A ransomware gang going by the of Egregor has leaked data it claims to have obtained from the internal networks of two of today's largest gaming companies -- Ubisoft and Crytek. An anonymous reader writes: Data allegedly taken from each company has been published on the ransomware gang's dark web portal on Tuesday. Details about how the Egregor gang obtained the data remain unclear. Ransomware gangs like Egregor regularly breach companies, steal their data, encrypt files, and ask for a ransom to decrypt the locked data. However, in many incidents, ransomware gangs are also get caught and kicked out of networks during the data exfiltration process, and files are never encrypted. Nevertheless, they still extort companies, asking victims for money to not leak sensitive files. Usually, when negotiations break down, ransomware gangs post a partial leak of the stolen files on so-called leak sites. On Tuesday, leaks for both Crytek and Ubisoft were posted on the Egregor portal at the same time, with threats from the ransomware crew to leak more files in the coming days.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Google and Intel are warning of a high-severity Bluetooth flaw in all but the most recent version of the Linux Kernel. While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information. The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. Besides Linux laptops, it's used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later. So far, little is known about BleedingTooth, the name given by Google engineer Andy Nguyen, who said that a blog post will be published "soon." A Twitter thread and a YouTube video provide the most detail and give the impression that the bug provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth. Intel, meanwhile, has issued this bare-bones advisory that categorizes the flaw as privilege-escalation or information-disclosure vulnerability. The advisory assigned a severity score of 8.3 out of a possible 10 to CVE-2020-12351, one of three distinct bugs that comprise BleedingTooth. "Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure," the advisory states. "BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities." Intel, which is a primary contributor to the BlueZ open source project, said that the most effective way to patch the vulnerabilities is to update to Linux kernel version 5.9, which was published on Sunday. Those who can't upgrade to version 5.9 can install a series of kernel patches the advisory links to. Maintainers of BlueZ didn't immediately respond to emails asking for additional details about this vulnerability. Ars Technica points out that since BleedingTooth requires proximity to a vulnerable device, there's not much reason for people to worry about this vulnerability. "It also requires highly specialized knowledge and works on only a tiny fraction of the world's Bluetooth devices," it adds.

Read more of this story at Slashdot.

The Xplora 4 smartwatch, made by Chinese outfit Qihoo 360 Technology Co, and marketed to children under the Xplora brand in the US and Europe, can covertly take photos and record audio when activated by an encrypted SMS message, says Norwegian security firm Mnemonic. The Register reports: This backdoor is not a bug, the finders insist, but a deliberate, hidden feature. Around 350,000 watches have been sold so far, Xplora says. Exploiting this security hole is non-trivial, we note, though it does reveal the kind of remotely accessible stuff left in the firmware of today's gizmos. "The backdoor itself is not a vulnerability," said infosec pros Harrison Sand and Erlend Leiknes in a report on Monday. "It is a feature set developed with intent, with function names that include remote snapshot, send location, and wiretap. The backdoor is activated by sending SMS commands to the watch." The researchers suggest these smartwatches could be used to capture photos covertly from its built-in camera, to track the wearer's location, and to conduct wiretapping via the built-in mic. They have not claimed any such surveillance has actually been done. The watches are marketed as a child's first phone, we're told, and thus contain a SIM card for connectivity (with an associated phone number). Parents can track the whereabouts of their offspring by using an app that finds the wearer of the watch. Xplora contends the security issue is just unused code from a prototype and has now been patched. But the company's smartwatches were among those cited by Mnemonic and Norwegian Consumer Council in 2017 for assorted security and privacy concerns. With the appropriate Android intent, an incoming encrypted SMS message received by the Qihoo SMS app could be directed through the command dispatcher in the Persistent Connection Service to trigger an application command, like a remote memory snapshot. Exploiting this backdoor requires knowing the phone number of the target device and its factory-set encryption key. This data is available to those to Qihoo and Xplora, according to the researchers, and can be pulled off the device physically using specialist tools. This basically means ordinary folks aren't going to be hacked, either by the manufacturer under orders from Beijing or opportunistic miscreants attacking gizmos in the wild, though it is an issue for persons of interest. It also highlights the kind of code left lingering in mass-market devices.

Read more of this story at Slashdot.

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside. From a report: In general, the jailbreak community haven't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the T2 chip, launched in 2017, created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass. On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware. "The T2 is meant to be this little secure black box in Macs -- a computer inside your computer, handling things like Lost Mode enforcement, integrity checking, and other privileged duties," says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. "So the significance is that this chip was supposed to be harder to compromise -- but now it's been done."

Read more of this story at Slashdot.

