It seems that the recent $81 million dollar attack against the Bangladesh Central Bank might have also been about the Seth Rogan Movie “the interview”... ok, not really, but the attack that happened at Sony in 2014 seems to have many things in common with the recent attack that resulted in the theft of $81 million. During the Sony attack the initial blame was centered on the release of the Interview, but that was never confirmed and seemed to be way off base.
Three years ago today DecryptedTech published an article calling out a software distribution company for installing Bitcoin mining software on subscribers’ systems. We highlighted the danger of the trust people put in web services by allowing agent software to run on their systems in order to use a service. Now we hear about a French company Tuto4PC that has taken this one step further and included some nasty little surprises in a utility they require for use of their free tutorial service. The discovery was made by Cisco’s Talos Security Intelligence group and, of course, is being refuted aggressively by the guys at Tuto4PC.
All good things must come to an end. In April of 2013 we published an article that Apple and their iOS based devices would begin to slide in 2016. It was in response to a survey/analysis claiming that Apple would reclaim the crown from Google by 2016 and dominate through 2018. For some reason the technical and financial press were jumping at the announcement for Windows phone 8.x. The fact that Windows phone held a single digit market share at the time did not seem to matter to them.
There is nothing like finding out that all of your protections are useless. This is almost what happened when security researchers found a massive hole in the Windows App Locker protection. Although the news that there is a flaw in any software, much less Windows will come as no surprise it is still a little odd that this one made it through QA testing. The flaw is one that very simple and has already been seen in the wild over the last couple of days. All you need to do to execute code on a system is to direct Regsvr32 to a remotely hosted file. Security researcher Casey Smith found this handy little tidbit of information and states that you do not even need to elevate privileges to get it to work.
It looks like AMD is trying to develop a new revenue stream and also create some additional competition for Intel. Ever since AMD bet the farm on purchasing ATi they have been taking a back seat to Intel. The reasons are many, but one of the big ones was not having enough money for R&D for multiple concurrent projects. After the ATi buy failed to yield results quickly they had to start cutting corners. R&D and marketing were some of the first places hit. Now, many years (and a number of CEOs) later AMD is still fighting to be relevant. They have some solid ideas, but just to not have the capital to put them all on the table at once.
One of the dangers of pointing anything out about the security, or lack of security, with a product or service is the chance that someone will not like what you say and come after you. This is what is happening with Chris Vickery. If you do not know who Vickery is we can give you some background. Vickery is a security researcher that has been focusing on systems and services that cater to kids and parents. He has uncovered some rather unsettling information about a number of products that leak information about kids. The revelations are very disturbing to say the least.
The experts have all weighed in. 2016 will be the year of Virtual Reality. The problem is that the experts are very often wrong. Still that has not stopped multiple companies from pushing out new VR headsets, APIs, development kits and more. The craze has gone so far as to start effecting the way that companies are making core hardware. We already know that AMD is pushing for VR mastery with new products and by showing which existing products also have a level of VR support.
Last week Google announced that they will no longer be accepting ads that feature Flash. This new should really come as no surprise as Flash (and its spirit brother Java) have taken a beating on the security front for years. Abobe and Oracle have been unable to keep the bad guys from running rampant with their code. Of course the change will not take place overnight so everyone has the chance to swap out that old and insecure Flash for the new and (insecure) HTML5.
About a week ago we brought you news that Enigma Software had filed a lawsuit against BleepingComputer alleging that they were posting items that were defamatory in nature. At the time of the article we linked the page that BC (BleepingComputer) stated was at issue. This page shows, in our opinion, a fair and accurate representation of multiple malware scanners available to the consumer. BC used multiple references and posted specific comments about each of the three being discussed. Now Enigma Software has reached out to use to tell their side of the story…
There is a twisted and flawed logic to the copyright industry. They seem to think that they can hold anyone they want accountable for breaking laws. It does not matter if that person is responsible or not, they want to be able to get money from them in the hopes that they will be able to blackmail them into joining their campaign. We have seen copyright groups go after internet service providers (ISPs) content service providers (YouTube) and even force massive takedowns to get what they want. Now, we are seeing a new level of Hubris. A Copyright group is going after a government.