TechApprise

TechApprise We the TechAppriser are here to help you out with problems that you face time to time by our specialized how-to guide. Happy TechApprising �

TechApprise is reporting and media publisher on the business areas of Startups, Venture Capital Funding, Cybersecurity, Breaking Tech, Apps, Gadgets, Enterprise, Internet Products, and Socio-Tech Issues. It follows up with different categories that make you aware of things going on in tech market with latest trends, facts that you must know. We love our users and welcome their feedback and suggestions. Contact Us/Comment to tell us what we’re doing right and what we can improve upon.

Users of Apple Safari browser are at risk! A bug in Apple's Safari browser could be abused by hackers to leak or steal f...
28/08/2020

Users of Apple Safari browser are at risk! A bug in Apple's Safari browser could be abused by hackers to leak or steal files from the devices of Mac and iOS users according to a new report from a security researcher. Co-founder of the Polish security firm REDTEAM.PL, Pawel Wylecial, first discovered the bug back in April and reported it to Apple. However, he decided to go public with his findings after the iPhone maker decided to delay patching the bug until the spring of 2021.

Wylecial says the bug resides in Safari's implementation of the Web Share API which is a new web standard that allows for cross-browser sharing of text, links, files and other content. Apple's browser allows users to share files that are stored locally on both their iOS or macOS devices. However, this feature could exploited by malicious web sites that secretly steal files from a user's device when they try to share an article or other content online using Safari.

Although Wylecial has described the bug as “not very serious” due to the fact user interaction and complex social engineering are both required to trick users into leaking local files, he also pointed out that it would be quite easy for an attacker “to make the shared file invisible to the user”. While the Web Share API bug is certainly concerning, so too is the way in which Apple handled Wylecial's bug report.

Typically security researchers give companies a 90-day vulnerability disclosure deadline before going public with their findings but by putting off patching the issue until the spring of next year, Apple forced Wylecial's hand when it came to disclosing the vulnerability publicly. As for the bug itself, Wylecial said that iOS versions 13.41 and 13.6, as well as macOS Mojave 10.14.16 with Safari 13.1 and macOS Catalina 10.15.5 with Safari 13.1.1, are all affected and there is currently no fix available for the issue.

🔥 Firefox 80.0 OUT NOW! The highlight of this release is that it enables Mozilla's new add-ons blocklist designed to enh...
28/08/2020

🔥 Firefox 80.0 OUT NOW! The highlight of this release is that it enables Mozilla's new add-ons blocklist designed to enhance the browser's performance and scalability by lowering the time needed to parse the list when automatically disabling problematic Firefox extensions. Firefox 80 also enables users to set it as their system's default system PDF viewer and fixes several crashes that make the web browser more stable for screen reader users.

With the release of Firefox 80, all other Firefox development branches have also moved up a version bringing Firefox Beta to version 81 and the Nightly builds to version 82. Mozilla has been blocking extensions causing stability or security issues with the help of a list of unsafe add-ons since at least 2008. Starting with Firefox 80, the web browser will use a new and more scalable version of this blocklist which should lower the time Firefox needs to parse it.

Security fixes:

• CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege

• CVE-2020-15664: Attacker-induced prompt for extension installation

• CVE-2020-12401: Timing-attack on ECDSA signature generation

• CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation

• CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion

• CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown

• CVE-2020-15666: MediaError message property leaks cross-origin response status

• CVE-2020-15667: Heap overflow when processing an update file

• CVE-2020-15668: Data Race when reading certificate information

• CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2


www.techapprise.com

Egor Igorevich Kriuchkov allegedly offered to pay an employee at a Nevada company $1 million in Bitcoin to install malwa...
28/08/2020

Egor Igorevich Kriuchkov allegedly offered to pay an employee at a Nevada company $1 million in Bitcoin to install malware on his employer’s computer. The plans were foiled, however, when the employee opted to report the Russian national to the FBI instead.

According to court documents, the US Department of Justice charged Kriuchkov, who traveled from Russia to the US to try and recruit the employee (known as CHS1 in the complaint), with conspiracy to damage a protected computer system. The 27-year-old told the employee he was part of a larger gang. Over the course of three weeks in August, the FBI tracked Kriuchkov’s movements, eavesdropped on his communications, and collected evidence against him before arresting him in Los Angeles on Saturday.

Kriuchkov had told the employee that after the malware was executed, it would provide his Russian colleagues access to data in the unnamed company’s network. Thereafter, the gang would threaten to sell the data in darknet markets unless the company paid a hefty ransom. To keep the company's security team preoccupied while the data looting was taking place, Kriuchkov told the employee that his fellow gang members would launch a DDoS attack on the company’s servers.

Late on August 3, Kriuchkov disclosed his true plan to CHS1, explaining that he works for a group that pays employees to plant malware on their employers' servers. Initially, Kriuchkov offered CHS1 $500,000 for installing the malware but later upped the ante to $1 million after the malware transmitted. He also agreed to make an upfront payment of 1 BTC and even helped the employee set up a Bitcoin wallet through anonymous browser Tor, so the wallet would not be traceable. On August 21, Kriuchkov met up with CHS1 for the final time, telling him the plan was delayed as his group was wrapped up with another project, which was supposed to provide a large payout.

New Zealand’s stock exchange under cyber attack for the second day running! The NZX exchange went offline at 11.24am on ...
27/08/2020

New Zealand’s stock exchange under cyber attack for the second day running! The NZX exchange went offline at 11.24am on Wednesday and although some connectivity was restored for investors, some trading was halted. The NZX said it had experienced “network connectivity issues” and that the NZX main board, NZX debt market and Fonterra shareholders market were placed on halt.

