Connect with us

Tech

New attack on home routers sends users to spoofed sites that push malware

Published

on


Photograph of a Linksys router.

A recently discovered hack of home and small-office routers is redirecting users to malicious sites that pose as COVID-19 informational resources in an attempt to install malware that steals passwords and cryptocurrency credentials, researchers said on Wednesday.

A post published by security firm Bitdefender said the compromises are hitting Linksys routers, although BleepingComputer, which reported the attack two days ago, said the campaign also targets D-Link devices.

It remains unclear how attackers are compromising the routers. The researchers, citing data collected from Bitdefender security products, suspect that the hackers are guessing passwords used to secure routers’ remote management console when that feature is turned on. Bitdefender also hypothesized that compromises may be carried out by guessing credentials for users’ Linksys cloud accounts.

Not the AWS site you’re looking for

The router compromises allow attackers to designate the DNS servers connected devices use. DNS servers use the Internet domain name system to translate domain names into IP addresses so that computers can find the location of sites or servers users are trying to access. By sending devices to DNS servers that provide fraudulent lookups, attackers can redirect people to malicious sites that serve malware or attempt to phish passwords.

The malicious DNS servers send targets to the domain they requested. Behind the scenes, however, the sites are spoofed, meaning they’re served from malicious IP addresses, rather than the legitimate IP address used by the domain owner. Liviu Arsene, the Bitdefender researcher who wrote Wednesday’s post, told me that spoofed sites close port 443, the Internet gate that transmits traffic protected by HTTPS authentication protections. The closure causes sites to connect over HTTP and in so doing, prevents the display of warnings from browsers or email clients that a TLS certificate is invalid or untrusted.

Domains swept into the campaign include:

  • aws.amazon.com
  • goo.gl
  • bit.ly
  • washington.edu
  • imageshack.us
  • ufl.edu
  • disney.com
  • cox.net
  • xhamster.com
  • pubads.g.doubleclick.net
  • tidd.ly
  • redditblog.com
  • fiddler2.com
  • winimage.com

The IP addresses serving the malicious DNS lookups are 109.234.35.230 and 94.103.82.249.

The malicious-sites users land on claim to offer an app that provides “the latest information and instructions about coronavirus (COVID-19).”

Bifdefender

Users who click on the download button are ultimately redirected to one of several Bitbucket pages that offers a file that installs malware. Known as Oski, the relatively new piece of malware extracts browser credentials, cryptocurrency wallet addresses, and possibly other types of sensitive information.

US, Germany, and France most targeted

There were 1,193 downloads from one of the four Bitbucket accounts used. With attackers using at least three other Bitbucket accounts, the download number is likely much higher. (The actual number of people infected is probably smaller than the download total, since some people may not have clicked on the installer or accessed the page for research purposes).

Bitdefender data shows the attack started on or around March 18 and hit a peak on March 23. Bitdefender data also shows that the routers targeted the most were located in Germany, France, and the United States. At this moment, these countries are among those most suffering the devastating effects of COVID-19, which at the time this post went live had caused more than 436,856 infections and 19,549 deaths worldwide.

To prevent attacks on routers, the devices should have remote administration turned off whenever possible. In the event this feature is absolutely necessary, it should be used only by experienced users and protected by a strong password. Cloud accounts—which also make it possible to remotely administer routers—should follow the same guidelines. Moreover, people should frequently ensure that router firmware is up-to-date.

People who want to check if they have been targeted can check the Bitdefender post for indicators of compromise. Take note: the indicators may be hard for less experienced users to follow.



Source

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

After coronavirus, AI could be central to our new normal

Published

on


When we came out of the financial crisis of 2008, cloud computing kicked into high gear and started to become a pervasive, transformational technology. The current COVID-19 crisis could provide a similar inflection point for AI applications. While the implications of AI continue to be debated on the world stage, the rapid onset of a global health crisis and concomitant recession will accelerate its impact.

Times of crisis bring rapid change. Efforts to harness AI technologies to discover new drugs – either vaccine or treatment – have kicked into hyperdrive. Startups are racing to find solutions and established companies are forming partnerships with academia to find a cure. Other companies are researching existing drugs for their potential applicability. AI is proving a useful tool for dramatically reducing the time needed to identify potential drug candidates, possibly saving years of research. AI uses already put into action are screening for COVID-19 symptoms, decision support for CT scans, and automating hospital operations. A variety of healthcare functions have started to be performed by robots, from diagnosis to temperature monitoring.

Whatever the new normal becomes in the aftermath of the current crisis, it’s apparent that AI will be an even larger part of the technology landscape going forward — and not only for healthcare.

