Cover photo by Jazmin Quaynor on Unsplash.
This week round-up is all about the entire theme of this series, from research, vulnerabilities, bugs to malicious software and everything in-between.
Microsoft begins to finally kill off Internet Explorer
Our good old IE.
Excerpt from the article:
Starting in recent versions of Microsoft Edge, when Internet Explorer visits an incompatible site, the browsing session will automatically be launched in Microsoft Edge to continue the browsing session.
Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps
Link previews are popular in messaging apps like Signal, WhatsApp, Telegram to name a few. Now, researchers have warned that there could be a potential privacy violation in the way link previews are generated.
Excerpt from the article:
Apps that rely on servers to generate link previews may be violating the privacy of their users by sending links shared in a private chat to their servers.
Microsoft releases update to remove Adobe Flash from Windows
The title says it all.
Excerpt from the article:
In September 2020, Microsoft announced that an optional update would be released in the fall to uninstall Adobe Flash Player and prevent it from being installed again on the same device.
Google Removes 21 Malicious Android Apps from Play Store
Malicious apps perform nefarious actions on a user device the least being unwarranted and unsolicited advertisements.
Excerpt from the article:
The apps masqueraded as harmless gaming apps and came packed with HiddenAds malware, a notorious Trojan known for its capabilities to serve intrusive ads outside of the app. The group behind the operation relies on social media channels to lure users into downloading the apps.
In a first, researchers extract secret key used to encrypt Intel CPU code
If you are security conscious human and care a lot about encryption, this research is scary.
The author summarizes the article as: Hackers can now reverse-engineer updates or write their own custom firmware.
Excerpt from the article:
At the moment, it is quite difficult to assess the security impact,” independent researcher Maxim Goryachy said in a direct message. “But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates.
Hackers are on the hunt for Oracle servers vulnerable to potent exploit
The bug has a severity rating of 9.8 over 10 and requires little skill to exploit.
Excerpt from the article:
Johannes Ullrich, dean of research at the SANS Technology Institute, said his organization’s honeypots had detected Internetwide scans that probe for vulnerable servers. CVE-2020-14882, as the vulnerability is tracked, has a severity rating of 9.8 out of 10 on the CVSS scale. Oracle’s October advisory accompanying a patch said exploits are low in complexity and require low privileges and no user interaction.
Browser Bugs Exploited to Install 2 New Backdoors on Targeted Computers
The title says it all.
Excerpt from the article:
Dubbed "Operation Earth Kitsune" by Trend Micro, the campaign involves the use of SLUB (for SLack and githUB) malware and two new backdoors — dneSpy and agfSpy — to exfiltrate system information and gain additional control of the compromised machine.
That's it for this week, I'll see you next Friday.
Four weeks in a row!, I'm back!