Latest News

2019/07/05

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.
Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.
The attack takes advantage of the way Firefox implements Same Origin Policy (SOP) for the "file://" scheme URI (Uniform Resource Identifiers), which allows any file in a folder on a system to get access to files in the same folder and subfolders.
2019/07/05

Mac Malware Pushed via Google Search Results, Masquerades as Flash Installer

Never-before-seen Mac malware, dubbed OSX/CrescentCore, has been discovered in the wild. The trojan, spotted on various websites masquerading as an Adobe Flash Player installer, drops malicious applications and browser extensions on victims’ systems when downloaded.

OSX/CrescentCore is spread via various websites, where it is masqueraded as an Adobe Flash Player installer. However, the “installer” is actually a .dmg file (an Apple disk image) that delivers the malware.
2019/07/03

Facebook Removes Accounts Used to Infect Thousands With Malware

Facebook has shut down more than 30 accounts spreading malware through malicious links that purport to be news about the ongoing political situation in Libya. The campaign, ongoing since 2014, has infected tens of thousands of victims with remote access trojans (RATs), according to researchers.

The campaign, dubbed “Operation Tripoli,” took advantage of the political situation in Libya to lure victims into clicking links that claimed to be Libya-related news. The links purported to be information about news like the latest airstrike in the country or the capturing of terrorists, but instead, contained malware. It’s important to note that Facebook itself wasn’t breached – however, the hack points to how social media platforms can be abused to launch malware attacks, researchers said.
2019/07/03

Internet wobble caused by Cloudflare glitch

Internet users faced problems accessing many websites for about an hour because of a problem with Cloudflare.

The company provides internet security and other services meant to help online businesses operate smoothly.

Many members of the public had reported seeing "502 errors" displayed in their browsers when they tried to visit its clients.
Source: www.bbc.com
2019/07/01

FDA Warns of Potentially Fatal Flaws in Insulin Pumps

The Food and Drug Administration (FDA) has issued an emergency alert, warning that Medtronic MiniMed insulin pumps are vulnerable to potentially life-threatening cyberattacks.

Specifically impacted are Medtronic’s MiniMed insulin pumps, the MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps. Up to 4,000 patients in the U.S. have been identified using vulnerable insulin pumps – Medtronic, which has issued a recall for the products, is still working to identify more users.