Ransomware Cyber Attack: Hackers Leverage Stolen NSA Tool to Wreak Havoc Worldwide

 

HIGHLIGHTS

  • Ransomware WannaCry leveraged hacking tools developed by NSA
  • It exploits a known bug in Windows
  • Researchers have observed 57,000 infections in 99 countries

A global cyber attack leveraging hacking tools widely believed by researchers to have been developed by the US National Security Agency hit international shipper FedEx, disrupted Britain’s health system and infected computers in nearly 100 countries on Friday. Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

Private security firms identified the ransomware as a new variant of WannaCry (also known as WanaCrypt0r and WCry) that had the ability to automatically spread across large networks by exploiting a known bug (MS17-010) in Microsoft’s Windows operating system. The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency Bitcoin, though they did not know what percent had given in to the extortionists.

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing remediation steps as quickly as possible,” it said in a statement.Ransomware Cyber Attack: Hackers Leverage Stolen NSA Tool to Wreak Havoc Worldwide

Still, only a small number of US-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, said Vikram Thakur, research manager with security software maker Symantec.

By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur said.

The US Department of Homeland Security said late on Friday that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.

Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. Portugal Telecom and Telefonica Argentina both said they were also targeted.

“Once it gets in and starts moving across the infrastructure, there is no way to stop it,” said Adam Meyers, a researcher with cyber security firm CrowdStrike.

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm,” or self spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.

Microsoft on Friday said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14 to protect them from Eternal Blue.

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” Microsoft said in a statement. It said the company was working with its customers to provide additional assistance.

Sensitive timing
The spread of the ransomware capped a week of cyber turmoil in Europe that kicked off a week earlier when hackers posted a huge trove of campaign documents tied to French candidate Emmanuel Macron just 1-1/2 days before a run-off vote in which he was elected as the new president of France.

On Wednesday, hackers disputed the websites of several French media companies and aerospace giant Airbus .Also, the hack happened four weeks before a British parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year’s US election and on the eve of this month’s presidential vote in France.

But those attacks – blamed on Russia, which has repeatedly denied them – followed an entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

On Friday, Russia’s interior and emergencies ministries, as well as the country’s biggest bank, Sberbank , said they were targeted. The interior ministry said on its website that around 1,000 computers had been infected but it had localized the virus.

The emergencies ministry told Russian news agencies it had repelled the cyberattacks while Sberbank said its cyber security systems had prevented viruses from entering its systems.

New breed of ransomware
Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain’s National Cryptology Centre of “a massive ransomware attack.”

Iberdrola and Gas Natural , along with Vodafone’s unit in Spain , asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Google Maps Local Guides Program Adds New Levels, Perks, Badges and More

 

HIGHLIGHTS

  • Earlier, the program only consisted of five rank levels
  • Google has added new badges for levels 4-10
  • Certain contributions carry more weightage than the others

Keeping Google Maps updated is not an easy task and in order to ensure it has the latest data, Google has its Local Guides program in place. Now the search giant has added new levels, a revamped point system, and new badges to keep advanced level guides motivated for updating its Maps service regularly.

For those who are unaware, Local Guides is a community that provides regular updates to Google Maps. For their contributions, the members of this community are awarded with benefits like early access to new Google Maps features, exclusive contests, and events, among other things. Anybody can sign up to be a part of Local Guides and start contributing.

Moving on to the latest update to Local Guides, Google is now rolling out a new point system, new levels that unlock different kinds of perks, and new ways to earn points within this community. Google says that certain contributions will have more impact than others for users. For example, users will get more points if they are first to add a place to the map or leave a review.Google Maps Local Guides Program Adds New Levels, Perks, Badges and More

Now, users who are part of Local Guides community will earn points for rating the places and checking the facts that have been provided by other community members. Google has now added 5 additional levels. This means that users can now reach their maximum rank at level 10. The search giant has now introduced new badges for users with 4-10 level rank to make sure their contributions are recognised within the community. The new badges will be visible right beside their profile picture, Google says.
“Just like before, Local Guides Level 2 and above can enjoy early access to new product features, and get occasional perks from Google and local perks from partners,” Google said in its blog post. Further, members with Level 4-10 can redeem a free three-month Google Play Music subscription and get 75 percent off a rental in the Google Play Movie store, as per company.

