*** The Security News Thread ***

[harrybarracuda]

Western Digital’s My Cloud Storage Devices Have Hard-Coded Backdoor

• By Ryan Whitwam on January 9, 2018 at 10:45 am

Western Digital’s My Cloud network attached storage (NAS) devices claim to offer an easy, all-in-one solution for storing your data at home. However, they might also be providing an easy, all-in-one solution for hackers to steal your data take control of your device. Western Digital was told about the vulnerabilities last year but has yet to patch many devices.
A Western Digital My Cloud NAS starts at less than $200 for a few terabytes with a single disk. It goes up to about $700 in the largest 16TB dual-drive system. Then there are the My Cloud EX series devices, which are more like a traditional NAS with user-accessible drive bays. These might cost well over $1,000 once equipped with drives. The majority of Western Digital’s network storage products are affected by the vulnerability.
According to researchers at GulfTech, WD’s NAS boxes use a broken security model that allows remote attackers to upload files and gain root access, but that’s not all. There’s also a hard-coded backdoor that could allow anyone to access your files. It’s really a mess.
The My Cloud devices are designed to be accessible by the owner locally as well as over the internet. It turns out someone else can ping the NAS remotely with a request to upload a file in such a way that the NAS lets them in. The researchers created a proof-of-concept module that can gain root access to the device, potentially allowing access to all the files contained in the NAS.


Things are made even worse by WD’s inclusion of a hard-coded backdoor. These devices contain an admin username “mydlinkBRionyg” and password “abc12345cba,” allowing anyone to log in remotely. This is hard-coded in the binary, so users cannot change it or revoke access. That makes the buggy code above extremely easy to access. An attacker could even hack the My Clouds on your network by tricking you into visiting a webpage with an embedded iframe that makes the login request.
GulfTech notified Western Digital of the vulnerabilities in June of last year, and the company requested a 90-day window to push out updates. Many devices still lack updates after six months, so GulfTech published its analysis. As of now, any of the affected models on firmware older than 4.x is vulnerable. If that’s you, it might be smart to disconnect the My Cloud for now, or at least put it someplace in your network where it can’t access the internet.

https://www.extremetech.com/computin...coded-backdoor

[harrybarracuda]

The Wi-Fi Alliance, a clutch of companies responsible for certifying products as capable of transmitting data over Wi-Fi, is working on WPA3, a new wireless protocol that’s designed to replace the existing WPA2 and boost security.
That’s big, because the WPA2 encryption protocol that protects your Wi-Fi router and connected devices from intrusions was cracked last October. And while that left many a router and Android device vulnerable to attacks, it was patched soon enough by the likes of Google, Microsoft and Apple.

Hopefully, that’s the last major wireless security bug we see for a long while (WPA2 is now about 14 years old). To ensure enhanced security, the Wi-Fi Alliance is building four major features into WPA3:

• Robust protections even when users choose passwords that fall short of typical complexity recommendations.
• A simplified process of configuring security for devices that have limited or no display interface.
• Strengthened user privacy in open networks through individualized data encryption.
• A 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as those in use in government, defense, and industrial sectors.

If you’re buying a new router or other network equipment later this year, you’ll want to look out for WPA3 certification. Android Police notes that your existing hardware may not receive WPA3 firmware updates because of the certification requirement, but that will largely depend on whether manufacturers care to take the effort to secure the devices they’ve already sold.

https://thenextweb.com/gadgets/2018/...uter-security/

[harrybarracuda]

Gotta love the jinglies. Journalist reports that peoples PII is for sale for $8.75 so they include her in the criminal complaint about the breach!

Tossers.

Indian data leak looks to have been an inside job

5,000 officials blocked from accessing billion-plus-records Aadhaar systen

By Richard Chirgwin 10 Jan 2018 at 06:31

SHARE ▼

The government authority in charge of India's billion-records-and-counting Aadhaar biometric identity database, the Unique Identity Authority of India (UIDAI), has suspended 5,000 officials from accessing the system.
As we reported yesterday, a journalist for the country's Tribune newspaper wrote of her ability to access Aadhaar records for 500 rupees (US$8.75). The UIDAI responded by including the journalist, Rachna Khaira, in a criminal complaint.
At the time, it was unclear whether access to the system was offered by hackers who had compromised the system, or insiders misusing their accounts to set up Aadhaar gateways for those who could pay.
An unnamed UIDAI officer has now told The Economic Times that “all the privileges given to designated officers for access have been immediately withdrawn”.
The Economic Times also reported that access has been overhauled so that the Aadhaar system can only be accessed if the user has the biometric identifier of the individual whose data is being verified.
Under the previous system, Aadhaar staff could open an individual's file with their 12-digit ID number, a design that facilitated managing the 500,000 daily requests for changes to individuals' details.
Since filing its “First Incident Report” with the police, the authority has sought to explain that it wasn't trying to interfere with press freedom by naming Khaira in the document. Rather, it wanted her (and the Tribune) to help identify who was selling Aadhaar access.
The Tribune has published an e-mail it was sent by UIDAI along with its response.
The authority's two questions were whether anybody supplied Khaira with Aadhaar biometrics (fingerprint or iris scans), and how many (and whose) Aadhaar numbers the journalist was able to view.
The e-mail also said “You are requested to send your response to UIDAI on the sender’s email by 8th January, 2018 failing which it will be presumed that there was no access to any Fingerprints and/or Iris scan”, something that's touched a nerve at the newspaper.
In his response, Tribune editor-in-chief Harish Khare wrote that UIDAI's suggestion that it will assume there was no access to biometrics shows it's not taking the breach seriously.
“We feel sorry that the authorities are unable to appreciate that a breach has taken place”, Khare wrote, “Still, we are more than happy to provide you any such information and will assist UIDAI to maintain integrity of the Aadhaar data”.
Khare's response included an offer to meet someone from UIDIA to answer further questions. ®

https://www.theregister.co.uk/2018/0...each_response/

[harrybarracuda]

Taiwanese cops give malware-laden USB sticks as prizes for security quiz

What was second prize? We think we'd rather have that

By Richard Chirgwin 10 Jan 2018 at 07:29

SHARE ▼

Winners of a security quiz staged by Taiwan's Criminal Investigation Bureau may be wondering why they tried so hard to do well after some of the USB drives handed out as prizes turned out to be wretched hives of malware and villainy.
According to the Taipei Times, the Bureau hosted an infosec event in December 2017, and gave 250 drives to people who won a cybersecurity quiz.
It's since emerged that 54 of the 8GB drives were infected by a computer used by an employee of supplier Shawo Hwa Industries Co “to transfer an operating system to the drives and test their storage capacity”.
While the dongles were manufactured in China, the Taipei Times said there's no suggestion that espionage was a motive.
The good news is that the infection was an old virus Chinese-language site Liberty Times names as “XtbSeDuA.exe” that tries to steal personal data from 32-bit machines.
The CIB says stolen data was forwarded to a relay IP address in Poland which in 2015 was associated with 2015 Europol raids on an electronic funds fraud ring. The police added that the server receiving the data from the latest infections has been shut down.
The prizes were handed out from December 11 to December 12, when complaints from the public started arriving, but 34 of the drives are still in circulation somewhere. ®

https://www.theregister.co.uk/2018/0...olice_malware/

[Dragonfly]

that's what happens when you let Indians run setup for Routeurs and USB memcards

[harrybarracuda]

that's what happens when you let Indians run setup for Routeurs and USB memcards

Ah, so that's what cheese eating surrender monkeys call them: "Le routeur".

[harrybarracuda]

BitTorrent critical flaw allows hackers to remotely control users' computers

Security researchers also warned that BitTorrent clients could be susceptible to attacks as well if the flaw is leveraged.

