Windows 10 Option to Block Installation of Win32 Apps

Windows 10 will soon allow its users to block installation of apps which are coming from the sources other than the Microsoft Store. They hope that this feature will them prevent the installation of malware.

The feature will essentially prevent the users from installing the Win32 applications. It is said to be currently tested as part of their latest build to was published in the Insider Preview program.

The Win32 is one of the core set of application programming interfaces (APIs) that are available in Microsoft Windows operating systems platform and is very often referred to as the Windows API. In addition to the Win32 apps, Windows 10 users can install software that are built upon Microsoft’s Universal Windows Platform(UWP)

The new platform is the framework for applications which support not just Windows 10 computers, but also some other devices which are running on the platform, like HoloLens, Xbox One, and phones. Microsoft Store, the app portal is accessible from all of these devices and only accepts UWP applications. Microsoft even released a converter to help the developers port Win32 apps to the UWP.

With the millions of Win32 applications available, it will take a while before all the developers switch to this new framework, especially if the users are not in a hurry to embrace the UWP applications.

What newly observed change does is to let the users block the Win32 apps from being installed on their computeres, by selecting an option to “Allow apps from the Store only” from the Windows 10’s Apps & Features settings screen.

The option is expected to become available in all Windows 10 editions once the Creators Update arrives in April, which will also allow enterprise users to benefit from it. Basically, admins will be able to install necessary apps and then turn the feature on to keep unwanted applications away.

Google Discloses An Unpatched Flaw in Internet Explorer, Edge

The Project Zero from Google has disclosed some potentially serious vulnerability in the Microsoft’s Internet Explorer and Edge web browsers before the company could release the patches.

The details about this flaw and the proof-of-concept (PoC) code are made public last week by the Google Project Zero researcher Ivan Fratric after the Microsoft failed to meet 90-day disclosure deadline.

The security loophole which is tracked as CVE-2017-0037 was described with a high severity type confusion. By exploiting the vulnerability, an attacker can crash the browser and moreover, arbitary code execution is also possible.

This is Microsoft’s second unpatched vulnerability in a their product disclosed by the Google Project Zero this month. Earlier, researcher Mateusz Jurczyk has released various details of a vulnerability with medium severity information and it is a disclosure flaw tracked as CVE-2017-0038.

In addition to these, there is also an unpatched denial-of-service (DoS) flaw in the Windows which is caused by how the SMB traffic is handled inside.

Microsoft has only released the patches for the Adobe Flash Player this month and postponed its February 2017 updates to March 14 of this year due to an unknown “last minute issue.” It is possible that the three vulnerabilities that are affecting Windows and the browsers are supposed to be fixed by these delayed security updates.

The Microsoft on last month has claimed that the security mechanisms in the Windows 10 can block exploitation of a zero-day vulnerability even before the patches are made available for public. As an example the company provided two flaws exploited in sophisticated attacks against organisations in South Korea and the United States before fixes could be released.

SHA-1 Collision Effects Apache Subversion System

Last week, the Google has announced the first SHA-1 collision attack and CWI appears to have a serious impact on repositories which use the Apache Subversion(SVN) software versioning and revision control system.

The developers of the WebKit web browser engine have noticed some severe problems after stheir attampt to add a test for the SHA-1 collision to their own project. After uploading the sample collision PDF files provided by the Google, their SVN repository has become corrupted and prevented any further commits.

Google has posted an update on the SHAttered website to warn the SVN users about the risks, and Apache Subversion developers have made a tool that is designed to prevent the PDF files such as the ones provided by the Google from being committed.

The search giant also so far only published two PDF documents which prove that the SHA-1 collisions are possible (this means both the files have same SHA-1 hash, but different content). But, after 90 days, Google will release the code which will allow anyone to create such PDFs.

Finding the SHA-1 collisions still need significant resources – it can cost an attacker at least $110,000 worth of computing power from Amazon’s cloud services. However it’s still 100,000 times faster when compared to a mear brute-force attack.

The SHAttered attack also seem to impact the Git distributed version control system, which cpmpletely rely on SHA-1 for identifying and checking the integrity of file objects and commits.

However, “the sky isn’t falling,” according to Linux kernel creator Linus Torvalds. Torvalds pointed out that there is a big difference between using SHA-1 for security and using it for generating identifiers for systems such as Git.

Nevertheless, steps have already been taken to mitigate these types of attacks, and Torvalds says Git will eventually transition to a more secure cryptographic hash function.