Growing automation

The Brookings Institute recently published its view that a recession is likely to bring about a spike in labor-replacing automation — with employers shedding less-skilled workers. They argue that automation surges during recessions and could bring long-term structural changes to the labor force. This echoes an article where London School of Economics Professor Mirko Draca said a recession will bring with it a wave of AI and automation.

The recession will impact broad swaths of the economy. A recent story cites a CEO who had to close a factory after an employee became ill. Obviously, robots do not have this problem. As a result, the company has plans to speed its adoption of AI and machine learning over the next few years.

VB TRansform 2020: The AI event for business leaders. San Francisco July 15 - 16

Call center operations have been similarly affected, leading to an increased interest in automation software. The Wall Street Journal reported that, in the midst of the current business disruption, companies are looking for temp workers and using automated bots to help filter callers who need a live person from those who can be helped digitally. Auto maker Hyundai may now move even faster towards automated production.

Warehouse, grocery, and delivery workers are striking in hopes of better wages and, especially, working conditions. This at the same time as these positions are increasingly subject to automation and AI products to improve automation continue to advance. Though conditions prompting the work stoppages are understandable, it is equally possible these actions will only spur further efforts to embed automation. A completely automated retail supply chain from warehouse to grocery or restaurant to home is increasingly coming into view, though it will likely be several years before all the pieces are fully in place.

As technology advances, there is increasing acceptance of automation. “Americans are growing more comfortable shopping for food or electronics without the aid of another human,” according to the March 2020 Automated Retail Tracker. Mercer’s 2020 Global Talent Trends survey reveals 34% of employees expect their jobs to be replaced in three years. It is not only blue-collar work that will be affected. Gartner predicts emerging technologies such as virtual personal assistants and chatbots will replace close to 70% of managerial workload, leading to a complete overhaul of these roles.

Increased use of surveillance

In dire times, governments can assume broad powers. This was evident after 9/11 when the U.S. Congress quickly passed the USA PATRIOT Act that expanded surveillance. Many of the provisions were supposed to expire more than a decade ago. Yet, the program is still in place.

A very different crisis now is providing a similar impetus to increase surveillance. Governments worldwide are harnessing surveillance-camera footage, smartphone location data, and credit card purchase records to help trace the recent movements of people who may have contracted COVID-19 and establish virus transmission chains.

AI technologies are being deployed into augmented reality glasses, ostensibly to detect fevers with thermal imaging cameras. Similarly, facial recognition systems are being used as an alternative to technologies that rely on touch-based sensors. This information can be integrated with other data, such as phone location, to compile information on people and make determinations about permissible movement and behaviors. Yet facial recognition has had challenges with accuracy of identification and ethical applications, leading to calls for greater government regulation.

As with the search for effective drug candidates, the use of AI technologies on all fronts to battle a virus is needed in an all-hands-on-deck moment. World Health Organization executive director Dr. Michael Ryan said surveillance is part of what’s required for life to return to normal in a world without a vaccine. However, civil liberties experts warn that the public has little recourse to challenge these digital exercises of power once the immediate threat has passed. Human Rights Watch, Amnesty International, AI Now, and 104 other organizations urged governments to show leadership in tackling the pandemic by respecting human rights when using digital technologies to track and monitor people. In a joint statement, the organizations said that the virus must not be used as a cover to usher in a new era of greatly expanded systems of invasive digital surveillance.

The dilemma

As we face the current crisis as a society, we must resolve the competing values of protecting health while also ensuring privacy and liberty. And we must find a balance between business viability and protecting the ability of people to earn a reasonable living. There is no going back; we’re heading into a new normal. Immediately, the focus will have to be on managing the crisis with the best available tools. This period could be 12-24 months, until there is enough herd immunity, treatment therapies, and an effective vaccine.

During this time, governments will need to do everything possible to provide a social safety net, at least until business can resume and employment levels approach pre-crisis levels. Concurrently, people should realize there will be new rules in the new normal, especially those who work in fields where automation is likely. They should use this period to learn new skills such as systems analysis and evaluation, problem solving, ideation, and leadership. Many companies, from Shell to Amazon have announced plans to re-skill large segments of their workforce. More will need to do so.

Protecting privacy and liberty is perhaps even more challenging. Once surveillance technology is used in response to an immediate crisis, it is difficult to reverse. Surveillance does not need to be our manifest destiny. One proposal out of Europe would limit retention of collected data for only 14 days, the period of possible virus transmission. The only effective means to reasonably protect privacy is to require that surveillance powers assumed during a crisis expire when the crisis ends.

Gary Grossman is the Senior VP of Technology Practice at Edelman and Global Lead of the Edelman AI Center of Excellence.