A critical flaw in the popular Transmission BitTorrent app could allow hackers to remotely control users' computers. The flaw, uncovered by Google Project Zero security researchers, allows websites to execute malicious code on users' devices. Researchers also warned that BitTorrent clients could be susceptible to attacks as well if the flaw is leveraged.
Project Zero researcher Tavis Ormandy posted a proof-of-concept attack, which exploits a specific Transmission function, via which the BitTorrent app can be controlled with the user's web browser. Ormandy reportedly used a hacking technique called the "domain name system rebinding" to come up with a way by which to remotely control the Transmission interface when a vulnerable user visits a malicious site. According to Ormandy, the exploit attack works on Chrome and FireFox on Windows as well as on Linux.

http://www.ibtimes.co.uk/bittorrent-critical-flaw-allows-hackers-remotely-control-users-computers-1655287

[harrybarracuda]

Norwegian health authority hacked, patient data of nearly 3 million citizens possibly compromised


Hackers have breached the systems of the Southern and Eastern Norway Regional Health Authority (Helse Sør-Øst RHF), and possibly made off with personal information and health records of some 2.9 million Norwegians.


The breach was announced on Monday by the authority.


The first to notice that something was amiss was HelseCERT, the Norwegian healthcare sector’s national information security center, which detects unwanted events and traffic and reports them to affected actors. HelseCERT notified Hospital Partner HF, the company responsible for all ICT operations in Helse Sør-Øst RHF.


Cathrine M. Lofthus, the CEO of the Southern and Eastern Norway Regional Health Authority, said that measures have been taken to limit the damage caused by the breach, but that it hasn’t affected patient treatment or patient safety.


“The event is handled according to established emergency preparedness routines and in collaboration with HelseCERT (Norwegian Helsenett SF) and NorCERT (National Security Authority) as well as other expertise. A number of measures have been implemented to remove the threat and further measures will be implemented in the future,” the authority said.


Norway’s police, military intelligence and its National Security Authority are investigating the breach, but it’s still unknown if the attackers managed to access and exfiltrate patient data.


“Due to pending investigations, there is not much information available about the breach itself. Still, it is said to involve a serious foreign actor, with speculations pointing to a state actor,” Kai Roer, CEO at Norwegian security culture company CLTRe, told Help Net Security.


Helse Sør-Øst RHF says that “the threat actor is an advanced and professional player.”


Norwegian public health care is divided into several regions, and the Southern and Eastern Norway Regional Health Authority covers the counties of Akershus, Aust-Agder, Buskerud, Hedmark, Oppland, Telemark, Vest-Agder, Vestfold, Østfold, and Oslo (the country’s capital).


Health records found here will most probably include that of government and secret police employees, military and intelligence staff, politicians and other public individuals.


Nyvoll Nygaard, an adviser with the Norwegian Police Security Service, said that it’s possible that someone working for a foreign state aimed to collect information that may harm fundamental national interests relating to the community infrastructure.


But, it could just as easily turn out that the attackers were merely after data they can sell on to the highest bidder.


“The healthcare sector is known to be a target for hackers, and the healthcare sector in Norway is no exception. 2,8 m patient records lost is equal to half of Norway’s total population, and as such must be considered a major breach,” Roer noted.


https://www.helpnetsecurity.com/2018/01/18/norwegian-health-authority-hacked/

[harrybarracuda]

I think we might have the odd OnePlus user here, so take note:

OnePlus Attackers Steal Credit Card Data From 40,000 Customers

By: Sean Michael Kerner| January 19, 2018


Days after receiving initial reports about fraudulent activity, the mobile phone vendor reveals that attackers were able to get a malicious script onto its website that stole user credit card information.


Mobile phone vendor OnePlus announced on Jan. 19 that it was the victim of a security breach that exposed credit card information of up to 40,000 customers.
The admission that there was a data breach comes three days after OnePlus announced that it was temporarily disabling credit card payments on its website. OnePlus disabled the credit card payments on Jan. 16, after receiving reports from customers that they were seeing unknown credit card charges after buying something online from OnePlus.
"One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered," OnePlus stated in an advisory on the breach.
The attack appears to had been ongoing from mid-November 2017 until Jan. 11, 2018, OnePlus said. According to the company, credit card information (card numbers, expiration dates and security codes) that was entered on the Oneplus.net site may have been compromised. Users who saved their credit card information on the site, as well as those who use PayPal, do not appear to be impacted by the breach, however.


