LSW
-
Posts
1,625 -
Joined
-
Last visited
-
Days Won
28
Content Type
Profiles
Forums
Events
Downloads
Gallery
Store
Posts posted by LSW
-
-
Adobe Tells Users They Can Get Sued for Using Old Versions of Photoshop
QuoteAdobe is warning some owners of its Creative Cloud software applications that they’re no longer allowed to use older versions of the software. It’s yet another example of how in the modern era, you increasingly don’t actually own the things you’ve spent your hard-earned money on.
Adobe this week began sending some users of its Lightroom Classic, Photoshop, Premiere, Animate, and Media Director programs a letter warning them that they were no longer legally authorized to use the software they may have thought they owned.
“We have recently discontinued certain older versions of Creative Cloud applications and and a result, under the terms of our agreement, you are no longer licensed to use them,” Adobe said in the email. “Please be aware that should you continue to use the discontinued version(s), you may be at risk of potential claims of infringement by third parties.” -
Locking this down, the thread was from 2012. Anyone using Wordpress for anything should keep an eye on my Wordpress section of my Security News as Wordpress has been having security issues, especially with third party plugins:
-
Android Q: New Security Features Unveiled…
https://www.stationx.net/android-q-new-security-features-unveiled/
QuoteSo far, headline changes in the revamped OS include Bubbles - an app notification feature that promises to make multitasking easier, native screen recording, a new sharing shortcut function, along with support for folding phones.Beyond the usual incremental interface tweaks, Android Q also promises some useful security and privacy enhancements. Here’s a closer look at what we can expect – and at what’s behind the changes… -
Microsoft Windows 10 will get a full built-in Linux Kernel for WSL 2
https://thehackernews.com/2019/05/windows-10-linux-kernel.html
QuoteYes, you heard me right.Microsoft is taking another step forward to show its love for Linux and open source community by shipping a full Linux kernel in Windows 10 this summer.No, that doesn't mean Microsoft is making its Windows 10 a Linux distro, but the company will begin to ship an in-house custom built Linux kernel later this year starting with the Windows 10 Insider builds.Microsoft announced the move in a blog post while unveiling Windows Subsystem for Linux version 2.0 (or WSL 2) that will feature "dramatic file system performance increases" and support more Linux apps like Docker. -
Armagadd-on redux: Certificate expiration caused Firefox to disable all add-ons
QuoteOn Friday, the expiration of a Mozilla certificate used to check the signatures of add-on codes in Firefox desktop and Android Web browsers caused a nearly universal failure of Firefox plug-ins and extensions as browsers detected them as invalid and disabled them.The bug, dubbed "armagadd-on 2.0," was addressed by a hot-fix issued over the weekend, and a new version of the browser has been pushed out. -
Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
https://thehackernews.com/2019/04/email-signature-spoofing.html
QuoteA team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients.The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile.When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you.However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user. -
HOW THIS ONE FONT TOOK OVER THE WORLD
https://theoutline.com/post/7356/gotham-font-is-everywhere
QuoteWhen I close my eyes and think of a word, I picture that word in Gotham. I am cursed with the compulsive need to identify every typeface I come across, but even if you do not suffer this particular affliction — if your relationship to typography resembles your relationship to air, a constant interaction so seamless you hardly think about it unless something goes seriously awry — you know this font. If you’ve been online, seen a billboard, gone to a movie theater, or walked down the street with your eyes open, you’ve seen Gotham.Gotham is a typeface first designed in 2000 for GQ and released for public use in 2002. An abbreviated list of where it has appeared includes: Coke bottles; Twitter; Spotify; Netflix; Saks; New York University; The Tribeca Film Festival; TV shows including CONAN and Saturday Night Live; movies including Inception, Moneyball, The Lovely Bones, and Moonlight. If the advertisements in the train stations and bus stops in your city don’t use Gotham, they probably use a Gotham look-alike.... -
Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension
https://thehackernews.com/2019/04/wordpress-woocommerce-security.html
QuoteIf you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.A WordPress security company—called "Plugin Vulnerabilities"—that recently gone rogue in order to protest against moderators of the WordPress’s official support forum has once again dropped details and proof-of-concept exploit for a critical flaw in a widely-used WordPress plugin.To be clear, the reported unpatched vulnerability doesn't reside in the WordPress core or WooCommerce plugin itself.Instead, the vulnerability exists in a plugin, called WooCommerce Checkout Manager, that extends the functionality of WooCommerce by allowing eCommerce sites to customize forms on their checkout pages and is currently being used by more than 60,000 websites. -
Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress
https://thehackernews.com/2019/04/wordpress-plugin-hacking.html
QuoteHackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin.The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more than 900,000 downloads. It is used to add social share buttons to a WordPress website or blog.Late last month, maintainers of Social Warfare for WordPress released an updated version 3.5.3 of their plugin to patch two security vulnerabilities—stored cross-site scripting (XSS) and remote code execution (RCE)—both tracked by a single identifier, i.e., CVE-2019-9978. -
Millions of people still use 123456 as their password