Last month, Swiggy announced its partnership with the Local Guides program to offer special perks to the community members in India.

If you are not a part of this community already, now would be a good time to share your experiences, post pictures, and rate places to get some serious benefits from Google.

 

Amazon, Flipkart Host Back to College Laptop Sales: Here Are the Top Offers

 

Amazon India and Flipkart are both hosting Back to College laptop sales on their respective sites. Both the e-commerce verticals are offering different deals, exchange offers, and No Cost EMI options on laptops from varied brands for students going back to college after the long summer vacation.

Amazon India has listed Intel-powered laptops from Lenovo, HP, Dell, and more with exchange offers and No Cost EMI options. The e-commerce site has also segregated laptops into curriculum sections like – Humanities and Commerce, Engineering, Medical Studies, MBA, Design and Architecture, and even Gaming.

With respect to price, the cheapest laptop listed in the sale is the Lenovo Ideapad 15.6-inch laptop available in Black, and priced at Rs. 18,990. Amazon is offering up to Rs. 10,000 off on exchange with an old laptop, and the option to get additional two-year warranty worth Rs. 4,990 for Rs. 1,499.Amazon, Flipkart Host Back to College Laptop Sales: Here Are the Top Offers

Flipkart, on the other hand, is hosting its Back to College Sale from Tuesday, July 18 to Thursday, July 20. The e-commerce site is offering the HP Imprint Core i3 6th Gen Windows 10 Home running laptop for Rs. 35,964. There’s an exchange offer of up to Rs. 7,000 listed, along with a No Cost EMI option that begins from as low as Rs. 999 per month from banks like ICICI and Citibank for a period of 36 months.

Flipkart has segregated its sections based on price, and budget laptops start from as low as Rs. 9,999. This includes Acer, iBall, and Lava laptops, some of which also offer No Cost EMI options. The Microsoft Surface Pro 4 laptop is also listed with a price cut, up to Rs. 15,000 off on exchange, and No Cost EMI options. Exchange offers on gaming laptops from HP, Dell, and Lenovo go up to Rs. 20,000. You can view all the Flipkart laptop deals here.

 

EU Leaders Urge Internet Giants to Fight Online Extremism

 

HIGHLIGHTS
EU leaders on Thursday urged Internet firms to combat online extremism
EU said that social networks have improved in removing hate content
But Jourova called for further progress – particularly from Twitter
EU leaders on Thursday urged Internet firms to do their utmost to combat online extremism promoting attacks or face the possibility of legislation if the industry self-regulation fails.

European Union leaders meeting at a summit in Brussels increased the pressure on US giants like Facebook and Twitter to rein in online propaganda amid a recent spate of terror attacks in Britain, France and Belgium.

“We are calling on social media companies to do whatever is necessary to prevent the spread of terrorist material on the Internet,” European Council President Donald Tusk told a press conference during the EU summit in Brussels.

“In practice, this means developing new tools to detect and remove such material automatically,” Tusk said. “And if need be we are ready to adopt relevant legislation.”EU Leaders Urge Internet Giants to Fight Online Extremism

The EU joined forces with US-based Internet firms more than a year ago to combat online extremism, responding to growing alarm in Europe over the use of social media as a recruiting tool, especially by the Islamic State group.

Until now, it has pushed for the industry to regulate itself, but EU officials earlier this month gave mixed reviews to firms like Facebook, Twitter, Microsoft and Google’s YouTube.
In its first annual report, the bloc said the four companies are now removing twice as many cases of illegal hate speech and at a faster rate when compared to six months ago.

But EU justice commissioner Vera Jourova called for further progress – particularly from Twitter.

French President Emmanuel Macron said leaders of the 28 EU countries had discussed at length increasing the efforts to remove online extremist content.

