Once installed, CherryBlossom turns the device into a 'Flytrap' that sends messages to a CIA-controlled server known as 'CherryTree'.

The Flytrap sends the router's device status and security information, which CherryTree logs to a database.

The CherryTree server then sends the infected device a 'mission' with specific tasks tailored to the target.

A web-based user interface known as 'CherryWeb' is used by CIA operators to check the Flytrap's status and web traffic and to assign the infected device new missions.

Missions assigned to the Flytrap can target specific laptops or phones in the house based on IP and email addresses, chat user names and MAC addresses.

Mission tasks include copying some or all of the user's internet traffic, email exchanges and private chat usernames.

Just a quick heads up, high school students. You might want to save your job application efforts for retail gigs, because the fast food space is about to be invaded by robots.

We already showed you an autonomous grillmaster that can monitor and flip an entire grill full of patties. Today’s bot is even more versatile. Not only can it cook the patty, but it can also dice up fresh toppings like tomatoes, pickles, and onions… and it can even deftly stack everything on a toasted bun.

The UK stands to lose £1bn per day in the event of a major disruption to the Global Positioning System (GPS), according to a government report.

Emergency services would also be severely affected and struggle to cope with demand. Longer emergency calls, less efficient dispatch, navigation, and congested roads would mean a total estimated loss of £1.5bn, the report said.

Besides navigation, many industries are reliant on GPS software for swathes of critical applications such as financial trading and precision docking of oil tankers.

Another banking malware variant has been spotted in the wild, and it's using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet.

McAfee Labs says the new campaign uses a variant of the ancient “Pinkslipbot”, and says it uses Universal Plug'n'Play (UPnP) to open ports through home routers, “allowing incoming connections from anyone on the Internet to communicate with the infected machine”.

As with any credential-harvesting botnet, the malware needs to get its booty back to the botmasters without exposing them, and this is where the UPnP exploit comes in.

The identification of malware tied to a cyberattack on Ukraine last year is putting a renewed focus on threats to America’s electric grid.

Twenty-five years ago, U.S. tech companies pledged to stop using chemicals that caused miscarriages and birth defects. They failed to ensure that their Asian suppliers did the same.

At TorrentFreak, we write about website blocking on a weekly basis, but it's not often that we are the target ourselves. This week we are, as major computer security vendor Comodo has decided to block direct access to our site, claiming that we might offer illegal access to copyrighted software or media. Interestingly. Comodo's DNS blocking doesn't prevent users from accessing The Pirate Bay and other known pirate sites.

Each awful terrorist attack brings with it government demands of an "internet clampdown", shorthand for increased censorship and compromised encryption to aid surveillance.

In Australia, the Turnbull government wants to follow Britain's example, and introduce the proposed "technology capability notices" that oblige internet providers and telcos to decrypt data in real-time if the authorities order it.

Depending on how the government-forming goes for Theresa May in the UK, she could lead the country in a Brexit from the internet, introducing strict regulations and logging of what people do online.

It's highly unlikely that an "internet clampdown" will result in anything else than the general population becoming less secure online. In fact, it's pretty much guaranteed nothing much good will come out of such a move.

Fresno, CA — A Fresno, California, man is facing prison after allegedly uploading the movie Deadpool to his Facebook account. Twenty-one-year-old Trevon Maurice Franklin was arrested and charged with copyright infringement Tuesday morning following a federal investigation that accused him of uploading the Hollywood blockbuster eight days after its release in theaters in February 2016.

Have you ever wondered who takes on the grueling, unforgiving task of combing Facebook's groups and personal profiles for terrorist activity? Meet Community Operations workers

Facebook's artificial intelligence researchers announced Wednesday they had broken new ground by giving automated programs or 'bots' the ability to negotiate, and make compromises.

The new technology pushes forward the ability to create bots 'that can reason, converse and negotiate, all key steps in building a personalized digital assistant,' said researchers Mike Lewis and Dhruv Batra in a blog post.

Up to now, most bots or chatbots have had only the ability to hold short conversations and perform simple tasks like booking a restaurant table, according to the researchers.

