AUG
10

Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware

Getty

Millions of shiny new Android smartphones are being purchased with dangerous malware factory-installed, according to Google's own security research team. There have been multiple headlines about the millions of harmful apps being installed from the Play Store, but this is something new. And the danger to unsuspecting users, trusting that new boxed devices are safe and clean, is that some of that preinstalled malware can download other malware in the background, commit ad fraud, or even take over its host device.

Android is a thriving open-source community, which is great for innovation but not so great when threat actors seize the opportunity to hide malware in basic software loads that come on boxed devices. New phones can have as many as 400 apps factory-installed, many of which we just ignore. But it transpires that many of those apps have not been vetted. The apps themselves will work as billed, providing a useful capability or service, so we can be forgiven for not considering the risk that might lurk within.

Google's Maddie Stone, a security researcher with the company's Project Zero, shared her team's findings at Black Hat on Thursday. "If malware or security issues come as preinstalled apps," she warned, "then the damage it can do is greater, and that's why we need so much reviewing, auditing and analysis."

The risk impacts Android's Open-Source Project (AOSP), a lower-cost alternative to the full-fat version. AOSP is installed on lower-cost smartphones where cheaper software alternatives help keep prices down. This means owners of Android-badged devices from the likes of Samsung and Google itself are safe from this particular risk.

Continue reading

Copyright

© Flipboard and it's respective authors

AUG
07

EasyApache 4 Aug 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

2019-8-7

php-cliEA-8537: Fix php version detection when cwd is a symlink.mod_ruid2ZC-5378: Do not call distiller if its does not exist.ea-tomcat85EA-8590: Fix syntax errors in user-init.shea-nodejs10EA-8592: Update ea-nodejs10 to 10.16.1, drop 10.16.0.ea-apache2-configEA-8572: Fixed typo in setting RLimitCPU and RLimitMEMphp71EA-8595: Update PHP 7.1 to 7.1.31, drop 7.1.30.php71-metaEA-8595: Update PHP 7.1 to 7.1.31, drop 7.1.30.php72EA-8593: Update PHP 7.2 to 7.2.21, drop 7.2.20.php72-metaEA-8593: Update PHP 7.2 to 7.2.21, drop 7.2.20.php73EA-8594: Update PHP 7.3 to 7.3.8, drop 7.3.7.php73-metaEA-8594: Update PHP 7.3 to 7.3.8, drop 7.3.7.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.31, 7.2.21, and 7.3.8. This release addresses vulnerabilities related to CVE-2019-11041 and CVE-2019-11042, plus other vulnerabilities with no number currently assigned. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.31, all PHP 7.2 users to upgrade to version 7.2.21, and all PHP 7.3 users to upgrade to version 7.3.8.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.30
All versions of PHP 7.2 through 7.2.20
All versions of PHP 7.3 through 7.3.7


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading

Copyright

© Cpanel

AUG
07

Facebook Messenger Chat

Recently, Facebook has launched a customer chat widget for Messenger. It allows your customers to message directly from your Joomla website to your Facebook Page. By combining interactions from the Messenger App and the plugin on your page, you'll be able to engage with your customer and keep them drawn into your site.

We've been tinkering with the beta version of the widget here on sourcecoast.com and have had some great conversations with users. Some have asked for support, others have asked pre-sales questions and existing subscribers have repeatedly requested to add this into JFBConnect. In all, we've seen how useful a chat widget can be to help get a conversation with your audience going. We heard you! In the newest version of JFBConnect v8.2.3, we've included the Messenger Chat functionality. Continue reading for instructions on how to add chat to your site.

Original author: Alex

Copyright

© SOURCECOAST.COM

AUG
01

Edward Snowden says Facebook is spying on you

Well, yeah.

Image: Getty Images for WIRED25

By Jack Morse2019-08-01 19:53:50 UTC

The U.S. government is not the only one that's watching you. 

So warns famed NSA whistleblower Edward Snowden, who on Thursday called Facebook to task for spying on its users. What's more, he promised to teach people how to fight back against such corporate surveillance

"In the weeks ahead, I aim to explain how each of these site [Facebook, Instagram, Youtube] spies on you, and methods to limit how much they know about you," he tweeted. "If you use them, keep an eye out."

Continue reading

Copyright

© Flipboard and it's respective authors

AUG
01

Using AirDrop could allow hackers to obtain your phone number

Turn off Bluetooth if you don't want to broadcast any personal, potentially identifying info.

Image: lili sams / mashable

By Raymond Wong2019-08-01 15:40:48 UTC

Apple's AirDrop is undeniably convenient for sending photos, videos, links, and more between iPhones, iPads, and Macs. But there's one thing you probably didn't know AirDrop's sharing: part of your phone number, which in the wrong hands, could be used to recover your full digits.

Security researchers at Hexway (via Ars Technica) have discovered a "flaw" in AirDrop that can used to obtain unsuspecting iPhone users' phone numbers using software installed on a laptop and a Bluetooth and WiFi adapter to sniff them out.

Because of the way AirDrop works — it uses Bluetooth LE (Low Energy) to create a peer-to-peer WiFi network between devices for sharing — it broadcasts partial hashes of an iPhone user's phone number in order establish the device as a sending/receiving contact when sending a file.

Continue reading

Copyright

© Flipboard and it's respective authors

Advertisement