“Opening up the possibility of legislating at the European level is an advance that satisfies me,” Macron told journalists.

British Prime Minister Theresa May told her counterparts the onus must be put on the firms to remove extremist material and said law enforcement should access encrypted communications between suspected terrorists in defined circumstances, a British government official said.

In the last few months, armed jihadists have carried out attacks in London, the northern English city of Manchester, Paris and Brussels.

 

Twitter for Android Gets Automatic Night Mode

 

HIGHLIGHTS
Twitter for Android bumps to version 7.2
It introduces the new automatic night mode feature
This comes a week after Twitter’s overhauled interface
Twitter has updated its Android app to introduce automatic night mode for all its users. First, the app featured a manual toggle that allowed it to switch to night mode, but with version 7.2, it can now be turned on and off automatically as well. This feature went into beta last week, and has now been rolled out to all users on Android.

With version 7.2, Twitter for Android introduces automatic night mode feature that switches to night mode at sunset, and comes back to normal mode at sunrise – on its own. This version also disables the dark theme for good. After updating the Android app, the first time you toggle the night mode switch in the navigation drawer, the app will prompt you with “want night mode to work automatically?”Twitter for Android Gets Automatic Night Mode
Tapping on ‘yes’ will replace the toggle with the words ‘Automatic’. However, you can disable it whenever you want by pressing the night mode option again. It will prompt you with the option to disable it and return to manual controls. You can also access this through Settings and Privacy > Display and Sound. A new dropdown appears giving you several options for night mode.

This comes just a week after Twitter overhauled its interface for Web, Apps, TweetDeck, and Twitter Lite. Twitter claims that the new design emphasises simplicity, making it faster and easier to use, with bolder headlines and more intuitive icons. It also changed users’ profile images from square-shaped to round. On its apps and TweetDeck, tweets “now update instantly with reply, Retweet, and like counts so you can see conversations as they’re happening.”

 

WhatsApp for Android Beta Gets Photo Bundling, Refreshed Call Screen

 

Last week, WhatsApp slowly started rolling out the ability to share files of any type, and now, users of the Android beta report that one new feature (media bundling) has been added alongside one aesthetic change (a new call screen). The WhatsApp update may not seem much, but it does give you the option to send photos to your contacts as an album. This WhatsApp feature was rolled out to iPhone users earlier this month, and refines the sharing of multiple photos on the platform.WhatsApp for Android Beta Gets Photo Bundling, Refreshed Call Screen

As per a report by Android Police, WhatsApp beta for Android users are reporting seeing a change in the way photo bundles will be shown to the sender and recipient. WhatsApp users can now send a bunch of photos to their friends, who will receive them bundled as an album and not as before, one after another. One the album is opened, all images are shown on a single page. The feature also indicates that WhatsApp will give more room for shared photos.

whatsapp photo bundling any file transfer gadgets 360 273917 143907 8296 whatsapp

The new update also brings minor change to the WhatsApp call screen where users will now have to swipe up (seen below) instead of sideways to pick up a call.
Running the latest WhatsApp for Android beta, we see the above two features. Android Police reports that the ability to share any file type is slowly rolling out to stable users of the app, and notably, we have also received the feature.

whatsapp new cal screen gadgets 360 273917 143910 6375 whatsapp

To recall, last week, WhatsApp was reported to be rolling support for sharing of all types of files (including archives) on Android, iPhone, and Windows Phone with a limited number of users, removing any hindrance of file sharing on WhatsApp.

 

Amazon Echo Sales For This Year’s Amazon Prime Day Already Three Times More Than Last Year

The Amazon Echo has proven to be a massive hit for Amazon Prime Day 2017, as the number of smart speakers sold this year worldwide is already three times the number sold in last year’s version of the annual shopping event.

Google tried to draw customers away from buying the Amazon Echo in this year’s Prime Day with a $99 Google Home bundle, but it appears that there is no way to stop the popularity of the Alexa-powered smart speaker.