But in the latest code developed by Facebook, bots will be able to dialogue and 'to engage in start-to-finish negotiations with other bots or people while arriving at common decisions or outcomes,' they wrote.

A Florida man is under arrest after police say he used “revenge porn” to get back at his estranged ex-wife. Tampa NBC affiliate WFLA reports 37-year-old Joshua Persaud of Lake Wales allegedly sent 11 sexually graphic images of his wife to five of her male co-workers. He’s now been charged with 11 counts of sexual cyber harassment.
The ex-wife, whose name has been withheld, told police she had sent Persaud nude photographs of herself during the course of their marriage. The couple separated last January and is now in the process of getting a divorce.

Seventeen years after the Year 2000 bug came and went, the federal government will finally stop preparing for it.

The Trump administration announced Thursday that it would eliminate dozens of paperwork requirements for federal agencies, including an obscure rule that requires them to continue providing updates on their preparedness for a bug that afflicted some computers at the turn of the century. As another example, the Pentagon will be freed from a requirement that it file a report every time a small business vendor is paid, a task that consumed some 1,200 man-hours every year.

Millions of rural Americans are stranded in the "dial-up age" as internet providers continue to under-serve regions outside of major metropolitan centers, The Wall Street Journal reports. Approximately 39 percent of the rural population in the country — about 23 million people — don't have "fast" internet, which is defined as having the speed to support "email, web surfing, video streaming, and graphics for more than one device at once," the Journal writes.

Verizon says it will have to write off $500m for severance and integration costs on its acquisition of Yahoo!

The telco told the SEC it would mark down the $500m charge in its next quarterly report as it cuts unneeded staff and offices and mixes the rest in with AOL.

It is believed as many as 2,000 workers will be getting pink slips.

"In connection with the transaction, Verizon expects to record severance, acquisition and integration-related expenses of approximately $500 million pre-tax in the second quarter of 2017," Verizon said.

"Verizon expects to realize over $1 billion in cumulative operating expense synergies from the transaction through 2020."

It is no secret that hackers and cybercriminals are becoming dramatically more adept, innovative, and stealthy with each passing day.

While new forms of cybercrime are on the rise, traditional activities seem to be shifting towards more clandestine techniques that come with limitless attack vectors with low detection rates.

Security researchers have recently discovered a new fileless ransomware, dubbed "Sorebrect," which injects malicious code into a legitimate system process (svchost.exe) on a targeted system and then self-destruct itself in order to evade detection.

Unlike traditional ransomware, Sorebrect has been designed to target enterprise's servers and endpoint. The injected code then initiates the file encryption process on the local machine and connected network shares.

Former NBA player Dennis Rodman has made yet another trip to North Korea this week. Though time a fully unofficial ambassador of the United States, he arrives in the republic as the official ambassador of PotCoin, a digital currency marketed to the marijuana industry.

This could make Nevada a hub for blockchain startups and it certainly offers agorist opportunities. In this video, Vin Armani examines a brand new law in his home state of Nevada that creates a free-trade zone for cryptocurrencies and other blockchain applications exempting them from regulations. The law prohibits taxing and regulating blockchain businesses. Check out the details below:

The latest Wikileaks Vault7 release reveals details of the CIA’s alleged Cherry Blossom project, a scheme that uses wireless devices to access users’ internet activity.

The Cherry Blossom program also provides a means to perform software exploits on particular ‘targets’, meaning the hacker can take advantage of vulnerabilities on the target’s device, according to a Wikileaks press release.

Wikileaks notes that the common use of WiFi devices in homes, offices, and public spaces makes them ideal for these so-called ‘Man-In-The-Middle’ attacks as the Cherry Blossom program can easily monitor, control and manipulate the Internet traffic of connected users.

Malicious content can be injected into the data stream between the user and the internet service, which exploits vulnerabilities in the target’s computer or operating system, according to WikiLeaks.

By Nicholas West

With the latest spate of terror attacks we are beginning to witness supposedly democratic countries take increasingly tyrannical positions in the name of security...

