According to Zoom, the data collected did not include personal user information, but rather information about users devices. This didn;t mean the information was directly posted on people;s Facebook accounts but was nonetheless visible to the company. The company is encouraging users to update the iOS app to the latest version for the change to take effect, the company said.It might seem like an innocent amount of information to leave behind, but still concerning that the information found its way online anyway. According to a blog post by Zoom CEO Eric S. Yuan who unpacked the timeline of the incident in more detail, Zoom implemented its Login with Facebook feature using Facebook s software development kit (SDK) for iOS. On March 25th, the company was made aware that the Facebook SDK was collecting device information unnecessary for us to provide our services, :
It s less than a week since Apple s iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of Virtual Private Network (VPN) connections.Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version.
by Ivan Mehta mdash; in Security Last night, Microsoft noted there s an unpatched bug in Windows that might allow attackers to install malware or ransomware on your system through specially crafted documents.
A dozen of the vulnerabilities Microsoft patched today are rated ;critical,; meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.Last month, Microsoft released an advisory warning that attackers were exploiting a previously unknown flaw in IE. That vulnerability, assigned as CVE 2020 0674, has been patched with this month ''s release. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.
Much has rightly been made of the drama surrounding and embedded into David Bowie s , an album that not only addressed mortality but directly addressed his fans as well. Less has been said suggesting that it stood upon its release, as it does today, as one of Bowie s finest records. Opinions vary, of course, and his back catalog is a considerable tower against which to measure anything, but beginning to end the record is every bit as strong as his 1976 Station to Station, which in many ways is his crowning achievement. It would be as foolish to say that profited from a sympathetic response (the record came out on January 8, 2016, Bowie s 69th birthday) as it would be to deny the fact, because the album was designed to elicit exactly that response. But it was clear in the hours between its Friday release and the news that Bowie was gone the following Sunday that the album was a major statement. Like Station to Station, wraps bravado and vulnerability together without conflict and delivers it with some of the most magnificent singing Bowie put to record. Both records feature strong yet understated musicianship, benefiting from the musicians getting to work within the longest songs Bowie wrote in his career. Both records do much to define an astonishing career.
Google has rolled out a security update to address a critical flaw in Android;s Bluetooth implementation that allows remote code execution without user interaction.The vulnerability, tracked as CVE 2020 0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0). For these devices, which between them account for almost two thirds of Android devices in use, the flaw is rated critical by Google.
WhatsApp has been discovered to have a critical vulnerability that could have allowed attackers to remotely access files from a Windows or Mac computer. The vulnerability, which has been fixed by Facebook, could be exploited using the WhatsApp desktop application. It was a mix of multiple high severity flaws that existed within the WhatsApp desktop application. Some of those flaws were also a part of the WhatsApp Web client that works on Web browsers. The vulnerability essentially allowed for cross site scripting (XSS) that could be used by remote attackers.PerimeterX researcher Gal Weizman discovered the WhatsApp vulnerability that has been tracked as CVE 2019 18426. The researcher stated that the security loophole existed within the Content Security Policy (CSP) of WhatsApp that allowed for XSS attacks on the desktop app. The flaw in the CSP also impacted the WhatsApp Web client to some extent as it provided space to alter rich preview banners with malicious content.
That is because Twitter has patched a significant vulnerability that allowed bad actors to see nonpublic account information and gain control of your account, therefore sending tweets and DMs.
Illustrative image Image Credit: Pixabay New Delhi: Ethical hacking is no new concept and India has seen a breed of such young enthusiasts in the past. What has changed is the money that comes with it as cyber attacks on businesses across industries have grown multi fold in the era of digital transformation.Meet 23 year old Shivam Vashist from north India, a hacker associated with San Francisco based HackerOne which is a vulnerability coordination and bug bounty platform and boasts of clients like Starbucks, Instagram, Goldman Sachs, Twitter, Zomato and OnePlus.