Amazon Echo Sales Surge

It was largely expected that Amazon Echo sales for this year’s Prime Day will be higher, primarily because there are a few more models of the smart speaker that are available. However, the announcement that Amazon Echo sales are three times higher compared to last year was made halfway through Prime Day, which suggests that by the end of the event, that figure will be even higher.

Amazon Prime Day offered discounts to Amazon Prime subscribers on various products, and Amazon did not hold back for its Amazon Echo product line. For example, the original Amazon Echo, which has an original price of $179.99 and sold in last year’s Prime Day for $129.99, is being sold for only $89.99 this year. Customers who visit Amazon’s website will be greeted by large banners for the Amazon Echo, further drawing eyes toward the deals for the smart speakers.

According to insiders from the company, thousands of Amazon Echo devices are being sold per minute. The Amazon Echo Dot, originally priced at $49.99 and now sold for only $34.99, appears to be the first model that will be sold out.

“Prime Day has beat all of Amazon’s expectations,” the source said, adding that the company is “shocked” by the increase.

Heightened Interest In Smart Speakers

The surge in sales for Amazon Echo products can be attributed to the heightened interest from customers on smart speakers, as the product has slowly moved into the mainstream since the Amazon Echo started selling in late 2014.

The Google Home has since entered the market, with the Apple HomePod and Microsoft Invoke arriving as additional challengers soon. The digital assistants powering smart speakers have also steadily improved, with the devices taking up more headlines, for better or worse.

The increased sales for the Amazon Echo in this year’s Prime Day could also be attributed to a bigger window for the annual event, in addition to its expansion to 13 countries worldwide. Nevertheless, the surge in interest for smart speakers is evident in higher Amazon Echo sales, which is great news for one of the world’s largest retailers.

How to be a scrum master from a developer state

You are going to start your career as a scrum developer. This is the post that the companies are looking forward all the time. It was once confined to the smaller firms only, but now with the less framework, the bigger companies are also able to apply scrum team in their operation. Thus you are finding a wide scope for yourself in your career. To start off your career in your desired style, go for the Certified Scrum developer Course in London. After going through the course, you will be joining the teams as a developer, but soon you can develop yourself as a scrum master and play a vital role for the team.


Understand the Scrum master role

To be a scrum master, you will have to understand the role that is played by him. Here are the strong features that are the key responsibilities of a scrum master. You can go for the same and find yourslef at a better position, but before that note down the key roles a scrum master plays:

  • First of all, a scrum master will be controlling and developing the team members. Assignment need and sprint planning made by the product owner comes in assistance with the scrum master and that made him better for the role.
  • He will remain engaged in regular meetings with the team members and from there will generate the actual sprint strategy, so that the final sprint results can be met. In the process, he will be developing the team and even assigning the senior members with better job responsibilities.
  • Finally, his duty will be to arrange the scrums and clear the product backlogs. Unless that is done, dynamic nature of the scrum team is not revealed and it is the key responsibility of the scrum master to make the team retrospective and respondent to dynamic nature of job.

Adopt the skills

So, the job of a scrum master is really rigorous and plentiful. A lot of development is needed in your skills to be there in his role. Here are the key developments that can make you perfect for the role play.

  • First of all, you will have to be naturally retrospective. Unless you be like that, you cannot make your team work in such style. Dynamic and regular at work along with complete mapping of the set of product backlogs is essential.
  • If you cannot manage the product backlogs, it can be really problematic for you. So, start focusing at the product backlogs from the day one. This is the key of success of a scrum team.
  • Identifying the team leaders, decentralizing the power of control to them and keeping the final control at your hand is very much essential. If you are not able to understand the basic sense of a team and its structure, then it becomes really difficult to run it.

This entire management can be done by you only after you get a chance as a developer in the team of scrums. In order to get that chance, get through the Certified Scrum developer Certification. It will show you the path before you.

How to enable WhatsApp’s two-step verification

WhatsApp is adding an extra security feature to help keep its more than a billion users safe from hacks. The company is rolling out two-step verification to its users worldwide.dsc05664

When it’s available you will find it in the messaging service’s app under Settings > Account > Two-step verification > Enable.

