The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday May 27, 2020

IBM is laying off thousands of employees and seeking "flexibility" during the COVID-19 crisis.

Both Hewlett-Packard Enterprise and IBM have announced significant cost-cutting measures, including pay cuts and significant job losses.

The COVID-19 crisis is hitting almost every market sector hard, and now the dominoes are starting to fall. As other small, medium, and large businesses reduce operations or shutter for good, the tech firms that rely on enterprise clients are themselves taking heavy losses and laying off personnel. IBM announced its layoffs late Thursday.

In a statement, the company said the "highly competitive marketplace requires flexibility to constantly remix high-value skills," which in this case means deciding you no longer place a high value on the skills a significant number of employees bring to the socially distanced table.

IBM, like many firms now facing cuts and layoffs, was not in the best of financial situations before COVID-19 hit. The company's CEO, Arvind Krishna, has been with the company for decades but only stepped into the top seat in April, saying at the time he was focused on building up the parts of the company that support cloud computing and artificial intelligence and was willing to move away from the rest.

IBM did not specify how many positions were being cut, but both The Wall Street Journal and Bloomberg News report thousands of employees were affected in five states: California, New York, North Carolina, Missouri, and Pennsylvania.

IBM said in a statement it would offer subsidized medical coverage to affected employees for the next 12 months.

Hewlett-Packard Enterprise also announced its cost-cutting plans on Thursday as part of its more recent quarterly earnings report. The company will cut some salaries through at least the end of October, with executives seeing pay cuts of between 20 to 25 percent. The company, like younger tech brethren such as Facebook and Twitter, says it will further save money by embracing remote work in the longer term, allowing it to shutter some offices.

Source: arstechnica.com

Sent to us by: Roy W. Nash

Account-stealing malware is making its rounds on Discord.

Researchers have found an updated version of AnarchyGrabber that steals victims’ plaintext passwords and infects victims’ friends on Discord.

Detected as AnarchyGrabber3, the new trojan variant modifies the Discord client’s JavaScript core upon successful installation, and this modified version gives the malware the ability to load other JavaScript files.

When the infected Discord client is opened, the threat loaded inject.js from a new 4n4rchy folder. This file loaded another script called discordmod.js and the two scripts together logs the user out, at which point they are prompted to log back in.

The new AnarchyGrabber variant then attempts to disable two-factor authentication on its victim’s account, and steals information including their user name, plaintext password and user token, which it sends to the attacker's own Discord server by a webhook.

The malware also attempts to spread itself to other Discord users by sending a message that contains the malware to everyone on the user's friend list.

After modifying the Discord client, AnarchyGrabber doesn't run again, which makes it difficult for antivirus software to detect the threat since there are no malicious processes. It also ensures that a victim remains part of the botnet whenever they interact with Discord using the app.

Robbie, how can a user determine if they're infected if antivirus can't detect it?

Robbie: Tech savvy users can open the index.js file to check its contents. On Windows, go to %appdata% and enter the Discord folder. Linux and Mac users, go to the .config/discord folder within your home folder. On all architectures, the files are the same, so whether you're on Windows, Mac or Linux, you'll note that there are many files called index.js in the tree up from this folder, and the one you're looking for is found in discord_desktop_core. The directory format is Your discord version/modules/discord_desktop_core/. Check the contents of the index.js file, and if it contains anything other than a command to require core.asar, it's probably infected.

Bekah: Thanks, Robbie. If you suspect infection, uninstall the Discord app and reinstall, change your password, and ensure 2FA is re-enabled if it's been turned off. Whether Discord, email, Facebook or otherwise, be diligent, and ensure you only click links you know you can trust. Since malware like this spreads to friend lists, it's also important to remember that just because it's one of your trusted friends sending it, doesn't mean you can automatically trust the links. A simple "Did you send me this?" question could be all it takes to protect you, your account, and your privacy.

Source: www.tripwire.com

Sent to us by: Bekah Ferguson

A pizzeria owner in the US has discovered--and exploited--a flaw in DoorDash's marketing scheme and makes money buying his own pizzas.

The owner of a pizza restaurant in the US has discovered the DoorDash delivery app has been selling his food cheaper than he does - while still paying him full price for orders.

