Microsoft Launches Office 2016 For Windows PCs

Microsoft launches new Office 2016 on Tuesday for Windows PCs, after Windows 10 this is the second big product from Microsoft.

Office 2016 is determined to develop teamwork among users. Office 2016 which updates tools like Word, PowerPoint and Excel for the first time since the Office 2013 release — adds features like “co-authoring” in Word, which lets several users type in a document and see what others are doing in real time. Other updates take in new chart styles in Excel, an “Office 365 Groups” feature aimed at lineup projects and a “Smart Lookup” utility that lets users drop information from the web into a document.

Overall, Office 2016’s new features are intended to drag Microsoft’s tools into the contemporary world of real-time collaboration, cloud-based storage, team chat — and other team-focused features from competitors like Google Drive, Slack and further more.

“[O]ur time is the scarcest commodity,” Microsoft CEO Satya Nadella wrote in a blog post Tuesday to proclaim the Office 2016 release. Nadella’s post focused on Office 2016 as part of the “mobile first, cloud first” strategy he has pushed since taking the helm at Microsoft in February 2014.

 

Microsoft_Office_2016_Screenshots

Facebook Users Left Red-Faced After Porn Malware Attack

Hackers spammed Facebook timelines and newsfeeds with malicious malware that spread pornographic videos and images.

The attack left hundreds of social media users in India red-faced as they had to clarify it to their friends that they hadn’t sent the message.

On Wednesday, majority of social media users in India refrain from using their FB accounts simply because they were scared that the X-rated material would attack their posts and messages.

The cybercrime cell of Agra Police firstly spotted the attack and claimed that it was triggered by a virus that belonged to the Kilim malware family. The same virus has caused such incidents all over the world.

facebook-users-left-red-faced-after-porn-malware-attack

Nitin Kasana, in-charge at the cybercrime cell, said that the attack “began with a message on social media which stated ‘watch urgent, because it is your video’. Every time someone clicked on the link, their entire timeline and inbox was spammed with pornographic material.”

Kasana further added that the message also included a shortened ow.ly link, which took victims to a fake Amazon Web Services page. This in reality was a malicious website that was “was used by crooks to verify the platform used by the victim, such as the desktop computer or mobile phone, and direct them to a different path depending on their machine.”

Kasand revealed that “Mobile users were redirected to affiliate pages that contain various offers, while desktop users were asked to download a file from a folder containing the malware. The file pretended to offer a collection of pornographic videos. The malicious file was a downloader for the Facebook worm, which comes in the form of a Chrome extension and additional binaries. The last part of the attack was to spread among the victims’ Facebook friends, by sending the lure message.”

Naturally, the attack embarrassed users to a great extent as many called their friends and relatives immediately to clarify about the message and to warn them to not click on the link or images present in the malicious message.

One of the affected Facebook users, Atul Verma, stated: “I had to call and message over 50 people to inform them that my account has been hacked. I requested them not to open any files containing weird links. It was disgusting.”

Cybersecurity expert Rakshit Tandon warned users and said: “One should be extremely careful and inspect any link, specially shortened URLs, before clicking on them. Several thousands of Facebook accounts were subjected to the spam attack globally, including some parts of India, via porn malware, which unleashed massive quantities of violent and pornographic images across users’ newsfeeds.”

Tandon suggests that it was possible to avoid these kinds of attacks by immediately changing social network password, removing any or all unnecessary extensions from web browser and removing all Facebook apps on Facebook. He added: “Finally, every user should mark unknown links as spam, so that Facebook can take it down automatically.”

OUR THREAT REPORT ON KILIM MALWARE FAMILY:

Not so long ago we at HackRead reported about the Kilim malware family. We also urged users to be careful about two active malware threats on the Facebook. One was about Google Chrome Video Installer the other about a Facebook worm infecting users’ computers through Ow.ly link (URL shortening service). 

Both of these threats are still active and operated though Kilim malware family. 

