Connect with us

Biz & IT

Google Maps adds biking and ridesharing options to transit directions for multi-mode commutes

Published

on

Google is introducing combo navigation directions that pair ridesharing and biking options with transit guidance. Starting today, when you search from directions using Google Maps and select the “transit” tab, you’ll see ridesharing options included when the nearest station is a bit farther than most people might expect to go on foot. Similarly, you’ll also see routes with bike suggestions for certain legs, all listed alongside routes that stick to just transit alone for a full range of options.

The new hybrid navigation options will include useful info like the cost of rideshare segments, as well as wait times and traffic conditions. You’ll be able to specify your preferred rideshare provider from this, available through Google Maps in your area, and also pick which rideshare method you prefer (i.e. pool or economy).

Bikers will get route directions specific to the best paths and roads for bikes to takes, and in both cases, all of the available info will be fed into providing an overall ETA, so you can make an informed decision about which route and method of transportation to take depending on when you need to be where you’re going.

Google says that the combined transit/ridesharing navigation will start rolling out today on both Android and iOS, and that iOS users will start seeing the biking options today, with Android to follow in the coming weeks.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Hackers tied to Russia’s GRU targeted the US grid for years

Published

on

Yuri Smityuk | Getty Images

For all the nation-state hacker groups that have targeted the United States power grid—and even successfully breached American electric utilities—only the Russian military intelligence group known as Sandworm has been brazen enough to trigger actual blackouts, shutting the lights off in Ukraine in 2015 and 2016. Now one grid-focused security firm is warning that a group with ties to Sandworm’s uniquely dangerous hackers has also been actively targeting the US energy system for years.

On Wednesday, industrial cybersecurity firm Dragos published its annual report on the state of industrial control systems security, which names four new foreign hacker groups focused on those critical infrastructure systems. Three of those newly named groups have targeted industrial control systems in the US, according to Dragos. But most noteworthy, perhaps, is a group that Dragos calls Kamacite, which the security firm describes as having worked in cooperation with the GRU’s Sandworm. Kamacite has in the past served as Sandworm’s “access” team, the Dragos researchers write, focused on gaining a foothold in a target network before handing off that access to a different group of Sandworm hackers, who have then sometimes carried out disruptive effects. Dragos says Kamacite has repeatedly targeted US electric utilities, oil and gas, and other industrial firms since as early as 2017.

“They are continuously operating against US electric entities to try to maintain some semblance of persistence” inside their IT networks, says Dragos vice president of threat intelligence and former NSA analyst Sergio Caltagirone. In a handful of cases over those four years, Caltagirone says, the group’s attempts to breach those US targets’ networks have been successful, leading to access to those utilities that’s been intermittent, if not quite persistent.

Caltagirone says Dragos has only confirmed successful Kamacite breaches of US networks prior, however, and has never seen those intrusions in the US lead to disruptive payloads. But because Kamacite’s history includes working as part of Sandworm’s operations that triggered blackouts in Ukraine not once, but twice—turning off the power to a quarter million Ukrainians in late 2015 and then to a fraction of the capital of Kyiv in late 2016—its targeting of the US grid should raise alarms. “If you see Kamacite in an industrial network or targeting industrial entities, you clearly can’t be confident they’re just gathering information. You have to assume something else follows,” Caltagirone says. “Kamacite is dangerous to industrial control facilities because when they attack them, they have a connection to entities who know how to do destructive operations.”

Dragos ties Kamacite to electric grid intrusions not just in the US, but also to European targets well beyond the well-publicized attacks in Ukraine. That includes a hacking campaign against Germany’s electric sector in 2017. Caltagirone adds that there have been “a couple of successful intrusions between 2017 and 2018 by Kamacite of industrial environments in Western Europe.”

Dragos warns that Kamacite’s main intrusion tools have been spear-phishing emails with malware payloads and brute-forcing the cloud-based logins of Microsoft services like Office 365 and Active Directory as well as virtual private networks. Once the group gains an initial foothold, it exploits valid user accounts to maintain access, and has used the credential-stealing tool Mimikatz to spread further into victims’ networks.

Kamacite’s relationship to the hackers known as Sandworm—which has been identified by the NSA and US Justice Department as Unit 74455 of the GRU—isn’t exactly clear. Threat intelligence companies’ attempts to define distinct hacker groups within shadowy intelligence agencies like the GRU have always been murky. By naming Kamacite as a distinct group, Dragos is seeking to break down Sandworm’s activities differently from others who have publicly reported on it, separating Kamacite as an access-focused team from another Sandworm-related group it calls Electrum. Dragos describes Electrum as an “effects” team, responsible for destructive payloads like the malware known as Crash Override or Industroyer, which triggered the 2016 Kyiv blackout and may have been intended to disable safety systems and destroy grid equipment.

