FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Today — August 21st 2019Your RSS feeds

Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban

By Lindsey O'Donnell
After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client.

The Texas Ransomware Attacks: A Gamechanger for Cybercriminals

By Lindsey O'Donnell
Security researchers worry that this weekend's coordinated attacks on more than 20 Texas governments mark a change in how ransomware attacks will be launched in the future.

Backdoor Found in Utility for Linux, Unix Servers

By Tom Spring
Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.

Adult Content Site Exposed Personal Data of 1M Users

By Lindsey O'Donnell
The personal email addresses - some indicating user names or government official status - of more than a million pornography website users were exposed.

7 Big Factors Putting Small Businesses At Risk

By Kelly Sheridan Staff Editor, Dark Reading
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.

  • August 21st 2019 at 12:45

SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus

Posted by SEC Consult Vulnerability Lab on Aug 21

SEC Consult Vulnerability Lab Security Advisory < 20190821-0 >
=======================================================================
title: Unauthenticated sensitive information leakage
product: Zoho Corporation ManageEngine ServiceDesk Plus
vulnerable version: v10 <10509
fixed version: v10 >=10509
CVE number: CVE-2019-15045, CVE-2019-15046
impact: Critical
homepage:...
  • August 21st 2019 at 12:29

SEC charges rating service $269,000 for hiding ICO touting payments

The company failed to mention some Initial Coin Offerings were paying for inclusion.
  • August 21st 2019 at 12:08

Forced Password Reset? Check Your Assumptions

By BrianKrebs

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site’s efforts to identify customers who are reusing passwords from other sites that have already been hacked.

But ironically, many companies taking these proactive steps soon discover that their explanation as to why they’re doing it can get misinterpreted as more evidence of lax security. This post attempts to unravel what’s going on here.

Over the weekend, a follower on Twitter included me in a tweet sent to California-based job search site Glassdoor, which had just sent him the following notice:

The Twitter follower expressed concern about this message, because it suggested to him that in order for Glassdoor to have done what it described, the company would have had to be storing its users’ passwords in plain text. I replied that this was in fact not an indication of storing passwords in plain text, and that many companies are now testing their users’ credentials against lists of hacked credentials that have been leaked and made available online.

The reality is Facebook, Netflix and a number of many big-name companies are regularly combing through huge data leak troves for credentials that match those of their customers, and then forcing a password reset for those users. Some are even checking for password re-use on all new account signups.

The idea here is to stymie a massively pervasive problem facing all companies that do business online today: Namely, “credential-stuffing attacks,” in which attackers take millions or even billions of email addresses and corresponding cracked passwords from compromised databases and see how many of them work at other online properties.

So how does the defense against this daily deluge of credential stuffing work? A company employing this strategy will first extract from these leaked credential lists any email addresses that correspond to their current user base.

From there, the corresponding cracked (plain text) passwords are fed into the same process that the company relies upon when users log in: That is, the company feeds those plain text passwords through its own password “hashing” or scrambling routine.

Password hashing is designed to be a one-way function which scrambles a plain text password so that it produces a long string of numbers and letters. Not all hashing methods are created equal, and some of the most commonly used methods — MD5 and SHA-1, for example — can be far less secure than others, depending on how they’re implemented (more on that in a moment). Whatever the hashing method used, it’s the hashed output that gets stored, not the password itself.

Back to the process: If a user’s plain text password from a hacked database matches the output of what a company would expect to see after running it through their own internal hashing process, then that user is then prompted to change their password to something truly unique.

Now, password hashing methods can be made more secure by amending the password with what’s known as a “salt” — or random data added to the input of a hash function to guarantee a unique output. And many readers of the Twitter thread on Glassdoor’s approach reasoned that the company couldn’t have been doing what it described without also forgoing this additional layer of security.

My tweeted explanatory reply as to why Glassdoor was doing this was (in hindsight) incomplete and in any case not as clear as it should have been. Fortunately, Glassdoor’s chief information officer Anthony Moisant chimed in to the Twitter thread to explain that the salt is in fact added as part of the password testing procedure.

“In our [user] database, we’ve got three columns — username, salt value and scrypt hash,” Moisant explained in an interview with KrebsOnSecurity. “We apply the salt that’s stored in the database and the hash [function] to the plain text password, and that resulting value is then checked against the hash in the database we store. For whatever reason, some people have gotten it into their heads that there’s no possible way to do these checks if you salt, but that’s not true.”

