Keylogger Found on Nearly 5,500 Infected WordPress Sites

Nearly 5,500 WordPress sites are infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner.


The malicious script is being loaded from the “cloudflare.solutions” domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field.


The script is loaded on both a site’s frontend and backend, meaning it can also log usernames and passwords when logging into a site’s admin panel.


Keylogger on WordPress site


The script is also dangerous when left to run on the frontend. While on most WordPress sites the only place it could steal user data is from comment fields, some WordPress sites are configured to run as online stores. In these instances, attackers can log credit card data and personal user details.


Most of these incidents occurred because hackers compromised WordPress sites through various means and hid the malicious script inside functions.php, a standard file found in all WordPress themes.


Attacker(s) has been active since April


These attacks aren’t new. Sucuri has tracked at least three different malicious scripts hosted on the cloudflare.solutions domain.


The first one took place in April, and attackers used the malicious JavaScript file to embed banner ads on hacked sites.


By November, the same group had changed tactics and was loading malicious scripts disguised as fake jQuery and Google Analytics JavaScript files that were actually a copy of the Coinhive in-browser cryptocurrency miner. By November 22, that campaign was spotted on 1,833 sites.


In this latest series of attacks, also detected by Sucuri, hackers have kept the cryptojacking script in place, but have also added the keylogger component.


Script active on nearly 5,500 WordPress sites


According to PublicWWW, this malicious script version is currently active on 5,496 sites, most ranked outside the Alexa Top 200,000.


Sucuri experts provide the following mitigation advice for owners who spot scripts loaded on their sites from the cloudflare.solutions domain.


As we already mentioned, the malicious code resides in the function.php file of the WordPress theme. You should remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts. Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack). Don’t forget to check your site for other infections too.

via Latest news and stories from BleepingComputer.com http://bit.ly/2AY1qpb

Advertisements

The best touchscreen laptops

When we talk about touchscreens, they’re usually in reference to phones, tablets, 2-in-1s, convertibles, and all-in-one PCs. After all, that’s where touchscreens are best utilized, especially when touch-based input is at the forefront of your computing experience. But regardless of how much Steve Jobs hated them, there’s a crowd that wouldn’t mind a traditional clamshell laptop with a screen supporting touch.

Below you will find a mixture of Chromebooks and Windows 10 PCs. Our favorite is the HP Spectre 15 as seen in our recent review, sporting a 13.3-inch screen and an eighth-generation Intel Core i7-8550U processor. We also chose a great option for a premium experience, and a great solution if you’re on a tight budget. Our picks for the best Chromebook and budget-friendly options have locked specifications and prices while our other selections have configurations you can customize through the manufacturer.

Our Pick

HP Spectre 13

best touchscreen laptops

Why you should buy this: This touch-enabled laptop provides excellent performance backed by a solid battery, and a beautiful yet thin and light form factor.

Who’s it for: Customers willing to purchase a laptop above the $1,200 mark.

How much will it cost: $1,249+

Why we picked the HP Spectre 13:

For this model, HP provides two configurations with a starting price of $1,249 although we reviewed the higher-end model. The big difference between the two is the underlying processor: a seventh-generation Core i7-7500U in one model, and an eighth-generation Core i7-8550U in the other. Both provide the same amount of system memory and storage, but the seventh-generation version is slightly bigger in size due to two additional speakers.

As the specifications show, the laptop measures just 0.41 inches thick, and weighs 2.45 pounds. Complementing this thin and light form factor is a cooling system that enables the full potential of Intel’s chip without causing excessive heat and possible performance bottlenecks. The system also includes dynamic power settings that adjusts to the current application, so you get high performance when you need it, enabling a longer battery duration.

See on Amazon

Screen size: 13.3 inches
Screen type: In-Plane Switching
Resolution: 1,920 x 1,080
Processor: Intel Core i7-7500U
Intel Core i7-8550U
Graphics: Intel HD Graphics 620
Intel UHD Graphics 620
Memory: 8GB LPDDR3 @ 1,600MHz
Storage: 256GB PCIe NVMe M.2 SSD
Audio: 2x Bang & Olufsen speakers
4x Bang & Olufsen speakers
Connectivity: Wireless AC (up to 867Mbps)
Bluetooth 4.0
Bluetooth 4.2
Ports: 2x Thunderbolt 3
1x USB-C (Gen1)
1x Headphone/microphone jack
Camera: HP TrueVision HD IR camera
Battery: 38.0 WHr (9.75 hours)
43.7 WHr (11.5 hours)
Dimensions: 12.80 x 9.03 x 0.41 inches
12.13 x 8.83 x 0.41 inches
Weight: 2.45 pounds
Color: Dark ash silver
Ceramic White
Starting price: $1,249

Best 15-inch touchscreen laptop

HP Envy 15t

best touchscreen laptops

Why you should buy this: Here’s another premium touch-enabled laptop manufactured by HP, but at a far lower cost.

Who’s it for: Customers wanting high performance for a reduced price.

How much will it cost: Starting at $1,019 (currently reduced to $719)

Why we picked the HP Envy 15t:

Here’s another touch-capable laptop from HP. This model isn’t quite as expensive, but still provides a premium experience for a lower price. It’s based on two seventh-generation Intel Core i7 processors, and provides two resolution options when purchasing through HP’s website: 1,920 x 1,080, and 3,840 x 2,160. Memory configurations span between 8GB and 16GB using two memory slots.

With the current two, the Core i7-7560U is the newer chip, but has a slower base speed than the older Core i7-7500U processor. Either way, for a starting price of $1,019 (or $719, even better), the HP Envy 15t is a great buy for non-gaming use.

See on Amazon

Screen size: 15.6 inches
Screen type: In-Plane Switching
Resolution: 1,920 x 1,080
3,840 x 2,160
Processor: Intel Core i7-7500U
Intel Core i7-7560U
Graphics: Intel HD Graphics 620
Intel Iris Plus Graphics 620
Memory: 8GB DDR4 @ 2,133MHz
12GB DDR4 @ 2,133MHz
16GB DDR4 @ 2,133MHz
Storage: 256GB PCIe NVMe M.2 SSD
360GB PCIe NVMe M.2 SSD
512GB PCIe NVMe M.2 SSD
1TB PCIe NVMe M.2 SSD
1TB HDD (5,400RPM) + 128GB M.2 SSD
1TB HDD (5,400RPM) + 256GB M.2 SSD
Audio: 2x Bang & Olufsen speakers
Connectivity: Wireless AC (up to 867Mbps)
Bluetooth 4.2
Ports: 1x USB-C (Gen1)
3x USB-A (Gen1)
1x HDMI
1x Headphone/microphone jack
1x SD card reader
Camera: HP Wide Vision HD Webcam
HP TrueVision HD IR Camera
Battery: 52 WHr (up to 7 hours)
Dimensions: 14.96 x 10.04 x 0.71 inches
Weight: 4.8 pounds
Color: Silver
Starting price: $719

Best 15-inch touchscreen Chromebook

Acer Chromebook 15

best touchscreen laptops

Why you should buy this: Acer’s solution is the largest Chromebook to date, and is backed by premium components.

Who’s it for: Customers looking for a premium computing experience outside the Windows platform.

How much will it cost: $399

Why we picked the Acer Chromebook 15:

This is Acer’s largest Chromebook to date, and we thought it was a great. There’s only one configuration available, which consists of an Intel Pentium N4200 processor, 4GB of system memory, and 32GB of storage. That’s not a lot of space, of course, but Chrome OS wasn’t designed to download and install programs. On that same note, the platform now supports Google Play and Android apps, so Acer helps alleviate your storage woes with a built-in SD card reader.

Notable features in Acer’s Chromebook include a 15.6-inch screen supporting wide viewing angles, deep colors, and a Full HD resolution. There are also two USB-C ports, both of which can be used to charge the Chromebook. Meanwhile, all four USB ports are capable of video output and wired networking using a compatible adapter (although Google would likely rather you purchase a Chromecast for pushing your screen on an external display). Other ingredients include a 720p webcam and Wireless AC networking.

See on Best Buy

Screen size: 15.6 inches
Screen type: In-Plane Switching
Resolution: 1,920 x 1,080
Processor: Intel Pentium N4200
Graphics: Intel HD Graphics 505
Memory: 4GB LPDDR4
Storage: 32GB
Audio: 2x speakers
Connectivity: Wireless AC
Bluetooth 4.2
Ports: 2x USB-C (Gen1)
2x USB-A (Gen1)
1x Headphone / microphone combo
1x SD card reader
Camera: 720p Webcam
Battery: Up to 12 hours
Dimensions: 14.9 x 10.1 x 0.75 inches
Weight: 4.30 pounds
Color: Silver
Price: $399

Best touchscreen laptop on a budget

Dell Inspiron 15 5567-3655GRY

Best touchscreen keyboards

Why you should buy this: Dell’s Inspiron 15 5567 is a decent touch-based 15.6-inch solution based on a seventh-generation CPU, and a Full HD screen.

