Security

In the wake of influence-campaign takedowns by Facebook and Twitter, Google has issued a report detailing its own efforts to root out foreign influence operatives allegedly tied to an Iranian state-run media broadcaster.

The news comes as President Donald Trump appeared to tweet in opposition to the efforts of the tech behemoths to disrupt such campaigns.

For roughly nine months this year, the Veterans Affairs Department stopped posting online quarterly reports that detail information security breaches affecting veterans.

The department continued to share the quarterly reports with Congress during this period, as it is required to do under the 2006 Veterans Benefits, Healthcare, and Information Technology Act, according to a spokeswoman for the Senate Veterans’ Affairs Committee.

Criminals behind a Mirai botnet have been spotted using an unusual technique: Leveraging an open-source project called Aboriginal Linux to create a compiled binary, with versions of the malware tailored to each targeted platform.

The malware authors are leveraging Aboriginal – a legitimate tool for cross-compilation – to make Mirai executable on a wide variety of internet of things (IoT) devices and platforms, including routers, IP cameras, connected devices and Android devices.

 Reports of kids effortlessly finding security flaws in state election websites at Def Con, a prominent hacking conference that was held this month in Las Vegas, were likely misleading, ProPublica is reporting. Indeed, the most widely circulated stories from this year’s conference had to do with the 40 children between the ages of 6 and 17 whom organizers set loose on replicas of election board websites.

Facebook has patched a remote-code execution flaw discovered in one of its servers.

Researcher Daniel 'Blaklis' Le Gall, of SCRT Information Security, said on Friday he bagged a $5,000 bug bounty from the social network for reporting a flaw that could be exploited to execute arbitrary commands using malicious cookies.

Though remote code execution bugs are considered serious problems, Le Gall noted that no Facebook user data was ever exposed or accessed via the uncovered hole. The bug was patched this month prior to today's disclosure.

My legs were sticking to the vinyl back seat of a NYC cab when I received the email on a Thursday this July. I was running late to an afternoon dentist appointment, and sending messages on Facebook Messenger. Most of the conversations were for a story I was reporting about a Facebook group for sexual assault survivors, which had been overtaken by abusers.

Mac users beware. North Korean hackers appear to be developing malware that can infect your computer.

Security firm Kaspersky Lab uncovered the macOS-based malware while investigating a hack at an unnamed cryptocurrency exchange in Asia. The breach was sourced back to an email that convinced a company employee to download a third-party app for trading virtual currencies.

Remember last year's Equifax hack? It involved an exploit of a vulnerability in Apache Struts. Yesterday, news came of a new vulnerability in the open source Web framework, one that some people are saying could be worse than the one that put everyone's credit card information into the hands of criminals.

The new vulnerability, designated CVE-2018-11776, was discovered by Man Yue Mo, a researcher on the Semmle security research team. This vulnerability is in the core functionality of Struts, allowing remote code execution (RCE) when the framework is configured in certain ways.

In a sign that US security experts and officials this election season are on high alert for potential Russian hacking and meddling during the midterms, Microsoft today revealed that it has taken over six potentially malicious Internet domains set up by the nation-state hacking team Fancy Bear, aka APT 28, Pawn Storm, and Strontium.

Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message.