Recent Posts

Study Says 90% of Companies are Hit with 3 Year Old Vulnerabilities

Study Says 90% of Companies are Hit with 3 Year Old Vulnerabilities

A study by network security company Fortinet revealed that as many as 90% of companies that they protect get hit with attacks that exploit vulnerabilities that are 3 years and older, and around 60% with exploits 10 years and older. Experts say that most hackers who exploit older vulnerabilities won’t have the same skill level as nation-state hacking units, and will therefore rely on working open-source exploits that eventually get shared on exploit-sharing sites. The study highlights the importance of updating security systems as early as possible, and not leaving it unpatched for years. Source: Bleeping Computer

Zerodium Offers Big Bounty for Popular Messaging Apps Zero Days

Zerodium Offers Big Bounty for Popular Messaging Apps Zero Days

Exploit acquisition platform Zerodium is now offering $500,000 for valid zero day exploits on popular messaging apps that include iMessage, Telegram, WhatsApp, Signal, Facebook, Viber, and WeChat. Zerodium says that they pay the highest rewards on the market for high-risk vulnerabilities with fully functional exploits, unlike other bug bounty programs that accept any kind of flaws and PoCs in exchange for low rewards. The company is also paying $150,000 for exploits that impact baseband frequencies, media files and documents, and as high as $1 million for an iOS jailbreak that requires human interaction. Source: ZDNet

Telstra Launches Cybersecurity Center in Sydney

Telstra Launches Cybersecurity Center in Sydney

Sydney, Australia – Telcoms provider Telstra has launched its latest security operations centre (SOC) in Sydney which opened for customers last Thursday. The Australian telco giant already has sites in Melbourne and Canberra, and is planning to launch more across the globe. The centers are built to Australian Security and Intelligence Organisation (ASIO) T4 standard which employ heightened security protocols. CEO Andy Penn says the SOCs will provide enterprise customers with world-class security teams, and increased visibility and insight for business cyber-risk management. Source: ZDNet

Google to Fully Unveil Titan Security Chip This Week

Google to Fully Unveil Titan Security Chip This Week

Search giant Google is scheduled to disclose the technical specs of its Titan computer chip this week, which will be used to bolster its cloud computing network’s security features. Neal Mueller, head of infrastructure product marketing for Google Cloud Platform, revealed that Titan scans the hardware for any tampering, and prevents the machine from booting due to changes.   Hoping to capture a bigger piece of the cloud services market from Amazon and Microsoft, Google will be installing the stud earring-sized chip on network cards and servers in its data centers. Representatives from the top two companies in terms of […]

Android Oreo Introduces Per-App Permissions Feature for Better Security

Android Oreo Introduces Per-App Permissions Feature for Better Security

The latest version of the Android OS now uses a more secure procedure when installing third-party apps, thus protecting the device from possible malicious app activity.   In the previous Android versions, users were given an option to ‘Install from unknown sources’. However, this feature did not protect the device from malicious installations even when activated. Google has opted to drop the procedure in Android 8.0, where users will now need to grant permissions to apps individually. Experts say that the new feature should help prevent an ‘all or nothing’ permission scenario that increases the likelihood of hostile takeovers. Source: […]

New Cyber Attack Method Changes Email Content After Delivery

New Cyber Attack Method Changes Email Content After Delivery

A Mimecast security researcher has discovered a scenario where an attacker can alter the message in an email after it gets sent using remote CSS files. The attack, called ROPEMAKER – Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky, can be carried out using two methods, according to Francisco Ribiero. One would be to use CSS’ “display” function of various elements, and another would be to embed matrices of all ASCII characters for each letter inside the email. Both methods are currently undetectable by email scanners and security products. However, the researcher noted that there hasn’t been any ROPEMAKER […]

Walmart to Use Google Assistant for Voice Shopping

Walmart to Use Google Assistant for Voice Shopping

Last Wednesday, Walmart and Google announced that they are embarking on a partnership to deliver a voice shopping service using Google’s virtual assistant. Shoppers will now be able to use Walmart’s “Easy Reorder” feature via Google Express. Walmart’s head of US ecommerce Marc Lore says that even though the technology is still in its early stages, the company can see that voice shopping will be a powerful mechanism in enhancing shopping experience, judging from AI advancements in the last two years. Google Express is also dropping membership fees, and will be offering free delivery within 1 to 3 days on […]

Several Apps on Google Play Infected with BankBot Malware

Several Apps on Google Play Infected with BankBot Malware

Security researchers have confirmed that the apps “Bubble Shooter Wild Life” and “Earn Real Money Gift Cards”, which can be downloaded from Google Play, carry a banking trojan called BankBot. Securify co-founder Han Sahin said that the malware was able to bypass Google’s internal scanner since the infected apps act as a downloader which drops the trojan onto the device. Another researcher from Zscaler supported these findings and added that the malicious apps usually employ techniques such as time delays and code obfuscation. Due to recent malware issues plaguing Google Play, users are reminded to be extra cautious when downloading […]

Microsoft’s AI Now on Par with Human Transcribers

Microsoft’s AI Now on Par with Human Transcribers

Last Monday, Microsoft announced that its AI-powered speech recognition system has achieved an error rate of only 5.1%, which is the same as the rate of a professional human transcriber. Microsoft’s AI transcribing system was tested against the Switchboard corpus, which is a dataset that involved the transcription of slightly formal conversations of people on a range of topics. However, on this occasion it was not tested against the CallHome dataset, which uses more casual, open-ended conversations. Despite the milestone, Microsoft says that some of the main obstacles are different accents and speaking styles. Environmental noise is also a big […]

Twitter May Soon Be Unblocked in Iran

Twitter May Soon Be Unblocked in Iran

  Last Tuesday, Iran’s new telecom minister Mohammad Javad Azari Jahromi said that Twitter has officially expressed their willingness to talk with Iran on unblocking the microblogging site in the country. Iran’s Supreme Council of Cyberspace has previously blocked the social media giant, along with Facebook, over violent protests against President Mahmoud Ahmadinejad. Citizens who wished to access the sites within the country had to use a VPN. Twitter, however, declined to give a response on the matter. Source: ABC News