Some of the "top ISPs" are in "very thorough" discussions with anti-piracy outfit Rightscorp over proposals to hijack the browsers of alleged pirates until a fine is paid. Rightscorp is presenting this as an opportunity for ISPs to avoid being sued as well as a way to generate profit for the company.

University College London is tonight tackling a serious ransomware outbreak that has scrambled academics' files.

It is feared the software nasty may be exploiting a zero-day vulnerability, or is a previously unseen strain of malware as antivirus defenses did not spot it in time, we're told. Eggheads at the UK uni are urged to not open any more email attachments, which may be booby-trapped with the ransomware.

The UCL Information Services Division (ISD) said it had locked down access to the shared and networked drives that have been under siege from the malware since it began infecting users around mid-day Wednesday via an email message.

James Lee says Microsoft's A-V software still has remote code execution holes

Kaspersky Labs has released an updated version 1.21.2.1 of its free ransomware decryption tool, RakhniDecryptor, which can now also decrypt files locked by the Jaff ransomware.

Security researchers at Kaspersky Labs have discovered a weakness in the Jaff ransomware code that makes it possible for victims to unlock their Jaff-infected files for free.

By Jeff Paul

“We can’t allow there to be areas that are practically outside the law,” German interior minister Thomas de Maiziere told reporters today while announcing new Nazi-like surveillance measures to fight terrorism.

The new measures include fingerprinting 6-year-old children and forcing technology companies to give the German authorities front doors to smartphones and backdoors into messaging apps in order to spy on all communications...

A new malware variant capable of knocking out networks that run power grids around the globe has been discovered by a computer security company studying an attack on the Ukrainian power grid.

Apple’s App Store has a problem.

Shady developers are gaming the App Store’s policies and its search ads to get users to download apps that trick them into paying for subscriptions for scam apps.

By Nicholas West

Perhaps it should never be surprising when those who have dedicated their lives to the military should call for a further expansion of the military. However, two retired commanders – Charles F. Wald, Retired U.S. Air Force general, former Deputy Commander of EUCOM; and Ted Johnson, Retired Navy Commander – have penned the most blatant and revealing vision of the future of war I’ve yet come across. It is a vision that literally sees Earth as a prison with the military in charge of the prison population...

Apple’s App Store has a problem.

Shady developers are gaming the App Store’s policies and its search ads to get users to download apps that trick them into paying for subscriptions for scam apps.

Stephen King’s frequent criticisms of President Trump have resulted in him being blocked from the President’s Twitter page.

Officials from the United States, the United Kingdom, Canada, Australia and New Zealand will discuss next month plans to force tech companies to break encryption on their products.

The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada with a focus on how to prevent "terrorists and organized criminals" from "operating with impunity ungoverned digital spaces online," according to Australian prime minister Malcolm Turnbull.

In the most forthright call yet from a national leader to break encryption, Turnbull told Parliament: "The privacy of a terrorist can never be more important than public safety – never."

Over 800 different Android apps that have been downloaded millions of times from Google Play Store found to be infected with malicious ad library that silently collects sensitive user data and can perform dangerous operations.

Dubbed "Xavier," the malicious ad library, initially emerged in September 2016, is a member of AdDown malware family, potentially posing a severe threat to millions of Android users.

Since 90 percent of Android apps are free for anyone to download, advertising on them is a key revenue source for their developers. For this, they integrate Android SDK Ads Library in their apps, which usually doesn't affect an app's core functionality.

According to security researchers at Trend Micro, the malicious ad library comes pre-installed on a wide range of Android applications, including photo editors, wallpapers and ringtone changers, Phone tracking, Volume Booster, Ram Optimizer and music-video player.

Shortly after WannaCry outbreak, we reported that three unpatched Windows exploits, codenamed "EsteemAudit," "ExplodingCan," and "EnglishmanDentist," were also being exploited by individuals and state-sponsored hackers in the wild.

Specially EsteemAudit, one of the dangerous Windows hacking tool that targets remote desktop protocol (RDP) service on Microsoft Windows Server 2003 and Windows XP machines, while ExplodingCan exploits bugs in IIS 6.0 and EnglishmanDentist exploits Microsoft Exchange servers.

