News

Security Expert Reveals MacOS Malware Capable of Synthetic Mouse Clicks

Security Expert Reveals MacOS Malware Capable of Synthetic Mouse Clicks

Patrick Wardle of Digita Security revealed at the recently-held DefCon in Las Vegas a malware that can perform synthetic clicks on MacOS, which can allow attackers to bypass permission prompts and compromise the user’s system. Wardle said that such a malware, which synthetically interacts with the user interface, can be used to bypass layers of security so the attacker can access the user’s location, steal their contacts or even take over the computer’s kernel core system to fully control the computer. Wardle added that he came across the “synthetic clicks“ bypass technique by incorrectly pasting code.   Source: Wired

Firmware Vulnerabilities Found in Big Brand Android Models

Firmware Vulnerabilities Found in Big Brand Android Models

Security researchers revealed at DefCon last week around 47 vulnerabilities in the firmware and apps of 25 Android smartphone models, some even belonging to big brands including ZTE, Sony, Nokia, LG, Asus, and Alcatel. Some of the flaws can permit the attacker to access or send text messages from the user’s phone, take screenshots, record videos of the device’s screen, access the user’s contacts list, force installation of third-party arbitrary apps without the user’s knowledge or consent, and even wipe user data. Angelos Stavrou, CEO of Kryptowire, said that the sheer number of phone models and firmware makes it very […]

11-Year Old Gives Hacking Demonstration of US Voting System  

11-Year Old Gives Hacking Demonstration of US Voting System  

In a recent hacking competition sponsored by non-profit R00tz Asylum, 11 year old Bianca Lewis showed how easy it was for hackers to compromise the infrastructure of the US voting system. The contest was part of the recently held Def Con conference in Las Vegas which was attended by more than 300 young hackers. By attacking a replica website, Lewis showed that it was possible to change the number of votes or even delete candidates off the system. It was noted that Congress last month rejected an amendment that would have allotted $380m for boosting electoral security for 2019. Source: […]

Facebook Drops Content on 3D Printing of Guns

Facebook Drops Content on 3D Printing of Guns

Facebook said this week that it has removed content related to the 3D printing of firearms on its platform. The move comes as the debate on gun control intensifies in the US. A spokesperson said that instructions on how to manufacture guns using 3D printers go against the social network’s Community Standards, but it was not clarified if only posts would be removed and not pages.   The company however assured that it will be sharing an updated policy on the restricted product shortly. Source: Reuters

Platform for Selling of Exploits, Zero-Day Vulnerabilities Launched

Platform for Selling of Exploits, Zero-Day Vulnerabilities Launched

Dubai-based exploit buyer Crowdfense announced this week the launch of its platform where researchers can sell zero-day security flaws and exploit chains. Scheduled to be opened on September 3, the company’s Vulnerability Research Platform will serve as a venue for the submission, discussion, and sales of vulnerabilities. The platform will also offer step-by-step guides, technical evaluations, pricing and follow-up communication channels. The company’s bug bounty program, which was launched earlier this year, offers researchers rewards from $500,000 up to $3 million for zero-day bugs and partial exploit chains. Source: ZDNet

Cortana Exploit Used to Bypass Windows 10 Security

Cortana Exploit Used to Bypass Windows 10 Security

Kzen Networks security researchers Amichai Shulman and Tal Be’ery, with Israel Institute of Technology’s Ron Marcovich and Yuval Ron, revealed this week a vulnerability in Microsoft’s Cortana which can allow attackers to bypass the security of a locked Windows 10 computer. The bug, CVE-2018-8140, allows attackers to use a limited range of vocal commands to Cortana even when the keyboard is locked. However, activating the voice assistant unlocks the keyboard, allowing the attacker to launch local commands without the need for authentication or user validation.   The researchers said that using this method, it was possible to retrieve data from […]

North Korean Hackers Reuse Old Code in New Attacks

North Korean Hackers Reuse Old Code in New Attacks

McAfee and Intezer revealed this week that North Korean hackers may be re-using old malware and computer infrastructure which leave evidence that could be used to trace incidents back to them. McAfee senior principal engineer Christiaan Beek said that while the hackers do improve as time goes, the code that they use show a lot of overlap with other campaigns such as elements of the malware used in WannaCry. Intezer’s Jay Rosenberg says that the state-sponsored hacking groups’ reasons for re-using the code are likely the same as any other developer, which is to save time and resources to ensure […]

PCC to Set Rules on Grab to Ensure Fairness

PCC to Set Rules on Grab to Ensure Fairness

The Philippine Competition Commission (PCC) said this week that it will be strictly monitoring Grab to make sure that it follows rules to ensure fairness to consumers given its “virtual monopoly” on the local ride-sharing market. PCC chairman Arsenio Balisacan says that they will hold Grab to the commitments it has previously made, which include the improvement of fare transparency, higher acceptance rates for bookings and faster response time to complaints, and re-evaluation of drivers incentives. The watchdog said that Grab can face fines up to two million pesos per offense, and serious non-compliance can lead to the invalidation of […]

Australia Appoints Interim National Data Commissioner

Australia Appoints Interim National Data Commissioner

The Australian government has appointed this week Deborah Anton as its interim National Data Commissioner who will be in charge of overseeing the country’s public data system, and implement its new data sharing and release framework. Anton, who has already had a 20 year career in the Australian Public Service, will be working closely with the privacy commissioner to help strengthen safeguards around the integrity, management, and use of government-held data. The National Data Commissioner will be provided with technical assistance by the Australian Bureau of Statistics (ABS), while a new National Data Advisory Council will advise the commissioner on […]

China Renames National Technology and Education Leadership Group

China Renames National Technology and Education Leadership Group

A circular published on China’s government website this week revealed that the country’s National Technology and Education leadership Group will be revamped to shift focus on technology. Premier Li Keqiang will be leading the renamed body with vice premier Liu He as deputy. It is said that the revamp of the national leadership group signals potential policy shifts as the country’s technological ambitions triggered backlash abroad. Other top officials from various ministries and key central government bodies such as central bank head Yi Gang and State-owned Assets Supervision and Administration Commission director Xiao Yaqing, is set to join the group. […]