Check Out This Chrome Extension to Know How Facebook AI Monitors Your Activities

We all know that the Facebook studies and monitors the activities of its users for various purposes using their own Artificial Intelligence mechanism. This data helps the social network in showing the relevant information on the user’s News Feed, which is usually evaluated by analysing your social media interests and other activities on the website.

But, now you have an open source and free tool with using which you can easily keep a track on what kind of monitoring mechanism Facebook has implemented and what kind of your activities does the social network tracks. This tool which is a Chrome extension is called Data Selfie. This tool utilises machine learning algorithms to inspect what is read about your personality by the way you use Facebook. It also identifies your social media patterns and offers an opportunity to ensure totally customised and personalised experience.

Through the Data Selfie, you can monitor the way these machine learning algorithms monitor and process all your activities on the Facebook and how they get information about your personality, interests, and habits. This is made possible through the world famous cognitive system from IBM, called the mighty “Watson.” When you download the app, it starts tracking your interactions on Facebook. It checks your every single your Like, post, the amount of time you spent checking out a shared article/post and every little thing such as when you scrolled and for how long. All the information is logged into the app.

Data Selfie contains a dashboard that provides valuable insights about the data you liked or viewed and your inferences according to pre-determined combos of machine learning algorithms. The tracked activities and the aggregated information get displayed in a timeline format, which is usually categorised with colour codes to highlight different aspects of your data usage.

Asiana Airlines Website From South Korea Hacked with Pro-Serbian Messages

Do you remember the guy who defaced the Google Brazil’s domain, his name is Kurio’SH and he is back in the news this time for defacing and hacking the official website of Asiana Airlines, one of the major airlines in South Korea.

The website was hacked on 19th February and is left with a deface page along with few messages against Albania and also for Serbia. These messages further mention the name of a Spanish airline Iberia Airlines. You may be thinking what Iberia airlines or even South Korea have to do with Serbia and Albania crises? The answer to that is said by the Kuroi’SH, to Hackread that his initial target was Iberia airline, but since they posed a threat to his privacy, he decided to deface the Asiana Airlines and he is motivated to “spread the word and Asiana is an airline giant.”

According to the provided deface message, “I am Sorry, Iberia Airlines, but everyone needs to understand the crime against humanity, carried out by the Albanians p**s touching Serbia – In Pristina, shame now located in Kosovo, there is a monument called NewBorn. A f***ing monument with a clear meaning: peace and a new beginning, let’s forget the past–Jesus, forgive my anger and what I will say, but if I ever end up in that city, I’ll put a bomb of this so-called monument and then destroy it.”

If you want to have a full preview of the deface page, you can check here where it was stored in Zone-h mirror as a proof of hack, read here.

When asked how Asiana Airlines website was hacked Kuroi’SH explained that “it was done through DNS hijacking from their hosting provider.” Furthermore, the hacker stated that he has nothing to do with Serbia, but he feels that truth needs to be spoken.

CloudFlare Blames Internal Faults for Memory and Client Data Leakage

We have seen some recent incidents in which the CloudFlarehas been reported to have lost its client data, now the company blames an unspecified internal fault for all these incidents.

According to John Graham-Cumming, the company’s CTO, about 1 in every 3.3 million requests that servers of the company were handling in between 13th and 18th of February this way have leaked.

He added saying that, “We think that an internal fault may have led to this memory leakage of a very tiny percentage of the data which we handle on our secure servers”.

Tavis Ormandy, a researcher, had pointed out earlier that the Cloudflare servers were leaking data and this leakage was made worse by the fact that most common search engines are caching this leaked data.

It has also had come to notice that the CloudFlare’s server has experienced a relatively common problem linked to memory leakages. The leakage of such sensitive data like HTTPs cookies and others, which occurred on these servers, is said to have an affect on some of the major global brands like Lyft, Uber, OKCupid and others.

None of these companies are commented on the issue, so far. But, CloudFlare says that thay have taken some necessary steps to address the situation immediately. It was notified of its existence by Ormandy.

According to the company, its experts have immediately deactivated the Automatic HTTPS, Server-Side Excludes and email obfuscation features on its servers immediately after it had been notified of the fault. But in what may further complicate matters for the company, it is now emerging that the company may not have taken the issue as seriously as it now states.

According to Ormandy, after he notified the cyber security experts at the company about the breach, he was referred to the infamous bug bounty program that the company runs.

Was Your Google Account Unexpectedly Signed Out Today? Company Explains Why

Earlier today, the holders of Google accounts around the world faced an unexpected situation where they are asked to re-enter their user login credentials to sign in. All the users did so and successfully gained access to their accounts once again. However, there was a sudden huge uproar that this might be a result of a phishing attack and accounts may have been compromised. But, the company has openly denied such claims and stated that it has nothing to do with any phishing scam or security threats. Google is still in the process of investigating the issue, but it is heartening to learn that the problem isn’t linked with hacking or scamming.

