Daily Archives: April 15, 2020

60,000 Eastern Europeans to be flown in to pick fruit and veg – turns out they weren’t stealing jobs then, brexit!

Posted on by

Air Charter Service has told the BBC that the first flight will land on Thursday in Stansted carrying 150 Romanian farm workers.

The firm told the BBC that the plane is the first of up to six set to operate between mid-April and the end of June.

Government department Defra said it was encouraging people across the UK “to help bring the harvest in”.

British farmers recently warned that crops could be left to rot in the field because of a shortage of seasonal workers from Eastern Europe. Travel restrictions due to the coronavirus lockdown have meant most workers have stayed at home.

Several UK growers have launched a recruitment drive, calling for local workers to join the harvest to prevent millions of tonnes of fruit and vegetables going to waste. However concerns remain that they won’t be able to fulfil the demand on farms.

Source: Eastern Europeans to be flown in to pick fruit and veg – BBC News

Over 500,000 Zoom accounts sold on hacker forums, some being given away for free

Posted on by

Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free.

These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are then compiled into lists that are sold to other hackers.

Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities. Others are sold for less than a penny each.

Cybersecurity intelligence firm Cyble told BleepingComputer that around April 1st, 2020, they began to see free Zoom accounts being posted on hacker forums to gain an increased reputation in the hacker community.

Zoom accounts offered to gain reputation
Zoom accounts offered to gain reputation

These accounts are shared via text sharing sites where the threat actors are posting lists of email addresses and password combinations.

In the below example, 290 accounts related to colleges such as the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida, and many more were released for free.

Zoom accounts offered for free
Zoom accounts offered for free

BleepingComputer has contacted random email addresses exposed in these lists and has confirmed that some of the credentials were correct.

One exposed user told BleepingComputer that the listed password was an old one, which indicates that some of these credentials are likely from older credential stuffing attacks.

Accounts sold in bulk

After seeing a seller posting accounts on a hacker forum, Cyble reached out to purchase a large number of accounts in bulk so that they could be used to warn their customers of the potential breach.

Cyble was able to purchase approximately 530,000 Zoom credentials for less than a penny each at $0.0020 per account.

The purchased accounts include a victim’s email address, password, personal meeting URL, and their HostKey.

Source: Over 500,000 Zoom accounts sold on hacker forums, the dark web

Medical Device ‘Jailbreak’ Could Help Solve the Dangerous Shortage of Ventilators

Posted on by

Security researcher Trammell Hudson analyzed the AirSense 10 — the world’s most widely used CPAP — and made a startling discovery. Although its manufacturer says the AirSense 10 would require “significant rework to function as a ventilator,” many ventilator functions were already built into the device firmware. Its manufacturer, ResMed, says the $700 device solely functions as a continuous positive airway pressure machine used to treat sleep apnea. It does this by funneling air into a mask. ResMed says the device can’t work as a bilevel positive airway pressure device, which is a more advanced machine that pushes air into a mask and then pulls it back out. With no ability to work in both directions or increase the output when needed, the AirSense 10 can’t be used as the type of ventilator that could help patients who are struggling to breathe. After reverse-engineering the firmware, Hudson says the ResMed claim is simply untrue.

To demonstrate his findings, Hudson on Tuesday is releasing a patch that he says unlocks the hidden capabilities buried deep inside the AirSense 10. The patch is dubbed Airbreak in a nod to jailbreaks that hobbyists use to remove technical barriers Apple developers erect inside iPhones and iPads. Whereas jailbreaks unlock functions that allow the installation of unauthorized apps and the accessing of log files and forensic data, Airbreak allows the AirSense 10 to work as a bilevel positive airway pressure machine, a device that many people refer to as a BiPAP. “Our changes bring the AirSense S10 to near feature parity with BiPAP machines from the same manufacturer, boost the maximum pressure output available, and provide a starting point to add more advanced emergency ventilator functionality,” Hudson and other researchers wrote on their website disclosing the findings. The researchers say Airbreak isn’t ready to be used on any device to treat a patient suffering from COVID-19 — it’s simply to prove that the AirSense 10 does have the ability to provide emergency ventilator functions, and to push ResMed to release its own firmware update that unlocks the ventilator functions.

Source: Medical Device ‘Jailbreak’ Could Help Solve the Dangerous Shortage of Ventilators – Slashdot

It’s nice to say this, but the respiration functions on the Airsense are probably not medically validated and thus not necessarily safe to use. When does fairly safe become acceptable in an emergency?

Apple: We respect your privacy so much we’ve revealed a little about what we can track when you use Maps

Posted on by

Apple has released a set of “Mobility Trends Reports” – a trove of anonymised and aggregated data that describes how people have moved around the world in the three months from 13 January to 13 April.