But now Microsoft has released free security updates for unsupported versions of its products, including Windows XP and Server 2003, to patch all the three cyber-weapons and block next wave of "destructive cyberattacks" similar to WannaCry.

Fake/satirical website “The Last Line of Defense” seems to have taken the turn from fake news to something dangerously close to full-on fraud with this article titled: "'Joe The Plumber' Dies In Freak Accident After Announcing Bid For Congress".

Six months on from a hacking attack that caused a blackout in Kiev, Ukraine, security researchers have warned that the malware that was used in the attack would be “easy” to convert to cripple infrastructure in other nations.

The discovery of the malware, dubbed “Industroyer” and “Crash Override”, highlights the vulnerability of critical infrastructure, just months after the WannaCry ransomware took out NHS computers across the UK.

What have human rights got to do with the technical running of the internet?

Pakistan has sentenced a man to death for blasphemy on Facebook. The catch? Facebook aided Pakistan in cracking down on said anti-Islam blasphemy which begs the question: does Facebook have blood on its hands?

Computer security researchers from Alien Vault and Fortinet have discovered two pieces of malware, MacSpy and MacRansom, which target Apple Mac systems.

MacSpy allows users to monitor an infected system, capture passwords and other sensitive details through the use of key stroke logging, screenshots and clipboard contents.

MacRansom works in a similar manner to the WannaCry software that plagued computer systems around the world, including the NHS, last month.

It encrypts the contents of a user's computer and threatens to delete all of the information it contains, unless a ransom of 0.25 Bitcoins, around £530 ($684), is paid.

The popular online Bitcoin wallet Coinbase has been routinely seizing accounts of users in Hawaii and Wyoming, effectively “stealing” their Bitcoins by locking them out of their accounts. A Natural News investigation confirms that Coinbase is citing obscure state laws in its decision to seize accounts of users in both states, yet the online wallet refuses to allow users to log in and change their state of residence if they move to another state.

In effect, Coinbase is “stealing” Bitcoins from users by locking them out of their own accounts, preventing them from accessing their Bitcoin balances even if they move to another state. Users are raging against the “ripoff” and the “theft” in user comments

That happened to me!

Rep. Mike Quigley (D-Ill.) introduced legislation Monday to classify presidential social media posts — including President Trump's much-discussed tweets — as presidential records.

A report suggesting that WannaCry ransomware's authors could be native Chinese speakers has drawn fire from Chinese cybersecurity experts.

China-based cybersecurity companies Qihoo 360 and Antiy Labs have come to their country's defense, calling Flashpoint's linguistic analysis last month "groundless" and "unprofessional," Chinese state-run media Xinhua reported Monday.

The Israeli hacking company NSO Group has been put up for sale for a price of more than $1 billion, according to multiple people familiar with the matter.

The U.S.-based private equity firm Francisco Partners Management, which owns NSO Group, is looking to bring in around 10 times the $120 million it paid for a majority stake in the company in 2014. The group grew from around 50 employees when it was acquired to nearly 10 times that size, including more than 200 engineers dedicated to the hacking products that bring in the company’s rising profits.

NSO, which is known for selling cutting-edge offensive hacking technology to governments around the world, traces its roots to the Israeli military’s world-renowned signals intelligence unit known as Unit 8200.

IPhone 8 is undoubtedly one of the few gadgets the whole world is expecting the market to be supplied with in the coming months. According to the reports, Apple company will unveil the model in 2018 in the tenth anniversary of the IPhone line production. IPhone 8, whose brand model name has not been confirmed yet, is reported to have major differences with other former models. The main difference, however, lies in the fact that this model is originally designed and manufactured in Israel.

By Nicholas West

The Chicago police department continues to march toward what it calls “policing in the 21st century.” If their conduct is any indication, that police work would include systemic corruption, unlawful detention, torture, racial profiling and mass surveillance...

Last December, a cyber attack on Ukrainian power grid caused the power outage in the northern part of Kiev — the country's capital — and surrounding areas, causing a blackout for tens of thousands of customers for an hour and fifteen minutes around midnight.