Crystal Cee from Google’s Product Forum said that the users need to sign in again to use their accounts and use the address “accounts.google.com.”

Crystal Cee also noted that if you forgot your password then use the link “g.co/Recover” to get back your account. If using 2-step verification, you can experience a small delay in SMS code reception, so you got to be patient. Or else, you can use any backup codes.

The issue is not limited to any single platform as users of Google Wi-Fi, Chromecast, Gmail (on all devices including laptops, PCs and tablets) and Google Home had to enter their login credentials again. When such a huge number of users had to face a similar issue, confusions were bound to arouse. Twitter became the hub of panic tweets and threads were created on Reddit where users from around the world reported about this issue.

Google issued a notice on its Gmail help forum, which reads “We’ve gotten reports about some users being signed out of their accounts unexpectedly. We’re investigating, but not to worry: there is no indication that this is connected to any phishing or account security threats.”

Largest National Health Service in UK Faces Cyber Attack

The Barts Health NHS Trust in London UK has suffered an unspecified ‘IT attack’ on this January 13. First reports suspect that it was due to a ransomware attack, but that has since been ruled out. Nevertheless, a number of drives offline drives are taken by the trust as a precautionary measure.

The Barts (Wikipedia) is the largest National Health Service (NHS) Trust in the London, United Kingdom. It is being operated in five hospitals in London: Newham University Hospital, Mile End Hospital, St. Bartholomew’s Hospital in Smithfield in the City, The Royal London Hospital in Whitechapel, and Whipps Cross University Hospital.

The health service journal HSJ reported this Friday that(subscription required), “The largest NHS hospital trust in England has been infected with a ransomware causing it to take its pathology service offline, HSJ can reveal.”

The claim was made based on the reports of an internal email to the employees warning that the trust was suffering a “ransomware virus attack issue,” which is followed by an afternoon communication warning that three of the trust’s four hospitals had engaged “operating downtime procedures” for their pathology systems.

However at the time of this report, the only official statement from Barts rules out ransomware. “On 13 January Barts Health became aware of an IT attack,” it states. “We continue to urgently investigate this matter and have taken a number of drives offline as a precautionary measure. Importantly, we can now rule out ransomware as the root cause. We have also established that in addition to the Trust’s core clinical system Cerner Millennium, Radiology and imaging from X-rays and scans continue to be used as normal. We have tried and tested contingency plans in place and are making every effort to ensure that patient care will not be affected.”

The nature of the attack is yet ti be specified. It is not yet known whether it is an attempt to steal confidential data, or a just a virus/worm infection spreading through Bart’s networks.

TinfoLeak – Full Information About A Twitter User Activity

Tinfoleak is the best OSINT tool for Twitter, and is open-source. The latest updated version includes a lot of new and improved features

Download & Install

Download and install Tinfoleak. Enter the twitter username/ID to get the details.

Screenshot

tinfoleak

Russian Hackers At It Again Over Brits

Russian hackers get blamed for everything these days – from Hillary Clinton’s loss of the presidential election in November to, in a latest, the leak online of the final episode of the BBC drama Sherlock a day before it was due to air. And Russian state broadcaster Channel One blamed hackers for the leak of the final episode of the fourth series of the popular detective drama starring Benedict Cumberbatch on Saturday, complete with Russian dubbing.

It was shown just after midnight Moscow time Monday, simultaneously with Britain.

In a rare show of cooperation, spokeswoman Larisa Krymova Channel One “has been in close contact with the BBC from the moment it learnt of the leak and is carrying out an investigation to identify the source of the material uploaded onto the Internet.”

The BBC reportedly said Sunday that it had launched a full investigation, with a source at the corporation as claiming that the leak was “more than an accident.”

On Russian-language Twitter, hashtags and jokes about the leak were trending over the weekend. “That moment when the Russians have watched your show before you,” wrote one Twitter user, nfzaz1995.

Hackers Found A Way To Bypass Google Security And Watch Porn In YouTube

Hackers have found a simple trick to bypass Google’s stringent policy on hosting sexual and pirated content via its YouTube service. These Internet scoundrels are uploading illegal and inappropriate content to the streaming content provider and YouTube is undergoing a serious crackdown to stop the secret porn and stolen content rush.

