Last Friday an Amazon employee tweeted about a weird issue that she had with WhatsApp. This tweet started a conversation about a possible privacy issue with using a phone number as a way to authenticate the users. According to Abby Fuller, she found some mysterious messages on WhatsApp, which were not associated with her contacts, immediately after she created a new account on her new phone using a new number for the first time.
Website Planet tested 5 popluar web hosts to see if they could be compromised. The list included Bluehost, Dreamhost, HostGator, OVH, and iPage and unfortunitenly all of them had major vulnerabilities. These vulnerabilites allowed third parties to take over the site, gather leaked information, and preform man-in-the-middle attacks. The following is a list of each vulnerabiliy from each web hosting service:
Google recently removed 85 apps from the Play Store after they were found to contain predatory adware. With over nine million combined downloads, the apps were mostly fake games or utility apps that began pushing a constant stream of full-screen ads to users until the app itself crashed.
It has been discovered that more than 350 Drupal Based websites have been compromised thanks to Drupalgendan 2. US security researcher Troy Mursch discovered a campaign that was compromising Drupal sites and hiding a version of the Coinhive in-browser cryptocurrency miner inside a file named "jquery.once.js?v=1.2," loaded on each of the compromised sites. EVERY VISITOR to those sites has the in-browser mining script injected into their pages.
You might be one of those people who keeps an eye for any updates on your Android Smartphone and check for updates monthly just to find out that your device is “up to date”. However, depending on which device you have that might be a lie. The biggest problem with Android is what is known as android fragmentation. Basically, Google makes the updates and then gives it to each Android phone manufactures.
Microsoft's April 2018 Patch Tuesday came and went this week and the company issued its regular monthly software patches to fix various vulnerabilities. Patch Tuesday is the unofficial nickname of the second or third Tuesday of each month. This is when Microsoft rolls out bug fixes and security patches for its line of software products like Windows and Microsoft Office.
Netflix has acknowledged a security flaw that puts users who registered to the online streaming service using a Gmail account at risk of a phishing scam. The flaw utilizes a little-known Gmail feature in order to trick users into putting in their credit card information and paying for someone else’s Netflix subscription. This flaw is based on how Netflix and Gmail view dots in the email address. Gmail’s policy on dots in email addresses is to ignore them altogether, so that if someone adds or misses dots in an address the message will still get to the person they are addressing.
On March 29th, popular fitness and nutrition tracking app MyFitnessPal, disclosed a data breach. According to the MyFitnessPal website, the breach occurred sometime in February 2018 but was only discovered on March 25th. Under Armour, the company that owns MyFitnessPal, announced that as many as 150 million accounts were compromised. Stolen information includes usernames, email addresses and passwords hashed with bcrypt. MyFitnessPal has alerted users via email and is requiring all users to change their passwords.
There has been a discovery of a new vulnerability effecting Windows OS from Windows 7 to Windows 10.
The popular torrent software, uTorrent, was found to have a serious vulnerability. According to Tavis of the Google Project-Zero, the uTorrent software is vulnerable to remote attacks. The way it works is that an attacker can user a website to perform a simple DNS Rebinding attack to download malware anywhere onto the victim’s computer through the uTorrent software. It is suggested to either stop using the software entirely or do not have the uTorrent software running when not in use till the issue is fixed.