Advertisements

Nasty New Malware Waits Until You Visit A Pornsite, Then Starts Recording

4.jpg

At the end of last week, ESET’s security researchers disclosed the discovery of a new strain of malware that takes the trend for sextortion to a new level. Varenyky, as the malware was named by its finders, monitors the activity on infected computers, watching until a pornographic website is visited, and then starts recording the screen.

According to the ESET team, Varenyky first came to light in May, when a malware spike was identified in France. And this is the other twist with Varenyky—it has been designed to specifically target French computer users. For now.

Varenyky is aimed at Orange customers in France, sending out fake invoices as Microsoft Word attachments to load the malware. When those documents are opened, a macro is executed which ensures the computer and its user are indeed French, if not the malware slips away with no damage done. But if the targeted computer ticks its boxes, Varenyky checks back with its C&C to determine what elements of malware to download, executing further macros to install software that can “steal passwords and spy on victims’ screens using FFmpeg when they watch pornographic content online.

When trigger keywords (a myriad of common and more specialised sexual terms) or websites (including YouPorn, PornHub and Brazzers) are detected, “the malware records a computer’s screen using an FFmpeg executable—the recorded video is then uploaded to the C&C server.” The clear risk is for advanced levels of sextortion or even blackmail. And while the current findings appear relatively generic (at least to the French), there is the potential for the malware to be targeted at individuals.

The spam emails—as many as 1500 per hour have been sent—focus on “win a smartphone competitions—an iPhone X, a Galaxy S9 or S10.” The victim is asked for personal information and then, as the scam progresses, credit card details as well. None of this is related to the video capture of sex sites, it is a broad-brush approach.

Varenyky is interesting because of its specific national targeting and its mix of credential theft and sextortion campaigning. The triggered screen recording, though, is grabbing the headlines. Not because of this particular campaign—there is no evidence of the videos having been used maliciously yet, but because it’s a nasty twist on a theme, and we can expect to hear more about it. As ESET warns, “this shows that operators are inclined to experiment with new features that could bring a better monetization of their work.”

A week ago, I reported that phishing defense specialist Cofense had published more than 200 million email addresses, that the company says are “being targeted by a large sextortion scam.” You can actually search the database for your own email address here. The usual sextortion concept of operations is to take breached email accounts—user names and passwords—and include those in a large-scale mail-out campaign to attempt to trick account holders into thinking they have been compromised, with passwords used as a convincer. It’s a numbers game. Small percentages returning lucrative rewards.

Now there is the potential for the use of video as a twist on what we have seen before—shades of Black Mirror episodes coming to life.

And so, the usual advice pertains. Don’t fall for scam promotions. Think before you click on attachments from unfamiliar senders. Don’t share personal information and definitely don’t share credit card details. And always keep your software and virus protection up to date.

There are many functions of Varenyky, ESET warns, “related to possible extortion or blackmail of victims watching pornographic content.” And the hackers behind the malware are already in the sextortion business even though the videos have not yet been used. ESET reports that Varenyky “is under heavy development and it has changed a lot since the first time we saw it,” which suggests functionality and sophistication will increase.

What we know for sure, though, is that this malware is now out there, and so the risk is very real.

Find me on Twitter or Linkedin or email zakd@me.com. Disclosure: I cover security and surveillance, the sector in which Digital Barriers operates. Direct conflicts are highlighted.

I am the Founder/CEO of Digital Barriers, a provider of video surveillance and analytics technologies to security and defense agencies as well as commercial organizations. I cover the sectors in which DB operates, potential conflicts are highlighted.

 

Advertisements

Who’s The Face Behind FaceApp? Meet The Rich Russian Who Built The Wildly Viral App

He’s worked on Windows Mobile for Microsoft. He was cofounder of a company that sold to Russia’s Google, Yandex, in a reported $38 million deal that made him wealthy.

But Yaroslav Goncharov’s biggest success (and stress) has come with a company that’s miniscule by comparison: FaceApp. Leading a staff of just 12, the geeky, excitable 40-year-old has created what’s currently the world’s hottest (and possibly most controversial) app, which uses artificial intelligence-powered filters to gender-swap or radically age selfies.

It topped the download charts for both Android and iPhone this past week after millions followed celebrities like Dwyane Wade, Drake and Iggy Azalea in doing the “FaceApp Challenge.” The “challenge” was simple: take a photo, apply the aging filter and post an image on Instagram, Twitter, wherever, of the older you.

But no sooner had the FaceApp virality reached fever pitch than fear about the provenance and motives of the app’s creators emerged. First there were concerns—which swiftly proved to be unfounded—that FaceApp wasn’t just accessing submitted photos but grabbing entire camera rolls from users’ phones. Then Russophobes fretted about where all Americans’ face data was going, leading Senator Chuck Schumer to call for an FBI investigation into the app.

