Software

Hackers Make ATMs Spit Out Cash Using “Cutlet Maker”

Hackers Make ATMs Spit Out Cash Using “Cutlet Maker”

Last Tuesday, a hacker or hacker organization was reported to be selling an ATM malware called Cutlet Maker that uses a USB port to command ATMs to churn out cash. The malware has been on the Dark Web market AlphaBay since May 2017. However, since AlphaBay was shut down, moderators created a new website called “ATMjackpot” to sell it back on the web. The new version operates on any type of Wincor Nixdorf ATM, requiring simple connection to the machine’s USB plug. On the website, hackers uploaded four videos showing how anyone can run the malware to obtain instant cash. […]

New Hardware Flaw Undermines RSA Encryption

New Hardware Flaw Undermines RSA Encryption

Last Tuesday, security researchers from various universities identified a vulnerability in security tokens, cryptographic smartcards, and chipsets produced by German manufacturer Infineon Technologies that could jeopardize software signing, account security, and token authentication for various computer products. The CVE-2017-15361 ROCA vulnerability, which was found in the implementation of RSA keypair generation in a cryptographic library,  allows an attacker to carry out a “practical factorization attack.” where a public key can be used to generate a private key. The experts found that RSA keys from the bugged hardware were not generated randomly, making them easy to crack. The team confirmed there […]

Google Adds Anti-virus Feature to Windows Chrome Browser

Google Adds Anti-virus Feature to Windows Chrome Browser

Last Tuesday, Google officially added three new security features in its Chrome browser for Windows. The updates are intended to strengthen Chrome’s anti-malware inspection and removal functions. The updated browser will automatically recognize if unauthorized changes have been made on the settings, and will prompt users to restore the primary settings. Google also improved Chrome’s Cleanup application to provide an easier way to recover default settings in an infected browser. Engineers have redesigned the Cleanup alerts to let users know which software to delete. Finally, Google added an ESET anti-virus malware detection engine that works with the Chrome sandbox feature. […]

Over 100 Organizations Call on Apple to Take Down Duterte Apps

Over 100 Organizations Call on Apple to Take Down Duterte Apps

In a letter to Apple dated last October 10, 131 groups urged CEO Tim Cook to remove apps that “promote murder, extrajudicial killings, violence, and the war on drugs in the Philippines.” Signed by human rights groups, rehab centers and drug user organizations from around the world, the letter also urged Cook to have Apple conduct a formal review of the apps and issue an apology for allowing “insensitive content” on the App Store. The apps being referred to are shooting games that feature Philippine president Rodrigo Duterte. The groups pointed out that the games were in violation of the […]

Russian, Crimean Organizations Obtain Microsoft Products Despite Sanctions

Russian, Crimean Organizations Obtain Microsoft Products Despite Sanctions

News agency Reuters recently discovered that Russian and Crimean state organizations were able to acquire Microsoft products, despite sanctions prohibiting US businesses from dealing with them. Sources involved in the transactions revealed that the products were sold by third parties, and there is no evidence that would show Microsoft’s direct participation in the sale. A representative from Microsoft said that the company is looking into the situation, stressing that their robust trade compliance process will ensure that any improper sales and usage by banned customers will be acted upon. Source: Reuters

Singapore A*STAR’s “REX” to Improve Network Security

Singapore A*STAR’s “REX” to Improve Network Security

Singapore’s Agency for Science, Technology and Research (A*STAR) recently announced that it has developed a new kind of data structure dubbed “REX” which is designed to block cyber attacks and facilitate better data flows within the network. Vrizlynn Thing of A*STAR’s Institute for Infocomm Research says that the Resilient and Efficient data Structure (REX) is able to address the inefficiencies of traditional hash tables using different memory technologies and the characteristics of internet traffic, thus improving network performance. Thing revealed that REX was able to outperform Cuckoo and Peacock in data analysis of real, recorded network traffic. However, they would […]

Office Depot, Best Buy Stops Selling Kaspersky Software

Office Depot, Best Buy Stops Selling Kaspersky Software

It has been revealed that Best Buy and Office Depot has pulled Kaspersky Lab products from their shelves, and has stopped selling them last mid-September. The move was prompted by the FBI, who was said to have pressured the private sector following suspicions that the Russian security company was in collaboration with Russian intelligence. The electronic chains are now also offering services to remove Kaspersky products from customers’ computers, and are also recommending replacement security software for free within a given period. Experts believe that this crackdown may have been a reaction to Russia’s threat to ban US companies who […]

Apple Releases Emergency Update for Disk Encryption Utility Flaw

Apple Releases Emergency Update for Disk Encryption Utility Flaw

Last Wednesday, Apple issued an emergency update for a flaw that exposes the passwords of encrypted APFS volumes in macOS High Sierra. The vulnerability was identified by Leet Tech’s Matheus Mariano who published his findings in a YouTube video. The issue occurs when a new encrypted APFS volume is mounted in High Sierra. When the user clicks the password hint button, the password is revealed instead of the hint. Mariano immediately reported the bug to Apple, who quickly moved to provide a fix which included a patch for a bug in the Keychain app that similarly exposes app passwords. The […]

WhatsApp Serves as Paedophile Cover, UK Interior Minister Says

WhatsApp Serves as Paedophile Cover, UK Interior Minister Says

Last Tuesday, British interior minister Amber Rudd expressed her concerns regarding WhatsApp’s encryption, saying that it can allow criminals like paedophiles to operate beyond the law’s reach. Speaking to party activists in Manchester, she added that companies should be compelled to move with greater urgency to address such issues, especially since they have the resources to do so. Rudd also called on Facebook, Twitter, Google, Microsoft, and other tech giants to put in greater effort in combatting extremist content. Source: Reuters

Google Identifies Serious Flaws in Dnsmasq

Google Identifies Serious Flaws in Dnsmasq

Google researchers have recently disclosed 7 “serious” flaws in Dnsmasq, a software package used in a growing number of devices. As a lightweight network infrastructure builder, the software is also found in IoT devices, routers, smartphones, and even Linux distributions. The Google security team reported that the vulnerabilities they found could be used for remote code execution or information leaks. The team worked with Simon Kelly, the software’s maintainer to create fixes which have been uploaded on the Dnsmasq Github page. Dnsmasq version 2.78 is not affected by said flaws. Source: ZDNet