A collection point
...and some of my own.
US: Blockchain Developer Gets Busted After Talk in North Korea Tim B Lee: The prominent hacker and Ethereum developer Virgil Griffith was arrested by the US government Friday after he spoke at an April conference on blockchain technologies in North Korea. The US government considers his presentation to be a transfer of technology—and therefore a violation of US sanctions. In a charging document, an FBI agent wrote that Griffith "discussed how blockchain and cryptocurrency technology could be used by the DPRK to launder money and evade sanctions, and how the DPRK could use these technologies to achieve independence from the global banking system." Griffith made little effort to hide his travel plans. He tweeted out a photo of his travel documents and voluntarily talked to the FBI after his trip. He even allowed the authorities to inspect his cell phone. The Feds say Griffith's electronic communications show a clear intention to violate US sanctions laws. US: Tens of Millions Exposed by SMS Data Leak VPN Mentor Website: Tens of millions of Americans may have been caught in another data leak after business SMS provider TrueDialog left a massive database exposed online, according to researchers. TrueDialog is based in Austin, Texas USA, and has been around for more than 10 years. It specializes in creating SMS solutions for large and small businesses. There are several different SMS programs including mass text messaging, marketing SMS options, urgent alerts, an Education SMS solution, and more. Currently, TrueDialog works with over 990 cell phone operators and reaches more than 5 billion subscribers around the world. The TrueDialog database was hosted by Microsoft Azure and runs on the Oracle Marketing Cloud in the USA. When we last looked at the database it included 604 GB of data. This included nearly 1 billion entries of highly sensitive data apparently left wide open, exposing all 604GB — one billion entries — of that sensitive information. “It’s difficult to put the size of this data leak into context. Tens of millions of people were potentially exposed in a number of ways. It’s rare for one database to contain such a huge volume of information that’s also incredibly varied." The leak exposed the full names, email addresses and phone numbers of SMS recipients as well as the content of messages, plus clear-text and easily decryptable base64-encoded account log-ins for TrueDialog clients. Reveton ransomware schemer stripped of six years of freedom, £270,000, and a Rolex Charlie Osborne: UK prosecutors say 25-year-old computer science student needs to pay up or face more time behind bars. On Monday, the UK's National Crime Agency (NCA) said Zain Qaiser, a resident of Essex and a computer science student, admitted to being a member of the cybercriminal gang and was jailed in April following a long-term investigation by law enforcement. Security Over the course of six years, the 25-year-old was tied to what is believed to be the Russian Lurk group, in which 50 suspected members and associates were arrested back in 2016. The student's role was to pose as legitimate companies to buy advertising space from pornographic and adult websites and these spaces would actually be used for malvertising purposes. Victims were accounted for in over 20 countries and millions of PCs were infected with malware including Reveton. Financial accounts linked to Qaiser were eventually discovered, including a cryptocurrency account stored overseas, which contained over £100,000. Law enforcement has now demanded that Qaiser pay back £270,000 ($355,000), together with the sale of a £5000 Rolex, "based on an assessment of his available assets." US Probe Finds Cambridge Analytica Misled Facebook Users on Data US regulators concluded Friday that British consultancy Cambridge Analytica -- at the center of a massive scandal on hijacking of Facebook data -- deceived users of the social network about how it collected and handled their personal information. The Federal Trade Commission said its investigation launched in March 2018 concluded that the political consulting firm "engaged in deceptive practices to harvest personal information from tens of millions of Facebook users for voter profiling and targeting." The FTC said the British firm, which worked on Donald Trump's 2016 presidential campaign, made "false and misleading" claims when it offered Facebook users a "personality quiz" -- stating it would not download names or any personally identifiable information. The personality prediction app was downloaded by 270,000 people but also scooped up data from their friends, and fed into an effort by the firm to predict the behavior of US voters. Facebook's own investigation found that some data from 87 million users in the US and elsewhere had been compromised by the firm, and claimed the practices violated the social network's terms of service. Facebook, which did not immediately respond to a query on the FTC decision, paid a record $5 billion penalty early this year in a settlement with the regulator over mishandling users' private data. CN: The “Great Cannon” has been deployed again. ATT: The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable: The Great Cannon was the subject of intense research after it was used to disrupt access to the website Github.com in 2015. Little has been seen of the Great Cannon since 2015. However, we’ve recently observed new attacks, which are detailed below. The Great Cannon is currently