×lockergoga.pngLockerGoga, the ransomware that hit Norsk Hydro and two US chemical companies over the past month, contains a bug in its code that may allow victims to "vaccinate" their PCs and crash the ransomware before it encrypts any local files. Security '100 unique exploits and counting' for latest WinRAR security bug Cybersecurity: Don’t let the small stuff cause you big problems Why security is the top barrier in enterprise cloud adoption [Hybrid Cloud TV] Red Team to help secure open-source software The bug, discovered by security researchers at Alert Logic, is located in a LockerGoga subroutine that executes before the encryption process begins.The subroutine is a basic scan of all files on the victim's system, so the ransomware knows what files to encrypt and what to skip.Alert Logic researchers say that if LockerGoga encounters an LNK (shortcut) file that contains an invalid path, the ransomware's process crashes without performing the subsequent … [Read more...] about LockerGoga bug crashes ransomware before encrypting files
An academic study that analyzed 82,501 apps that were pre-installed on 1,742 Android smartphones sold by 214 vendors concluded that users are woefully unaware of the huge security and privacy-related threats that come from pre-installed applications.Researchers found that many of these pre-installed apps have access to very intrusive permissions out of the box, collect and send data about users to advertisers, and have security flaws that often remain unpatched.On top of this, many pre-installed apps (also referred to as bloatware) can't be removed, and also use third-party libraries that secretly collect user data from within benign-looking and innocently-named applications.The study is, by far, one of the most complex endeavors of its kind, and included both an analysis of device firmware, app behavior, and the internet traffic the apps generated.Third-party librariesOne of the first things that researchers spotted was the incessant use of third-party libraries (or software … [Read more...] about Android ecosystem of pre-installed apps is a privacy and security mess
Python is now a top-three programming language – and Julia is on the rise The MIT-created Julia programming language continues its ascent in developer popularity. Security '100 unique exploits and counting' for latest WinRAR security bug Cybersecurity: Don’t let the small stuff cause you big problems Why security is the top barrier in enterprise cloud adoption [Hybrid Cloud TV] Red Team to help secure open-source software From top to bottom, technology is riddled with security errors. At the lowest level, we have hardware errors such as Intel's Meltdown and Spectre bugs. Just above those, we have programming language security holes, and boy, do we have a lot of those! WhiteSource, an open-source security company, recently did a study of open source security vulnerabilities in the seven most widely used languages over the past decade. To find the bugs, the company used it language security database. This contains data on open-source vulnerabilities from multiple … [Read more...] about Which are the most insecure languages?
Google has patched a Chrome bug that was currently being abused in the wild by tech support scammers to create artificial mouse cursors and lock users inside browser pages by preventing them from closing and leaving browser tabs.The trick was first spotted in September 2018 by Malwarebytes analyst Jerome Segura. Called an "evil cursor," it relied on using a custom image to replace the operating system's standard mouse cursor graphic.A criminal group that Malwarebytes called Partnerstroka operated by switching the standard OS 32-by-32 pixels mouse cursor with one of 128 or 256 pixels in size.A normal cursor would still appear on screen, but in the corner of a bigger transparent bounding box.×evil-cursor.pngThe trick was that users would think they'd be clicking where the cursor would appear, but they would actually click in another area of the screen, preventing them from closing popups and browser tabs due to inaccurate clicks. See animated GIF below.Segura reported this bug to … [Read more...] about Google fixes Chrome ‘evil cursor’ bug abused by tech support scam sites
7 hottest phones unveiled at MWC 2018 The Galaxy S9 is not the only new player hurtling out of Barcelona. There's an iPhone X clone from Asus, a classic Nokia that makes a comeback and a futuristic Vivo concept phone. A cybercriminal campaign focused on targeting the supply chain through the exploitation of ASUS Live Update software may have involved the installation of backdoors on over one million PCs.On Monday, researchers from Kaspersky Labs said the attack was first detected in January 2019. It is believed that the campaign, dubbed Operation ShadowHammer, took place between June and November 2018 and has potentially compromised countless users -- despite there being only a small list of individuals the hackers wished to target. Security '100 unique exploits and counting' for latest WinRAR security bug Cybersecurity: Don’t let the small stuff cause you big problems Why security is the top barrier in enterprise cloud adoption [Hybrid Cloud TV] Red Team to help secure … [Read more...] about Hijacked ASUS Live Update software installs backdoors on countless PCs worldwide