A report from website Torrent Freak shares how users are able to trick Google’s high-end Content-ID security system by simply listing uploaded video as “private” content. These unlisted videos are then given direct links with content coming straight from Google’s servers. Typically, Content-ID has checks and balances in place to note what kind of content is going on the site.

While YouTube has a host of pirated videos, albums, and movies, the stashing of porn via the site has seen a recent uptick.

This hosting hack has given a rise to adult sites using Google’s servers to host their illegal content. The direct links grabbed from the uploads are then embedded on other websites, pulling content directly from YouTube on the back end and giving the pirates endless opportunities to stream unbeknownst to Google or, if the content is pirated, the original owners.

Google has been doing its best to take down the adult content as it discovers it but the task is arduous at best. Trying to locate the content has proven difficult and unless original owners say something, the company is unable to identify much of the videos

No reports or data area available as of yet to determine how likely this hosted pornographic content could show up. If you have kids or otherwise don’t wish to see this type of content up on your various YouTube video watching sessions, there are a number of tips online on browsing safely. Still, due to the nature of this type of security breach, results could be unexpected and random.

Source: yahoo.com

How to Access WhatsApp from Linux Desktop

WhatsApp is one the most used instant messaging apps available as of now. It is used by more than a billion people around the globe. One of the key reasons for its success is that it has a simple interface and is snappy.

We use WhatsApp from various devices and with the inclusion of WhatsApp web on the desktop, it has been very convenient for many people like me since we don’t have to constantly take our eyes off the monitor. To access WhatsApp web, you can go to this link https://web.whatsapp.com/ on this address in your browser, synchronise with your WhatsApp account on your mobile device. This method is available for all platform starting Mac, Windows and Linux.

Whatsie

Whatsie is another app that allows you to access WhatsApp from your Linux desktop. It is actually a cross platform app. So, it is not limited to Linux platform. Both Windows and Mac users can also use the app.

For Linux platform, Whatsie offers two major packages, DEB (Debian based distros) and RPM (Red Hat based distros). This article will show you how to use Whatsie on Ubuntu 16.10.

• First, download the DEB package of Whatsie here
• Open up your terminal and go to the directory where your Whatsie package is installed.
• Hit the below command to install Whatsie

sudo dpkg -i whatsie-2.1.0-linux-amd64.deb

• Once Whatsie is installed, launch the app immediately to get started.

• As you can see from the screenshot above. WhatsApp offers a QR code as a method to synchronise. Open WhatsApp on your mobile device and head to the three-dots icon on the top right corner and tab on the WhatsApp Web (I use Android in this case).
• Scan the QR Code available on the desktop app of WhastApp. Wait for a moment and you will have all of your WhatsApp conversation available on your desktop app.

Hackers Target Putin’s Website Thousands of Times A Day

One of the Russian officials revealed that the country Russia faces hundreds and sometimes thousands of cyberattacks every day, many of those are launched from the United States.

Russia is the country that’s most often blamed for cyber attacks that happen on other nations. Even the United States claims that Kremlin had tried to disrupt the election process in 2016. But the country’s Security Council head Nikolay Patrushev told that the Russia itself was a target for hackers.

In a public statement, Nikolay said that the US authorities accusing Russia of hacking their systems has no proof and they are just false allegations.

“Obama’s administration accuses Russia of hacking attacks without giving any proof, but deliberately ignores the fact that all major internet servers are located on US territory and are used by Washington for intelligence and other purposes aimed at retaining [US] dominance in the world,” he said.

Moreover, the Russian official said that his country itself is a target for hackers, who are always trying to break into the Kremlin government’s computers to steal data.

“Recently we noted a great increase in attempts to inflict harm on Russia’s informational systems from the external forces,” he stated.

President Vladimir Putin is also one of the popular targets for hackers, and his website is continuously under attack, Patrushev revealed. There are days when the number of cyber attacks launched against Putin’s website exceeds one thousand, he said, and many of these attempts are launched from the Europe, United States, China, or India.

“However, it does not lead to a situation when we say that we know [US President Barack] Obama ordered [this attack] and the White House is behind it,” he continued.

The world's largest Blue Screen of Death

It's a scene straight out of a failed "Blade Runner" reboot.

A Facebook photo posted by Blake Sibbit shows what could be the biggest Blue Screen of Death (BSOD) known to man, all five stories of it.

The gigantic Windows error was spotted on the outdoor digital billboard of the CentralFestival Pattaya Beach shopping mall, a sprawling complex in Pattaya, Thailand.

Windows users are all too familiar with random BSODs, those sudden PC crashes that seem to come out of nowhere, locking you out with cryptic white-on-blue text stuffed chock full of technical gibberish.

