close
  • Ar chevron_right

    Samsung heir pardoned due to South Korean economic needs

    news.movim.eu / ArsTechnica · Friday, 12 August - 15:45

Jay Y. Lee, vice chairman of Samsung Electronics Co., leaves the Seoul Central District Court in Seoul, South Korea, on Friday. After a presidential pardon, Lee is poised to retake control of South Korea's largest commercial entity.

Enlarge / Jay Y. Lee, vice chairman of Samsung Electronics Co., leaves the Seoul Central District Court in Seoul, South Korea, on Friday. After a presidential pardon, Lee is poised to retake control of South Korea's largest commercial entity. (credit: Getty Images)

Samsung Electronics Vice-Chair Jay Y. Lee received a presidential pardon Friday for his role in a 2016 political scandal, a move the South Korean government says is necessary so the country's largest chaebol can help steady the national economy.

“In a bid to overcome the economic crisis by vitalizing the economy, Samsung Electronics Vice Chairman Lee Jae-yong… will be reinstated,” the Korean government stated in a joint press release from its ministries, according to Bloomberg News .

Lee, 54, known as Lee Jae-yong in Korea, was arrested in February 2017 on charges that he was complicit in Samsung paying millions in bribes to various organizations tied to a presidential advisor in order to win favor for an $8 billion merger of two Samsung Group units. In August 2017, Lee was convicted of perjury, embezzlement, hiding assets outside the country, and being one of five Samsung executives who paid $6.4 million in bribes to ex-South Korean President Park Geun-hye.

Read 9 remaining paragraphs | Comments

  • Ar chevron_right

    I’m a security reporter and got fooled by a blatant phish

    news.movim.eu / ArsTechnica · Thursday, 11 August - 22:57 · 1 minute

This is definitely not a Razer mouse—but you get the idea.

Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images )

There has been a recent flurry of phishing attacks so surgically precise and well-executed that they've managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication provider Twilio, content delivery network Cloudflare, and network equipment maker Cisco said phishers in possession of phone numbers belonging to employees and employee family members had tricked their employees into revealing their credentials. The phishers gained access to internal systems of Twilio and Cisco. Cloudflare's hardware-based 2FA keys prevented the phishers from accessing its systems.

The phishers were persistent, methodical and had clearly done their homework. In one minute, at least 76 Cloudflare employees received text messages that used various ruses to trick them into logging into what they believed was their work account. The phishing website used a domain (cloudflare-okta.com) that had been registered 40 minutes before the message flurry, thwarting a system Cloudflare uses to be alerted when the domains using its name are created (presumably because it takes time for new entries to populate). The phishers also had the means to defeat forms of 2FA that rely on one-time passwords generated by authenticator apps or sent through text messages.

Creating a sense of urgency

Like Cloudflare, both Twilio and Cisco received text messages or phone calls that were also sent under the premise that there were urgent circumstances—a sudden change in a schedule, a password expiring, or a call under the guise of a trusted organization—necessitating that the target takes action quickly.

Read 14 remaining paragraphs | Comments

  • Ar chevron_right

    Amid backlash from privacy advocates, Meta expands end-to-end encryption trial

    news.movim.eu / ArsTechnica · Thursday, 11 August - 17:46

Meta is ever so slowly expanding its testing of end-to-end encryption

Enlarge (credit: Getty Images)

Meta is ever so slowly expanding its trial of end-to-end encryption in a bid to protect users from snoops and law enforcement.

End-to-end encryption, often abbreviated as E2EE, uses strong cryptography to encrypt messages with a key that is unique to each user. Because the key is in the sole possession of each user, E2EE prevents everyone else—including the app maker, ISP or carrier, and three-letter agencies—from reading a message. Meta first rolled out E2EE in 2016 in its WhatsApp and Messenger apps, with the former providing it by default and the latter offering it as an opt-in feature. The company said it expects to make E2EE the default setting in Messenger by sometime next year. The Instagram messenger, meanwhile, doesn’t offer E2EE at all.

Starting this week, the social media behemoth will begin testing a secure online storage feature for Messenger communication. For now, it’s available only to select users who connect using either an iOS or Android device. Users who are selected will have the option of turning it on.

Read 7 remaining paragraphs | Comments

  • Ar chevron_right

    One of 5G’s biggest features is a security minefield

    news.movim.eu / ArsTechnica · Thursday, 11 August - 14:41 · 1 minute

One of 5G’s biggest features is a security minefield

Enlarge (credit: Anton Petrus | Getty )

True 5G wireless data, with its ultrafast speeds and enhanced security protections , has been slow to roll out around the world. As the mobile technology proliferates—combining expanded speed and bandwidth with low-latency connections—one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures.

