Last week, Twitter’s security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake “dating” and. Weeks after the US Army told personnel to immediately shelve all drones made by Chinese manufacturer DJI, citing unspecified “cyber vulnerabilities associated with. DJI Rolls Out 'Local Data Mode' for Drones After US Army Ban Over Unknown 'Cyber Vulnerabilities'Weeks after the US Army told personnel to immediately shelve all drones made by Chinese manufacturer DJI, citing unspecified “cyber vulnerabilities associated with DJI products,” the company has introduced a new “local data mode” for its apps.“We are creating local data mode to address the needs of our enterprise customers, including public and private organizations that are using DJI technology to perform sensitive operations around the world,” company VP for Policy and Legal Affairs Brendan Schulman said in a press release, per Tech. Crunch. DJI’s apps use the internet to update maps, restricted flight zones and other relevant data, as well as have an optional feature to sync with the company’s database to store flight data. Rehab is an American Southern rock, country, and alternative hip hop band. The band has recorded seven albums, including two each for Epic Records and Universal Republic. The new local mode disables all of those features. It’s clear even by the company’s own admission the timing with the Army announcement is not a coincidence, though Tech. Crunch reported DJI says the local mode was in development for several months and was not originally spurred by US brass.“We’re not responding to the Army, which has never explained its concerns to us,” DJI communications director for North America Adam Lisberg told Tech. Crunch. “.. We announced it today because enterprise customers with serious data security have made clear they need something like this for a while, and the Army memo reinforced that concern for them.” The military has declined to reveal the security vulnerabilities, presumably for operational security reasons—small drones like those manufactured by DJI are already in limited deployment with the US military, and are widely used by some guerilla forces that oppose them like ISIS extremists. DJI also says the Army has not clued them in. But it’s not clear that disabling internet access on a drone’s control app would plug whatever hole the military suspects it found anyhow. It’s possible there’s a vulnerability in the way DJI drones remotely interface with its controller, or a way of tricking the drone into leaking data to another user without breaking into the app at all. It’s also possible the military sees the risk of a drone being hacked into as minimal, but someone didn’t like the idea of any of its data possibly being sent to a private manufacturer in another country, or of US personnel using a commercial drone system at all. US military use is not Chinese manufacturer DJI’s core target market, though. That the Army uses commercial drones in any capacity at all speaks to a need which will likely be filled in the future by military drones built to specification for use in the field and elsewhere.[Tech. Nearly 9. 0,0. 00 Sex Bots Invaded Twitter in 'One of the Largest Malicious Campaigns Ever Recorded on a Social Network'Last week, Twitter’s security team purged nearly 9. The accounts had already generated more than 8. The bullshit accounts were first identified by Zero. FOX, a Baltimore- based security firm that specializes in social- media threat detection. The researchers dubbed the botnet “SIREN” after sea- nymphs described in Greek mythology as half- bird half- woman creatures whose sweet songs often lured horny, drunken sailors to their rocky deaths. Zero. FOX’s research into SIREN offers a rare glimpse into how efficient scammers have become at bypassing Twitter’s anti- spam techniques. Further, it demonstrates how effective these types of botnets can be: The since- deleted accounts collectively generated upwards of 3. Google’s URL shortening service. The 9. 0,0. 00 accounts were all created using roughly the same formula: A profile picture of a stereotypically attractive young woman whose tweets included sexually suggestive, if not poorly written remarks that invite users to “meet” with them for a “sex chat.” Millions of users apparently fell for the ruse and, presumably, a small fraction of went on to provide their payment card information to the pornographic websites they were lured to.“The accounts either engage directly with a target by quoting one of their tweets or attracting targets to the payload visible on their profile bio or pinned tweet,” Zero. FOX reports. Roughly 2. Twitter’s anti- spam detection. Here’s just a brief sample of the hilariously bad tweets generated by these obviously fake accounts: “I want to #fondle me?”“I want to take my #virgin?”“Came home from training, tired wildly?”“Meow, I want to have sex.”“Boys like you, my figure?”“Want a vulgar, young man?”The tweets further included links to affiliate programs—web pages that typically redirect users to other adult websites. Members of these programs, which traditionally rely heavily on spam, receive payouts based on the amount of traffic they send to subscription- based porn and so- called “adult dating” websites. Likewise, many of the “dating” websites are themselves scams, chiefly comprised of fake female profiles which encourage visitors to sign up for paid subscriptions with promises of lame cybersex and nudes. PSA: There are literally no women on the internet that want to have sex with you.)According to Zero. FOX, two out of five of the domains tweeted by the SIREN botnet are associated with a company called Deniro Marketing. Deniro Marketing was identified earlier this year by noted security researcher Brian Krebs as being tied to a “porn- pimping spam botnet.” (Krebs also filed a report Monday regarding Zero. FOX’s discovery.) The company reportedly settled a lawsuit in 2. A Deniro Marketing employee who answered the phone at its California headquarters on Monday said that no one was available to respond to inquiries from reporters. While it seems unlikely that Deniro Marketing created the fake accounts itself, it may have contracted a third party—likely located somewhere in Russia or Eastern Europe—to spread the links for them. A “large chunk” of the accounts’ self- declared languages were Russian, Zero. FOX reports, and approximately 1. Cyrillic alphabet.“To our knowledge, the botnet is one of the largest malicious campaigns ever recorded on a social network,” Zero. Fox concludes. Luckily, none of the links tweeted by the SIREN botnet appear to contain malware, nor were any associated with phishing attempts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |