source:  cyware.com

25 Vulnerabilities Chinese APT Groups Are Chasing Right Now

 

Cybercriminals are consistently scanning and exploiting publicly available security bugs. Recently, the National Security Agency (NSA) has published a 

report , detailing the top 25 vulnerabilities exploited by hackers, urging organizations in the U.S. public and private sectors to prioritize for action.

The top 25 vulnerabilities

According to the report, Chinese state-sponsored hackers were seen abusing these vulnerabilities to launch strategic hacking operations against a multitude of victim networks.
  • Most of these vulnerabilities belong to products related to remote access or external web services. Such products, accessible via the internet, are often exploited to gain initial access inside the victim’s network.
  • Exploits in the enterprise products including gateways (including Citrix ADC and Gateway, Symantec Messaging Gateway), VPN (Pulse Secure VPN), load balancers (F5 BIG-IP), etc. could provide direct remote access to the attackers.
  • Several vulnerabilities in the list target Windows OS and its services, such as Remote Desktop Services (Blukeep vulnerability), Netlogon (Zerologon), DNS server (SigRed), etc.
  • Additional products include business applications such as email servers (such as Microsoft Exchange, Exim mail), and application servers (such as Oracle WebLogic, Zoho ManageEngine, Adobe ColdFusion), that are being targeted by Chinese hackers.

Recent exploitation of these flaws

Not only Chinese hackers but several other low-level malware groups, ransomware gangs, and other state-sponsored hackers (including Russia, and Iran) were seen exploiting the above-mentioned vulnerabilities.
  • Threats actors such as TA505MuddyWater, and Ryuk were seen abusing the ZeroLogon vulnerability (CVE-2020-1472) to target public and private sector organizations.
  • Hackers were seen combining VPN (CVE-2019-11510) and Windows bugs to gain access to government networks, for which CISA and the FBI had issued prior warnings.
  • F5 BIG-IP (CVE-2020-5902), and Pulse Secure VPN servers (CVE-2019-11510) were also recently targeted by hackers.
  • In September, Iranian hacking group Pioneer Kitten was seen taking advantage of several unpatched vulnerabilities (CVE-2020-5902, CVE-2019-11510, and CVE-2019-19781) to target U.S. businesses and federal agencies.

The bottom line

The exploitation of such vulnerabilities could lead to the compromise of sensitive information related to a country’s policies, strategies, plans, and competitive advantage. Fortunately, all the vulnerabilities listed by researchers have patches available from their vendors. Thus, users are recommended to patch these and all other known vulnerabilities to avoid any undue risks to their infrastructure.

 

 

 

Find out if you can meet all your needs within a 15-minute walk from your house.

source:  fastcompany.com

In a “15-minute city,” it’s possible to meet your basic needs within a 15-minute walk or bike ride. Instead of sitting in traffic during a rush-hour commute, you can work at home or walk to an office nearby. You can walk to get groceries, go to the doctor, take your kids to school, or run any other everyday errand. Housing is affordable, so a barista could live in a walkable neighborhood as easily as a lawyer. It’s a concept championed by the mayor of Paris and, more recently, pitched by a global network of cities as a tool for helping urban areas recover from the pandemic—and improve sustainability and health as people start to get more exercise while conducting their day-to-day activities.

In the U.S., car-dependent sprawl is more common. But a new tool lets you map out local services to see how close your neighborhood comes to the ideal.

 

Click here to try out the tool:

https://app.developer.here.com/15-min-city-map/

“The global pandemic has highlighted the importance of location and proximity,” says Jordan Stark, a spokesperson for Here Technologies, the location data platform that created the map. The company typically creates maps for businesses, such as delivery companies that need to route vehicles, and built the new tool to demonstrate how developers could work with its data. While the current version maps out amenities like grocery stores, transit stops, and medical care—along the lines of Walkscore, another tool—the company says it might later create an iteration that considers how far residents might have to travel to get to an office.

The map also shows how many services can be accessed by car from an address. “We wanted to show, especially in the U.S., the contrast in the accessibility between walking and driving,” Stark says. “And as you can imagine, there are a number of communities where you have all of your essential items within a 15-minute drive, but potentially less than one essential location in a walk. So it was a way to show that contrast in spatial makeup.”