A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the Internet in places where Wi-Fi isn't practical or available. Individuals may even elect to trade their fiber-optic Internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage Internet-of-things data are riddled with security vulnerabilities, according to research presented this week at the Black Hat security conference in Las Vegas. And those vulnerabilities could dog the industry long-term.

After years of examining potential security and privacy issues in mobile-data radio frequency standards, Technical University of Berlin researcher Altaf Shaik says he was curious to investigate the application programming interfaces (APIs) that carriers are offering to make IoT data accessible to developers. These are the conduits that applications can use to pull, say, real-time bus-tracking data or information about stock in a warehouse. Such APIs are ubiquitous in web services, but Shaik points out that they haven't been widely used in core telecommunications offerings. Looking at the 5G IoT APIs of 10 mobile carriers around the world, Shaik and his colleague Shinjo Park found common but serious API vulnerabilities in all of them, and some could be exploited to gain authorized access to data or even direct access to IoT devices on the network.

Read 7 remaining paragraphs | Comments

  • Ar chevron_right

    Google Fiber was stalled for years but now says it’ll expand to 5 new states

    news.movim.eu / ArsTechnica · Wednesday, 10 August, 2022 - 17:51

Google Fiber plans multi-state expansion 5+ years after “pausing” buildouts

Enlarge (credit: Getty Images | Kalief Browder)

Google Fiber says it will expand its fiber-to-the-home Internet service to several new states for the first time since it announced a pause in construction in October 2016. The Alphabet division said in a press release today that it is "talking to city leaders" in five states "with the objective of bringing Google Fiber's fiber-to-the-home service to their communities."

The new states are Arizona, Colorado, Nebraska, Nevada, and Idaho. Three of those were just announced, while projects in Colorado Springs, Colorado, and Mesa, Arizona, were announced in recent months.

"These states will be the main focus for our growth for the next several years, along with continued expansion in our current metro areas," Google Fiber CEO Dinni Jain wrote. "In addition, we'd also love to talk to communities that want to build their own fiber networks. We've seen this model work effectively in Huntsville and in West Des Moines, and we'll continue to look for ways to support similar efforts."

Read 12 remaining paragraphs | Comments

  • Ar chevron_right

    Phishers who breached Twilio and fooled Cloudflare could easily get you, too

    news.movim.eu / ArsTechnica · Tuesday, 9 August, 2022 - 23:33

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images)

At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees' family members as well.

In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the credentials of an undisclosed number of employees and, from there, gained unauthorized access to the company's internal systems, the company said . The threat actor then used that access to data in an undisclosed number of customer accounts.

Two days after Twilio's disclosure, content delivery network Cloudflare, also headquartered in San Francisco, revealed it had also been targeted in a similar manner. Cloudflare said that three of its employees fell for the phishing scam, but that the company's use of hardware-based MFA keys prevented the would-be intruders from accessing its internal network.

Read 10 remaining paragraphs | Comments

  • Ar chevron_right

    10 malicious Python packages exposed in latest repository attack

    news.movim.eu / ArsTechnica · Tuesday, 9 August, 2022 - 18:01 · 1 minute

Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common.

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images)

Researchers have discovered yet another set of malicious packages in PyPi , the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

Check Point Research, which reported its findings Monday , wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy , a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.

Such supply-chain attacks are becoming increasingly common, especially among open source software repositories that support a wide swath of the world's software. Python's repository is a frequent target, with researchers finding malicious packages in September 2017 ; June , July , and November 2021; and June of this year. But trick packages have also been found in RubyGems in 2020 , NPM in December 2021 , and many more open source repositories.

Read 5 remaining paragraphs | Comments

  • Ar chevron_right

    SGX, Intel’s supposedly impregnable data fortress, has been breached yet again

    news.movim.eu / ArsTechnica · Tuesday, 9 August, 2022 - 17:01

Architectural bug in some Intel CPUs is more bad news for SGX users

Enlarge (credit: Intel)

Intel’s latest generation of CPUs contains a vulnerability that allows attackers to obtain encryption keys and other confidential information protected by the company’s software guard extensions, the advanced feature that acts as a digital vault for security users’ most sensitive secrets.

Abbreviated as SGX, the protection is designed to provide a fortress of sorts for the safekeeping of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top is maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.

Cracks in Intel’s foundational security

SGX is a cornerstone of the security assurances many companies provide to users. Servers used to handle contact discovery for the Signal Messenger, for instance, rely on SGX to ensure the process is anonymous. Signal says running its advanced hashing scheme provides a “general recipe for doing private contact discovery in SGX without leaking any information to parties that have control over the machine, even if they were to attach physical hardware to the memory bus.”

Read 17 remaining paragraphs | Comments