THE INFAMOUS LINK:

When a Facebook user clicks on the infamous Ow.ly link that promises “sex photos of teen girls in school,” it redirects immediately to an Amazon Web Services page and later the user gets redirected to a compromised Box website. The function of this website is to inspect the user’s system. Users are then prompted to download a file and when it is installed the system gets infected instantaneously leading to the download of the worm. It then spreads the Ow.ly link to all contacts of the user on Facebook.

Segura explained the modus operandi of this attack pretty comprehensively in his post. He says: “These offers usually end up being bogus apps or surveys. The file hosted on Box is trimmed down to a minimum size and its only purpose is to download additional components.”

This is typically done to avoid initial detection, but also to allow the bad guys to update the backend code on the server so that the trojan downloader can retrieve the latest versions of each module. After the additional components are downloaded (Chrome extension, worm binary) they are installed on the machine and simply wait for the user to log into Facebook.”

However, users who have clicked on the link via their mobile are taken to an offer page based on their geographic location and language.

Both the Facebook and Box are aware of the attack and the threat of this worm. For addressing this issue, Box is eliminating sharing privileges and deleting files from malicious accounts and is regularly performing security checks by scanning for viruses.

Conversely, Facebook is collaborating with the companies that have been targeted by attackers and the social media giant has blocked associated link as well as stopped the links from being spread on its platform.

Amazon Web Services (AWS) spokesperson in an official statement explained that the “activity being reported is not currently happening on AWS.”

 

oiginally posted on http://www.hackread.com/

Shellshock Linux & MACOS Vunerability Information and Tester

shellshock-vulnerability-logo.png

A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “Bash Bug” or “ShellShock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully.

The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix. Bash acts as a command language interpreter. In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run.

Bash can also be used to run commands passed to it by applications and it is this feature that the vulnerability affects. One type of command that can be sent to Bash allows environment variables to be set. Environment variables are dynamic, named values that affect the way processes are run on a computer. The vulnerability lies in the fact that an attacker can tack-on malicious code to the environment variable, which will run once the variable is received.

Symantec regards this vulnerability as critical, since Bash is widely used in Linux and Unix operating systems running on Internet-connected computers, such as Web servers. Although specific conditions need to be in place for the bug to be exploited, successful exploitation could enable remote code execution. This could not only allow an attacker to steal data from a compromised computer, but enable the attacker to gain control over the computer and potentially provide them with access to other computers on the affected network.

The following video provides an explanation of the Bash Bug vulnerability and demonstrates how a likely attack scenario through the CGI interface may work:

 

Has it been exploited yet?
There are limited reports of the vulnerability being used by attackers in the wild. Proof-of-concept scripts have already been developed by security researchers. In addition to this, a module has been created for the Metasploit Framework, which is used for penetration testing.

Once the vulnerability has been made public, it was only a matter of time before attackers attempted to find and exploit unpatched computers.

How can it be exploited?
While the vulnerability potentially affects any computer running Bash, it can only be exploited by a remote attacker in certain circumstances. For a successful attack to occur, an attacker needs to force an application to send a malicious environment variable to Bash.

The most likely route of attack is through Web servers utilizing CGI (Common Gateway Interface), the widely-used system for generating dynamic Web content. An attacker can potentially use CGI to send a malformed environment variable to a vulnerable Web server. Because the server uses Bash to interpret the variable, it will also run any malicious command tacked-on to it.

shellshock-command-diagram-600px_v2.png
Figure 1. How a malicious command can be tacked-on to the end of a legitimate environment variable. Bash will run the malicious command first.

The consequences of an attacker successfully exploiting this vulnerability on a Web server are serious in nature. For example attackers may have the ability to dump password files or download malware on to infected computers. Once inside the victim’s firewall, the attackers could then compromise and infect other computers on the network.

Aside from Web servers, other vulnerable devices include Linux-based routers that have a Web interface that uses CGI. In the same manner as an attack against a Web server, it may be possible to use CGI to exploit the vulnerability and send a malicious command to the router.

Computers running Mac OS X are also potentially vulnerable until Apple releases a patch for the vulnerability. Again, attackers would need to find a way to pass malformed commands to Bash on the targeted Mac. The most likely avenue of attack against OS X would probably be through Secure Shell (SSH), a secure communications protocol. However, it appears that the attacker would need to have valid SSH credentials to perform the attack. In other words, they would already have to be logged in to an SSH session.

