A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer. The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.
But Microsoft, which owns the voice- and video-calling service, said it won't immediately fix the flaw, because the bug would require too much work. Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library.Read more
Microsoft-owned Skype is suffering widespread borkage that has left many unable to access the service. Problems first began on Monday, with Skype admitting that its users had been plagued by connectivity problems. "We are aware of an incident where users will either lose connectivity to the application and may be unable to send or receive messages," it said.
"Some users will be unable to see a black bar that indicates them that a group call is ongoing, and longer delays in adding users to their buddy list." Despite claiming at around 1.45am UK time that the connectivity issues had been resolved, problems are continuing into Tuesday.Read more
Several users have complained that ads served through Microsoft's Skype app are serving malicious downloads, which if opened, can trigger ransomware.
News of the issue came from a Reddit thread, in which the original poster said that Skype's home screen -- the first screen that shows up on consumer versions of the software -- was pushing a fake, malicious ad, purporting to be a critical update for the Flash web plug-in. According to the thread, the ad triggered a download of an HTML application, designed to look like a legitimate app. The app, when opened, would download a malicious payload, which locks the user's computer and encrypts its files for ransom.Read more
Judges at the Supreme Court have ruled that international couples will be able to marry over the Internet, through video conference programs like Skype or Google Hangouts, so long as this is also allowed in the nation state of the foreign spouse.
The Court has made clear that, if this type of marriage is legal in other jurisdictions since it suitably allows for both spouses to express their consent, it cannot be at odds with Italian law just because it is not provided for by the legal order. In Italy, it was previously the case that no one could marry via Skype or any other video calling application. Each marriage would then be considered on a case by case basis.Read more
Cybercrooks have been caught running booby-trapped ads on Skype to redirect users towards an Angler exploit kit trap. The tactic, part of a broader malvertising campaign, shows that users can be exposed to malicious ads pushing ransomware and other crud without even using a browser-based app, the most common exploit route.
Security researchers at F-Secure uncovered the role of Skype in helping to push an malvertising campaign launched via the AppNexus ad platform. The same malvertising campaign also featured poisoned ads on various websites, including shopping sites, gaming forums, news sites, and internet portals.Read more
Skype, WhatsApp, and Yelp have accessed my contacts list data thousands and times, and none of the companies are sure why.
The companies -- Microsoft, which owns Skype; and Facebook, which owns WhatsApp; and Yelp -- were all unable to explain why their apps had accessed the contacts list in my Android phone so often. BlackBerry's Priv, the smartphone maker's debut Android phone running "Lollipop" 5.1.1, comes with an app, dubbed DTEK, which monitors and notifies users when data has been accessed, when, and for how long, including a user's location, contacts, text messages, camera, and microphone.Read more
An unknown number of frustrated Skype customers have been pestered by spoof messages on the Microsoft service for weeks, but the company is yet to close what appears to be a gaping hole in its software.
Instead, Redmond has advised Skype users to change their account passwords. But complaints are building up about the lack of communication coming out of the Microsoft camp regarding what seems to be a Skype security flaw. The problem first appeared late last month. Other users were quick to pile in with similar gripes about the service, while some folk moaned that their PCs had been offline when the spoofing attack occurred.Read more
A strain of French-language cyber espionage malware spotted by security researchers shows that the National Security Agency isn’t the only spook agency brewing custom bad things to steal sensitive and personal data.
The malware was tied to a spying exercise codenamed Operation Snowglobe, which also spawned a seemingly related remote access trojan codenamed EvilBunny. Implants associated with Snowglobe are more advanced than Babar itself, which Canadian spies discovered in November 2009. Babar’s feature set includes keystroke logging, clipboard logging, screenshot snapping and, more unusually, the possibility to log audio conversations held through Skype messenger.Read more
The EU agency for judicial cooperation is going to develop a common approach to lawfully intercept services like Skype and Viber in order to help keep track of European militants arriving back home from the Middle East.
A committee of the European Parliament discussed the measures. Messenger security is under threat, because there are good reasons for networks and governments to have the capability to monitor criminals. Following deadly terror attacks in Paris last month, EU nations are worried about the danger of radicalized and trained Islamists returning from the Middle East. Militants have often used social networks to spread ideas, jihadist propaganda and recruit new members.Read more
In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. For years, privacy and security experts worldwide have called on the general public to adopt strong, open-source cryptography to protect our communications.
Many companies offer “secure messaging” products — but are these systems actually secure? The Electronic Frontier Foundation’s secure messaging scorecard made a list of mobile and Internet messaging services that scored well on privacy and security and the services that scored poorly. Let’s focus primarily on the most popular messengers.Read more