The Washington Post reports: In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world's largest botnet — one used also to drop ransomware, which officials say is one of the top threats to the 2020 election. U.S. Cyber Command's campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity. But it is one way to distract them at least for a while as they seek to restore operations. U.S. Cyber Command also "stuffed millions of bogus records about new victims into the Trickbot database — apparently to confuse or stymie the botnet's operators," reports security researcher Brian Krebs: Alex Holden, chief information security officer and president of Milwaukee-based Hold Security, has been monitoring Trickbot activity before and after the 10-day operation. Holden said while the attack on Trickbot appears to have cut its operators off from a large number of victim computers, the bad guys still have passwords, financial data and reams of other sensitive information stolen from more than 2.7 million systems around the world. Holden said the Trickbot operators have begun rebuilding their botnet, and continue to engage in deploying ransomware at new targets. "They are running normally and their ransomware operations are pretty much back in full swing," Holden said. "They are not slowing down because they still have a great deal of stolen data." Holden added that since news of the disruption first broke a week ago, the Russian-speaking cybercriminals behind Trickbot have been discussing how to recoup their losses, and have been toying with the idea of massively increasing the amount of money demanded from future ransomware victims.

Read more of this story at Slashdot.

Airliners carry a variety of computer systems that could become vulnerable to hackers and U.S. regulators haven't imposed adequate counter measures, a government watchdog report concluded. From a report: The Federal Aviation Administration hasn't prioritized cyber risks, developed a cybersecurity training program or conducted testing of potentially vulnerable systems, the Government Accountability Office said in a report issued Friday. "Until FAA strengthens its oversight program, based on assessed risks, it may not be able to ensure it is providing sufficient oversight to guard against evolving cybersecurity risks facing avionics systems in commercial airplane," the GAO report said. Commercial aircraft carry increasingly sophisticated computer systems, including wireless networks, seat-back entertainment, position broadcasts and devices that automatically transmit data to the ground.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: For months, Apple's corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers, a security researcher said on Thursday. Sam Curry, a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information. Apple promptly fixed the vulnerabilities after Curry reported them over a three-month span, often within hours of his initial advisory. The company has so far processed about half of the vulnerabilities and committed to paying $288,500 for them. Once Apple processes the remainder, Curry said, the total payout might surpass $500,000. "If the issues were used by an attacker, Apple would've faced massive information disclosure and integrity loss," Curry said in an online chat a few hours after posting a 9,200-word writeup titled We Hacked Apple for 3 Months: Here's What We Found. "For instance, attackers would have access to the internal tools used for managing user information and additionally be able to change the systems around to work as the hackers intend." An Apple representative issued a statement that said: "At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats. As soon as the researchers alerted us to the issues they detail in their report, we immediately fixed the vulnerabilities and took steps to prevent future issues of this kind. Based on our logs, the researchers were the first to discover the vulnerabilities so we feel confident no user data was misused. We value our collaboration with security researchers to help keep our users safe and have credited the team for their assistance and will reward them from the Apple Security Bounty program."

Read more of this story at Slashdot.

Brian Krebs writes via KrebsOnSecurity.com: There's an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today's attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. One of the most common ways such access is monetized these days is through ransomware, which holds a victim's data and/or computers hostage unless and until an extortion payment is made. But in most cases, there is a yawning gap of days, weeks or months between the initial intrusion and the deployment of ransomware within a victim organization. That's because it usually takes time and a good deal of effort for intruders to get from a single infected PC to seizing control over enough resources within the victim organization where it makes sense to launch the ransomware. This includes pivoting from or converting a single compromised Microsoft Windows user account to an administrator account with greater privileges on the target network; the ability to sidestep and/or disable any security software; and gaining the access needed to disrupt or corrupt any data backup systems the victim firm may have. Each day, millions of malware-laced emails are blasted out containing booby-trapped attachments. If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine. From there, the infected system will report home to a malware control server operated by the spammers who sent the missive. At that point, control over the victim machine may be transferred or sold multiple times between different cybercriminals who specialize in exploiting such access. These folks are very often contractors who work with established ransomware groups, and who are paid a set percentage of any eventual ransom payments made by a victim company.

Read more of this story at Slashdot.