Internet of Things (IoT) and embedded devices such as routers may be vulnerable if they’re running Bash. However, many newer devices run a set of tools called BusyBox which offers an alternative to Bash. Devices running BusyBox are not vulnerable to the Bash Bug.

For website owners and businesses
Businesses, in particular website owners, are most at risk from this bug and should be aware that its exploitation may allow access to their data and provide attackers with a foothold on their network. Accordingly, it is of critical importance to apply any available patches immediately.

Linux vendors have issued security advisories for the newly discovered vulnerability including patching information.

*Red Hat has updated its advisory to include fixes for a number of remaining issues.

If a patch is unavailable for a specific distribution of Linux or Unix, it is recommended that users switch to an alternative shell until one becomes available.

For consumers
Consumers are advised to apply patches to routers and any other web-enabled devices as and when they become available from vendors. Users of Apple’s Mac OS X should be aware that the operating system currently ships with a vulnerable version of Bash. Mac users should apply any patches for OS X when they become available.

 

In the interim, there’s a simple way to check if Linux-based sites and servers are vulnerable to the Bash/Shellshock bug. By using this Web-based tool and entering the appropriate information, you can quickly find out if you’re at risk. You can also check if your servers are vulnerable to the flaw by using this other Web-based testing tool, simply dubbed “ShellShock Tester.”

Reprint from http://www.symantec.com. Additional information from http://www.digitaltrends.com

Intel RealSense Brings PC Interaction to the Real World

Crafting Your Digital Double in 3D Just Got Easier

The ability to make realistic animated avatars is a whole lot of fun with Faceshift and Intel’s RealSense Technology.

Ever wonder what you’d look like as a monster? A little boy? A wicked witch? A cat or a dog? Now you can with cool, new 3D-tracking technology from Faceshift.

The small start-up based in Zurich, Switzerland, has a knack for facial movement tracking used in video games and films.

It’s something technologists attending the Intel Developer Forum in San Francisco next week will get to try. Sitting down in front of a computing device, they will have their face replicated then quickly animated across 16 tablet screens. These developers will also get to share their animation online right on the spot.

“We’re giving people a glimpse of the future,” said Doug Griffin, Faceshift’s vice president of North America.

“You can truly be any character you want.”

 

 

Until recently, facial-movement software like this has been limited to big entertainment companies like SEGA, Nickelodeon, Disney and DreamWorks.

“Our goal is to democratize facial-tracking technology,” said Griffin. “We want to make it available to a wide variety of games and animation studios — ultimately to consumers as well.”

Griffin wants to help people focus on storytelling and interactivity, rather than technology.

For most consumer users facial recognition software is a tool they use to log in, hands free, to their personal computer. But the technology is becoming more ubiquitous and its potential is huge.

Later this year, Intel RealSense technology will be embedded into All-in-Ones, Ultrabooks and 2 in 1 computers on the market, allowing your computer to understand you on a deeper level, specifically in 3D.

For software developers like Faceshift, these new technologies are key for bringing more natural, human interaction with our computers. It’s giving people the ability to use face and hand gestures plus voice controls to command their PC.

This set of technologies can also unlock new creativity for learning and communication.

“We use RealSense to understand the appearance and shape of someone’s face across different expressions,” explained Griffin.

“RealSense provides both video and depth at 60 frames per second.”

According to Griffin, this is the first time there’s been a sensor of this quality embedded in a consumer product.

Faceshift is an easy-to-use application. First, the camera scans your expressions. That data is used to train a personal avatar to move like you. Once your avatar moves to your liking, you export the animation to 3D software so it can be used for gaming or sharing on social sites.

People may say you work like a dog, but Faceshift can make you look like one, too.