attempting to take the website LIHKG offline. LIHKG has been used to organize protests in Hong Kong. Using a simple script that uses data from UrlScan.io, we identified new attacks likely starting Monday November 25th, 2019. Websites are indirectly serving a malicious javascript file from either: http://push.zhanzhang.baidu.com/push.js; or http://js.passport.qihucdn.com/11.0.1.js Normally these URLs serve standard analytics tracking scripts. However, for a certain percentage of requests, the Great Cannon swaps these on the fly with malicious code: The code attempts to repeatedly request the following resources, in order to overwhelm websites and prevent them from being accessible. It is disturbing to see an attack tool with the potential power of the Great Cannon used more regularly, and again causing collateral damage to US based services. Timeline of historical Great Cannon incidents Below we have described previous Great Cannon attacks, including previous attacks against LIHKG in September 2019. 2015: GreatFire and GitHub: During the 2015 attacks, DDoS scripts were sent in response to requests sent to a number of domains, for both Javascript and HTML pages served over HTTP from behind the Great Firewall. A number of distinct stages and targets were identified: March 3 to March 6, 2015: Initial, limited test firing of the Great Cannon starts. March 10: Real attacks start against a Chinese-language news site (Sinasjs.cn). March 13: New attacks against an organization that monitors censorship (GreatFire.org). March 25: Attacks against GitHub.com start, targeting content hosted from the site GreatFire.org and a Chinese edition of the New York Times. This resulted in a global outage of the GitHub service. March 26th - Attacks began using code hidden with the Javascript obfuscator “packer”: Research by CitizenLab identified multiple likely points where the malicious code is injected. The Great Cannon operated probabilistically, injecting return packets to a certain percentage of requests for Javascript from certain IP addresses. As noted by commentators at the time, the same functionality could also be used to insert exploitation code to enable “Man-on-the-side” attacks to compromise key targets. 2017 and onward: attacks against Mingjingnews: In August 2017, Great Cannon attacks against a Chinese-language news website (Mingjingnews.com) were identified by a user on Stack Overflow. The code in the 2017 attack is significantly re-written and is largely unchanged in the attacks seen in 2019. We have continued to see attacks against Mingjingnews in the last year. 2019: Attacks against Hong Kong democracy movement: On August 31, 2019, the Great Cannon initiated an attack against a website (lihkg.com) used by members of the Hong Kong democracy movement to plan protests. The Javascript code is very similar to the packer code used in the attacks against Mingjingnews observed in 2017 and onward, and the code was served from at least two locations: http://push.zhanzhang.baidu.com/push.js http://js.passport.qihucdn.com/11.0.1.js Initial versions targeted a single page on lihkg.com. Later versions targeted multiple pages and attempted (unsuccessfully) to bypass DDoS mitigations that the website owners had implemented. BMW and Hyundai hacked by Vietnamese hackers, report claims German media is reporting that hackers suspected to have ties to the Vietnamese government have breached the networks of two car manufacturers, namely BMW and Hyundai. The report, coming from Bayerischer Rundfunk (BR) and Taggesschau (TS), claims that hackers breached the network of a BMW branch sometime this spring. The attackers allegedly installed a penetration testing toolkit named Cobalt Strike on infected hosts, which they used as a backdoor into the compromised network. BMW had supposedly allowed the hackers to persist on its network, and followed their every move, cutting off their access the last weekend in November. Amazon Battles Leaky S3 Buckets with a New Security Tool From the AWS Announcement last Tuesday: Access Analyzer for S3 is a new feature that monitors your access policies, ensuring that the policies provide only the intended access to your S3 resources. Access Analyzer for S3 evaluates your bucket access policies and enables you to discover and swiftly remediate buckets with potentially unintended access. Access Analyzer for S3 alerts you when you have a bucket that is configured to allow access to anyone on the internet or that is shared with other AWS accounts. You receive insights or ‘findings’ into the source and level of public or shared access. For example, Access Analyzer for S3 will proactively inform you if read or write access were unintendedly provided through an access control list (ACL) or bucket policy. With these insights, you can immediately set or restore the intended access policy. In short, the new feature is supposed to help avoid accidental misconfigurations that could result in sensitive data being exposed, and subsequently damaging a company's brand and even - potentially - putting its customers at risk. If the Access Analyzer tool discovers that a bucket is misconfigured you can respond to the alert by making a single click to "Block All Public Access," and then use the tool's report to understand the nature of the problem so you can fully address it. Of course, it's perfectly possible that there is data on your AWS cloud servers which is supposed to be shared on the general internet (webpages, for instance), and these can be marked as intentionally public to avoid repeat warnings. Aside from Amazon S3 buckets, IAM Access Analyzer can also analyse the permissions granted using policies for your AWS KMS keys, Amazon SQS queues, AWS IAM roles, and AWS Lambda functions. Why the iPhone 11 Tracks Your Location Even When You Tell It Not To Wired: Last week started with a minor mystery. Security journalist Brian Krebs noted that the iPhone 11 and 11 Plus check in on your location even when you turn off all location-related settings. That doesn't happen on older iPhones, and more importantly, goes against Apple's privacy policy and general gestalt. Rather than clearing the issue up at the time, Apple brushed off Krebs, giving no explanation other than that it was expected behavior. Well! A few days later, the company finally gave a real answer. It turns out to be related to the new ultra wide band technology enabled by the U1 chip inside of Apple's latest phones. “Ultra Wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” Apple's statement reads. The location pings are there to make sure you're not in one of those locations, and the info never leaves the phone itself. All of which sounds reasonable enough, although it's still extremely unclear why Apple couldn't have just said all of that in the first place. Hackers Steal VC Seed Money With Classic Man-in-the-Middle Attack There's nothing especially fancy about the way hackers parted a Chinese venture capital company from its million-dollar investment in an Israeli startup, but it's an impressive example of the genre. The attackers noticed an email telegraphing the upcoming money transfer, and created fake domains that looked like the two companies respectively. By sending emails to each organization pretending to be from the other, the hackers were able to intercept every step of the ensuing correspondence, altering details along the way—like banking details. It's all very clever! Highly illegal, of course, and morally wrong. But clever! How they did it: A few months before the transaction was scheduled to happen, the attackers noticed an email thread containing information about a multimillion-dollar seeding fund from the Chinese VC. Rather than simply monitoring the thread and having emails forwarded to them, the attackers registered two domains. One of the domains was a look-alike of the Chinese investment company's domain; the other was a spoof of the Israeli firm's domain. In both instances, the threat actors simply added an "s" to the end of the original domain name. The next phase of the scam involved the attackers sending two emails with the same subject header as the original email thread about the planned seed funding. The attackers used the Israeli firm's look-alike domain to send an email to the Chinese VC firm that appeared to be from the startup's CEO. They also used the Chinese firm's look-alike domain to send an email to the Israeli company that purported to be from the email account of the manager in charge of the transaction at the investment firm. "This infrastructure gave the attacker the ability to conduct the ultimate Man-In-The-Middle (MITM) attack." Thus, all email communication that both sides carried out in response to those two initial emails were being sent directly to the attackers first. The threat actors would review each email, make whatever changes they felt they needed to make, and then forward the messages from the look-alike domains to the original destination. In total, the attacker sent 14 emails to the Israeli side and 18 to the Chinese VC firm using the look-alike domains. Over the course of these communications, the attackers managed to change the bank account information for the VC firm and replace it with their own, so any money that the VC firm sent to the Israeli firm would end up with the attackers instead. The attackers were so brazen they even managed to cancel a scheduled meeting in Shanghai between the CEO of the Israeli company and the Chinese VC firm. They basically sent emails with different excuses to both sides using the rogue domains. The goal in thwarting the meeting apparently was to minimize the risk of the bank account number switch being discovered. "This operation was unique because the threat actor successfully spoofed both sides of the transaction and was able to disrupt physical meetings between the parties involved," says Tim Otis, team leader, incident response operations at Check Point Security. Some VPNs Vulnerable to Traffic Hijacking A virtual private network ostensibly keeps your internet browsing safe from prying eyes. But a newly disclosed vulnerability in Unix-based operating systems—that's everything from Linux to macOS—leaves those VPN connections at risk of sniffing or even hijacking. The good news is that it's a tricky exploit to pull off, so you're probably not at risk unless a particularly talented hacker has eyes on you. The bad news? VPNs were already hard enough to trust. Reddit Ties UK Document Dump to Russian Campaign On October 21, documents hit the internet that purported to show sensitive details about UK trade talks with the US. On Monday, Reuters reported that the release had the hallmarks of a coordinated Russian disinformation campaign. Friday afternoon, Reddit itself confirmed as much. Remember, friends! Russian intelligence operations haven't slowed down since 2016, and they're not going to. Data of 21 million Mixcloud users put up for sale: Emails, usernames, and strong-hashed passwords sold for just $2,000.
The breach appears to have taken place on or before November 13, which is the registration date for the last user profile included in the data dump. Tech news sites TechCrunch and Motherboard verified the data authenticity by contacting newly registered applicants. The company said that most users had signed up through Facebook, and did not have a password associated with their account. For those that did, Mixcloud said that passwords should be safe, as each one was salted and passed through a strong hashing function (SHA256 algorithm, according to the sample we received), making it currently impossible to reverse back to its cleartext form. his means that the data advertised on the dark web right now is just a long list of email addresses and uncrackable passwords. California DMV Makes $50 Million a Year Selling Driver Info Insert your own joke about yet another reason to hate the DMV here. Motherboard reports that California’s Department of Motor Vehicles has made anywhere from $41 million to $52 million each year by selling names, addresses, and car registration info of drivers. The customers include insurance companies and car companies. California’s not the only state to do this, but the number alone is eye-popping, as is the fact that most people don’t realize that the simple act of registering their car or getting their license puts their personal info in a third-party’s hands. Vistaprint Leaves Customer Calls and Chats Exposed Online Another week, another unsecured database. This time its online printing company Vistaprint’s turn. Security researcher Oliver Hough found a database with information related to 51,000 customer service interactions, which included some personally identifiable information and full online chats. As is often the case, it’s unclear if anyone other than Hough accessed the database before it was secured, but either way, it’s an inexcusable lapse. It's the end of the year and time for the top 25 list. This time of year we typically look back over the top movies, top stars or top songs of the past year, but this being security matters, we thought, with the help of the US department of homeland security, we would reveal the top 25 list of cyber weaknesses. Rank ID Name Score [1] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer 75.56 [2] CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 45.69 [3] CWE-20 Improper Input Validation 43.61 [4] CWE-200 Information Exposure 32.12 [5] CWE-125 Out-of-bounds Read 26.53 [6] CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 24.54 [7] CWE-416 Use After Free 17.94 [8] CWE-190 Integer Overflow or Wraparound 17.35 [9] CWE-352 Cross-Site Request Forgery (CSRF) 15.54 [10] CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 14.10 [11] CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 11.47 [12] CWE-787 Out-of-bounds Write 11.08 [13] CWE-287 Improper Authentication 10.78 [14] CWE-476 NULL Pointer Dereference 9.74 [15] CWE-732 Incorrect Permission Assignment for Critical Resource 6.33 [16] CWE-434 Unrestricted Upload of File with Dangerous Type 5.50 [17] CWE-611 Improper Restriction of XML External Entity Reference 5.48 [18] CWE-94 Improper Control of Generation of Code ('Code Injection') 5.36 [19] CWE-798 Use of Hard-coded Credentials 5.12 [20] CWE-400 Uncontrolled Resource Consumption 5.04 [21] CWE-772 Missing Release of Resource after Effective Lifetime 5.04 [22] CWE-426 Untrusted Search Path 4.40 [23] CWE-502 Deserialization of Untrusted Data 4.30 [24] CWE-269 Improper Privilege Management 4.23 [25] CWE-295 Improper Certificate Validation 4.06 Happy holidays! And now the top 5 worst states in the US for Cybercrime. This list was created by payments platform CardConnect and is based on data from the FBI.By analyzing four of the most prominent types of online crime - credit card fraud, identity theft, personal data breaches, and phishing - they have built a Risk Index to identify the states which may be most at risk of suffering cybercrime. 1. Alaska (Risk Index: 195 out of 200) 2. Nevada (Risk Index: 194 out of 200) 3. Arizona (Risk Index: 181 out of 200) 4. Colorado (Risk Index: 180 out of 200) 5. Virginia (Risk Index: 179 out of 200) For those in the Tri-state area: NJ was 10th., Connecticut was 18th. And New York was 22nd. Apparently the safest state in the US as a low population and is famous for corn. Iowa. Third-Party Vendor Exposes Data of Palo Alto Employees American cybersecurity firm Palo Alto Networks has suffered a data breach after a third-party vendor accidentally published personal data regarding the firm's employees online. The breach took place in February. Details included names, dates of birth, and Social Security numbers. Absent from the press reports on the incident are exact details of how the breach came to occur, but that it was a very small subset of the company's employees. Netflix and chill: account freeze is a scam. If you got this wonderfully worded email last week: "This is a notice to remind you that you have an invoice due on 27/11/2019. We tried to bill you automatically but you local bank being held a transaction." The domain used in this attack was only registered on 2019-11-17, and the web certificate was created 2019-11-28, so the site was probably set up specially for this scam, perhaps along with a bunch of others. If you deleted the original email without clicking anything, you did the right thing. The crooks have tried and failed, so you win. If you clicked through to the fake login page but bailed out without entering anything, you’re also safe. If you went as far as trying to login on the bogus site, the crooks know your password. Get yourself to the genuine Netflix login page as soon as you can and change your password. If you gave away your credit card details, the crooks know those too. Call your bank as soon as you can to cancel your card. (Look on the back of your actual card number to call, for safety’s sake!) If you think your card was compromised, keep a close eye on your statements. You should keep your eye on your financial records anyway, but you might as well step up your scrutiny after a security scare of this sort. Amazon Plans Ring Facial Recognition-Based ‘Watch List’, Report Lindsey O'Donnell: Amazon’s Ring Planned Neighborhood “Watch Lists” Built on Facial Recognition Sam Biddle at The Intercept: Ring, Amazon’s crime fighting surveillance camera division, has crafted plans to use facial recognition software and its ever-expanding network of home security cameras to create AI-enabled neighborhood “watch lists,” according to internal documents reviewed by The Intercept. The planning materials envision a seamless system whereby a Ring owner would be automatically alerted when an individual deemed “suspicious” was captured in their camera’s frame, something described as a “suspicious activity prompt.” It’s unclear who would have access to these neighborhood watch lists, if implemented, or how exactly they would be compiled, but the documents refer repeatedly to law enforcement, and Ring has forged partnerships with police departments throughout the U.S., raising the possibility that the lists could be used to aid local authorities. The documents indicate that the lists would be available in Ring’s Neighbors app, through which Ring camera owners discuss potential porch and garage security threats with others nearby. Once known only for its line of internet-connected doorbell cameras marketed to the geekily cautious, Ring has quickly turned into an icon of unsettling privatized surveillance. The Los Angeles company, now owned by Amazon, has been buffeted this year by reports of lax internal security, problematic law enforcement partnerships, and an overall blurring of the boundaries between public policing and private-sector engineering. Earlier this year, The Intercept published video of a special online portal Ring built so that police could access customer footage, as well as internal company emails about what Ring’s CEO described as the company’s war on “dirtbag criminals that steal our packages and rob our houses.” A “proactive” approach to information sharing could mean flagging someone who happens to cross into a Ring video camera’s frame based on some cross-referenced list of “suspects,” however defined. Paired with the reference to a facial recognition watch list and Ring’s generally cozy relationship with local police departments across the country, it’s easy to imagine a system in which individuals are arbitrarily profiled, tracked, and silently reported upon based on a system owned and operated solely by Amazon, without legal recourse or any semblance of due process. Here, says Tajsar, “Ring appears to be contemplating a future where police departments can commandeer the technology of private consumers to match ‘suspect’ profiles of individuals captured by private cameras with those cops have identified as suspect — in fact, exponentially expanding their surveillance capabilities without spending a dime.” Researchers and legal scholars have for years warned that facial recognition and self-teaching machine learning technologies are susceptible to racial biases, and in many cases, can amplify and propagate such biases further — of particular concern in a law enforcement or security context, where racial prejudice is already systemic. A February review of the Neighbors app by Motherboard found that out of “100 user-submitted posts in the Neighbors app between December 6 and February 5, the majority of people reported as ‘suspicious’ were people of color.” In an interview with The Intercept, Liz O’Sullivan, a privacy policy advocate and technology director at the Surveillance Technology Oversight Project, described Ring’s planned “proactive suspect matching” feature as “the most dangerous implementation of the word ‘proactive’ I’ve ever heard,” and questioned the underlying science behind any such feature. “All the AI attempts I’ve seen that try to detect suspicious behavior with video surveillance are absolute