Simply put, a BSOD means your Windows machine has a "problem."

In this humongous instance in Thailand, the error seems to be in the "ftser2k.sys" device driver. A little Google-Fu tells us that this file is associated with a USB-to-Serial device driver provided by Future Technology Devices International (FTDI).

Giant digital billboards are supposed to entice people to buy big. Shoppers were treated with a wonderwall of fail instead.

By the way, Microsoft revamped the Blue Screen of Death since Windows 8. It looks something like this:

Obviously, the Pattaya Beach shopping mall has not updated to the latest and greatest operating system that Microsoft has to offer. Too bad they're missing out on the Anniversary Update. (Note: Windows 10 has its own fair share of issues, like killing webcams.)

Hmm, we hope they're not running their serial dot-matrix printers through Windows XP. If that's the case, then a busted billboard is the least of their problems.

Time to call the IT support team of giant replicants, Mr. Deckard?

Google’s First Move in 2017, Patches 22 Critical Vulnerabilities in Android

On this Tuesday, Google released their first Android Security Bulletin for 2017. In this, they mentioned that Google patched a total of 95 vulnerabilities in the operating system, 22 of those are rated critical. About 50 of these bugs are addressed as Elevation of privilege flaws.

Since the process has been going over the past several months, the security bulletin of January is split in two. This makes it easy for the manufacturers to sort out the patches: while the 2017-01-05 security patch level addressed 72 bugs affecting drivers and other ODM software, the 2017-01-01 security patch level resolved 23 issues which affect various Android components.

Among these 22 vulnerabilities mentioned above with a Critical severity rating, a Remote code execution flaw was resolved in Mediaserver. This is one of the Android components that are most impacted. From the time Google kicked off the monthly patch program in 2015 summer, several Critical issues are found in Mediaserver. The list starts with the ever so popular Stagefright, and followed by a second Stagefright vulnerability a few months later.

The remaining 21 Critical flaws patched this month include Elevation of privilege issues affecting the kernel memory subsystem, Qualcomm bootloader, kernel file system, NVIDIA GPU driver, MediaTek driver, Qualcomm GPU driver, and Qualcomm video driver. Three other Critical vulnerabilities were patched in various Qualcomm components, Google’s advisory reveals.

While only one of the 23 vulnerabilities addressed in the 2017-01-01 security patch level was rated Critical, 14 of them were rated High severity. These included Remote code execution bugs in c-ares and Framesequence; Elevation of privilege vulnerabilities in Audioserver, Framework APIs, libnl, and Mediaserver; an Information disclosure vulnerability in External Storage Provider; and Denial of service flaws in Mediaserver, core networking, and Telephony.

Eight of the bugs resolved by this security patch level were Medium risk: an Elevation of privilege vulnerability in Contacts, two Information disclosure vulnerabilities in Mediaserver, and five Information disclosure issues in Audioserver.

DragonOK Hackers Group From China Is Now Expanding Their Operations

DragonOK, A China-linked hackers group has updated the toolset. Following the new decoy documents they are using to attack, researchers came to a conclusion that the hacker group is expanding their territory to Russia and Tibet.

Earlier in September of 2014, an article is published on the activities of the DragonOK was and it was published by FireEye. For the first time, the security firm said that the group is now focussing on high-tech companies in both Japan and Taiwan and noticed that their goal is to collect money as ransom.In Japan, considered DragonOK’s main target, the group has recently attacked organisations in several industries, including manufacturing, higher education, technology, energy and semiconductor, Palo Alto Networks said in a blog post published on Thursday.

DragonOK has attacked many organisations in Japan, which is now considered as the group’s main target. The list of organisations includes several industries, including manufacturing, technology, energy, higher education and semiconductor, Palo Alto Networks said in a blog post published on Thursday.

A piece of malware used by the hacker named “Sysget,” was delivered to attack in Taiwan. The same security firm has identified three new versions of Sysget and all of them have improved over the previous generation malware which makes them hard to detect and analyse.

Sysget was delivered using phishing emails and it through specially crafted documents set up to exploit CVE-2015-1641, one of the most widely used Microsoft Office vulnerabilities to date. CVE-2015-1641 is known to have been exploited by APT actors that focus on East Asia.

The group also targeted Taiwan with a piece of malware named “IsSpace.” This Trojan is believed to be an evolution of the NFlog backdoor, which has been used by both DragonOK and a different China-based threat group tracked as Moafee. IsSpace was previously seen in a watering hole attack targeting an aerospace company, but the samples spotted recently appear to have been updated.