Free I-Phone 6 Facebook Scam

Apple’s iPhone 6 FREE ? Of course not ! It’s only a hoax, but scammers have announced the just release iPhone 6 free.
Another Facebook scam is circulating across the popular social networking website just days after Apple unveiled its upcoming iPhone 6 and iPhone 6 Plus, as scammers take advantage of all the hype and use them to lure Facebook users.
THREE SIMPLE STEPS AND iPHONE 6 IS YOURS — REALLY?
As usual, This new scam promises a chance to Win a free iPhone 6 to those users who complete a series of steps, as reported by Hoax-Slayer. You just need to go through “three easy steps” to get a chance to win the device:
  • Like the Facebook page created to propagate the scam
  • Share the page with your Facebook friends
  • Download a “Participation Application”
But before you proceed to the last step, a pop-up window leads you to participate in a survey before you can download the application. The survey will ask you to share your name, address, phone number and email address – all the information that is collected by the third-party operating the survey page, and likely sold on to marketers.
SCAMMERS MAKING MONEY AND SPREADING MALWARES
Meanwhile, the scammer earns money for every survey through an affiliate marketing scheme. Even after completing the survey, the pop-up will inform you that your survey was not completed properly due to a ‘minor error’ and it will urge you to participate in yet another survey. No matter how many times you fill the surveys, most of the times you’ll not get to download the ‘application’.
In case, if you are directed to the download link, there is no guarantee that the download link is legitimate, but contains malicious code. It could lead you to a malicious software that could steal users’sensitive or financial information from the infected system. The only thing you can be guaranteed not to get is an iPhone 6!
FACEBOOK REMOVED iPHONE 6 SCAM, BUT YET MORE TO COME
This particular Facebook scam page has been removed by the social networking giant, but not before getting nearly 18,000 “likes”. Remember that surveys are always a pain, but scam pages or websites offering up random redirects always bear the possibility to be even more troublesome, because you simply never know where you’re going to end up.
We have seen various suspicious posts on Facebook, like “See your Friend’s naked video“, an app offering you a chance to see who has viewed your Facebook profile, and many more. Sometimes these scams are very obvious and easily avoidable, but many times they are irresistible and easy to fall for, just like this Win iPhone 6 scam.
SCAMS AT RISE, SO BE SAFE
With more tech skills, modern scammers have ability to reach billions of potential victims with just a single message or post, and their scams are getting more dangerous and critical day-by-day.
Despite Facebook’s security measures, safe and secured social networking rests in your own hands and if you aren’t paying attention to such scams, you could fall for one such even without ever realizing. So, if you are served with any suspicious link or post, do not try to click on it, no matter even if it’s from your closest friend.
Published by www.thehackernews.com

Chameleon Virus that Spreads Across WiFi Access Points like Common Cold

Wi f virus hacking malware

Do you know, A Computer viruses could go Airborne over WiFi networks? Security researchers at theUniversity of Liverpool in Britain have demonstrated a WiFi virus that can spread between computer networks just like the ‘common cold‘ spreads between Humans.

They have created a proof-of-concept which can infect the entire wireless network instead of a single computer at a time, that replaces the firmware of the vulnerable Access Point (AP) with a virus-loaded version, and then propagates itself to the next victim on the WiFi network.

The WiFi based virus named as ‘Chameleon‘, that can self-propagate over WiFi networks from access point to access point,  but doesn’t affect the working of the Wireless Access Point.
This Virus is able to identify WiFi access points that are not protected by encryption and passwords, according to the research paper. It can badly hit less-protected open access WiFi networks available in coffee shops or airports.
It propagates in the following sequence:
  1. It Establish a list of susceptible APs within the range
  2. Bypass any encryption Security on the targeted AP
  3. Bypass the administrative interface on the targeted AP
  4. Identify and Store AP System Settings
  5. Replace the AP firmware on with the virus-loaded firmware.
  6. Import the victim original AP System Settings on newly loaded firmware
  7. Let’s Propagate! Back to Step one to next Target.
The experimental simulated demonstration was performed in two cities i.e. Belfast, NI and London, England. 
Wi f virus hacking malware
Laboratory setup
A random access point was made infected with the virus which act as a seed, the results were published in the paper.
The Chameleon attack is a serious threat for WiFi network security. The research shows that this kind of attack is undetectable to any Antivirus and Wireless Intrusion Detection System (IDS).

Hence, this attack is considered advanced and difficult to detect, as IDS rogue AP detection methods typically rely on a change in credentials, location or traffic levels.”