https://www.techspot.com/news/79747-millions-people-use-123456-their-password.html
QuoteFacepalm: In today’s digital age where most consumers know their modems from their motherboards, one might imagine that the quality of people’s passwords has improved. But a recent study shows that isn’t the case, with terrible, easy-to-guess passwords still being used by millions.The report by the UK's National Cyber Security Centre (NCSC) analyzed passwords found in public databases of breached accounts to find out popular words, phrases, and strings. It appears that the worst password of 2018—123456—remains the most popular, appearing in more than 23 million passwords.The second-most popular string was the equally bad 123456789, while the other top five entries include "qwerty," "password," and 1111111.-
1
-
-
Now you can use your Android phone as a physical two-factor authentication key
https://www.techspot.com/news/79607-now-you-can-use-android-phone-physical-two.html
QuoteWhat just happened? Google is allowing Android devices to be used as physical authentication keys. This will drastically improve the security when logging into Google applications and prevent phishing attacks. It also means that users don't have to buy a third-party physical token.Good news for the security conscious among us. Google announced that any phone running Android 7.0 Nougat or higher can be used as a physical two-factor authentication (2FA) key. Before, physical authentication keys were limited to dongles like Yubikey or Google's own Titan Security Key. Note that this only works when logging into Google apps in Chrome browsers on Windows 10, macOS, and ChromeOS. Your computer must also support Bluetooth. -
Investigation results in banning of six fraudulent (yet popular) Android apps from the Play Store
QuoteIn brief: An investigation conducted by Buzzfeed in collaboration with Check Point, Method Media Intelligence and ESET security firms found that six apps published by DU Global were clicking on in-app ads to generate revenue illegally and without the user’s knowledge. They also lied about their developer and country of origin, don’t comply with GDPR regulation and ask for many dangerous permissions that are completely unnecessary to function. Combined, they have over 90 million downloads.Needless to say, if you’ve downloaded any of them: Selfie Camera, Total Cleaner, Smart Cooler, RAM Master, AIO Flashlight and Omni Cleaner – delete them now. Thankfully Google removed them from the Play Store as soon as they were alerted. -
Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
https://thehackernews.com/2019/04/drupal-security-update.html
QuoteDrupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites.According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in third-party libraries that are included in Drupal 8.6, Drupal 8.5 or earlier and Drupal 7.One of the security flaws is a cross-site scripting (XSS) vulnerability that resides in a third-party plugin, called JQuery, the most popular JavaScript library that is being used by millions of websites and also comes pre-integrated in Drupal Core.Last week, JQuery released its latest version jQuery 3.4.0 to patch the reported vulnerability, which has not yet assigned a CVE number, that affects all prior versions of the library to that date. -
Mitch McConnell declares net neutrality bill "dead on arrival" in the SenateQuoteIf a net neutrality bill passes the House of Representatives, Senate Majority Leader Mitch McConnell said it would be "dead on arrival" in the upper chamber.The bill in question would restore the net neutrality rules implemented by former President Barack Obama in 2015, according to Reuters. On Tuesday the House of Representatives, which is controlled by the Democrats, decided to delay a vote both on that bill and a series of proposed amendments to the legislation due to an unrelated issue over a different budget provision.
-
Popular Video Editing Software Website Hacked to Spread Banking Trojan
https://thehackernews.com/2019/04/free-video-editing-malware.html
QuoteIf you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer.The official website of the VSDC software — one of the most popular, free video editing and converting app with over 1.3 million monthly visitors — was hacked, unfortunately once again.According to a new report Dr. Web published today and shared with The Hacker News, hackers hijacked the VSDC website and replaced its software download links leading to malware versions, tricking visitors into installing dangerous Win32.Bolik.2 banking trojan and KPOT stealer.Even more ironic is that despite being so popular among the multimedia editors, the VSDC website is running and offering software downloads over an insecure HTTP connection. -
Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products
https://thehackernews.com/2019/04/adobe-security-updates.html
QuoteGood morning readers, it's Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software.Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player.According to an advisory, Adobe Acrobat and Reader applications for Microsoft Windows and Apple macOS operating systems are vulnerable to a total 21 vulnerabilities, 11 of which have been rated as critical in severity. -
Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack
https://thehackernews.com/2019/04/microsoft-patch-updates.html
QuoteMicrosoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity.April 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, MS Office, and MS Office Services and Web Apps, ChakraCore, Exchange Server, .NET Framework and ASP.NET, Skype for Business, Azure DevOps Server, Open Enclave SDK, Team Foundation Server, and Visual Studio.None of the vulnerabilities addressed this month by the tech giant were disclosed publicly at the time of release, leaving the two recently disclosed zero-day flaws in Internet Explorer and Edge browsers still open for hackers. -
Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released
https://thehackernews.com/2019/04/verizon-wifi-router-security.html
QuoteA cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it.
