Home / Tag Archives: hack

Tag Archives: hack

If you installed PEAR PHP in the last 6 months, you may be infected

Enlarge (credit: Thomas Hawk ) Officials with the widely used PHP Extension and Application Repository have temporarily shut down most of their website and are urging users to inspect their systems after discovering hackers replaced the main package manager with a malicious one. “If you have downloaded this go-pear.phar package manager in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” officials wrote on the site’s blog . "If different, you may have the infected file.” The officials didn’t say when the hack of their Web server occurred or precisely what the malicious version of go-pear.phar did to infected systems. Initial indications, however, look serious. For starters, the advice applies to anyone who has downloaded the package manager in the past six months. That suggests the hack may have occurred in the timeframe of last July, and no one noticed either it or the tainted download until this week. Read 6 remaining paragraphs | Comments

Read More »

Four months after its debut, sneaky Mac malware went undetected by AV providers

Enlarge / A screenshot of VirusTotal showing only two AV providers detected malware, four weeks after it was outed. (credit: Patrick Wardle ) Four months after a mysterious group was outed for a digital espionage operation that used novel techniques to target Mac users, its macOS malware samples continued to go undetected by most antivirus providers, a security researcher reported on Thursday. Windshift is what researchers refer to as an APT—short for "advanced persistent threat"—that surveils individuals in the Middle East. The group operated in the shadows for two years until August, when Taha Karim, a researcher at security firm DarkMatter, profiled it at the Hack in the Box conference in Singapore. Slides, a brief description, and a report from Forbes are here , here and here, respectively. A few things make Windshift stand out among APTs, Karim reported in August. One is how rarely the group infects its targets with malware. Instead, it relies on links inside phishing emails and SMS text messages to track the locations, online habits, and other traits of the targets. Another unusual characteristic: in the extremely rare cases Windshift uses Mac malware to steal documents or take screenshots of targets' desktops, it relies on a novel technique to bypass macOS security defenses. (The above-linked Forbes article has more on how this technique, known as a custom URL scheme, allows attacker-controlled sites to automatically install their malware on targeted Macs.) Read 5 remaining paragraphs | Comments

Read More »

How facial recognition is being used to monitor animals: detecting sickness in salmon, gauging diet of cattle, protecting elephants from poachers, and…

Mack DeGeurin / New York Magazine : How facial recognition is being used to monitor animals: detecting sickness in salmon, gauging diet of cattle, protecting elephants from poachers, and more   —  Facial recognition technology has some serious, persistent issues.  These were clearly shown earlier this year when Amazon's …

Read More »

Egyptian law enforcement is using the country’s new law against "fake news" to imprison women who share their sexual harassment experiences…

Rossalyn Warren / WIRED UK : Egyptian law enforcement is using the country's new law against “fake news” to imprison women who share their sexual harassment experiences on social platforms   —  Social media accelerated Egypt's revolution.  Now those same services have become a tool of control for a repressive regime

Read More »

Private equity firm Thoma Bravo has agreed to buy cybersecurity company Imperva for $2.1B in cash; the deal is expected to close by early 2019…

Reuters : Private equity firm Thoma Bravo has agreed to buy cybersecurity company Imperva for $2.1B in cash; the deal is expected to close by early 2019   —  (Reuters) - Buyout firm Thoma Bravo LLC has agreed to buy Imperva Inc (IMPV.O) for $2.1 billion in cash, adding the cybersecurity firm …

Read More »

Inside DARPA’s neurotechnology research program for healing and enhancement of the human body and mind through neural implants and brain-machine…

Michael Joseph Gross / The Atlantic : Inside DARPA's neurotechnology research program for healing and enhancement of the human body and mind through neural implants and brain-machine interfaces   —  I. Who Could Object?  —  “Tonight I would like to share with you an idea that I am extremely passionate about,” the young man said.

Read More »

How US got China to scale back cyber espionage in 2015 by publicly charging Chinese hackers, arresting a spy in Canada, and taking a firm stance in…

Garrett M. Graff / Wired : How US got China to scale back cyber espionage in 2015 by publicly charging Chinese hackers, arresting a spy in Canada, and taking a firm stance in negotiations   —  For years, China has systematically looted American trade secrets.  Here's the messy inside story of how DC got Beijing to clean up its act for a while.

Read More »

Court denies Lime’s request for a temporary restraining order to block Skip and Scoot from deploying their electric scooters in San Francisco on…

Megan Rose Dickey / TechCrunch : Court denies Lime's request for a temporary restraining order to block Skip and Scoot from deploying their electric scooters in San Francisco on Monday   —  A judge today denied Lime's request for a temporary restraining order that would block Skip and Scoot from deploying their electric scooters in San Francisco on Monday.

Read More »

Consultants advise law enforcement officers not to look at iPhone screens because it may trigger Face ID too many times and iPhones may revert to…

Joseph Cox / Motherboard : Consultants advise law enforcement officers not to look at iPhone screens because it may trigger Face ID too many times and iPhones may revert to passcodes   —  After five failed attempts with the ‘wrong’ face, Apple's Face ID system will fall back to asking a passcode; a tricky situation for investigators.

Read More »

Here’s how to see if you’re among the 30 million compromised Facebook users

Enlarge (credit: Getty Images | NurPhoto ) The attackers who carried out the mass hack that Facebook disclosed two weeks ago obtained user account data belonging to as many as 30 million users, the social network said on Friday. Some of that data—including phone numbers, email addresses, birth dates, searches, location check-ins, and the types of devices used to access the site—came from private accounts or was supposed to be restricted only to friends. The revelation is the latest black eye for Facebook as it tries to recover from the scandal that came to light earlier this year in which Cambridge Analytica funneled highly personal details of more than 80 million users to an organization supporting then-presidential candidate Donald Trump. When Facebook disclosed the latest breach two weeks ago, CEO Mark Zuckerberg said he didn’t know if it allowed attackers to steal users’ private data. Friday’s update made clear that it did, although the 30 million people affected was less than the 50 million estimate previously given. Readers can check this link to see what, if any, data was obtained by the attackers. On a conference call with reporters, Vice President of Product Management Guy Rosen said that at the request of the FBI, which is investigating the hack, Facebook isn’t providing any information about who the attackers are or their motivations or intentions. That means that for now, affected users should be extra vigilant when reading emails, taking calls, and receiving other types of communications. The ability to know the search queries, location check-ins, phone numbers, email addresses, and other personal details of so many people gives the attackers the ability to send highly customized emails, texts, and voice calls that may try to trick people into turning over money, passwords, or other high-value information. Read 7 remaining paragraphs | Comments

Read More »