The Density of Access points in a certain geographical area increases the security issues for wireless networks, because it spreads very quickly at high speed in an area having denser Access Point availability.

WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” says Marshall, Co-author of the research paper.

However, the virus itself doesn’t exist in the wild and created for the demo purpose in the research lab only, though it is very likely that a malicious version could be created and released into the wild by cyber criminals and malware writers.

Republished from http://www.thehackernews.com/ article bySudhir K Bansal

Facebook buys WhatsApp for $16 billion

Facebook buys WhatsApp for $16 billion

If you can’t beat ’em, buy ’em.

by  – Feb 20 2014, 12:35am SAST

According to an early report from Bloomberg News reporter Sarah Frier, Facebook is set to buy WhatsApp for $16 billion. An SEC filing confirms the acquisition for $4 billion in cash to WhatsApp’s security holders, along with $12 billion in Facebook stock and an additional $3 billion in Facebook stock that will vest over four years.

WhatsApp has been one of a handful of booming messaging apps that has grown especially large in the last year (GroupMe, WeChat, Kik, and Line are others). In December, the app was reported to have over 400 million monthly users, and Facebook now reports that the service has 450 million. Meanwhile, Facebook maintains roughly 1.2 billion as of last October.

Facebook has yet to release usage numbers for either its messaging feature on the whole or its dedicated Messenger app. The Verge noted in December that it was “telling” that few other messaging apps release their usage numbers like WhatsApp does, which suggests its user base dwarfs its competitors.

The acquisition follows Facebook’s recent failure to buy Snapchat, another messaging service that focuses on ephemeral picture messages, for $3 billion in cash.

In its press announcement, Facebook founder Mark Zuckerberg stated that WhatsApp is “on a path to connect 1 billion people.” Per the post, Facebook will run WhatsApp similar to the way it runs Instagram, which is to say it will be maintained as a separate property for the time being. However, Facebook and Instagram have been inching slightly closer to one another in functionality and design, suggesting that independence can’t be guaranteed. For now, “WhatsApp’s core messaging product and Facebook’s existing Messenger app will continue to operate as standalone applications.”

How to Prevent Your Home WiFi From Being Burglarized

Home WiFi Burglary_HEADER

There is more than one type of burglary that can affect your home. One involves kicking in the door; another involves compromising your computer. And if the intruder in this scenario has compromised your wireless network, you might as well have given them a key to the front door.

Just as home wireless networks can offer you the freedom to access your online data untethered to a physical connection, if improperly configured, that same wireless local area network (WLAN) gives that freedom to an attacker.

Fortunately, there are a number of steps you can take to make sure your wireless connection is as secure as possible.

Step 1: Avoid Default Passwords
Setting up a router and leaving the default password of the administrator account in place is what in technical terms we call a very, very bad idea. The guest account default settings should be changed as well assuming that has been enabled. Once that is taken care of, the next step is to come up with a strong password to replace the one you just removed. Much has been written about the importance of developing complex passwords in the past. If you need a few tips, start by making sure that you mix letters and numbers into the password so that the password itself is not an actual word. Stay away from birthdays, names, or anything that could be easily guessable.

Step 2: Consider Changing the Default SSID Name
The service set identifier (SSID) is the public name of your wireless network. Many times, manufacturers will use the same SSIDs for all their products. Though this does not directly impact the security of your network, if an attacker identifies a default SSID, they may be encouraged to try to attack it under the assumption that the network may also use a default password and be insecurely configured. While some argue for hiding SSIDs altogether, in truth this has little effect on security. The SSID is not a network password after all, and there are a number of tools hackers can use to discover it.

Step 3: Protecting Access Points With Encryption
Encryption is a must for protecting your wireless network. The best answer for your encryption needs is WPA2 (WiFi Protected Access 2), which is stronger than its predecessor – WPA – as well as WEP (Wired Equivalent Privacy), which preceded WPA and has been found to be riddled with security holes. Unlike other versions, WPA2 mandates the use of AES (Advanced Encryption Standard) algorithms for security. Though WPA2 is not supported by some older wireless cards and access points, try to go with the most secure option available whenever possible.