-
Microsoft Releases First Preview Builds of Chromium-based Edge Browser
https://thehackernews.com/2019/04/chromium-edge-browser.html
QuoteMicrosoft today finally released the first new reborn version of its Edge browser that the company rebuilds from scratch using Chromium engine, the same open-source web rendering engine that powers Google's Chrome browser.However, the Chromium-based Edge browser builds haven't yet entered the stable or even the beta release; instead, Microsoft has released two testing-purpose preview builds for developers.Both previews build—"Canary" that will be updated daily, and "Developer" that will be updated every week—are now available for download from the Microsoft's new Edge insider website. -
If you run or build eCommerce sites, here is an article to be aware of:
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code
https://thehackernews.com/2019/04/js-sniffers-credit-card-hacking.html
QuoteIn a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites.Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialized in secretly implanting a special piece of code on compromised e-commerce sites with an intent to steal payment card details of their customers.The malicious code—well known as JS sniffers, JavaScript sniffers, or online credit card skimmers—has been designed to intercept users' input on compromised websites to steal customers’ bank card numbers, names, addresses, login details, and passwords in real time. -
Millions of Facebook Records Found Unsecured on AWS
https://www.databreachtoday.com/millions-facebook-records-found-unsecured-on-aws-a-12337
QuoteTwo third-party Facebook application developers exposed users' personal information by leaving the data exposed without a password in unsecured Amazon Web Services S3 buckets, researchers from the security firm UpGuard said Wednesday. One data set contained 540 million unsecured records, the report found. It's not clear how many users were affected.
For months, UpGuard researchers had attempted to contact the two companies about the exposed user data, but one firm did not remove the personally identifiable information from public view until Bloomberg contacted it about a story this week, UpGuard reports.The second company has been out of business for several years, UpGuard found.It's unclear if anyone attempted to access or steal this data before it was discovered, a UpGuard spokeswoman tells Information Security Media Group. It's also not known how long that data was stored without a password within AWS. -
WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites
https://thehackernews.com/2019/04/wordpress-ios-security.html
QuoteIf you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites.WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using images hosted on third-party sites, a spokesperson for Automattic confirmed The Hacker News in an email.Discovered by the team of WordPress engineers, the vulnerability resided in the way WordPress iOS application was fetching images used by private blogs but hosted outside of WordPress.com, for example, Imgur or Flickr.That means, if an image were hosted on Imgur and then when the WordPress iOS app attempted to fetch the image, it would send along a WordPress.com authorization token to Imgur, leaving a copy of the token in the access logs of the Imgur's web server. -
AV-Test compares 19 Antivirus Tools: Windows Defender Reaches Maximum Detection Score
QuoteThe German AV-Test lab compared 19 antivirus products, including the free Windows Defender which comes with the Win10 OS. Defender reached the max detection score, which was better than a slew of commercial products. As we all know, AV home and commercial products use the same engines but enterprise tools come with a management layer.The upshot of this test: Ultimately, 3 packages score the maximum 18 points: F-Secure, McAfee, and Symantec. Windows Defender gets 17, and does better than 8 other commercial packages.AV-Test said: "During January and February 2019 we continuously evaluated 19 home user products using settings as provided by the vendor. We always used the most current publicly-available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers." -
YouTube Executives Ignored Warnings, Letting Toxic Videos Run Rampant
QuoteA year ago, Susan Wojcicki was on stage to defend YouTube. Her company, hammered for months for fueling falsehoods online, was reeling from another flare-up involving a conspiracy theory video about the Parkland, Florida high school shooting that suggested the victims were “crisis actors.”Wojcicki, YouTube’s chief executive officer, is a reluctant public ambassador, but she was in Austin at the South by Southwest conference to unveil a solution that she hoped would help quell conspiracy theories: a tiny text box from websites like Wikipedia that would sit below videos that questioned well-established facts like the moon landing and link viewers to the truth.Wojcicki’s media behemoth, bent on overtaking television, is estimated to rake in sales of more than $16 billion a year. But on that day, Wojcicki compared her video site to a different kind of institution. “We’re really more like a library,” she said, staking out a familiar position as a defender of free speech. “There have always been controversies, if you look back at libraries.”
Patch Tuesday Updates (Windows)
in Cybersecurity
Posted
Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues
https://thehackernews.com/2019/05/microsoft-security-updates.html