Latest News

2019/10/08

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code.

The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).
2019/10/07

New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild

Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android.
What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to gain control of their targets' Android devices
2019/10/07

New Reductor Malware Hijacks HTTPS Traffic

Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate Hypertext Transfer Protocol Secure (HTTPS) traffic by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and server.

Once infected, Reductor is used to spy on a victim’s browser activity, said the Global Research and Analysis Team (GReAT) at Kaspersky, which discovered the malware. Researchers said Reductor is being used for cyber espionage on diplomatic entities that are part of the post-Soviet republics known as Commonwealth of Independent States.
2019/09/23

Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme

Two widely used Adblocker Google Chrome extensions, posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently.
There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and aiding productivity, but at the same time, they also pose huge threats to both your privacy and security.
2019/09/23

Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica

Facebook said it has suspended tens of thousands of apps as part of its ongoing investigation into how third-party apps on its platform collect, handle and utilize users’ personal data. The results of the investigation, launched in March 2018 in response to Facebook’s infamous Cambridge Analytica incident, sharpen the spotlight on the social media platform’s data collection policies.

The tens of thousands of apps, associated with about 400 developers, have either been suspended or banned completely. Facebook said that several of the apps in question have inappropriately shared data obtained from its platform, made data publicly available without protecting people’s identity or something else “that was in clear violation of our policies.”