Now, security researchers have discovered the culprit behind the attacks on industrial control systems.

Slovakia-based security software maker ESET and US critical infrastructure security firm Dragos Inc. say they have uncovered a new dangerous piece of malware in the wild that targets critical industrial control systems and is capable of causing blackouts.

Here is the evidence I’ve come across which indicates to me that the Google search-engine is now appallingly corrupt, and for which reason I am seeking (and hope to see in reader-comments at sites that publish this article) an alternative explanation for what presently appear to me to be systematic efforts by Google to hide crucial information and understanding from the public — to hide it so that the public can be manipulated to tolerate increasing control, by billionaires, of their governments (the diminution of democracy):

The idea goes that if AI has self-doubt, it will need to seek reassurance from humans, much in the same way a dog does, which will consolidate our place as top of the totem on Earth.

The maintainers of Samba has already patched the issue in their new Samba versions 4.6.4/4.5.10/4.4.14, and are urging those using a vulnerable version of Samba to install the patch as soon as possible.

While May's desire for a strong response is easy to understand, her call for more expansive internet regulation and censorship is wrongheaded and will make it harder to win the war against violent extremism.

May didn't specify the details of her proposal, but to many observers it was clear that she's asking for sweeping new powers to compel tech companies to help spy on citizens and censor online content. Unfortunately, this isn't simply a knee-jerk response to horrible circumstances, but reflects a longstanding ambition of May's Conservative Party to impose draconian controls on cyberspace.

Whilst there is no evidence that Facebook has done anything dodgy - nor any suggestion that it wants to - it certainly would have the power to do something like this if it chose to. And there are few checks on Facebook and other major social media companies, if they did want to wield their power in a partisan way.

Ultimately, the big tech players are not neutral arbiters of content - and they all have potentially huge amounts of unchecked power at their disposal - which could, conceivably, change the results of an election.

The good news is that Intel AMT SOL comes disabled by default on all Intel CPUs, meaning the PC owner or the local systems administrator has to enable this feature by hand.

The bad news is that Microsoft discovered malware created by a cyber-espionage group that abuses the Intel AMT SOL interface to steal data from infected computers.

Microsoft can't say if these state-sponsored hackers found a secret way to enable this feature on infected hosts, or they just found it active and decided to use it.

Of the 22 suspects, 20 were employees of an Apple “domestic direct sales company and outsourcing company”.

The suspects allegedly used an internal company computer system to gather users’ names, phone numbers, Apple IDs, and other data, which they sold as part of a scam worth more than 50 million yuan (US$7.36 million).

The statement referred to “domestic employees of Apple” but it was unclear whether they were directly employed by the company or by Apple suppliers or vendors. It also did not specify whether the data belonged to Chinese or foreign Apple customers.

If you're a GameStop customer, check your mail. The company just sent out letters to online patrons confirming a suspected payment security breach.

In April, GameStop said they were looking into a possible data breach that might have put customers' credit card information at risk. Confirming those suspicions, Kotaku reported today that a number of GameStop customers have received letters notifying them that their credit cards may have been stolen.

The company hasn't released any numbers yet, but anyone who placed an online order with them between August 10, 2016 and February 9, 2017 is at risk. That's quite a long time and it's safe to say many people were exposed. Names, addresses and credit card information were compromised and the reports from April speculated that the three-digit security numbers were taken as well.

Theresa May looks set to launch wide-ranging internet regulation and plans to fundamentally change how technology works despite not having won a majority.

In the speech in which she committed to keep governing despite calls to stand down, the prime minister made reference to extending powers for the security services. Those powers – which include regulation of the internet and forcing internet companies to let spies read everyone's private communications – were a key part of the Conservative campaign, which failed to score a majority in the House of Commons.

The ?Z-Berry is a single-board computer that is the same size as the Raspberry Pi and is built around the Zilog Z80 processor used in the ZX Spectrum, a best-selling British computer launched in 1982.

In 2016, California investigators used state wiretapping laws 563 times to capture 7.8 million communications from 181,000 people, and only 19% of these communications were incriminating. The year’s wiretaps cost nearly $30 million.

