Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day disclosure deadline policy Google Project Zero publicly disclosed the the bug Monday.
“As part of MS16-074, some of the bugs were indeed fixed, such as the EMR_STRETCHBLT record, which the original proof-of-concept image relied on. However, we’ve discovered that not all of the DIB-related problems are gone,” wrote Google engineer Mateusz Jurczyk in a technical description of the vulnerability.Read more
Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research.
The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX. Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails. Once compromised, infected machines upload the pilfered audio and data to Dropbox, where it's retrieved by the attackers.Read more
A few hours after dark one evening earlier this month, a small quadcopter drone lifted off from the parking lot of Ben-Gurion University in Beersheba, Israel. It soon trained its built-in camera on its target, a desktop computer’s tiny blinking light inside a third-floor office nearby.
The pinpoint flickers, emitting from the LED hard drive indicator that lights up intermittently on practically every modern Windows machine, would hardly arouse the suspicions of anyone working in the office after hours. But in fact, that LED was silently winking out an optical stream of the computer’s secrets to the camera floating outside.Read more
Apple has reportedly acquired Israeli startup RealFace, which makes facial recognition software to authenticate users by simply showing their mug, rather than having to enter a password or fingerprint.
Startup Nation Central, a database for Israeli tech companies, says Apple acquired RealFace this month. RealFace's website was offline Sunday morning and contact information was unavailable. Tel Aviv-based RealFace launched in 2014 and its first product was an app called Pickeez, which selected a user's best photos from various platforms using its RealFace recognition software.Read more
This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses.
And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and infrastructures. The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol links, where they don't syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw.Read more
TeamSpy is back and it's turning TeamViewer into the spying tool that no one wants. According to security firm Heimdal, a new spam campaign emerged, carrying the TeamSpy malware which can give hackers full access to a compromised computer.
This isn't a new type of malware whatsoever. In fact, back in 2013, it was wrecking havoc in countless computers. Back then, attackers were gathering information from victims, be them ordinary users or high profile individuals working in industries or research. This time around, however, it seems that TeamViewer has not been compromised as it happened in the past, so reusing their passwords should be safe.Read more
European Union data protection watchdogs said on Monday they were still concerned about the privacy settings of Microsoft's Windows 10 operating system despite the U.S. company announcing changes to the installation process.
The watchdogs, a group made up of the EU's 28 authorities responsible for enforcing data protection law, wrote to Microsoft last year expressing concerns about the default installation settings of Windows 10 and users' apparent lack of control over the company's processing of their data. The group - referred to as the Article 29 Working Party -asked for more explanation of Microsoft's processing of personal data for various purposes, including advertising.Read more
A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data.
A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force are believed to have been targeted with spyware. Dubbed ViperRAT, the malware has specifically been designed to hijack Israeli soldiers’ Android-based smartphones and remotely exfiltrate data of high value, including photos and audio recordings, directly from the compromised devices.Read more
Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone. The IBM researcher wasn't researching car security when he discovered a major privacy issue. He simply sold his car.
"The car is really smart, but it's not smart enough to know who its owner is, so it's not smart enough to know it's been resold," Henderson told. "There's nothing on the dashboard that tells you 'the following people have access to the car.'" This isn't an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device.Read more
Robots are taking human jobs. But Bill Gates believes that governments should tax companies’ use of them, as a way to at least temporarily slow the spread of automation and to fund other types of employment. It’s a striking position from the world’s richest man and a self-described techno-optimist who co-founded Microsoft.
Gates said that a robot tax could finance jobs taking care of elderly people or working with kids in schools, for which needs are unmet and to which humans are particularly well suited. He argues that governments must oversee such programs rather than relying on businesses, in order to redirect the jobs to help people with lower incomes.Read more