Stegano 0.9.0

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

McAfee Blogs: McAfee Labs Threats Report Examines Cybercriminal Underground, IoT Malware, Other Threats

The McAfee Advanced Threat Research team today published the McAfee® Labs Threats Report, December 2018. In this edition, we highlight the notable investigative research and trends in threats statistics and observations gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q3 of 2018.

We are very excited to present to you new insights and a new format in this report. We are dedicated to listening to our customers to determine what you find important and how we can add value. In recent months we have gathered more threat intelligence, correlating and analyzing data to provide more useful insights into what is happening in the evolving threat landscape. McAfee is collaborating closely with MITRE Corporation in extending the techniques of its MITRE ATT&CK™ knowledge base, and we now include the model in our report. We are always working to refine our process and reports. You can expect more from us, and we welcome your feedback.

As we dissect the threat landscape for Q3, some noticeable statistics jump out of the report.  In particular, the continued rise in cryptojacking, which has made an unexpected emergence over the course of a year. In Q3 the growth of coin miner malware returned to unprecedented levels after a temporary slowdown in Q2.

Our analysis of recent threats included one notable introduction in a disturbing category. In Q3 we saw two new exploit kits: Fallout and Underminer. Fallout almost certainly had a bearing on the spread of GandCrab, the leading ransomware. Five years ago we published the report “Cybercrime Exposed,” which detailed the rise of cybercrime as a service. Exploit kits are the epitome of this economy, affording anyone the opportunity to easily and cheaply enter the digital crime business.

New malware samples jumped up again in Q3 after a decline during the last two quarters. Although the upward trend applies to almost every category, we did measure a decline in new mobile malware samples following three quarters of continual growth.

This post is only a small snapshot of the comprehensive analysis provided in the December Threats Report. We hope you enjoy the new format, and we welcome your feedback.

The post McAfee Labs Threats Report Examines Cybercriminal Underground, IoT Malware, Other Threats appeared first on McAfee Blogs.



McAfee Blogs

Capstone 4.0

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

flyingpenguin: Personality May Determine Employee Engagement

Interesting insights from the HBR, like emphasizing positive personalities in the workforce can harm leadership feedback loops: If leaders turn employee optimism and resilience into a key hiring criterion, then it becomes much harder to spot and fix leadership or cultural issues using employee feedback signals. And then they double-down on this assessment of overly … Continue reading Personality May Determine Employee Engagement →

[[ This is a summary only. Read more at flyingpenguin.com ]]

flyingpenguin

Red Hat Security Advisory 2018-3852-01

Red Hat Security Advisory 2018-3852-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability.

Facebook Gave More Than 150 Companies, Including Microsoft, Netflix, Spotify, Amazon and Yahoo, Unprecedented Access To Users’ Personal Data: NYT

The New York Times obtained hundreds of pages of Facebook documents which were generated in 2017 that show that the social network considered these companies business partners and effectively exempted them from its privacy rules. From a report: Facebook allowed Microsoft's search engine Bing to see the names of nearly all users' friends without their consent, let Spotify, Netflix, and the Royal Bank of Canada read, write, and delete users' private messages, and see participants on a thread, allowed Amazon to get users' names and contact information through their friends, and let Yahoo view streams of friends' posts "as recently as this summer" despite publicly claiming it had stopped sharing such information a year ago, the report said. Collectively, applications made by these technology companies sought the data of hundreds of millions of people a month. The records also show that Russian search giant Yandex, which was accused last year by Ukraine's security service for giving user data to Kremlin, also had access to Facebook's unique user IDs in 2017. A Yandex spokeswoman told the Times that the company was unaware of the access to user data provided by Facebook. Yandex did not immediately respond to BuzzFeed News' request for comment. In response to the report, Steve Satterfield, Facebook's Director of Privacy and Public Policy defended the actions of the social network.

Read more of this story at Slashdot.

Packet Storm: Capstone 4.0

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Packet Storm

Packet Storm: Stegano 0.9.0

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Packet Storm

The State of Security: From GDPR to Meltdown: A Look Back at Memorable Infosec Events in 2018 (Part 1)

As 2018 draws to a close, it’s been a fascinating year in the IT security community. From record-breaking data breaches, new regulations and the Meltdown and Spectre debacle, we can certainly say it’s been eventful. To round the year off, we thought it would be interesting to ask some of our regular contributors (and followers […]… Read More

The post From GDPR to Meltdown: A Look Back at Memorable Infosec Events in 2018 (Part 1) appeared first on The State of Security.



The State of Security

From GDPR to Meltdown: A Look Back at Memorable Infosec Events in 2018 (Part 1)

As 2018 draws to a close, it’s been a fascinating year in the IT security community. From record-breaking data breaches, new regulations and the Meltdown and Spectre debacle, we can certainly say it’s been eventful. To round the year off, we thought it would be interesting to ask some of our regular contributors (and followers […]… Read More

The post From GDPR to Meltdown: A Look Back at Memorable Infosec Events in 2018 (Part 1) appeared first on The State of Security.

The State of Security: Don’t Let DNS Flag Day Become Your DNS Doomsday

News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going […]… Read More

The post Don’t Let DNS Flag Day Become Your DNS Doomsday appeared first on The State of Security.



The State of Security

Don’t Let DNS Flag Day Become Your DNS Doomsday

News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going […]… Read More

The post Don’t Let DNS Flag Day Become Your DNS Doomsday appeared first on The State of Security.

Packet Storm: Red Hat Security Advisory 2018-3852-01

Red Hat Security Advisory 2018-3852-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability.

