Nearly two dozen Android flashlight and related utility apps were removed from the Google Play marketplace after researchers found a malicious advertising component dubbed “LightsOut” inside them. In total, the apps were downloaded between 1.5 and 7.5 million times. Security researchers at Check Point researcher discovered the family of malicious apps that “generated illegal ad […]
VMWARE ISSUES 3 CRITICAL PATCHES FOR VSPHERE DATA PROTECTION
January 7, 2018
VMware, a Dell Technologies subsidiary, released several patches Tuesday fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. The bugs address three vulnerabilities in VMware’s vSphere Data Protection (VDP), a backup and recovery solution used with its vSphere platform. According to the company, a remote attacker could exploit the vulnerabilities and take control of […]
APPLE RELEASES SPECTRE PATCHES FOR SAFARI, MACOS AND IOS
January 6, 2018
Apple released iOS 11.2.2 software Monday for iPhones, iPads and iPod touch models that patch for the Spectre vulnerabilities. A macOS High Sierra 10.13.2 supplemental update was also released to bolster Spectre defenses in Apple’s Safari browser and WebKit, the web browser engine used by Safari, Mail, and App Store. This is the second update […]
DEVELOPERS TARGETED IN ‘PARSEDROID’ POC ATTACK
January 5, 2018
Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was identified by the Check Point Research Team, which on Tuesday released […]
A very serious security problem has been found in the Intel/AMD/ARM CPUs. Spectre CPU Vulnerability CVE-2017-5753/CVE-2017-5715 breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make […]
How to patch Meltdown CPU Vulnerability CVE-2017-5754 on Linux
January 5, 2018
A very serious security problem has been found in the Intel CPUs. Meltdown CPU Vulnerability CVE-2017-5754 breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. How do I protect my Linux […]
Researchers Found Two Major Security Flaws In Processors That Affect Most Of The World’s Computers
January 5, 2018
The two flaws, nicknamed Meltdown and Spectre, could give hackers access to the entire memory of nearly all the world’s computers. Cybersecurity researchers have discovered two flaws in microprocessors that could grant hackers access to the entire memory stored on practically any computer in the world. On a website created to explain the flaws, researchers […]
RAT DISTRIBUTED VIA GOOGLE DRIVE TARGETS EAST ASIA
January 4, 2018
Researchers said that they are tracking a new remote access Trojan dubbed UBoatRAT that is targeting individuals or organizations linked to South Korea or the video game industry. While targets aren’t 100 percent clear, researchers at Palo Alto Networks Unit 42 said UBoatRAT threats are evolving and new variants are increasingly growing more sophisticated. They […]
TEAMVIEWER RUSHES FIX FOR PERMISSIONS BUG
January 3, 2018
Remote support software company TeamViewer said Tuesday it issued a hotfix for a bug that allows users sharing a desktop session to gain control of the other’s computer without permission. The bug was first publicized by a Reddit user “xpl0yt” on Monday who linked to a proof-of-concept example of a vulnerability created by the bug […]
Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and escalate privileges on targeted device with a signed app that appears to […]