While pockets of American cities are walkable now—the map tells me that my own neighborhood in Oakland qualifies as a “15-minute city”—it’s possible that more neighborhoods will move in this direction as cities begin to use it as a framework for urban planning. Seattle’s Office of Planning and Community Development is one of the latest to say that it is exploring the concept of 15-minute neighborhoods.

“We wanted to show, especially in the U.S., the contrast in the accessibility between walking and driving,”

Deepfakes

source: homelandsecuritynewswire.com

 

Image editing software is so ubiquitous and easy to use, and deadline-driven journalists lack the tools to tell the difference, especially when the images come through from social media.

A peace sign from Martin Luther King, Jr, becomes a rude gesture; President Donald Trump’s inauguration crowd scenes inflated; dolphins in Venice’s Grand Canal; and crocodiles on the streets of flooded Townsville – all manipulated images posted as truth.

Image editing software is so ubiquitous and easy to use,  according to researchers from QUT’s Digital Media Research Centre, it has the power to re-imagine history. And, they say, deadline-driven journalists lack the tools to tell the difference, especially when the images come through from social media.

In addition, certain elements will be centered on mobile devices and tablets and aligned to the left or right on a desktop display. You can adjust the layout for each Block at three different device widths – desktop, tablet, and mobile.

Their study, Visual  Mis/Disinformation in Journalism and Public Communications, has been published in Journalism Practice. It was driven by the increased prevalence of fake news and how social media platforms and news organizations are struggling to identify and combat visual mis/disinformation presented to their audiences.

“When Donald Trump’s staff posted an image to his official Facebook page in 2019, journalists were able to spot the photoshopped edits to the president’s skin and physique because an unedited version exists on the White House’s official Flickr feed,” said lead author Dr T.J. Thomson.

“But what about when unedited versions aren’t available online and journalists can’t rely on simple reverse-image searches to verify whether an image is real or has been manipulated?

“When it is possible to alter past and present images, by methods like cloning, splicing, cropping, re-touching or re-sampling, we face the danger of a re-written history – a very Orwellian scenario.”

Examples highlighted in the report include photos shared by news outlets last year of crocodiles on Townsville streets during a flood which were later shown to be images of alligators in Florida from 2014. It also quotes a Reuters employee on their discovery that a harrowing video shared during Cyclone Idai, which devastated parts of Africa in 2019, had been shot in Libya five years earlier.

An image of Dr Martin Luther King Jr’s reaction to the US Senate’s passing of the civil rights bill in 1964, was manipulated to make it appear that he was flipping the bird to the camera. This edited version was shared widely on Twitter, Reddit, and white supremacist website The Daily Stormer.

Dr Thomson, Associate Professor Daniel Angus, Dr. Paula Dootson, Dr. Edward Hurcombe, and Adam Smith have mapped journalists’ current social media verification techniques and suggest which tools are most effective for which circumstances.

“Detection of false images is made harder by the number of visuals created daily – in excess of 3.2 billion photos and 720,000 hours of video – along with the speed at which they are produced, published, and shared,” said Dr. Thomson.

“Other considerations include the digital and visual literacy of those who see them. Yet being able to detect fraudulent edits masquerading as reality is critically important.

“While journalists who create visual media are not immune to ethical breaches, the practice of incorporating more user-generated and crowd-sourced visual content into news reports is growing.  Verification on social media will have to increase commensurately if we wish to improve trust in institutions and strengthen our democracy.”

Dr. Thomson said a recent quantitative study performed by the International Centre for Journalists (ICFJ) found a very low usage of social media verification tools in newsrooms.

“The ICFJ surveyed over 2,700 journalists and newsroom managers in more than 130 countries and found only 11% of those surveyed used social media verification tools,” he said.

“The lack of user-friendly forensic tools available and low levels of digital media literacy, combined, are chief barriers to those seeking to stem the tide of visual mis/disinformation online.”

Associate Professor Angus said the study demonstrated an urgent need for better tools, developed with journalists, to provide greater clarity around the provenance and authenticity of images and other media.

“Despite knowing little about the provenance and veracity of the visual content they encounter, journalists have to quickly determine whether to re-publish or amplify this content,” he said.

“The many examples of misattributed, doctored, and faked imagery attest to the importance of accuracy, transparency, and trust in the arena of public discourse. People generally vote and make decisions based on information they receive via friends and family, politicians, organizations, and journalists.”

The researchers cite current manual detection strategies – using a reverse image search, examining image metadata, examining light and shadows; and using image editing software – but say more tools need to be developed, including more advanced machine learning methods, to verify visuals on social media.

 

“When it is possible to alter past and present images, by methods like cloning, splicing, cropping, re-touching or re-sampling, we face the danger of a re-written history – a very Orwellian scenario.” highlights important information, which may or may not be an actual quote. It uses distinct styling to set it apart from other content on the page.”

 

source: wired.com

Wanna see me cut and paste a large block of text without formatting? Wanna see me do it again?

IT MAY NOT seem like a second or two would make a big difference in your workday. But seconds add up to minutes, and the momentum of being able to strike a few keys and keep typing makes an impact that’s difficult to quantify. That’s why I try to avoid using my mouse whenever possible: the more I can do without taking my hands off the keyboard, the quicker I can keep plugging away on the important stuff.

The Keyboard Shortcuts You Should Know

Let’s start with the basics: learn as many keyboard shortcuts as your brain can store. You probably know a few (Ctrl+C to copy and Ctrl+V to paste, for example), but there are dozens of others that can replace the clicks you make all day long. Here are a few I can’t live without:

IT Predictions from the Past: How Accurate Were They?

predictions

source: eweek.com

eWEEK looks back at three years ago on the conversation around automation: As the internet gets increasingly more fragile, automation–as it is in most other IT categories–becomes a big factor in making it run more efficiently. How accurate were the predictions from thought leaders?

[Editor’s note: Each December, eWEEK asks IT professionals to look ahead to the next year and let us know what important trends they see coming. We’ll be publishing these predictions again this year, so get them ready to send us! Meanwhile, periodically we look back at previous years’ predictions to see how how accurate–or inaccurate–they were. In this case, the thoughts around automation were particularly on target. Enjoy!]

Networking in 2017 encompassed far, far more technology than simply the pipes used to hold data as it moves from one location to another. It always has. In 2018, networking will evolve even more into software-controlled, artificial intelligence-fortified systems that will be thinking far ahead of humans as data moves through its veins.

 

Continue reading “IT Predictions From The Past: How Accurate Were They?”

too much tech

‘I’m Not Sure We’ll Survive It’:  How Constant Tech Is Breaking Our Brains


source: fastcompany.com

 

If you’re worried that our brains are being permanently and irrevocably altered by the constant use of technology during the coronavirus pandemic, Jaron Lanier has bad news and worse news.

“I’m not sure we’ll survive it,” the VR pioneer and noted technology skeptic said this week during a virtual panel discussion at the 2020 Fast Company Innovation Festival.

 

Granted, he followed that up with a more optimistic afterthought: “I do think the capacity of people to become more self-directed [with their use of technology] during the pandemic is actually a good sign—and it gives me some hope,” he added.

Continue reading “‘I’m Not Sure We’ll Survive It’: How Constant Tech Is Breaking Our Brains”

8 Tips to Tighten Up Your Work From Home Network

source: https://nakedsecurity.sophos.com/

If you connect it, protect it.”

Every time you hook up a poorly-protected device to your network, you run the risk that crooks will find it, probe it, attack it, exploit it and – if things end badly – use it as a toehold to dig into your digital life.

Criminals who figure out how to commandeer a vulnerable device inside your network can use that device to map out, scan and attack your laptop – the one you’re using right now to work from home – as if they were right there beside you.

In addition, certain elements will be centered on mobile devices and tablets and aligned to the left or right on a desktop display. You can adjust the layout for each Block at three different device widths – desktop, tablet, and mobile.

work from home

“A blockquote highlights important information, which may or may not be an actual quote. It uses distinct styling to set it apart from other content on the page.”