Source

Continue Reading

Tech

Creepy Woods TECH REVIEW

Published

on



A7 UK:
A7 FR:
A7 DE:
A7 IT:

A7 US:

enter the raffle to win a metal detector =

Donations help make more videos
become a patreon and help support the channel it cost alot of money traveling around filming videos so every little helps with travel and better equipment also get early viewing

if you would like to know what equipment i use
heres all the details
200kg magnet =

Metal detecting equipment (simplex)

2000kg rope =

For other magnets click here =

for any custom decals quote THATSBRAD =

Online Sunglasses =

for my stuff = T-SHIRTS =

for other t-shirts =

wristbands/stickers =

send me a letter i love to hear off you
THATS BRAD
83 Ducie Street
Manchester
M12JQ

United Kingdom

#magnetfishing #rivertreasure #outdoors

source

Continue Reading

Tech

What’s in the latest Firefox upgrade? Firefox 75 boosts search with address bar enhancements

Published

on


Mozilla on Tuesday released Firefox 75 on schedule, unlike rivals Google and Microsoft, which postponed browser releases by weeks and scratched one version entirely because of the COVID-19 pandemic.

The upgrade’s most visible changes were to Firefox’s address bar, which has been tricked out with several enhancements designed to make for more productive searches.

The company’s developers also patched a half dozen vulnerabilities, three labeled “High,” Firefox’s second-most-serious label. As has regularly been the case, Mozilla addressed multiple memory safety flaws that criminals might have been able to exploit had they known of them.

Firefox 75 can be downloaded for Windows, macOS and Linux from Mozilla’s site. Because Firefox updates in the background, most users can just relaunch the browser to get the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose “About Firefox.” (On macOS, “About Firefox” can be found under the “Firefox” menu.) The resulting page shows that the browser is either up to date or describes the refresh process.

This was the second version of Firefox to be released four weeks after its predecessor — Mozilla last upgraded the browser on March 10. In September 2019, the company announced it would accelerate the browser’s release pace by shortening the interval between upgrades from six weeks to five as an interim step, finally to four weeks.

Mozilla: We don’t do delays

It was notable that Firefox 75 appeared on time, as it had been scheduled months earlier. Three weeks ago, first Google, then Microsoft, announced that they had temporarily suspended Chrome and Edge releases, respectively.

Google put off Chrome 81’s March 17 launch, while Microsoft followed suit two days later. Although neither explicitly named the coronavirus and its resulting disruptions as the cause, their “adjusted work schedules” and “current global circumstances” descriptions blamed the pandemic.

A week later, Google said it would release Chrome 81 on April 7 (it did), scrub Chrome 82 from the launch list and debut Chrome 83 three weeks earlier than originally scheduled (on May 19). Microsoft again said its Edge — like Chrome, built on technologies provided by the open-source Chromium project — would mimic Google’s browser’s return.

Mozilla held to its calendar. “We believe we can maintain our 2020 Firefox release schedule as we navigate this global crisis together,” Joe Hildebrand, vice president for Firefox web technology, and Selena Deckelmann, vice president of Firefox desktop, wrote in a joint post to a company blog. And the two took shots at the competition, noting that their teams were familiar with working remotely.

“These strengths are what allow us to continue to make progress where some of our competitors have had to slow down or stop work.”

But Hildebrand and Deckelmann didn’t promise that Mozilla would never deviate from the every-four-week tempo. “We will continue to monitor both internal and external feedback and remain open to making future adjustments,” they said.

Augmenting the address bar

With its 50% faster release cadence – every four weeks rather than every six – users have to expect fewer new features and smaller amounts of new functionality in each upgrade. That’s the case with Firefox 75, which adds to the address bar and that’s about all.

Among the improvements to the bar, one stood out: A click in the address bar now drops down a list of the first eight sites from the new tab page. The click-and-list function works at all times, saving the need to first open a new tab before zipping to a favorite site (as long as the site is one of the first eight).

To change the contents of the list or the order of the sites within it, users must add to or subtract from the thumbnails on the new tab page, or reshuffle those already there.

Firefox 75's address bar Mozilla

A click in Firefox 75’s address bar displays the first eight sites from the new tab page. It’s a slick shortcut.

Other changes to the address bar’s user interface (UI) and user experience (UX) included boldfaced keywords based on the search string being entered – “to narrow your search even further,” Mozilla asserted – and a variable-sized field and font, both which expand when typing a search string and contract to standard size when finished.

Mozilla highlighted several developer- and enterprise-specific changes as well, ranging from the loading attribute on elements to support for client certificates from the macOS certificate store. More information can be found in Firefox 75’s release notes.

The next Mozilla upgrade, Firefox 76, should appear May 5.



Source

Continue Reading

Trending

//ofgogoatan.com/afu.php?zoneid=2954224
We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Accept