Uh oh. Looks like your using an ad blocker.
Our site is support by ads that help to pay our hosting costs. Please disable or whitelist us within your ad blocker to help us keep the site online.
All money generate by ads and donations is used to pay the hosting costs of the site, for more information about our income and expenses please see our donation page.
You would think that a fake app, especially one that is as popular as WhatsApp, would find it difficult to get passed the safety layers that Google has in place for apps that aim to be listed on the Play Store. But developers have long been able to get malicious apps hosted on the Play Store despite all of its attempts to rid itself of the problem. It does not help its case when someone gets a fake WhatsApp listed, and not only was the app listed, it was also downloaded by over one million unsuspecting users. The app was called Update WhatsApp Messenger, and the apps developer pretended to be the official Facebook-owned service with the developer title WhatsApp Inc. That is the very same title that the real WhatsApp uses on the Play Store.
Researchers have found that security cameras using an open-source code called gSOAP could be easily hacked and that attackers can send commands remotely. This allowed the researchers at Senrio, a security firm focused on the internet of things, to take over a video feed, pause the recording and turn the camera off. Senrio was able to take full control of the hacked cameras, the company said. Researchers are naming the zero-day exploit Devils Ivy, because, like the plant, it is hard to kill and it spreads quickly. The company said Tuesday that it discovered the vulnerability while researching Axis security cameras, one of the largest makers of connected cameras. Axis provides surveillance globally, including for every security camera at the Los Angeles airport.
Ten years ago, MySpace was one of the hottest sites on the Internet. In the U.S., MySpace was pulling in more than 72 million unique visitors every month. Facebook lagged way behind at just 23 million. Just four years later things had taken a dramatic turn. Facebook more than doubled, nearly reaching 160 million. MySpace traffic had dropped by nearly 50%. Users had moved on to the next big thing and they left millions of MySpace accounts sitting idle as they spent more and more of their time on Facebook. Fast forward to this year, and all those idle MySpace accounts had become easy targets for hackers.
Microsoft has confirmed that a significant chunk of its source code for Windows 10 was posted to a repository called BetaArchive. The exact size of the leak has been disputed, but the data reportedly comes from the Shared Source Kit that Microsoft distributes to trusted partners. Confirmed by Microsoft on Friday night, the leak contains source code to the base Windows 10 hardware drivers plus Redmonds PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. With that information, a hacker can hunt for vulnerabilities within some of the most trusted levels of the operating system. The code also reportedly contains the private debugging symbols that are normally stripped from public releases. These symbols give programmers extra information about which functions and data a piece of code is calling.
A raft of Unix-based operating systems—including Linux, OpenBSD, and FreeBSD—contain flaws that let attackers elevate low-level access on a vulnerable computer to unfettered root. Security experts are advising administrators to install patches or take other protective actions as soon as possible. Stack Clash, as the vulnerability is being called, is most likely to be chained to other vulnerabilities to make them more effectively execute malicious code, researchers from Qualys, the security firm that discovered the bugs, said in a blog post published Monday. Such local privilege escalation vulnerabilities can also pose a serious threat to server host providers because one customer can exploit the flaw to gain control over other customer processes running on the same server. Qualys said it is also possible that Stack Clash could be exploited in a way that allows it to remotely execute code directly. This is a fairly straightforward way to get root after you have already gotten some sort of user-level access, Jimmy Graham, director of product management at Qualys, told Ars. The attack works by causing a region of computer memory known as the stack to collide into separate memory regions that store unrelated code or data. The concept is not new, but this specific exploit is definitely new.
Both the DNC and RNC were hacked during the 2016 election. Now, it has been revealed that a conservative analytics company also left a massive amount of information on American voters exposed and it could have been downloaded by anyone who stumbled across it. How much data qualifies as a massive amount? Roughly 25 terabytes, which is enough hard drive space to store around 500 complete Blu-Ray movies. Noted security researcher Chris Vickery says, In terms of the scope and depth, this is the biggest exposure I have found. The data that was leaked includes incredibly detailed profiles on just north of 198 million registered voters, which pretty much accounts for everyone who was eligible to vote in the 2016 election. There were thousands of files, some quite small and others incredibly large. Just two Excel files, for example -- one on Hilary Clinton and another containing research on Reddit users -- totalled almost 400GB.