Steghide – Tool To Find Hidden Information And Password In A File

Steghide, is a tool that executes a brute force attack to file with hide information and password established.

System Requirement 

• Linux operating system 
• Steghide 
• Python

Download and Install

Step 1: Download and install Steghide from GitHub or enter the following command on your Linux terminal:

git clone https://github.com/Va5c0/Steghide-Brute-Force-Tool.git

Step 2: Now run the script by typing:

python steg_brute.py [option] [-f file]

For more instruction type:

python steg_brute.py -h

British Intelligence Provided A Major Tip-off To The United States

The UK’s involvement came to light after the US intelligence community published an unclassified version of a report that accused Russian President Vladimir Putin of ordering a multi-pronged operation to influence the election.

In their report released on Friday, the Central Intelligence Agency (CIA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) concluded that the Russian government “sought to help” Republican Donald Trump by hacking various Democratic Party organizations and operatives as well as running a smear campaign against his Democratic rival, Hillary Clinton.

Citing “two people familiar with the conclusions” of the assessment, The New York Times reported that British intelligence was “among the first” to alert their American counterparts that Russian hackers had infiltrated the computer servers of the Democratic National Committee (DNC).

The breach of email exchanges among senior Democrats was spotted from voice intercepts, computer traffic and agents outside the US as emails and other data from the DNC flowed toward Moscow. British officials were as concerned as their US counterparts over the extent of contacts between Trump aides and Moscow and by the president-elect’s pro-Russia stance.

However, those officials are now finding themselves in an awkward position as the government of Prime Minister Theresa May is trying to solidify ties with the incoming Trump administration, in part to compensate for the UK’s divorce from the European Union, according to The Guardian.

Trump downplayed Russia’s role in the election after he was briefed on the issue by senior intelligence officials on Friday afternoon, saying any attempt to hack Democratic groups had “absolutely no effect on the outcome of the election.”

The president-elect also tweeted Saturday that Democrats were making a lot of “noise” about Russia’s alleged campaign because they were “embarrassed” by the election results.

Source: presstv.com

Hackers Add More Games To NES Classic Edition

Hackers have figured out a way to score even more games that will make you nostalgic for the way gaming used to be. According to Ars Technica, hackers in Japan and Russia have discovered a modification that can allow users to find new classic games.

First, you need to create a save file in Super Mario Bros, which you’ve probably already done anyway. Then, connect the NES Classic to a computer with a micro-US cable and boot it in “FEL” mode (hold the reset button while pushing the power button).

Then, as Ars Technica writes:

"While you’re booting, you should also run a “sunxi-FEL” interface on your computer. (An open-source version of compatible “USBBoot” software can be found here.) The rest of the steps land firmly in “operate at your own risk” territory, as they require copying your NES Classic’s internal data to your computer, then modifying and adding files via an application made by hackers. Doing so, by the way, includes the dubious step of supplying your own ROM files, which you may have either dumped from your own cartridges or downloaded from other Internet users. One tool linked from that Reddit community, however, comes with two open-source NES ROMs that are in the legal free-and-clear to upload to your hardware."

"Once you’ve added your own game files, which should also include custom JPGs that will appear in the NES Classic’s “box art” GUI, you’ll have to repack the hardware’s kernel, then fully flash the hardware yourself. (Again, we remind you, these kinds of technical steps can result in a bricked NES Classic if anything unexpected happens.) Do all of those steps correctly, and you’ll see every single game you’ve added appear in the slick, default interface."

Hackers May Have Hacked South Korea’s Military Cyber Command

South Korea’s military cyber command, established to counter external hacking attempts on the country’s military, may have been hacked, according to South Korea’s Yonhap news agency reports.

“It seems the server of the cyber command has been hacked,” an official at the South Korean military said on condition of anonymity. “We have to go through additional checkups to confirm the cyberattack and to find out who launched the cyberattack and what data have been leaked.”

The latest allegation comes out after Rep Kim Jin-pyo, a lawmaker of the main opposition Democratic Party of Korea, claimed that the cyber command was hacked in September.

He told Yonhap News Agency two months ago that the hacking targeted the “vaccine routing server” installed at the cyber command.

Kim, who is a member of the parliament’s national defense committee, then said that a malicious code was found and it appears to have taken advantage of the vulnerability of the routing server.

The server is examined with security on computers that the military has for internet-connection purposes.

Nearly 20,000 military computers are connected to the server.

Kim said in October that chances are “very low” that the hacking led to a leak of confidential information, given that the military’s intranet is not connected to the server.

The defense ministry later announced that malicious code has be identified and removed as a cautious measure, it separated the server from the network.