Packet Storm

Researchers Demonstrate Teleportation Using On-Demand Photons From Quantum Dots

An anonymous reader quotes a report from Phys.Org: A team of researchers from Austria, Italy and Sweden has successfully demonstrated teleportation using on-demand photons from quantum dots. In their paper published in the journal Science Advances, the group explains how they accomplished this feat and how it applies to future quantum communications networks. Scientists and many others are very interested in developing truly quantum communications networks -- it is believed that such networks will be safe from hacking or eavesdropping due to their very nature. But, as the researchers with this new effort point out, there are still some problems standing in the way. One of these is the difficulty in amplifying quantum signals. One way to get around this problem, they note, is to generate photons on-demand as part of a quantum repeater -- this helps to effectively handle the high clock rates. In this new effort, they have done just that, using semiconductor quantum dots. Prior work surrounding the possibility of using semiconductor quantum dots has shown that it is a feasible way to demonstrate teleportation, but only under certain conditions, none of which allowed for on-demand applications. Because of that, they have not been considered a push-button technology. In this new effort, the researchers overcame this problem by creating quantum dots that were highly symmetrical using an etching method to create the hole pairs in which the quantum dots develop. The process they used was called a XX (biexciton)--X (exciton) cascade. They then employed a dual-pulsed excitation scheme to populate the desired XX state (after two pairs shed photons, they retained their entanglement). Doing so allowed for the production of on-demand single photons suitable for use in teleportation. The dual pulsed excitation scheme was critical to the process, the team notes, because it minimized re-excitation.

Read more of this story at Slashdot.

A volta dos integralistas: até os ovos dos galinhas-verdes este ano chocou. Vaza, 2018!

Depois de chocar no Brasil o ovo da serpente, ou do fascismo, o ano de 2018 partiu para o esculacho antes de se despedir. Chocou os ovos de uma espécie que, em sua versão com violência além das palavras, a história supunha extinta: a dos galinhas-verdes. Na virada de novembro para dezembro, militantes autoproclamados integralistas afanaram e queimaram bandeiras antifascistas. Regozijaram-se com a aventura que propagandearam como “ação revolucionária”.

No dia 10, começou a circular um vídeo que mostra 11 homens, aparentemente brancos, encapuzados. Eles se apresentam com o nome fantasia “Comando de Insurgência Popular Nacionalista”, componente de uma certa “grande família integralista brasileira”. Contam que surrupiaram três bandeiras com mensagens contra o fascismo afixadas na fachada do casarão onde funciona o Centro de Ciências Jurídicas e Políticas da UniRio (Universidade Federal do Estado do Rio de Janeiro).

Pisam as bandeiras “Antifascismo”, do curso de administração pública, e “Não ao fascismo”, do direito. Um porta-voz lê o manifesto com a denúncia de que “nossa juventude é ensinada a se insurgir contra a pátria”. A consequência das alegadas lições seriam “drogados”, “homossexuais militantes”, “ateus materialistas”, “pedófilos”, “comunistas” e “escravos do banqueirismo internacional”. Na parede do local da gravação, coabitam uma bandeira do Brasil e uma com o sigma, letra do alfabeto grego que foi símbolo da Ação Integralista Brasileira (AIB). O vídeo se encerra com o “ritual de queima das bandeiras”, num simulacro tropical de encenações da Ku Klux Klan.

Bandeira com mensagem contra o fascismo afixada no Centro de Ciências Jurídicas e Políticas da UniRio, que foi posteriormente queimada pelos integralistas.

“Faixa com mensagem contra o fascismo afixada no Centro de Ciências Jurídicas e Políticas da UniRio, depois de três bandeiras serem furtadas e queimadas.

Foto: Foto: Mário Magalhães

Integralistas com Bolsonaro

Os direitistas fanáticos se inspiram na AIB, organização de massas que, na década de 1930, mobilizou 400 mil militantes em 1.123 núcleos. Seus simpatizantes somavam milhões. Fascinada com o nazifascismo europeu, mimetizava-o em ideias, alegorias e adereços. Em vez da suástica, desenhou o sigma. Os extremistas alemães gritavam “Heil, Hitler!”; os integralistas adotaram o tupi “Anauê!”

Os fascistas italianos trajavam camisas pretas, como um afamado magistrado-político brasileiro faria no século vindouro; os da AIB escolheram outra cor, por isso eram conhecidos como “camisas-verdes” – seus antagonistas os esculhambavam como “galinhas-verdes”.

Depois de uma batalha a pólvora e porrada entre sigmoides e uma frente antifascista, em outubro de 1934, o humorista Barão de Itararé tripudiou: “Um integralista não corre; voa”. Os ladrões das bandeiras repetiram no vídeo a velha saudação galinácea, com o braço estendido para o alto e para a frente. É cópia quase idêntica da saudação romana, horizontal, dos adeptos de Mussolini.

“Avessos ao liberalismo econômico, os integralistas desde sempre se alinham aos liberais no essencial.”

Os grupúsculos integralistas em atividade no Brasil apoiaram Jair Bolsonaro contra Fernando Haddad. Na manifestação de 21 de outubro na avenida Paulista, o líder de uma tal Frente Integralista Brasileira ecoou a antiga divisa “Deus, Pátria e Família”. Em seu discurso, Victor Emanuel Vilela Barbuy disse que o integralismo “não se confunde com o fascismo italiano”. Deve ser por isso que seus correligionários ideológicos queimaram bandeiras anti… fascistas.

Ao elogiar a indicação do professor Ricardo Vélez Rodríguez para o Ministério da Educação do próximo governo, o escritor Olavo de Carvalho derreteu-se: “Se você falar de integralismo brasileiro, ele sabe tudo”.

