3552 stories
·
1 follower

Seven Science Journals Have A Dog On Their Editorial Board

1 Share
An anonymous reader writes: A professor of health policy at Australia's Curtin University got seven different science journals to put his dog on their editorial board. The dog is now associate editor for the Global Journal of Addiction & Rehabilitation Medicine, and sits on the editorial board of Psychiatry and Mental Disorders. The professor says he feels sorry for one researcher who recently submitted a paper about how to treat sheath tumors, because "the journal has sent it to a dog to review." The official profile of the dog lists its research interests as "the benefits of abdominal massage for medium-sized canines" and "avian propinquity to canines in metropolitan suburbs." An Australian news site points out that career-minded researchers pay up to $3,000 to get their work published in predatory journals so they can list more publications on their resumes. "While this started as something lighthearted," says the dog-owning professor, "I think it is important to expose shams of this kind which prey on the gullible, especially young or naive academics and those from developing countries."

Read more of this story at Slashdot.

Read the whole story
tain
13 hours ago
reply
Share this story
Delete

Reid Hoffman, Bill Gates, Others Ante Up Another $30 Million To Change.org the World

1 Share
theodp writes: Fortune reports that LinkedIn co-founder Reid Hoffman is "leading a $30 million funding round in Change.org, a for-profit petition and fundraising website focused on social and political change." Joining Hoffman in this round, as well as an earlier $25 million round in 2014, is Bill Gates. Change.org, Hoffman explained in a Friday LinkedIn post, "helps enable a world where you don't need to hire a lobbyist to have real impact on the issues and policies that matter to you." He added, "In its decade of existence, Change.org petitions have resulted in more than 21,000 victories, i.e., instances in which a government agency, corporation, or other entity has changed a regulation or a policy in the face of a Change.org petition urging it to do so." Last year, Hoffman joined Gates and some of the biggest names in tech and corporate America who threw their weight behind a Change.org petition that tried to get Congress to fund K-12 Computer Science education. The Change.org petition fell short of its 150,000-signature goal despite claims of support from 90% of the parents of the nation's 58 million K-12 schoolchildren (based on a Google-funded survey of 1,685 parents), widespread press coverage (including a full-page ad in petition signer Jeff Bezos's Washington Post), lobbying efforts by the tech coalition that organized the petition (which counts LinkedIn and Microsoft among its members), and even some free PR from Change.org.

Read more of this story at Slashdot.

Read the whole story
tain
22 hours ago
reply
Share this story
Delete

Comic for May 28, 2017

1 Share
Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.
Read the whole story
tain
1 day ago
reply
Share this story
Delete

This Dog Owner Found Hot Dogs Stuffed With Razor Blades In Her Yard

1 Share

“I don’t think I have ever been so shocked in my life.”

A woman in Regina, Saskatchewan, experienced a dog owner's worst nightmare when she found pieces of meat in her yard that had been stuck with razor blades.

A woman in Regina, Saskatchewan, experienced a dog owner's worst nightmare when she found pieces of meat in her yard that had been stuck with razor blades.

Emma Medeiros said she was taking her two pups, Pandora and Ophelia, out for a bathroom break when she noticed three pieces of hot dog on the ground.

"It was super nice out so I decided to sit on the front patio while they go do their business, until I noticed my border collie Ophelia sniff a piece of meat that was in the yard," Medeiros told BuzzFeed Canada.

She said she knew something was off because the meat had a bit of a shine, and when she went to inspect it, her "stomach just dropped."

Emma Medeiros // Kendall Latimer/CBC / Via cbc.ca

"My worst fear as being a dog owner — there were sharp shards of metal in it," Medeiros said.

"My worst fear as being a dog owner — there were sharp shards of metal in it," Medeiros said.

Emma Medeiros

She uploaded a video of what she found to her Facebook page, warning other pet owners: "PLEASE CHECK YOUR YARDS!"

View Video ›

"I don't think I have ever been so shocked in my life," she said. "It astounds me that someone would want to hurt my precious dogs, or any dog in that manner."

