All about Security, News, Events and Incidents

Does anyone really believe that those hey google, alexa etc assistants espionage agents will ever be secure\private\safe?

"Hackers might have had access to your Alexa voice history"
https://www.androidauthority.com/amazon-alexa-hack-1147619/

 

I'm not quite sure if this is the place to ask, but... is UnHackMe worth the purchase?

I'm just running MBAM at the moment, and I don't know where the community stands on that now since, IIRC, there were talks on how it became "bad" after some updates.

 

You can find a lot of reviews in the kink below, and it will gives you other alternatives:
https://www.download3k.com/Antivirus-Spyware-Cleaners/Antivirus/Download-UnHackMe.html

 

Microsoft Fixed a two year old Security flaw in Windows last Patch Tuesday post August 17th 2020

 

"Microsoft's Control Flow Guard comes to Rust and LLVM compilers"

- Two popular code compilers have received support this month to natively support Control Flow Guard (CFG), a powerful Windows security feature.

- CFG is a powerful security feature that ... can secure the execution flow of an application's code to prevent malicious code (such as the result of memory bugs) from hijacking the native "control flow" and make the app take unwanted actions.

https://www.zdnet.com/article/microsofts-control-flow-guard-comes-to-rust-and-llvm-compilers/

---

Time to give credit where credit is due. This would prevent memory overflow bugs from launching other processes. I know we give the Redmonians some flack here at NBR, but Microsoft is actually doing good in regards to this work.

 

Can't be better than this... Cheap - Chinaware doesn't always come for free.

Click fraud by the Chinese advertising network Mintegral in 1,200 iOS apps
Posted on August 25, 2020 by Günter Born

​

Security researchers have found that the Chinese advertising network Mintegral, which is included in 1,200 iOS apps, shows malicious behavior (extract data, perform click fraud). The apps with this advertising network have billions of installations. However, Apple cannot detect any harmful behavior in the SDK used, but has taken measures to prevent the user from collecting data in iOS.


Malware on cheap China phones steals data and possibly money
Posted on August 25, 2020 by Günter Born

​

Pre-installed malware, which is repeatedly found on cheap China phones, is increasingly becoming a risk. Cases are now known where the malware has diverted not only data but also money from the accounts of the owners.

 

"Google Drive flaw may let attackers fool you into installing malware"

- Google Drive may have a way for hackers to trick you into installing rogue code.

- ... a flaw in Drive’s “manage versions” feature that could let attackers swap a legitimate file with malware.

- You might get a notification of a document update and grab the file without realizing the threat.

https://www.engadget.com/google-drive-manage-versions-security-flaw-194323948.html

---

Don't ever let anyone else drive you around.

 

SECURITY
Hackers are backdooring QNAP NAS devices with 3-year old RCE bug bleepingcomputer.com | Today

Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release.

According to a report published today by researchers at Qihoo 360's Network Security Research Lab (360 Netlab), unknown threat actors are currently exploiting a remote command execution vulnerability due to a command injection weakness in QNAP NAS devices' firmware.

 

MICROSOFT, SECURITY
Microsoft Defender can ironically be used to download malware bleepingcomputer.com
A recent update to Windows 10's Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer.

 

Oh my! I just saw Dfender update to latest engine 4.18.2008.x