Recent Posts

Pages: [1] 2 3 ... 10
1
By Sergiu Gatlan


According to court documents part of a 2012 class-action lawsuit made public by a federal judge at the request of The Center for Investigative Reporting's Reveal, social network giant Facebook has made a habit of charging kids without their parents' knowledge while playing games on its platform.

This happened because, unlike other platforms such as Apple's iOS, Facebook will not require its users to re-authenticate every time they want to purchase in-game goods such as virtual currency.

Although right now only four documents have been partially made available for analysis to Reveal by the court, Facebook has been ordered to also release to the public roughly one hundred more pages of information pertaining to the class action.

Full Article Here:https://www.bleepingcomputer.com/news/security/facebook-caught-red-handed-while-swiping-money-from-children/
2
By Ionut Ilascu



WiFi chip firmware in a variety of devices used mainly for gaming, personal computing, and communication comes with multiple issues. At least some of them could be exploited to run arbitrary code remotely without requiring user interaction.

The security flaws were discovered in ThreadX, a real-time operating system (RTOS) developed by Express Logic. The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software powering Wi-Fi chips.

The firmware is also powering the Avastar 88W8897 SoC (Wi-Fi + Bluetooth + NFC) from Marvell, present in Sony PlayStation 4 (and its Pro variant), Microsoft Surface (+Pro) tablet and laptop, Xbox One, Samsung Chromebook and smartphones (Galaxy J1), and Valve SteamLink.

Full Article Here:https://www.bleepingcomputer.com/news/security/vulnerabilities-found-in-highly-popular-firmware-for-wifi-chips/
3

Author: Tara Seals
January 18, 2019 2:58 pm




The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.

A new version of the Fallout exploit kit (EK) has emerged, featuring new exploits and fresh payloads, including the GandCrab ransomware.

The Fallout EK generally makes use of malvertising campaigns, especially those that take advantage of traffic to adult websites, according to an analysis from Jérôme Segura. He found that since Tuesday, the Fallout EK activity has been picking up pace after a hiatus for the first half of the month.

Full Article Here:https://threatpost.com/fallout-ek-retools/141027/
4

By Ionut Arghire on January 18, 2019

Recent samples of the destructive Xbash Linux malware can uninstall cloud security protection products from infected servers, Palo Alto Networks reports.

First detailed last year, the malware features a broad set of malicious capabilities, ranging from ransomware and crypto-currency mining to self-propagation, database deletion, and the enrolling of compromised servers into a botnet.

The malware is used by a group referred to as Rocke, which is associated with the Iron cybercrime group. More recent samples of Xbash include new code to uninstall five different cloud security protection and monitoring products from infected Linux servers, Palo Alto Networks’ security researchers say.

Full Article Here:https://www.securityweek.com/xbash-malware-uninstalls-cloud-security-products
5
By Ionut Arghire on January 18, 2019

There is widespread scanning for a recently disclosed remote code execution vulnerability in the ThinkPHP framework, Akamai reveals.

ThinkPHP, a web framework by TopThink, is a Chinese-made PHP framework used by a large number of web developers in the country. In early December 2018, the framework was revealed to be impacted by a remote code execution bug that could allow an attacker to take over a vulnerable server.

The issue was that user input was not properly sanitized, thus allowing an unauthenticated user to specify their own filter function to execute.

Full Article Here:https://www.securityweek.com/hackers-actively-scanning-thinkphp-vulnerability-akamai-says
6
By Ionut Arghire on January 18, 2019

An updated version of the Fallout exploit kit recently emerged with an exploit for a recent Flash zero-day included in its arsenal, Malwarebytes Labs security researchers warn.

First detailed in September 2018, the toolkit was observed delivering malware families ranging from ransomware to backdoors, but also fingerprinting the browser profile to identify targets of interest.

The exploit kit (EK) remained active throughout the end of 2018, but its operators took a break in early January, apparently in order to improve their malicious kit. During Fallout’s absence, RIG EK’s activity intensified, Malwarebytes now reveals.

Full Article Here:https://www.securityweek.com/exploit-recent-flash-zero-day-added-fallout-exploit-kit
7
By Ionut Ilascu



A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data.

The bug was disclosed on December 27 by the security researcher using the online alias SandboxEscaper. Before that, she tweeted that she let Microsoft know about the flaw in an email to Microsoft Security Response Center (MSRC).

Full Article Here:https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-that-overwrites-files-gets-interim-fix/
8
By Lawrence Abrams



19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps.

These apps were discovered by ESET Android security researcher Lukas Stefanko who stated that they promote themselves as full featured apps and use screenshots from other legitimate apps to entice users to install them

Full Article Here:https://www.bleepingcomputer.com/news/security/fake-gps-apps-with-50m-installs-just-show-ads-and-run-google-maps/
9
By Sergiu Gatlan



Two Android apps infected with banking malware were found on the Google Play Store, already having been installed on thousands of Android devices and sporting dozens of fake five-star ratings.

The Trend Micro malware research team linked the malware payload found in the two apps with the Anubis banking Trojan based on code similarity and a shared command and control (C&C) server (i.e., aserogeege.space), known to have been targeting the Android platform for the last two years.

Full Article Here:https://www.bleepingcomputer.com/news/security/android-apps-steal-banking-info-use-motion-sensor-to-evade-detection/
10
By Sergiu Gatlan



A hidden web server always running in the background was found by security researcher Robert Baptiste in ES File Explorer, an Android file manager with over 100,000,000 installs displayed on the Google Play store page and over 500 million users worldwide according to its developer.

As discovered by Baptiste, right after launching the app it will start a local HTTP server on port 59777 which will stay open until all the background services of ES File Explorer are killed:

Everytime a user is launching ES File Explorer, a HTTP server is started. This server is opening locally the port 59777. An attacker connected on the same local network than the victim, can obtain a lot of juicy information (device info, app installed, ...) about the victim's phone, remotely get a file from the victim's phone and remotely launch an app on the victim's phone.

Full Article Here:https://www.bleepingcomputer.com/news/security/es-file-explorer-flaws-put-100-million-users-data-at-risk-fix-promised/
Pages: [1] 2 3 ... 10