Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and escalate privileges on targeted device with a signed app that appears to […]
APPLE FIXES FLAW IMPACTING HOMEKIT DEVICES
January 1, 2018
Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers. The flaw was first reported by the publication 9to5Mac on Thursday. According to the publication, the vulnerability requires an iPhone or iPad running the […]
Fake Bitcoin Wallet Apps Removed from Google Play
December 29, 2017
Three fake Bitcoin applications were recently removed from Google Play after security researchers discovered they were tricking users into sending funds to their developers, mobile security firm Lookout has discovered. The impressive increase in Bitcoin value over the past several months has stirred interest from individuals worldwide, including cyber criminals. The number of attacks involving […]
Mozilla Patches Critical Bug in Thunderbird
December 28, 2017
Mozilla issued a critical security update to its popular open-source Thunderbird email client. The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low. Mozilla said Thunderbird, which is also serves as a news, RSS and chat client, the latest Thunderbird 52.5.2 […]
Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions
December 27, 2017
Siemens has made an update available for some of its SIMATIC PCS 7 distributed control systems that are impacted by a remotely exploitable input validation vulnerability. Siemens said version 8.2 and V8.1 prior to 8.1 SP1 with WinCC v7.3 Update 13 are affected. “Successful exploitation of this vulnerability could allow a remote authenticated attacker to […]
GitHub Warns Developers When Using Vulnerable Libraries
December 26, 2017
Code hosting service GitHub now warns developers if certain software libraries used by their projects contain any known vulnerabilities and provides advice on how to address the issue. GitHub recently introduced the Dependency Graph, a feature in the Insights section that lists the libraries used by a project. The feature currently supports JavaScript and Ruby, […]
Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities
December 25, 2017
Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed. The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale. Products affected […]
IT News
DDoS Attacks Become More Frequent in Q3, with Linux Dominating
December 18, 2017
The share of Linux botnets is continuing to grow—accounting for 70% of attacks in Q3, compared to 51% in Q2. According to Kaspersky Lab’s Q3 2017 DDoS Intelligence Report, experts have continued to see an increase in the number of countries where resources have been targeted, with 98 countries subjected to DDoS attacks in the […]
IT News
Hackers hired for year-long DDoS attack against man’s former employer
December 15, 2017
US federal prosecutors in Minnesota have charged a 46-year-old man with hiring a cyberhitman – well, technically, three hacking services – to launch a year-long campaign of distributed denial of service (DDoS) attacks on his former employer. Prosecutors say that John Kelsey Gammell, 46, contacted seven DDoS services and paid monthly subscriptions to three of […]
IT News
Millions of Android Apps at Risk from Eavesdropper Vulnerability
December 14, 2017
Poor mobile app development practices have created the Eavesdropper vulnerability, which has resulted in a large-scale data exposure from nearly 700 apps in enterprise mobile environments, over 170 of which are live in the official app stores today. The affected Android apps alone have been downloaded up to 180 million times. According to researchers at […]