Together, in other words, the groups Dragos call Kamacite and Electrum make up what other researchers and government agencies collectively call Sandworm. “One group gets in, the other group knows what to do when they get in,” says Caltagirone. “And when they operate separately, which we also watch them do, we clearly see that neither is very good at the other’s job.”

When WIRED reached out to other threat-intelligence firms including FireEye and CrowdStrike, none could confirm seeing a Sandworm-related intrusion campaign targeting US utilities as reported by Dragos. But FireEye has previously confirmed seeing a widespread US-targeted intrusion campaign tied to another GRU group known as APT28 or Fancy Bear, which WIRED revealed last year after obtaining an FBI notification email sent to targets of that campaign. Dragos pointed out at the time that the APT28 campaign shared command-and-control infrastructure with another intrusion attempt that had targeted a US “energy entity” in 2019, according to an advisory from the US Department of Energy. Given that APT28 and Sandworm have worked hand-in-hand in the past, Dragos now pins that 2019 energy-sector targeting on Kamacite as part of its larger multiyear US-targeted hacking spree.

Dragos’ report goes on to name two other new groups targeting US industrial control systems. The first, which it calls Vanadinite, appears to be have connections to the broad group of Chinese hackers known as Winnti. Dragos blames Vanadinite for attacks that used the ransomware known as ColdLock to disrupt Taiwanese victim organizations, including state-owned energy firms. But it also points to Vanadinite targeting energy, manufacturing, and transportation targets around the world, including in Europe, North America, and Australia, in some cases by exploiting vulnerabilities in VPNs.

The second newly named group, which Dragos calls Talonite, appears to have targeted North American electric utilities, too, using malware-laced spear phishing emails. It ties that targeting to previous phishing attempts using malware known as Lookback identified by Proofpoint in 2019. Yet another group Dragos has dubbed Stibnite has targeted Azerbaijani electric utilities and wind farms using phishing websites and malicious email attachments, but has not hit the US to the security firm’s knowledge.

While none among the ever-growing list of hacker groups targeting industrial control systems around the world appears to have used those control systems to trigger actual disruptive effects in 2020, Dragos warns that the sheer number of those groups represents a disturbing trend. Caltagirone points to a rare but relatively crude intrusion targeting a small water treatment plant in Oldsmar, Florida earlier this month, in which a still-unidentified hacker attempted to vastly increase the levels of caustic lye in the 15,000-person city’s water. Given the lack of protections on those sorts of small infrastructure targets, a group like Kamacite, Caltagirone argues, could easily trigger widespread, harmful effects even without the industrial-control system expertise of a partner group like Electrum.

That means the rise in even relatively unskilled groups poses a real threat, Caltagirone says. The number of groups targeting industrial control systems has been continually growing, he adds, ever since Stuxnet showed at the beginning of the last decade that industrial hacking with physical effects is possible. “A lot of groups are appearing, and there are not a lot going away,” says Caltagirone. “In three to four years, I feel like we’re going to reach a peak, and it will be an absolute catastrophe.”

This story originally appeared on wired.com.

Continue Reading

Biz & IT

AT&T announces deal to spin off DirecTV into new company owned by… AT&T

Published

on

Enlarge / AT&T’s logo at its corporate headquarters on March 13, 2020 in Dallas, Texas.

Nearly six years after buying DirecTV for $48.5 billion, AT&T today announced a deal to sell a minority stake in the business unit and spin it out into a new subsidiary.

AT&T said its deal with private equity firm TPG Capital values the TV business at $16.25 billion. A press release said that AT&T and TPG “will establish a new company named DirecTV that will own and operate AT&T’s US video business unit consisting of the DirecTV, AT&T TV, and U-verse video services.”

AT&T will own 70 percent of the spun-off DirecTV company’s common equity while TPG will own 30 percent. DirecTV in its new form “will be jointly governed by a board with two representatives from each of AT&T and TPG, as well as a fifth seat for the CEO, which at closing will be Bill Morrow, CEO of AT&T’s US video unit,” the announcement said.

AT&T acknowledged that its DirecTV purchase didn’t work out as planned.

“With our acquisition of DirecTV, we invested approximately $60 billion in the US video business,” AT&T said in materials distributed to reporters. “It’s fair to say that some aspects of the transaction have not played out as we had planned, such as pay TV households in the US declining at a faster pace across the industry than anticipated when we announced the deal back in 2014. In fact, we took a $15.5 billion impairment on the business in 4Q20.”