Avessos ao liberalismo econômico, os integralistas desde sempre se alinham aos liberais no essencial: a defesa da propriedade privada dos meios de produção (nos anos 1930, o caráter da propriedade era questão cara à esquerda no Brasil e no mundo). A racista AIB cultivava o antissemitismo, sobretudo o chefe de suas milícias, o escritor Gustavo Barroso. Idem o dirigente número um, Plínio Salgado, também escritor.

Pouco depois da batalha da praça da Sé, que provocou ao menos seis mortes em 1934, Plínio demonizou, no jornal A Offensiva: “Declarei solenemente a guerra contra o judaísmo organizado. É o judeu o autor de tudo. (…) Fomos agora atacados, dentro de São Paulo, por uma horda de assassinos, manobrados por intelectuais covardes e judeus. Lituanos, polacos, russos, todos semitas, estão contra nós”.

Nova faixa antifascista

A crise do liberalismo estimulou a multiplicação dessa gente oito, nove décadas atrás. A AIB influenciou de modo decisivo a história ao fornecer a Getulio Vargas um pretexto, o falso “Plano Cohen”, para o presidente dar um golpe de Estado em 1937 e sacramentar sua condição de ditador.

Foram integralistas personagens de destaque da República que anos mais tarde romperiam com seus valores do passado e rumariam para o centro e a esquerda, como o bispo dom Hélder Câmara, o jurista Goffredo da Silva Telles Junior e o estadista San Tiago Dantas.

Em reedição histórica, os torvelinhos econômicos do final da primeira década do século 21 propulsionaram a ascensão de movimentos aparentados com o fascismo em vários recantos do mundo. A eleição de Bolsonaro se vincula a esse cenário.

As bandeiras foram levadas da UniRio, no bairro carioca de Botafogo, em 30 de novembro. Haviam sido desfraldadas em outubro, como protesto contra decisões judiciais que proibiram iniciativas semelhantes em outras instituições de ensino superior. Depois do vídeo com a incineração, a comunidade universitária abriu uma nova faixa antifascista.

A volta dos ditos integralistas comprometidos com “ações revolucionárias” é mais um episódio grotesco da temporada. O Brasil caminha, como de costume, entre a tragédia e a comédia. O ano foi impiedoso. Já deu para a bolinha dele. Vaza, 2018!

The post A volta dos integralistas: até os ovos dos galinhas-verdes este ano chocou. Vaza, 2018! appeared first on The Intercept.

SecurityNewsWire.com latest breaking computer security, anti virus and hacking news: ODI Introduces its Innovative Malware Prevention Technology asaService in the Cloud for Independent Software Vendors ISVs and Managed Security Service ProvidersMSSP HostReview. com

ODI Introduces its Innovative Malware Prevention Technology asaService in the Cloud for Independent Software Vendors ISVs and Managed Security Service ProvidersMSSP HostReview. com

SecurityNewsWire.com latest breaking computer security, anti virus and hacking news

‘O Mourão vai ser presidente da República’. Um drink com o mentor do vice de Bolsonaro

Noivas costumam atrasar em casamentos. Mas a noiva do PRTB, o general Hamilton Mourão, não é assim. Ele chegou pontualmente às 20h, o horário marcado no convite, para o jantar em comemoração aos 25 anos do partido – ao qual se filiou em março deste ano e se tornou a principal aposta ao se eleger vice-presidente ao lado de Jair Bolsonaro.

Tal qual uma noiva, o vice-presidente eleito foi conduzido mesa a mesa para saudar os convidados ao lado de dois companheiros orgulhosos: Levy Fidélix, o presidente do PRTB, e Alvaro Dias, senador do Podemos derrotado na corrida presidencial deste ano.

No ápice da noite, o general foi levado ao palco montado no centro da Casa Petra, luxuoso salão de festas de Moema, bairro de classe média alta em São Paulo. Estava em frente a uma tela com sua foto, uma bandeira do Brasil e a frase “Meus heróis NÃO morreram de overdose”, referência à música que, sem a negativa, se tornou famosa na voz de Cazuza. Discursou por sete minutos. Neste tempo, foi fotografado, filmado e ovacionado por deputados e senadores eleitos, militares, empresários e ruralistas, todos ávidos para se aproximar e tirar uma selfie.

No discurso, ele agradeceu por ter sido acolhido na “família do PRTB” e falou sobre a necessidade de aprovar reformas da previdência e tributária, “senão em 2022 o governo fecha”. Encerrou com uma frase de efeito: “Vai ser difícil. Mas, aos melhores, as missões mais difíceis”. Aplausos. O casamento foi selado.

Nenhum dos cerca de 200 convidados do jantar tinha dúvidas de que estava perto do próximo presidente do Brasil. E esta pessoa era Mourão. Bolsonaro mal foi citado durante toda a festa.

18-12-18-materia-mourao-6-1545159396

Na convenção do PRTB, não havia nem espaço para citações a Bolsonaro. Mourão era o herói máximo.

Foto: Amanda Audi

Em uma mesa ao lado do palco estava sentado o general Paulo Assis, ex-comandante de Mourão no Exército em duas ocasiões e amigo de longa data. Bebericando latinhas de Heineken, o militar da reserva acenava com orgulho todas as vezes em que era mencionado nos discursos. Estava sendo celebrado por ser o responsável por duas façanhas: levar Mourão para a política, filiando-o ao PRTB; e fazer a ponte para que ele se tornasse vice de Bolsonaro.

Venerado pelos convidados da festa, Mourão prestou reverência apenas a Assis e Fidélix, em sinal de lealdade. Com Assis, comportou-se com o respeito e a intimidade de um filho para com o pai.

