The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday November 22, 2017

Fake News is now being used by criminals for financial and commercial gain. We'll tell you how they're doing it.

According to new research, criminals are exploiting “fake news” for commercial gain.

Fake news is widely assumed to be political or ideological propaganda—or even outright lies—published to sway public opinion. But new research conducted by threat intelligence firm, Digital Shadows, and released on Thursday, suggested that fake-news-generation-services are now aimed at causing financial and reputation damage for companies, through misinformation campaigns.

So how are they using this to make money?

It's called a “Pump and Dump” scam.

These schemers are aggressively promoting penny stocks to inflate their prices... before they inevitably crash and burn. The scammers buy low, then promote their stock using fake news, social engineering tactics, and media bots, enabling them to sell high. They then flee with their loot and little regard for other investors.

Digital Shadows also identified more than ten services that allow users to download software that controls the activities of social media bots.

The tools work by controlling large numbers of bots to post on specific types of forums on different topics.

To trick people into believing their fake news sites, the fraudsters have also resorted to spoofing legitimate sites. By altering characters on a registered domain, such as replacing the letter “m” with an “rn,” and using cloning services, they're able to create convincing fake news sites.

Digital Shadows advises that you can protect yourself by monitoring social media for brand mentions and seek to detect the ‘bots’, using clues such as the age of the account, the content being posted, and the number of friends and followers.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Tesla has launched an electric transport truck that it guarantees won't break down for a million miles.

Tesla has launched an electric transport truck it guarantees won't break down for a million miles.

Elon Musk has launched the “Tesla Semi,” complete with a guarantee that it will not break down for one million miles of driving.

Speaking at a launch event in Los Angeles, Musk said that the truck will be 20 per cent cheaper to operate than a diesel truck; in part because it will be faster.

The truck has a drag coefficient of 0.36. That's less than some supercars! The bullet-like design means it can go from zero to 60mph in 20 seconds while hauling a full 80,000 pound load. The truck can reach this speed up hills with a 5 per cent gradient, which Elon Musk says will leave diesels eating its dust.

Range is 500 miles on a charge with a full load, travelling at 60mph. For longer trips, Tesla will install “megachargers” that Musk said will add 400 miles of range with just a 30 minute charge. What's more, the recharge facilities will be solar-powered and Tesla will guarantee the price of recharges.

The truck will have one engine on each of its four wheels, a design Musk said will prevent jack-knifing, as automation ensures each wheel does what it takes to avoid such accidents. Braking energy will be recaptured to charge the batteries.

Autopilot will be built in and enabled in all trucks. Musk said that doing so will ensure the vehicles always stay within their lanes. If a driver is incapacitated, the truck will park itself and call for assistance.

The truck can also run in a convoy, “where one or several Semi trucks will be able to autonomously follow a lead Semi.” Such convoys, Musk said, will deliver freight at a lower cost than rail transport.

Musk says the truck will go on sale in the year 2019, but declined to name a price and instead referred to the cost of ownership metrics.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Drone Maker DJI made a big security mistake, and in trying to cover it up, they are going after the guy who reported it, through their bug bounty program.

Drone maker DJI has accused a cyber-security researcher of hacking its servers.

Kevin Finisterre claims that he accessed confidential customer data after finding a private key publicly posted on code-sharing site Github.

He approached the firm, which offers a "bug bounty" reward of up to $30,000 for security weaknesses that are discovered in its systems.

DJI said the server access was "unauthorised."

The data Mr. Finisterre was able to see included "unencrypted flight logs, passports, drivers licences and identification cards," he said.
Despite initially offering him the money, DJI has now in a statement accused Mr. Finisterre of refusing to agree to the terms of its bug bounty programme "which are designed to protect confidential data and allow time for analysis and resolution of a vulnerability before it is publicly disclosed."

Mr. Finisterre, an independent security researcher, said DJI tried to make him sign a non-disclosure agreement.

He also published an email from DJI telling him that security issues with servers were included in the bug bounty programme.

Cyber-security expert Professor Alan Woodward from Surrey University said DJI's actions were "outrageous, the public has a right to know when there's a security problem."

Source: www.bbc.com

Sent to us by: Roy W. Nash

A severely dangerous exploit on Intel CPUs has users scrambling to update their firmwares. We'll tell you what you need to do, and why it's so serious for both Windows and Linux users.

Intel admitted Monday that its Management Engine, Server Platform Services, and Trusted Execution Engine—ME, SPS and TXE respectively—are vulnerable to multiple worrying security flaws; based on the findings of external security experts.

The firmware-level bugs allow logged-in administrators, and malicious or hijacked high-privilege processes, to run code beneath the operating system to either spy on or meddle with the computer completely out of sight of other users and admins.

Meanwhile, logged-in users (or malicious or commandeered applications), can leverage the security weaknesses to extract confidential and protected information from the computer's memory. This potentially gives miscreants sensitive data (such as passwords or cryptographic keys) to kick off other attacks. On servers and other shared machines, this is especially bad news.

In short, a huge number of Intel CPUs are secretly running code that is buggy and exploitable by attackers and malware to fully and silently compromise computers.

Intel's Management Engine, at the heart of today's disclosures, is a computer within your computer. It is Chipzilla's much maligned coprocessor at the center of its vPro suite of features, and it is present in various chip families.

Not only does this include server Xeon processors, but also 6th, 7th and 8th Generation Intel Core processors, Apollo Lake, and some Celeron processors.

The Management Engine is a barely documented black box. It has its own CPU and its own operating system (recently, an x86 Quark core and MINIX) that has complete control over the machine—and it functions below and out of sight of the installed operating system and any hypervisors or antivirus tools present.

It is designed to allow network administrators to remotely or locally log into a server or workstation, and fix up any errors, reinstall the OS, take over the desktop, and so on, which is handy if the box is so messed up that it can't even boot properly.

The ME runs closed-source remote-administration software to do this, and this code contains bugs which allow hackers to wield incredible power over a machine. The ME can be potentially abused to install rootkits and other forms of spyware that silently snoop on users, steal information, or tamper with files. According to Intel, it allows an attacker to impersonate the ME, SPS or TXE mechanisms, thereby invalidating local security features.

Intel advises Microsoft and Linux users to download and run the Intel-SA-00086 detection tool to determine whether their systems are vulnerable to the above bugs. If you are at risk, you must obtain and install firmware updates from your computer's manufacturer, if and when they become available.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash