With 2015 more or less in the rear view mirror Mike Mimoso and Chris Brook discuss the year in security: Wassenaar, ransomware, mobile threats like Stagefright, Carbanak and Equation Group, and more.
Monthly Archives: December 2015
Want WhatsApp Free Video Calling? This Leaked Screenshot Reveals Upcoming Feature
Raise your hands if you want Free Video Calling feature in WhatsApp.
I am in, and I think most of you people.
And the good news is that it looks like WhatsApp’s much-awaited Free Video Calling feature is on its way, according to the recently leaked screenshots.
<!– adsense –>
Free Video Calling Feature in WhatsApp
German technology blog Macerkopf.de has posted what it claims are
Why online gaming is the new frontier for cybercrime
Online gaming and cybercrime are more connected than you might think. We explore how online games are becoming the new hunting ground for cybercriminals looking to earn and learn.
The post Why online gaming is the new frontier for cybercrime appeared first on We Live Security.
Google testing password-free account sign-in
Google has announced that it is piloting a new sign-in system that will, if successful, replace passwords. User authentication will be delivered through a smartphone.
The post Google testing password-free account sign-in appeared first on We Live Security.
India temporarily Bans Facebook's Free Internet Service
Facebook’s Free Internet access to India has hit a hurdle:
The Telecom Regulatory Authority of India (TRAI) has ordered the mobile carrier to temporary suspend the Facebook’s Free Basics Internet program.
Facebook’s Free Basics is an app that allows users to access certain Internet websites, including Facebook, for free.
However, India’s independent regulatory body has asked
Hyatt Hotel Says Payment Systems Hacked with Credit-Card Stealing Malware
Hyatt Hotels Corporation is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on the computers that process customer payments.
“We recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations,” the company announced on Wednesday. “As soon as we discovered the
CVE-2015-6792
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
CVE-2015-8664
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
Posted by Justin Ferguson on Dec 23
I’d mostly argue this is a user problem given that many things you
probably shouldn’t be running out of your downloads directory, which
is the crux of his base argument. That said, its not reasonable to
expect users to entirely grok the nuances of such things, and so the
easiest fix is probably for browsers to automatically place DLLs and
exes into different directories (plural) than other downloads; id est
the concept of…
CVE-2015-7930
Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.