Audacious cybercriminals have created an Star Trek-themed strain of ransomware.
Hat-tip to Bleeping Computer, which broke the story on the "Kirk" malware, discovered Thursday by Avast malware researcher Jakub Kroustek.
The software disguises itself as the notorious Low Orbit Ion Cannon (LOIC) denial of service tool, a utility beloved by Anonymous hacktivists back in the day before everyone realised it revealed IP addresses of users.
Kirk is reckoned to be the first ransomware to utilise Monero rather than BitCoin as the ransom payment of choice. The malware decryptor "Spock" will be supplied to the victim once the payment is made, but at this time the ransomware does not look like it can be decrypted, anti-malware firm Webroot reports.
Right now there are no known victims of the ransomware and there’s no sample of the decryptor, so information regarding it is limited. The decryptor is said to be promised once the ransom is paid, but obviously there are no guarantees and it cannot be decrypted at present without it.
For the first two days, crooks are demanding 50 Monero or roughly $1,072. The fee doubles every few days if victims fail to cave. If no payment is made by the 31st day, the decryption key gets permanently deleted, according to the ransom note.
Sent to us by: Roy W. Nash
Scientists at Oxford say they've invented an artificial intelligence system that can lip-read better than humans.
The system, which has been trained on thousands of hours of BBC News programmes, has been developed in collaboration with Google's DeepMind AI division.
"Watch, Attend and Spell", as the system has been called, can now watch silent speech and get about 50% of the words correct. That may not sound too impressive - but when the researchers supplied the same clips to professional lip-readers, they got only 12% of words right.
Joon Son Chung, a doctoral student at Oxford University's Department of Engineering, explained "Words like mat, bat and pat all have similar mouth shapes." It's context that helps his system - or indeed a professional lip reader - to understand what word is being spoken.
He explains, "What the system does, is to learn things that come together, in this case the mouth shapes and the characters and what the likely upcoming characters are."
A lot more work needs to be done before the system is put to practical use, but the charity Action on Hearing Loss is enthusiastic about this latest advance.
They believe that a lip-reading system could be used to supplement existing speech-to-text to further improve the accuracy.
Sent to us by: Roy W. Nash
Security researchers have gone public with details of an exploitable flaw in Ubiquiti's wireless networking gear – after the manufacturer allegedly failed to release firmware patches.
Essentially, if you can trick someone using a Ubiquiti gateway or router to click on a malicious link, or embed the URL in a webpage they visit, you can inject commands into the vulnerable device. The networking kit uses a web interface to administer it, and has zero CSRF protection. This means attackers can perform actions as logged-in users.
A hacker can exploit this blunder to open a reverse shell to connect to a Ubiquiti router and gain root access – yes, the builtin web server runs as root. The researchers claim that once inside, the attacker can then take over the entire network. And you can thank a very outdated version of PHP included with the software.
The version found to be in use in the devices is 2.0.1 from 1997.
The whole attack can be performed via a single GET-request.
The team found the security hole in four Ubiquiti devices, and believes another 40 or so models are similarly vulnerable. The affected models include, but are not limited to: the ToughSwitch TS‑8‑PRO, Rocket M5, PicoStation M2HP, and NanoStation M5, plus various airFiber and airGateway models, PowerBeam devices, and LiteBeam boxes.
In response to the exploit being revealed, Ubiquiti says they have released updates that resolve the issue for 37 out of the 44 products affected. They say they are also very close to releasing another update for the remaining seven products mentioned in the report, and will send a newsletter once they're done.
Sent to us by: Roy W. Nash
Keeping malware off of your mobile device should be a top priority for anyone who purchases a new smartphone or tablet, but what if the battle against bad actors has been lost before you even open the box? That’s exactly what security firm Check Point says is happening right now, and it just released a report claiming that it detected malware on 36 different Android devices being used by multiple large tech companies.
The devices on which the malicious code was detected are thought to have been compromised at some point between manufacturing and eventual sale to the end user.
Check Point’s Mobile Threat Prevention team explains in a blog post, “The malicious apps were not part of the official ROM supplied by the vendor,” adding that the malware must have been added “somewhere along the supply chain.”
In their investigation, the devices that were shown to have preinstalled malware come from many different manufacturers. They include: Galaxy Note 2, 3, 4, 5, and 8, Asus Zenfone 2, LG G4, Nexus 5 and 5X, and Xiaomi Mi 4i and Redmi.
For better or worse, the malware found to be installed on the devices is fairly well known in mobile security circles and includes Loki, a malicious advertising bot, and Slocker, which uses the Tor network to send data back to its creator while avoiding detection. This is obviously a very serious situation, and it’s certainly not the first time Android devices were found to have security issues right out of the box.
Sent to us by: Jeff Weston