Facebook Flaw Allowed Remote Commands
Facebook failed to fully sanitize error data returned by a public facing web app. Go to Source
Microsoft Windows Zero-Day Found in Task Scheduler
A Windows task scheduler API function does not check permissions – so any potential local bad actor can alter them to gain elevated privileges. Go to Source
ThreatList: Ransomware Attacks Down, Fileless Malware Up in 2018
The first half of 2018 saw an uptick in fileless malware attacks and a downturn in ransomware attacks, for now. Go to Source
Adobe Pushes Out Unscheduled Creative Cloud Application Fix
Adobe issues a second unscheduled update this month to address a bug with a publicly available proof-of-concept code in the wild. Go to Source
Side-Channel Attack Allows Remote Listener to ‘Hear’ On-Screen Images
The contents of the user’s screen can be gleaned through video or VoIP calls, or voice-operated virtual assistants, like Amazon Alexa. Go to Source
AT Command Hitch Leaves Android Phones Open to Attack
Researchers used AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, and unlock screens. Go to Source
Newsmaker Interview: Derek Manky on ‘Self-Organizing Botnet Swarms’
Botnets fused with artificial intelligence are decentralized and self-organized systems, capable of working together toward a common goal – attacking networks. Go to Source
Fortnite Android App Falls Victim to Man-in-the-Disk Flaw
After Google publicized the flaw seven days after a patch was issued, the Epic Games CEO called out the company for irresponsible disclosure. Go to Source
PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability
Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability. Go to Source
Following Facebook and Twitter, Google Targets Iranian Influence Operation
The news comes as President Trump tweets opposition to take-down efforts by the tech giants. Go to Source