Apparently a WordPress malware attack is turning into a real issue. “The malware is called VisitorTracker, and its aim should be self-explanatory. Sucuri said that incidents of infection have had a sharp uptick in recent days, and the firm – which reported on it just two weeks ago – hopes that its reprise and update of the information will inform WordPress and encourage it to take action to mitigate the problem.”
Be careful what you RT — the FBI says retweets are endorsements. “22-year-old Queens resident Ali Saleh was arrested this week following an FBI investigation into his attempts to join ISIS. According to the complaint against him, Saleh began tweeting his plans in 2013. Saleh’s retweets came up repeatedly in the complaint as cause for arrest.”
The latest version of Android has a very silly security flaw. “A security flaw in Android that lets people bypass the lock screen on a mobile device has been discovered by researchers at the University of Texas. They found that trying to unlock the phone or tablet with an abnormally long password caused the lock screen to crash in certain conditions.”
A class-action lawsuit says Twitter has been spying on direct messages. “While it’s quite obvious that there aren’t humans that work at Twitter reading your direct messages, an algorithm is sweeping over them, to swap out links with shortened T.co (the shortening service owned by Twitter) ones for tracking purposes, presumably. The lawsuit claims that Twitter should collect consent to do such things within the private messages…”
Russia says Google has violated its antitrust laws. “Russian authorities initiated a probe of Google after domestic competitor Yandex filed a complaint in February, The Wall Street Journal reports. At issue is whether Google’s practice of bundling its own apps on Android phones constitutes anticompetitive behavior.”
From Fast Company: the trouble with digitizing history. All those years of copyright extension and other legal foolery has come back to bite us on the nose. “For all of Sound and Vision’s efforts, though, only 2.3% of its digitized archive is publicly available online. Schools and researchers are allowed to access 15% of the archive on Sound and Vision’s website. For the rest, Sound and Vision’s administrators have to ask the copyright holders’ permission to release their clips outside of the building. Frequently, it involves making calls to several people, and sometimes they say no.”
The first monthly Android security updates have rolled out. “The Nexus system image page added Android 5.1.1 build “LMY48M” for the Nexus 4, 5, 6, 7, 9, and 10, along with build “LMY48N” for the Android TV-based Nexus Player. LMY48M hit Google’s public AOSP repository yesterday (September 9).”
The Internet Crime Complaint Center (IC3) has released a warning/alert on the “Internet of Things” (IoT). “As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors. Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers. The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats.”
Have you heard about the latest health insurer hack? “Excellus has revealed that in August of this year it discovered a nearly 2-year old intrusion campaign in its network that gave hackers access to potentially all its customers’ records. That data includes names, birth dates, Social Security numbers, mailing addresses, telephone numbers, and a variety of account information including claims and financial payment details.”
Oh, yuck. Apparently Web site hacks now include Google Webmaster tools. “Hackers who compromise websites are also increasingly verifying themselves as the owners of those properties in Google’s Search Console. Under certain circumstances this could allow them to remain undetected longer than they otherwise would be, researchers warn.”
Apparently those Ashley Madison passwords weren’t as well-protected as originally thought. “Now that a hobbyist team has uncovered programming errors that make more than 15 million of the Ashley Madison account passwords orders of magnitude faster to crack, it will be only a matter of time before a large percentage of them are available to hackers everywhere.”
Hackers are already messing with self-driving cars. “Automated cars use laser ranging systems, known as lidar, to image the world around them and allow their computer systems to identify and track objects. But a tool similar to a laser pointer and costing less than $60 can be used to confuse lidar. The attack can be carried out from behind, in front or from the side of the car and without alerting the car’s passengers, according to a security researcher.”
Further analysis of the Ashley Madison hack shows us that terrible passwords are still a problem. Warning: the list of stupid passwords contains obscenities. And stupid passwords. “While plenty of aspects of Ashley Madison’s business and operations have raised eyebrows, the firm did apparently use robust and respected encryption for its user passwords. But even bcrypt-hashed passwords can be cracked if the user choses a stupid password, like, er, password. Or 123456.”
Do you use Kaspersky antivirus products? Make sure you’re up to date!. “Kaspersky Lab has released an emergency patch for some of its antivirus products after a security researcher found a critical vulnerability that could allow hackers to compromise computers.”
Hey, Adobe released a security update! Must be a day ending in “y”. “Adobe has released a security update to address vulnerabilities in Shockwave Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.