SpaceX has successfully launched a Falcon 9 from SLC-4 at Vandenberg Air Force Base today, its first launch since its successful Falcon Heavy test earlier this month. The launch took off early Wednesday morning, after being rescheduled a couple of times from an initial target of this past weekend.
The launch was primarily designed to bring the PAZ satellite to orbit (which was deployed as planned into a low Earth, sun-synchronous polar orbit), a satellite for a Spanish customer that’s designed to provide geocommunications and radar imaging for both government and private commercial customers.Read more
Two versions of uTorrent, one of the Internet's most widely used BitTorrent apps, have easy-to-exploit vulnerabilities that allow attackers to execute code, access downloaded files, and snoop on download histories, a Google Project Zero researcher said.
uTorrent developers are in the process of rolling out fixes for both the uTorrent desktop app for Windows and the newer uTorrent Web product. The vulnerabilities make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a Web interface and is controlled by a browser.Read more
A security researcher hijacked hundreds of GitLab domains in just a few seconds by exploiting a weakness in how the company handles domain verification -- a security issue that the company has now fixed.
GitLab, a web-based git repository manager that lets developers track and collaborate on source code and project development, also allows users to host their own content and projects with a custom domain name. But the company said in a security notification on February 5 that no validation was being performed when a user added a custom domain to their GitLab accounts.Read more
A newly published attack let researchers take over Tinder accounts with just a user’s phone number. Tinder has changed its login system to protect against the attack and there’s no evidence it was exploited before the patch.
Still, it’s a reminder of how fragile many login systems still are, and how powerful even basic vulnerabilities can be when chained together. The attack worked by exploiting two separate vulnerabilities: one in Tinder and another in Facebook’s Account Kit system, which Tinder uses to manage logins. The Account Kit vulnerability exposed users’ access tokens, making them accessible through a simple API request with an associated phone number.Read more
Cryptojacking only really coalesced as a class of attack about six months ago, but already the approach has evolved and matured into a ubiquitous threat. Hacks that co-opt computing power for illicit cryptocurrency mining now target a diverse array of victims, from individual consumers to massive institutions—even industrial control systems.
But the latest victim isn't some faceless internet denizen or a Starbucks in Buenos Aires. It's Tesla. Researchers published findings on Tuesday that some of Tesla's Amazon Web Services cloud infrastructure was running mining malware in a far-reaching and well-hidden cryptojacking campaign.Read more
Piracy is an issue for games and other software developers. Some handle it in novel ways, like deliberately making pirated versions of a game near unplayable, or by releasing their software for free.
One piece of flight simulator software had an unusual, and controversial technique: infecting pirates with malware designed to steal their Chrome passwords. “The inclusion of a malware, in the form of a password dumper, in a trusted installer for the sake of combating piracy is absolute insanity,” Andrew Mabbitt, founder of cybersecurity company Fidus Information Security and who originally flagged the issue, said.Read more
Scientists from Google and its health-tech subsidiary Verily have discovered a new way to assess a person’s risk of heart disease using machine learning.
By analyzing scans of the back of a patient’s eye, the company’s software is able to accurately deduce data, including an individual’s age, blood pressure, and whether or not they smoke. This can then be used to predict their risk of suffering a major cardiac event — such as a heart attack — with roughly the same accuracy as current leading methods. The algorithm potentially makes it quicker and easier for doctors to analyze a patient’s cardiovascular risk, as it doesn’t require a blood test.Read more
Google's Project Zero initiative tasks its security researchers with finding flaws in various software products developed by the company itself as well as other firms. Back in 2016, it revealed a serious vulnerability present in Windows 10, and reported a "crazy bad vulnerability" in Windows in 2017.
Now, the firm has disclosed another security flaw in Microsoft Edge, after the Redmond giant failed to fix it in the allotted time. Back in February 2017, Microsoft stated that it would be using Arbitrary Code Guard (ACG) in Microsoft Edge with the Windows 10 Creators Update to mitigate arbitrary native code execution.Read more
India’s City Union Bank said on Sunday that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.
The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China. Chief Executive Officer N. Kamakodi called it a “conspiracy” involving multiple countries, and added the lender was still investigating how it had happened. “This is basically a cyber attack by international cyber criminals,” he told.Read more
Under certain conditions, macOS may copy data into the void, leading to data loss of important files, all due to a bug in how the operating system handles APFS sparse disk images. The issue was discovered and reported to Apple this past week by Mike Bombich, the creator of a Mac backup application named Carbon Copy Cloner.
Bombich says the bug affects only "sparse disk images" formatted in Apple's new filesystem format APFS, first deployed macOS High Sierra in March 2017. A "disk image" is a file format that contains the entire contents and structure of a disk volume, such as USB, CD, DVD, hard disk drive, or network share.Read more