My Weekly RoundUp #131

These are hard times but, everything will be fine!

Italians are singing songs from their windows to boost morale during coronavirus lockdown

https://twitter.com/Veritatisvis/status/1238552631548747777

Videos have been shared on social media of Italian citizens singing and dancing during a nationwide lockdown amid the coronavirus pandemic.

The videos, from various cities and towns, show people singing from balconies and windows in an attempt to boost morale, with all non-essential shops and services still closed in the country.

Italy is one of the worst affected countries in the world by COVID-19, with 17,660 confirmed cases and 1,266 deaths, according to the latest data from Johns Hopkins University. That’s the largest outbreak outside of China.

One widely shared video shows neighbors singing a patriotic folk song in Siena, a city in central Italy’s Tuscany region.

CNBC

Cybersecurity

VMware has fixed three serious flaws in its products, including a critical issue in Workstation and Fusion that allow code execution on the host from guest

VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp.VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine

VMWare.com

Tor Browser Bug Executes Uncalled for JavaScript Codes!

…a bug was discovered in the much appreciated TBB’s security mechanism. When the browser was set to allow the use of the most supreme security level and still permitted the execution of the JavaScript code when instead it should have barred it.

It is a relief that the team of Tor is well aware of the bug and is, with dedication working towards developing a patch for it. Per sources, they also mentioned that if a user requires to “Block JavaScript” they could always disable it entirely.

As per reports, the procedure for doing the above-mentioned is to open the “about config” and search for “javascript.enabled”. If here the “Value” column mentions “false” it means that the JavaScript is disabled and if it mentions “true” then right-click to select “Toggle” or double click on the row to disable it.

E Hacking News

Slack Bug Allowed Automating Account Takeover Attacks

Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using an HTTP Request Smuggling CL.TE hijack attack on https://slackb.com/.

Hackerone

Europol Dismantles SIM Swap Criminal Groups That Stole Millions

Europol arrested suspects part of two SIM swapping criminal groups in collaboration with local law enforcement agencies from Spain, Austria, and Romania following two recent investigations.

Bleeping Computer

Hackers Are Using Coronavirus Maps To Spread Malware On Your Computer

The World Health Organisation (WHO) recently declared the coronavirus outbreak as a ‘global pandemic’ prompting users all over the world to keep an eye on it. However, hackers are using this situation to their advantage to spread malware and steal user information on your computer.
According to a new report from a security firm called Reason Labs, hackers are abusing the dashboards made by several organizations to keep track of COVID-19 to inject malware into computers.  

Tech Worm

Cookiethief, the Android malware that hijacks Facebook accounts

Security experts from Kaspersky recently discovered Android Trojan that was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app.

Security Affairs

Accenture Acquires Context Information Security

One of the UK’s most recognizable and respected information security service providers has been acquired by Accenture.

Context Information Security was acquired for an undisclosed sum from former parent company Babcock International Group. 

The deal is the latest in a string of cybersecurity acquisitions by Accenture, which agreed to acquire Symantec’s cybersecurity services business in January. Context will strengthen an already considerable portfolio, which includes déjà vu Security, iDefense, Maglan, Redcore, Arismore, and FusionX.

In a statement released on Friday, Kelly Bissell, a senior managing director at Accenture, said: “This acquisition is an excellent match for us, combining a group of highly skilled cybersecurity professionals globally while providing differentiated services to clients in the UK market.

“The deal signals continued aggressive growth for Accenture Security and gives us a new branch of talented family members to help clients grow their business with confidence and resilience.”

Infosecurity Magazine

Programming

Programming Without Code: The Rise of No-Code Software Development

Code is the backbone of most software programs and applications. Each line of code serves as an instruction—a logical, step-by-step mechanism for computers, servers, and other machines to perform an action. To create those instructions, one must know how to write code—a valuable skill that’s sometimes in short supply. 

But what if you could build software without writing a single line of code? That’s the premise behind no-code development, a software development method that has been gathering momentum. With the help of no-code platforms, it’s possible to develop software without writing any underlying code.

IEEE Spectrum

Privacy

Zoom is a work-from-home privacy disaster waiting to happen

Just because you’re working from home doesn’t mean your boss isn’t still keeping tabs on your every mouse click. 

In recent days, thanks in part to the social-distancing measures made necessary by the coronavirus outbreak, converts to the work-from-home life are being forced to contend with the widely used videoconferencing service Zoom. There’s just one problem: It’s not exactly privacy-friendly. 

Mashable

TikTok and other popular iOS apps are spying on your iPhone clipboard

Apps on iOS and iPadOS have unrestricted access to the system-wide general pasteboard, also referred to as the clipboard. The potential security risks of this vulnerability have been thoroughly discussed in a previous article: Precise Location Information Leaking Through System Pasteboard. We have explored popular and top apps available on the App Store and observed their behaviour using the standard Apple development tools. The results show that many apps frequently access the pasteboard and read its content without user consent, albeit only text-based data.

MYSK

Technology

How coronavirus could lead to a permanent remote workforce

As coronavirus fears hit a high point this week, companies have scrambled to institute new work from home policies. And those policies could become permanent in some cases, substantially altering our work- and life-style landscape in ways none of us would have predicted just a few weeks ago.

VentureBeat

Bill Gates steps down from the Microsoft board of directors

45 years after he started his company, Bill Gates is stepping down from the boards of Microsoft and Berkshire Hathaway. While he’s not had a day-to-day role within the company since 2008, he’s now stepping away more fully to focus on his charitable endeavors.

Gates announced his decision in a LinkedIn post, saying he wants to “dedicate more time to philanthropic priorities including global health and development, education, and my increasing engagement in tackling climate change.” This would likely include work with the Bill and Melinda Gates foundation, which Gates and his wife founded in 2000.

TNW

SciFi

Natasha Romanoff faces off against Taskmaster in final Black Widow trailer

Natasha Romanoff (Scarlett Johansson) goes back to her roots to take down a ruthless mercenary recruiting other young women to be combat operatives in the final trailer for Black Widow, Marvel’s long-overdue standalone feature film delving into the mysterious past of the late titular Avenger.

ArsTechnica

Related posts

  1. Technology Roundup #17
  2. Cybersecurity Roundup #17
  3. Technology Roundup #16
  4. Cybersecurity Roundup #16
  5. Privacy Roundup #15