We know this, and much more, now that the California Department of Justice (CADOJ) for the first time has released to EFF the dataset underlying its annual wiretap report to the state legislature.

Facebook wants to spy on YOU through your smartphone camera and analyse the emotions on your face. The social network just patented technology that monitors users' reactions to posts, messages and adverts you see on its app.

Whilst the UK has a political upheaval in a General Election debarcle, whilst Trump’s politicing creates divisions across the globe and as other crazy events unfurl, yesterday the Al Jazeera network came under Cyber Attack:

In what looks like could be a new low for Amazon, a book on Amazon’s best sellers, “Dangerous” by Milo Yiannopoulos, was knocked out of its place by a Dr. Seuss. What’s fishy isn’t that it simply switched places, but the circumstance around its drop.

At least a dozen NASA employees have been caught watching porn at the office since 2015 by the agency’s Inspector General (IG), including several with images of children in sexual situations, according to documents obtained by The Daily Caller News Foundation’s Investigative Group.

NASA has changed since I was there!!!!!!!!

By Catherine J. Frompovich and Contributing researcher Kerri Ellen Wilder

“Smart” is really S.M.A.R.T., an engineering acronym for Specific – Measurable – Achievable – Relevant – Time-based. The reality that ultimately will evolve from this psy-op is a dystopian future destructive of dignity and freedom. Your liberty, your privacy, and the American way of life are on sale right now for electric dollars. The Internet of Things (IoT) and 5G are being represented and presented as the harbingers of a global utopia. They are, in fact, nothing short of a Faustian bargain of illusory promises many will live to regret when all their individual freedoms are forfeited for technology.

The “smart” meme and techno world stretches back to the 1930s when M. King Hubbert authored his “Technocracy Study Course,” which developed technocracy’s principles for the distribution of energy resources, as well as the monitoring and measurement of all of energy’s outputs...

Electronic assistants such as the Amazon Echo could be hacked by criminals to steal personal information, a security expert has warned.

Millions have bought voice-activated speakers which play music, provide weather forecasts, order groceries and answer questions.

The devices are brought to life by vocal commands such as 'Alexa' or 'Hello Google' but experts warn they pose a major security risk as they are always listening in and monitoring conversations.

Criminals could hack into them to find out when families are away or steal credit card details when someone orders a takeaway over the phone.

A powerful Android trojan with novel code injection features that posed as a game was distributed through the Google Play Store before its recent removal.

The Dvmap trojan installs its malicious modules while also injecting hostile code into the system runtime libraries. But Dvmap has other tricks up its sleeve. Once successfully installed, the malware deletes root access in an attempt to avoid detection.

"The introduction of code injection capability is a dangerous new development in mobile malware," according to Kaspersky Lab. "Since the approach can be used to execute malicious modules even with root access deleted, any security solutions and banking apps with root-detection features that are installed after infection won't spot the presence of the malware."

Muckrock filed Freedom of Information Requests with multiple US police forces to find out how they were using "mobile phone forensic extraction devices" -- commercial devices that suck all the data out of peoples' phones and make it available for offline browsing. They discovered that the practice of sucking up the entirety of arrestees' phones was incredibly common, and that often, cops sucked up this data without a warrant, after first obtaining "consent" from arrestees.

Jennifer Arcuri, a co-founder of cyber-security Hacker House, who debated with Silva on Today, pointed out that any government backdoor would necessarily weaken the security of an encrypted comms channel. "If you allow one backdoor for government, you've no idea who else is accessing or listening," she said.

The government has the capability to hack phones. It is possible to monitor and surveil people, argued Arcuri, who added that the authorities simply need to obtain a warrant under existing surveillance law – namely, the Investigatory Powers Act.

Silva asserted that terrorists responsible for recent atrocities in Paris 2015 and more recently in April in Stockholm - "insofar as we can tell" - were using encrypted comms.

"Even if you try to hack into someone's device, you can't tell what's going on within those apps," he claimed.

Brandis told Sky News "If those encrypted communications contain information which is necessary to a prosecution, an intelligence task like keeping a terrorism suspect under appropriate surveillance, then there does need to be a level of co-operation from the carriage services providers."

