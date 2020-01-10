Security Leftovers
Shocking! Antivirus company tracked and sold users' personal browsing histories
A joint investigation by Motherboard and PCMag led to this revelation. The data that is being sold even includes the porn search history of the users and the videos that they finally watched.
Antivirus company Avast shuts down porn-tracking subsidiary
Antivirus software giant Avast has scrapped a subsidiary that was exposed in a bombshell report for harvesting and selling millions of users’ private web browsing histories.
Popular antivirus tracked users’ porn browsing habits: report
Experts told Motherboard, however, that in certain instances it “could be possible to deanonymize certain users” provided there was enough specific data about their browsing habits.
The Cost of Avast's Free Antivirus: Companies Can Spy on Your Clicks
The data collected is so granular that clients can view the individual clicks users are making on their browsing sessions, including the time down to the millisecond. And while the collected data is never linked to a person's name, email or IP address, each user history is nevertheless assigned to an identifier called the device ID, which will persist unless the user uninstalls the Avast antivirus product.
Cisco Patches DoS, Information Disclosure Flaws in Small Business Switches
Cisco this week informed customers that some of its Small Business Switches are affected by high-severity vulnerabilities that can be exploited to obtain sensitive device information and to launch denial-of-service (DoS) attacks.
The flaws, tracked as CVE-2019-15993 and CVE-2020-3147, were reported to the company by Ken Pyle of DFDR Consulting. Both security holes can be exploited remotely and without authentication, and they impact a switch’s web-based user interface.
Severe ‘Perfect 10.0’ Microsoft Flaw Confirmed: ‘This Is A Cloud Security Nightmare’
There are two vulnerabilities here. The first is a modest software bug that can be pushed hard to crash a system and escalate that crash to secure user privileges. And the second in a lack of security on a relatively arbitrary shared service that can be manipulated to break out of a user’s own part of the cloud infrastructure and onto the common shared hardware. That great advantage of the cloud, using only what you need, just when you need it, means you are a tenant in a server version of an apartment block. Check Point’s exploit built a master key for all the other apartments in that block.
Direct Memory Access Attacks – A Walk Down Memory Lane
DMA attacks are a particularly powerful class of attacks for any adversary who has compromised firmware locally or remotely on peripheral hardware such as network cards, or who has physical access to a system. As the name suggests, DMA attacks enable a potential attacker to read and write memory off a victim system directly, bypassing the main CPU and OS. By overwriting memory, attackers can gain control over kernel execution to perform virtually any manner of malicious activity. We collectively refer to these as Memory Lane attacks.
While we will look at a few specific examples here, it is important to note this is an industry-wide issue. Previously, successful DMA attacks have been demonstrated against Intel NUC and Lenovo laptops, and these vulnerabilities apply equally to servers as well as laptops. While device vendors, chip vendors, and operating system vendors have all developed new controls to defend against these threats, our research shows that many devices with built-in hardware protections continue to be vulnerable.
Winnti Group targeting universities in Hong Kong
In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and embedding numerous modules. The Winnti malware was also found at these universities a few weeks prior to ShadowPad.
The Winnti Group, active since at least 2012, is responsible for for high-profile supply-chain attacks against the video game and software industries leading to the distribution of trojanized software (such as CCleaner, ASUS LiveUpdate and multiple video games) that is then used to compromise more victims. It is also known for having compromised various targets in the healthcare and education sectors.