Step 4: Enable the MAC Address Filtering Feature
A media access control (MAC) address is a unique hardware identifier for your computer. By enabling MAC filtering, you can exercise more control over who can connect to your network by setting up a list of clients that will be allowed to join. Once it’s enabled, the router/access point will check the MAC address of any client that sends a request to join the network against that list. Those that are not on the list cannot join. This is not a solution for keeping an attacker off your network, as MAC addresses can be faked, so be sure to take other security precautions as well.

Step 5: Disable Remote Administration
Some wireless networking routers allow users to administer the router remotely from anywhere. If this is not absolutely necessary, there is no reason to keep this feature enabled. Doing so opens up a potential door to attackers who could exploit the situation to gain administrative access to your router over the Internet.

Remember, steel doors mean nothing if they are left open, so following a few basic steps should be step one in defending yourself from attackers.

Article by ZoneAlarm.   Our preferred free antivirus.

Cracking 16 Character Strong passwords in less than an hour

The Password serves to protect your financial transactions, your social networking sites, and a host of other nominally secure websites online. People often say, “don’t use dictionary words as passwords. They are horribly unsecure”, but what if hackers also managed to crack any 16 character password ?

Criminals or trespassers who want to crack into your digital figurative backyard will always find a way. A team of hackers has managed to crack more than 14,800 supposedly random passwords from a list of 16,449 converted into hashes using the MD5 cryptographic hash function.

The problem is the relatively weak method of encrypting passwords called hashing. Hashing takes each user’s plain text password and runs it through a one-way mathematical function. This creates a unique string of numbers and letters called the hash.

The article reports that, using a commodity computer with a single AMD Radeon 7970 graphics card, it took him 20 hours to crack 14,734 of the hashes, a 90-percent success rate using Brute force method. Brute-force attacks is when a computer tries every possible combination of characters.
In December it was unveiled by Jeremi Gosney, the founder and CEO of Stricture Consulting Group, that a 25-computer cluster can cracks passwords by making 350 billion guesses per second. It can try every possible word in less than six hours to get plain text passwords from lists of hashed passwords.
Using passwords that contained only numbers, 12 digits long, hackers managed to bruteforce such 312 passwords in 3 minutes. Anyway password doesn’t have to be a word at all. A whole phrase or sentence, a passphrase, offers more security. A correctly chosen passphrase is easy for you to remember but difficult for anyone else to guess.

Also the strongest password in the world isn’t secure if you use it for every one of your secure sites. If one site is compromised and hackers are able to crack your password and you’ve reused it they could then gain access to your details on other websites.

The general public has no control over which hashing process websites use and therefore are at the mercy of an algorithm which they may know nothing about. If you are concerned about security, long passwords are the best defense.

 

(by Mohit Kumar)

Israeli Scientists develop advanced biological computer

Researchers at the Technion-Israel Institute of Technology in Haifa have created an advanced biological computer using only bio molecules such as DNA and enzymes.
There’s no traditional CPU or hard drive powering the bio-computer, no hardware or software, nor is there any tangible interface to the system.

The computing devices having ability to interact directly with biological systems and even living organisms. No interface is required since all components of molecular computers, including hardware, software, input and output, are molecules that interact in solution along a cascade of programmable chemical events.

Researchers believe that a sufficiently advanced biological computer could have the computational power of a universal Turing machine, able to simulate other computers. This would allow for simple customization of such processors.

In addition to enhanced computation power, this DNA based transducer offers multiple benefits, including the ability to read and transform genetic information, miniaturization to the molecular scale, and the aptitude to produce computational results that interact directly with living organisms.

“All biological systems, and even entire living organisms, are natural molecular computers. Every one of us is a bio-molecular computer, that is, a machine in which all components are molecules “talking” to one another in a logical manner. The hardware and software are complex biological molecules that activate one another to carry out some predetermined chemical tasks. The input is a molecule that undergoes specific, programmed changes, following a specific set of rules (software) and the output of this chemical computation process is another well defined molecule.” says Prof. Keinan.

 

(by Wang Wei)

Current Specials

Current Specials

Current Specials