Security

Security Software

Chrome zero-day V8 vulnerability found being actively exploited

Researchers with Google’s Threat Analysis Group (TAG) and Project Zero discovered a zero-day exploit (CVE-2020-16009) last week. On Monday, Google released Chrome patch 86.0.4240.183 for Windows, macOS, and Linux that addresses the issue. The patch notes do not divulge details regarding the security hole other than saying it has to do with an “inappropriate implementation” […]

News Security

Microsoft warns Windows users of two security holes already under attack

Microsoft posted a new security advisory today (ADV200006), detailing what it’s calling “Type 1 Font Parsing Remote Code Execution Vulnerability.” They have given the vulnerability a “critical” severity rating, which is the highest severity rating Microsoft gives. The flaw seems to stem from the Adobe Type Manager Library and deals with how Windows handles fonts. […]

News Security

Researchers discover that Intel chips have an unfixable security flaw

Security researchers have discovered a new security flaw on Intel CPUs that “jeopardizes” Intel’s root of trust. According to security researchers at Positive Technologies, the new vulnerability affects Intel CPUs released in the past five years. The vulnerability is within Intel’s Converged Security and Management Engine (CSME), a part of the chip that controls system […]

News Security

WhatsApp desktop security flaw gave intruders remote access to files

Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a user’s local file system, on both macOS and Windows platforms. “A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading,” Facebook’s security advisory explains. “Exploiting the vulnerability requires the victim […]

News Security

Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs

Microsoft is teaming up with Windows device manufacturers to tighten firmware security in a new initiative called Secure-Core PCs, which are built to defend against firmware-level attacks. These attacks, according to Microsoft, are becoming more common in recent years. This is largely due to the ever-improving security features built into operating systems and their “connected […]

News Security

Apple QC workers often hear bits of private conversations in Siri recordings

Apple is paying contractors to listen to recorded Siri conversations, according to a new report from The Guardian. A former contractor revealing that workers have heard accidental recordings of users’ personal lives, including doctor’s appointments, addresses, and even possible drug deals. According to that contractor, Siri interactions are sent to workers, who listen to the […]

Security

NAS vendor QNAP warns its customers about ‘eCh0raix’ ransomware

QNAP, a Taiwan-based network-attached storage (NAS) vendor, warned its NAS customers to make sure they’re using strong passwords, have the latest version of its QTS firmware installed and are staying vigilant about their device’s security in response to Anomali’s disclosure of the eCh0raix Ransomware earlier this month. QNAP published a security advisory for its NAS […]

Security

Is FaceApp safe?

If you’ve been on any social medium in the last few days then you can’t have failed to notice it FaceApp is everywhere.  Despite launching way back in January 2017, the app has suddenly received a new lease of viral life.  But as quickly as it has appeared, the worries about what the company is […]

News Security

Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users

CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner […]

Security

‘Vaccine’ created for huge cyber-attack

Security researchers have discovered a “vaccine” for the huge cyber-attack that hit organisations across the world on Tuesday 27 June 2017. A perfc solution But for those concerned about the attack there appears to be fix, albeit one with limited effectiveness. By creating a read-only file – named perfc – and placing it within a […]