According to the source, there is a possibility that the military’s intranet may have been compromised due to the hacking which could force South Korea to rewrite its military operation plans.

Samsung Have Made Knox Software Free

Samsung has dropped the cost of its mobile device management (MDM) suite Knox software free.

You don’t get all of Knox for that price, as $0 what you’ll pay for a new “Express” version of the service offering basic MDM features like a cloud management portal and the ability to create a password-protected partition in which employer-provisioned apps and data are accessible. Outfits with more than 250 devices to manage will need the new dollar-a-month “Premium” edition, which adds Active Directory integration, application white-and-blacklisting and the ability to manage mobile devices according to centralised policies.

For those of you who don’t know, Samsung KNOX Enterprise Mobility Management (EMM) is a complete set of cloud-based MDM, Identity Access Management (IAM) and security services for efficient and convenient enterprise mobility management. These services extend to cross-platform devices and enable users to easily access mobile apps with a single click using Single Sign-On (SSO). Businesses can provide IT administrators remote control of user devices and applications through KNOX EMM Admin Portal, or allow employees to manage their own devices with the KNOX EMM User Portal.

Malware Easily Bricked The Smart TV Running Google TV

There’s a good chance you don’t remember Google’s own smart TV platform called Google TV, but although this was pretty much a failure, there still are people out there who actually bought devices running it.

The number of TVs powered by Google TV, however, is declining, and this Christmas, for example, at least one smart TV went dark unexpectedly.

Darren Cauthon took to Twitter to reveal that his LG smart TV running Google TV was infected with malware when his family tried to install a movie streaming application. Judging from the photo he posted, this looks like a form of ransomware which requires him to pay to have access to the device restored.

But since the ransomware wasn’t necessarily developed for TVs, but for Android devices such as tablets and smartphones, it’s now completely bricked and no workaround seems to be able to restore it. Booting obviously leads to the same ransomware notification and other options are not available given the limited input on a TV.

The only thing that could work, however, is flashing the stock firmware, which could only be possible with the firmware image provided by LG. Oddly enough, LG isn’t willing to help the owner remove the ransomware from his TV unless he pays, and according to his tweets, he could easily buy a new TV with the money that the company is asking for servicing.

The cost of removing the malware by flashing the stock firmware is $340, which, given the fact that this is an old TV running a platform that’s no longer supported, makes absolutely no sense.

This doesn’t necessarily mean that all smart TVs in general, or smart TVs running Android in particular, are bad because this kind of thing shouldn’t normally happen anyway, at least when owners stay away from apps they don’t trust.

Major Cyber Attack on OSCE By The Company

The Organization for Security and Co-operation in Europe, an international election and war monitor, said Wednesday it had become the latest global institution to suffer a “major” cyber attack.

The Vienna-based OSCE has its origins in the Cold War but after 1991 it expanded and now has 57 member states including the United States, Russia and Ukraine.

It currently has 700 monitors focused on the conflict in eastern Ukraine and is also active in observing elections and tracking media freedom.

OSCE spokeswoman Mersiha Causevic Podzic told AFP in an email that it “became aware of a major information security incident” in early November.

The attack “compromised the confidentiality” of the organisation’s IT network and put “its integrity at risk”, although it was still able to operate, she said.

According to French daily Le Monde, which first reported the incident, a Western intelligence agency believes that Russian hackers group APT28 was behind the attack.

This group, also known as Pawn Storm, Sofacy and Fancy Bears, is believed to be behind other high-profile cyber attacks and to be linked to Russia’s security services.

The OSCE said “the way in which the attacker accessed the OSCE was identified, as have some of the external communication destinations”.

France’s ambassador to the OSCE played down the dangers from the attack, saying officials in Vienna — long seen as a hotbed of espionage — are trained to be aware to the risks.

“Diplomats at the OSCE are warned that attempted spying, in whatever form, are part and parcel of this organisation,” Veronique Roger-Lacan told AFP.

But cyber attacks by criminals and governments are on the rise, with states and firms spending billions of dollars to defend and arm themselves.

The issue has become contentious between the United States and Russia, with the latter alleged to have hacked party computers and leaked documents during the US election campaign.

The White House has said Russian President Vladimir Putin was directly involved and President Barack Obama has vowed Washington will retaliate “at a time and place of our own choosing”.

Korea’s Military Cyber Command Hacked

According to a lawmaker said Saturday that,”South Korea’s cyber command established to counter external hacking attempts on the country’s military was found to have been hacked last month.” raising speculation that North Korea might be behind the latest cyber attack.