Who’s it for: Customers seeking a touch-based laptop for under $600

How much will it cost: $589

Why we picked the Dell Inspiron 15 5567:

Finally, we have a great touch-based laptop for under $600. It’s based on Intel’s seventh-generation Core i5-7200U processor, and the chip’s integrated HD Graphics 620 component. This combo powers a 15.6-inch screen with a Full HD resolution, and is backed by 8GB of system memory running at a decent 2,400MHz and a rather slow hard drive spinning at a mere 5,400 rotations per minute.

As for other features, this laptop provides three USB ports, HDMI-based video output for external monitors and HDTVs, wired networking, an SD card slot, and a 720p infrared camera that supports Windows 10 facial recognition via Windows Hello. Unfortunately, the Wireless AC component is capped at 433Mbps, which is half of what you typically see in most laptops sold on the market.

Note that if you want more oomph out of a laptop, there’s a version with a discrete GeForce GTX 1050 graphics chip for $100 more.

See on Amazon

Screen size: 15.6 inches
Screen type: Twisted Nematic
Resolution: 1,920 x 1,080
Processor: Intel Core i5-7200U
Graphics: Intel HD Graphics 620
Memory: 8GB DDR4 @ 2,400MHz
Storage: 1TB 5,400RPM HDD
1x DVD burner
Audio: 2x Waves MaxxAudio Pro speakers
Connectivity: Wireless AC (up to 433Mbps)
Bluetooth 4.2
Ports: 2x USB-A (Gen1)
1x USB-A 2.0
1x HDMI 1.4a
1x SD card slot
1x Ethernet
Camera: 720p IR camera
Battery: 42WHr
Dimensions: 10.20 x 15.35 x 0.92 inches
Weight: 5.19 pounds
Color: Fog Gray
Price: $589


via Digital Trends http://bit.ly/2B15SUs

Toutiao is making fake news to train its anti-fake news AI

Toutiao’s AI software did not generate this headline, but for the 20 million pieces of content that flow through the platform each day, headline generation and AB testing are just two of the AI services Toutiao uses to get more people tapping.

Speaking to foreign journalists for the first time as head of the Jinri Toutiao AI Lab and vice president of the app’s owner Bytedance, Dr. Ma Wei-Ying talked about the tech that his lab is working on, why it has a bot that generates fake news and what it knows about its users.

Jinri Toutiao is a news recommendation app that is trained and updated in real time on a user’s behavior. Unlike search engines, Ma pointed out, its search function is individual rather than one ranking for everyone.

“This is the democratization of content creation,” said Ma, putting Bytedance in line with other Chinese tech companies that have recently declared themselves as content companies. “Toutiao is becoming a new information platform for people to find information and connect with information. People are using their smartphones not just to access information, but to create information. They don’t need their own website–they can use Toutiao to directly upload and publish the information and content they create.”

The tremendous amount of data generated by users and creators allows the training of neuro-network models. Applying AI to the data gathered is generating a better understanding of the world these users are in. “We are moving from a digital representation of the world to a semantic representation of the world”.

Ma believes the system is going to improve across the board. “Content creation will be fundamentally revolutionized in next few years” as AI allows the “mining of human intelligence to close the feedback loop” of each stage of the lifecycle of content creation, moderation, dissemination, and consumption. Here’s how.

Make fake news to beat fake news

Bytedance has a different approach to tackling fake news: writing it. The AI lab that Ma heads has developed a bot that uses the company’s growing database of real fake news stories to generate its own fake fake news. It then has another bot for detecting fake news which is trained by analyzing its counterpart’s fake feed, and by drawing on a matching database of real news. “One is good at writing, which means this also helps us to advance machine writing, and the other is machine reading. These two can push each other to improve by using the label data and assimilated data through our algorithms,” said Ma.

Ma believes that having two competing algorithms allows them each to improve. Toutiao lets users report what they believe to be fake news and analyzes comments to detect whether they suggest the content might be fake. When the system identifies a piece of fake news that has got through, it will notify all who have read it that they had read something fake.

Bytedance is using this “dual-learning” technique in other ways. It machine translates news from Chinese into English, then has another program to translate that article from English into Chinese to improve both processes. Fake news can also be translated to allow the algorithms to train for Toutiao’s global expansion. Other aspects of global expansion are language-independent, such as video, meaning those algorithms have already been trained on large numbers of Chinese users.