WhatsApp’s approach to two-step verification differs from what other online services such as Facebook or Google do. Instead of using an app that generates one-time passcodes, WhatsApp requires you to create your own memorable six-digit passcode. To help you remember your code, WhatsApp will prompt you to enter it from time to time.

During the process to enable two-step verification, WhatsApp will also ask you for an optional email address. It will be used for the purpose of disabling two-step verification. Upon request, a message will be sent to that email address, and, once you click a link, the two-step verification feature will be turned off. During two-step verification setup this email address will not be verified, so make sure you type it in correctly.

The Facebook-owned company also warned that if you get an email to disable two-step verification, but you didn’t ask for one, do not click on any links in that email.

If you ever forget your code, WhatsApp will not allow you to reverify twice within seven days, just in case someone’s trying to take over your account. After that period, you can reverify without a passcode, but any pending messages will be deleted. If you haven’t used WhatsApp for 30 days and then try to reverify without your passcode, your account will be deleted and a new one will be created for you.

When you’re deciding on a passcode for WhatsApp, you want to make it as hard to guess as possible. Six digits from your phone number, for example, would be a terrible choice, as would your birth date or that of anyone in your immediate family. If you use a password manager, it’d be a good idea to store this passcode there in case you forget it.

WhatsApp’s two-step verification system is different from other services in that it relies on two static pieces of information. The first is your phone number and the second is the single passcode that you create. That essentially means you’re just adding a password to your account, and passwords can be guessed if they aren’t original enough. It’s not clear why WhatsApp decided on using static passcodes over one-time codes generated by an app. One-time codes are based on a shared secret stored on both your phone and the corresponding service’s servers. It may be that the company didn’t want to deal with the server overhead such as development time and effort for that kind of two-step verification. That is just speculation, however.

Google might be gearing up to remove millions of Play Store apps next month

Take a look at the digital shelves of the Google Play Store and you’re likely to come across a bevy of so-called zombie apps. These apps typically take the form of a knock-off of a popular game or a sloppy utility that doesn’t quite match its description, and they strategically turn up alongside legitimate apps, which makes them hard to spot if you’re not doing a forensic analysis of reviews while you shop.google play store

Now it looks like something is finally being done about them. In a letter uncovered by The Next Web, Google has begun warning some developers that one or more of their apps has been flagged for a lack of an adequate privacy policy, a common problem among these sort of hastily published and subsequently ignored apps.

google play store warning
Google has begun warning developers to update their apps or face removal from the Play Store.

In the message, Google reiterates its policy, which “requires developers to provide a valid privacy policy when the app requests or handles sensitive user information.” Such permissions include camera, microphone, account, contacts, or phone access, which requires a transparent disclosure of how user data is handled, according to Google’s requirements. It’s unclear how many letters were sent out, but The Next Web estimates it could affect millions of apps.

This is hardly a new policy for Google, but this push could be the start of a tougher new application of it. As Google spells out in its developer guidelines: “If your app collects and transmits personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.”

While the lack of a proper privacy policy is most certainly an honest mistake for some developers, it’s just as likely that many will ignore this message and face whatever consequences Google has in store for them.

The email urges developers to update their Play Store listings with a valid privacy policy or remove the offending permissions request from the app. It gives a deadline of March 15 to comply with the request or “administrative action will be taken to limit the visibility of your app, up to and including removal from the Play Store.”

Developers and users have long complained about the Play Store’s somewhat lax rules toward letting these types of apps in, and this could be a sign that Google is finally working to clean things up. The Play Store is littered with apps of questionable repute, and many of them have flown under Google’s radar for too long. This move could negatively impact millions of apps, as well as benefit honest developers, but the effect on users will be even greater, enabling them to seek and find legitimate apps rather than cheap imitations. And by tackling the problem from a privacy standpoint, Google is not only cleaning up the Play Store, it’s also recommitting to the security and protection of its users.

This story, “Google might be gearing up to remove millions of Play Store apps next month” was originally published by Greenbot.