You will find in any penetration tester’s toolbox.

Continue reading “8 Tips to Tighten Up Your Work‑From‑Home Network”

facebook logo

Facebook Details Malware Campaign Targeting Its Ad Platform

source: securityweek.com

Facebook on Thursday released a detailed technical report on a malware campaign that targeted its ad platform for years.

Referred to as SilentFade (Silently running Facebook ADs with Exploits), the malware was identified in late 2018 and the vulnerability it was exploiting to stay undetected was patched soon after. Facebook took legal action against the malware operators in December 2019.

The malware exploited a server-side flaw to persistently suppress notifications and ensure that the infected users would not be made aware of suspicious activity related to their accounts. This allowed SilentFade to abuse the compromised accounts and run malicious ads without the victims noticing anything.

Although the malware was first detected in the final week of 2018, the cyber-crime group behind it is believed to have been operating since 2016, constantly adapting to new Facebook features and likely expanding to other social platforms and web services as well.

Continue reading “Facebook Details Malware Campaign Targeting Its Ad Platform”

What Are the Tools of Persuasion in Advertising?

SOURCE:  https://smallbusiness.chron.com/

Advertising is a communication strategy designed to convince consumers to buy a company’s products. Persuasive communication involves getting attention, generating interest, creating a desire for change and encouraging action. Advertising is important for driving revenue and profit growth. Small businesses can use persuasive advertising in one-on-one settings and through traditional media channels, including print, television and the Internet.

Repetition

The repeated use of phrases and images can help people remember the advertising messages and even accept them as truthful. For example, a technology company could reinforce the message of productivity in its commercials and a retailer could emphasize that its products provide the best value. Catchy slogans are also useful because they can be easily incorporated into short commercials and Internet banner ads.

Repetition-Break

The repetition-break tool consists of two or three repetitive sequences followed by a break or a deviating event that is different from the other sequences. For example, a pharmaceutical ad could show repetitive sequences of virile men and women in different settings followed by a graphic of the drug. The repetition creates an expectation of what is to come and the break comes as a surprise, which captures attention and generates interest. At the annual conference of the Cognitive Science Society, University of Illinois at Urbana-Champaign professor Jeffrey Loewenstein and colleagues cited research experiments showing that television advertisements using the repetition-break tool are persuasive and lead to higher purchase intentions than other forms of advertising.

 

Humor

If done properly, humor is an effective persuasive tool. Ambiguity, puns and comedic situations can make an ad memorable. People tend to remember things that make them smile, possibly leading to a purchase decision. For example, people are likely to remember a soft drink ad that has sketches of adorable polar bears drinking soft drinks while sliding down a mountain. Humor is one part of advertising messages, which usually include substantive messages, such as social acceptance, old-age security and family relationships.

Shock

Shock advertising aims to grab the attention of the audience. Jarring images and shocking text may also generate free media coverage, increasing the effectiveness of the advertising campaign. Public awareness ads against smoking and drugs often use shocking images to convey important health and safety messages. However, shocks tend to lose value through repeated exposure because viewers may start ignoring the ads altogether.

Other Tools

Other persuasive advertising tools include romantic imagery, music, stereotypes and celebrity endorsements. Product placements in favorite television programs and movies may also have a persuasive effect.

 

 

Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene

Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case.

source:  wired.com

 

IN 2018, 23-YEAR-OLD Jorge Molina was arrested and jailed for six days on suspicion of killing another man. Police in Avondale, Arizona, about 20 miles from Phoenix, held Molina for questioning. According to a police report, officers told him they knew “one hundred percent, without a doubt” his phone was at the scene of the crime, based on data from Google. In fact, Molina wasn’t there. He’d simply lent an old phone to the man police later arrested. The phone was still signed into his Google account.

The information about Molina’s phone came from a geofence warrant, a relatively new and increasingly popular investigative technique police use to track suspects’ locations. Traditionally, police identify a suspect, then issue a warrant to search the person’s home or belongings.

Continue reading “Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene”