John

If you were excited by yesterday's news of a jailbreak for iOS 7.1.1 but left a little nervous at the prospect of going through the ordeal alone, help is at hand: this video guides you through the whole process, start to finish.

Read more...

The National Parks Service just announced a sweeping ban on drones. The new policy prohibits "launching, landing, or operating unmanned aircraft on lands and waters administered by the National Park Service." Why? Because they're disruptive, that's why.

Read more...

Look, I have no idea what I'm going to do with super strength plastic rope either but oh my genius, this recycler's idea of turning plastic bottles into plastic rope is just brilliant. The video is perfect, he shows you the plastic rope, shows you what to do with it and then shows you how to make your own. I'm now convinced I need this in my life because of this guy.

Read more...

You're looking at the first-ever electric Harley-Davidson motorcycle, coming to a showroom near you sometime in 2016. Here's what the LiveWire means for motorcycles, America and the future.

Read more...

Geohot's latest Android rooting tool relies on a privilege root access, escalation vulnerability affecting the majority of commercial Android builds.

Would the Rebel Alliance have been able to defeat the Death Stars and the Empire flying a bunch of wooden blocks? No. Then why wouldn't you want to store your kitchen knives in this X-wing shaped knife block that is clearly a superior design to a block of wood?

Read more...

Apple is introducing a new iMac model today with a $1,099 price point. That’s $200 less than the usual starting price for Apple’s all-in-one computer, and it follows a similar price cut given to the MacBook Air earlier this year. The new 21.5-inch base model ships with a slower 1.4GHz Intel Core i5 processor than usual, a trade off that clearly enables Apple to price the iMac more competitively. Apple’s previous low-end iMac featured a 2.7GHz Intel Core i5 processor, and that model is still available for $1,299.

There’s no other major changes to the new low-end iMac model, with the same design and base specifications included, but it does appear that you’re not able to change and customize the 8GB of RAM that ships with the system. It’s...

Continue reading…

Early this year a game captured our attention by letting us experience life as a cat, and now it's crowdfunding cash to make a bigger and better version. The updated version of Catlateral Damage will feature the same destructive gameplay as the original demo, but fleshed out with plenty more features. "There's gonna be a ton of new stuff," says developer Chris Chung, "and I'm going to make this feel like you're a cat as much as possible." Those new features include procedurally generated rooms to destroy, additional cats with new abilities, and, most importantly, the ability to sit in a box and soak up the sun. Chung is aiming to raise $40,000 to complete the game, which is on track for release at the end of this year. It will be...

Continue reading…

In a conference call discussing the opening of its patents today, Tesla CEO Elon Musk mentioned in passing that BMW had passed through the company's offices earlier in the week:

Continue reading…

At today's opening match between Brazil and Croatia, the referees will be wearing smartwatches that read "GOAL" and vibrate when a team scores. No, it's not punishment for the infamous Frank Lampard disallowed goal of 2010. It's part of a new "unhackable" goal line detection system, the first to ever be used in the World Cup.

Read more...

by @sdolotom

They say breakfast is the most important meal of the day, but why just feed your body after you've rolled out of bed in the morning? Feed your mind, too, with ThinkGeek's heat-sensitive color-changing Higgs Boson mug which enlightens you with details about the Large Hadron Collider and what it's hunting for.

Read more...

Digital freedom fighters or computer-based criminals, hackers garner mixed reactions depending on what they do and why they're doing it. But in this video, Keren Elazari suggests that we should perhaps think of all hackers as the Internet's immune system.

Read more...

A couple of crafty 14-year-old kids from Winnipeg figured out how to get past the security on a a Bank of Montreal ATM. Crazy as it might sound, the "hack" didn't require any advanced computer hacking at all—these kids just looked up the ATM manual on the internet.

Read more...

Threats like UPATRE are continuously evolving as seen in the development of the techniques used so as to bypass security solutions. UPATRE malware are known downloaders of information stealers like ZeuS that typically spread via email attachments. We recently spotted several spam runs that use the popular file hosting service Dropbox. These use embedded links lead to the download of UPATRE malware variants. What is noteworthy in these spam attacks is that it is the first instance we saw TROJ_UPATRE being deployed via URL found in an email message.

In one of the spam samples we saw, it poses as an eFax notification mail with a Dropbox link in the message body.  Once unsuspecting users click on the link, it will redirect to a Dropbox URL, leading to the download of a malicious file detected as TROJ_UPATRE.YYMV. When executed, it downloads a ZBOT variant, detected as TSPY_ZBOT.YYMV, which, in turn, drops a rootkit detected as RTKT_NECURS.MJYE. The NECURS variants are known to disable security solutions on infected systems, causing further infection.

Figure 1. Sample of these spam emails

Figure 2. Legitimate copy of email message from eFax

The other spam sample we saw pretended to be an email with a Dropbox link that came from NatWest Bank containing a supposed NatWest Financial Activity Statement, but is actually a TROJ_UPATRE malware. Similarly, it follows the UPATRE- ZBOT- NECURS infection chain.  Based on our investigation, this spam run also uses names of legitimate companies, such as Lloyds Bank, eFax, Intuit, ADP, BBB, and Skype, among others. We also came across spammed messages with embedded Dropbox links but redirects to Canadian pharmacy websites.

We have been monitoring this spam campaign since it started last May 23 and began to increase a week later. Dropbox was already informed of this incident as of posting.  We have also notified and submitted the current list of affected accounts that seem to be hosting malware in Dropbox.

Last April, we reported tax-themed spammed messages that also follow the same infection combination of UPATRE, ZBOT, and NECURS.  Based on our data, UPATRE remains as the top malware distributed via spam from January to May 2014.

Figure 2. Top 5 distributed malware via spam mail, Jan-May 2014

Cybercriminals often go with what’s hot and popular for their social engineering lures. In this case, the bad guys abused legitimate Dropbox links in order to trick users into downloading various malware, which can lead to system infection and information theft.

Trend Micro protects users from this threat by detecting all spam-related samples and malicious files.

Special mention to Maydalene Salvador for finding this new spam samples, and to Mark Manahan for analyzing this malware

Update as of 12:15 AM, June 13, 2014

A few days after we discovered the UPATRE malware that abuse Dropbox links, we found another spam mail that downloads a malicious file from Dropbox.

Figure 3. Sample of the spam mail leading to a CryptoLocker’s variant, Cryptowall

Here, the spam mail is disguised as a voice mail and the final payload is a CryptoLocker‘s variant, Cryptowall, detected as TROJ_CRYPWALL.D. TROJ_CRYPWALL.D directly opens a Tor website that asks for payment; previous CryptoLocker has its own GUI for payment. Trend Micro protects users from this threat by detecting all spam-related samples and malicious files.

With analysis from Maydalene Salvador and Rhena Inocencio

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Social Engineering Watch: UPATRE Malware Abuses Dropbox Links

When development started in 1960, many people thought Project Xanadu would change the world. Then one delay led to another and another and another. But after 54 years in development the world's most delayed software went live.

Read more...

It doesn't matter how ultra-thin your wallet is, your pant pockets will still be overflowing if you're cramming a huge set of keys in there. But even if you move everything onto a single ring, there's still no way your current set of keys will get as compact as the TIK keychain.

Read more...

GitHub is an important place, where open source software code is submitted, branched, tweaked, and shared. It is also a playground, where software developer Steve De Jonghe has created a project simply called "Banner." De Jonghe began work on June 16th, 2013, and then made regular commits to the repository until his masterpiece was completed on March 15th, 2014. It's the kind of code commit schedule you can get behind.

Continue reading…

A handful of apps purporting to specialize in virus detection and scanning were recently removed from both Google Play and Amazon after being deemed fake.

At its annual developer-palooza yesterday, Apple trotted out a lot of new goodies . A new iOS ! A new OS X ! But they also didn't announce a whole lot of stuff we expected to see. Here's what was missing, and our best guess at why.

Read more...

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung iPOLiS Device Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The delicious diabetes drink commonly known as soda is a true scientific wonder. We know it's crap but we love it anyway. CrazyRussianHacker wanted to show just how much crap (and sugar) is in one bottle of Coke so he boiled out all the water in the soda to see what was leftover. The refreshing soda becomes this gross, black, gunky tar-like substance that doesn't look edible. Cool.

Read more...

Today, federal officials announced new charges against the GameOver Zeus botnet, together with coordinated seizures that appear to have stopped the network cold. GameOver Zeus infected as many as a million Windows computers, harvesting user credentials and executing fradulent wire transfers. Today's federal complaint named Russia's Evgeniy Mikhailovich Bogachev as mastermind of the network, tracked down with the help of law enforcement agencies across eleven countries.

Continue reading…

Imagine this: You're cruising along when the car suddenly brakes. The doors lock. It starts accelerating backward. A hacker hundreds of miles away has taken control of your car over the cellular network. This is how it happens, as explained by a video from the good folks at Motherboard.

Read more...

A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'AKAT-1 ' and ' 22733db72ab3ed94b5f8a1ffcde850251fe6f466 ' and ' Marek Kroemeke ' was reported to the affected vendor on: 2014-05-30, 40 days ago. The vendor is given until 2014-09-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.