source: bbc.com

Drone maker DJI has demonstrated a way to quickly identify a nearby drone, and pinpoint the location of its pilot, via a smartphone.

The technique makes use of a protocol called “Wi-Fi Aware”, with which the drone essentially broadcasts information about itself.

The company said it would help prevent security threats and disruption, and give members of the public peace of mind.

But experts believe sophisticated criminals would still be able to circumvent detection.

“It’s going to be very useful against rogue drones,” said Ulrike Franke, a policy fellow at the European Council on Foreign Relations, who studies the impacts of the drone industry.

“But it's not going to be enough to fight people with real bad intentions, because these are going to be the first people to hack this system."

DJI told the BBC it could add the functionality to drones already on the market via a software update.

The firm explained: "Using a simple app, anyone within radio range of the drone can receive that signal and learn the location, altitude, speed and direction of the drone, as well as an identification number for the drone and the location of the pilot."

 source: fastcompany.com

While there’s a tiny risk that public charging station is booby-trapped, it’s easy to keep your phone or tablet safe.

The L.A. County District Attorney’s office put out a scary warning this week: That USB charger provided at airports, hotels, or other public locations could be loaded with malware that will hack your charging phone or tablet, reports ZDNet.

While that sounds scary, it may be nothing to worry about. Back in 2013, security researchers showed that a minicomputer disguised as a USB charging brick could install data-stealing malware on iPhones, which at the time were running iOS 6 or earlier. Apple took notice and promptly closed the loophole in iOS 7.

In another attack, called video jacking, what looks like a USB port is actually equipped to pull HDMI video from devices, allowing hackers to copy everything you do on the screen, such as enter passwords. This kind of attack has been shown to work but has never been seen in the wild. In discussing the theoretical hack in 2016, security guru Brian Krebs wrote that it might be worth using on specific people possessing highly valuable information. But, he said, “it doesn’t strike me as very likely that most mere mortals would have reason to worry about video jacking.”

All that said, why take chances? The best advice, provided by the DA’s office, is to simply bring your own USB charging brick and plug into an AC outlet, rather than a public USB port. What if you forget your charger? If you have a laptop with you, plug into its USB port. You can also stock up on charge-only USB cables that disable data transfer and only carry power. (If you lose cables like I do, you’ll have to buy more from time to time, anyway.)

One thing you should definitely not do is use any old USB cable you see lying around in public. With chips being so small these days, hackers have been able to hide circuitry in the cable that can pull data off your phone.

Should you plug into a USB port without protection, and you have an iOS device, do keep an eye out for a giant red flag. When you plug into anything that can access data, such as a computer, iOS will ask you if you want to “trust” the device. If you see that alert, unplug immediately, because you are connected to something other than an innocuous charger.

 source: wired.com

As casual dining chains have declined in popularity, many have experimented with surveillance technology designed to maximize employee efficiency and performance. Earlier this week, one Outback Steakhouse franchise announced it would begin testing such a tool, a computer vision program called Presto Vision, at a single outpost in the Portland, Oregon area. Your Bloomin' Onion now comes with a side of Big Brother.

According to Presto CEO Rajat Suri, Presto Vision takes advantage of preexisting surveillance cameras that many restaurants already have installed. The system uses machine learning to analyze footage of restaurant staff at work and interacting with guests. It aims to track metrics like how often a server tends to their tables or how long it takes for food to come out. At the end of a shift, managers receive an email of the compiled statistics, which they can then use to identify problems and infer whether servers, hostesses, and kitchen staff are adequately doing their jobs.

“It’s not that different from a Fitbit or something like that,” says Suri. “It’s basically the same, we would just present the metrics to the managers after the shift.” Presto says it's testing the technology at multiple restaurants across the country, but declined to name any other than Outback. 

The Outback Steakhouse pilot will use Presto Vision specifically to analyze footage from the lobby of a franchise operated by Evergreen Restaurant Group, which manages nearly 40 Outback Steakhouse locations across the United States. It will monitor factors like how crowded the lobby is and how many customers decide to leave rather than wait for a table. Suri says Presto Vision could be used not only to evaluate employee performance after the fact, but also course-correct in the moment. For instance, managers could be sent text messages when the number of people waiting for a table reaches a certain threshold.

For now, workers on the ground don't know much about how the technology will be used. "I don't know anything about it," one worker at the Portland Outback location said over the phone. "We have zero interaction with that. I'm pretty sure that's just still in the developmental phase."

 source: eweek.com

Each year at this time, Webroot Software compiles a list of what it considers the nastiest malware, worms and botnets of the year—the all-stars of cyber-malactivity.

The 22-year-old Broomfield, Colo.-based security provider, recently acquired by Carbonite, surveys its proprietary threat database and deploys a team of threat researchers to compile the list. Some of the year’s most insidious malware includes TrickBot, Crysis and the especially dreaded Man in the Mirror.

From zombie botnets to insidious email infiltrators, here are the top malware threats to hit us in 2019, according to Webroot.

 

Data Point No. 1: Botnets

Botnets have continued dominate the infection attack chain in 2019. No other type of malware was responsible for delivering more ransomware and cryptomining payloads. Here are the top offenders:

  • Emotet, the most prevalent malware of 2018, held onto that notorious distinction into 2019. While it was briefly shut down in June, Emotet returned from the dead in September of this year. It remains the largest botnet to date, delivering various malicious payloads.
  • Trickbot has been partnering with banking Trojan groups like IcedID and Ursif in 2019. Its modular infrastructure makes it a serious threat for any network it infects and, when combined with Ryuk ransomware, it's one of the more devasting targeted attacks of 2019.
  • Dridex was once one of the most prominent banking trojans. Now it acts as an implant in the infection chain with the Bitpaymer ransomware and is achieving alarming success.

Data Point No. 2: Ransomware

Ransomware remains a threat, adopting a more targeted model last year. Small and medium-sized businesses (SMBs) are easy prey and make up most of its victims. Whether gaining access through targeted phishing attacks or by brute forcing unsecured remote desk protocol (RDP), ransomware is as effective as ever and isn't going anywhere.

  • Emotet, Trickbot, and Ryuk, with one leading to the next, make up the most frightening ransomware triple threat. In terms of financial damage, this is probably the most successful chain of 2019. With more targeted, reconnaissance-based operations, they now assign a value to targeted networks post-infection will extort them accordingly after deploying ransomware.
    • Through the first half of 2019, Trickbot was often delivered as secondary payload after EmotetRyuk infections, typically delivered by Trickbot, then resulted in mass encryption of entire networks.
    • Dridex is now being used as an implant in the Bitpaymer ransomware infection chain. We have observed it also delivered as a second=stage payload following Emotet.
  • GandCrab is one of the most successful examples of ransomware-as-a-service (RaaS) to date, with profits

    in excess of $2 billion . We believe they are closely tied to the Sondinokibi/REvil ransomware variant.

  • Sodinokibi/REvil arose after the retirement of GandCrab. Many of their affiliates seem to be having decent success targeting MSPs.
  • Crysis (aka Dharma) makes its second consecutive appearance on our Nastiest Malware list. This ransomware was actively distributed in the first half of 2019, with almost all infections we observed distributed through RDP compromise.

Data Point No. 3: Cryptomining, Cryptojacking

The explosive growth cryptojacking sites experienced from 2017-2018 is gone. The campaigns running today are shells of their former selves. With around 5% month-over-month decline since Bitcoin peaked in early 2018, the threat has since atrophied. But Webroot doesn't anticipate cryptomining will die entirely. It's still low-risk, guaranteed money that’s less malicious than ransomware.