snake oil,” said O’Sullivan, who earlier this year publicly resigned from Clarifai, an AI image-analysis firm, over its work for the Department of Defense. Ring’s spokesperson declined to answer a list of specific questions about the planned features, including what the company’s institutional definition of “suspicious” is, whether someone on a Ring “watch list” would ever be informed of this fact, or what someone would have to be “suspected” of in order to be labeled a “suspect” in Ring’s systems. Adobe’s Magento Marketplace suffers data breach John E Dunn: The company hasn’t said when the breach happened, merely that its security team discovered a vulnerability on 21 November 2019 that had allowed an “unauthorized third party” to access account information. Data compromised includes names, email addresses, MageID, billing and shipping addresses and phone numbers, plus limited commercial information such as “percentages for payments to developers.” No passwords or payment data was compromised, and none of Magento’s core products or services (i.e. software hosted on the site) were affected, the statement added. The two missing pieces of important information are how many accounts were affected and how long the breach lay undiscovered. Pressure mounts for federal privacy law with second bill Danny Bradbury: Pressure is gathering for a federal privacy law in the US with the introduction of a second bill that would protect consumer data. The Consumer Online Privacy Rights Act from Washington Senator Maria Cantwell not only outlines strict privacy and security rules, but also establishes a dedicated FTC office to enforce them. Cantwell also pointed out in her Bill announcement that it defines privacy as a right in federal law. The proposed law would prevent companies from mishandling data to cause individuals harm. They’d also have to hand over a copy of the data to the individual owning it at their request and name any third party that they’d given it to. They’d also have to delete it when asked. The text of the bill doesn’t specify the FTC’s penalties but it does allow for an award of up to $1,000 per violation per day in individual civil suits, which could run into billions of dollars. This isn’t the only federal law on the hustings. In October, Oregon Senator Ron Wyden announced the Mind Your Own Business Act (formerly the Consumer Data Protection Act), which would impose fines and jail sentences of up to 20 years on senior executives that flouted strict privacy rules. Master Go player retires citing AI supremacy AI just won another battle in the war for supremacy against humans. Master Go player Lee Se-dol has handed in his stones after deciding that there’s just no way to beat a machine when playing the ancient Chinese board game. The ninth dan South Korean player reportedly submitted his retirement letter to the Korea Baduk Association (KBA), which governs the professional Go community there. Se-dol, 36, who began his career at 12, told the Korean Yonhap News Agency about his retirement in an interview on Monday 25 November, explaining: "With the debut of AI in Go games, I’ve realized that I’m not at the top even if I become the number one through frantic efforts. Even if I become the number one, there is an entity that cannot be defeated." He’s referring to AI, and in particular to AlphaGo, the computerised Go player from Google’s AI subsidiary DeepMind. The two squared off in a five-game match in 2016, where AlphaGo beat him four times after he had predicted his own “landslide” win. Programming an AI algorithm to play Go is no mean feat. The 2,500-year-old game is more complex than chess, featuring a 19 x 19 grid as a board with a broader array of alternative moves than chess on average. AlphaGo’s programmers used neural networks to teach the computer about millions of past Go matches, and also enabled it to play against itself. This isn’t the first time that AI creations have competed with humans in gaming tournaments. IBM’s Deep Blue won in a series of chess games against world champion Garry Kasparov in 1997. Some 14 years later, the company’s Watson machine defeated two reigning champions over three episodes of the general knowledge game show Jeopardy, winning 69% more prize money than the humans combined. Security Giant Prosegur Struck by Ransomware The Spanish firm — which produces building alarms, and offers physical security services including cash transit vans — has over 60,000 employees around the globe and declared profits of €118m ($130m) for the first nine months of 2019. Prosegur posted a statement to its Twitter account on Wednesday claiming the company had been struck by the Ryuk variant. They added that it had “enabled maximum security measures” to prevent the spread of malware, including the “restriction of all communications.” That reassurance didn't, however, silence the customers complaining that their alarm systems had stopped working. |
Linking the world
Sharing is caring Archives
May 2024
Categories |