OnePlus' investigation into the data breach found that a malicious script was operating intermittently on the Oneplus.netsite. The script was able to capture data from end users' web browsers and then send that data to the attacker. According to OnePlus, it has now eliminated the immediate risk.
"We have quarantined the infected server and reinforced all relevant system structures," OnePlus stated.
What remains unclear is how the malicious script got onto the OnePlus server in the first place and why it wasn't caught by security technology. The company is now working with its technology providers as well as law enforcement to further investigate the security incident.
"We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit," OnePlus stated. "All these measures will help us prevent such incidents from happening in the future."
Chris Morales, head of security analytics at Vectra, said he is impressed with the expediency and thoroughness OnePlus is taking in providing its customers with a breach notification. That said, Morales noted that while it is unfortunate that the breach occurred, it is not at all surprising.
"This breach should be a reminder that HTTPS, while encrypted, is not a guarantee of a secure transaction as attackers can compromise the systems at both ends of any encrypted conversation," Morales told eWEEK.
What Should End Users Do?
OnePlus recommends that its customers check their credit card statement and immediately report any unrecognized charges. The company will also be providing credit card monitoring services to impacted customers.
"Unfortunately, there is not much a consumer can do to prevent being victimized as part of a breach," Shawn Kanady, principal security consultant at security Trustwave, told eWEEK.
Kanady added that online shopping will always be risky for the consumer so it becomes more of an awareness and detection issue for the everyday shopper. In his view, the key is to understand the risk and set up some safeguards.
Among the online safeguards that Kanady recommends for online shoppers are the following:

• Set up text-based alerts on your bank/credit account for any transaction over a certain dollar amount. It could be $1.
• Set up accounts that are only used when shopping online. Segregating your accounts will prevent fraud on your high-value accounts like your checking account.
• Do not opt-in on saving your credit card information for later billing.
• Use prepaid cards or a PayPal account for online shopping, allowing for an extra layer between the attacker and your real accounts.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

OnePlus Website Hack Leads to Theft of Credit Card Information

[harrybarracuda]

Google, Amazon Among IT Giants Backing Microsoft in Supreme Court Case
By: Pedro Hernandez | January 19, 2018


Major technology companies, lawmakers and media organizations rally behind Microsoft in a U.S. Supreme Court case with implications for the cloud computing market.


Amazon, Apple and Google are among the many IT giants that are siding with Microsoft in a closely watched email privacy case that has made its way to the U.S. Supreme Court.


The industry heavyweights were among the 288 signatories on 23 amicus, or friend of the court, briefs filed on Jan. 18 in support of Microsoft and its legal battle against the U.S. Department of Justice, announced the Redmond, Wash., software maker's president and chief legal officer, Brad Smith. Microsoft's lawyers are set to appear before the nation's top court on Feb. 27, with a decision expected to be handed down by June.


Microsoft is challenging the DOJ's efforts to obtain user emails stored in an Irish data center with the use of a search warrant. The company experienced a similar groundswell of industry support in 2014 after it filed an appeal of U.S. District Judge Loretta Preska's controversial ruling ordering Microsoft to turn over the emails, an appeal it won in July 2016. However, the U.S. Supreme Court granted a DOJ petition to review the case in October 2017.


Reiterating Microsoft's stance, Smith said that the DOJ's attempts to access a foreign user's emails is "a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens' emails at risk," in a Jan. 19 announcement. "If the U.S. government obtains the power to search and seize foreign citizens' private communications physically stored in other countries, it will invite other governments to do the same thing. If we ignore other countries' laws, how can we demand that they respect our laws?"


Smith also made the argument that the DOJ's position can harm the American economy and its workers, since the world's top cloud computing companies hail from the United States. Foreign customers may come to distrust American companies that operate data centers overseas if the U.S. government can unilaterally obtain data from those facilities, he said.


Microsoft's arguments appear to be resonating with the IT industry.


Cisco, Dropbox, eBay, Facebook, HP, Salesforce, SAP and Verizon are among the companies represented in an amicus brief filed on behalf of technology companies. IBM, in an individually filed brief, stated that "[a] rule allowing the government to obtain cloud data stored abroad by a U.S.-based company will significantly disadvantage U.S. cloud services providers when it comes to competing for enterprise clients, who may prefer to use cloud services from a company with no presence in the United States."


