The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.

The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.

The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.

The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.

Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.

Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.

The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.

ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.

Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html

Bernstein Research’s senior analyst Mark C. Newman said that the competitive dynamic in the memory chip industry is not as good as we thought due to Samsung’s aggressive and opportunistic behavior. This is analyst speak for Samsung is engaging in a supply and price war with the other big names in the memory chip marking business – SK hynix and Micron.

“Rather than sit back and enjoy elevated profit margins with a 40 percent market share in DRAMs, Samsung is intent on stretching their share to closer to 50 percent,” he said.

Newman said the company is gaining significant market share in the NAND sector.

“Although Samsung cares about profits, their actions have been opportunistic and more aggressive than we predicted at the expense of laggards particularly Micron Technology in DRAMs and SK hynix in NANDs,” he said.

SK hynix is expected to suffer. “In NAND, we see Samsung continuing to stretch their lead in 3D NAND, which will put continued pressure on the rest of the field. SK hynix is one of the two obvious losers.”

Newman said that Samsung’s antics have destroyed the “level of trust” among competitors, perhaps “permanently,” as demand has dropped drastically with PC sales growth down to high single digits in 2015 with this year shaping up to be the same.

“Sales of smartphones, the main savior to memory demand growth have also weakened considerably to single digit growth this year and servers with datacenters are not strong enough to absorb the excess, particularly in DRAM,” Newman said.

He is worried that Samsung could create an oversupply in the industry.

“The oversupply issue is if anything only getting worse, with higher than normal inventories now an even bigger worry. Although we were right about the shrink slowing, thus reducing supply growth, the flip side of this trend is that capital spending and R&D costs are soaring thus putting a dent in memory cost declines,” he said.

China’s potential entry into the market and new technologies will provide further worries “over the longer term.”

“Today’s oversupply situation would become infinitely worse if and when China’s XMC ramps up big amounts of capacity. New memory technologies such as 3D X-point, ReRAM and MRAM stand on the sidelines and threaten to cannibalize part of the mainstream memory market,” he said.

Courtesy-Fud

While there have been cut-down Linux implementations before the increase in numbers of smart, connected devices has made something a little more specialized more important.

Zephyr is all about minimizing the power, space, and cost budgets of IoT hardware.
For example a cut down Linux needs 200KB of RAM and 1MB of flash, IoT end points, which will often be controlled by tiny microcontrollers.

Zephyr has a small footpoint “microkernel” and an even tinier “nanokernel.” All this enables it to be CPU architecture independent, run on as little as 10KB while being scalable.

It can still support a broad range of wireless and wired technologies and of course is entirely open saucy released under the Apache v2.0 License.

It works on Bluetooth, Bluetooth Low Energy, and IEEE 802.15.4 (6LoWPAN) at the moment and supports x86, ARM, and ARC architectures.

Courtesy-Fud

The Android fork, which adds conventional desktop features such as a taskbar, start menu and support for multiple windows, has been a huge hit, overshadowing the implementation of Android revealed in Google’s recent high-end tablet the Pixel C.

The initial build, as ever, is designed to fish for bugs and aid developers. A beta will follow in the coming weeks. The Alpha doesn’t contain Google Mobile Services apps such as the Play store and Gmail, but the finished version will. In the meantime, users can sideload the gApps package or go to the Amazon Web Store.

There may also be problems with some video codecs, but we’re told this is a licensing issue which will be resolved in the final version too. In the meantime, the first release is perfectly useable.

Compatibility with most Android apps is instant, but the user community can ‘upvote’ their favourites on the Remix OS site to flag what’s working best in each category.

The company has already released a small desktop machine of its own, called the Remix Mini, the world’s first fully functioning Android PC, priced at just $70 after a successful Kickstarter campaign. It has also developed a 2-in-1 ultrabook, the Remix Ultra, and has licensed Remix OS to several Far East tablet manufacturers.

In this new move, the company has teamed up with Android-x86, a group that has been working on an executable version of Android for computers since 2009, to launch a Remix OS installer which will allow existing hardware to become Remix OS powered, or as a partition on a dual-boot machine.