Rep. Kim Jin-pyo, a lawmaker of the main opposition Minjoo Party of Korea, told Yonhap News Agency in a telephone interview that the hacking targeted the “vaccine routing server” installed at the cyber command. Kim is a member of the parliament’s national defense committee.

“A malicious code has been identified and it seems to have taken advantage of the vulnerability of the routing server,”

“In a cautious measure, the server has been separated from the network.”

The server is tasked with security on computers that military has for Internet connection use. More than 20,000 military computers are known to have been connected to the server. Kim said that chances are “very low” that the latest hacking led to a leak of confidential information given that the military’s intranet is not connected to the server.

An investigation is underway to figure out where the hacking originated. He said that it has yet to be confirmed whether the North was involved but noted that military authorities are leaving that possibility on the table.

The defense ministry later confirmed the hacking of the cyber command, and is working on to figure out how the malicious code got into the system. Despite the incident, he said that the military Internet system remains up and running.

Serious PHP Issues Found From PHPMailer and SwiftMailer

Experts have determined that the remote code execution vulnerabilities affecting the PHPMailer and SwiftMailer email-sending libraries are caused by PHP design flaws.

Researcher Dawid Golunski from Legal Hackers recently discovered that PHPMailer has a critical flaw that can be exploited by a remote, unauthenticated attacker for arbitrary code execution in the context of the web server user. The weakness, exploitable by submitting specially crafted input through contact and registration forms, can allow an attacker to completely take over the targeted web application.

PHPMailer developers attempted to patch the vulnerability (CVE-2016-10033) with the release of version 5.2.18. However, Golunski determined that the fix could be bypassed. The new flaw (CVE-2016-10045) was patched on December 28 with the release of version 5.2.20.

In the meantime, the researcher found the same security hole in the SwiftMailer library (CVE-2016-10074). SwiftMailer developers included a fix for the vulnerability in version 5.4.5, released on December 29, but it may not be complete either.

Researcher Paul Buonopane believes that CVE-2016-10033, CVE-2016-10045 and CVE-2016-10074 are just the tips of the iceberg as they are caused by PHP design flaws that could expose many applications.

The issues, according to Buonopane, revolve around the lack of proper input sanitization, particularly related to the PHP functions escapeshellarg and escapeshellcmd. escapeshellcmd is designed to escape characters that might be used to trick a shell command into executing arbitrary commands, while escapeshellarg escapes a string that will be used as a shell argument.

Buonopane has pointed out that the escapeshellarg function is incomplete and escapeshellcmd was never meant to sanitise user input, which leaves room for abuse. The expert said PHP developers have known about some of the issues surrounding the problematic functions for several years.

“The underlying vulnerability is really a design flaw and will take many years to fix. That cannot begin without the active participation of the greater PHP community,” Buonopane said.

Both PHPMailer and SwiftMailer are very popular. PHPMailer is used by projects such as WordPress, Drupal and Joomla, while the SwiftMailer library is leveraged by PHP frameworks such as Yii2, Laravel and Symfony. While disclosures have focused on PHPMailer and SwiftMailer, Buonopane believes nearly all other PHP email libraries are affected by these vulnerabilities.

Fancy Bear Gang Is Linked To Election Hack Reports FBI-DHS

In a report released Thursday the Federal Bureau of Investigation and the US Department of Homeland Security implicated Russian hacking group Fancy Bear in attacks against several election-related targets.

According to the Joint Analysis Report, the hacking group Fancy Bear, believed to have ties to the Russian government, used a combination of techniques ranging from spear phishing, spoofed domains and malware to harvest credentials in order to gain access to accounts controlled by a political party.

Attacks against U.S. targets came in two waves starting in the summer of 2015 and as recently as November 2016, according to the report. The FBI-DHS implicates Russian intelligence services who allegedly initiated the attacks via Fancy Bear, also known as Cozy Bear, APT28 and Sofacy.

The 13-page report (PDF) said attackers “masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack.” It said hackers aimed “to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.”

In June, researchers at Crowdstrike implicated Cozy Bear in hacks against the Democratic National Committee. Crowdstrike said Cozy Bear has also been behind attacks against the White House, State Department and Joint Chiefs of Staff, as well as numerous organizations in critical industries around the Western world, Central Asia and the Far East.

According to the FBI-DHS the malicious cyber activity, it designated as Grizzly Steppe, began in April 2015 and included a spear phishing campaign that targeted over 1,000 recipients.

“APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spear phishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party,” according to the report.

The spear phishing campaign lured at least one victim to download a file that contained malware that “established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure,” according to the report.