Tech companies aren't the only ones rallying behind Microsoft.


Five members of the Congress have joined the cause, namely Senators Orrin Hatch (R-UT) and Christopher Coons (D-DE), along with Doug Collins (R-GA), Darrell Issa (R-CA) and Hakeem Jeffries (D-NY) of the U.S. House of Representatives. Abroad, a number of members of the European Parliament, including The UK's Claude Moraes and Germany's Manfred Weber, are backing Microsoft.


Media organizations include The Associated Press Media Editors, CNN, Fox News, NPR and Thomson Reuters Markets. A number of trade organizations, including the U.S. Chamber of Commerce and Information Technology and Innovation Foundation (ITIF), have also voiced their support.


Copies of the amicus briefs can be found here and a list of signatories is available here.

Apple, Google and IBM Support Microsoft in Supreme Court Case

[baldrick]

Reiterating Microsoft's stance, Smith said that the DOJ's attempts to access a foreign user's emails is "a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens' emails at risk,"

this is what fcuks me about all these lawsuits

the us of farking a says " youse all belong us laws " and fcuk you

they will try to have every other fcuker in the world arrested to comply with their corporate kleptocracy , but like fcuk they will send one of their scumbags to answer to another countries laws

they have mounted the slippery slope and should not be surprised as their cherished model of enforced theft starts to be targeted as tech accelerates faster than the dinosaurs can legislate their protections

[harrybarracuda]

this is what fcuks me about all these lawsuits

the us of farking a says " youse all belong us laws " and fcuk you

they will try to have every other fcuker in the world arrested to comply with their corporate kleptocracy , but like fcuk they will send one of their scumbags to answer to another countries laws

they have mounted the slippery slope and should not be surprised as their cherished model of enforced theft starts to be targeted as tech accelerates faster than the dinosaurs can legislate their protections

I think the people trying to enforce this warrant have not a fucking clue about technology. Probably even less than Buttplug.

[Dragonfly]

technology is irrelevant in those battles, only a complete social retard like Harry or Baldrick would fall for it and think they have it all figure out in technical terms

no wonder they focus so much on buying bitcoins and think they will get away with it, the silly clowns

[harrybarracuda]

technology is irrelevant in those battles, only a complete social retard like Harry or Baldrick would fall for it and think they have it all figure out in technical terms

no wonder they focus so much on buying bitcoins and think they will get away with it, the silly clowns

Told you. Like a moth to a fucking flame.

[baldrick]

Butterfluffer is the canary

[harrybarracuda]

DuckDuckGo offers new privacy extension and app

DuckDuckGo, the company behind the eponymous privacy-minded Internet search engine, has announced a new browser extension and mobile app: DuckDuckGo Privacy Essentials.

• It makes DuckDuckGo the default search engine (this features is optional – it can be switched off).

• Forces websites to serve users with an encrypted version (i.e., HTTPS version) of the site – if it’s available.

• Blocks all hidden, third-party trackers it can find and provides users with a list of them.
• Provides information about website’s terms of service and privacy policies.

That last feature is based on the scores and analysis results by the Terms of Service Didn’t Read (TOSDR) service and, unfortunately, the results might be incomplete and outdated. DuckDuckGo founder Gabriel Weinberg says that they are working with TOSDR to help them to rate and label as many websites as possible.

“Once you start using the new app and browser extension, you’ll quickly notice something: hardly any website currently gets an ‘A’ on privacy. That’s because hardly any website out there truly prioritizes your privacy,” Weinberg noted.
The goal of the extension/app is to make it visible to users which sites track them and how, and which sites care about user privacy.

“As more people start taking their privacy back online, the companies who make money off our personal information will be put on more notice, and we’ll collectively raise the Internet’s privacy grade, ending the widespread use of invasive tracking,” he hopes.

The new extension and app are available for Firefox, Safari, Chrome, iOS, and Android. They are open source, and the code is available on GitHub.



https://www.helpnetsecurity.com/2018/01/24/duckduckgo-privacy-app/

[david44]

Norse Code

“The healthcare sector is known to be a target for hackers, and the healthcare sector in Norway is no exception. 2,8 m patient records lost is equal to half of Norway’s total population, and as such must be considered a major breach,” Roer noted.

