Software

Spotify Slapped with $1.6 Billion Copyright Lawsuit

Spotify Slapped with $1.6 Billion Copyright Lawsuit

Music streaming giant Spotify was recently sued for allegedly using songs without a license and compensation to music publishers. A company called Wixen Music Publishing Inc. filed the suit which seeks $1.6 billion in damages in a California federal court. Wixen holds exclusive rights to songs such as Free Fallin” by Tom Petty, “Light My Fire” by the Doors, (Girl We Got a) Good Thing by Weezer and works of artists such as Stevie Nicks. Spotify had already paid $43 million in a previous class action lawsuit which alleged that the company had failed to pay royalties for some of […]

Mozilla to Delete Telemetry Data Collected via Firefox Crash Bug

Mozilla to Delete Telemetry Data Collected via Firefox Crash Bug

Last week, Mozilla announced that it will be deleting telemetry data which were inadvertently collected due to a flaw in Firefox’s crash reporter. It was found that these crash reports are not fully anonymized and include sensitive data that may identify the user. Mozilla engineers revealed that Firefox had been sending back crash data automatically since the release of version 52, way back in March 2017. They added that they had to delete all the data, even the ones from those who agreed to send back reports, since they could not distinguish the difference between the reports.   Users and […]

Hundreds of WordPress Sites Still Using Backdoored Plugins

Hundreds of WordPress Sites Still Using Backdoored Plugins

Security researchers from White Fir Design recently warned that hundreds of WordPress sites are still using “boobytrapped” plugins that make them vulnerable to remote code execution by attackers. The plugins are said to have a code embedded in them which, according to experts, do not seem to have a legitimate purpose. The discovery was tied to a blog post by a web developer who first encountered the code way back in 2014. However, the White Fir team said that they are still getting requests from various IP addresses trying to access the code. The malicious plugins have already been removed […]

Low-res Photos Can Be Used to Bypass Windows 10 Facial Recognition

Low-res Photos Can Be Used to Bypass Windows 10 Facial Recognition

Last Tuesday, German pen-testing company SySS GmbH revealed that it is possible to use even a low-res printed photo to trick Windows 10’s facial recognition system. Windows Hello, a feature which is only available on Windows 10, can be used to unlock computers without requiring a password. SySS researchers said that they were able to unlock several Windows devices using only a laser color printout of a low-resolution (340×340 pixels) photo of the device owner’s face. The researchers added that Microsoft had already delivered a patch to address the issue, but only for  Windows 10 branches 1703 and 1709. Source: […]

New Office Patch Disables Word DDE Feature to Protect Against Malware

New Office Patch Disables Word DDE Feature to Protect Against Malware

In the latest Patch Tuesday for this month, Microsoft issued an Office update that disables Word’s Dynamic Data Exchange (DDE) feature to prevent attackers from using it to install malware. DDE allows Word to pull data from other Office applications such as Excel. However, it has been used by several malware campaigns in the 90’s, and once again in the past few months. It is said that malware distributors adopted a new method of using DDE from a tutorial published by security researchers from SensePost which showed how the feature can be weaponized for malware delivery. Microsoft also advised users […]

Ad-tech Firm Behind Intrusive Mac Adware Insists Product is Not Malware

Ad-tech Firm Behind Intrusive Mac Adware Insists Product is Not Malware

An Israeli ad-tech firm TargetingEdge was recently revealed to have sent cease-and-desist letters to researchers at Cybereason, threatening to take legal action if the security researchers publish their findings on the “sneaky” OSX.Pirrit adware. Last Tuesday, principal researcher at Cybereason Amit Serper divulged in his writeup how the OSX.Pirrit tricks users into providing root privileges to the adware’s installer, which downloads files used to maintain the malware’s persistence on the infected computer. The adware also attempts to appear as a legitimate macOS function and uses AppleScript to inject ads directly into the browser. Serper was also able to establish that […]

Developer Exposes Major MacOS High Sierra Login Flaw    

Developer Exposes Major MacOS High Sierra Login Flaw    

A Turkish software developer recently took to Twitter and exposed one of the biggest security flaws to be discovered on MacOS. Lemi Orhan Ergin tweeted last Tuesday of a flaw that allows anyone to gain root access to computers running High Sierra just by entering username “root” under Users & Groups, even without a password. Users with root access will be able to take full control of the system, and it was previously thought that this was disabled by default on Apple systems. Ergin was criticized by a number of users for not disclosing the issue privately with Apple. However, […]

Apple Drops ‘Duterte’ Games from App Store

Apple Drops ‘Duterte’ Games from App Store

A number of games featuring the likeness of Philippine President Rodrigo Duterte and PNP Chief Ronald ‘Bato’ dela Rosa had been removed from Apple’s app shop. Drug advocacy group Asian Network of People Who Use Drugs (Anpud) recently noted that several Duterte-related games such as Duterte knows Kung Fu: Pinoy Crime Fighter, Duterte Running Man Challenge Game, Fighting Crime 2, Tsip Bato: Ang Bumangga Giba! Can no longer be found on the App Store. Anpud had previously called on Apple and its CEO Tim Cook to remove the games, saying that the apps promoted murder, extrajudicial killings, and violence. The […]

Over 300 Android Apps Embedded with Trackers

Over 300 Android Apps Embedded with Trackers

Earlier this week, a study conducted by the Yale Privacy Lab and Exodus Privacy identified around 300 Android apps embedded with invasive trackers which record user activity without user consent. The researchers found tracking scripts not only in lesser known apps, but also in highly popular apps such as Uber, Twitter, Tinder, Soundcloud, and Spotify. While some of the trackers such as Google’s CrashLytics collect only crash reports, a number of others collected sensitive data such as user details and app usage info. The study said that the issue is also likely to be present in iOS. A list of […]

Square Introduces Bitcoin Trading on App

Square Introduces Bitcoin Trading on App

In its efforts to tap into the booming cryptocurrency market, payments company Square revealed that it is now testing the buying and selling of Bitcoins on its Cash app. The service, which is currently available only for select customers, had been initiated by their users who have shown an appetite for “alt-currency”, according to a spokesperson for the company. Square has expressed its interest in providing additional cryptocurrency services, saying that it will greatly help individuals participate in the global financial system. The company, as well as most Bitcoin investors, remain undeterred, despite recent efforts of governments opposing the increased […]