Recent Posts

Pages: [1] 2 3 ... 10
BY: Zeljka Zorz, Managing EditorJanuary 18, 2019

oo many Facebook users aren’t aware that the company uses the information provided by them and their actions on the platform and outside of it to create a list of their traits and interests, which is then used by to target them with relevant ads.

According to the results of a new Pew Research Center surveys, which polled a representative sample of US-based, adult Facebook users:

    88% discovered that the site had generated some material for them.
    74% say they did not know about the platform’s list of their interests (ad preferences page) before being directed to it for the purposes of the survey.
    60% of Facebook users have 10 or more categories listed on their ad preferences page.
    59% say these categories reflect their real-life interests, 27% say they are not very or not at all accurate in describing them.
    51% say they are not comfortable that the company created such a list.

Full Article Here:
By Sergiu Gatlan

According to court documents part of a 2012 class-action lawsuit made public by a federal judge at the request of The Center for Investigative Reporting's Reveal, social network giant Facebook has made a habit of charging kids without their parents' knowledge while playing games on its platform.

This happened because, unlike other platforms such as Apple's iOS, Facebook will not require its users to re-authenticate every time they want to purchase in-game goods such as virtual currency.

Although right now only four documents have been partially made available for analysis to Reveal by the court, Facebook has been ordered to also release to the public roughly one hundred more pages of information pertaining to the class action.

Full Article Here:
By Ionut Ilascu

WiFi chip firmware in a variety of devices used mainly for gaming, personal computing, and communication comes with multiple issues. At least some of them could be exploited to run arbitrary code remotely without requiring user interaction.

The security flaws were discovered in ThreadX, a real-time operating system (RTOS) developed by Express Logic. The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software powering Wi-Fi chips.

The firmware is also powering the Avastar 88W8897 SoC (Wi-Fi + Bluetooth + NFC) from Marvell, present in Sony PlayStation 4 (and its Pro variant), Microsoft Surface (+Pro) tablet and laptop, Xbox One, Samsung Chromebook and smartphones (Galaxy J1), and Valve SteamLink.

Full Article Here:
Security & Technology News / Fallout EK Retools for a Fresh New 2019 Look
« Last post by Antus67 on January 19, 2019, 02:58:12 am »

Author: Tara Seals
January 18, 2019 2:58 pm

The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.

A new version of the Fallout exploit kit (EK) has emerged, featuring new exploits and fresh payloads, including the GandCrab ransomware.

The Fallout EK generally makes use of malvertising campaigns, especially those that take advantage of traffic to adult websites, according to an analysis from Jérôme Segura. He found that since Tuesday, the Fallout EK activity has been picking up pace after a hiatus for the first half of the month.

Full Article Here:

By Ionut Arghire on January 18, 2019

Recent samples of the destructive Xbash Linux malware can uninstall cloud security protection products from infected servers, Palo Alto Networks reports.

First detailed last year, the malware features a broad set of malicious capabilities, ranging from ransomware and crypto-currency mining to self-propagation, database deletion, and the enrolling of compromised servers into a botnet.

The malware is used by a group referred to as Rocke, which is associated with the Iron cybercrime group. More recent samples of Xbash include new code to uninstall five different cloud security protection and monitoring products from infected Linux servers, Palo Alto Networks’ security researchers say.

Full Article Here:
By Ionut Arghire on January 18, 2019

There is widespread scanning for a recently disclosed remote code execution vulnerability in the ThinkPHP framework, Akamai reveals.

ThinkPHP, a web framework by TopThink, is a Chinese-made PHP framework used by a large number of web developers in the country. In early December 2018, the framework was revealed to be impacted by a remote code execution bug that could allow an attacker to take over a vulnerable server.

The issue was that user input was not properly sanitized, thus allowing an unauthenticated user to specify their own filter function to execute.

Full Article Here:
By Ionut Arghire on January 18, 2019

An updated version of the Fallout exploit kit recently emerged with an exploit for a recent Flash zero-day included in its arsenal, Malwarebytes Labs security researchers warn.

First detailed in September 2018, the toolkit was observed delivering malware families ranging from ransomware to backdoors, but also fingerprinting the browser profile to identify targets of interest.

The exploit kit (EK) remained active throughout the end of 2018, but its operators took a break in early January, apparently in order to improve their malicious kit. During Fallout’s absence, RIG EK’s activity intensified, Malwarebytes now reveals.

Full Article Here:
By Ionut Ilascu

A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data.

The bug was disclosed on December 27 by the security researcher using the online alias SandboxEscaper. Before that, she tweeted that she let Microsoft know about the flaw in an email to Microsoft Security Response Center (MSRC).

Full Article Here:
By Lawrence Abrams

19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps.

These apps were discovered by ESET Android security researcher Lukas Stefanko who stated that they promote themselves as full featured apps and use screenshots from other legitimate apps to entice users to install them

Full Article Here:
By Sergiu Gatlan

Two Android apps infected with banking malware were found on the Google Play Store, already having been installed on thousands of Android devices and sporting dozens of fake five-star ratings.

The Trend Micro malware research team linked the malware payload found in the two apps with the Anubis banking Trojan based on code similarity and a shared command and control (C&C) server (i.e.,, known to have been targeting the Android platform for the last two years.

Full Article Here:
Pages: [1] 2 3 ... 10