British Energy Industry is being targeted by Russian Hackers

British Energy Industry is being targeted by Russian Hackers

Russian hackers have attacked targets from the British energy industry over the last 12 months, the head of the country’s National Cyber Security Center, Ciaran Martin said. The warning, according to the New York Times, suggests that the number of attacks coming from Russia has been much greater than previously estimated by British and U.S. officials.

Martin did not specify the names of any potential targets, which, he said, also included businesses from the media and telecoms industries. He also didn’t specify the number of attacks identified by his agency.
Earlier this year, U.S. security agencies reported that they had detected network breaches by Russian hackers into companies operating nuclear power facilities in the United States. The combination of nuclear power and cyberattacks is enough to raise any government’s hackles, and Britain’s PM Theresa May wasted no time in accusing Moscow directly, saying “We know what you are doing. And you will not succeed,” adding that Russia was “threatening the international order on which we all depend.”
Intelligence data has earlier suggested that last year Russian hackers tried to enter the Irish power grid and that they also targeted power utilities in Great Britain.
The cyberthreat for the energy industry is not solely a Russian one. At the end of last year, the UN’s Deputy Secretary-General, Jan Ellison, warned that “non-state” groups were trying to get their hands-on weapons of mass destruction, and it seems that hacking nuclear power plants is one of the ways to achieve this destruction. Ellison said a hack attack on a nuclear plant would be “a nightmare scenario,” adding that the fight with these groups is a long-term challenge.
Britain earlier this year suffered another wide-scale attack; this one traced back to North Korea, reportedly, which disabled the IT systems of several hospitals, rescheduled operations, and diverted ambulances. The so-called WannaCry attack was stopped by an amateur.

Canvas fingerprinting may be blocked in Firefox 58

The Mozilla Foundation is boosting privacy in an upcoming version of its Firefox browser by removing the snooping capability called canvas fingerprinting, a method of tracking users across multiple websites.
The feature is expected to be removed in January 2018 with the introduction of Firefox 58, according to Mozilla.

“This rendered image data can then be extracted and hashed, to produce a single, potentially unique identifier to track users without any actual identifier persistence on the machine,” wrote developers in the Mozilla bug tracking system.Canvas fingerprinting capabilities are currently available in all major browsers. Using the HTML5 framework, websites are able to identify users (or a browser image) not by cookies, but the unique characteristics of a browser such as fonts, SVG widgets and WebGL—for starters.
Now, in an effort to protect user privacy from tracking, Mozilla is slated to be the first major browser to give users the option to block browser fingerprinting. Instead of automatically opting users in to tracking and sharing data, users must proactively give permission before data is shared.

However, despite the privacy upgrade, experts said the Firefox update will have a limited impact on overall browser privacy for most users. According to insights from Risk Based Security, using Firefox as a regular user, you are already sharing your IP with websites, accepting cookies from the website you visit and from ad providers. Plus, over the past several years, since concerns were first raised about fingerprinting, new tracking techniques have supplemented older ones.
The upcoming Firefox feature to block canvas fingerprinting attempts comes directly from the Tor Browser, which is almost entirely built on Firefox code. Typically features flow from Firefox to Tor Browser. But in a program called Tor Uplift Project, Mozilla is slowly hardening Firefox’s defenses with Tor privacy features.

“In Tor Browser, we have opted to have the canvas return white image data until the user has accepted a doorhanger UI that flips a site permission to either enable or permanently block canvas access from that site,” developers wrote. Now that feature comes to Firefox, Mozilla said.
For years, canvas fingerprinting has been a boon to advertisers who can track visitors to their website, whether or not tracking cookies are enabled or present. But it has also been used by threat actors. Last year, a malware campaign targeting Mac OS X machines is suspected of using browser fingerprinting to identify targets.

A new Ransomware 'Bad Rabbit' strikes Ukraine and Russia

'Bad Rabbit' ransomware strikes Ukraine and Russia

A new strain of ransomware nicknamed "Bad Rabbit" has been found spreading in Russia, Ukraine and elsewhere.

The malware has affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.
The cyber-police chief in Ukraine confirmed to the Reuters news agency that Bad Rabbit was the ransomware in question.
It bears similarities to the WannaCry and Petya outbreaks earlier this year.
However, it is not yet known how far this new malware will be able to spread.
"In some of the companies, the work has been completely paralysed - servers and workstations are encrypted," head of Russian cyber-security firm Group-IB, Ilya Sachkov, told the TASS news agency.

Two of the affected sites are Interfax and
Meanwhile, US officials said they had "received multiple reports of Bad Rabbit ransomware infections in many countries around the world".
The US computer emergency readiness team said it "discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored".

Russia hit most

"According to our data, most of the victims targeted by these attacks are located in Russia," said Vyacheslav Zakorzhevsky at Kaspersky Lab.
"We have also seen similar but fewer attacks in Ukraine, Turkey and Germany."
Bad Rabbit encrypts the contents of a computer and asks for a payment - in this case 0.05 bitcoins, or about $280 (£213).
Cyber-security firms, including Russia-based Kaspersky, have said they are monitoring the attack.
Media captionWhat is ransomware?
The malware is still undetected by the majority of anti-virus programs, according to analysis by virus checking site Virus Total.
One security firm, Eset, has said that the malware was distributed via a bogusAdobe Flash update.
Researcher Kevin Beaumont has posted a screenshot that shows Bad Rabbit creating tasks in Windows named after the dragons Drogon and Rhaegal in TV series Game of Thrones.
The outbreak bears similarities to the WannaCry and Petya ransomware outbreaks that spread around the world causing widespread disruption earlier this year.

Hacker takes over Coinhive DNS Server using an old password

Hacker takes over Coinhive DNS Server using an old password

An unknown attacker has hijacked Coinhive's DNS server and replaced the legitimate Coinhive JavaScript in-browser miner with a malicious version that mined Monero for the hacker's own wallet.

According to a Coinhive spokesperson, the incident took place yesterday, October 23, at around 22:00 GMT, and was discovered and resolved a day later.
Coinhive says the hacker logged into the company's Cloudflare account and replaced DNS records, pointing Coinhive's domain to a new IP address.
This new server pushed a custom version of the coinhive.min.js file that contained a hardcoded site key.
Thousands of sites around the world loaded this modified Coinhive script that mined Monero for the hacker, instead of legitimate site owners. A Coinhive spokesperson told the hacker had control over its domain name for about six hours.

Coinhive blamed the incident on password reuse

"The root cause for this incident was an insecure password for our Cloudflare account that was probably leaked with the Kickstarter data breach back in 2014," the company said. "We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account."
The company also said it's looking into ways of reimbursing users who lost revenue for last night's traffic.
"Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate," Coinhive said.

Some users are probably happy about Coinhive's breach

Coinhive is a service that launched in mid-September and allows site owners to load a JavaScript file on their websites and mine Monero using their users' computers.
While the service advertises itself as a legitimate business and possible alternative to online ads, the service has become a favorite among malware devs.

Various Coinhive clones have popped up across the Internet, and even Google is currently exploring ways to block in-browser cryptocurrency miners after the repeated abuse. Most users view Coinhive and similar technologies as malware because most sites and browser extensions don't ask for permission before launching the mining behavior.

Google Bug Bounty Program : Target - Android Apps

Google Offers Big Rewards To Hack Android's Most Popular Apps

Google is looking to improve its Play Store security. Google calls security researchers who invest their time and effort in order to make apps on Google Play Store more secure. It will help in improving the security from Fake and Malicious Apps and more benefit the developers and Android users.

All Google apps are included and developers of only popular Android apps are invited to opt-in to this program yet.

Scope of Program

For now, the scope is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher.

This translates to any RCE vulnerability that allows an attacker to run code of their choosing on a user’s device without user knowledge or permission.

Examples may include:
  • Attacker gaining full control, meaning code can be downloaded from the network and executed (download and execute arbitrary code, native, Java code etc. Javascript)
  • UI Manipulation to commit a transaction. For example, causing a banking app to make money transfers on behalf of the user without their consent.
  • Opening of webview that may lead to phishing attacks. Opening webview without user input or interaction.
Note: There is no requirement that OS sandbox needs to be bypassed.

Currently, there are eight different developers to be approved for the program such as Alibaba, Dropbox, Duolingo, Headspace, Line,, Snapchat, and Tinder, but Google says it’s working with more app makers to expand the program. And more apps will expand later, Google said.

How it works?

Reports states these steps:
  • Researcher identifies vulnerability within an in-scope app and reports it directly to the app’s developer via their current vulnerability disclosure or bug bounty process. Visit the program page on HackerOne for in-scope apps.
  • App developer works with the researcher to resolve the vulnerability.
  • Once the vulnerability has been resolved, the researcher requests a bonus bounty from the Google Play Security Rewards Program hosted on HackerOne.
  • Android Security team issues a reward to the researcher to thank them for improving the security of the Google Play ecosystem.

Note: All qualifying reports sent to the Google or Chrome Vulnerability Reward Programs will automatically be considered for a reward from the Google Play Security Reward Program. There is no need to submit vulnerabilities submitted to Google again to the Google Play Security Reward Program.

Reward Amounts

The Play Security Reward Program will evaluate each submission based on the above Vulnerability Criteria and reward accordingly. A reward of $1000 will be rewarded for issues that meet this criteria.

Any and all reward decisions are ultimately at the discretion of the Google Play Security Reward Program. In the future, other vulnerabilities may be introduced into scope.

Intel's Nervana AI chips take aim at Nvidia GPUs Firm says 'industry first' processor will be out later this year

Intel's Nervana AI chips take aim at Nvidia GPUs

Firm says 'industry first' processor will be out later this year

CHAINMAKER Intel has shown off what it describes as the "industry's first neural network processor", as it looks to take on Nvidia's GPU lineup.
The microchip giant says it will be shipping the Nervana Neural Network Processor (NNP) by the end of the year, and that it is collaborating with, er, Facebook in order to develop its AI capabilities.
In a blog post, Intel CEO Brian Krzanich says the new NNP will enable companies to "develop new classes of AI applications", and goes on to make familiar but vague promises for the technology as a whole including benefits for healthcare, social media, automotive and weather forecasting.
A more concrete goal mentioned by Krzanich, but one that is perhaps just as hard to measure, is an aim set out by Intel last year: to increase the company's AI performance 100-fold by 2020.
Neuromorphic chips attempt to model the workings of the human brain, in which information captured by billions of sensory receptors is processed in parallel by neurons and synapses. Over time the connections between neurons alter according to their inputs; that is, they learn from experience.
The idea of replicating this process in silicon dates back to at least the late 1980s when US scientist Carver Mead coined the term 'neuromorphic' in a research paper.
It is an area beset by hyperbole and claims significant breakthroughs occur with some frequency. For example, in 2014 IBM announced it had created a neuromorphic chip that could perform 46 billion operations per second drawing just 70 milliwatts of power (the brain is also extremely energy efficient), and later claimed a breakthrough in creating artificial neurons based on an alloy used in Blu-ray discs. How far away from a production device these developments are is rarely made clear, so the current Intel announcement is unusual in that regard.
Other chipmakers from Qualcomm to Nvidia have made claims and patented architectures and designs of their own, and Facebook, collaborator on the NNP,  has long been working with AI to try to understand the context of users' posts.
Intel purchased deep learning startup Nervana in 2016. At the time the firm said the acquisition would "advance Intel's AI portfolio and enhance the deep learning performance and TCO of our Intel Xeon and Intel Xeon Phi processors".
Unlike standard chips, the on-chip memory on the NNP is directly managed by software rather than as a physical cache, Intel says,  which increases the memory bandwidth, allowing for increased parallelisation and reduced power consumption at the same time.

Pornhub is using AI and facial recognition to tag its videos

HOBBYIST SITE Pornhub is embracing artificial intelligence (AI) and facial recognition to tag its videos, which could make them more accurately described and save human moderators from a thousand yard stare that they may never shift.
Pornhub says that its system can auto detect 10,000 different pornstars, which puts it on a par with an average male teenager, and can use this extensive knowledge to catalogue things for busy wankers.
"Artificial intelligence has quickly reached a fever pitch, with many companies incorporating its capabilities to considerably expedite antiquated processes. And that's exactly what we're doing with the introduction of our AI model, which quickly scans videos using computer vision to instantaneously identify pornstars," said Corey Price, VP at Pornhub.
"Now, users can search for a specific pornstar they have an affinity for and we will be able to retrieve more precise results. Our model will undoubtedly play a pivotal role moving forward too, especially considering that over 10,000 videos per day are added to the site.
"In fact, over the course of the past month alone, while we tested the model in beta, it was able to scan through 50,000 videos that have had pornstars added or removed on the video tags."  

As time moves on the system is expected to up its game and to start to recognise whether the action is taking place outside and if the ladies starring in the video are blonde (of head). All this sort of thing probably makes it easier for people to find what they are looking for.
This is progress, for what it is worth, so we should probably applaud it. However, in honour of the site we will limit ourselves to one-handed clapping.

ROCA: RSA encryption key flaw puts 'millions' of devices at risk Vulnerability targets hardware

ROCA: RSA encryption key flaw puts 'millions' of devices at risk

Vulnerability targets hardware created by Infineon Technologies

SECURITY RESEARCHERS have uncovered a new vulnerability in a generation of RSA encryption keys used by software libraries in cryptographic smart cards, security tokens and PC chipsets.
The vulnerability has been identified by researchers working at the Centre for Research on Cryptography and Security at Masaryk University, Czech Republic; Enigma Bridge Ltd, Cambridge, UK; and Ca' Foscari University of Venice, Italy.
Specifically targeting hardware created by German semiconductor manufacturer Infineon Technologies, the vulnerability enables a practical factorisation attack.
This results in cyber criminals computing the private part of an RSA key and affects chips manufactured from 2012 onwards, which are now commonplace in the industry.
According to the researchers, hackers are able to target a plethora of commonly used key lengths - including the industry standard 1024 and 2048 bits.

The ROCA vulnerability, CVE-2017-15361, is closely related to the Trusted Platform Module (TPM). It applies cryptographic protection to computer systems and services.
Discovered in a cryptographic library applied in Infineon TPM products, the attack results in threat actors quickly targeting public keys to create private variants quickly.
The research team has come up several offline and online detection tools that allow users to access their keys safely and are recommending that affected parties contact their vendors.
Major vendors like Microsoft, Google, HP, Lenovo and Fujitsu have since released software updates and guidelines for mitigation, and more details will be revealed at the upcoming ACM CCS Conference.
RSA keys created on flawed products are weak and full of bugs. And if companies fail to find a solution, areas such as disk encryption, software signing and account security could all be left in jeopardy.
The time complexity and cost for the selected key lengths vary greatly, with the researchers estimating as follow:
  • 512 bit RSA keys - 2 CPU hours (the cost of $0.06);
  • 1024 bit RSA keys - 97 CPU days (the cost of $40-$80);
  • 2048 bit RSA keys - 140.8 CPU years, (the cost of $20,000 - $40,000).
Writing in a blog post, the researchers said: "A remote attacker can compute an RSA private key from the value of a public key.
"The private key can be misused for impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures (such as for software releases) and other related attacks.
"The actual impact of the vulnerability depends on the usage scenario, availability of the public keys and the lengths of keys used.
"We found and analyzed vulnerable keys in various domains including electronic citizen documents, authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP.
"The currently confirmed number of vulnerable keys found is about 760,000, but possibly up to two to three magnitudes more are vulnerable. The details will be presented in two weeks at the ACM CCS conference."

© [Ritik banger] and [Hacker ritz], [2017]. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to [Ritik banger] and [Hacker ritz] with appropriate and specific direction to the original content.
Designed by Ritik Banger . All rights reserved . Powered by Blogger.
© Copyright 2017. Website by Hacker Ritz