Software

Major Tech Companies Allow Russia to Scrutinize Software Used by US Government

Major Tech Companies Allow Russia to Scrutinize Software Used by US Government

According to a Reuters source, major tech firms such as SAP, Symantec, and McAfee are allowing the Russian government access to the source code of software being used across US government agencies. Allowing Russian defense agencies to probe the inner workings of their products is the only way tech companies will be able to do business in Russia, which its government says is necessary so that it can detect possible flaws that could be exploited. However, US lawmakers and security experts say that this could potentially put the security networks of federal agencies such as the Pentagon, NASA, the State […]

Skype, Signal, Slack, Twitch Affected by Software Framework Flaw

Skype, Signal, Slack, Twitch Affected by Software Framework Flaw

Last Monday, the Electron team revealed that it had patched a bug that affects the Electron framework, a a popular software-building framework used by a number of desktop apps such as Skype, Signal, Slack, Basecamp, WordPress.com, Twitch, Ghost, and others. The remote code execution vulnerability in Electron only affects Windows apps. The team also included a workaround for developers whose apps cannot be updated to the new Electron framework code, but warned that attackers may soon find a way to exploit it. Microsoft also announced that it has updated Windows Defender so that it can detect any attempts of attackers […]

“Text Bomb” Security Flaw Causes iPhones to Crash

“Text Bomb” Security Flaw Causes iPhones to Crash

A security flaw affecting Apple Macs and iPhones was recently discovered by software developer Abraham Masri who posted it on GitHub last Tuesday. The bug, called “chaiOS” causes devices to crash or restart. The chaiOS “text bomb” can be activated simply by sending a link to the device, even without having the user click on it. The bug can also crash the Safari browser and cause slowdowns on a Mac. However, renowned security expert Graham Cluley said that chaiOS is not a major security threat, but rather more of an annoyance to Apple users. Cluley added that it was not […]

Four Malicious Chrome Extensions Affect Over 500,000 Users

Four Malicious Chrome Extensions Affect Over 500,000 Users

Security researchers from US cyber-security firm ICEBRG recently identified four extensions on the official Chrome Web Store which uses malicious Javascript code to perform click fraud using the user’s browser. According to ICEBRG, they found malicious behavior from the four following extensions: Change HTTP Request Header (ppmibgfeefcglejjlpeihfdimbkfbbnm) Nyoogle – Custom Logo for Google (ginfoagmgomhccdaclfbbbhfjgmphkph) Lite Bookmarks (mpneoicaochhlckfkackiigepakdgapj) Stickies – Chrome’s Post-it Notes (djffibmpaakodnbmcdemmmjmeolcmbae) The extensions had already been taken down after ICEBRG notified the National Cyber Security Centre of The Netherlands (NCSC-NL), the United States Computer Emergency Readiness Team (US-CERT), and the Google Safe Browsing Operations team. However, a number […]

New Mac OS X Malware Hijacks DNS Settings

New Mac OS X Malware Hijacks DNS Settings

Security researcher Patrick Wardle recently spotted in the wild a variant of an old Windows DNS hijacker malware targeting Mac OS X systems. The hijacker dubbed MaMi, forcibly changes a user’s DNS entries to 82.163.143.172 and 82.163.142.174. Wardle initially came across the MaMi on Malwarebytes when a user encountered the DNS hijacking issue after installing a nuisanceware called “MyCoupon”. Evidence indicate that the malware is relatively new and unsophisticated. However, it also includes several other functionalities including screenshot capture, file upload and download,  generation of simulated mouse events, arbitrary code execution. The malware is also very persistent and installs a […]

Apple Health Data Used in German Murder Trial

Apple Health Data Used in German Murder Trial

It was reported that data from Apple’s Health App had provided crucial evidence in a recent trial involving a refugee accused of rape and murder. The police suggested that the steps recorded by the Health App in the suspect’s phone may help confirm his activity. Hussein K, the accused, is said to have dragged his victim down the River Dresiam and climbed back up. The refugee admitted to only some of the details in the rape and murder of 19-year old medical student Maria Ladenburger which happened in October 2016.      Source: BBC

Bad App Design May Compromise Industrial Control Systems

Bad App Design May Compromise Industrial Control Systems

In a blog post entitled SCADA and Mobile Security in the Internet of Things, Analysts from IOActive and Embedi recently suggested that most mobile applications used for controlling internet-connected SCADA (industrial control and supervisory control and data acquisition) are being made without giving much thought to security. This can compromise systems used to control facilities such as nuclear power plants. Director of advisory services at IOActive Jason Larsen said that such apps are being built with the same rapid development mindset adopted by most mobile devs, instead of the measured and tested development employed in industrial control. The researchers found […]

Second Meltdown Fix for Ubuntu Released  

Second Meltdown Fix for Ubuntu Released  

After receiving reports that the initial Meltdown fix released last Tuesday had caused some Ubuntu systems not to boot, Canonical immediately released a second version last Wednesday, along with a security notice. The company behind the popular Linux distro apologized and confirmed in a post that the Meltdown fix was indeed responsible for the booting issue on Ubuntu 16.04 LTS Xenial machines. However, the second update proved to have addressed the issue completely, according to several users who wrote on the Ubuntu forums. VP of Ubuntu product development for Canonical Dustin Kirkland also tweeted that the fix for the Spectre […]

Adobe Issues Fix for Information Leak Bug

Adobe Issues Fix for Information Leak Bug

In a security update posted last Tuesday, Adobe informed its users of a new patch for Flash Player that addresses an information leak issue. The CVE-2018-4871 is a security vulnerability which can be exploited by hackers to extract leaked sensitive information from a system. The bug impacts computers running Windows, Linux, and Mac OS, as well as those that use Chrome, Edge, and Internet Explorer 11. Adobe encouraged users not to decline the automatic updates. Source: ZDNet

Researcher Publishes macOS Exploit Without Giving Prior Disclosure to Apple

Researcher Publishes macOS Exploit Without Giving Prior Disclosure to Apple

A security researcher who goes by the handle Siguza dropped a macOS vulnerability last December 31 without notifying Apple in advance. The bug is said to affect macOS versions as early as 2002, or may even be earlier. The bug is a local privilege escalation (LPE) flaw that gives root access to an attacker who already has a foothold on the computer. Siguza published his findings on the flaw which affects the IOHIDFamily macOS kernel driver on Github. Siguza said that he would have submitted the bug to Apple had it been included in the bug bounty program, or if […]