A vulnerability that allows malicious applications to capture screen contents and record audio without a user’s knowledge impacts over 78% of Android devices, researchers claim. The issue is caused by the MediaProjection service introduced by Google in the Android Framework on Android 5.0. This service allows applications to capture the screen or record audio without […]
Amazon Echo and Google Home patched against BlueBorne threat
November 28, 2017
The Amazon Echo and Google Home are being marketed to the world as the “smart speakers” to put helpful, voice-assisted Internet of Things (IoT) AI into people’s homes.This week we had wearying confirmation that they also, less helpfully, distribute the same security failings into people’s homes as every other device. Specifically, Amazon and Google have […]
Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities
November 27, 2017
Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed. The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale. Products affected […]
GitHub Warns Developers When Using Vulnerable Libraries
November 24, 2017
Code hosting service GitHub now warns developers if certain software libraries used by their projects contain any known vulnerabilities and provides advice on how to address the issue. GitHub recently introduced the Dependency Graph, a feature in the Insights section that lists the libraries used by a project. The feature currently supports JavaScript and Ruby, […]
Poisoned Google Search Results Lead to Banking Trojan
November 23, 2017
A recently observed Zeus Panda banking Trojan attack used poisoned Google search results for specific banking related keywords to infect users, Cisco Talos researchers warn. As part of this attack, the actor behind Zeus Panda used Search Engine Optimization (SEO) to make their malicious links more prevalent in the search results. By targeting financial-related keyword […]
Amazon Web Services Adds New Services to Bolster Cloud Security
November 22, 2017
Amazon announced a series of new security features for its cloud platform on Nov. 8, providing users with enhanced capabilities to help protect S3 storage buckets and virtual private cloud (VPC) endpoint connections. The company is launching the new Amazon Web Services (AWS) security features ahead of its re:invent conference, which runs from Nov. 27 […]
Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions
November 21, 2017
Siemens has made an update available for some of its SIMATIC PCS 7 distributed control systems that are impacted by a remotely exploitable input validation vulnerability. Siemens said version 8.2 and V8.1 prior to 8.1 SP1 with WinCC v7.3 Update 13 are affected. “Successful exploitation of this vulnerability could allow a remote authenticated attacker to […]
Windows Movie Maker Scam Uses SEO to Go Global
November 20, 2017
A Windows Movie Maker scam has gone global, thanks to having a high Google ranking. Amid continuing demand for Windows Movie Maker, Microsoft’s free video editing software that was discontinued in January 2017, ESET found that scammers are hawking a modified version of the software, built to bilk money from unsuspecting users. Interestingly, the spread […]
Microsoft Provides Guidance on Mitigating DDE Attacks
November 17, 2017
Despite a rash of attacks leveraging Dynamic Data Exchange fields in Office, including some spreading destructive ransomware, Microsoft has remained insistent that DDE is a product feature and won’t address it as a vulnerability. Microsoft on Wednesday did, however, put some guidance in admins’ hands as to how to safely disable the feature via new […]
Millions of Android Apps at Risk from Eavesdropper Vulnerability
November 16, 2017
Poor mobile app development practices have created the Eavesdropper vulnerability, which has resulted in a large-scale data exposure from nearly 700 apps in enterprise mobile environments, over 170 of which are live in the official app stores today. The affected Android apps alone have been downloaded up to 180 million times. According to researchers at […]