Security researchers have detected a massive spam campaign, delivering Scarab crypto-malware into email inboxes all over the world. Necurs botnet plays a huge part in the transmission of this infection as it as already managed to send around 2 million malicious emails per hour.
This means that the number of targeted people/victims increases drastically. Necurs had been noticed to be involved with a number of other crypto-viruses, like, Locky, Diablo6, Globe Imposter and others. Now, it has taken Scarab ransomware under its wing.
Necurs botnet began its email campaign on 23rd of November and in only six hours, it managed to send 12.5 million letters. Fake messages had subjects of “Scanned From [name of a company]”. Therefore, emails can differ for individual victims and the campaign could still be ongoing.
Messages will attempt to convince people that attachments will deliver only scanned images. However, email letters spread 7zip archives that also carried Visual Basic Scripts. The malicious codes will download and run the actual Scarab ransomware. Soon enough, many of the victims’ digital files become encoded.
What is Scarab crypto-virus? Scarab infection is a persistent sample of ransomware. It was first detected in the summer of 2017, but researchers did not detect its activity until the end of November. In the deceitful email messages that are sent by Necurs botnet, victims are recommended to download a specific .zip file. What users do not realize is that once this file is launched, operating system will become infected with a payload of Scarab ransomware.
The crypto-malware appends an original extension to the encrypted digital data: [email@example.com].scarab. If victims would wish to contact hackers, they can do this by sending messages to firstname.lastname@example.org email address.
Read more here: www.2-viruses.com/necurs-botnet-sent-12-5-million-email-letters-containing-scarab-ransomware
Intel has conducted an in-depth security review of its Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) technologies and discovered several vulnerabilities. The company has released firmware updates, but it could take some time until they reach the millions of devices exposed to attacks due to these flaws.
Intel’s ME solution, which some members of the industry have classified as a backdoor, allows users to remotely manage computers via the Intel Active Management Technology (AMT).
Earlier this year, Embedi researchers discovered a critical privilege escalation vulnerabilityaffecting AMT and some related services, specifically Small Business Technology (SBT) and Standard Manageability. Positive Technologies has also reported finding some potentially serious flaws in ME.
As a result of these findings, Intel has decided to perform a comprehensive security audit of ME, along with two other products. These are TXE, which is designed to ensure that a platform and its operating system are authentic and the OS is running in a trusted environment, and SPS, which allows remote server management.
The review led to the discovery of seven vulnerabilities that can be exploited to impersonate the ME, SPS and TXE services and impact the validity of local security feature attestation, execute arbitrary code without being detected by the user or the operating system, and crash the system or make it unstable.
One of the high severity flaws described in Intel’s advisory, CVE-2017-5705, is a local code execution issue found by Positive Technologies in ME.
According to Intel, ME is also affected by buffer overflows and other types of vulnerabilities that can be exploited for privilege escalation (CVE-2017-5708), local code execution (CVE-2017-5711), and remote code execution (CVE-2017-5712).
The kernel of Intel SPS is impacted by a couple of high severity flaws that can be exploited for local code execution (CVE-2017-5706), and gaining access to privileged content (CVE-2017-5709).
As for TXE, the tech giant discovered privilege escalation (CVE-2017-5710) and local code execution (CVE-2017-5707) vulnerabilities that have also been rated high severity.
Intel has not made public any details about the vulnerabilities, but Google security expert Matthew Garrett has shared some thoughts on the possible impact and concluded that the flaws are unlikely to be harmless.
Read more here: www.securityweek.com/intel-chip-flaws-expose-millions-devices-attacks
The Russian cybersecurity firm released a new report that pushes back against accusations that it helped leak sensitive NSA materials and suggests that a backdoor found on worker’s machine could have allowed others to take files from his machine.The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files, according to a new report being released Thursday by Kaspersky Lab in response to recent allegations against the company.
The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer in addition to the backdoor, and that the latter, which had purportedly been created by a Russian criminal hacker and sold in an underground forum, was trying to actively communicate with a malicious command-and-control server during the time Kaspersky is accused of siphoning the US government files from the worker's computer.
Costin Raiu, director of the company's Global Research and Analysis Team, told Motherboard that his company's software detected and prevented that communication but there was a period of time when the worker had disabled his Kaspersky software and left his computer unprotected. Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well, though they saw no sign of it trying to communicate with an external server so they don't know if it was active on his computer.
"Given that system owner’s potential clearance level, the user could have been a prime target of nation states," Kaspersky notes in its new report.
Read more here: motherboard.vice.com/en_us/article/j5j4y4/internal-kaspersky-investigation-says-nsa-workers-computer-was-infested-with-malware
Payments made by American Express' business customers on its FX International Payments (FXIP) platform will now be routed through Ripple's enterprise blockchain network, RippleNet.
Blockchain — otherwise known as distributed ledger technology — allows vast amounts of data to be stored on a dispersed network of computers around the world, rather than on one centralized server.
It was originally used to record all bitcoin transactions but increasingly businesses are finding alternative uses for the technology, such as payments, trade finance and identity verification.
A number of other financial institutions have been experimenting with distributed ledger projects, including JPMorgan, UBS, Credit Suisse, Barclays and HSBC.
"This collaboration with Ripple and Santander represents the next step forward on our blockchain journey, evolving the way we move money around the world," Marc Gordon, executive vice president and chief information officer at American Express, said in a statement Thursday.
American Express' blockchain project will initially allow customers in the U.S. to connect instant, traceable cross-border non-card payments to U.K. Santander bank accounts.
Read more here: www.cnbc.com/2017/11/16/american-express-santander-team-up-with-ripple-on-blockchain-platform.html
The massive calculating power of quantum computers will be able to break Bitcoin security within 10 years, say security experts.
A crucial feature of Bitcoin is its security. Bitcoins have two important security features that prevent them from being stolen or copied. Both are based on cryptographic protocols that are hard to crack. In other words, they exploit mathematical functions, like factorization, that are easy in one direction but hard in the other—at least for an ordinary classical computer.
But there is a problem on the horizon. Quantum computers can solve these problems easily. And the first quantum computers are currently under development.
That raises an urgent question: how secure is Bitcoin to the kinds of quantum attack that will be possible in the next few years?
Today, we get an answer thanks to the work of Divesh Aggarwal at the National University of Singapore and a few pals. These guys have studied the threat to Bitcoin posed by quantum computers and say that the danger is real and imminent.
But there is a different threat that is much more worrying. Bitcoin has another cryptographic security feature to ensure that only the owner of a Bitcoin can spend it. This is based on the same mathematics used for public-key encryption schemes.
The idea is that the owner generates two numbers—a private key that is secret and a public key that is published. The public key can be easily generated from the private key, but not vice versa. A signature can be used to verify that the owner holds the private key, without revealing the private key, using a technique known as an elliptic curve signature scheme.
In this way, the receiver can verify that the owner possesses the private key and therefore has the right to spend the Bitcoin.
The only way to cheat this system is to calculate the private key using the public key, which is extremely hard with conventional computers. But with a quantum computer, it is easy.
And that’s how quantum computers pose a significant risk to Bitcoin. “The elliptic curve signature scheme used by Bitcoin is much more at risk, and could be completely broken by a quantum computer as early as 2027,” say Aggarwal and co.
Indeed, quantum computers pose a similar risk to all encryption schemes that use a similar technology, which includes many common forms of encryption.
Read more here: www.technologyreview.com/s/609408/quantum-computers-pose-imminent-threat-to-bitcoin-security/
Brain-computer interfaces (BCI), such as those being developed by Elon Musk’s Neuralink startup, risk being hijacked by a rogue artificial intelligence, experts have warned—meaning a person’s thoughts, decisions and emotions could be manipulated against their will by AI.
The warning comes in a comment piece in the scientific journal Nature this week written by 27 neuroscientists, ethicists and machine intelligence engineers.
The researchers use the hypothetical example of a paralysed man participating in a brain-computer interface trial who doesn’t like the research team working with him. Artificial intelligence reading his thoughts could take his dislike as a command to harm the researchers, despite no direct command being given by the paralysed man.
The researchers write: “Technological developments mean that we are on a path to a world in which it will be possible to decode people’s mental processes and directly manipulate the brain mechanisms underlying their intentions, emotions and decisions; where individuals can communicate with others simply by thinking; and where powerful computational systems linked directly to people’s brains facilitate their interactions with the world such that their mental and physical abilities are greatly enhanced.”
Read more here: www.newsweek.com/artificial-intelligence-hijack-brain-computer-interface-control-decisions-ai-705511
Google was in poll position to win the race for quantum supremacy, the point at which a quantum computer can do things a conventional one can’t. But IBM seems to have pulled the rug from beneath their rivals by carrying out the largest simulation of a quantum computer to date.