CHECK YOUR ASSUMPTIONS

You — the user — can’t be expected to know or control what password hashing methods a given site uses, if indeed they use them at all. But you can control the quality of the passwords you pick.

I can’t stress this enough: Do not re-use passwords. And don’t recycle them either. Recycling involves rather lame attempts to make a reused password unique by simply adding a digit or changing the capitalization of certain characters. Crooks who specialize in password attacks are wise to this approach as well.

If you have trouble remembering complex passwords (and this describes most people), consider relying instead on password length, which is a far more important determiner of whether a given password can be cracked by available tools in any timeframe that might be reasonably useful to an attacker.

In that vein, it’s safer and wiser to focus on picking passphrases instead of passwords. Passphrases are collections of multiple (ideally unrelated) words mushed together. Passphrases are not only generally more secure, they also have the added benefit of being easier to remember.

According to a recent blog entry by Microsoft group program manager Alex Weinert, none of the above advice about password complexity amounts to a hill of beans from the attacker’s standpoint.

Weinert’s post makes a compelling argument that as long as we’re stuck with passwords, taking full advantage of the most robust form of multi-factor authentication (MFA) offered by a site you frequent is the best way to deter attackers. Twofactorauth.org has a handy list of your options here, broken down by industry.

“Your password doesn’t matter, but MFA does,” Weinert wrote. “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.”

Glassdoor’s Moisant said the company doesn’t currently offer MFA for its users, but that is planning to roll that out later this year to both consumer and business users.

Password managers also can be useful for those who feel encumbered by having to come up with passphrases or complex passwords. If you’re uncomfortable with entrusting a third-party service or application to handle this process for you, there’s absolutely nothing wrong with writing down your passwords, provided a) you do not store them in a file on your computer or taped to your laptop or screen or whatever, and b) that your password notebook is stored somewhere relatively secure, i.e. not in your purse or car, but something like a locked drawer or safe.

Although many readers will no doubt take me to task on that last bit of advice, as in all things security related it’s important not to let the perfect become the enemy of the good. Many people (think moms/dads/grandparents) can’t be bothered to use password managers  — even when you go through the trouble of setting them up on their behalf. Instead, without an easier, non-technical method they will simply revert back to reusing or recycling passwords.

Ransomware disrupts 22 Texas government departments

By John E Dunn
On August 16, Texas local government became the latest victim of the expanding global racket that is ransomware.

shutterstock_494317324-compressor (1)

Google’s Nest webcam needs patching after flaws found

By John E Dunn
The list of vulnerabilities recently discovered by researchers relate to one model, the Nest Cam IQ Indoor camera.

nestiq

How to Avoid Technical Debt in Open Source Projects

By Kacy Zurkus Contributing Writer
Engineering teams have only a certain amount of capacity. Cutting down the volume of rework inherent in the open source business model begins with three best practices.

  • August 21st 2019 at 11:00

Apple, Google, and Mozilla block Kazakhstan's HTTPS intercepting certificate

Kazakhstan government's root certificate banned inside Chrome, Firefox, and Safari.
  • August 21st 2019 at 10:00

Firefox and Chrome Fight Back Against Kazakhstan's Spying

By Lily Hay Newman
The Central Asian country’s government has repeatedly threatened to monitor its citizens’ internet activities. Google and Mozilla aren’t having it.

No Spoilers - BSW #140

By paul@securityweekly.com

This week, we welcome Jessica Johnson and Amber Pedroncelli to discuss Hacker Halted and the Global CISO Forum! In the Leadership and Communications segment, 3 Traits Of Successful Entrepreneurs, 4 Ways To Gain Power And Use It For Good, 5 Reasons to Never Compromise on Punctuality, and more!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode140

To register for Hacker Halted, visit: https://securityweekly.com/hackerhalted and use the discount code HH19SW to get $100 off!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • August 21st 2019 at 09:00

Stuff like sophisticated government spyware is scary and all – but don't forget, a single .wmv file can pwn you via VLC

Keep your media player, like other apps, up to date: 13 security flaws fixed

VideoLAN has issued an update to address a baker's dozen of CVE-listed security vulnerabilities in its widely used VLC player software.…

  • August 21st 2019 at 08:57
  • August 19th 2019 at 12:15

Google, Mozilla, Apple Block Kazakhstan's Root CA Certificate to Prevent Spying

By noreply@blogger.com (Unknown)
In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software. Starting today, Chrome, Safari and Firefox users in Kazakhstan will see an error message stating that the "Qaznet Trust Network" certificate should not

Education and privacy legislation at ChannelCon

By Lysa Myers

As education is becoming an increasingly vital tool in companies’ security toolboxes, the question arises: How can they effectively implement security awareness training?