Medeiros has no idea who would do such a thing, and she's glad she noticed the suspicious meat before anything bad happened.

Facebook: video.php

Medeiros notified both the police and the Regina Humane Society.


View Entire List ›







Read the whole story
tain
2 days ago
reply
Share this story
Delete

A Rising Trend: How Attackers are Using LNK Files to Download Malware

1 Share

PowerShell is a versatile command-line and shell scripting language from Microsoft that can integrate and interact with a wide array of technologies. It runs discreetly in the background, and can be used to obtain system information without an executable file. All told, it makes an attractive tool for threat actors. There were a few notable instances where cybercriminals abused PowerShell: in March 2016 with the PowerWare ransomware, and in a new Fareit malware variant in April 2016. Because this seemed to be an upward trend, security administrators became more familiar with how to prevent PowerShell scripts from doing any damage.

However, cybercriminals are staying ahead of the curve by using alternative means of executing PowerShell script—Windows LNK (LNK) extensions. LNK files are usually seen by users as shortcuts, and used in places like the Desktop and Start Menu. LNK was actually already used as an attack vector as early as 2013. And in 2016, we noted how Trojan downloaders used a .zip within a .zip to disguise a LNK file attachment that led to the Locky ransomware.

Now, we’re seeing an increase in attacks that leverage malicious LNK files that use legitimate apps—like PowerShell—to download malware or other malicious files. To illustrate how the trend of using LNK files is rising, note how one single LNK malware (identified by Trend Micro as LNK_DLOADR.*) has had a significant jump in detections since January 2017. The steep rise shows how popular this method is becoming:

Figure 1. Detected LNK_DLOADR over a 4 month period

Figure 1. Detected LNK_DLOADR over a 4 month period

Recent LNK-PowerShell and ChChes attacks

In October 2016 we saw attackers using the combination of LNK, PowerShell, and the BKDR_ChChes malware in targeted attacks against Japanese government agencies and academics. The attack used a fake .jpg extension to camouflage the malicious PowerShell file.

Figure 2. Attack used to compromise Japanese targets in October 2016

Figure 2. Attack used to compromise Japanese targets in October 2016

In January 2017 we spotted the group APT10 (also called MenuPass, POTASSIUM, Stone Panda, Red Apollo, and CVNX) using a similar attack for a wide-spread spear phishing campaign. In this version, the LNK file executes CMD.exe, which in turn downloads a fake .jpg file hiding the malicious PowerShell script.

The group has continued to evolve their cyberespionage activities, and in April 2017 they used a similar strategy to also download BKDR_ChChes, which is a popular malware used in targeted attacks.

New LNK-PowerShell attacks

We identified one campaign, likely still ongoing, that has a new and complicated LNK strategy. These attackers seem to be using several layers of command line, built-in, Windows tools. They send a phishing email with lures that push the victim to “double click for content”, typically a DOCX or RTF file embedded with a malicious LNK. Instead of directly executing PowerShell, the LNK file will execute MSHTA.exe (a file used for opening HTML applications), which executes a Javascript or VBScript code that in turn downloads and executes the PowerShell script. The PowerShell then executes a reverse shell (like Metasploit or Cobalt Strike) to complete the compromise.

Figure 3. Complex LNK attack leveraging MSHTA.exe files

Figure 3. Complex LNK attack leveraging MSHTA.exe files

Last month we identified another spear phishing campaign also using a combination of LNK and PowerShell. Unfortunately, the Command and Control (C&C) server where the main payload was stored is no longer accessible.

Their strategy seems to have fewer layers: the LNK file is embedded in a document file and if a user double clicks to open the message, it executes a PowerShell file (or a similar Windows command line tool) to download another script. The other script then downloads the main payload.

Figure 4. A less complicated LNK-PowerShell attack

Figure 4. A less complicated LNK-PowerShell attack

We believe this specific attack may be politically motivated due to the economic and controversial subject of the decoy document. However, a full analysis is tricky because the trail ends when one of the C&C servers dies. Without the full picture, it is difficult to associate this type of attack to known campaigns.

Hidden LNK commands

In many cases, these malicious LNK files can reveal valuable information about the attacker’s development environment. To help get this information, a quick analysis is possible by viewing the properties of the file.

However, we are encountering cases where the command line argument is so long that it is no longer fully visible in the Properties > Shortcut window. When viewed, only the target application (CMD.exe, MSHTA.exe, and other non-malicious command line applications) is seen.

Figure 5. Only the target application is visible

Figure 5. Only the target application is visible

Our tests revealed that the maximum length for Shortcut > Properties > Target is only 260 characters. Anything longer than that will not be visible. However, the maximum length for a command line argument is 4096 characters.

The attacker actually pads several spaces or newline characters before the malicious argument. Using a parser tool reveals that it is much longer (figure 6), though it still works normally:

Figure 6. Padded file hiding malicious code

Figure 6. Padded file hiding malicious code

Attackers take advantage of this to try and disguise or hide the malicious portion of the code. This padding strategy may prevent a quick analysis of a LNK file, but any LNK parser can still extract the arguments without any problem.

Recommendations and best practices

Malware developers continue to upgrade their tools and look for different ways to deliver their malicious payloads. Leveraging these LNK files is another strategy, but there are ways to prevent and mitigate these threats:

  • Upgrading PowerShell to version 5, which is available as part of the Windows Management Framework and included on Windows 10, is recommended. Using Group Policy to turn on logging makes it easier to check for breaches.
  • Users and enterprises alike should be wary of executable files received through email. Most files ending in *.EXE are auto-rejected on an email server, but if security is a concern then administrators should consider adding *.LNK to the list
  • It is similarly not advisable to open any LNK file received via email (or from anywhere outside your machine).

To identify if it is a LNK file or not:

  1. If inside an archive (e.g. WinRAR, WinZip), the LNK extension is clearly visible, as well as the “Type” (it says “Shortcut”).
  2. For any Windows folder, you have to modify the registry if you want LNK files to be displayed. A small overlay arrow icon pointing to the upper right is one of the identifiers of a LNK file.
    Another way to do this: switch the Windows folder to “Details View”, then check the “Type”.
  3. For LNK embedded in Word documents, users have to be aware of these types of attacks to know what to look for. The bottom line is: never open these kinds of documents without verifying the source. If your organization does not need any packager objects, then there is a way to disable the feature totally by editing the registry.

Trend Micro™ Smart Protection for Endpoints with Maximum XGen™ security infuses high-fidelity machine learning into a blend of threat protection techniques to eliminate security gaps across user activity and any endpoint—the broadest possible protection against advanced attacks.

Trend Micro™ Deep Discovery™ provides detection, in-depth analysis, and proactive response to today’s stealthy malware and targeted attacks in real-time. It provides a comprehensive defense tailored to protect organizations against targeted attacks and advanced threats through specialized engines, custom sandboxing, and seamless correlation across the entire attack lifecycle, allowing it to detect threats, even without any engine or pattern update.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

A Rising Trend: How Attackers are Using LNK Files to Download Malware

Read the whole story
tain
4 days ago
reply
Share this story
Delete

B-52 Bomber No Longer Delivers Nuclear Gravity Bombs

1 Share
A B-52H bomber conducts a B61-7 nuclear gravity bomb drop test at the Tonopah Test Range in Nevada. Image: NNSA

By Hans M. Kristensen

The venerate B-52H Stratofortress long-range bomber is no longer listed by the National Nuclear Security Administration (NNSA) with a capability to deliver nuclear gravity bombs.

US Strategic Command (STRATCOM) apparently has not been assigning nuclear gravity bombs to B-52 bombers since at least 2010. Today, only the 20 B-2 stealth-bombers are tasked with strategic nuclear gravity bombs under the nuclear strike plans.

The reason for the change appears to be that the B-52 is no longer considered survivable enough to slip through modern air-defenses and drop nuclear gravity bombs on enemy territory.

