Software

Security Expert Reveals MacOS Malware Capable of Synthetic Mouse Clicks

Security Expert Reveals MacOS Malware Capable of Synthetic Mouse Clicks

Patrick Wardle of Digita Security revealed at the recently-held DefCon in Las Vegas a malware that can perform synthetic clicks on MacOS, which can allow attackers to bypass permission prompts and compromise the user’s system. Wardle said that such a malware, which synthetically interacts with the user interface, can be used to bypass layers of security so the attacker can access the user’s location, steal their contacts or even take over the computer’s kernel core system to fully control the computer. Wardle added that he came across the “synthetic clicks“ bypass technique by incorrectly pasting code.   Source: Wired

All-in-one Printers, Fax Machines Can be Used to Hack Company Networks, Researchers Warn

All-in-one Printers, Fax Machines Can be Used to Hack Company Networks, Researchers Warn

Check Point Software researchers warned this week that hackers can now take over company networks by exploiting a bug in fax machines and all-in-one printers. The researchers said that it is possible to steal company secrets just by faxing over lines of malicious code disguised as an image file. The file is then decoded and stored in the fax’s memory which the attacker can use to take over the machine. While HP said that they had already addressed the vulnerability, the researchers added that the new attack vector can still be used on faxes from other brands. Source: CNBC

Platform for Selling of Exploits, Zero-Day Vulnerabilities Launched

Platform for Selling of Exploits, Zero-Day Vulnerabilities Launched

Dubai-based exploit buyer Crowdfense announced this week the launch of its platform where researchers can sell zero-day security flaws and exploit chains. Scheduled to be opened on September 3, the company’s Vulnerability Research Platform will serve as a venue for the submission, discussion, and sales of vulnerabilities. The platform will also offer step-by-step guides, technical evaluations, pricing and follow-up communication channels. The company’s bug bounty program, which was launched earlier this year, offers researchers rewards from $500,000 up to $3 million for zero-day bugs and partial exploit chains. Source: ZDNet

Cortana Exploit Used to Bypass Windows 10 Security

Cortana Exploit Used to Bypass Windows 10 Security

Kzen Networks security researchers Amichai Shulman and Tal Be’ery, with Israel Institute of Technology’s Ron Marcovich and Yuval Ron, revealed this week a vulnerability in Microsoft’s Cortana which can allow attackers to bypass the security of a locked Windows 10 computer. The bug, CVE-2018-8140, allows attackers to use a limited range of vocal commands to Cortana even when the keyboard is locked. However, activating the voice assistant unlocks the keyboard, allowing the attacker to launch local commands without the need for authentication or user validation.   The researchers said that using this method, it was possible to retrieve data from […]

Huawei Faces Scrutiny in UK for Chinese Spying

Huawei Faces Scrutiny in UK for Chinese Spying

Huawei Technologies is expected to encounter heightened scrutiny in the UK as lawmakers have expressed their concerns on the company’s use of aging software that could facilitate Chinese spying. According to the report of a British government oversight board, the Chinese manufacturer’s use of the VxWorks operating system had technical and supply chain “shortcomings” which can expose the country’s telecoms networks to new security risks. Both the US and Australia had said in the past that Huawei’s products can be used by the Chinese for espionage operations, an allegation which the firm repeatedly denied. Source: Reuters

Investors Getting Bullish on Booming Video Game Industry

Investors Getting Bullish on Booming Video Game Industry

Analysts have recently noted that investors are starting to recognize that the esports industry is picking up and could be worth around $138 billion by the end of the year. Triogem Asset Management’s Tim Seymour said that the video game industry is changing the landscape for media companies, as well as how people engage in sports. He added that beside the excitement, the industry also attracts all demographics. Meanwhile, esports commentator Alex Mendez also pointed out that global nature of the industry helped its rapid growth since players can compete from just about anywhere. According to a recent report by […]

Russia, China, Included in US Government’s “Do Not Buy” List

Russia, China, Included in US Government’s “Do Not Buy” List

The Defense Department’s Ellen Lord revealed this week that the US government has included software and equipment originating from Russia and China in its “Do Not Buy” list. Lord added that manufacturers from these countries do not not operate in a way that is consistent with US defense standards.   The products and equipment, which were shielded through holding companies, were identified with the help of partners in the intelligence community.  However, the names of the manufacturers were not disclosed.   Source: ZDNet

Amazon’s Facial Recognition Misidentifies 28 Lawmakers in New Study

Amazon’s Facial Recognition Misidentifies 28 Lawmakers in New Study

A recent study commissioned by the American Civil Liberties Union of Northern California found a number of inaccuracies with Amazon’s facial recognition technology which was said to have disproportionately put people of color at risk. During testing, Amazon’s Rekognition technology misidentified 28 members of Congress as people arrested for a crime. However, the technology is already being used by law enforcement in Oregon and Orlando. The ACLU said that the findings should prompt regulators to stop the use of face surveillance by law enforcement. Two months before the study, the Congressional Black Caucus had already written to Amazon saying that […]

Top Google Exec Warns Against Biases of Facial Recognition Technology

Top Google Exec Warns Against Biases of Facial Recognition Technology

Google’s director of cloud computing, Diane Greene, recently told in an interview that facial recognition technology still has inherent biases and does not yet have the diversity it needs. The comment came after Amazon’s software wrongly identified 28 members of Congress, disproportionately people of colour, as police suspects. Greene also said that Google is still improving the reliability of its facial recognition technology by gathering vast sums of data. While the firm’s technology is currently being used to help identify friends in pictures, it is still not open for public use. Source: BBC

US Intelligence Warns Against Tech Supply Chain Attacks

US Intelligence Warns Against Tech Supply Chain Attacks

The US National Counterintelligence and Security Center (NCSC) recently warned in its Foreign Economic Espionage Report that countries such as China, Russia, and Iran are gearing up attacks made via the technology supply chain. NCSC director William Evanina said that cyber-actors are now targeting supply chains to get around tough corporate perimeters. One example is the booby-trapped version of CCleaner – a computer-cleaning program – which was discovered last September. The intelligence community further added that software supply chain infiltration has already threatened critical infrastructure and is likely to hit other sectors next. Source: BBC