Goncharov, who promises more transparency with an updated privacy policy, was overwhelmed. “Last Thursday, I tried to count the number of calls I was getting. … I counted 200  in three hours or so,” he says. “We couldn’t do our daily work.” He’s speaking from his St. Petersburg HQ in his first interview with an English-language publication, recovering from a week in which his little company went into “crisis mode.”

Now he tells Forbes about plans to calm the privacy storm. The new FaceApp terms and policy will likely remove references to the rights that the company claimed over people’s images, he says. The current terms grant FaceApp almost complete ownership over submitted faces, letting the company use, alter and sell the photo however it wants, with no compensation for the user. “People got scared because they think everything we say in this policy we do, which of course is not the case at all,” he says.

Goncharov said those terms were so broad because he had planned earlier to turn FaceApp into a “social network for faces.” “To do this kind of product, our privacy policy had to be very similar to what Instagram had. Our current privacy policy is very similar to what Instagram has … but nobody blames Instagram, because it’s Instagram,” he adds.

Now there’s no need to mirror the privacy policy of the Facebook-owned app. “It’s my personal top priority to fix our privacy policy and terms of use,” he says, adding that he will be drafting fresh policies over the next month. “Hopefully it won’t take too long.”

He reiterates that the company deletes photos in 48 hours, asking the Amazon and Google servers, on which FaceApp runs, to automatically wipe data that’s been on the system for that time. He also notes that photos aren’t used for any commercial purposes. As for why the company stores faces on a server for 48 hours, the CEO says that users don’t want to have to re-upload a photo every time they apply a new filter. So the image has to stay on the server temporarily.

Little will therefore change at the code level, though there’s now a notification when opening the app, asking the user to confirm that they are happy that photos will be taken to a remote cloud. Besides, it’s not FaceApp that users should be worried about when it comes to privacy, but all the other apps they’re already using, Goncharov argues. “There are so many other apps that collect much more data,” he says. “We just don’t.”

An “unusual success”

At Microsoft in the early 2000s, Goncharov got a taste of the smartphone-obsessed future. He was a software developer on what was then Windows Mobile long before the iPhone and Android became a reality. He thought he was creating the first open, large-scale cellphone operating system, something like Android long before Google’s OS existed. “I was sure I was building the future,” he recalls of his time in Redmond.

But the working for a startup in his home city of St. Petersburg was too much of a draw. He joined SPB Software as chief technology officer and was one of three partners alongside Vassili Philippov and Sebastian-Justus Schmidt. The company started out developing alternative home screens for Windows Phone—a platform Goncharov was very familiar with from his time in Washington state. But SPB had to pivot when Windows began to flounder in the face of Apple’s and Google’s rival platforms. Goncharov laments that after he left, Windows tried to compete with Apple by producing a closed system, rather than choose the open, partner-led focus that Android took. “When I think about it, it still hurts.”

Not long after SPB had refocused on Android, Russian search engine Yandex came calling with a $38 million check in 2011. The FaceApp founder won’t disclose how much he made from the deal, other than to tell Forbes: “Let’s say that I had enough money to start my own company and not worry about looking for additional investments.” Cofounder Schmidt also declined to provide confirmation on figures.

During his time at Microsoft and then at Yandex, Goncharov, ever the engineer, became fascinated by neural networks—hardware and software that try to learn and process information like the human brain. He was particularly drawn to the idea that an algorithm could generate a face from given attributes, like gender or hair color. “The quality at that point was terrible, but there was still some magic.” He says that after six months of tinkering, the quality of the images his neural nets were creating were much better than what was previously available.

Once he left Yandex in 2013, he moved on to creating his own products, one of his first being a hotel Wi-Fi testing tool that garnered some success. But, wanting to create a product from those face-generating algorithms, he starting working on FaceApp in 2016. It launched in 2017, still in what Goncharov describes as a beta version. Even in its basic form, it went viral for the first time after a “hotness” filter made people prettier.

With millions of users enamored with the app, Goncharov quickly had to formulate a business plan. His idea was that people would pay for an automated photo editor, so he added a paid-for subscription offer that would remove the FaceApp watermark and irritating ads, as well as add some premium features. Effectively, FaceApp was to replace PhotoShop editors with AI, Goncharov ventured.

FaceApp making millions

It has paid off, according to the CEO. “We have success, but very unusual success,” boasts Goncharov, who owns 100% of the business.

Without providing substantiating data, he claims FaceApp has been profitable since the first launch two years ago, with “good” revenue and growth figures. “We’re very profitable,” he says. “I could easily have got investment from Silicon Valley… but we had enough to grow organically.” While Goncharov has no need for Silicon Valley investors for now (he says he may approach VCs in the future), others in the bubbly business of photo apps have either taken big funding rounds or been acquired. Snapchat snapped up Looksery for a reported $150 million in 2015 and Teleport for $8 million in 2018 to help grow its library of AI-powered filters, while Oakland-based photo app VSCO raised $90 million over two rounds.

