Tech & Science

  • Attacks on the Cloud Increase by 300%

    The number of attacks on cloud-based accounts has increased by 300%, according to Microsoft’s Security and Intelligence report.

    It claimed that consumer and enterprise Microsoft accounts are a tempting target for attackers, and the frequency and sophistication of attacks on cloud-based accounts are accelerating. “The Identity Security and Protection team has seen a 300% increase in user accounts attacked over the past year” it said, claiming that a large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services.

    Elsewhere, the number of Microsoft account sign-ins attempted from malicious IP addresses has increased by 44% in comparison to Q1 of 2017 to Q1 of 2016. “Security policy based on risk-based conditional access, including comparing the requesting device’s IP address to a set of known ‘trusted IP addresses’ or ‘trusted devices’, may help reduce risk of credential abuse and misuse,” the report advised.

    Oliver Pinson-Roxburgh, EMEA director at Alert Logic said: “There are a number of sophisticated attacks that rely on new detection capabilities most organizations do not have today and they are increasing as organizations get better at security best practices.”

    In the recent Alert Logic Cloud Security report for 2017, it claimed that it saw close to 37% more incidents in on-premise data centers, leaving each public cloud deployment to withstand just over (on average) around 400 incidents in the 18-month period covered by this report. “Even lower incident rates do not necessarily translate to lower risk—especially when, as is increasingly more common, businesses rely on the public cloud to handle their highest-value assets,” he said.

    Read more

    Read more
  • Unskilled Nigerian Behind Phishing Offensive Targeting World's Biggest Companies

    A relatively unskilled man in his mid-20s, operating from a location near the capital of Nigeria, is the kingpin behind a four-month cyber-offensive that has affected 4,000 organizations globally.

    According to an investigation by Check Point, a range of companies have been targeted by cyberattacks which aim to infect their networks, steal data and commit fraud. The victims include a marine and energy solutions company in Croatia, a transportation company in Abu Dhabi, a mining company in Egypt, a construction organization in Germany, and so on—leading international names in industries such as oil & gas, manufacturing, banking and construction.

    “Successful attacks on this scale are usually attributed to expert gangs of cybercriminals—often backed by a nation-state, with the aim of destabilizing economies,” Check Point researchers said. “[Instead], he is a Nigerian national, working on his own. On his social media accounts, he uses the motto ‘get rich or die trying’.”

    His attack campaign uses fraudulent emails which appear to originate from oil and gas giant Saudi Aramco, the world’s second largest daily oil producer, targeting financial staff within companies to trick them into revealing company bank details, or open the email’s malware-infected attachment.

    “It’s particularly striking that his techniques display a low level of cyber-skills,” the researchers said. “His fraudulent emails are crude and unsophisticated; there is almost no research or social engineering involved in creating them. The titles of the emails are generic, and phrased as “Dear Sir/Ms.” The same mail is sent to numerous targets, all in blind carbon copy, urging victims to send back banking details, perhaps for future scams.”

    The malware used is NetWire, a remote access Trojan which allows full control over infected machines, and Hawkeye, a keylogging program. These are old, generic and readily available online; and, he uses freeware to ‘scrape’ email addresses from corporate websites which he then uses as targets for his campaigns, Check Point said.

    The ramifications are myriad: Both financial losses and the ability for follow-on attacks should both be concerns, the firm cautioned.

    Read more

    Read more
  • Journalists to use 'immune system' software against fake news

    Broadcast, print and online journalists are to begin using an automated fact-checking system that quickly alerts them to false claims made in the press, on TV and in parliament.

    An early version of the system, dubbed the “bullshit detector” by its creators, will be rolled out for testing from October as part of a global fightback against fake news.

    It is being developed by researchers at the Full Fact organisation in London with $500,000 (£380,000) of funding from charitable foundations backed by two billionaires: the Hungarian-born investor George Soros, and the Iranian-American eBay founder Pierre Omidyar.

    The software, which was demonstrated to the Guardian, scans statements as they are made by politicians and instantly provides a verdict on their veracity. An early version relies on a database of several thousand manual fact-checks, but later versions will automatically access official data to inform the verdict. The researchers are co-operating with the Office of National Statistics on the project.

    The Full Fact program will be first tested in the UK but will also be deployed in South America and Africa, where Kenya’s presidential election campaign has been beset by fake news such as bogus BBC and CNN news reports using fabricated polls to overstate the prospects of President Uhuru Kenyatta.

    In London, Full Fact is working with Chequeado, an Argentina-based fact-checking organisation, and Africa Check, which operates in several sub-Saharan countries, including Nigeria and South Africa.

    “It is like trying to build an immune system,” says Mevan Babakar, project manager at Full Fact in London. “As more information goes out into the world that is wrong, what we don’t have is the means of pushing back against that.”

    The early version of the software scans the subtitles of live news programmes, broadcasts of parliament, the Hansard parliamentary record, and articles published by newspapers. It tracks millions of words sentence by sentence until it identifies a claim that appears to match a fact-check already in its database.

    The Guardian witnessed a real-time demonstration during a health debate in parliament. Words spoken by the politicians were underlined if they matched an existing fact-check. For example, the claim that “in the last six years of the last Labour government, 25,000 hospital beds were cut” flags a fact-check from the database that states: “Correct, the number of overnight beds in the English NHS actually fell by slightly more – about 26,000 – between 2003-04 and 2009-10”.

    Read more

    Read more
  • US Air Force got hacked by this 17-year-old teen

    17-year-old Jack Cable topped the USAF bug bounty programme by identifying 30 critical vulnerabilities - Representational image

    Hackers are a major threat to the US government and its military. The US Air Force (USAF) got hacked by a 17-year-old high-school student, who instead of getting punished, was paid. However, it wasn't a malicious attack, instead, the teenager participated in the air force's bug bounty programme.

    Jack Cable topped the Hack the Air Force programme by identifying 30 vulnerabilities, some of which were critical, and reportedly took home a cash prize, with the Pentagon paying out prizes ranging between $100 (£77) and $5,000 for each vulnerability. Cable told IBTimes UK that the programme shelled out a total of $130,000.

    Unlike other bug bounty programmes, the USAF made its hackathon open to hackers from across the globe. The Air Force said that 33 hackers who participated in the bug bounty programme "came from outside the US," while two were active duty US military personnel. The air force also confirmed that Cable earned "the largest bounty".

    "I found what's known as an XML external entities vulnerability. That handles the applications processing of XML, which is a type of input data. I found that I could give it a URL and the application would make a request to that website. And I was able to escalate that after working on for a few hours into a remote code execution. So that would allow me to basically do whatever I wanted. So I could access all the user data that was on the website and I could change anything that I wanted to," Cable told Marketplace.

    The USAF bug bounty was reportedly run by the HackerOne platform and invited around 600 hackers from the US, Canada, UK, Australia and New Zealand. All the five nations are part of the Five Eyes intelligence alliance.

    Cable also reported vulnerabilities in India-based food app Zomato. In May, 17 million Zomato user accounts were put up for sale on the dark web. However, shortly after the breach, the food and restaurant searching app launched its own bug bounty programme.

    Such programmes have gained popularity over the past few years, with platforms such as Tor, recently launching its own. In the past, tech giants such as Google, Twitter, Facebook, Apple and others have paid out white-hat hackers substantial cash rewards for finding bugs and helping improve their cybersecurity infrastructure.

    Read more

    Read more
  • Prime Computer Creates $1M 'Solid Gold' PC

    The case contains almost 7kg of 18-carat gold and there's an optional precious stone power switch upgrade available.

    In a classic case of more money than sense, a limited edition fanless NUC PC has been produced for the rich consumers living in Dubai that costs $1 million.

    It's the work of Swiss PC manufacturer Prime Computers, and it combines what would otherwise be a typical Intel NUC computer in a fanless case with a lot of very expensive gold and a precious stone. There are also a few component upgrades that push the price of this tiny PC up a bit.

    The base PC is called the PrimeMini 3, which can be purchased for as little as $1,200 if you opt for a Core i3 processor, 4GB of DDR4 RAM, and a 120GB SSD. But for the Dubai market, Prime is offering a higher spec for a million dollars. This limited edition PrimeMini 3 includes a Core i5-6260U processor, up to 32GB of DDR4 RAM and up to a 5TB SSD. As for operating systems, Windows 7, 8.1, and 10 are on offer, as is Linux if you prefer.

    Here's the standard PrimeMini 3 without the bling makeover:

    As reported by Arabian Business and FanlessTech, the existence of this very expensive tiny PC has been explained by Josip Sunic, CEO of Prime Computer. He said, "Our customers were asking for personalised machines ... to answer these needs we came up with the idea of the ultimate high-end computer made of solid gold".

    And it's that case where the majority of the sky-high cost comes from. It consists of nearly seven kilograms of 18-carat gold. The case can be further enhanced by replacing the standard power button with a precious stone. And for anyone concerned about a fanless PC in the hot temperatures of Dubai, don't worry, gold is a great heat conductor so it should be fine, better even than the standard aluminum case it replaced.

    Read more

    Read more
  • Facebook introduces new video service

    Social media giant Facebook has made a move into dedicated video, pitting it against YouTube and TV networks.

    Users will soon see a new Watch tab that will offer a range of shows, some of which have been funded by the social network

    Watch will be personalised so that users can discover new shows, based on what their friends are watching.

    Viewers will also be able to see comments and connect with friends and dedicated groups for shows.

    "Watching a show doesn't have to be passive," said the company's founder Mark Zuckerberg in a Facebook post.

    "It can be a chance to share an experience and bring people together who care about the same things."

    Video has been available on Facebook for some time, but until now, it has mostly been dominated by amateur clips or short segments from news organisations.

    The world's largest social network added a video tab last year, and has hinted for some time that it might make the move to producing original content.

    Watch could open up new revenue potential for both Facebook and programme makers, while users can expect to see targeted advertising before and during the shows.

    Read more

    Read more