Fui levada até Assis, seu mentor, por Fidélix – ambos são amigos de longa data. Eu havia perguntado como foi a negociação para que Mourão, disputado por vários partidos, escolhesse a sua legenda, pequena e pouco expressiva – nas eleições deste ano não conseguiu eleger nenhum deputado, nem mesmo o criador do partido. “O culpado é aquele senhor ali”, me disse Fidélix, o característico bigode preto tremendo de orgulho.

General Assis demonstrou animação para contar a história. Ao longo da conversa, ia me mostrando fotos e mensagens no celular, de modo a provar o que dizia. Eram imagens dele e de Mourão servindo juntos. “Veja, que jovem”, me apontava o rosto de um Mourão aos 30 e poucos anos, de óculos de sol, em meio a um grupo de militares. Em outra, os dois estavam lado a lado na selva amazônica. As fotos haviam sido enviadas a ele pelo próprio vice-presidente por WhatsApp.

Quando perguntei o que esperava de Mourão no governo, a resposta veio firme: “o Mourão vai ser presidente da República”. Em 2022 ou antes – caso “algo” aconteça com Bolsonaro. “Tudo pode acontecer. Ele é o vice, é o único que foi eleito. Os ministros todos podem sair, ele não. Vai ficar até o último dia”, vaticinou.

Assis ocupa posição de destaque na equipe de transição do governo, que vem se reunindo em Brasília, para tomar pé da situação atual e planejar os próximos quatro anos. Foi indicado da cota pessoal de Mourão, assim como Fidélix. Ele se considera “conselheiro” do vice-presidente. “Quando ele me perguntar ‘qual será a sua posição [no novo governo]?’, eu vou falar que sou conselheiro”.

Aos gritos – pois estávamos ao lado da banda country que animava o jantar –, o ex-comandante me contou que Bolsonaro sondou Mourão para ser o seu vice há dois anos, na época em que o militar passou à reserva e se tornou conhecido por suas falas corrosivas contra o PT e semi-intervencionistas.

A frase que ficou mais famosa era sobre uma possível intervenção do Exército na política brasileira: “Ou as instituições solucionam o problema político pela ação do Judiciário, retirando da vida pública esses elementos envolvidos em todos os ilícitos, ou então nós teremos que impor isso”. Isso ocorreu em 2017, quando o presidente Michel Temer estava às voltas com denúncias no Congresso. Mourão foi chamado a se explicar e, cinco meses depois, passou à reserva.

Mourão se mostrou interessado, mas o convite acabou ficando em banho-maria. Em abril deste ano, Fidélix procurou Assis para que convencesse Mourão a se lançar presidente pelo PRTB. Disse que iria abrir mão da própria candidatura porque acreditava na força do general.

Em uma reunião a três, Mourão negou o convite porque já havia se comprometido com Bolsonaro. Foi convencido por Assis a seguir um caminho alternativo: se filiaria ao PRTB para ficar na chamada ‘regra três’. Estavam contando que a candidatura de Bolsonaro não iria decolar, ou ele seria impedido de concorrer, e então Mourão poderia assumir o espaço deixado por ele.

“Falei [pra Mourão]: ‘eu acho que o Bolsonaro não vai se eleger, por causa do caso da Maria do Rosário e tal’ [o presidente eleito responde a dois processos no Supremo Tribunal Federal por ter dito à deputada gaúcha que que não a estupraria porque ela “não merecia”]. Falei pra ele: ‘Mourão, dispute a presidência se o Bolsonaro não concorrer. Porque não é bom ter dois candidatos a presidente militares. Se o Bolsonaro cair, nós apoiamos você’”, disse Assis. No dia seguinte, ele e Mourão se filiaram juntos ao PRTB.

18-12-18-materia-mourao-8-1545160837

“Vai ser difícil. Mas, aos melhores, as missões mais difíceis”, discursou Mouão ao lado do presidente do PRTB, Levy Fidélix.

Foto: Amanda Audi

O 5º na fila

Pouco tempo depois, Assis encontrou Bolsonaro em um aeroporto. Ele também foi comandante do presidente eleito durante um curto período de tempo. Perguntou a ele se o convite a Mourão ainda estava de pé. “Ah, não, chefe, eu não posso abrir mão de 45 milhões de evangélicos, que é o Magno Malta”, Bolsonaro teria respondido a ele, citando o senador pelo Espírito Santo, íntimo de líderes evangélicos como Silas Malafaia. Informou que iria chamar Mourão para ser ministro da Defesa.

Malta, que chegou a ser chamado por Mourão de ‘elefante branco na sala’, acabou não aceitando o convite para ser vice. Também minguaram as tratativas com o general Augusto Heleno, com a advogada responsável pelo impeachment da presidente Dilma Rousseff, Janaína Paschoal, e com o “príncipe” Luiz Philippe de Orleans e Bragança, parte do que restou da família real no Brasil. O nome de Mourão foi tirado novamente da cartola na véspera da convenção do PSL, em que a chapa de Bolsonaro deveria ser oficializada. Mas ainda havia resistência dentro do PSL.

“O PSL não queria o Mourão”, disse Assis. “O Mourão é estrela.” Perguntei três vezes o que ele queria dizer com isso, mas ele se esquivou: “Ah, não importa”. Depois mudou de assunto.

Ainda de acordo com ele, Bolsonaro teve que ameaçar renunciar à candidatura caso seu partido não aceitasse o general como vice. Acabou dando certo no último momento para o registro da chapa.