FaceApp makes money from nothing more than a paid-for subscription service. But the founder declines to say how much revenue that’s drawing in or how many paying customers he has. He also won’t disclose user numbers.

Goncharov does, however, disclose that the paying customer base was roughly 1%. And looking at the number of downloads (not active users) revealed on Google Play, there are in excess of 100 million. Even taking a conservative estimate of 100 million users across Android and iOS, and just 1% signing up for a single month’s premium use at $3.99, the company is making at least $4 million per annum, and potentially a lot more if it’s locking in more users. (It’s also possible to pay $20 for a year’s access or $40 for lifetime use). Goncharov declined to comment on that estimate. But it’s not bad for a 12-employee business that’s been profitable for two years, by Goncharov’s account at least.

As for what’s next, video is on the horizon. Though other companies like Snapchat already do this with live filters, Goncharov doesn’t want to launch something that’s anything less than “magical.” He’s hoping that magic isn’t diminished by another privacy panic.

Follow me on Twitter. Check out my website. Send me a secure tip.

I cover security and privacy for Forbes. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist of the year in 2012 and 2013 for a range of exclusive articles, and in 2014 was handed Best News Story for a feature on US government harassment of security professionals. I like to hear from hackers who are breaking things for either fun or profit and researchers who’ve uncovered nasty things on the web. Tip me on Signal at 447837496820. I use WhatsApp and Treema too. Or you can email me at TBrewster@forbes.com, or tbthomasbrewster@gmail.com.

Source: Who’s The Face Behind FaceApp? Meet The Rich Russian Who Built The Wildly Viral App

This Maps Shows Which Cities Are Using Facial Recognition Technology—And Which Have Banned It

As government use of facial recognition technology becomes more widespread, the digital rights nonprofit Fight for the Future has created an interactive map that shows where in the United States it’s being used and where it’s being resisted.

The map draws on news reports and research to show the ways that state and local governments have rolled out facial-recognition-related initiatives, like where agencies are scanning driver’s license databases or screening passengers on international flights, as well as which cities have banned local government from buying or using the technology or are considering legislation to that effect.

The map also shows all the places where police have formed partnerships with Amazon’s home security subsidiary, Ring. Police departments across the country have given residents free or discounted doorbell camera systems and encouraged people to share their security footage, creating what privacy advocates describe as an unprecedented surveillance network.

A spokesperson said that the Ring system does not use facial recognition technology.

Fight for the Future launched the map as part of its push for a nationwide ban on facial recognition technology, which it says threatens civil liberties and would have a chilling effect on free expression.

“The goal of the map is to educate people about where facial recognition technology is being used across the country and the different ways that it’s happening and then give them the tools to do something about it,” Fight for the Future deputy director Evan Greer tells Forbes. People who sign up on the group’s website will receive advocacy tool-kits to help them organize around the issue.

Proponents of facial recognition—which typically identifies people from video or photos by comparing their facial features with those in a database—says it can help solve crimes (or stop them before they happen), while critics point to studies that show the technology to be error-prone, particularly for people of color, and say the negative consequences of ubiquitous surveillance outweigh possible benefits.

Lawmakers recently held a series of hearings on facial recognition technology, with senators on both sides of the aisle expressing concerns about potential consequences of government usage, though without any real agreement on what national regulation could look like. 

So far, local governments have led the way. Earlier this week, Oakland, California became the third city to ban its government agencies from buying or using facial recognition technology for any purpose, following San Francisco and Sommerville, Massachusetts. Several states are also considering bills that would place moratoriums on the technology.

Greer says the map—which you can view here—likely isn’t comprehensive due to the secrecy around facial recognition but that Fight for the Future team plans to update it regularly as new information surfaces.

Follow me on Twitter or LinkedIn. Send me a secure tip.

I’m a San Francisco-based staff writer for Forbes reporting on Google and the rest of the Alphabet universe, as well as artificial intelligence more broadly.

Source: This Maps Shows Which Cities Are Using Facial Recognition Technology—And Which Have Banned It

Haven’t Tried a Password Manager? You Won’t Regret It. – Dashlane Blog

You’ve heard it before—you should use a password manager. A password manager helps you create strong, complex passwords, which are much safer than reusing the same weak passwords across all websites. But did you know that a password manager makes using the internet easier in a lot of other ways, too?…….

Source: Haven’t Tried a Password Manager? You Won’t Regret It. – Dashlane Blog

Safety 1st – How to Protect your Coins from Malware

https://www.pivot.one/share/post/5c19b723ad59e705006625e9?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

Colorado Securities Regulators Crack Down on Four More ICOs for Alleged Illicit Practices – Helen Partz

1.jpg

The Colorado Division of Securities has filed cessation orders against four Initial Coin Offerings (ICOs) allegedly involved in fraudulent and illicit practices, according to an official announcement Nov. 20.

