The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.

The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.

The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.

The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.

Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.

Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.

The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.

ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.

Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html

Fundamental research leading towards faster wireless networks, secure low-power technologies for the Internet of Things, and even 3D displays will be the focus of Intel’s collaboration with the French Alternative Energies and Atomic Energy Commission (CEA).

Intel and the CEA already work together in the field of high-performance computing, and a new agreement signed Thursday will see Intel fund work at the CEA’s Laboratory for Electronics and Information Technology (LETI) over the next five years, according to Rajeeb Hazra, vice president of Intel’s data center group.

The CEA was founded in 1945 to develop civil and military uses of nuclear power. Its work with Intel began soon after it ceased its atmospheric and underground nuclear weapons test programs, as it turned to computer modeling to continue its weapons research, CEA managing director Daniel Verwaerde said Thursday.

That effort continues, but the organization’s research interests today are more wide-ranging, encompassing materials science, climate, health, renewable energy, security and electronics.

These last two areas will be at the heart of the new research collaboration, which will see scientists at LETI exchanging information with those at Intel.

Both parties dodged questions about who will have the commercial rights to the fruits of their research, but each said it had protected its rights. The deal took a year to negotiate.

“It’s a balanced agreement,” said Stéphane Siebert, director of CEA Technology, the division of which LETI is a part.

Who owns what from the five-year research collaboration may become a thorny issue, for French taxpayers and Intel shareholders alike, as it will be many years before it becomes clear which technologies or patents are important.

Hazra emphasized the extent to which Intel is dependent on researchers outside the U.S. The company has over 50 laboratories in Europe, four of them specifically pursuing so-called exa-scale computing, systems capable of billions of billions of calculations per second.

Source-http://www.thegurureview.net/mobile-category/intel-look-to-atomic-energy-for-mobile-technologys-future.html

It’s an interesting move for a man who in 2014 said artificial intelligence, or A.I., will pose a threat to the human race.

“I think we should be very careful about artificial intelligence,” Musk said about a year and a half ago during an MIT symposium. “If I were to guess at what our biggest existential threat is, it’s probably that… with artificial intelligence, we are summoning the demon. In all those stories with the guy with the pentagram and the holy water, and he’s sure he can control the demon. It doesn’t work out.”

Today, Musk is moving to help programmers use A.I. and machine learning to build smart robots and smart devices.

“We’re releasing the public beta of OpenAI Gym, a toolkit for developing and comparing reinforcement learning (RL) algorithms,” wrote Greg Brockman, OpenAI’s CTO, and John Schulman, a scientist working with OpenAI, in a blog post . “We originally built OpenAI Gym as a tool to accelerate our own RL research. We hope it will be just as useful for the broader community.”

The OpenAI Gym is meant as a tool for programmers to use to teach their intelligent systems better ways to learn and develop more complex reasoning. In short, it’s meant to make smart systems smarter.

Musk is a co-chair of OpenAI, a $1 billion organization that was unveiled last December as an effort focused on advancing artificial intelligence that will benefit humanity.

While Musk has warned of what he sees as the perils of A.I., it’s also a technology that he needs for his businesses.

The OpenAI Gym is made up of a suite of environments, including simulated robots and Atari games, as well as a site for comparing and reproducing results.

It’s focused on reinforcement learning, a field of machine learning that involves decision-making and motor control.

According to OpenAI, reinforcement learning is an important aspect of building intelligent systems because it encompasses any problem that involves making a sequence of decisions. For instance, it could focus on controlling a robot’s motors so it’s able to run and jump, or enabling a system to make business decisions regarding pricing and inventory management.

Two major challenges for developers working with reinforcement learning are the lack of standard environments and the need for better benchmarks.

Musk’s group is hoping that the OpenAI Gym addresses both of those issues.

Source- http://www.thegurureview.net/aroundnet-category/elon-musk-opens-training-gym-for-ai-programmers.html

Groupon has built its business model on the use of IBM’s patents, according to the complaint filed Wednesday in the federal court for the District of Delaware. “Despite IBM’s repeated attempts to negotiate, Groupon refuses to take a license, but continues to use IBM’s property,” according to the computing giant, which is asking the court to order Groupon to halt further infringement and pay damages.

IBM alleges that websites under Groupon’s control and its mobile applications use the technology claimed by the patents-in-suit for online local commerce marketplaces to connect merchants to consumers by offering goods and services at a discount.

About a year ago, IBM filed a similar lawsuit around the same patents against online travel company Priceline and three subsidiaries.

To develop the Prodigy online service that IBM launched with partners in the 1980s, the inventors of U.S. patents 5,796,967 and 7,072,849 developed new methods for presenting applications and advertisements in an interactive service that would take advantage of the computing power of each user’s PC and reduce demand on host servers, such as those used by Prodigy, IBM said in its complaint against Groupon.

“The inventors recognized that if applications were structured to be comprised of ‘objects’ of data and program code capable of being processed by a user’s PC, the Prodigy system would be more efficient than conventional systems,” it added.

Groupon is also accused of infringing U.S. Patent No.5,961,601, which was developed to find a better way of preserving state information in Internet communications, such as between an online merchant and a customer, according to IBM. Online merchants can use the state information to keep track of a client’s product and service selections while the client is shopping and then use that information when the client decides to make a purchase, something that stateless Internet communications protocols like HTTP cannot offer, it added.

Source- http://www.thegurureview.net/aroundnet-category/ibm-files-patent-infringement-lawsuit-against-groupon.html 

We ain’t surprised, but it is quite a shocking and naked fact when you consider it. The naming and resulting shaming happens in the HPE Cyber Risk Report 2016, which HPE said “identifies the top security threats plaguing enterprises”.

Enterprises, it seems, have myriad problems, of which Microsoft is just one.

“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Sue Barsamian, senior vice president and general manager for security products at HPE.

“We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”

Microsoft earned its place in the enterprise nightmare probably because of its ubiquity. Applications, malware and vulnerabilities are a real problem, and it is Windows that provides the platform for this havoc.

“Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction. Similar to 2014, the top 10 vulnerabilities exploited in 2015 were more than one-year-old, with 68 percent being three years old or more,” explained the report.

“In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.”

It is not all bad news for Redmond, as the Google-operated Android is also put forward as a professional pain in the butt. So is iOS, before Apple users get any ideas.

“Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year over year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetisation,” added the firm.

“As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent.

“Apple iOS represented the greatest growth rate with a malware sample increase of more than 230 percent.”

Courtesy-TheInq

WordPress, and its themes, are often shone with the dark light of the security vulnerability, but we do not hear of WP Engine often. Regardless of that, it seems to do good business and is reaching out to those that it does business with to tell them what went wrong and what they need to do about it.

A reasonable amount of threat mitigation is required, and if you are affected by the issue you are going to have to change your password – again, and probably keep a cautious eye on the comings and goings of your email and financial accounts.

“At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials. Out of an abundance of caution, we are proactively taking security measures across our entire customer base,” says the firm in an urgent missive on its web pages.

“We have begun an investigation, however there is immediate action we are taking. Additionally, there is action that requires your immediate attention.”

That action, is probably to panic in the short term, and then to change your password and cancel out any instances of its re-use across the internet. You know the drill, this is a daily thing right. Judging by the WordPress statement we are in the early days of internal investigation.

“While we have no evidence that the information was used inappropriately, as a precaution, we are invalidating the following five passwords associated with your WP Engine account,” explains WordPress as it reveals the sale of its – actually, your, problem. “This means you will need to reset each of them.”

Have fun with that.

Courtesy-TheInq

Since August, the group has been engaged in an attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.

During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.

The Kaspersky Lab researchers believe that this module’s goal is to defeat so-called network air gaps, network segments where sensitive data is stored and which are not connected to the Internet to limit their risk of compromise.

However, it’s fairly common for employees in organizations that use such network isolation policies to move data from air-gapped computers to their workstations using USB thumb drives.

Pawn Storm joins other sophisticated cyberespionage groups, like Equation and Flame, that are known to have used malware designed to defeat network air gaps.

“Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena,” the Kaspersky researchers said in a blog post. “This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day.”

Source- http://www.thegurureview.net/aroundnet-category/pawn-storm-hacking-group-develops-new-tools-for-cyberespionage.html