Wave of business websites hijacked to deliver crypto-ransomware

Sites exploited by SoakSoak bots give the gift of CryptXXX malware.

(credit: JaviDex)

If you've visited the do-it-yourself project site of Dunlop Adhesives, the official tourism site for Guatemala, or a number of other legitimate (or in some cases, marginally legitimate) websites, you may have gotten more than the information you were looking for. These sites are redirecting visitors to a malicious website that attempts to install CryptXXX—a strain of cryptographic ransomware first discovered in April.

The sites were most likely exploited by a botnet called SoakSoak or a similar automated attack looking for vulnerable WordPress plugins and other unpatched content management tools, according to a report from researchers at the endpoint security software vendor Invincea. SoakSoak, named for the Russian domain it originally launched from, has been around for some time and has exploited thousands of websites. In December of 2014, Google was forced to blacklist over 11,000 domains in a single day after the botnet compromised their associated websites by going after the WordPress RevSlider plugin.

In this recent wave of compromises, SoakSoak planted code that redirects visitors to a website hosting the Neutrino Exploit Kit, a "commercial" malware dropping Web tool sold through underground marketplaces. The latest string of compromises appears to have begun in May. But since then, both the malware kit and the ransomware have been upgraded. The latest version of the exploit kit attempts to evade security software or virtual machines.

Read 3 remaining paragraphs | Comments

Norovirus may have crashed GOP convention, sickening 11 staff so far

Health officials are working to confirm the diagnoses and prevent illness spread.

(credit: CDC/microbiologybytes)

Around 11 Californian Republican Party staff members who arrived in Cleveland early to help organize this week's National Convention have fallen ill with what appears to be norovirus infections.

Health officials have reportedly taken fecal samples from the sick and sent them for testing at a lab in Columbus, Ohio. "It looks like the norovirus, but we're not going to say that's definitively what it is," Erie County Health Commissioner Pete Schade told the local newspaper, the Plain Dealer.

The staffers who have fallen ill are essentially being quarantined at their hotel, the Kalahari Resort in Sandusky, Ohio. That facility is almost 60 miles away from the Cleveland arena where the convention is taking place. They have been instructed to avoid the convention until going 24 hours without symptoms.

Read 7 remaining paragraphs | Comments

First half of 2016 hit record-setting global warmth

We’re pretty much guaranteed to surpass 2015 for the warmest year on record.

(credit: NASA/GISS)

After 2014 set the record for annual average global surface temperature, 2015 promptly smashed it. By the end of 2015, the incredibly strong El Niño that had developed to help fuel that record enabled climate scientists to predict that 2016 was almost certain to break the record again. With the first half of 2016’s temperatures in the books, this prediction is proving to be on target.

In a press conference Tuesday, NASA scientists highlighted the standout temperatures we've seen so far in 2016. This has been, far and away, the warmest January-to-June period on record.

Even though the El Niño event has now come to an end, with forecasts pointing to cooler La Niña waters in the eastern equatorial Pacific Ocean, 2016 is a virtual lock to be significantly warmer than 2015. This June also set the record for the warmest temperature on record in June—the 8th straight month that this has happened.

Read 4 remaining paragraphs | Comments

Quartalsbericht: Microsoft überrascht mit hohem Gewinn

Microsoft hat sich von der fehlgeschlagenen Nokia-Übernahme etwas erholt und macht wieder über 3 Milliarden US-Dollar Gewinn. Doch der Konzern ist weiter im Umbruch und der Umsatz bricht erstmals seit sieben Jahren ein. (Microsoft, Börse)

Microsoft hat sich von der fehlgeschlagenen Nokia-Übernahme etwas erholt und macht wieder über 3 Milliarden US-Dollar Gewinn. Doch der Konzern ist weiter im Umbruch und der Umsatz bricht erstmals seit sieben Jahren ein. (Microsoft, Börse)

Cable blackouts of “free” TV channels won’t be stopped by FCC

FCC won’t expand oversight of contract disputes that cause TV blackouts.

(credit: Tony Young)

The Federal Communications Commission has decided not to step up its oversight of contract disputes that sometimes take free, over-the-air channels off cable systems.

Broadcast stations can demand carriage fees from cable TV operators even if the channels are otherwise available for free to consumers with an antenna. When cable TV companies and broadcasters don't agree on a price, customers are sometimes deprived of channels.

The FCC can already intervene in contract disputes when it deems it necessary, but a lobby group for small and medium-sized cable TV providers wanted the commission to do a lot more. When FCC Chairman Tom Wheeler announced the decision to maintain the status quo last week, the American Cable Association (ACA) lobby group said it was "appalled."

Read 15 remaining paragraphs | Comments

Massachusetts, New York, Maryland accuse Volkswagen execs in fresh lawsuits

More than two dozen engineers and managers are specifically named in latest civil complaint.

Matthias Müller became VW Group's CEO when Martin Winterkorn left, but both men are implicated in the most recent lawsuits from US states. (credit: By Volkswagen AG )

On Tuesday, the attorneys general of Massachusetts, New York, and Maryland launched fresh lawsuits at Volkswagen Group and its affiliates Audi and Porsche, naming more than two dozen engineers and managers in an apparent scheme to install illegal software on diesel VWs, Audis, and Porsches that were sold in the US.

The civil lawsuits allege that prior to the Environmental Protection Agency’s (EPA) public announcement in September that it had discovered defeat devices to circumvent emissions control systems in VW Group’s diesel cars, the German automaker engaged in a year and a half of cover ups and deception with the knowledge of VW Group’s former CEO, Martin Winterkorn. The company “only confessed to the defeat devices when they knew the regulators had them pinned to the facts,” according to the New York attorney general’s press release.

The lawsuits also allege that VW Group has not cooperated with investigators. “When the investigation was getting under way in late 2015, numerous employees, tipped off by a senior in-house lawyer in Germany, allegedly destroyed incriminating documents,” the press release added.

Read 25 remaining paragraphs | Comments

Google’s Android engineering team answers questions ahead of Android 7.0 launch

Google’s Android engineering team answers questions ahead of Android 7.0 launch

The next major version of Android is coming this summer, and Google has just released the 5th and final developer preview of Android 7.0 Nougat.

The latest preview includes some bug fixes and a handful of new features, including an Easter Egg that’s a pretty in-depth cat collecting game, and the ability to see which apps on your device were installed from the Google Play Store, and which came from other sources.

Ahead of the final release of Android 7.0, a bunch of Google engineers have taken to the Android Developers subreddit to answer questions.

Continue reading Google’s Android engineering team answers questions ahead of Android 7.0 launch at Liliputing.

Google’s Android engineering team answers questions ahead of Android 7.0 launch

The next major version of Android is coming this summer, and Google has just released the 5th and final developer preview of Android 7.0 Nougat.

The latest preview includes some bug fixes and a handful of new features, including an Easter Egg that’s a pretty in-depth cat collecting game, and the ability to see which apps on your device were installed from the Google Play Store, and which came from other sources.

Ahead of the final release of Android 7.0, a bunch of Google engineers have taken to the Android Developers subreddit to answer questions.

Continue reading Google’s Android engineering team answers questions ahead of Android 7.0 launch at Liliputing.

53 wrestlers file class-action civil suit against WWE over concussions, CTE

Jimmy “Supafly” Snuka among plaintiffs; WWE calls suit “ridiculous.”

WWE wrestler Chavo Guerrero, Jr (right) is among the 53 plaintiffs in a proposed class-action lawsuit filed in Connecticut on Monday. (credit: Getty Images / Ethan Miller )

Dozens of former professional wrestlers have filed a proposed class-action civil suit against World Wrestling Entertainment (WWE), alleging that the organization should be held accountable for "long-term neurological injuries" that the performers suffered while body-slamming and pile-driving each other throughout the decades.

The 214-page suit, filed in United States District Court in Connecticut on Monday, includes among its 53 plaintiffs the famous-wrestler likes of Chavo Guerrero Jr, Joseph "Road Warrior Animal" Laurinaitis, James "Kamala" Harris, Paul "Mr Wonderful" Orndorff, and Jimmy "Supafly" Snuka. The lengthy suit attempts to hold the WWE responsible for its performers' issues with concussions and chronic traumatic encephalopathy (CTE), the brain-ravaging disease that figured largely in recent class-action suits filed by players' associations for the NFL and NHL American sports leagues.

CTE, a degenerative disease linked to repeated concussions that leads to memory loss, dementia, and suicidality, has been connected to injuries in many professional sports leagues, and the WWE is no exception. Among the more notorious examples is that of former WWE wrestler Chris Benoit, whose issues with CTE were confirmed after his murder-suicide case in 2007.

Read 6 remaining paragraphs | Comments

How Pokémon Go starts punishing its high-level players

Late-game changes seem designed to pressure players to pay.

OK Pikachu, get in the ball. Just get in the ball. GET IN THE DAMN BALL YOU FREAKING ELECTRIC RAT!

At the early levels, it's relatively easy to advance in Pokémon Go without spending any money. Provided you're not in a Pokémon-light rural area (or, er, a black neighborhood), it's pretty simple to just keep farming Pidgeys and nearby Pokéstops and gyms for the resources you need to watch your in-game numbers go up.

Now that the game has been out for more than a week in many regions, though, some of the first players to hit the game's higher levels are running into a wall that's halting that easy advancement. In a detailed Reddit thread discussing his "late game" progress in Pokémon Go, user Riggnaros discusses a few ways the game grinds progress to a halt once players hit level 25 or so.

For instance, Riggnaros says, once you reach a level in the "mid 20s," low-powered Pokémon you encounter in the game start to "have an abnormally high chance to evade capture." That means players will need to start wasting a lot more Pokéballs to capture the most abundant monsters, which are key to gaining the experience points needed for that next level. Getting enough Pokéballs to keep up with all those escaping Pokémon means spending real money or spending inordinate amounts of time farming free Pokéballs from those slowly refilling Pokéstops.

Read 8 remaining paragraphs | Comments

Unister Insolvenz: Flugtickets von Ab-in-den-Urlaub.de nicht sicher

Eine Folgeinsolvenz von Ab-in-den-Urlaub.de oder Fluege.de könnte dazu führen, dass Besitzer bestimmter Tickets nicht fliegen können. “Inhaber solcher Flugkarten müssten dann damit rechnen, nicht abgefertigt zu werden”, hieß es bei einer großen deutschen Reisegesellschaft zur Insolvenz von Unister. (Unister, Verbraucherschutz)

Eine Folgeinsolvenz von Ab-in-den-Urlaub.de oder Fluege.de könnte dazu führen, dass Besitzer bestimmter Tickets nicht fliegen können. "Inhaber solcher Flugkarten müssten dann damit rechnen, nicht abgefertigt zu werden", hieß es bei einer großen deutschen Reisegesellschaft zur Insolvenz von Unister. (Unister, Verbraucherschutz)