A pizza for which he charged $24 was being advertised for $16 on DoorDash - and when he secretly ordered it himself, the app paid his restaurant the full $24 while charging him $16.

So he ordered 10 pizzas, paid $160 and had them delivered to a friend's house. The restaurant was then paid $240 for the order by DoorDash.

In further tests, the restaurant prepared his friend's order by boxing up the pizza base without any toppings, maximising the profit from the mismatched prices. And it worked.

Content strategist Ranjan Roy, who is a friend of the pizzeria owner, blogged about it. He said, "I was genuinely curious if DoorDash would catch on - but they didn't."

The curiosity stemmed from the fact that they had not asked to be put on the app, so it didn't make sense that the company would be selling their pizza at a loss. They later found out it was part of a cunning strategy to build customer demand, and then use that demand to get the restaurant to sign up.

Mr. Roy says, "They have a test period where they scrape the restaurant's website and don't charge any fees to anyone, so they can ideally go to the restaurant with positive order data to then get the restaurant signed on to the platform."

Mr. Roy is of the opinion that it's bad business. He says, "You have insanely large pools of capital creating an incredibly inefficient money-losing business model."

DoorDash is backed by investment giant Softbank, which last week posted a record-breaking loss of nearly $13bn.

Source: www.bbc.com

Sent to us by: Roy W. Nash

Microsoft has fixed a critical vulnerability affecting all Windows versions since 1996.

Researchers have shown that a vulnerability in a decades-old Microsoft Windows component that controls printing could be abused by malicious actors to gain elevated privileges on the targeted system.

The flaw, which they dubbed PrintDemon, resides in the Print Spooler, and get this: It affects all Windows versions since NT 4.0. The component has remained largely unchanged since, even though another vulnerability affecting it was abused by the infamous Stuxnet a decade ago.

Microsoft said of the fix, "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Microsoft played down the likelihood of exploitation, saying that an attacker would need to log on to an affected system and use a specially written script or application. But as we know, RDP exploits are occurring in the wild, with malware such as Sarwent opening remote access to Windows systems. So in today's connected world, saying a hacker needs to have access to a system in order to exploit it is an irresponsible point to make which could mislead inexperienced IT departments into complacency.

The vulnerability can be abused to elevate privileges, bypass endpoint detection and response rules, and gain persistence.

As part of this month’s Patch Tuesday, which plugged a total of 111 security holes, Microsoft changed how the Windows Print Spooler Component writes data to the file system, and it is advised to download and apply the update.

This exploit goes to show why running a version of Windows that is past end of life is unwise. The fix for this exploit will not be released to EOL operating systems such as Windows XP or even Windows 7, which will remain vulnerable to this critical flaw.

Perhaps this is also another example of why it's high time to consider switching to Linux.

Source: www.welivesecurity.com

Sent to us by: Robbie Ferguson

Unmanned drones will slash NHS delivery times to a remote Scottish hospital.

Remote-control drones will be used to deliver coronavirus testing kits to a remote Scottish hospital – and they're being flown outside of the operators' direct line of sight.

Backed by the local NHS trust, drone firm Skyports will fly drones between the Isle of Mull and Oban, the closest town on the Scottish mainland.

We've reported on similar recent trial programs, and it seems it's working as more communities begin tapping into the unmatched capabilities of UAVs.

Skyports chief exec Duncan Walker speaks about their recent trial in the Scottish area of Argyll and Bute, saying it "provides an important short-term response to the current pandemic and lays the foundations from which to grow a permanent drone delivery operation across a network of healthcare facilities around the country."

His company will fly unmanned delivery drones made by German company Wingcopter. The craft will fly the 17km between Lorn and Isles hospital in Oban and Iona Community Hospital in Craignure.

While 17km doesn't sound like a long distance as the crow flies, it's a lengthy, arduous journey by road and ferry. By contrast, Skyports says it will take just 15 minutes by drone.

The trial will take place using beyond-visual-line-of-sight rules, requiring special permission from the Civil Aviation Authority. Drone flights that go beyond the operator's line of sight are normally prohibited; however, the main perceived benefit of aviation drones cannot be realised until the tech is proven safe enough to be flown without a watchful human nearby in case of collisions.

The trial will take place over the next two weeks, completing in the first week of June.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash