source: technewsworld.com

reMarkable on Monday will begin shipping what might best be described as an "untablet" -- a device that is, essentially, an electronic piece of paper.

The company is proud of its paper tablet's simplicity, boasting that no other tablet has fewer functionalities.

reMarkable users cannot install apps, watch videos or take photos. What they can do is read, write and sketch on a paper-like surface with a modern twist.

 

Among reMarkable's digital powers:

  • 10.3-inch monochrome digital paper display with 1872 x 1404 resolution (226 DPI) and multipoint capacitive touch;
  • Marker pen with a high-friction tip and tilt detection -- no battery or pairing required;
  • WiFi connectivity;
  • 8 GB of internal storage -- the equivalent of 100,000 pages -- and 512 MB of DDR3L RAM;
  • Rechargeable battery (micro USB);
  • 1-GHz ARM A9 processor;
  • Codex Linux-based operating system, optimized for e-paper;
  • Support for PDF and ePub document formats;
  • reMarkable app for instant syncing with all other devices;
  • One-click file transfer; and
  • Optional secure cloud backup service.

reMarkable is about 7x10 inches and a mere quarter-inch thick. It weighs in at .77 pounds. It has no glass parts, and is virtually unbreakable, according to the company.

It is powered in part by E Ink Carta technology.

 source: wired.com

SMARTPHONES TODAY COMPETE over which can best secure your secrets. They encrypt your data, store the digital keys to unlock themselves on specialized hardware, and even offer fancy biometrics from fingerprints to faceprints. But many millions of smartphones remain open to an absurdly low-tech attack: a sly glance at someone's phone while they unlock it. One new study has quantified just how easy an Android-style unlock pattern—as opposed to a six-digit PIN or biometric unlock—makes the job of any over-the-shoulder snoop.

Security researchers at the US Naval Academy and the University of Maryland Baltimore County this week published a study that shows that a casual observer can visually pick up and then reproduce an Android unlock pattern with relative ease. In their tests, they found that six-point Android unlock patterns can be recreated by about two out of three observers who see it performed from five or six feet away after a single viewing. Spotting a six-digit PIN of the kind used in most iPhones, on the other hand, proved surprisingly difficult: Only about one in ten observers in the study could reproduce it after one look.

That disparity is in part due to how memorable an Android unlock pattern is for human brains, says Naval Academy professor Adam Aviv. "Patterns are really nice in memorability, but it’s the same as asking people to recall a glyph," says Aviv, who along with his fellow researchers will present the paper at the Annual Computer Security Applications Conference in Puerto Rico in December. "Patterns are definitely less secure than PINs."

In their tests, the researchers recruited 1,173 subjects from Amazon's Mechanical Turk crowdsourcing platform to watch carefully controlled videos of the unlocking online, and had subjects try guessing PINs and unlock patterns after watching the phone's owner unlock it with commonly used PINs, or patterns from five different angles and distances, averaging out those variables. They also repeated the video test with 91 people in person, just to check their online results. They found that around 64 percent of the online test subjects could reproduce a six-point pattern after one viewing, and 80 percent after two. Only 11 percent could identify a six-digit PIN after one viewing, and 27 percent after two.

For Android users who feel attached to their pattern unlock, the study did find one point of solace. Turning off the "feedback" lines that trace your finger's path as you swipe through a pattern helped significantly to reduce snooping potential. Only 35 percent of online test subjects could identify a pattern without those lines. "If you’re using a pattern and you like it, turning off those feedback lines will give you some protection," says Aviv. To do so, go to Settings > Lock screen and security > Secure lock settings, and turn off the Make pattern visible option. (Different Android versions and manufacturers will require slightly different steps.)

There are plenty of other reasons not to trust a pattern to keep your secrets safely locked up. An earlier study (which the Naval Academy's Aviv also worked on) found that the randomness of an unlocking pattern is roughly equivalent to just a three-digit PIN code. Researchers have shown they can vastly narrow patterns down with automated image recognition software based on video recorded from dozens of feet away, and even derived them fairly reliably from the smudge prints on a phone's screen. But the latest study presents evidence of the security mechanism's vulnerability to the simplest, most manual attack method yet.

The PIN versus pattern debate, of course, isn't quite as relevant as it was a few years ago. Today many Android users and most iPhone users unlock their phones with a fingerprint, or soon, with facial recognition. But smartphones still frequently fall back on PINs and patterns, when the phone first turns on, for instance, or when a biometric reader fails. And plenty of security-sensitive users disable biometrics to avoid spoofing attacks, or being forced to unlock their phone by authorities—the Fifth Amendment sometimes protects Americans who refuse to offer up their PIN, but not their finger or face.

The Naval Academy and Maryland researchers' snooping study, though, shows just how vulnerable PINs and especially patterns are to the most low-tech form of hacking there is. The lesson: If you use a pattern, switch to a six-digit PIN, or at least turn off those pattern feedback lines. It may be less convenient, but it beats peering over your shoulder with every unlock.

 source: cnet.com

At first it seemed like the hacking campaign against users of popular software CCleaner hadn't been able to do much damage. Well, not so fast.

Researchers now say the hackers were able to install a second piece of malicious software on computers at major tech companies around the world. The companies targeted include heavyweights such as Microsoft, Google, Samsung, Sony and Intel, according to the Talos threat intelligence team, a group of cybersecurity experts at Cisco. Also on the list of targeted companies? Cisco itself.

The targets represent many of the most important companies responsible for making the internet work, making the hacking attack much more serious.

News of the hacking attack broke Monday, when Talos and Avast each announced that hackers had inserted malicious software into legitimate updates of CCleaner, a product that clears out unneeded software applications and cookies from PCs to make them run more efficiently. Even though 2.27 million computers were potentially exposed to the software, both Avast and Talos said Monday it seemed the attackers hadn't used the malware to do any damage.

Now it seems that first wave of malware was just the beginning, opening a secret back door into all those computers. On a select set of valuable computers at major tech companies, the hackers used the back door to install even more malicious software.

Talos researchers don't know yet what the hackers hoped to do once they dug further into computers at these companies, but it's clear there was potential to do damage. In short, these hackers meant business.

"This would suggest a very focused actor after valuable intellectual property," the Talos researchers wrote in their blog post.

The Talos team published its findings in a blog post Wednesday evening. Cybersecurity firm Avast, which in July purchased the company that provides CCleaner, said in a blog post Thursday it had come to a similar conclusion. According to Avast's analysis, it knows for sure that 18 computers at eight different organizations were hit with the second wave of malicious software. What's more, because it only has a small slice of data to examine, Avast said it thinks the total number of affected computers is probably "at least in the order of hundreds."

However, Avast declined to name any of the companies targeted. It's unclear if any or all of the companies named in the Talos blog post were actually among the eight companies Avast says were hit by the second wave of malicious software.

Google and Intel declined to comment, and representatives from Sony and Samsung didn't respond to requests for comment.

"It's expected that security researchers will perform forensic analysis of new malware, and it is not a surprise that malware sometimes targets specific companies," Microsoft said in a statement.

 source: securityweek.com

Ransomware has become prevalent because it is an easy way for criminals to make a quick buck; and because in many ways defenders have forgotten the basics of cybersecurity. The efficiency of ransomware as an illicit means of making money is supported by the emergence of ransomware-as-a-service (RaaS), and Bitcoin as a secure method of ransom collection. These are conclusions drawn from an analysis of more than 1000 ransomware samples categorized into 150 families.

"Attackers are looking to make quick, easy money with unsophisticated malware combined with sophisticated delivery methods," say Carbon Black's researchers Brian Baskin and Param Singh in a blog post on Thursday. "The majority of today's ransomware aims to target the largest vulnerable population possible." As a result, ransomware campaigns are often delivered by large scale phishing/spam campaigns. "These 'spray and pray' attacks often rely on spamming and phishing campaigns to guarantee a small percentage of infections to extort money. Similar to many spam campaigns, ransomware has been sent en masse to thousands of email addresses at a single organization, requiring just one person to execute the payload for a successful attack."

Separately, Datto's State of the Channel Ransomware Report (PDF), also published Thursday, claims that an estimated $301 million was paid in ransoms from 2016-2017. Datto analyzed data from 1,700+ Managed Service Providers (MSPs) serving 100,000+ small-to-mid-sized businesses (SMBs) around the globe. Despite the success of ransomware, Datto notes, "With a reliable backup and recovery solution (BDR) in place, 96% of MSPs report clients fully recover from ransomware attacks."

Webroot's September Threat Trends Report suggests that "some 93% of all phishing emails now lead to ransomware". Merging these two statistics suggests that a combination of effective spam/phishing prevention and good BDR would go a long way to combating the ransomware epidemic. Clearly, this is not yet happening.