Russian Spies Rush to Exploit the Latest Flash Zero Day and More Security News This Week

There’s nothing like a hefty security freakout to start the week, and the Key Reinstallation AttackWi-Fi vulnerability—you know it as Krack—announced on Monday fit the bill. The bug is in the ubiquitous WPA2 Wi-Fi protocol, so while it fortunately doesn’t impact every single device that exists, it does affect a significant portion of them. And many will likely never receive protective patches, a longstanding and critical security problem that particularly affects the Internet of Things. The relative simplicity of the Krack bug itself also highlights the importance of making technical standards accessible to researchers for review and feedback.

Google announced a new tier of account security this week called Advanced Protection that uses physical authentication tokens, advanced scanning, and siloing to help defend particularly at-risk accounts (or anyone who wants to be very cautious). And after its disastrous corporate breach, Equifax is receiving a thorough public shaming. Researchers also discovered that for just $ 1,000 they can exploit mobile advertising networks to track people’s movements in both cyberspace and the real world. Not great!

US-Iranian relations are tense and could nudge Iran’s cyber operations. And crooks have a new favorite hustle called “cryptojacking” that can secretly use your devices to mine cryptocurrency when you visit infected websites. Highs and lows.

And there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Flash Patched Its Recent Zero Day, So Russian Hackers Are Using It While They Can

Kaspersky Labs researchers announced a new Adobe Flash vulnerability on Monday, noting that unidentified hackers exploited the bug in an attack on October 10, using a compromised Microsoft Word document to deliver FinSpy malware. Adobe coordinated with Kaspersky to issue a patch on the day of the disclosure. In the wake of the patch, researchers at the security firm Proofpoint observed the hackers doubling down to exploit the flaw before potential targets widely adopt the fix. The group, which Proofpoint says is the Russia-backed collective Fancy Bear, launched an email spearphishing campaign that targeted state departments and aerospace companies. But researchers say the operation was sloppy, and that the group has followed this pattern in the past.

Microsoft Didn’t Disclose 2013 Breach of a Sensitive Vulnerability Database

Sophisticated hackers breached Microsoft’s internal vulnerability-tracking database more than four years ago, but the company didn’t publicly disclose the incident. Five former Microsoft employees told Reuters that the company was aware of the intrusion in 2013. The database would have contained critical vulnerabilities in Microsoft’s widely used software products, including Windows, and may have even included code for exploiting those flaws. Such information would be a gold mine for foreign government-backed hackers or third-party criminals alike, and could have facilitated breaches and espionage at the time.

Reuters’ sources said in separate interviews that Microsoft never connected the breach to any other attacks, and that the company didn’t disclose the incident, because doing so would have pushed attackers to exploit the vulnerabilities before they were patched. Microsoft presumably patched everything in the compromised database years ago, though. Reuters’ sources say that the Microsoft did at least improve its internal security in response to the hack. The incident was part of a rash of attacks that also hit Apple, Facebook, and Twitter. The group behind these hacks is still unidentified, but is known by different researchers as Morpho, Butterfly, and Wild Neutron, and is still active today.

UK Concludes That Iran, Not Russia or North Korea, Hacked Officials’ Email Accounts

Investigators in the United Kingdom concluded last week that Iranian government-backed hackers were behind a June email network intrusion that targeted numerous members of parliament and Prime Minister Theresa May. Every MP uses the network, but the hackers specifically looked for accounts protected by weak passwords or reused ones that had leaked online after other breaches. The parliamentary digital services team told the Guardian that it was making email security changes in response to the attack. The incident underscores Iran’s ongoing digital offensive initiatives. Though the country has been less focused on Western targets in the last few years, it is still an active threat around the world. Recently, US President Donald Trump has worked to undermine the Iran nuclear deal, but Theresa May and other European leaders say they want to preserve it.

Police Did Social Media Surveillance on New York Black Lives Matter Group

The Black Lives Matter Global Network chapter in the Rockland County, New York filed a federal lawsuit in August claiming that local Clarkstown police conducted illegal surveillance on it throughout 2015. Clarkstown police records from the Strategic Intelligence Unit describe social-media surveillance targeted at BLM members. The documents even show evidence that a lead detective told the Strategic Intelligence Unit supervisor to stop the surveillance, but this didn’t end the program. BLM is alleging that Clarkstown police engaged in racial profiling, and violated the group members’ rights to free speech and assembly.

Millions of Crucial Cryptography Keys Weakened By Trusted Generator

A flaw in how a popular code base generates cryptographic keys has ruined the security of millions of encryption schemes. The generator appeared in two security certification standards used my numerous governments and large corporations worldwide, meaning that the flawed keys are meant to protect particularly sensitive platforms and data. German chipmaker Infineon developed the software, which has included the key generating flaw since 2012 or possibly earlier. Attackers could exploit the bug to figure out the private part of a key from its public component. From there they could do things like manipulate digitally signed software, disable other network protections, or, of course, decrypt sensitive data. The situation affects Estonia’s much-touted secure digital ID system. Infineon, Microsoft, and Google warn that the flaw will undermine their Trusted Platform Module products until customers generate new, more robust keys. Estonia has announced plans to update the keys used for its national IDs.

Tech

Famed Architect’s Lawsuit Against Google Just Got Much More Serious

Eli Attia alleges he wasn’t the only one mistreated by the search giant.

A long-running lawsuit filed against Google by a prominent architect has just gotten much broader.

Last week, the Superior Court of California granted a motion adding racketeering charges to the civil case being pursued against Google by Eli Attia, an expert in high-rise construction. Attia claims Google stole his idea for an innovative building design method – and now he wants to prove that it does the same thing frequently.

Attia’s suit was originally filed in 2014, four years after he began discussions with Google (prior to its reorganization as Alphabet) about developing software based on a set of concepts he called Engineered Architecture. Attia has said Engineered Architecture, broadly described as a modular approach to building, would revolutionize the design and construction of large buildings. Attia developed the concepts based on insights gleaned from his high-profile architecture career, and has called them his life’s work.

Google executives including Google X cofounder Astro Teller came to share his enthusiasm, and championed developing software based on Engineered Architecture as one of the company’s “moonshots.” But Attia claims the company later used his ideas without fulfilling an agreement to pay to license them.

Get Data Sheet, Fortune’s technology newsletter.

Attia’s suit names not just Google, but individual executives including founders Larry Page and Sergey Brin. It also names Flux Factory, the unit Attia’s suit alleges was spun off specifically to capitalize on his ideas.

Speaking to the San Jose Mercury News, Attia’s lawyer claims Google told Attia his project had been cancelled, “when in fact they were going full blast on it.” Flux Factory is now known as Flux, and touts itself as “the first company launched by Google X.”

Attia’s suit will now also seek to prove that his case is representative of a much broader pattern of behavior by Alphabet. According to court documents, the motion to add racketeering charges hinged on six similar incidents. Those incidents aren’t specified in the latest court proceedings, but Alphabet has faced a similar trade-secrets battle this summer over X’s Project Loon, which has already led to Loon being stripped of some patents.

The idea of racketeering charges entering the picture will surprise many who associate them with violent organized criminals. But under RICO statutes, civil racketeering suits can be brought by private litigants against organizations and individuals alleged to have engaged in ongoing misdeeds. The broader use of racketeering charges has slowly gained ground since the introduction of RICO laws in the 1960s, with some famous instances including suits against Major League Baseball and even the Los Angeles Police Department.

Tech

This week in apps: Instagram face filters, Medium audio stories, Google Assistant on iOS and more

TwitterFacebook

Reading all the news from Google I/O may have kept you too busy to keep up with this week’s app news. We’ve kept up for you.

Each week we round up the most important app news along with some of the coolest new and updated apps to help you stay in the loop with everything you need on your phone.Here’s what caught our eye this week. If you’re looking for more, make sure to check out last week’s roundup of top apps.

Google Assistant comes to iOS

Starting today, we’re bringing the #GoogleAssistant to iPhones. Whether at home or on the go, your Assistant is here to help#io17 pic.twitter.com/a6T20HwnU9

— Google (@Google) May 17, 2017 Read more…

More about Instagram, Uber, Yoga, Medium, and Facebook Messenger


All articles

Neil deGrasse Tyson Is Back to Ruin More Summer Flicks With His Constant Thinking

Neil deGrasse Tyson, aka that one guy in astronomy class who’s always going on about how no movies should have sound in space, is here to tell us that Guardians of the Galaxy Vol. 2 shouldn’t have sound in space. Yeah we know, Dad, we watched Firefly too.

Read more…


All articles

News Roundup: Ariana Grande Releases ‘Problem’ Video, Queen Announces New Album, and More

This week, pop star Ariana Grande released the official music video for her hit song “Problem,” which features female MC Iggy Azalea. Check it out below. Also, Queen announced that they are going to release a new album. All that and more below. Queen Announces New Album: Queen guitarist Brian May revealed that the band […]

Source: http://feedproxy.google.com/~r/beatcrave/~3/3MCj70-8nk8/

Zooey Deschanel Aaliyah Abbie Cornish Adriana Lima Adrianne Curry Adrianne Palicki

RSS-5

Link to this post!


All articles

11 Times Zoë Kravitz and Lisa Bonet Looked More Like Siblings That Mother and Daughter

Let’s be real: Zoë Kravitz has inherited some of the best genes in the business. Between her rocker dad, Lenny, and her bohemian actress and musician mom, Lisa Bonet, Zoë’s inner and outer beauty can’t be denied. In a recent interview, Zoë opened up about why she idolizes her mother particularly: “She kind of stumbled into [the acting] world. It wasn’t a conscious choice (a) to be an actress, (b) to be a famous actress, and (c) to be – she shook things up – a model for so many young women. The beautiful thing about her is that she just thought a certain way and lived her life that way.”

We’ve rounded up Lisa and Zoë’s cutest snaps – the ones that always make us do a double take to figure out whether they’re actually mother and daughter or some sort of sorceress sisters.

Source: http://feedproxy.google.com/~r/popsugar/~3/SPgIHclHZiE/Zoe-Kravitz-Lisa-Bonet-Pictures-43013455

Daniella Alonso Danneel Harris Deanna Russo Denise Richards Desiree Dymond Diane Kruger


All articles