Top 10 Stories

The Google Play Store might be full of apps and games that are tracking children without the express permission from the parent, and Google doesn’t seem to be doing much about it. Following Facebook’s data leaking scandal with Cambridge Analitica, a lot of people have turned their attention to other social networks that might be doing the same thing. It turns out that we ought to be looking towards mobile apps as well, at least...

The UK could be a world-leader in artificial intelligence (AI) if it puts ethics first, according to a new House of Lords report — with experts claiming the technology could also help combat cybersecurity challenges. The Lords select committee’s report, AI in the UK: ready, willing and able?, argued that by taking a proactive role in the development of the new technology, the UK could boost its economy and help to mitigate any associated risks and “misuse.” The...

The UK could be a world-leader in artificial intelligence (AI) if it puts ethics first, according to a new House of Lords report — with experts claiming the technology could also help combat cybersecurity challenges. The Lords select committee’s report, AI in the UK: ready, willing and able?, argued that by taking a proactive role in the development of the new technology, the UK could boost its economy and help to mitigate any associated risks and “misuse.” The...

An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default. Will Dormann, software vulnerability analyst at the CERT Coordination Center (CERT/CC), told the BSides conference in San Francisco that he’d scanned around 1.8 million Android apps and found shocking lapses in operational security in plenty of 'em. PGP keys, VPN codes and hardcoded admin passwords were all...

One of the world's longest-lived malware networks, EITest, has gone offline. EITest was part of several infection chains, used by attackers to redirect users from legitimate sites to compromised sites that shipped exploit kits. In 2016, for example, it was part of an attack that used shampoo brand Just for Men to push the RIG exploit kit. To get rid of EITest, Proofpoint says it worked with researchers from BrilliantIT and Abuse.ch to sinkhole the infection chain. View full...

Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory —a mandatory component used during the boot-up process . According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware." Lenovo engineers say "this would most...

Hackers are leveraging an IIS 6.0 vulnerability to take over Windows servers and install a malware strain that mines the Electroneum cryptocurrency. Attacks aren't widespread, as they target a quite old IIS version, but they are happening at scale. Hackers are using CVE–2017–7269 to take over servers. This is a vulnerability discovered by two Chinese researchers in March 2017 that affects IIS' WebDAV service. At the time it was discovered last year, the flaw was a zero-day,...

Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a Monday report from McAfee. Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with a cloud-first strategy dropped from 82% in 2017 to 65% in 2018, the report found. View full story ORIGINAL...

Cloudflare made its name proxying traffic for web servers, on network ports 80 (HTTP) and 443 (HTTPS), as a defense against denial of service attacks and their ilk. On Thursday, the online security biz broadened its ambitions by extending its watch over the remaining possible TCP/IP network ports under IPv4. Cloudflare introduced a service called Spectrum, saying its distributed denial of service protection. View Full Story ORIGINAL SOURCE: The Register

Microsoft emitted a patch for all supported versions of Outlook on Patch Tuesday this month to prevent attackers harvesting credentials from users who simply preview a carefully crafted Rich Text (RTF) email. The vulnerability (CVE-2018-0950) exploited Outlook’s unfortunate habit of retrieving remotely hosted Object Linking and Embedding (OLE) content when previewing a RTF email. View Full Story ORIGINAL SOURCE: The Register