Focus on 5G, fiber, and HBO Max

Separating DirecTV into a new unit will help AT&T focus on its key “strategic” areas of 5G mobile service, fiber Internet, and HBO Max, AT&T said.

“As the pay-TV industry continues to evolve, forming a new entity with TPG to operate the US video business separately provides the flexibility and dedicated management focus needed to continue meeting the needs of a high-quality customer base and managing the business for profitability,” AT&T CEO John Stankey said. “TPG is the right partner for this transaction and creating a new entity is the right way to structure and manage the video business for optimum value creation.”

The companies said they expect to close their transaction in the second half of 2021 and that it “is subject to customary closing conditions and to regulatory reviews.” AT&T said it expects to receive $7.6 billion in cash from the partial sale and that it will use the money to reduce its debt.

8 million TV customers fled AT&T

AT&T has lost over 8 million customers since early 2017 from its Premium TV services, which include DirecTV satellite, U-verse wireline video, and the newer AT&T TV online service. Total customers in that category decreased from over 25 million in early 2017 to 16.5 million at the end of 2020.

“Since AT&T closed the DirecTV acquisition in 2015, the business has generated cash flows of more than $4 billion per year, and the company expects this to continue in 2021,” today’s announcement said.

DirecTV’s deal with NFL Sunday Ticket apparently will not be disrupted, as AT&T said it will continue to “fund NFL Sunday Ticket for 2021 and 2022 (up to a $2.5B cumulative cap).”

Current video customers should not expect major changes, AT&T said.

“Existing AT&T video customers will become DirecTV customers at close and will be able to keep their video service and any bundled wireless or broadband services as well as associated discounts,” AT&T said. “AT&T and TPG are committed to a smooth transition and seamless customer experience and will work to further improve customer service and bring new features to DirecTV’s video services.”

Continue Reading

Biz & IT

Armed with exploits, hackers on the prowl for a critical VMware vulnerability

Published

on

Hackers are mass scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10.

CVE-2021-21974, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter server, an application for Windows or Linux that administrators use to enable and manage virtualization of large networks. Within a day of VMware issuing a patch, proof-of-concept exploits appeared from at least six different sources. The severity of the vulnerability, combined with the availability of working exploits for both Windows and Linux machines, sent hackers scrambling to actively find vulnerable servers.

“We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://vmware.com/security/advisories/VMSA-2021-0002.html),” researcher Troy Mursch of Bad Packets wrote.

Mursch said that the BinaryEdge search engine found almost 15,000 vCenter servers exposed to the Internet, while Shodan searches revealed about 6,700. The mass scanning is aiming to identify servers that have not yet installed the patch, which VMware released on Tuesday.

Unfettered code execution, no authorization required

CVE-2021-21972 allows hacker with no authorization to upload files to vulnerable vCenter servers that are publicly accessible over port 443, researchers from security firm Tenable said. Successful exploits will result in hackers gaining unfettered remote code-execution privileges in the underlying operating system. The vulnerability stems from a lack of authentication in the vRealize Operations plugin, which is installed by default.

The flaw has received a severity score of 9.8 out of 10.0 on the Common Vulnerability Scoring System Version 3.0. Mikhail Klyuchnikov, the Positive Technologies researcher who discovered the vulnerability and privately reported it to VMware, compared the risk posed by CVE-2021-21972 to that of CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller.

The Citrix flaw came under active attack last year in ransomware attacks on hospitals and, according to a criminal indictment filed by the US Justice Department, in intrusions into game and software makers by hackers backed by the Chinese government.

In a blog post earlier this week, Klyuchnikov wrote:

In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix (CVE-2019-19781). The error allows an unauthorized user to send a specially crafted request, which will later give them the opportunity to execute arbitrary commands on the server. After receiving such an opportunity, the attacker can develop this attack, successfully move through the corporate network, and gain access to the data stored in the attacked system (such as information about virtual machines and system users). If the vulnerable software can be accessed from the Internet, this will allow an external attacker to penetrate the company’s external perimeter and also gain access to sensitive data. Once again, I would like to note that this vulnerability is dangerous, as it can be used by any unauthorized user.

The researcher provided technical details here.

Positive Technologies

CVE-2021-21972 affects vCenter Server versions 6.5, 6.7, and 7.01. People running one of these versions should update to 6.5 U3n, 6.7 U3l, or 7.0 U1c as soon as possible. Those who can’t immediately install a patch should implement these workarounds, which involve changing a compatibility matrix file and setting the vRealize plugin to incompatible.

Continue Reading

Trending