A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously. The BBC reports: Qiui's Cellmate Chastity Cage is sold online for about $190 and is marketed as a way for owners to give a partner control over access to their body. Pen Test Partners believe about 40,000 devices have been sold based on the number of IDs that have been granted by its Guangdong-based creator. The cage wirelessly connects to a smartphone via a Bluetooth signal, which is used to trigger the device's lock-and-clamp mechanism. But to achieve this, the software relies on sending commands to a computer server used by the manufacturer. The security researchers said they discovered a way to fool the server into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used. In addition, they said, they could reveal a unique code that had been assigned to each device. These could be used to make the server ignore app requests to unlock any of the identified chastity toys, they added, leaving wearers locked in. The sex toy's app has been fixed by its Chinese developer after a team of UK security professionals flagged the bug. They have also published a workaround. This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation. Any other attempt to cut through the device's plastic body poses a risk of harm.

Read more of this story at Slashdot.

A software company supporting hundreds of clinical trials — including coronavirus vaccine trials — has been hit by a ransomware attack that "has slowed some of those trials over the past two weeks," reports the New York Times. Employees "discovered that they were locked out of their data by ransomware..." eResearchTechnology (ERT) said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper. Among those hit were IQVIA, the contract research organization helping manage AstraZeneca's Covid vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus. ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America. It was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website. On Friday, Drew Bustos, ERT's vice president of marketing, confirmed that ransomware had seized its systems on September 20. As a precaution, Mr. Bustos said, the company took its systems offline that day, called in outside cybersecurity experts and notified the Federal Bureau of Investigation. "Nobody feels great about these experiences, but this has been contained," Mr. Bustos said. He added that ERT was starting to bring its systems back online on Friday and planned to bring remaining systems online over the coming days... One of ERT's clients, IQVIA, said it had been able to limit problems because it had backed up its data. Bristol Myers Squibb also said the impact of the attack had been limited, but other ERT customers had to move their clinical trials to move to pen and paper. The Times notes it's just one of "more than a thousand ransomware attacks on American cities, counties and hospitals over the past 18 months." Other interesting details from the article: ERT's vice president of marketing "declined to say whether the company paid its extortionists, as so many companies hit by ransomware now do." The attack follows what NBC News calls "one of the largest medical cyberattacks in United States history," taking down the computer systems of Universal Health Services at over 400 locations. "In May, the FBI and the Department of Homeland Security warned that Chinese government spies were actively trying to steal American clinical research through cybertheft... More than a dozen countries have redeployed military and intelligence hackers to glean what they can about other nations' responses, according to security researchers." Two companies working on a coronavirus vaccine — Pfizer and Johnson & Johnson — emphasized to the Times that they weren't affected by ERT's issues, with a Pfizer spokesperson stressing they're not even using ERT's software.

Read more of this story at Slashdot.

According to a Netflix support document, an Apple T2 Security chip is required to stream Netflix in 4K HDR on a Mac. "What that hardware requirement means is that only recent Macs have the ability to play UHD content from Netflix," reports Engadget. From the report: Here's the full list of T2-equipped Macs: 2018 or later MacBook Pro, 2018 or later MacBook Air, 2018 Mac mini, 2019 Mac Pro, iMac Pro and 2020 iMac. If you're not sure whether your Mac has the necessary hardware, you can find out by following the steps Apple details on its website. The Verge suggests the requirement could have something to do with the T2 chip's ability to process HEVC encoded videos. On its webpage for the iMac, Apple says the coprocessor can transcode HEVC video up to twice as fast as its previous generation T1 chip. If Netflix is encoding streams using HEVC, that could explain the requirement. Whatever the case, we've reached out to both Apple and Netflix for more information, and we'll update this article when we hear back from them. There are some other requirements too. In addition to having a T2-equipped Mac, you'll need macOS Big Sur, a Premium Netflix subscription, and the Safari browser -- other browsers will limit you to 720p on a Mac.

Read more of this story at Slashdot.

Krebs on Security: Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. In its advisory, the Treasury's Office of Foreign Assets Control (OFAC) said "companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations." As financial losses from cybercrime activity and ransomware attacks in particular have skyrocketed in recent years, the Treasury Department has imposed economic sanctions on several cybercriminals and cybercrime groups, effectively freezing all property and interests of these persons (subject to U.S. jurisdiction) and making it a crime to transact with them. A number of those sanctioned have been closely tied with ransomware and malware attacks, including the North Korean Lazarus Group; two Iranians thought to be tied to the SamSam ransomware attacks; Evgeniy Bogachev, the developer of Cryptolocker; and Evil Corp, a Russian cybercriminal syndicate that has used malware to extract more than $100 million from victim businesses.

Read more of this story at Slashdot.

A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council. From a report: The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries on the UN Security Council. UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country). The attacks were attributed to a North Korean hacker group known in the cyber-security community by the codename of Kimsuky. According to the UN report, Kimsuky operations took place across March and April this year and consisted of a series of spear-phishing campaigns aimed at the Gmail accounts of UN officials. The emails were designed to look like UN security alerts or requests for interviews from reporters, both designed to convince officials to access phishing pages or run malware files on their systems.

Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: With today's news that French shipping giant CMA CGM has been hit by a ransomware attack, this now means that all of the four biggest maritime shipping companies in the world have been hit by cyber-attacks in the past four years, since 2017. Previous incidents included: 1.) APM-Maersk -- taken down for weeks by the NotPetya ransomware/wiper in 2017. 2.) Mediterranean Shipping Company -- hit in April 2020 by an unnamed malware strain that brought down its data center for days. 3.) COSCO -- brought down for weeks by ransomware in July 2018. On top of these, we also have CMA CGM, which today took down its worldwide shipping container booking system after its Chinese branches in Shanghai, Shenzhen, and Guangzhou were hit by the Ragnar Locker ransomware. This marks for a unique case study, as there is no other industry sector where the Big Four have suffered major cyber-attacks one after the other like this. But while all these incidents are different, they show a preferential targeting of the maritime shipping industry.

Read more of this story at Slashdot.

Catalin Cimpanu, writing for ZDNet: For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape. While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report. Just like the previous SIR reports, Microsoft has yet again delivered. Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers. The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft's main findings, and general threat landscape trends. [...] But, by far, the most disruptive cybercrime threat of the past year have been ransomware gangs. Microsoft said that ransomware infections had been the most common reason behind the company's incident response (IR) engagements from October 2019 through July 2020. And of all ransomware gangs, it's the groups known as "big game hunters" and "human-operated ransomware" that have given Microsoft the most headaches. These are groups that specifically target select networks belonging to large corporations or government organizations, knowing they stand to receive larger ransom payments. Most of these groups operate either by using malware infrastructure provided by other cybercrime groups or by mass-scanning the internet for newly-disclosed vulnerabilities. In most cases, groups gain access to a system and maintain a foothold until they're ready to launch their attacks. However, Microsoft says that this year, these ransomware gangs have been particularly active and have reduced the time they need to launch attacks, and especially during the COVID-19 pandemic. "Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim's system â" compromising, exfiltrating data and, in some cases, ransoming quickly â" apparently believing that there would be an increased willingness to pay as a result of the outbreak," Microsoft said today. "In some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes."

Read more of this story at Slashdot.

A Texas company that sells software that cities and states use to display results on election night was hit by ransomware last week, the latest of nearly a thousand such attacks over the past year against small towns, big cities and the contractors who run their voting systems. From a report: Many of the attacks are conducted by Russian criminal groups, some with shady ties to President Vladimir V. Putin's intelligence services. But the attack on Tyler Technologies, which continued on Friday night with efforts by outsiders to log into its clients' systems around the country, was particularly rattling less than 40 days before the election. While Tyler does not actually tally votes, it is used by election officials to aggregate and report them in at least 20 places around the country -- making it exactly the kind of soft target that the Department of Homeland Security, the F.B.I. and United States Cyber Command worry could be struck by anyone trying to sow chaos and uncertainty on election night. Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies. But then some of Tyler's clients -- the company would not say which ones -- saw outsiders trying to gain access to their systems on Friday night, raising fears that the attackers might be out for something more than just a quick profit. That has been the fear haunting federal officials for a year now: that in the days leading up to the election, or in its aftermath, ransomware groups will try to freeze voter registration data, election poll books or the computer systems of the secretaries of the state who certify election results. With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen. "The chance of a local government not being hit while attempting to manage the upcoming and already ridiculously messy election would seem to be very slim," said Brett Callow, a threat analyst at Emsisoft, a security firm.

Read more of this story at Slashdot.

Around 40 per cent of staff in British and American corporations have access to sensitive data that they don't need to complete their jobs, according to recent research. From a report: In a survey commissioned by IT security firm Forcepoint of just under 900 IT professionals, 40 per cent of commercial sector respondents and 36 per cent working in the public sector said they had privileged access to sensitive data through work. Worryingly, of that number, about a third again (38 per cent public sector and 36 per cent private) said they had access privileges despite not needing them. Overall, out of more than 1,000 respondents, just 14 per cent from the private sector thought their org was fully aware of who had the keys to their employers' digital kingdoms. Carried out by the US Ponemon Institute, a research agency, the survey also found that about 23 per cent of IT pros across the board reckoned that privileged access to data and systems was handed out willy-nilly, or, as Forcepoint put it in a statement, "for no apparent reason." Access management is a critical topic for IT security bods, especially as COVID-19-induced remote working introduces challenges for the monitoring of data access and intra-org flows.

Read more of this story at Slashdot.

Google's cloud-based service platform for developing and hosting web apps "can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products," reports Bleeping Computer, citing a startling discovery by security researcher Marcel Afrahim: A Google App Engine subdomain does not only represent an app, it represents an app's version, the service name, project ID, and region ID fields. But the most important point to note here is, if any of those fields are incorrect, Google App Engine won't show a 404 Not Found page, but instead show the app's "default" page (a concept referred to as soft routing)... Essentially, this means there are a lot of permutations of subdomains to get to the attacker's malicious app. As long as every subdomain has a valid "project_ID" field, invalid variations of other fields can be used at the attacker's discretion to generate a long list of subdomains, which all lead to the same app... The fact that a single malicious app is now represented by multiple permutations of its subdomains makes it hard for sysadmins and security professionals to block malicious activity. But further, to a technologically unsavvy user, all of these subdomains would appear to be a "secure site." After all, the appspot.com domain and all its subdomains come with the seal of "Google Trust Services" in their SSL certificates. Even further, most enterprise security solutions such as Symantec WebPulse web filter automatically allow traffic to trusted category sites. And Google's appspot.com domain, due to its reputation and legitimate corporate use cases, earns an "Office/Business Applications" tag, skipping the scrutiny of web proxies.

Read more of this story at Slashdot.

Ring's latest home security camera is an autonomous drone, called the Always Home Cam, that can fly around inside your home to give you a perspective of any room you want when you're not home. "Once it's done flying, the Always Home Cam returns to its dock to charge its battery," reports The Verge. "It is expected to cost $249.99 when it starts shipping next year." From the report: Jamie Siminoff, Ring's founder and "chief inventor," says the idea behind the Always Home Cam is to provide multiple viewpoints throughout the home without requiring the use of multiple cameras. In an interview ahead of the announcement, he said the company has spent the past two years on focused development of the device, and that it is an "obvious product that is very hard to build." Thanks to advancements in drone technology, the company is able to make a product like this and have it work as desired. The Always Home Cam is fully autonomous, but owners can tell it what path it can take and where it can go. When you first get the device, you build a map of your home for it to follow, which allows you to ask it for specific viewpoints such as the kitchen or bedroom. The drone can be commanded to fly on demand or programmed to fly when a disturbance is detected by a linked Ring Alarm system. The charging dock blocks the camera's view, and the camera only records when it is in flight. Ring says the drone makes an audible noise when flying so it is obvious when footage is being recorded. Ring also rolled out new hardware for the automotive market with three different devices focused on car owners: Ring Car Alarm, Car Cam, and Car Connect. The company also said they've added opt-in end-to-end video encryption, as well as the option to completely disable the "Neighbors" feed, which allows users to view local crime in real time and discuss it with people nearby.

Read more of this story at Slashdot.

Last week, voters and election administrators who emailed Leanne Jackson, the clerk of rural Hamilton County in central Texas, received bureaucratic-looking replies. "Re: official precinct results," one subject line read. The text supplied passwords for an attached file. But Jackson didn't send the messages. From a report: Instead, they came from Sri Lankan and Congolese email addresses, and they cleverly hid malicious software inside a Microsoft Word attachment. By the time Jackson learned about the forgery, it was too late. Hackers continued to fire off look-alike replies. Jackson's three-person office, already grappling with the coronavirus pandemic, ground to a near standstill. "I've only sent three emails today, and they were emails I absolutely had to send," Jackson said Friday. "I'm scared to" send more, she said, for fear of spreading the malware. The previously unreported attack on Hamilton illustrates an overlooked security weakness that could hamper the November election: the vulnerability of email systems in county offices that handle the voting process from registration to casting and counting ballots. Although experts have repeatedly warned state and local officials to follow best practices for computer security, numerous smaller locales like Hamilton appear to have taken few precautionary measures. U.S. Department of Homeland Security officials have helped local governments in recent years to bolster their infrastructure, following Russian hacking attempts during the last presidential election. But desktop computers used each day in small rural counties to send routine emails, compose official documents or analyze spreadsheets can be easier targets, in part because those jurisdictions may not have the resources or know-how to update systems or afford security professionals familiar with the latest practices. A ProPublica review of municipal government email systems in swing states found that dozens of them relied on homebrew setups or didn't follow industry standards. Those protocols include encryption to ensure email passwords are secure and measures that confirm that people sending emails are who they purport to be. At least a dozen counties in battleground states didn't use cloud-hosted email from firms like Google or Microsoft. While not a cure-all, such services improve protections against email hacks.

Read more of this story at Slashdot.