A third option is to store the OS on a USB stick, meaning that you can make any computer your own. This technique has already been popular through the Keepod programme which offers Android on a stick to countries without access to high-speed computers.

The advantages of Remix OS to the developing world are significant. Bench tests have shown that Remix OS works significantly faster than Windows, which will potentially breathe new life into older machines and make modern machines run at previously impossible speeds.

Remix OS was designed by three ex-Google engineers and includes access to the full Google Apps suite and the Google Play store.

David Ko, co-founder of Jide Technology, said: “Today’s public release of Remix OS, based on Android-x86, is something that we’ve been working towards since we founded Jide Technology in 2014.

“All of us are driven by the goal of making computing a more accessible experience, and this free, public release allows us to do this. We believe Remix OS is the natural evolution of Android and we’re proud to be at the forefront of this change.”

The public Alpha will be available to download from Jide and android-x86 from 12 January, and a beta update is expected swiftly afterwards. The INQUIRER has been using a Remix Mini for over a month now, and a full review of the operating system is coming soon.

Courtesy-TheInq

For the past seven years, a cyberespionage group operating out of Russia on the orders of Tsar Putin have been conducting a series of malware campaigns targeting governments, political think tanks and other organizations.

Researchers at F-Secure have been looking into the antics of an outfit called “the Dukes” which has been active since at least 2008. The group has evolved into a methodical developer of “zero-day” attacks, pulling together their own research with the published work of other security firms to provide a more detailed picture of the people behind a long-running family of malware.

The Dukes specialize in “smash and grab” attacks on networks, but have also used subtle, long-term intrusions that harvested massive amounts of data from their targets.

The group’s targets do include criminal organisations operating in the Russian Federation, which suggest there is some form of policing element to it. But they are mostly interested in Western governments and related organisations, such as government ministries and agencies, political think tanks and governmental subcontractors.

F-Secure team wrote. “Their targets have also included the governments of members of the Commonwealth of Independent States; Asian, African, and Middle Eastern governments; organisations associated with Chechen terrorism; and Russian speakers engaged in the illicit trade of controlled substances and drugs.”

The group was named after its earliest-detected malware, known as PinchDuke. Its targets were associated with the Chechen separatist movement. Later that year they were going after Western governments and organisations in search of information about the diplomatic activities of the United States and the NATO.

Most of the attacks used spear phishing emails as the means of injecting malware onto targeted systems, one of their attacks have spread malware through a malicious Tor exit node in Russia, targeting users of the anonymising network with malware injections into their downloads.

The targets have always followed Russian government interests. There are a number of Russian-language artifacts in some of the malware, including an error message in PinchDuke. GeminiDuke also used timestamps that were adjusted to match Moscow Standard time.

Before the beginning of the Ukraine crisis, the group began using a number of decoy documents in spear phishing attacks that were related to Ukraine. They included a letter undersigned by the First Deputy Minister for Foreign Affairs of Ukraine.

However, after the crisis happened the attacks dropped off suggesting that it was an intelligence gathering operation. It is also a big operation, which, if operating in Russia would most likely require state acknowledgement, if not outright support.

According to a website set up by the company to share information about the incident, Web.com discovered the security breach on Aug. 13 as part of its ongoing security monitoring.

Attackers compromised credit card information for around 93,000 accounts, as well as the names and addresses associated with them. No other customer information like social security numbers was affected, the company said.

According to the company, the verification codes for the exposed credit cards were not leaked. However, there are websites on the Internet that don’t require such codes for purchases.

Web.com has notified affected customers via email and will also follow up with letters sent through the U.S. Postal Service. Those users can sign up for a one-year free credit monitoring service.

The company did not specify how the intruders gained access to its systems, but has hired a “nationally recognized” IT security firm to conduct an investigation.

Web.com provides a variety of online services, including website and Facebook page design, e-commerce and marketing solutions, domain registration and Web hosting. The company claims to have over 3.3 million customers and owns two other well known Web services companies: Register.com and Network Solutions.

Register.com and Network Solutions customers were not impacted by this breach unless they also purchased services directly from Web.com.

Source-http://www.thegurureview.net/aroundnet-category/web-com-latest-victim-of-credit-card-hacking.html