Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC),

I started a new desktop C++ project, which is aimed at evolution of automated/aided music composition and virtual instruments performance, which (I believe) is a path to the new age in the music world.

Main ideas:
- Create different music composition / analysis / advise algorithms - currently three algorithms are working
- Automatically adapt midi files or generated notes for live playback with best virtual instruments - currently adaptation for piano, Samplemodeling Brass and Embertone Friedlander Violin is working
- Develop the framework (visualization, playback to DAW...) - currently main functions are working

Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.
...
The exploit (officially dubbed CVE-2017-0290) allows a remote attacker to take over a system without any interaction from the system owner: it's simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft's malware protection engine—websites, file shares—could be used as an attack vector. Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned that exploits were "wormable," meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.

• https://arstechnica....ermissions-contacts/
• https://arstechnica....m-was-so-convincing/
• http://www.independe...n-hack-a7716581.html
• http://gizmodo.com/a...s-phishin-1794888973

A widely reported e-mail purporting to be a request to share a Google Docs document is actually a well-disguised phishing attack. It directs the user to a lookalike site and grants the site access to the target's Google credentials. If the victim clicks on the prompt to give the site permission to use Google credentials, the phish then harvests all the contacts in the victim's Gmail address book and adds them to its list of targets. The phish appears to have been initially targeted at a number of reporters, but it quickly spread widely across the Internet. Some of the sites associated with the attack appear to have been shut down.

It’s not that this is some “website that looks like google” and is “duplicating the google sign-in page”. It’s an actual Google Doc app, that you have to give permission to access your account details. That’s what makes it so dangerous, that it’s acting as a normal app would, requiring normal google authentication and authorization. It doesn’t gain access to your credentials, but the permissions it requests gives it access to a hell of a lot of stuff in your account. You have to revoke the app permissions at https://myaccount.google.com/permissions if you gave it access. People are saying on twitter “change your password”, but that won’t revoke access, you have to actively revoke access to disconnect the malicious app from your account. Click on each app in the list, any that are listed for today (or whenever you clicked through the email), revoke it to be safe. For me, it was called something like “Google Docs”, but may not be the same for everyone.

Last week Bloomberg published an article exposing how easy it is to “hack” Juicero’s produce packs by squeezing them with your hands, deeming the $699 (now $399) WiFi-connected juice press completely unnecessary. Nearly overnight, Juicero has become the posterchild for Silicon Valley excess....

I hope this post serves as a lesson to other hardware startups that spending tens of millions of dollars on product development prior to shipping a single unit is a goal that’s not worth striving for.

Juicero’s Press is an incredibly complicated piece of engineering. Of the hundreds of consumer products I’ve taken apart over the years, this is easily among the top 5% on the complexity scale.