Send for Inspector Morse

[harrybarracuda]

Norse Code

“The healthcare sector is known to be a target for hackers, and the healthcare sector in Norway is no exception. 2,8 m patient records lost is equal to half of Norway’s total population, and as such must be considered a major breach,” Roer noted.

Send for Inspector Morse

See Post #508

[Latindancer]

Last year was a banner year for cybercrime. More data was stolen in the first six months of 2017 than in the entirety of 2016. They call it "explosive data exfiltration".


https://www.helpnetsecurity.com/2018...-exfiltration/

[harrybarracuda]

Last year was a banner year for cybercrime. More data was stolen in the first six months of 2017 than in the entirety of 2016. They call it "explosive data exfiltration".


https://www.helpnetsecurity.com/2018...-exfiltration/

Amazes me how many companies can't do the simple thing of measuring their normal traffic and setting a baseline.

Once you've done that you can just monitor for exceptions and be alerted if large amounts of data start moving where they are not supposed to.

There are lots of free, open source Netflow analyzers and it simply requires a little bit of work.

[harrybarracuda]

Details in the link.

How to Check If You're Infected with CrossRAT?


Since CrossRAT persists in an OS-specific manner, detecting the malware will depend on what operating system you are running.

For Windows:

• Check the 'HKCU\Software\Microsoft\Windows\CurrentVersion\Ru n\' registry key.
• If infected it will contain a command that includes, java, -jar and mediamgrs.jar.

For macOS:

• Check for jar file, mediamgrs.jar, in ~/Library.
• Also look for launch agent in /Library/LaunchAgents or ~/Library/LaunchAgents named mediamgrs.plist.

For Linux:

• Check for jar file, mediamgrs.jar, in /usr/var.
• Also look for an 'autostart' file in the ~/.config/autostart likely named mediamgrs.desktop.

https://thehackernews.com/2018/01/crossrat-malware.html

[harrybarracuda]

Unauthorized Monero Mining Campaign Impacting Up to 30M Systems

By: Sean Michael Kerner| January 26, 2018


The Palo Alto Networks Unit 42 security research team reveals a new cryptocurrency attack that makes use of URL shorteners to trick users into installing Monero mining software.


Palo Alto Networks is warning of a new cryptocurrency mining attack that is using URL shorteners as a way to infect victims' systems.
In a Jan. 24 report, the Palo Alto Networks Unit 42 security research group revealed that up to 30 million systems may be impacted by the attack, which has been ongoing since October 2017. The attack payload installs the open-source XMRig mining software on a victim's machine to consume CPU resources and mine the Monero cryptocurrency. It's currently not known who is behind the new attack.

Attackers Use URL Shorteners in Cryptocurrency Mining Attack

[harrybarracuda]

Privacy Tools Adds Transparency to Microsoft Windows Data Collection

By: Pedro Hernandez| January 25, 2018


The upcoming Windows Diagnostic Data Viewer app and revamped Privacy Dashboard will allow users to see the data Microsoft has collected on them.


Wondering exactly what kind of data Windows is sending to Microsoft? A new tool, called the Windows Diagnostic Data Viewer, lifts the veil on the previously opaque communications between Windows PCs and Microsoft's telemetry-gathering operations.
To many Windows users, particularly those concerned about the privacy of their data, it comes as no surprise that Microsoft's operating system can collect and transmits data regarding a PC's configuration, device health, application usage and other information.
Microsoft analyzes this data to shed light on how the system software is faring across a wide variety of hardware combinations and usage patterns, information that the software maker then uses to address issues, improve the OS and help guide the software giant's ongoing OS development efforts.