It had long been assumed that simulating more than 49 qubits—the quantum computing equivalent of the digital bits used in standard computers—was near enough impossible due to the colossal amount of memory it would require. But by using some smart mathematical shortcuts the group was able to simulate a 56-qubit machine using just 4.5 terabytes of memory rather than the exabyte (one million terabytes) previous approaches would have required.
That means the 49-qubit processor Google plans to unveil before the end of this year will not take the quantum supremacy crown, and it might take longer than some have predicted for quantum computers to surpass their conventional cousins. IBM researchers say they still don’t know the limits of how many qubits their approach could simulate.
They are at pains to say their findings in no way undercut the quest for practical quantum computers, which is unsurprising seeing as IBM is also one of the leading players in the race. The company has already built a 17-qubit processor and says it plans to achieve 50 “in the next few years.”
Read More Here: singularityhub.com/2017/11/08/ibm-just-simulated-the-biggest-quantum-computer-to-date-what-that-means-for-the-field/
Intel and AMD revealed their partnership.
The two corporations will co-design the new Core chip with AMD Radeon graphics inside.
Both corporations will win from this collaboration. AMD's Semi-Custom segment will likely return to growth.
Should Nvidia be worried?
Intel and AMD are teaming upThe two rivals Intel (INTC) and Advanced Micro Devices (AMD) revealed they will work together in order to bring a new Core chip to the market with AMD Radeon discrete graphics inside. While the collaboration still sounds crazy, it is claimed by the two corporations that the new chip will start shipping as early as in Q1 2018.
The new product will be based on the technology called Embedded Multi-Die Interconnect Bridge (EMIB) and will be part of Intel's eighth Gen Intel Core family. EMIB allows creating efficient solutions in smaller sizes, placing CPU, GPU, and memory in close proximity "without being part of the same actual design."
The partnership will be beneficial for both corporations. What about Nvidia?It can be expected that the new collaboration is a win-win situation for the chipmakers.
Hence, teaming up with AMD will allow Intel to provide a new powerful product that will be able to compete with Nvidia's (NVDA) similar solutions. For instance, earlier this year Nvidia presented its Max-Q design for laptop GPUs, which aimed to power thin and light laptops and provide "the ultimate gaming experience." Notably, Intel's new chip also is promoted to be good for gaming.
It is important to mention here that Nvidia is still the No. 1 choice when it comes to PC gaming, according to Steam Survey.
Read more here: seekingalpha.com/article/4121657-intel-amd-teaming-implications
October 19, 2017
Technologist, Office of Technology Research and InvestigationIf you have a smartphone, laptop, or IoT device connected to a Wi-Fi network, the information you send over that network could be at risk. Researchers recently found a bug that lets attackers break the encryption that protects most wireless networks – leaving data you send exposed.
The bad news is that this is not a problem with a specific device, or even manufacturer – it’s a problem with the WPA2 encryption standard nearly all Wi-Fi devices on the market today use to scramble communications, preventing eavesdropping and tampering. Basically, if you use a device to connect to a wireless network at home, work, or elsewhere, this bug means you cannot rely on that connection being secure.
The good news is that the bug can be fixed with a security update or patch. Device manufacturers and software companies are aware of the bug and updates for affected devices should be rolling out in the near future, if they haven’t already.
In the meantime, connections other than Wi-Fi (like your smartphone’s 4G/3G carrier connection, or a connection with an Ethernet cable) are not affected. So, consider using them instead of Wi-Fi until the updates are available.
Read more here: www.consumer.ftc.gov/blog/2017/10/researchers-find-bug-wi-fi-network-encryption
AMD shares are rising on the announcement the chipmaker will collaborate with Intel to compete with Nvidia in the laptop chip market.
"Our collaboration with Intel expands the installed base for AMD Radeon GPUs and brings to market a differentiated solution for high-performance graphics," said Scott Herkelman, vice president and general manager, AMD Radeon Technologies Group, in the press release.
"This new semi-custom GPU puts the performance and capabilities of Radeon graphics into the hands of an expanded set of enthusiasts who want the best visual experience possible."
Intel revealed the chip will be for thin and lightweight laptops that are capable of playing complex video games.
Read more here: www.cnbc.com/2017/11/06/amd-shares-surge-on-a-report-of-laptop-chip-deal-with-intel-to-fight-off-nvidia.html