The post Education and privacy legislation at ChannelCon appeared first on WeLiveSecurity

[webapps] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
  • August 21st 2019 at 00:00

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

By noreply@blogger.com (Swati Khandelwal)
Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group's most recent successful campaign was against Bangladesh-based Dutch-Bangla

30+ countries, 160,000 emails, $4.2m in cyber-heists… maybe it's time for the Silence hacker crew to change its name

Russian bank-hacking ring continues its global expansion

The rapidly growing hacking crew dubbed Silence, has – in less than three years – gone from ransacking small regional banks in Eastern Europe to stealing millions from some of the largest international banks.…

  • August 21st 2019 at 05:00

Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks

By Gary Davis

Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered a weakness in the Bluetooth wireless standard that could allow attackers to intercept device keystrokes, contact lists, and other sensitive data sent from billions of devices.

The Key Negotiation of Bluetooth attack, or “KNOB” for short, exploits this weakness by forcing two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection, allowing attackers within radio range to quickly crack the key and access users’ data. From there, hackers can use the cracked key to decrypt data passed between devices, including keystrokes from messages, address books uploaded from a smartphone to a car dashboard, and photos.

What makes KNOB so stealthy? For starters, the attack doesn’t require a hacker to have any previously shared secret material or to observe the pairing process of the targeted devices. Additionally, the exploit keeps itself hidden from Bluetooth apps and the operating systems they run on, making it very difficult to spot the attack.

While the Bluetooth Special Interest Group (the body that oversees the wireless standard) has not yet provided a fix, there are still several ways users can protect themselves from this threat. Follow these tips to help keep your Bluetooth-compatible devices secure:

  • Adjust your Bluetooth settings. To avoid this attack altogether, turn off Bluetooth in your device settings.
  • Beware of what you share. Make it a habit to not share sensitive, personal information over Bluetooth.
  • Turn on automatic updates. A handful of companies, including Microsoft, Apple, and Google, have released patches to mitigate this vulnerability. To ensure that you have the latest security patches for vulnerabilities such as this, turn on automatic updates in your device settings.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks appeared first on McAfee Blogs.

Moscow's blockchain voting system cracked a month before election

French researcher nets $15,000 prize for finding bugs in Moscow's Ethereum-based voting system.
  • August 20th 2019 at 22:57

TOR Virtual Network Tunneling Tool 0.4.1.5

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • August 20th 2019 at 22:34

CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats

By Dark Reading Staff
Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.

  • August 20th 2019 at 22:15

Ubuntu Security Notice USN-4106-1

Ubuntu Security Notice 4106-1 - Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem.
  • August 20th 2019 at 22:04

Ubuntu Security Notice USN-4107-1

Ubuntu Security Notice 4107-1 - It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.
  • August 20th 2019 at 22:04

Ubuntu Security Notice USN-4103-2

Ubuntu Security Notice 4103-2 - Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
  • August 20th 2019 at 22:04

Ubuntu Security Notice USN-4104-1

Ubuntu Security Notice 4104-1 - Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information.
  • August 20th 2019 at 22:04

Ubuntu Security Notice USN-4105-1

Ubuntu Security Notice 4105-1 - Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server. Various other issues were also addressed.
  • August 20th 2019 at 22:04

Ubuntu Security Notice USN-4103-1

Ubuntu Security Notice 4103-1 - Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
  • August 20th 2019 at 22:03

Facebook’s New Privacy Feature Comes With a Loophole

By Louise Matsakis
"Off-Facebook Activity" will give users more control over their data, but Facebook needs up to 48 hours to aggregate your information into a format it can share with advertisers.

Microsoft Offers $30K Rewards For Chromium Edge Beta Flaws

By Lindsey O'Donnell
Microsoft released the beta of its new Chromium-based Edge - and it is offering rewards of up to $30,000 for researchers to hunt out vulnerabilities in the browser.

