ITy Bytes 7 August are bit sized chunks of news you may need to know

  • No one here but us chickens – ChickenGuard;
  • Bose 300 for 360° with OK Google or Alexa;
  • Top Malware to look out for – from Check Point;
  • Bitdefender finds critical Intel/Windows vulnerability – patch NOW;
  • NordVPN says school Wi-Fi is very vulnerable;
  • Samsung ups the Frame to QLED quality;
  • Logitech slim and quite MK740 keyboard and mouse combo

ITy Bytes 7 August

No one here but us chickens – ChickenGuard

Apparently chicken owners must open the henhouse door in the morning and close it in the evening. Mad inventor Ben Braithwaite invented ChickenGuard, the world’s first self-locking door kit to sate the growing numbers of chicken-owning families.

The system uses timers and light sensors to open and close henhouse doors in the morning and evening, protecting the birds from predators and ensuring unbroken sleep for owners who prefer not to retire and rise as early as their hens do.

As its not 1 April I am sure Ben is sincere. His website certainly looks finger lickin’ good and asserts that (to date) 425,250 chickens have been saved, 256,788 randy chickens laid eggs, and 90,456 hungry foxes thwarted.

Bose 300 for 360° with OK Google or Alexa

The Bose 300 is the latest member of the growing Bose Smart Speaker family. It is a mains-powered, 360° mono speaker with Wi-Fi and Bluetooth and 3.5mm AUX inputs.

Music sources include any streaming music services over Wi-Fi controlled either by the Google Assistant or Amazon Alexa, or using the Bose Music app. It also has Spotify and Apple AirPlay 2 compatibility and six pre-set source buttons.

Bose 300

Sound comes from one down firing full-range driver and Bose claims its DSP (digital signal processor) down mixes stereo to “maximise audio output from its small size and to produce surprisingly deep bass, leveraging an advanced acoustic port design with Bose’s innovative QuietPort technology.”

At release it does not support Google News playback or sleep sounds but that may come. It is not a Chromecast speaker as such. It supports multi-room speaker setup with Bose 500, Bose Sound bars 500 and 700.

As is typical of Bose there are no specifications and we will be reviewing it soon. Price: $399.95 from Bose and delivery around 15 August.

Top Malware to look out for – from Check Point

While JavaScript miner, JSEcoin continues to dominate for the third consecutive month, new malware such as NanoCore and AgentTesla have infiltrated Australian devices for the first time. Percentages refer to Australian cyber incident cases impacted by this specific malware.

Check Point
  1. ↔ JSEcoin, 4.53% A JavaScript miner embedded in websites. It runs in your browser in exchange for an ad-free experience, in-game currency and other incentives.
  2. ↑ Magecart, 3.80% A malicious JavaScript code injected into e-commerce websites to steal credit card payment details. A compromised website containing the malicious code can leak the customer’s payment details to the attacker.
  3. ↓ XMRig, 3.65% An open-source CPU mining software for Monero cryptocurrency. First seen in May 2017.
  4. ↑ Formbook 3.51% An InfoStealer that targets the Windows OS. First seen in 2016, it has strong evasion techniques and relatively low hacker purchase price. It harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes and can download and execute files according to its C&C orders.
  5. ↑ Dorkbot, 3.36% IRC-based worm designed to allow remote code execution and downloads additional malware to the infected system. The primary goal is to steal sensitive information and launch Denial-of-Service attacks

5-10

  1. ↑ Nanocore, 2.78% is a Remote Access Trojan (RAT) since 2013. It targets Windows and features base plugins and functionalities such as screen capture, cryptocurrency mining, remote control etc.
  2. ↑ Trickbot, 2.49 A Dyre variant first seen in October 2016. It targets banking users mostly in Australia and the UK, and recently India, Singapore and Malaysia.
  3. ↓ Emotet, 2.34% An advanced, self-propagating and modular banking trojan. It uses multiple methods and evasion techniques for maintaining persistence and avoiding detection.
  4. ↑ AgentTesla, 2.19% An advanced RAT functioning as a keylogger and a password stealer since 2014. It can monitor and collect keyboard input, system clipboard, take screenshots, and exfiltrateg credentials (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). It is openly sold to Hackers for $15-$69 for user licenses.
  5. ↓  Crytpoloot 1.90% Cryptominer malware, using the victim’s CPU or GPU power and existing resources for  crypto mining activities. It is a competitor of Coinhive.

Bitdefender finds critical Intel/Windows vulnerability – patch and keep up to date

Bitdefender has found a new security vulnerability that affects all modern Intel CPUs which leverage speculative-execution, potentially letting hackers access passwords, tokens, private conversations, encryption and other sensitive data of both home and enterprise users.

ITy Bytes 7 August

The vulnerability, discovered less than three months after the last worldwide security alert regarding Intel processors, opens the way to a side-channel attack that gives the attacker a method to access all information in the operating system kernel memory.

The attack bypasses all known mitigations implemented after the discovery of Spectre and Meltdown in early 2018. Bitdefender Hypervisor Introspection mitigates this new attack on unpatched Windows systems.

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” said Gavin Hill, Vice President, Datacenter and Network Security Products at Bitdefender. “Research into these attacks is on the cutting edge as it gets to the very roots of how modern CPUs operate and requires a thorough understanding of CPU internals, OS internals, and speculative-execution side-channel attacks in-general.”