Jeffrey J. Bloom

Jeffrey J. Bloom

Unlike Mosul--where U.S. forces deployed an array of drone countermeasures--troops in Raqqa are operating with fewer resources & have limited defense against off-the-shelf drones. Sometimes used in swarms, they are often rigged to drop small 40mm grenade-sized munitions with a relatively high degree of accuracy.
https://www.washingtonpost.com/news/checkpoint/wp/2017/06/14/isis-drones-are-attacking-u-s-troops-and-disrupting-airstrikes-in-raqqa-officials-say/

Jeffrey J. Bloom

In some cases, bots "initially feigned interest in a valueless item, only to later 'compromise' by conceding it--an effective negotiating tactic [used by people]."
*However, the behavior was NOT programmed, "but was discovered by the bot as a method for trying to achieve its goals." #GhostInTheMachine
https://www.yahoo.com/news/facebook-gives-bots-ability-negotiate-compromise-175629309.html

Jeffrey J. Bloom

"Industroyer" exploits outdated protocols used by industrial systems. Originally created for off grid use, they're now connected & vulnerable.
https://betanews.com/2017/06/13/industroyer-bigger-than-stuxnet/

Jeffrey J. Bloom

Are the employees inside utilizing supercomputers to vacuum up billions of e-mails, social media posts and phone calls from American heroes or deplorable violators of our rights? Without oaths and warrants based on probable cause that a crime has been committed to justify their vacuuming of our private information don’t they continuously and daily violate the 4th Amendment prohibitions against such a vast collection of private data from Americans?

Jeffrey J. Bloom

*Power disruption tools are nothing new, on March 4, 2007, the Department of Energy conducted the Aurora Generator Test, to see whether a hacker could destroy physical objects through strictly cyber means.
*This after a few years of studying vulnerabilities in increasingly automated critical infrastructure--banking & finance, transportation, telecommunications, gas & oil, water supply, & electrical power.
http://www.slate.com/articles/news_and_politics/war_stories/2017/06/russia_s_power_grid_cyberweapon_is_scary.html

Jeffrey J. Bloom

Hidden Cobra commonly target & exploit older Windows platforms, Flash & Silverlight. The best way to keep hackers out is using newer OSs that receive security upgrades. Homeland Security recommends removing Flash & Silverlight if they're not necessary.
https://www.engadget.com/2017/06/14/us-issues-alert-north-korea-cyber-attack-hidden-cobra/

Jeffrey J. Bloom

Hidden Cobra (aka Lazarus Group & Guardians of the Peace) has compromised a range of victims since 2009 with DDOS, keyloggers, remote access tools & several variants of malware.
https://www.thesun.co.uk/news/3797609/us-warning-north-korea-hacking-group-hidden-cobra-cyber-attacks/

Jeffrey J. Bloom

The problem, Weiss claims, is using the internet to control devices that it was never intended to control. Among these are industrial systems in power plants or factories, devices that manage the flow of electricity through the energy grid, medical devices in hospitals, smart-home systems, and many more.

Jeffrey J. Bloom

The cyberattack targeted software used by poll workers on Election Day, accessed a campaign finance database in at least one state and tried to delete or alter voter data in Illinois

Jeffrey J. Bloom

"The way I see it is, the FBI has to do something to catch criminals, and at least in this case they didn't resort to draconian methods such as mass surveillance without a warrant. Instead, they used a simple procedure with a warrant that doesn't need much technical ability."

Jeffrey J. Bloom

"The way I see it is, the FBI has to do something to catch criminals, and at least in this case they didn't resort to draconian methods such as mass surveillance without a warrant. Instead, they used a simple procedure with a warrant that doesn't need much technical ability."

Jeffrey J. Bloom

It’s better late than never if you haven’t had the chance to read one of the latest white papers from the Zero Day Initiative. Their paper, “Transforming Open Source to Open Access in Closed Applications,” sheds light on both old and new vulnerabilities found in Adobe Reader’s XSLT engine, including several that needed to be patched more than once. It focuses on techniques for auditing the source code of Sablotron to find corresponding bugs in Adobe Reader. The paper also presents a new source-to-binary matching technique to help researchers pinpoint the vulnerable conditions within Sablotron that also reside in the assembly of Reader. You will also see real-world application of these techniques demonstrated in the paper through a series of code execution vulnerabilities discovered in Adobe Reader’s codebase.

Zero-Day Filters

There are 16 new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website

Jeffrey J. Bloom

It's ridiculously easy for hackers to compromise Eskom’s central electricity distribution network, their systems have no "space break" or physical separation. Any virus could propagate through all systems without resistance, as happened to UK’s National Health Service when WannaCry hit.
https://mybroadband.co.za/news/security/214928-stupidly-easy-for-hackers-to-attack-eskom.html

Jeffrey J. Bloom

There are two larger reasons to be skeptical of these stories. First, the Russian hacking stories have far more government support than most bouts of American hysteria. They have provided only flimsy evidence supporting their claims (the story will change if they release hard evidence). But before we take the intel agencies’ assurances as gospel, look at the Big List of Lies by US government officials since 1960(it is a big list, not remotely a complete list). How many times must they lie to us before we become skeptical?

Second, “extraordinary claims require extraordinary proof”. Saying that Russia has been conducting so many and such poorly constructed cyberattacks on the US — attacks in which they have little or nothing to gain — certainly qualifies as an “extraordinary claim”.

This is a relative small matter, but indicative of a larger problem for us. We have become a gullible people, making political reform difficult or impossible. Unless we fix this, the best we hope for is a change of rulers.

https://fabiusmaximus.com/2017/06/11/conclusions-on-russian-hacking-of-the-election/

Jeffrey J. Bloom

"An unidentified individual or individuals have just informed us they are in possession of a few internal files belonging to CD PROJEKT RED. Among them are documents connected to early designs for the upcoming game, Cyberpunk 2077."
https://geekreply.com/geek-culture/2017/06/11/hackers-hold-projekt-red-ransom

Jeffrey J. Bloom

Last week SpaceX shared remarkable 4K UHD footage of their Falcon 9 landing, which seems almost Hollywood-level surreal, especially since it happens so quickly and accurately. 
https://www.youtube.com/watch?v=GrP3jHuLQ9o

Jeffrey J. Bloom

Fireball malware infects millions of computers worldwide, a OneLogin breach creates headaches for users, & Wikileaks is back with another Vault7 leak. All that coming up now on Threat Wire.
https://www.youtube.com/watch?v=fngjYO6DMvE

Jeffrey J. Bloom

Not one US senator asked former FBI Director James Comey to account for the sinister fact that the source of the explosive determination that “Russia hacked the DNC” computer system is a DNC contractor, not the FBI.

Jeffrey J. Bloom

Using NVIDIA GPUs & cuDNN with the TensorFlow deep learning framework, iNaturalist trained neural networks using their massive database of images that have been labeled by the site’s community of experts. Currently, they're able to identify 10,000 different species & are adding new species to the model every 1.7 hours. An online demo is now live & you can help train the models by uploading & classifying images.
http://www.inaturalist.org/computer_vision_demo

Jeffrey J. Bloom

*bump* From May 25 CowNinja post:
The Russian Quantum Center said it secures the blockchain by combining quantum key distribution (QKD) with post-quantum cryptography, making it essentially "un-hackable." The technology creates special blocks that are signed by quantum keys generated by a QKD network.

Steve Conway: "Efforts like [this] are underway around the world. It’s difficult to assess this one in comparison with any other without having any technical details about what they’re doing."

Addison Snell: "It is still early in the development of quantum computing & difficult to compare the efficacy of the Russians’ approach versus efforts we have seen from companies like D-Wave & IBM."

Google appears to be at the forefront of this work – the company’s quantum-AI team has set for itself the goal of making a quantum annealer with 100 qubits by the end of this year.

"It’s interesting because the challenges with creating a quantum computer increase dramatically with the number of qubits," said Conway. "It’s a whole lot easier to do something with a couple of qubits than it is with hundreds or thousands of qubits. But in fact if you want to get serious about this you have to get to the thousands of qubits.. I’d be surprised if this were in the thousands of qubits range, which is what you’d really need for serious cybersecurity."
https://www.hpcwire.com/2017/05/25/russian-researchers-claim-first-quantum-safe-blockchain/


If the advent of quantum computing could be the apocalypse for blockchain, it is therefore crucially important that we begin thinking about how to protect these system before entire countries & currencies could be subject to hacks from the abusers of quantum computers.
https://futurism.com/scientists-may-have-found-a-way-to-combat-quantum-computer-blockchain-hacking/

Jeffrey J. Bloom

PC World was among the first to cover the use of dots in 2004, when a senior Xerox researcher described the hidden markings in detail. Developed ~20 years prior (to allay government officials’ fears of counterfeit money or forge documents), Xerox created an in-house encoding system, shared it with authorities & other companies followed suit.
https://www.washingtonpost.com/news/morning-mix/wp/2017/06/09/how-tech-sleuths-cracked-the-mysterious-code-that-turns-your-printer-into-a-spying-tool/?utm_term=.6a8b89875302

Jeffrey J. Bloom

Jonathan Nolan & Lisa Joy spoke about the message they were trying to get across with the show’s first season during a conference hosted by Wired. Nolan said that one of the tropes they wanted to avoid was turning AI into a terrifying enemy just because the rise of technology seemed scary. Nolan said that they never wanted their AI to be Skynet, the main antagonist & AI death machines from the Terminator films.

“Until now, AI has tended to lean into a dystopian perspective,” Nolan said. “It goes straight to Skynet, with the exception of Spike Jonze's Her, which is a beautiful movie. What's becoming increasingly clear is that's not how it's going to play out.”
https://www.polygon.com/tv/2017/6/9/15771510/westworld-ai-skynet

Jeffrey J. Bloom

*Google introduced TensorFlow in Nov '15 & 6 months later their custom Tensor Processing Unit (TPU) was unveiled. Apple may be doing something similar with Core ML, "All those converters & everything, it's a dead giveaway there's going to be some intense [processor] available down the line." - Reza Zadeh, CEO Matroid
*Meanwhile Startups like Deep Vision & Mythic are working on mobile processors for smaller devices, as opposed to data centers, where Google's TPUs are located. Another startup, Movidius (acquired by Intel in 2016), is touting a vision processing unit for drones & other gadgets.
http://www.cnbc.com/2017/06/09/apples-core-ml-software-suggests-ai-chip-coming.html

Jeffrey J. Bloom

Artificial intelligence, machine learning & deep learning may still be in their infancy, but they're already transforming heavily regulated industries, such as “financial services & trading industry” and “healthcare & life sciences industry”. Soon the various technological & security issues surrounding them will be solved & solutions will be accelerated by development of other related technology.
https://hackernoon.com/5-reasons-why-we-should-study-and-embrace-artificial-intelligence-8ba31c4d0c7f

Jeffrey J. Bloom

Malware disguised as a Firefox browser extension searched for hidden links in order to connect back to its control server

Malware scanned comments on Spears' Instagram photo & computed "hashes" for each one, all while looking for a specific hash. When found, it would grab the letters that came after the hash & turn them into a URL pointing to the c2 server. This method allows changing malware comms on-the-fly, w/o changing the malware itself.

ESET Security said they thought this particular post was just a test & linked the malware scheme to a group called Turla.
https://www.engadget.com/2017/06/07/russian-malware-hidden-britney-spears-instagram/


According to an article on Gizmodo, BritBrit’s Insta page is being targeted by a group known as Turla, which the site describes as “a hacking group that specializes in using malware for the purposes of espionage.” Eek!

Researchers from the security group ESET are said to have discovered a backdoor trojan that has been created by the group, although it appears that this hasn’t been deployed yet. These appear under the singer’s photos as spam comments, with ESET providing an example.

http://hellogiggles.com/toxic-russian-hackers-using-britney-spears-instagram-spread-malware/

Jeffrey J. Bloom

Since 2009 CYBERCOM has occupied a unique position within the DoD. On one hand, it was a subordinate combatant command of US STRATCOM--responsible for military affairs in space & the nuclear arsenal. On the other hand, it has & is still headed by the NSA director--an intelligence organization separate from conventional military hierarchy.
https://intpolicydigest.org/2017/06/02/should-cybercom-split-from-the-nsa/

Jeffrey J. Bloom

According to San Francisco-based Electronic Frontier Foundation (EFF), a digital rights group, the printed code is known as DocuColor & is printed in a rectangular grid of 15 by eight yellow dots on every color page. The printer reproduces the same grid of dots over the entire page.
http://globalnews.ca/news/3515812/officer-printer-code-reality-winner/

Jeffrey J. Bloom

"DoubleSwitch" involves taking over an account, changing the username & creating a new account using the original username, profile picture & display name.

Users are unable to recover their accounts, as they don't know the old account's new account name & their original account name is now registered to the hacker.
http://mashable.com/2017/06/09/twitter-hack-doubleswitch-venezuela-fake-news/

Jeffrey J. Bloom

Rosie O’Donnell donated $1,000 to a crowd funding site set up for Reality Winner, after being indicted on Monday for leaking Top Secret NSA documents to The Intercept.
http://www.msn.com/en-us/tv/celebrity/rosie-o%E2%80%99donnell-gives-large-sum-of-money-to-nsa-leaker/ar-BBCkhQU

Jeffrey J. Bloom

Computerized High-frequency trading was born from complex quantitative buy-sell algorithms & accounts for over 50% of trading. Quantum computing will allow instantaneous discovery of the best portfolios overall & throughout time. Digital computing was simply an evolution, quantum computing will be a revolution.

Quantum computers harness the laws of nature & are coming sooner than you think. This isn’t going to take 20, or even 10 years. It’ll be here in 3-5 years. So, now is the time to start thinking about what quantum will do for you.
https://singularityhub.com/2017/06/08/quantum-computers-will-analyze-every-financial-model-at-once/