It's a practice that stoked privacy concerns when Windows 10 first hit the scene. Privacy advocates were alarmed by breadth of information Microsoft collected on people who used its operating system software and cloud services.
Soon, with the Windows Diagnostic Data Viewer, users will be able to see exactly what kind of data their Windows 10 PCs are sharing with Microsoft, announced Marisa Rogers, the Windows and Devices Group Privacy Officer at Microsoft.
"Our commitment is to be fully transparent on the diagnostic data collected from your Windows devices, how it is used, and to provide you with increased control over that data. This is all part of our commitment to increase your trust and confidence in our products and services," she wrote in a Jan. 24 blog post, authored just days before Data Privacy Day (Jan. 28).
"You are able to see and search all Windows diagnostic data that's in the cloud related to your specific device," continued the executive. Users will be able to view information on their devices and their configurations, including connected peripherals, settings and the network information pertaining to a given device.
Delving deeper, Windows Diagnostic Data Viewer can show reliability and performance information, along with data on a user's file queries and movie consumption. Alarming as it may sound to some users, Rogers claimed that the "functionality is not intended to capture user viewing or, listening habits."
Users can also explore their application usage, along with an inventory of installed applications and device updates.
Windows Diagnostic Data Viewer will be released to the Microsoft Store app marketplace as part of the next major Windows 10 update. Members of the Windows Insider program can take the app for an early spin.
In addition to the viewer app, Microsoft has revamped its Privacy Dashboard, providing users with a clearer view of the data that is saved to their Microsoft accounts. More updates are on the way, stated Rogers.
An updated Activity History page will soon allow users to access and manage their media, product and Microsoft services activity information. Additionally, users will be able to export their dashboard data and delete specific items.

New Privacy Tools Lets Users View Data Windows Sends to Microsoft

[harrybarracuda]

Hackers forced US ATM machines to spit out cash
on Sunday, January 28, 2018


Two of the world's largest ATM manufacturers in the US, Diebold Nixdorf Inc and NCR Corp have warned their clients that hackers are targeting their machines with tools that force them to spit out money via hacking schemes “jackpotting.”


Both the makers have not identified any victims or how much money they had lost till now.


The attack was reported for the first time on 27 January by the security news website Krebs on Security. Immediately, companies sent out alerts to clients warning of the trend on Saturday.


'This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,' the company said.


Jackpotting has been widely used around the world in recent years, but still, it is unclear how much cash has been stolen because victims and police do not disclose details.


Diebold Nixdorf has admitted that US authorities had warned them about one of its ATM models Opteva, which they stopped manufacturing several years ago, being targetted by the hackers, but they did not take the warning seriously.


Krebs on Security reported, "a confidential US Secret Service alert sent to banks said the hackers targeted stand-alone ATMs typically located in pharmacies and big-box retailers as well as drive-thru ATMs."


However, Federal Bureau of Investigation has started investigating the matter.


http://www.ehackingnews.com/2018/01/hackers-forced-us-atm-machines-to-spit.html

[harrybarracuda]

You publish 20,000 clean patches, but one goes wrong and you're a PC-crippler forever

Malwarebytes pushed a patch, then a patch for the patch

By Richard Chirgwin 29 Jan 2018 at 03:04


Security software vendor Malwarebytes has overwritten two updates to its products and apologised to users who found their machines turned into near-bricks.
The problem started with a production update the company pushed out last Friday, which sent users to their keyboards complaining of excessive RAM and CPU consumption.
Affected products included Malwarebytes for Windows Premium, Malwarebytes for Windows Premium Trial, Malwarebytes Endpoint Security (MBES) and Malwarebytes Endpoint Protection (Cloud Console).
Irritated users lit up the company's forums with hundreds of messages about the issue.
The company moved to resolve the issue, but its first fix failed and users kept venting. That led to this Sunday apology, as the company pushed out a second fix.
“The root cause of the issue was a malformed protection update that the client couldn’t process correctly,” the apology post said, something Malwarebytes says is rare since “we have pushed upwards of 20,000 of these protection updates routinely”.
The company also published the timeline below, in its analysis [PDF] of the issue.

The company explained that the snafu arose because of work to try and improve its Web protection detection syntax controls.
“Recently we have been improving our products so that we can show the reason for a block, i.e. the detection 'category' for the web protection blocks. In order to support this new feature, we added enhanced detection syntaxes to include the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production.” ®


https://www.theregister.co.uk/2018/0..._patchy_patch/