The B-52s is still equipped to carry the nuclear-armed air-launched cruise missile (ALCM or AGM-86B), which can be launched from well outside the reach of air-defenses, and is scheduled to receive the new LRSO (Long Range Standoff Missile) by the late-2020s (even though that’s probably unnecessary).

Nuclear Tell Signs

The loss of the B-52 nuclear gravity bomb mission is visible in NNSA’s Budget Request for FY2018, which only lists the B-2 as carrier of the strategic nuclear gravity bombs. The Budget Request for FY2017, in contrast, also listed the B-52 as carrier of the B61-7 and B83-1 bombs (see below).

Click on image to view full size.

The change is also apparent from photos that over the years were used by the Air Force to showcase the B-52’s firepower. One photo from between 1990 and 2007 shows a B-52 at Barksdale AFB in Louisiana with ALCM and ACM (Advanced Cruise Missile, or AGM-129A) cruise missiles, and B61 and B83 gravity bombs. A later photo from 2016, however, shows the significantly modified loadout of a B-52 at Minot AFB in North Dakota with ALCM cruise missiles but no nuclear gravity bombs. Instead, the bomber’s modernized loadout includes significant new conventional capabilities such as JDAM and SDB guided bombs, and the JASSM cruise missile (see below).

Click on image to view full size.

Gradual Nuclear Decline

The B-52 used to be equipped to carry a wide variety of nuclear weapons. Over the years many nuclear weapon have come and gone but the B-52 has endured. In the 1980s, for example, the B-52 was equipped for five different types of nuclear weapons: the 1.4-megaton B28 bomb, the 9-megaton B53 bomb, the 1.2-megaton B83 bomb, the B61 bomb, and the ALCM (see picture below).

Click on image to view full size.

When the Advanced Cruise Missile (ACM) entered service in 1990 it was also added to the B-52 nuclear portfolio. Despite the new ALCM and ACM standoff weapons (the ACM was retired in 2007 https://fas.org/blogs/security/2007/03/us_air_force_decides_to_retire/], however, the B-52 continued to be assigned missions with nuclear gravity bombs. The 9-megaton B53 that was declared unsafe in 1991 was retained in the stockpile until 1997 [https://fas.org/blogs/security/2010/10/b53dismantlement/] for delivery by B-52s against super-hardened underground targets.

Instead of nuclear weapons, however, the overall trend is clear: the B-52 has been gradually shifting from nuclear to conventional missions. The most recent example is the conversion [http://www.af.mil/News/Article-Display/Article/560252/bomber-force-prepares-for-new-b-52-bomb-bay-upgrade-testing/] of some of the nuclear CSRLs (Common Strategic Rotary Launcher) to the Conventional Rotary Launcher (CRL) that can accommodate a wider host of advanced conventional weapons in the bomb bay, including the long-range JASSM-ER that is replacing the conventional ALCM (CALCM).

Given that the new LRSO will also be integrated on the B-2 and the new B-21 bombers, and the B-52 now has long-range conventional standoff JASSM-ER missiles, the B-52 could probably be phased out of the nuclear mission when the ALCM retires in the late-2020s.

The apparent removal of the B-52 from the nuclear gravity bomb mission is particularly important now because NNSA and the military are promising that once they get the new B61-12 guided nuclear bomb then the overall number of nuclear gravity bombs in the stockpile can be reduced by 50%. That promise was an important sales pitch in convincing the Obama administration that the B61-12 modernization was consistent with the goal of reducing the number of nuclear weapons. What the B61-12 lobbyists did not say was that most (if not all) of those 50% of the nuclear gravity bombs were already in excess of national security needs and could have been retired years ago.

Additional background information:

This publication was made possible by a grant from the Carnegie Corporation of New York, the New Land Foundation, and the Ploughshares Fund. The statements made and views expressed are solely the responsibility of the author.

Read the whole story
tain
4 days ago
reply
Share this story
Delete
Next Page of Stories