News

The Friday Tech Takeaway - 05.01.18

SECURITY

Almost all CPUs since 1995 vulnerable To "Meltdown" And "Spectre" flaws
Google has published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995. Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." https://googleprojectzero.blogspot.ro/2018/01/reading-privileged-memory-with-side.html

Opera 50 to Include Cryptojacking protection
Opera will become the first browser to feature an anti-cryptojacking feature that will prevent websites from using your computer's CPU power to mine for cryptocurrencies. This new feature is named NoCoin and is currently under development. Users can get it right now if they install Opera 50 Beta RC, and the feature is expected to land in the stable version of Opera 50, set for an official release in January 2018. https://goo.gl/iPMX12

Amateur hacker behind Satori botnet
A so-called "script kiddie" is behind the recently discovered Satori botnet that has scared security researchers because of its rapid rise to a size of hundreds of thousands of compromised devices. Researchers say that a hacker named Nexus Zeta created Satori, which is a variant of the Mirai IoT malware that was released online in October 2016. https://goo.gl/v46JDC

New .DOC GlobeImposter ransomware variant Malspam campaign underway
A new malspam campaign is underway that is distributing a GlobeImposter variant that appends the ..doc extension to encrypted files. This malspam is pretending to photos being sent to the recipient and will have a subject line that starts in a similar way to "Emailing: IMG_20171221_". https://goo.gl/JT3TPX

Vulnerability affects hundreds of thousands of IoT devices
The vulnerability in question affects GoAhead, a tiny web server package created by Embedthis Software LLC, a company based in Seattle, USA. On GoAhead's homepage, Embedthis claims its product is currently deployed inside products released by big industry names such as Comcast, Oracle, D-Link, ZTE, HP, Siemens, Canon, and many others. https://www.elttam.com.au/blog/goahead/

"123456" most common password of 2017
For the second year in a row, "123456" remains the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers. While having "123456" as your password is pretty bad, the other terms found on a list of  Top 100 Worst Passwords of 2017 are just as depressing. https://goo.gl/xqJ1Vv

Flaws in Sonos and Bose Smart Speakers Let Hackers Play Pranks on Users
Similar vulnerabilities affect some Sonos and Bose smart speakers that allow hackers to take over devices, collect data on users, and even make devices to play desired audio tracks. https://goo.gl/VgoZQx

Web trackers exploit flaw in Browser login managers to steal usernames
Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. https://goo.gl/uqaxGy

macOS Exploit Published on the Last Day of 2017
On the last day of 2017, a security researcher going online by the pseudonym of Siguza published details about a macOS vulnerability affecting all Mac operating system versions released since 2002, and possibly earlier. Siguza did not notify Apple in advance, so at the time of writing, there is no fix for this flaw. https://siguza.github.io/IOHIDeous/

DIGITAL SOCIETY

Snowden Team Launches App that turns your Phone into mini surveillance station
Freedom of the Press Foundation and the Guardian Project have launched a new Android application named Haven that will transform a phone into a mini-surveillance kit that can be used to record nearby surroundings in case of intrusions. Users can install the Haven app on their primary or secondary phone, and the app will work by tapping into the phone's sensors and watching the nearby surroundings for any changes in environmental data. https://guardianproject.github.io/haven/

Facebook alert when anyone uploads your photo
Facebook has started rolling out an update to its photo tagging system that will now scan newly uploaded photos and alert all the users it recognizes in that image by default. "These new features help you find photos that you’re not tagged in and help you detect when others might be attempting to use your image as their profile picture," said Joaquin Quiñonero Candela, Director, Applied Machine Learning at Facebook.

INDUSTRY

Google removes 36 fake Android security apps packed with Adware
Google has removed 36 Android apps that snuck into the official Play Store, posing as security and performance boosting apps, but which only contained code to mimic the behaviour of such apps. In reality, these applications contained code that focused on showing fake security alerts, displaying intrusive ads, and secretly collecting troves of personal data. The existence of these apps came to light today, after Trend Micro researcher Lorin Wu published a report about their abusive behaviour. https://goo.gl/CvCYCL

Mozilla confirms web-based execution vector for Meltdown and Spectre attacks
Mozilla has officially confirmed that the recently disclosed Meltdown and Spectre CPU flaws can be exploited via web content such as JavaScript files in order to extract information from users visiting a web page. https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

5 January 2018

Share this page:
Receive the latest news and relevant updates directly in your browser. (max. one message per week)

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here.