoom’s “acceptable use” policy, users may not use the technology to “engage in any activity that is harmful, obscene, or indecent, particularly Read more about Zoom sex party moderation: app uses machine-learning to patrol nudity – will it record them to put up on the web?[…]

TalkTalk customers unable to opt out of ISP’s ad-jacking DNS – just like six years ago

Posted on by Robin Edgar

TalkTalk broadband users are complaining they can’t opt out of its Error Replacement Service, which swaps NXDomain DNS results with an IP address. And if that sounds familiar, it should. Users of the budget ISP complained about the very same issue back in 2014. The Error Replacement Service redirects links to DNS addresses that don’t Read more about TalkTalk customers unable to opt out of ISP’s ad-jacking DNS – just like six years ago[…]

Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox – in 2018!

Posted on by Robin Edgar

One year ago, two Australian hackers found themselves on an eight-hour flight to Singapore to attend a live hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided to get a head start by hacking Zoom, a videoconferencing service that they knew was used by many Dropbox employees. Read more about Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox – in 2018![…]

Bad news: Cognizant hit by ransomware Maze, which leaks customers’ data online after non-payment

Posted on by Robin Edgar

New Jersey IT services provider Cognizant has confirmed it is the latest victim of the Maze ransomware. The infection was disclosed to the public this weekend. Cognizant said the malware outbreak will likely disrupt service for some of its customers, and possibly put them in danger as well. Maze is unusual among ransomware strains in Read more about Bad news: Cognizant hit by ransomware Maze, which leaks customers’ data online after non-payment[…]

Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal

Posted on by Robin Edgar

Bitdefender researchers have recently found spearphishing campaigns, either impersonating a well-known Egyptian engineering contractor or a shipment company, dropping the Agent Tesla spyware Trojan. The impersonated engineering contractor (Enppi – Engineering for Petroleum and Process Industries) has experience in onshore and offshore projects in oil and gas, with attackers abusing its reputation to target the Read more about Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal[…]

US Judge rules Twitter can’t be transparent about amount of surveillance requests processed per year due to “national security” of the 4th Reich

Posted on by Robin Edgar

Six years ago, Twitter sued the US government in an attempt to detail surveillance requests the company had received, but a federal judge on Friday ruled in favor of the government’s case that detailing the requests would jeopardize the country’s safety. If Twitter revealed the number of surveillance requests it received each calendar quarter, it Read more about US Judge rules Twitter can’t be transparent about amount of surveillance requests processed per year due to “national security” of the 4th Reich[…]