Netflix, Dropbox promise not to sue security researchers, with caveats
Netflix and Dropbox have both noted recently that they won’t sue security researchers who find and disclose vulnerabilities in their products. The only caveat is: the researchers must conduct the research in line with their vulnerability disclosure policy and bug bounty program guidelines.
Hackers Can Abuse Text Editors for Privilege Escalation
Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some…
Spend Less, Test Faster: Choosing the Right Security Tools
People are creatures of habit. If we learn something one way, we’re prone to stick to it. Less in a “my way or the highway” sense and more so in a “if it ain’t broke, don’t fix it” one. Not every security tool is right for every environment, and just because one set of tools…
SAS postscript: Webinar on IT security vulnerabilities in healthcare
Each year, the Kaspersky Security Analyst Summit (SAS) brings together cybersecurity specialists from all over the world to share expertise, discuss new trends, and present their research. For those who can’t attend this year’s event but still want to get acquainted with the latest research, we’ve planned a series of webinars that will cover major SAS findings….
Google Researcher Finds Critical Flaws in uTorrent Apps
Google researcher Tavis Ormandy discovered several critical vulnerabilities in the classic and web-based versions of BitTorrent’s uTorrent application. Patches have been released, but it appears that not all flaws have been fixed properly. Ormandy found that the uTorrent Classic and the uTorrent Web apps create an HTTP RPC server on ports 10000 and 19575, respectively….
Apple Fixes Indian Character Crash Bug in iOS, macOS
Updates released by Apple on Monday for iOS, macOS, tvOS and watchOS patch a flaw that causes applications to crash when rendering specific strings of Indian characters. Someone noticed recently that displaying a string written in India’s Telugu language (జ్ఞా) caused many apps on iOS and macOS to crash. The list of impacted apps includes…
3 Million New Android Malware Samples Discovered in 2017
More than 3 million new malware samples targeting the Android operating system were discovered in 2017, marking a slight decrease from the previous year, G Data reports. The security firm counted 3,002,482 new Android malware samples during 2017, at an average of 8,225 per day, or 343 new malware samples every hour. Although the number…
Over 30 Lawsuits Filed Against Intel for CPU Flaws
More than 30 lawsuits have been filed by Intel customers and shareholders against the chip giant following the disclosure of the Meltdown and Spectre attack methods. Three class action lawsuits were filed against Intel within a week of the Meltdown and Spectre flaws being disclosed, but the number had reached 32 by February 15, according to an annual…
Intel offers to pay for Spectre-like side channel vulnerabilities
Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. Where information about critical vulnerabilities in Intel software, firmware and hardware could have previously been rewarded with up to $7,500, $10,000 and $30,000, respectively, now the bounties in those same categories…
This Week in Security News: Senate Hearings and Equifax Breaches
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, leaders of six security agencies testified before the Senate Intelligence Committee, the Equifax hack grew in severity, and hackers used the power of Machine Learning to spread…