“O Mourão me ligou 7h da manhã no dia da convenção. ‘Chefe, acabei de ser convidado para ser o vice do Bolsonaro. E não consigo falar com o Levy’. Eu falei: “se o Bolsonaro ou o [Gustavo] Bebianno não falarem com ele, não vai fechar’”, contou. Mesmo como civil, o dever de hierarquia militar mandava que a negociação fosse feita com o presidente do partido. Sem isso, Mourão estaria desrespeitando a autoridade.

Bolsonaro estava desde cedo tentando formalizar o acordo com Fidélix, mas o celular dele estava desligado. Conseguiu localizá-lo no telefone da esposa. Isso aconteceu pouco antes do início da convenção, às 9h do dia 5 de agosto. Na festa, Assis aparece no palco ao lado de Mourão, Bolsonaro, Bebianno e Fidélix.

Em seu discurso durante a festa de sexta passada, o vice-presidente eleito também falou sobre a costura do acordo com o PRTB. “Meu amigo Paulo Assis, meu comandante, me apresentou o Levy. E aí estabelecemos um pacto. Muito bem, Levy, eu entro no seu partido. Seu partido é de retidão, de honestidade. O Levy diz: ‘é limpo’. E a nossa única visão é que caso o Bolsonaro necessitasse do nosso apoio, nós estaríamos juntos”.

Durante todo o tempo em que conversamos, ficou claro que Assis não confia na capacidade de Bolsonaro de resistir até o último dia de governo. Quanto mais disputar a reeleição em 2022. Ele diz que o seu pensamento reproduz o da classe militar, que apoia Bolsonaro, mas com reservas, por causa de seu temperamento belicoso.

18-12-18-materia-mourao-3-1545160410

Na festa em que Mourão foi oficializado como vice de Bolsonaro, o general Assis (terceiro da esquerda para a direita) aparece no palco ao lado de Bolsonaro, Bebianno e Fidélix.

Foto: Arquivo Pessoal/Paulo Assis

Punição em caso de corrupção

Ao chegar ao jantar, Mourão participou de uma reunião com lideranças por cerca de 20 minutos. Depois não teve mais sossego. Não conseguiu sentar-se à mesa e nem comer os aperitivos que estavam sendo servidos (ceviche de peixe branco, tapioca com mel e canudinho de carpaccio).

Consegui conversar com ele por alguns minutos, de pé, no meio do salão. Perguntei quais seriam seus primeiros atos como presidente, já que irá ocupar o lugar de Bolsonaro ainda em janeiro, quando o presidente deverá se ausentar para fazer uma cirurgia. “Vou manter as ordens em vigor. Nada mais do que isso. Não vou fazer nada de minha iniciativa. Vou manter aquilo que ele tiver determinado”, disse, em tom respeitoso.

Também lhe perguntei se ele defende punição caso algum integrante do governo esteja envolvido em escândalos de corrupção. “O presidente já disse isso, que defende a punição. E eu também já disse”, respondeu. Perguntei se isso valia mesmo se os envolvidos fossem o filho do presidente, ou o próprio, como vem se anunciando o caso do motorista Fabrício Queiroz – a convenção aconteceu oito dias depois de uma reportagem do jornal o Estado de S.Paulo ter revelado que o ex-funcionário de Flávio Bolsonaro fez movimentações suspeitas de R$ 1,2 milhão, em um ano, e depositou parte para a primeira-dama Michele Bolsonaro. “O presidente já disse isso”, repetiu.

Mourão disse ainda não saber quem do círculo pessoal do presidente deseja vê-lo morto, como foi dito por Carlos Bolsonaro. “Sinceramente, não sei. Tem que perguntar pro filho dele”, irritou-se. Logo foi puxado para tirar fotos com apoiadores. Foi embora da festa cedo, sem comer nem beber. Nem mesmo chope, que gosta de tomar em momentos festivos.

18-12-18-materia-mourao-9-1545160840

Após passar por oito partidos, o senador Alvaro Dias (no centro, de azul) deve formalizar a adesão ao PRTB em breve.

Foto: Amanda Audi

Dias de glória para o PRTB

A ambição dos perretebistas se tornou palpável. Fidélix afirma que, pela primeira vez, ele e sua equipe estão sendo ouvidos pelos integrantes do novo governo. Acredita que desta vez suas ideias sairão do papel. Uma delas, a mais famosa, é a do aerotrem. O trem-bala que vai ligar várias capitais do país é o mote de campanha de Fidélix desde que formalizou o PRTB, em 1994. “Eu não vou te dar uma frase para você colocar na manchete, mas estamos discutindo mobilidade urbana, sim.”

Com a boa popularidade de Mourão, o presidente do partido estima que conseguirá a adesão de pelo menos mais 10 deputados eleitos. Com isso, acredita que irá superar as limitações da cláusula de barreira, norma que restringe a atuação de partidos que não atingiram um índice mínimo dos votos nacionais, e com isso voltar a ter acesso a recursos do fundo partidário e de tempo de propaganda na TV –  até novembro o partido arrecadou R$ 4.192.229,20, segundo dados do Tribunal Superior Eleitoral.

No fundo, este era o real motivo do evento: paparicar Mourão para atrair possíveis pretendentes à legenda. Ao lado do vice-presidente eleito no palco do salão de festas, Fidélix mal continha as lágrimas de emoção.

No jantar dos 25 anos do partido, um vídeo mostrou a trajetória da sigla: do começo apoiando Jânio Quadros, ainda como Movimento Trabalhista Renovador, à participação na campanha de Fernando Collor, da qual Fidélix foi assessor. Jânio e Collor são os grandes ídolos do político.

Mesmo contente com o presente de sucessos inesperados, O PRTB olha para o futuro: seu novo trunfo é um recauchutado Alvaro Dias. O senador deve formalizar a adesão ao partido – o 9º de sua carreira – em breve. Ele foi apresentado no evento como “a voz do partido no Senado” e recebeu o boas-vindas de parte dos convidados.

No que depender de Dias, será um embarque silencioso. Durante a campanha, ele atacou Jair Bolsonaro duramente. Foi flagrado em um vídeo chamando o adversário de “bandido”. Quando me aproximei para falar sobre os novos ares, ele se negou a me receber. “Não estou falando com ninguém desde a eleição e não vou falar até fevereiro. O silêncio fala mais alto. O silêncio é retumbante.”

The post ‘O Mourão vai ser presidente da República’. Um drink com o mentor do vice de Bolsonaro appeared first on The Intercept.

Why Investors Should Pay Attention to NMR

One of the hottest topics in the news (besides blockchain related news) is machine learning. The ability to create algorithms and models that have strong predictive power is viewed as somewhat of a holy grail when it comes to computation. This is exactly why the hedge fund offshoot Numeraire is so powerful. Unique Structure As […]

The post Why Investors Should Pay Attention to NMR appeared first on Hacked: Hacking Finance.

SpaceX Raising $500 Million To Help Build Its ‘Starlink’ Satellite Broadband Network

According to the Wall Street Journal, SpaceX is raising a $500 million round of fundraising to help build its massive satellite internet project, called Starlink. "The new funding puts SpaceX's valuation at $30.5 billion," reports CNBC. "The report says the capital comes from existing shareholders as well as new investor Baillie Gifford, a Scottish investment firm." From the report: Starlink -- a name SpaceX filed to trademark last year -- is an ambition unmatched by any current satellite network. The company is attempting to build its own constellation of 4,425 broadband satellites, with another 7,518 satellites to come after. SpaceX will begin launching the constellation in 2019. The system will be operational once at least 800 satellites are deployed. Starlink would offer broadband speeds comparable to fiber optic networks.The satellites would provide direct-to-consumer wireless connections, rather the present system's redistribution of signals, transforming a traditionally high-cost, low reliability service.

Read more of this story at Slashdot.

Microsoft’s Next-Gen Xbox Consoles Are Codenamed ‘Anaconda’ and ‘Lockhart’

According to Windows Central, there are two upcoming next-generation Xbox consoles in the works -- a cheaper "S"-style console to succeed the Xbox One S, and a more beastly "X"-style console to succeed the Xbox One X. "The codename for the 'S 2' seems to be 'Lockhart,' and the codename for the 'X 2' seems to be 'Anaconda,' which may also be serving as a dev kit," reports Windows Central. From the report: The next-gen Lockhart console will be the affordable SKU, providing the next-gen Xbox experience in a package potentially around as powerful as the current Xbox One X hardware wise, with refinements under the hood. The Anaconda console will be more powerful and more expensive, providing a cutting-edge console gaming experience. We've also heard Microsoft is exploring technology to dramatically reduce loading times, potentially including SSD storage in the package. We've heard from multiple places that the next-gen Xbox consoles will be fully compatible with everything on your current Xbox One consoles, including your OG Xbox and Xbox 360 library via backward compatibility. We've also heard that Microsoft is working on a new platform for games dubbed "GameCore," as part of Windows Core OS, which the Scarlett family will support when it's ready. It extends the work Redmond has been doing on UWP. GameCore should make it easier for developers to build games that function not only on Xbox "Scarlett" consoles but also Windows 10 PCs, further reducing the amount of work studios need to do to get games running across both platforms. The report doesn't mention if the cheaper next-generation Xbox console will be streaming-only, or if it will still support traditional discs and downloads. With a disc-free version of the Xbox One reportedly coming next spring, this seems like a possibility.

Read more of this story at Slashdot.

E Hacking News – Latest Hacker News and IT Security News: Iranian phishers bypass 2fa protections

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.

Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.

“In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote.

In an email, a Certfa representative said company researchers confirmed that the technique successfully breached accounts protected by SMS-based 2fa. The researchers were unable to confirm the technique succeeded against accounts protected by 2fa that transmitted one-time passwords in apps such as Google Authenticator or a compatible app from Duo Security.

“We’ve seen [it] tried to bypass 2fa for Google Authenticator, but we are not sure they’ve managed to do such a thing or not,” the Certfa representative wrote. “For sure, we know hackers have bypassed 2fa via SMS.”


E Hacking News - Latest Hacker News and IT Security News

Iranian phishers bypass 2fa protections

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.

Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.

“In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote.

In an email, a Certfa representative said company researchers confirmed that the technique successfully breached accounts protected by SMS-based 2fa. The researchers were unable to confirm the technique succeeded against accounts protected by 2fa that transmitted one-time passwords in apps such as Google Authenticator or a compatible app from Duo Security.

“We’ve seen [it] tried to bypass 2fa for Google Authenticator, but we are not sure they’ve managed to do such a thing or not,” the Certfa representative wrote. “For sure, we know hackers have bypassed 2fa via SMS.”

Twitter Is Relaunching the Reverse-Chronological Feed

Twitter is introducing a new toggle in the app to allow users to switch from the ranked timeline to the original, reverse-chronological feed. "The company says the move comes in recognition of the fact that Twitter is often most useful in real time, particularly during live events such as sports games or the Oscars," reports The Verge. From the report: The latest incarnation of the original Twitter feed can be accessed by tapping the cluster of small stars -- the company calls it the "sparkle" and now so shall we all, forever -- and switching to see the latest tweets. Over time, the company will learn your behavior. If you routinely switch to the latest tweets, Twitter will default you to them. This marks a change from the past, when the app would switch you back to the ranked timeline at unpredictable intervals.

