The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.


About a half a billion Apple iOS users (and counting) have been hit by session-hijacking cybercriminals bent on serving up malware. They’re exploiting an unpatched flaw in the Chrome for iOS browser, to bypass sandboxing and hijack user sessions, targeting iPhone and iPad users.

The attacks are the work of the eGobbler gang, researchers said, which has a track record of mounting large-scale malvertising attacks ahead of major holiday weekends. Easter is coming up, and the crooks are banking on consumers spending a lot more time than usual browsing the web on their phones.

Session hijacking occurs when a user is browsing a web page and is suddenly redirected to another site or landing page, or when a pop-up appears that one can’t exit out of. The pages look like ads from well-known brands; but in reality, if a user clicks on one of them, a payload is deployed.

In this case, “the campaign…is currently still active under ‘.site’ TLD landing pages,” said Eliya Stein at Confiant, in an analysis this week. “With half a billion user sessions impacted, this is among the top three massive malvertising campaigns that we have seen in the last 18 months.”

The offensive is mainly targeting U.S. users, though some European activity has been observed.

Meanwhile, at least one other research firm said that the attack is effective against Apple Safari users as well – opening up a much larger threat surface, given that most iOS users make use of Apple’s default browser for mobile web surfing.

The campaign has been able to gain such reach over the course of just a few days (it’s only been active since last week), because it’s making use of an unpatched bug in Google Chrome for iOS, according to the analysis.



Artemus Editor's Note:  HOOray!  

The ramp-up to Apple's Worldwide Developers' Conference this June has begun, with reports circulating about the goodies the company will include in the next generation of its desktop and mobile operating systems. The latest revelations include macOS support for the iPad as an auxiliary display, and iOS support for multiple windows within apps.

There are a number of third-party products on the market to add an iPad as a second display for a Mac, but the feature will become native to Apple's desktops and laptops with the next version of macOS, version 10.15, according to 9to5Mac.

The feature, referred to internally as "sidecar," reportedly can be accessed by hovering a Mac's cursor over the green button to maximize a window in macOS. Hovering will reveal a menu with options for making the window fullscreen, tiling it, or moving it to an external display or an iPad, where it will appear in fullscreen mode.

"It's a smart idea," said Lauren Guenveur, a senior research analyst at IDC, a market research company in Framingham, Mass.

"For those of us who travel, it's quite annoying to have just one small screen," she told TechNewsWorld. "Even with a 13-inch iPad, it's hard to achieve total productivity with that machine."

While the iPad is connected to a Mac, Apple Pencil can be used with the tablet, making the iPad a stand-in for a tablet accessory, 9to5Mac also noted.


New Undo

An array of new features will appear in the next edition of Apple's mobile operating system, iOS 13.

iPad applications will be able to function in multiple windows opened simultaneously, 9to5Mac reported. Each window can contain "sheets." At first, the sheets are attached to a portion of the screen, but they can be detached with a drag gesture and moved around the screen like cards.

They also can be dragged onto each other to form a "deck." To get rid of a card , the user can virtually fling it away.

Both the iPad and iPhone will get a "dark mode," which already is supported by macOS. The system-wide dark mode can be enabled through iOS settings. It includes a high-contrast option.

A new undo and redo gesture will be part of the new iOS repertoire, 9to5Mac noted. When a user enters text on the iPad, a three-finger tap on the keyboard area will activate the feature. Moving left or right will undo and redo actions interactively.

The first time the keyboard is displayed after installing the new version of iOS, a tutorial will appear explaining the new feature, which is probably a good idea given the recent track record of iOS.


Joint Chiefs Chairman Gen. Joseph Dunford said Thursday that he would likely be meeting next week with Google executives on his concerns that the work Google was doing with China on artificial intelligence and other technologies was undermining the U.S military.

"This is not about me and Google, this about us looking at the second and third order effects of our business ventures in China [and] the impact it's going to have on U.S. ability to maintain a competitive military advantage and all that goes with it," Dunford said.


Dunford said he had general concerns about other U.S. business ventures in China, but "In the case of Google, they were highlighted because they have an artificial intelligence venture in China."

U.S. companies must realize that in doing business with China, "they are automatically required to have a cell of the Chinese Communist Party (CCP) in that company and that it's going to lead to that intellectual property from that company finding its way to the Chinese military," Dunford said. "There's a distinction without a difference between the CCP and the government and the Chinese military."


Is workplace surveillance about improving productivity or simply a way to control staff and weed out poor performers?

Courtney Hagen Ford, 34, left her job working as a bank teller because she found the surveillance she was under was "dehumanising".

Her employer logged her keystrokes and used software to monitor how many of the customers she helped went on to take out loans and fee-paying accounts.

"The sales pressure was relentless," she recalls. "The totality was horrible."

She decided selling fast food would be better, but ironically, left the bank to do a doctorate in surveillance technology.

Courtney is not alone in her dislike of this kind of surveillance, but it's on the rise around the world as firms look to squeeze more productivity from their workers and become more efficient.

More than half of companies with over $750m (£574m) in annual revenue used "non-traditional" monitoring techniques on staff last year, says Brian Kropp, vice-president of research firm Gartner.

These include tools to analyse e-mails, conversations, computer usage, and employee movements around the office. Some firms are also monitoring heart rates and sleep patterns to see how these affect performance.

In 2015, 30% used such tools. Next year, Mr Kropp expects 80% will.

And workforce analytics will be a $1.87bn industry by 2025, says San Francisco's Grand Review Research.

So why is business so keen?