Speaking on the Australian Broadcasting Corporation's AM program, MacGibbon also called for "co-operation" and said that while "no-one is talking about back doors here" Australians understand that their privacy at home can be breached when Police gain a warrant to enter their homes.

"From time to time we do expect our privacy to be breached," he said, adding "From time to time you would expect a law enforcement agency to break into a private communication online."

A malicious Android app that downloads itself from advertisements posted on forums strongly resists removal, security firm Zscaler warns.

The dodgy Android utility poses as "Ks Clean", an Android cleaner app. Once installed, the app displays a fake system update message in which the only option presented to the user is to select the "OK" button, giving victims little immediate option other than to accept a supposed security update.

As soon as the user presses "OK", the malware prompts the installation of another APK named "Update". The Update app asks for administrator privileges which, if granted, can't be revoked.

The app uses the insidious mask of a "security update" to get a user to complete the installation.

After that, there is nothing to stop malware from slinging pop-up ads at victims even when the user is using other apps.

"Disable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents."

You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack computers through specially crafted Microsoft Office files, particularly Word, attached to spam emails.

But a new social engineering attack has been discovered in the wild, which doesn't require users to enable macros; instead it executes malware on a targeted system using PowerShell commands embedded inside a PowerPoint (PPT) file.

Moreover, the malicious PowerShell code hidden inside the document triggers as soon as the victim moves/hovers a mouse over a link (as shown), which downloads an additional payload on the compromised machine -- even without clicking it.

‘Jihadis Next Door’

but it is better than many newspapers.

Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named "Reality Winner" was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn't the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.

The patent describes using 'passive imaging data' – video captured by cameras which aren't turned on.

An algorithm would then determine the user's emotion, based on their facial expressions.

To illustrate how the system would work, Facebook created a fictitious person, called Desmond Jones.

The patent says: 'It appears from the profile that the user, Desmond Jones, was looking away from his device during a kitten video posted by Tim Boone.

'Thus, a content delivery system may determine to exclude videos of that type in the future.

'In another example, it appears that the user has watched an advertisement for scotch. Thus, in the future, more advertisements for scotch may be displayed to the user.'

Georgia’s Secretary of State Brian Kemp claims the Department of Homeland Security (DHS) tried to hack into his office’s firewall, pretending to be Russian hackers.

It's not just the FBI that can't seem to turn in its privacy-related paperwork on time. The FBI has pushed forward with its biometric database rollout -- despite the database being inaccurate, heavily-populated with non-criminals, and without the statutorily-required Privacy Impact Assessment that's supposed to accompany it. As of 2014, it hadn't produced this PIA, one it had promised in 2012. And one that applied to a system that had been in the works since 2008.

Internet companies, tech experts, activists and fellow politicians have reacted to PM May’s comments with disapproval, even accusing her of pushing her own agenda in the wake of recent tragic events.

Limiting cryptography or building the kind of backdoors that May wants would end up crippling the Internet as we know it, argues author and BoingBoing co-editor Cory Doctorow. He claims: “There’s no back door that only lets good guys go through it.” Even if app developers were instructed to refrain from using encryption, it would be very difficult to stop criminals from encrypting their messages manually or writing them in code.

Mark Chapman, UK Pirate Party’s candidate for Vauxhall, said: “Regulating the internet is not the answer, and it is shameful that Theresa May is so quick to use the events of a tragedy to fuel her own autocratic agenda.”

SD-WAN company Peplink has patched its load-balancing routers against vulnerabilities turned up by a German pentest company.

The bugs discovered by X41 Security centre, as is so often the case, around the products' Web admin interface, with seven individual bugs reported (CVE-2017-8835 to CVE-2017-8841).

The vulnerabilities include a critical SQL injection attack via the bauth cookie; a lack of cross-site request forgery protection; clear text password storage; two cross-site scripting bugs; a file deletion vulnerability; and an information disclosure bug.

Minimalist makeovers for iPad, Mac, iOS and MacOS leave Cupertino perhaps looking iterative, not innovative