Latest News

2019/07/22

Slack Resets Passwords For Users Who Hadn't Changed It Since 2015 Breach

If you use Slack, a popular cloud-based team collaboration server, and recently received an email from the company about a security incident, don't panic and read this article before taking any action.
Slack has been sending a "password reset" notification email to all those users who had not yet changed passwords for their Slack accounts since 2015 when the company suffered a massive data breach.
For those unaware, in 2015, hackers unauthorisedly gained access to one of the company's databases that stored user profile information, including their usernames, email addresses, and hashed passwords.
2019/07/11

Agent Smith Malware Infects 25M Android Phones to Push Rogue Ads

Researchers are warning of a new breed of Android malware, dubbed “Agent Smith,” that they claim has infected 25 million handsets in order to replace legitimate apps with doppelgangers that display rogue ads. The malware is tied to a China-based firm, according to Check Point researchers, and is targeting users in India, Pakistan and other parts of Asia.

According to research released Wednesday, the malware targets phones that have not been patched for a host of old vulnerabilities such as Janus, an Android flaw that dates back to 2017. Victims are enticed to download dropper program camouflaged as either an image editor, porn-related app or game from a third-party app store. The dropper program then downloads the Agent Smith payload.
2019/07/11

Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping

Apple has disabled the Apple Watch Walkie Talkie app due to an unspecified vulnerability that could allow a person to listen to another customer’s iPhone without consent, the company told TechCrunch this evening.

Apple has apologized for the bug and for the inconvenience of being unable to use the feature while a fix is made.

The Walkie Talkie app on Apple Watch allows two users who have accepted an invite from each other to receive audio chats via a ‘push to talk’ interface reminiscent of the PTT buttons on older cell phones.
2019/07/10

Two Windows Privilege Escalation Vulnerabilities Exploited in Attacks

Microsoft’s July 2019 Patch Tuesday updates fix nearly 80 vulnerabilities, including two Windows zero-day flaws and six issues whose details were previously made public.

One of the zero-day vulnerabilities is CVE-2019-0880, which Microsoft describes as a local privilege escalation issue related to how the splwow64.exe component in Windows handles certain calls.

Splwow64.exe is designed to allow 32-bit applications to use a 64-bit printer spooler service on 64-bit versions of Windows.

“An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity,” Microsoft said in its advisory. “This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.”
2019/07/10

Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million ($123 million) fine under GDPR over 2014 data breach.
This is the second major penalty notice in the last two days that hit companies for failing to protect its customers' personal and financial information compromised and implement adequate security measures.
In November 2018, Marriott discovered that unknown hackers compromised their guest reservation database through its Starwood hotels subsidiary and walked away with personal details of approximately 339 million guests.