In the future, the culmination of analyzing successful pieces, building a database of popular topics, and developing machine writing will mean Toutiao will be able to automatically generate articles for its readers on their favorite subjects.

Better algorithms, better articles

“We adjust our strategy every week. It’s a constant experiment,” said Ma. The system is monitoring in real time and is also working to predict if a piece of content will be a success. Algorithms offer four headlines to article writers then conduct AB testing to determine which is having the most impact. But not all articles are subject to algorithms due to the computing power involved. Only when a piece starts to gain traction will it get extra help.

Machine learning is used for viral prediction. It compares incoming articles with previous content that has taken off and as the machine learning proves successful, the accuracy of the system increases with constant feedback. Ma acknowledged that care has to be taken to prevent the algorithms from distorting the popularity of particular elements of content or stopping content from new users getting through who have yet to establish a positive profile from the system.

Automated sports commentary

Object recognition in video is also finely developed to fuel more personalization. Bytedance is working on smarter, personalized sports coverage, explained Ma. The current one-feed-fits-all approach will be replaced with a tailored viewing experience when fan data recognizes an interest in, for example, a particular player. Coverage will focus more on that player, with the end goal being a personalized, automated commentary and onscreen captions.

Location, location, location. And time.

Toutiao builds up an idea of users’ lives including their whereabouts and habits. As well as understanding what content the user is interested in, the AI adjusts recommendations based on current and historic location. Ma gave an example of this which shows the sophistication of the tool. Chinese people living in the US, using Toutiao as part of their everyday lives there, are generating a footprint. Then suddenly Chinese New Year comes around and the location changes from the US to somewhere in China. The news may change accordingly there and then, but once the user heads back to the States, the software assumes that the user’s location at Chinese New Year was significant to them, and probably their hometown. Once back in the US, if any news stories crop up in their supposed hometowns, they will show up in the users’ feeds.

Time is used as a gauge for what is appropriate to send. Algorithms work out when a person is busy and so the app will not bombard them with too much content and will save it until they are free. On a larger scale, the data is providing profiles of cities and areas of cities in terms of people’s working habits. On an individual scale, these patterns can suggest what a person’s occupation is, but the data is anonymized. The system generates a user ID per smartphone, made up of a billion factors and which only an algorithm can identify.

Moderation and government relations

In a separate briefing, Bytedance senior vice-president for corporate development Liu Zhen revealed that of the 20 million pieces of content uploaded to Toutiao each day, 90% are machine moderated. Meaning the other 2 million pieces are human-reviewed. Although Toutiao has been working on its moderation for five years, humans are and always will be needed, according to Ma.

“We have a very good communication channel between the company and the government. So far we’ve been working very hard because we are a new platform, a new kind of application exploring a new frontier. Things have been going quite smoothly because the communication channel is very open and very healthy,” said Ma.


via TechNode http://bit.ly/2B0Aa9v

The Art and Science of Personal Branding Online #Infographic

The Art and Science of Personal Branding Online

Personal branding is a relatively new term, but the idea has been around for a long time. How people perceive you becomes your personal brand, and it is changing thanks to social media. Now in addition to caring about your personal appearance you have to also care about how you look online. Upwards of 70% of recruiters look at your online presence to get an idea of who you are as a person before they ever call you in for an interview. What are you doing to set yourself apart from the crowd?

via Visualistan http://bit.ly/2AF0sLU

Microsoft’s new ARM-Powered Windows 10 PCs can Last all Day Long and Support LTE Connections

Almost exactly a year ago, Microsoft revealed its plans for a new wave of Windows 10 computers called “Cellular PCs”. With this technology, Microsoft made it possible for manufacturers to offer the full-fledged Windows 10 experience on ARM-powered devices. Today, the company together with Qualcomm and a bunch of hardware makers is unveiling the first set of “always-connected” hybrid laptops.

windows-10-always-connected

These new type of Windows 10 computers essentially try to bring a smartphone experience to laptops. For starters, they are “always-on” which means they last all day on a single charge (20–22 hours) and you’ll be able to instantly wake them up without worrying about standby drains just like a phone. In addition to that, they support LTE connections, hence the “always-connected tag”.

Unlike previous attempts, this time, you won’t have to live with any compromises while running Windows 10 on an ARM computer. Microsoft says it has natively compiled the software so that each and every Windows process can be executed on them (Read that as “there’s no emulation involved”). Furthermore, desktop applications are compatible as well. Although there’s one drawback right now — 64-bit Windows apps aren’t supported yet unless developers rebuild them. Apps like Photoshop, Chrome, Office will function just fine, however. The biggest question mark currently lies in the performance department as we’re still not sure if Qualcomm’s flagship Snapdragon SoCs can really meet all of the usual laptop demands. However in this demo video below the Windows 10 PC based on Qualcomm Snapdragon does look to be pretty fast.

To kick things off, Asus and HP have already launched their own always-connected PCs which are powered Qualcomm’s 835 chipsets. Lenovo will be unveiling its own in the coming months.

asus-novago

The new Asus NovaGo is a 2-in-1 featuring a 13.3-inch HD screen, up to 8GB of RAM, 256GB of internal storage, and an impressive set of I/O ports including two USB 3.1 ports, HDMI, and a MicroSD card reader. It starts at $599 for the base model that comes with 4GB RAM, 64GB storage and goes all the way up to $799 for the 8GB RAM and 256GB storage variant.

HP_ENVY_x2

HP’s Envy x2, on the other hand, is a marginally compact hybrid PC featuring a 12.3-inch display, up to 8GB RAM and 256GB storage. Both of these also support Stylus input, run Windows 10 S out of the box with an option for a free upgrade to Windows 10 Pro and can connect to LTE networks. The Envy x2 will be available sometime in Spring next year.

Microsoft is just getting started with these so-called always-connected computers and if the company manages to deliver even remotely on the promises, it can certainly present a substantial threat to longtime Windows chipset partner, Intel. However, for now, at least, they are priced roughly in the same range as their more powerful counterparts. Hence, performance will play a key role in their success. That being said, Microsoft’s ambitions are promising here. There’s also a good chance the company will launch an ARM-powered Surface device in the coming months.

via Technically Personal! http://bit.ly/2iXG9oS

Another Shady App Found Pre-Installed on OnePlus Phones that Collects System Logs

The OnePlus Saga Continues…

Just a day after the revelation of the hidden

Android rooting backdoor

pre-installed on most OnePlus smartphones, a security researcher just found another secret app that records tons of information about your phone.

Dubbed

OnePlusLogKit

, the second pre-installed has been discovered by the same Twitter user who goes by the pseudonym “

Elliot Alderson

” and discovered the controversial “

EngineerMode

” diagnostic testing application that could be used to root OnePlus devices without unlocking the bootloader.

OnePlusLogKit is a system-level application that is capable of capturing a multitude of things from OnePlus smartphones, including:

  • Wi-Fi, NFC, Bluetooth, and GPS location logs,
  • Modem signal and data logs, hot and power issue logs,
  • list of the running processes, list of running service and battery status,
  • media databases, including all your videos and images saved on the device.

Unlike EngineerMode (which was found on devices by several manufacturers including HTC, Samsung, LG, Sony, Huawei, and Motorola), the OnePlusLogKit application (

decompiled APK

) most certainly is present only in OnePlus devices.

Since OnePlusLogKit is disabled by default, the attacker would require access to the victim’s smartphone to enable it.

With the physical access to the targeted smartphone, one can quickly enable it by dialing

*#800#

→ “

oneplus Logkit

” → enable “

save log

,” or one can use social engineering to get the owner of the device to do it themselves.

Once enabled, any other application installed on your device can collect the logged information (stored unencrypted in the /sdcard/oem_log/ folder) remotely without requiring user interaction.

Although the app in question has been designed for device manufacturers and engineers to log the events/activities to diagnose system issues, the amount of information collected here could also be used for nefarious purposes.

OnePlus has yet to comment on this latest issue, while the Chinese company did not see the previous EngineerMode diagnostic tool as a major security issue, although it promised to remove the adb root function in the upcoming OxygenOS update.

“While it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges,” the OnePlus spokesperson said in a statement.

“Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.”

Qualcomm, who was believed to be the creator of the EngineerMode APK, also responded to allegations, saying that there are traces of source code from their original app, but the current APK found on devices from various manufacturers has been modified by someone else.

“After an in-depth investigation, we have determined that the EngineerMode app in question was not authored by Qualcomm,” Qualcomm claims.

“Although remnants of some Qualcomm source code is evident, we believe that others built upon a past, similarly named Qualcomm testing app that was limited to displaying device information. EngineerMode no longer resembles the original code we provided.”

Meanwhile, another security researcher has released an Android application to

root OnePlus phones

quickly by using the backdoor discovered in EngineerMode.

via The Hacker News http://bit.ly/2hvPXSo