No REST for the wicked: Ruby gem hacked to siphon passwords, secrets from web devs

Developer account cracked due to credential reuse, source tampered with and released to hundreds of programmers

An old version of a Ruby software package called rest-client that was modified and released about a week ago has been removed from the Ruby Gems repository – because it was found to be deliberately leaking victims' credentials to a remote server.…

  • August 20th 2019 at 21:21

Apple Misstep Leaves iPhones Open to Jailbreak

By Jai Vijayan Contributing Writer
Newest version of iOS contains a critical bug that the company had previously already patched.

  • August 20th 2019 at 21:21

Haveged 1.9.5 Alpha

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
  • August 20th 2019 at 21:11

HNN #230 - August 20, 2019

By paul@securityweekly.com

This week, 61 impacted versions of Apache Struts let off security advisories, a hacker publicly releases Jailbreak for iOS version 12.4, Chrome users ignoring warnings to change breached passwords, an unpatchable security flaw found in popular SoC boards, and a reward up to $30,000 for find vulns in Microsoft Edge dev and beta channels! In the expert commentary, we welcome Jason Wood, to discuss Ransomware and City Governments!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode230

Roman Sannikov, Recorded Future - https://www.youtube.com/watch?v=0kCZIX6a-6o

 

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

  • August 20th 2019 at 20:59

Chris Young and Ken McCray Recognized on CRN’s 2019 Top 100 Executives List

By Amber Wolff

CRN, a brand of The Channel Company, recently recognized McAfee CEO Chris Young and Head of Channel Sales Operations for the Americas Ken McCray in its list of Top 100 Executives of 2019. This annual list honors technology executives who lead, influence, innovate and disrupt the IT channel.

Over the past year, Young led McAfee into the EDR space, directed the introduction of McAfee’s cloud and unified data protection offerings, and forged a partnership with Samsung to safeguard the Galaxy S10 mobile device. According to CRN, these accomplishments earned Young the number-three spot in CRN’s list of 25 Most Innovative Executives—a subset of the Top 100 list that recognizes executives “who are always two steps ahead of the competition.” Young is no stranger to the Top 100 Executives list: He also earned a place on last year’s list, when his post-spinout acquisitions led to him being named one of the Top 25 Disruptors of 2018.

Based on his work overseeing the launch of McAfee’s alternative route to market channel initiative, Ken McCray was also recognized as one of this year’s Top 100 Executives. The initiative, which has driven incremental bookings as Managed Security Partners and cloud service providers bring new customers on board, earned McCray a spot on the Top 25 IT Channel Sales Leaders of 2019. This has been an accolade-filled year for McCray: In February, he was named one of the 50 Most Influential Channel Chiefs for 2019, based on his division’s double-digit growth and the relationships he built with key cloud service providers.

The Top 100 Executives being recognized drive cultural transformation, revenue growth, and technological innovation across the IT channel. In doing so, they help solution providers and technology suppliers survive—and thrive—in today’s always-on, always-connected global marketplace.

“The IT channel is rapidly growing, and navigating this fast-paced market often challenges solution providers and technology suppliers alike,” said Bob Skelley, CEO of The Channel Company. “The technology executives on CRN’s 2019 Top 100 Executives list understand the IT channel’s potential. They provide strategic and visionary leadership and unparalleled guidance to keep the IT channel moving in the right direction—regardless of the challenges that come their way.”

We at McAfee are proud of the recognition Young and McCray have received, and look forward to seeing our company continue to thrive under their leadership.

The Top 100 Executives list is featured in the August 2019 issue of CRN Magazine and online at www.CRN.com/Top100.

The post Chris Young and Ken McCray Recognized on CRN’s 2019 Top 100 Executives List appeared first on McAfee Blogs.

The Cybersecurity Playbook: Why I Wrote a Cybersecurity Book

By Allison Cerra

I ruined Easter Sunday 2017 for McAfee employees the world over. That was the day our company’s page on a prominent social media platform was defaced—less than two weeks after McAfee had spun out of Intel to create one of the world’s largest pure-play cybersecurity companies. The hack would have been embarrassing for any company; it was humiliating for a cybersecurity company. And, while I could point the finger of blame in any number of directions, the sobering reality is that the hack happened on my watch, since, as the CMO of McAfee, it was my team’s responsibility to do everything in our power to safeguard the image of our company on that social media platform. We had failed to do so.