However it then announced that those areas would resume trading with the rest of the market at 3pm on Wednesday. The interruption followed a shutdown and trading halt on Tuesday afternoon due to an overseas-based distributed denial of service (DDoS) attack. The incident follows a number of alleged cyber attacks by foreign actors, such as the targeting of a range of government and private-sector organisations in Australia.

In a statement earlier on Wednesday, the NZX blamed Tuesday’s attack on overseas hackers, saying that it had “experienced a volumetric DDoS attack from offshore via its network service provider, which impacted NZX network connectivity”. It said the attack had affected NZX websites and the markets announcement platform, causing it to call a trading halt at 3.57pm. It said the attack had been “mitigated” and that normal market operations would resume on Wednesday, but this subsequent attack has raised questions about security.

Prof Dave Parry, of the computer science department at Auckland University of Technology, said it was a “very serious attack” on New Zealand’s critical infrastructure. He warned that it showed a “rare” level of sophistication and determination, and also flagged security issues possibly caused by so many people working from home.


www.techapprise.com

The popular stock photo company Freepik has announced that its Freepik and Flaticon websites have fallen victim to a sec...
25/08/2020

The popular stock photo company Freepik has announced that its Freepik and Flaticon websites have fallen victim to a security breach which allowed hackers to obtain millions of user credentials. The company released an official statement in which it explained that an attacker was able to gain access to one of its databases by leveraging an SQL injection vulnerability.

While Freepik did not disclose when the breach occurred or how it was discovered, the company did say that it has already notified authorities regarding the matter. Based on its internal forensic analysis, Freepik determined that the attacker was able to extract the email addresses and hashed passwords of its oldest 8.3m users. Of the 8.3m Freepik and Flaticon users affected by the breach, 4.5m of them had no hashed password because they used federated logins (with Google, Facebook or Twitter) to sign up for the service.

Thus the attacker was only able to obtain the email addresses of these users. The remaining 3.77m users had their email addresses and a hash of their password stolen in the security breach. For 3.55m of these users, bcrypt was used to hash their passwords while the remaining 229k users had their passwords salted with MD5. Freepik has since updated the hashed passwords of all users to bcrypt.

We recommend that Freepik and Flaticon users update their passwords following the security breach and ensure that they're not using the same password across multiple sites or services.


www.techapprise.com

Your Google Drive files and systems are at severe risk as new Google Drive flaw let Hackers Easily Install Malware! This...
24/08/2020

Your Google Drive files and systems are at severe risk as new Google Drive flaw let Hackers Easily Install Malware! This new flaw makes you vulnerable to malware and spam attacks if you access shared files on Google Drive. The flaw, discovered by A. Nikoci shows how Google Drive’s “manage versions” is ripe for being messed around by hackers.

If you’re not aware, “manage versions” on Google Drive let’s one see and access all the older versions of a file that was hosted and shared by Google Drive. This feature is also used to replace an older version of the file with a new file without breaking its share link.

The problem lies in the fact that Google does not check the file type when you upload a new version. For instance, an image - a JPEG file - can be replaced with an executable file (.exe) with the “manage versions” feature. Surprisingly, when previewed online Google Drive won’t indicate newly made changes - in that it will show you a preview of the JPEG image - but when downloaded it will download the newer .exe file.

Nikoci said he reported the loophole to Google but the issue was still unpatched as of August 22. Beware of downloading files from unknown Google Drive folders.


www.techapprise.com

As per a new research paper revealed and published by academics from the National Universtiy of Singapore, cyber crimina...
24/08/2020

As per a new research paper revealed and published by academics from the National Universtiy of Singapore, cyber criminals could use audio recordings to create a key to your front door. Audio recordings from smartphones could be used by hackers to create a set of keys to your front door. But don't panic yet, there's still some significant hurdles to be cleared before this becomes reality.

The paper demonstrates how an audio recording of a key turning in a lock can be used to map its shape, size and ridge-pattern - information the eavesdropper could use to create a real-world replica. The program that analyzed the audio recordings, named SpiKey, is said to be accurate enough to filter a database of 330,000 keys down to three candidates.

The lock-breaking system works by analyzing the time elapsed between clicks made as the key ridges interact with pins in the lock, allowing the program to discern the key’s unique pattern of ridges. The inter-ridge distances are used to create a virtual model of the key, which can then be 3D printed for use in real-life scenarios.

The paper does concede that SpiKey is only effective if the attacker has a base knowledge of the type of lock and key (which could be confirmed by inspecting the exterior) and if the speed of key insertion or withdrawal remains constant from start to finish.

25 years ago today on August 24, 1995 launched Windows 95 and Internet Explorer 1.0. Since that launch, the company ha...
24/08/2020

25 years ago today on August 24, 1995 launched Windows 95 and Internet Explorer 1.0. Since that launch, the company has rolled out a number of additional Windows iterations, though none of them anywhere near as grandly and as costly as they did for Windows 95. Windows 95 merged Microsoft's formerly separate MS-DOS and Microsoft Windows products, and featured significant improvements over its predecessor, most notably in the graphical user interface (GUI) and in its simplified "plug-and-play" features.

There were also major changes made to the core components of the operating system, such as moving from a mainly cooperatively multitasked 16-bit architecture to a 32-bit preemptive multitasking architecture, at least when running only 32-bit protected mode applications.

Windows 95 introduced numerous functions and features that were featured in later Windows versions, such as the taskbar, the "Start" button and the ways the user could navigate.

3 Most Common Questions 👨‍💻
24/08/2020

3 Most Common Questions 👨‍💻

Address

Mumbai

Website

Alerts

Be the first to know and let us send you an email when TechApprise posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category