In an extremely stressful year for Internet users, Twitter on Friday admitted a malicious code was inserted into its app by a bad actor that may have compromised some users' information worldwide, including in India, as people woke up to an email from Twitter, warning them to update the app for Android. The vulnerability within Twitter for Android could allow the bad actor to see non public account information or to control your account (send Tweets or Direct Messages), said an apologetic Twitter."Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (Direct Messages, protected Tweets, location information) from the app," Twitter said in a statement. Users should update their Twitter for Android app via Google Play.
The vulnerability leads the app to crash in loop forcing users to reinstall the app. But the users would lose the chat history forever. It must be mentioned that WhatsApp allows a maximum of 256 members in a group making it easier for the hackers to comfortably become part of one. The vulnerability that has since been fixed allows malicious hackers to exploit the platform through WhatsApp Web and a debugging tool like Chrome''s DevTools. The hackers gain access to a specific message parameter and lead to the crashing of the app in loop.
Of the 1.5 billion people who are affected by Neglected Tropical Diseases (NTDs) worldwide, women and girls are disproportionately suffering. Women need to be more visible if we are to eliminate NTDs by 2020 and a gendered perspective is crucial to understanding how this can be achieved.The reasons for this issue cannot be isolated not only do biological and physical factors lead to an increased vulnerability, but socio cultural factors greatly increase the risk of women and girls contracting an NTD. According to a 2016 report by Uniting to Combat Neglected Tropical Diseases, women and girls perform two thirds of water collection, exposing them to water borne diseases such as schistosomiasis. Likewise, women are also typically the primary caregivers and are therefore far more likely to come into contact with NTDs such as trachoma infection. Indeed, research has suggested that women account for up to 80% of disability adjusted Life Years that are linked to blindness caused by trachoma.
Thanks to checkra1n, users on iOS 13.3 can jailbreak their iOS devices to install tweaks and apps that cannot be installed through official means like the App Store. Checkra1n jailbreak works by taking advantage of a vulnerability in A5 A 11 processors, created by Apple for iPhone, iPad, and iPod touch devices. The BootROM vulnerability is called checkm8 and cannot be patched by Apple through software updates.
In its latest advisory, the Computer Emergency Response Team India (CERT In) pointed out that the vulnerability in WhatsApp could be exploited by an MP4 file. The agency has classified the threat as "high". CERT In is the nodal agency under Ministry of Electronics and Information Technology which checks hacking, phishing and fortifies security related defences of the Indian internet domain."A vulnerability has been reported in WhatsApp which could be exploited by a remote attacker to execute arbitrary code on the target system," said CERT In said in its advisory.
Brandon started looking at the iBoot bootloader, but quickly turned his attention to the debugging facilities baked into the Arm chipset. Between the available XNU source and public Arm documentation, he managed to find and access the CoreSight debug registers, giving him single step control over a core at a time. By triggering a core halt and then interrupting that core during reset, he was able to disable the code execution protections, giving him essentially everything he was looking for. Accessing this debug interface still requires a kernel level vulnerability, so don;t worry about this research being used maliciously.The second Google Zero story that caught my eye was published earlier in the month, and is all about finding useful information in unexpected places. Namely, finding debugging symbols in old versions of Adobe Reader. Trying to understand what ''s happening under the hood of a running application is challenging when all you have is a decompiler output. Adobe doesn ''t ship debug builds of Reader, and has never shipped debug information on Windows. Reader has been around for a long time, and has supported quite a few architectures over the years, and surprisingly quite a few debug builds have been shipped as a result.
This Apple zero day vulnerability is in the Bonjour updater that comes packaged with iTunes and iCloud for Windows. Morphisec said that the the "adversaries abused an unquoted path to maintain persistence and evade detection." The unquoted path vulnerability is a widely known bug that occurs due to developers forgetting to surround a file path with quotation marks. This latest zero day is a proof that developers continue to ignore quotes.
Researchers have discovered a zero day vulnerability in iTunes that is under active exploit. They found the hackers behind the BitPaymer ransomware exploited the bug to bypass antivirus programs.Researchers from Morphisec discovered a security flaw affecting iTunes. They found this iTunes zero day under active exploitation by hackers too.