By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting in the wild to hijack computers. Without revealing technical details of the vulnerability, the Chrome security team only says that both issues are use-after-free vulnerabilities, one affecting Chrome’s audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library. The use-after-free vulnerability is a class of memory corruption issues that allows corruption or modification of data in the memory, enabling an unprivileged user to escalate privileges on an affected system or software. Thus, both flaws could enable remote attackers to gain privileges on the Chrome web browser just by convincing targeted users into visiting a malicious website, allowing them to escape sandbox protections and run arbitrary malicious code on the targeted systems. Discovered and reported by Kaspersky researchers Anton Ivanov and Alexey Kulaev, the audio component issue in the Chrome application has been found exploited in the wild, though it remains unclear at the time which specific group of hackers. For more and to update your browser visit OUR FORUM.

Google Android users have been put at risk again after it emerged a keyboard app called ai.type previously available on the Play Store has been making millions of unauthorized purchases of premium digital content. The Android app has been downloaded more than 40 million times, according to researchers at Upstream. Hiding in plain sight by masking its activity to spoof apps such as Soundcloud, the rogue Google Android app delivers millions of invisible ads and fake clicks, passing on user data about real views, clicks, and purchases to ad networks. Ai.type is a customizable on-screen keyboard app developed by Israeli firm ai.type LTD, which describes the app as a “free emoji keyboard.” But in the background, without your knowledge, the Android app turns your device into “one of the many bots of the network controlled by fraudsters to commit ad fraud,” says Guy Krief, CEO of Upstream. The app was deleted from the Google Play Store in June, but it remains on millions of Android devices and is still available from other third-party marketplaces. There was a spike in its suspicious activity once removed, the Upstream researchers say. Specifically, Upstream says its Secure-D platform has detected and blocked more than 14 million suspicious transaction requests from 110,000 unique devices that downloaded the ai.type keyboard. It’s one of many rogue Android apps reported in recent weeks. Only last week, researchers at ESET discovered a year-long campaign that saw 8 million installs of adware delivered through 42 apps. It came after ESET researcher Lukas Stefanko published his report detailing the 300 million malicious Android app reports during the month of September. Other recent rogue apps plaguing Android users include spyware and adware. Follow this thread by navigating to OUR FORUM.

Fifty years ago, two letters were transmitted online, forever altering the way that knowledge, information, and communication would be exchanged. On Oct. 29, 1969, Leonard Kleinrock, a professor of computer science at UCLA, and his graduate student Charley Kline wanted to send a transmission from UCLA's computer to another computer at Stanford Research Institute through ARPANET, the precursor to what we now know as the internet. ARPANET connected universities working for the Department of Defense under its ARPA (now DARPA) program for new military technologies. In 1969, only four universities had computers — which, Kline told OZY, were "room-sized ... with under-floor air conditioning" — connected to the network: UCLA, Stanford, University of California, Santa Barbara (UCSB) and the University of Utah. The message sent by Kleinrock and Kline was intended to be "login." Their system crashed, however, as soon as they typed the second letter. It took an hour to send the whole word, but by then, "lo" cemented its place in the internet's history. For Kleinrock, the message took on a completely different meaning, anyhow. “‘L’ and ‘O’ is ‘hello,’ and a more succinct, more powerful, more prophetic message we couldn’t have wished for," he told OZY. Two years later, in 1971, the first email was sent by MIT researcher Ray Tomlinson — which was also the first time the "@" sign was used to designate a specific recipient of a message. The World Wide Web, as we know it now, didn't get invented until 1989, when British computer scientist Tim Berners-Lee invented the web and the technologies to access, create and share web pages. He published the first web page in 1991. Browse over to OUR FORUM for more on this milestone.

The letter was aimed at Mark Zuckerberg, Facebook’s chief executive, and his top lieutenants. It decried the social network’s recent decision to let politicians post any claims they wanted — even false ones — in ads on the site. It asked Facebook’s leaders to rethink their stance. The message was written by Facebook’s own employees. Facebook’s position on political advertising is “a threat to what FB stands for,” the employees wrote in the letter, which was obtained by The New York Times. “We strongly object to this policy as it stands.” For the past two weeks, the text of the letter has been publicly visible on Facebook Workplace, a software program that the Silicon Valley company uses to communicate internally. More than 250 employees have signed the message, according to three people who have seen it and who declined to be identified for fear of retaliation. While the number of signatures on the letter was a fraction of Facebook’s 35,000-plus workforce, it was one sign of the resistance that the company is now facing internally over how it treats political ads. Many employees have been discussing Mr. Zuckerberg’s decision to let politicians post anything they want in Facebook ads because those ads can go viral and spread misinformation widely. The worker dissatisfaction has spilled out across winding, heated threads on Facebook Workplace, the people said. For weeks, Facebook has been under attack by presidential candidates, lawmakers, and civil rights groups over its position on political ads. But the employee actions — which are a rare moment of internal strife for the company — show that even some of its own workers are not convinced the political ads policy is sound. The dissent is adding to Facebook’s woes as it heads into the 2020 presidential election season. “Facebook’s culture is built on openness, so we appreciate our employees voicing their thoughts on this important topic,” Bertie Thomson, a Facebook spokeswoman, said in a statement. “We remain committed to not censoring political speech, and will continue exploring additional steps we can take to bring increased transparency to political ads.” Read more along with the letter on OUR FORUM.

A new research report from Activate Inc. says we’re spending much less time on Facebook than we used to. In 2017, Americans spent 14 hours per month on average on the social media site, and that number had dropped 26% to 9 hours per month in 2019, Activate CEO and cofounder Michael Wolf said today at the Wall Street Journal‘s Tech Live conference in Laguna Beach, California. