Security

A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer.

The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.

But Microsoft, which owns the voice- and video-calling service, said it won't immediately fix the flaw, because the bug would require too much work.

The opening ceremonies of the Winter Olympics were subject to an attack on Friday, with the PyeongChang Organizing Committee for the 2018 Olympic & Paralympic Games (POCOG) confirming it experienced a cyber attack that caused a malfunction of the internet protocol televisions (IPTVs) at the Main Press Centre, Yonhap News reported over the weekend.

According to the South Korean publication, POCOG said its servers were hacked by an "unidentified attacker" during the ceremony, and that it shut down the servers -- and, as a result, its website -- to prevent further damage.

Malicious app developers can secretly abuse a macOS API function to take screenshots of the user's screen and then use OCR (Optical Character Recognition) to programmatically read the text found in the image.

The function is CGWindowListCreateImage, often utilized by Mac apps that take screenshots or live stream a user's desktop.

The awesome operating system Linux is free and open source. As such, there are thousands of different ‘flavours’ available – and some types of Linux such as Ubuntu are generic and meant for many different uses.

But security-conscious users will be pleased to know that there are also a number of Linux distributions (distros) specifically designed for privacy. They can help to keep your data safe through encryption and operating in a ‘Live’ mode where no data is written to your hard drive in use.

Lenovo warned customers on Friday that two critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad brand. The vulnerabilities were first revealed in September and originally they were only reported to impact specific Broadcom chipsets used in Apple iPhones, Apple TV and Android devices.

Attackers are trying to exploit a critical vulnerability in Cisco’s Adaptive Security Appliance firewall software, the company has confirmed.

Cisco has updated its advisory for the vulnerability, which was first revealed on Jan. 29 and has been logged as CVE-2018-0101, on Feb. 7.  “The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory,” the update states. “Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory.”

Microsoft has added Windows 10 Pro support for palm-vein authentication, as part of its Windows Hello facial and fingerprint-recognition system.

The palm-vein authentication comes by way of a collaboration with Fujitsu, a Windows 10 enterprise hardware partner that is in the process of deploying its own palm-vein biometric technology to 80,000 employees in Japan.

Cybersecurity measures are lagging as far as 30 years in the past for the average enterprise, Gil Shwed, Check Point founder and CEO, stated during the vendor's CPX360 event in Las Vegas, Nevada.

During a keynote at the security vendor's largest North American show yet, Shwed pointed to infamous hacks of 2017 - from elections to Equifax to WannaCry and more - saying the year was a "wake-up call".

Quantum computers today can’t stand up to modern encryption methods. But if simulations prove true, a future of larger, more powerful systems may threaten the integrity of government information and, subsequently, national security.

VMware has started to reissue patches and workarounds for its affected Virtual Appliance products that are vulnerable to the Meltdown and Spectre security flaws. The company said its VMware VA products, including vCloud Usage Meter (UM), Identity Manager (vIDM), vCenter Server (vCSA), vSphere Data Protection (VDP), vSphere Integrated Containers (VIC), and vRealize Automation (vRA) are affected.