Comments Off on ‘Stegano’ Malvertising Exposes Millions To Hacking
Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.
The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.
The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.
The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.
Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.
The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.
ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.
Comments Off on Interest Grows In Collaborative Robots
Robots that work as assistants in unison with people are set to upend the world of industrial robotics by putting automation within reach of many small and medium-sized companies for the first time, according to industry experts.
Collaborative robots, or “cobots”, tend to be inexpensive, easy to use and safe to be around. They can easily be adapted to new tasks, making them well-suited to small-batch manufacturing and ever-shortening product cycles.
Cobots can typically lift loads of up 10 kilograms (22 lb) and can be small enough to put on top of a workbench. They can help with repetitive tasks like picking and placing, packaging or gluing and welding.
Some can repeat a task after being guided once through the process by a worker and recording it. The price of a cobot can be as little as $10,000, although typically they cost two to three times that.
The global cobot market is set to grow from $116 million last year to $11.5 billion by 2025, capital goods analysts at Barclays estimate. That would be roughly equal to the size of the entire industrial robotics market today.
“By 2020 it will be a game-changer,” said Stefan Lampa, head of robotics of Germany’s Kuka, during a panel discussion organized by the International Federation of Robotics (IFR) at the Automatica trade fair in Munich.
Growth in industrial robot unit sales slowed to 12 percent last year from 29 percent in 2014, the IFR said on Wednesday, weighed by a sharp fall in top buyer China.
The world’s top industrial robot makers – Japan’s Fanuc and Yaskawa, Swiss ABB and Kuka – all have collaborative robots on the market, although sales are not yet significant for them.
But the market leader and pioneer is Denmark’s Universal Robots, a start-up that sold its first cobot in 2009 and was acquired by U.S. automatic test equipment maker Teradyne for $285 million last year.
Apple shares are continuing to fall as more investors realise that the share price is not going to go up any more.
For a while now people have been buying Apple shares with the expectation that they will always go up. This always was largely based on a fantasy created by the Tame Apple Press that assumed the company would keep coming up with new technology ideas which would always be successful.
However lately Apple has not come up with any new ideas and has taken to re-issuing its old phone designs. It has also been floundering in its key Chinese market. The company’s only new idea has been for content creation through its Apple Music streaming brand. The only problem with that is that the software has been killing off user’s iTune libraries. It has also been banned in China which means that hopes that Apple would make money there are still thwarted.
Shares of Apple dropped below $90 on Thursday for the first time since 2014 as Wall Street worried about slow demand ahead of the anticipated launch of a new iPhone later this year. Some more reasonable analysts even think that the iPhone 7 is going to be a disaster because it lacks any new tech and has the same design as the poor performing iPhone 6S
Component suppliers in Taiwan have confirmed that they have received fewer orders from Apple in the second half of 2016 than in the same period last year.
Rosenblatt Securities analyst Jun Zhang saidt that investors were getting negative data points about component orders and production forecasts, and the features on the new iPhone do not seem to be a big change from the 6S.
Apple briefly relinquished its position as the world’s largest company by market capitalisation to Alphabet – oh the horror.
At the close, Apple and Google each had market values of about $495 billion, according to Thomson Reuters data. In the past year, Apple’s market capitalization has fallen by more than $200 billion. Which just goes to show this whole value thing was an illusion.
Suppliers of iPhone components also fell, with Skyworks Solutions off 4.54 percent, Broadcom down 1.95 percent and Qorvo declining 1.76 percent.
Revenue from China slumped 26 percent during the March quarter. Apple faces increasing competition from Chinese manufacturers like Xiaomi and Huawei selling phones priced below $200, Rosenblatt’s Zhang said.
Last week, Dialog Semiconductor, which sells chips used in iPhones and other smartphones, cut its revenue outlook due to ongoing softness in the smartphone market.
The Tame Apple press is trying to do its best to find analysts who recommend buying the stock claiming it is too cheap.However how much should you pay for an outfit which has milked its cash cow and has nothing new on the horizon.
Comments Off on Is Qualcomm Facing Another Security Flaw?
FireEye has found a vulnerability in Qualcomm software packages which are under the bonnet of hundreds of Android phone models.
Google announced this week that it released an Android update to patch shedloads of vulnerabilities, but the advisory mentioned an information disclosure vulnerability in the Qualcomm tethering controller (CVE-2016-2060) that allows a malicious application to access user information.
FireEye said that this vulnerablity is “high severity,” but Google noted that it does not affect Nexus devices. The patch for the issue is not in the Android Open Source Project (AOSP) repository but might make it in the latest driver updates for affected devices.
The security outfit said that researchers informed Qualcomm about the vulnerability in January and the vendor developed a fix by early March, when it started reaching out to OEMs to let them know about the issue. Now it’s up to the device manufacturers to push out the patch to customers. So probably a long time then.
The flaw exists in an open source software package maintained by Qualcomm and is related to the Android network daemon (netd).
“The vulnerability was introduced when Qualcomm provided new APIs as part of the ‘network_manager’ system service, and subsequently the ‘netd’ daemon, that allow additional tethering capabilities, possibly among other things,” FireEye said.
The flaw has been confirmed to affect devices running Android 5.0 Lollipop and earlier, which currently account for roughly three-quarters of Android devices. Researchers noted that the affected Qualcomm software package is used in a variety of projects, including the popular CyanogenMod, and the vulnerable APIs appear to have been around since at least 2011.
The vulnerability can be exploited to escalate privileges to the built-in “radio” user, which has permissions that are normally not available to a third-party app. The most efficient way to exploit CVE-2016-2060 is via a malicious application that is granted the “ACCESS_NETWORK_STATE” permission.
It is looking incredibly unlikely that mobile phone use is giving anyone cancer. A long term study into the incidence of brain cancer in the Australian population between 1982 to 2013 shows no marked increase.
The study, summarized on the Conversation site looked at the prevalence of mobile phones among the population against brain cancer rates, using data from national cancer registration.
The results showed a very slight increase in brain cancer rates among males, but a stable level among females. There were significant increases in over-70s, but this problem started before 1982.
The figures should have even been higher as Computed tomography (CT), magnetic resonance imaging (MRI) and related techniques, introduced in Australia in the late 1970s can spot brain tumors which could have otherwise remained undiagnosed.
The data matches up with other studies conducted in other countries, but in Australia all diagnosed cases of cancer have to be legally registered and this creates consistent data.
The argument that mobile phones cause cancer has been running ever since the phones first arrived. In fact the radiation levels on phones has dropped significantly over the years, just to be safe rather than sorry. However it looks like phones have had little impact on cancer statistics – at least in Australia.
Online entertainment company Rovi plans to purchase digital video recording firm TiVo for $1.1 billion in a stock and cash deal, the companies announced on Friday.
TiVo has cloud-based technology for integrating live, recorded, on-demand and Internet television into one user interface, with search, discovery, viewing and recording options from a variety of devices. Its technology has been deployed by operators including Virgin Media and Vodafone Spain.
Rovi announced in March that Sharp’s new Aquos TVs would include its G-Guide electronic programming guide.
The combined company is forecast to have more than $800 million in revenue in the current year. More than 10 million TiVo-served households are expected to be added to the current base of about 18 million homes that use Rovi guides. The new entity will serve nearly 500 service providers worldwide, the companies said.
The deal between Rovi and TiVo, besides creating a large media and entertainment technology company with complementary products and services, will also lead to the setting up of a company with a worldwide portfolio of more than 6,000 issued patents and pending applications worldwide.
The two companies have a strong licensing business and have also sued key players like Comcast for patent infringement in the past. The companies said they have more than $3 billion in combined IP licensing revenue and past damage awards.
The transaction is expected to close in the third quarter and the combined company will use the TiVo name. Tom Carson, CEO of Rovi will be the chief executive of the new company.
Comments Off on Verizon Emerged As Favorite Bidder For Yahoo
Verizon Communications Inc is the clear favorite in the fast approaching bid for Yahoo Inc’s core Internet business, according to Wall Street analysts, in large part because the telecommunications company’s efforts to become a force in Internet content have gone relatively well under the leadership of AOL Inc Chief Executive Tim Armstrong.
Verizon acquired AOL last June for $4.4 billion – its first big foray into the advertising-supported Internet business – and it is not yet clear how well the unit is performing financially. Subsequent moves, including the takeover of much of Microsoft Corp’s advertising technology business, a deal to buy Millennial Media for about $250 million and the recent launch of the mobile video service go90, are also too recent to assess.
Yet analysts have given the big phone company high marks for allowing AOL to operate independently and folding in other recent acquisitions without much drama. And they said Armstrong seems to be driving Verizon’s recent moves in go90 and recent acquisitions.
“The management puts a lot of faith in Armstrong,” BTIG analyst Walt Piecyk said.
That faith derives in part from the belief that Armstrong did a good job at left-for-dead AOL, especially in assembling a strong set of products to deliver targeted digital ads to customers.
Combining AOL and Yahoo, an idea that has come up many times over the years, could instantly make Yahoo a major player in Internet advertising, with Armstrong – one of the world’s top ad executives – at the helm, analysts said.
Armstrong “has good M&A experience, and a pretty solid ad tech stack,” B. Riley & Co analyst Sameet Sinha said.
Verizon’s hands-off approach that has worked with AOL, though, might not be suitable if the far-bigger Yahoo were taken over. With Yahoo’s struggling business, “the luxury of autonomy is simply not there,” Recon Analytics analyst Roger Entner said.
Verizon, AOL and Yahoo declined to comment.
The dark satanic rumor mill has manufactured a hell on earth yarn claiming that Nvidia is working on its own Linux OS for gamers.
A slide has tipped up showing a screen capture of an installer screen for this operating system supposedly going by the “NLINUX” codename at NVIDIA.
Not much to go on, but it does appear that Nvidia is looking at creating a distribution for gamers similar to that operated by Valve.
It is hard to see what Nvidia would get out of it. Nvidia also has its SHIELD TV that’s powered by Tegra hardware and offers a variety of games over their cloud/streaming “GeForce NOW” service.
So why would Nvidia need a full-blown Linux distribution? The only place it could use one is on the desktop, but that would just mean bringing another Linux distribution into a crowded market with little return for its efforts.
Nvidia already has control of the Linux gaming systems and its cards do better on Linux than AMDs so an “optimized” Linux OS is not going to sell them more graphics cards for Linux gamers. It would have to add something which is better than Steam, or Ubuntu and what could that be?
Kaspersky have found another scary trojan to wave under our noses and cause us to consider getting off the internet.
This one is called Triada and it targets Android devices with Windows-style malware swagger. Anyone running Android 4.4.4 and earlier is in trouble, according to Kaspersky, as they face an opponent created by “very professional cyber criminals” that can allow for in-app purchase theft and all the problems that come with privilege escalation.
And guess what? Android users dangle themselves in the way of the Triada threat when they download things from untrusted sources. Does no one listen to anything these days? Does it even matter? Kaspersky said in a blog post that the likely apps can “sometimes” make their way onto the official Android store.
There is something different about this attack. Kaspersky reports on a lot of these things, but Triada exploits Zygote, and that is a first.
“A distinguishing feature of this malware is the use of Zygote, the parent of the application process on an Android device that contains system libraries and frameworks used by every application installed on the device. In other words, it’s a demon whose purpose is to launch Android applications,” Kaspersky explained.
“This is the first time technology like this has been seen in the wild. Prior to this, a trojan using Zygote was known only as a proof-of-concept. The stealth capabilities of this malware are very advanced.
“After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using anti-malware solutions.”
The security firm added that the complexity of Triada’s functionality proves that professional cyber criminals with a deep understanding of the targeted mobile platform are behind the creation of this malware.
Kaspersky reckons that it is nigh on impossible to rid a device of the malware, and suggested that you might as well nuke your phone and start again.
Comments Off on Qualcomm Has A Snapdragon CPU For Cars
Qualcomm has told the assorted throngs at CES about a new Snapdragon 820 Automotive family of products. It will come in two flavors – a standard 820A and an 820Am that adds an LTE modem.
The chip is designed for in-car navigation and infotainment systems running QNX, Linux, and Android. It has wireless capabilities and can connected to your phone. The LTE version will link to the Internet.
They can manage multiple displays to run the screen in your dashboard and an infotainment screen in the back seat. It also offers support for high-resolution 4K displays for when some company inevitably decides to cram a high-res, high-density screen into one of its cars.
The 820A chips are close cousins ofthe the Snapdragon 820 SoCs that will start shipping in phones later this year and use Qualcomm’s custom-made 64-bit Kryo CPU cores, an Adreno 530 GPU, a Hexagon 680 DSP all cooked up with a 14nm manufacturing process. They will also use the Snapdragon X12 LTE which can manage 600Mbps down and 150Mbps up when the wind is behind it and it is going downhill. There are all the usual 802.11ac Wi-Fi, Bluetooth, and other features.
Qualcomm said that it used a “modular approach” in designing the chip, which means that the cars infotainment system can be upgraded with hardware and software updates, thereby enabling vehicles to be easily upgraded with the latest technology.
Car makers could theoretically swap out the chip or the entire package without needing to worry about software changes. Qualcomm specifically mentions upgrading LTE connectivity over the lifetime of the car to keep up with the capabilities of cellular networks.
Qualcomm says the 820A family will begin sampling in Q1 of 2016.