Colorado Securities Commissioner Gerald Rome issued the new cease and desist orders following investigations by the Division’s ICO Task Force. Rome has issued 18 cessation orders to ICO projects offering unregistered securities since May, 2018. According to the announcement, at least two more orders are still pending.

The recent orders affected four crypto and blockchain-related firms; Global Pay Net, Credits LLC, CrowdShare Mining, and CyberSmart Coin Invest. All the companies were reportedly accessible to Colorado residents and allegedly violated securities laws.

Regulators state that the projects also engaged in fraudulent marketing practices; Global Pay Net allegedly falsely claimed that “investors receive 80 percent of the company’s profits.” CrowdShare Mining promised an “at least 1,000 percent” four-year return on investment for investors who bought its token.

Commissioner Rome stated that the “sheer number” of cease and desist orders against ICOs should be a “red flag […] that there is a real risk that the ICO you are considering is a fraud.” Rome also highlighted the problem of crypto investor protection, claiming that fraudsters “simply create a fake ICO to steal investors’ money,” and “trick investors into wrongfully paying them.”

Earlier this month, the securities regulator issued cease and desist orders to four ICOs for allegedly offering unregistered securities.

On Nov. 19, Italian securities regulator Commissione Nazionale per le Società e la Borsa (CONSOB) issued enforcement actions against three crypto-related firms for alleged violation of local financial laws by failing to register as financial intermediaries.

That same day, the North Dakota Securities Commissioner issued a cease and desist order against an alleged Russia-based ICO that posed as Liechtenstein Union Bank.

According to a recent study by the University of British Columbia, ICOs face a “compliance trilemma” that limits their potential. Some issuers shirk compliance measures in order to “reach a distributed pool of investors” and have an offering that is “cost-effective.”

The study explains, “If issuers forgo these costs, the risk of being non-compliant rises significantly. The result is a trilemma, whereby issuers currently must forgo one of these goals to realize the other two, or to compromise on all three.”

Alabama’s Regulators Use Cryptographic Hashes to Preserve Evidence Regarding Crypto-Related Scams – Omar Faridi

1.jpg

Greg Bordenkircher, the first assistant at the United States Attorney’s office, has revealed that the US state of Alabama “issued nine orders shutting down businesses that [were] advertising” potentially fraudulent investment schemes, services, and products. Bordenkircher added that Alabama has so far “got about 20 percent of all the active cease-and-desists” out of all 50 US states. Moreover, there are “another 20, 22” potential crypto-related scams that Alabama’s regulators are currently investigating, Bordenkircher told Coindesk……..

Read more: https://www.cryptoglobe.com/latest/2018/11/alabama-s-regulators-use-cryptographic-hashes-to-preserve-evidence-regarding-crypto-related-scams/

 

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

KnotrolPress – Hack Proof Security and Built In Optimization Protects You Against ANY Hackers And Even Drives You Traffic

We personally developed this software to combine the power of competitive security with top-notch optimization to give you the power to grow your business effortlessly.It only takes one badly coded plugin or a theme to open a back door to your site allowing all kinds of illegal activities. With KontrolPress your sites will be protected in just a few easy clicks. And the best part, you don’t have to become a security expert or understand all the latest online security standards to be able to use it. It’s that easy. This is a must-have for all WordPress sites owners……

Read more: http://kontrolpress.com/mainsales/

How An Amateur Rap Crew Stole Surveillance Tech That Tracks Almost Every American – Thomas Brewster

1.jpg

On a June day last year, a skinny, dreadlocked 29-year-old rapper known as Tony Da Boss lay in bed in a redbrick apartment on a tree-lined street in Charlotte, North Carolina. It was not the kind of place you’d associate with a million-dollar criminal conspiracy. But Da Boss (real name Damonte Withers) was a leader of the FreeBandz Gang, an amateur hip-hop crew of twentysomethings who were into much more nefarious activities than laying down tracks. There were warning signs that things were going to get real…..

Read more: https://www.forbes.com/sites/thomasbrewster/2018/10/12/how-an-amateur-rap-crew-stole-surveillance-tech-that-tracks-almost-every-american/

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

3 Ways for Students to Steal Your Password – Erin Werra

1.jpg

When you’re locking down your data, how secure is the password you chose? If it’s anything like the magic words above, have we got news for you. Your password tricks are not working. Worse, you might be letting security slip and opening yourself up for a student to sneak information to unlock valuable, FERPA-protected data. Are your passwords secure? Learn three ways students may be able to gain access to your passwords…….

Read more: https://www.emergingedtech.com/2018/09/3-ways-for-students-to-steal-your-password/

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

%d bloggers like this:
Skip to toolbar