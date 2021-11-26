Proprietary Software and Security Leftovers
Apple patches nasty macOS exploit that bypasses security protections
Apple has patched a nasty macOS bug that could have allowed malicious applications to circumvent the operating system's in-built security protections.
As reported by Bleeping Computer, the flaw was first discovered by Gordon Long, Offensive Security Engineer at Box. According to Long, the vulnerability could allow a specially crafted, script-based application to be launched on a Mac device without Gatekeeper (an antivirus service that verifies the authenticity of all downloaded apps) ever triggering an alarm.
Ubisoft discloses security breach impacting Just Dance gamer data
Ubisoft didn’t provide details about how the breach occurred beyond describing it as a “misconfiguration,” nor did it say for how long its Just Dance servers were exposed.
Anti-cheating browser extension fails web security examination
web security flaw in an anti-cheating browser extension created a means to hack into the computers of university students and other users before they were recently patched.
The Proctorio Google Chrome browser extension was vulnerable to a cross-site scripting (XSS) flaw, security researchers at Sector 7, the research division of Dutch security consultancy Computest, discovered.
The Medical Review Institute of America notifies patients of ransomware incident [iophk: Windows]
MRIoA was hit with ransomware in November. And although they do not directly state that they paid ransom, it sounds like they did because their notification states that to the best of their ability and knowledge, they “retrieved and subsequently confirmed the deletion” of their information.
TikTok Got More Traffic Than Google in 2021 — Report
Cloudflare’s Year In Review ranks sites based on the traffic they receive over the course of a year, measured monthly. Last year, TikTok ranked number eight on the list. But Cloudflare’s 2021 traffic report reveals TikTok is the most visited site on the internet – unseating Google.
TikTok claimed the top spot from Google in February but slid back out in later months. It wasn’t until August that TikTok consistently claimed the top spot in terms of internet traffic.
TikTok is owned by Chinese company ByteDance, after it bought Musical.ly back in 2017. The social media service has seen massive growth throughout 2020 and 2021 as the coronavirus pandemic has continued.
Data stolen in business email compromise attack on W. Virginia hospital operator
That said, Mon Health further discovered that personally identifiable information in emails was compromised. Details stolen included health plan information and claims, addresses, dates of birth, patient account numbers, medical record numbers, dates of service, provider names, claims information and other medical information.
Wireless coexistence – New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation’
Vulnerabilities in wireless chip designs could allow malicious [crackers] to steal data and passwords from devices, according to security researchers.
According to the group, from the Technical University of Darmstadt’s Secure Mobile Networking Group (Germany) and the University of Brescia’s CNIT (Italy), attackers could exploit "wireless coexistence" or shared component features on millions of mobile devices.
Wireless devices often use radio components with shared resources, combination chips or System on a Chip (SoC) designs. These SoCs are responsible for multiple radio interfaces, including Bluetooth, WiFi, LTE (4G) and 5G.
White House invites tech firms to discuss open-source software security
In August, U.S. President Joe Biden called cybersecurity a “core national security challenge” during a meeting with executives from Amazon.com Inc., Google LLC, Microsoft Corp. and other leading companies. The participating companies pledged to invest billions of dollars in cybersecurity-related initiatives over the next few years.
White House Enlists Software Industry to Improve Open-Source Security
In a letter Thursday, National Security Advisor Jake Sullivan invited major players in the software industry to discuss initiatives to improve open-source software security, the official said. Dozens of open-source software projects have become crucial components of global commerce and are mostly maintained by volunteers.
The effort will start with a one-day discussion in January hosted by Anne Neuberger, the deputy national security advisor for cyber and emerging technology, according to the official.
White House national security adviser asks software companies to discuss cybersecurity
“The SolarWinds and Hafnium incidents serve as recent reminders that strategic adversaries actively exploit vulnerabilities for malicious purposes,” Sullivan said in the letter.
To kick off this effort, the deputy national security advisor for cyber & emerging technology, Anne Neuberger, will host a one-day discussion in January with company officials responsible for open-source projects and security.