The data measures walking, driving and public transport use. And as you’d expect and as depicted in the image atop this story, human movement dropped off markedly as national coronavirus lockdowns came into effect.

Apple has explained the source of the data as follows:

This data is generated by counting the number of requests made to Apple Maps for directions in select countries/regions and cities. Data that is sent from users’ devices to the Maps service is associated with random, rotating identifiers so Apple doesn’t have a profile of your movements and searches. Data availability in a particular country/region or city is subject to a number of factors, including minimum thresholds for direction requests made per day.

Apple justified the release by saying it thinks it’ll help governments understand what its citizens are up to in these viral times. The company has also said this is a limited offer – it won’t be sharing this kind of analysis once the crisis passes.

But the data is also a peek at what Apple is capable of. And presumably also what Google, Microsoft, Waze, Mapquest and other spatial services providers can do too. Let’s not even imagine what Facebook could produce. ®

Source: Apple: We respect your privacy so much we’ve revealed a little about what we can track when you use Maps • The Register

‘Crime against humanity’: Trump (the man who mismanaged Corona most in!) condemned for WHO funding freeze

Posted on by

Leading health experts have labelled Donald Trump’s decision to cut funding to the World Health Organization (WHO) as a “crime against humanity” and a “damnable” act that will cost lives.

The move also drew a rebuke from the head of the United Nations, who said the WHO was “absolutely critical to the world’s efforts to win the war against Covid-19”.

Late on Tuesday Trump declared US funding would be put on hold for 60-90 days pending a review “to assess the World Health Organization’s role in severely mismanaging and covering up the spread of the coronavirus”. The US is the single largest contributor to the WHO.

Richard Horton, the editor-in-chief of the Lancet medical journal, wrote that Trump’s decision was “a crime against humanity … Every scientist, every health worker, every citizen must resist and rebel against this appalling betrayal of global solidarity.”

Antonio Guterres, the UN secretary general, said it was “not the time” to cut funding or to question errors. “Once we have finally turned the page on this epidemic, there must be a time to look back fully to understand how such a disease emerged and spread its devastation so quickly across the globe, and how all those involved reacted to the crisis,” said Guterres.

“The lessons learned will be essential to effectively address similar challenges, as they may arise in the future. But now is not that time … It is also not the time to reduce the resources for the operations of the World Health Organization or any other humanitarian organization in the fight against the virus.”

Echoing Guterres’s plea, Dr Amesh Adalja, a senior scholar at the Johns Hopkins University Center for Health Security, said the WHO did make mistakes and may need reform but that work needed to take place after the crisis had passed. “It’s not the middle of a pandemic that you do this type of thing,” he said.

Dr Nahid Bhadelia, an infectious disease doctor and associate professor at Boston University’s school of medicine, said the cut was “an absolute disaster. WHO is a global technical partner, the platform through which sovereign countries share data/technology, our eyes on the global scope of this pandemic.”

Laurie Garrett, a former senior fellow of the Council on Foreign Relations, said the decision was a “damnable” act by a “spiteful” Trump and would cost lives. “Meanwhile, WHO is the only lifeline most African, Latin American and Asia Pacific nations have.”

Lawrence Gostin, the director of the WHO centre on public health and human rights, predicted the US would ultimately lose out because other countries would step into the vacuum with increased funding. “In global health and amidst a pandemic, America will lose its voice,” said Gostin.

The WHO has come under fire over some aspects of its handling of the pandemic, and has been accused of being too deferential to China, considering the Communist party’s early suppression of information and punishment of whistleblowers. Much of the focus of the criticism has been on a 14 January tweet from the WHO that said “preliminary investigations conducted by the Chinese authorities have found no clear evidence of human-to-human transmission”. But WHO officials also told their counterparts in technical briefings on 10 and 11 January, and briefed the press on 14 January, that human-to-human transmission was a strong possibility given the experience of past coronavirus epidemics and urged suitable precautions.

The WHO has also been attacked over its continuing exclusion of Taiwan from membership because Beijing considers it to be Chinese territory. Trump’s decision to cut funding was welcomed in some quarters, including by the Hong Kong democracy activist Joshua Wong, who called the WHO an “arm of Chinese diplomacy”.

Trump’s pronouncement came amid sustained criticism of his failure to prepare for the epidemic, which has infected more than 600,000 people and killed more than 24,000 inside his country. The US is the worst affected country in the world in terms of infection numbers. On Wednesday it was reported that $1,200 relief cheques for as many as 70 million people could be delayed for several days because Trump wanted his name printed on them.

Source: ‘Crime against humanity’: Trump condemned for WHO funding freeze | World news | The Guardian