Read more of this story at Slashdot.

T-Mobile Denies Lying To FCC About Size of Its 4G Network

An anonymous reader quotes a report from Ars Technica: T-Mobile has denied an allegation that it lied to the Federal Communications Commission about the extent of its 4G LTE coverage. A group that represents small rural carriers says that T-Mobile claimed to have 4G LTE coverage in places where it hadn't yet installed 4G equipment. That would violate FCC rules and potentially prevent small carriers from getting network construction money in unserved areas. T-Mobile said the allegations made by the Rural Wireless Association (RWA) in an FCC filing on Friday "are patently false." "RWA's misrepresentations are part of an ongoing pattern of baseless allegations by the organization against T-Mobile designed to delay or thwart competition in rural America and deprive rural Americans of meaningful choice for broadband services," T-Mobile wrote. "The organization's repeated disregard for fact-based advocacy is a disrespectful waste of Commission time and resources." RWA members have conducted millions of speed tests at their own expense to determine whether the major carriers' coverage claims are correct. The RWA says both Verizon and T-Mobile have exaggerated coverage, and the FCC is taking the allegations seriously. FCC Chairman Ajit Pai announced last week that the FCC has begun an investigation and that a preliminary review of speed-test data "suggested significant violations of the Commission's rules." The FCC has not said which carrier or carriers violated the rules.

Read more of this story at Slashdot.

Coinbase Pro Adds ETH-Based Quartet; Golem (GNT), Dai (DAI), Maker (MKR) and Zilliqa (ZIL)

Coinbase Pro extended its run of listing Ethereum-based tokens on Tuesday, when it announced the addition of Golem (GNT), Dai (DAI), Maker (MKR) and Zilliqa (ZIL). The exchange recently released a list of more than thirty coins and tokens that it had signalled for immediate attention. After the listing of four ERC-20 tokens last week, […]

The post Coinbase Pro Adds ETH-Based Quartet; Golem (GNT), Dai (DAI), Maker (MKR) and Zilliqa (ZIL) appeared first on Hacked: Hacking Finance.

Ex-Uber Engineer Claims a Self-Driving Car Drove Him Coast-To-Coast

"Anthony Levandowski, the controversial engineer at the heart of a lawsuit between Uber and Waymo, claims to have built an automated car that drove from San Francisco to New York without any human intervention," reports the Guardian. Levandowski told the Guardian that he completed the 3,099-mile journey on October 30th using a modified Toyota Prius, which "used only video cameras, computers and basic digital maps." From the report: Levandowski told the Guardian that, although he was sitting in the driver's seat the entire time, he did not touch the steering wheels or pedals, aside from planned stops to rest and refuel. "If there was nobody in the car, it would have worked," he said. If true, this would be the longest recorded road journey of an autonomous vehicle without a human having to take control. Elon Musk has repeatedly promised, and repeatedly delayed, one of his Tesla cars making a similar journey. A time-lapse video of the drive, released to coincide with the launch of Levandowski's latest startup, Pronto.AI, did not immediately reveal anything to contradict his claim. But Levandowski has little store of trust on which to draw.

Read more of this story at Slashdot.

Jonathan Pollard – Wikipedia

en.wikipedia.org - In addition to the release requests by the Israeli government, there has been a long running public campaign to free Pollard. The organizers include the Pollard family, his ex-wife, Anne, and Jewish …


Tweeted by @AloisiusBarnes https://twitter.com/AloisiusBarnes/status/1075164089574416389

Kroger Begins Autonomous Grocery Deliveries

Kroger is launching its unmanned grocery delivery service in Scottsdale, Arizona. The company first announced the pilot with robotics company Nuro in June, and since August, "they have tested an autonomous fleet of 'a handful of' Priuses with safety drivers just in case someone needed to intervene," reports Adweek. "Together, they have completed nearly 1,000 deliveries in Scottsdale." From the report: Now, Kroger is adding two R1 unmanned vehicles to its fleet, which Nuro designed to transport goods on public roads without passengers and marks the first deployment of its technology for the general public. (The Priuses will continue to have safety drivers.) To start, deliveries are available from a single store in the "Kroger Family," the Fry's Food Store at 7770 East McDowell Road. A Kroger rep said customers who live within the store's zip code -- 85257 -- will have access to the service. Customers place orders online or via the Fry's app. An announcement said same- and next-day delivery is available. All orders have a $5.95 fee, but there is no minimum for order total.

Read more of this story at Slashdot.

Podcast Episode 125: Long After The Election Kremlin’s Computational Propaganda Campaign Rolls On

Priscilla Moriuchi of Recorded Future joins us once again in the Security Ledger studios to talk about the findings of two major reports released this week on Russia's online campaigns and how disinformation operations by foreign governments may be the "new normal." 

The post Podcast Episode 125: Long After The Election Kremlin’s...

Read the whole entry... »

Related Stories

CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.

CVE-2018-19789

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.

CVE-2018-17777

An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges.

CVE-2018-16884

A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.

Sucuri Blog: Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls

Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls

The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewall. Our team takes great pride in this distinction, as customer feedback continues to shape our products and services.

In its announcement, Gartner explains,

“The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings.”

To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.

Continue reading Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls at Sucuri Blog.



Sucuri Blog

Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls

Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls

The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewall. Our team takes great pride in this distinction, as customer feedback continues to shape our products and services.

In its announcement, Gartner explains,

“The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings.”

To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.

Continue reading Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls at Sucuri Blog.

Researchers Make RAM From a Phase Change We Don’t Entirely Understand

An anonymous reader quotes a report from Ars Technica: We seem to be on the cusp of a revolution in storage. Various technologies have been demonstrated that have speed approaching that of current RAM chips but can hold on to the memory when the power shuts off -- all without the long-term degradation that flash experiences. Some of these, like phase-change memory and Intel's Optane, have even made it to market. But, so far at least, issues with price and capacity have kept them from widespread adoption. But that hasn't discouraged researchers from continuing to look for the next greatest thing. In this week's edition, a joint NIST-Purdue University team has used a material that can form atomically thin sheets to make a new form of resistance-based memory. This material can be written in nanoseconds and hold on to that memory without power. The memory appears to work via a fundamentally different mechanism from previous resistance-RAM technologies, but there's a small hitch: we're not actually sure how it works. The two mechanisms used to change the resistance have been reported in the journal Nature Materials.

Read more of this story at Slashdot.

Security Affairs: Critical unfixed flaws affect ABB Safety PLC Gateways

Researchers at Applied Risk discovered serious flaws in some PLC gateways manufactured by industrial tech company ABB.

Security experts at Applied Risk are affected by potentially serious flaws and the bad news is that the vendor will not release firmware updates because the impacted products have reached the end of life.

The security firm published a security advisory that provides technical details for two vulnerabilities in ABB Pluto Gateway products. GATE-E1 and GATE-E2 from ABB.

The ABB gateway solutions allow ABB PLCs to communicate with other control systems.

“Two vulnerabilities were found in the ABB GATE E1/E2 devices. These findings include a total lack ofauthentication for the administrative interfaces on the device, as well as an unauthenticated persistentCross-Site Scripting vulnerability.” reads the security advisory published by ABB.

“As a result of these findings, ABB has put the GATE-E2 in End-of-Life.The E1 device was already in EoL. “

The devices do not implement authentication on its administrative telnet/web interface, the flaws could be exploited to change device settings and cause a DoS condition by condition by continuously resetting the product.

Applied Risk assigned to the flaws a CVSS v3 base score of 9.8.

ABB PLC Gateways

Experts also discovered a persistent cross-site scripting (XSS) flaw that could be exploited by an attacker to inject malicious code via the administrative HTTP and telnet interfaces. The malicious is executed when a legitimate admin will access the device’s web portal. The flaw has been rated as a severity rating of “high.”

ABB also published separate advisories for the missing authentication and XSS vulnerabilities. ABB will send customers instructions on how to secure their installs.

The good news is that the experts are not aware of attacks exploiting the flaws in the wild.

Pierluigi Paganini

(SecurityAffairs – PLC Gateways, hacking)

The post Critical unfixed flaws affect ABB Safety PLC Gateways appeared first on Security Affairs.



Security Affairs

Critical unfixed flaws affect ABB Safety PLC Gateways

Researchers at Applied Risk discovered serious flaws in some PLC gateways manufactured by industrial tech company ABB.

Security experts at Applied Risk are affected by potentially serious flaws and the bad news is that the vendor will not release firmware updates because the impacted products have reached the end of life.

The security firm published a security advisory that provides technical details for two vulnerabilities in ABB Pluto Gateway products. GATE-E1 and GATE-E2 from ABB.

The ABB gateway solutions allow ABB PLCs to communicate with other control systems.

“Two vulnerabilities were found in the ABB GATE E1/E2 devices. These findings include a total lack ofauthentication for the administrative interfaces on the device, as well as an unauthenticated persistentCross-Site Scripting vulnerability.” reads the security advisory published by ABB.

“As a result of these findings, ABB has put the GATE-E2 in End-of-Life.The E1 device was already in EoL. “

The devices do not implement authentication on its administrative telnet/web interface, the flaws could be exploited to change device settings and cause a DoS condition by condition by continuously resetting the product.

Applied Risk assigned to the flaws a CVSS v3 base score of 9.8.

ABB PLC Gateways

Experts also discovered a persistent cross-site scripting (XSS) flaw that could be exploited by an attacker to inject malicious code via the administrative HTTP and telnet interfaces. The malicious is executed when a legitimate admin will access the device’s web portal. The flaw has been rated as a severity rating of “high.”

ABB also published separate advisories for the missing authentication and XSS vulnerabilities. ABB will send customers instructions on how to secure their installs.

The good news is that the experts are not aware of attacks exploiting the flaws in the wild.

Pierluigi Paganini

(SecurityAffairs – PLC Gateways, hacking)

The post Critical unfixed flaws affect ABB Safety PLC Gateways appeared first on Security Affairs.

U.S. Stocks Mostly Higher on FOMC Drift; Bitcoin Price Holds Higher

U.S. stocks traded mostly higher on Tuesday, as the Federal Reserve’s two-day policy meeting was officially underway in Washington. The cryptocurrency market notched a fresh 12-day high as bitcoin and its altcoin peers maintained their upward traction for most of the session. Stocks Recover Wall Street recovered modestly after plunging on Monday to their lowest […]

The post U.S. Stocks Mostly Higher on FOMC Drift; Bitcoin Price Holds Higher appeared first on Hacked: Hacking Finance.

Remove.bg is a Website That Removes Backgrounds from Portraits in Seconds

An anonymous reader shares a report: If you often find yourself needing to remove the backgrounds from photos but don't have the time to manually do it, you might want to bookmark Remove.bg. It's a simple free website that automatically removes the backgrounds from photos in just 5 seconds with a single click. Simply use the button on the homepage to select a photo from your computer (or you can also enter a photo's URL on the Web). The website then processes the photo and shows the result in moments. Under the result is a button that lets you download it as a PNG image with a transparent background.

Read more of this story at Slashdot.

CVE-2018-6978

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.