Personal accountability is an uncomfortable thing. Defensive behavior comes much more naturally to many of us, including me. But, without accountability, change is hindered. And, when you find yourself in the crosshairs of a hacker, change—and change quickly—you must.

I didn’t intend to ruin that Easter Sunday for my colleagues. There was nothing I wanted less than to call my CEO and peers and spoil their holiday with the news. And, I didn’t relish having to notify all our employees of the same the following Monday. It wasn’t that I was legally obligated to let anyone know of the hack; after all, McAfee’s systems were never in jeopardy. But our brand reputation took a hit that day, and our employees deserved to know that their CMO had let her guard down just long enough for an opportunistic hacker to strike.

I tell you this story not out of self-flagellation or so that you can feel, “Hey, better her than me!” I share this story because it’s a microcosm of why I wrote a book, The Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security.

I’m not alone in having experienced an unfortunate hack that may have been prevented had my team and I been more diligent in practicing habits to minimize it. Every day, organizations are attacked the world over. And, behind every hack, there’s a story. There’s hindsight of what might have been done to avoid it. While the attack on that Easter Sunday was humbling, the way in which my McAfee teammates responded, and the lessons we learned, were inspirational.

I realized in the aftermath that there’s a real need for a playbook that gives every employee—from the frontline worker to the board director—a prescription for strong cybersecurity hygiene. I realized that everyone can play an indispensable role in protecting her organization from attack. And, I grasped that common sense is not always common practice.

There’s no shortage of cybersecurity books available for your consumption from reputable, talented authors with a variety of experiences. You’ll find some from journalists, who have dissected some of the most legendary breaches in history. You’ll find others from luminaries, who speak with authority as being venerable forefathers of the industry. And you’ll find more still from technical experts, who decipher the intricate elements of cybersecurity in significant detail.

But, you won’t find many from marketers. So why trust this marketer with a topic of such gravity? Because this marketer not only works for a company that has its origins in cybersecurity but found herself on her heels that fateful Easter Sunday. I know what it’s like to have to respond—and respond fast—when time is not on your side and your reputation is in the hands of a hacker. And, while McAfee certainly had a playbook to act accordingly, I realized that every company should have the same.

So, whether you’re in marketing, human resources, product development, IT or finance—or a board member, CEO, manager or individual contributor—this book gives you a playbook to incorporate cybersecurity habits in your routine. I’m not so naïve as to believe that cybersecurity will become everyone’s primary job. But, I know that cybersecurity is now too important to be left exclusively in the hands of IT. And, I am idealistic to envision a workplace where sound cybersecurity practice becomes so routine, that all employees regularly do their part to collectively improve the defenses of their organization. I hope this book empowers action; your organization needs you in this fight.

Allison Cerra’s book, The Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security, is scheduled to be released September 12, 2019 and can be preordered at amazon.com.

The post The Cybersecurity Playbook: Why I Wrote a Cybersecurity Book appeared first on McAfee Blogs.

Backdoor code found in 11 Ruby libraries

RubyGems staff have removed 18 malicious Ruby library versions that have been downloaded 3,584 times since July 8.
  • August 20th 2019 at 16:02

A Huge Ransomware Attack Messes With Texas

By Sean Gallagher, Ars Technica
A coordinated strike against 23 local governments is called the largest such hack from a single source.

Apple iOS update ends in jailbroken iPhones (if that’s what you want)

By Paul Ducklin
Programmers call it "regresssion" - when fixing a new bug unfixes an old one - and it's a jailbreakers dream!

Yesterday — August 20th 2019Your RSS feeds

Microsoft Offers $30K Rewards For Chromium Edge Beta Flaws

By Lindsey O'Donnell
Microsoft released the beta of its new Chromium-based Edge - and it is offering rewards of up to $30,000 for researchers to hunt out vulnerabilities in the browser.

Use This Privacy Tool to View and Clear Your 'Off-Facebook Activity' Data

By noreply@blogger.com (Swati Khandelwal)
Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal, Facebook has taken several privacy measures in the past one year with an aim to give its users more control over their data and transparency about how the social
❌