The revelations made by researcher SandboxEscaper regarding Microsoft 0Day vulnerability did turn out to be a little controversial given the fact that the disclosure was made public through twitter.
We have all seen Microsoft products topping the vulnerability charts back in 2017. This year doesn’t look any different with major vulnerabilities making headlines frequently. A researcher published a Zero-day vulnerability on twitter raising the eyebrows of security experts across the world since the vulnerability was made public before informing Microsoft.
A Critical Analysis of the Proposed Assistance & Access Bill 2018—an Australian Initiative to Legitimize Decryption
The Australian government aims at enforcing a legislation that would make it mandatory for the communications industry to respond to police warrants by giving full access to its data. Technology company choosing to hold data and not allow government access might attract a hefty fine of up to $10 million. The Assistance & Access Bill 2018 does seem to be the ultimate weaponry in the Australian government’s arsenal to fight ‘modern organized crime’. However, one must be well aware of the repercussions of weakening encryption as it is the fundamental base of cyber security.
A report released by a group of cyber security researchers suggests that, Tibetan human rights NGO was targeted in what looks like a well executed phishing attack. The alleged plan was to target important people who play a major role in shaping the free Tibet cause. The sole aim of the phishing attacks was to ensure that the targets Windows PC are infected with what is known as a “customized malware”.
Think twice before using a Magstripe Card to make payments Via Mobile Point Of Sale System (mPOS). Researchers at Black Hat 2018 demonstrated how a man-in-the-middle attack (Mitm) can be executed to manipulate and change the value of amount being transacted through a mPOS system. The remote code execution vulnerability can only be exploited if the payment is done using magstrip cards.
New Cyber Doctrine: Australia’s Cyber security Minister Calls for Greater Collaboration Between Govt. & Private Sector
A shift towards a new cyber doctrine could be seen when Australia’s Minister for Cyber Security and Law Enforcement Angus Taylor expressed his strong views on greater levels of collaboration between public and private sector. The minister was the keynote speaker at the technology in government conference where he discussed the Overview of the government projects that focus on threats beyond our geographic, legal, and digital borders.
Android’s User Dictionary Vulnerability Allows Attackers to Steal Passwords & Credit Card Numbers from Your Phone
A well-documented research initiated by security researcher Daniel Kachakil, suggests that a vulnerability in Android’s User Dictionary could allow attackers to gain access to frequently used passwords and credit card numbers.
The recent revelations regarding a malware campaign designed to target software supply chain is proving the fact that threat actors are evolving their tactics to fulfill their malicious intents. A PDF Editor App's font package was compromised recently and was used to deploy malicious Crypto-Currency Mining Malware. The multi-tier case was deemed unusual by Microsoft who detected the compromise that lasted between January to March 2018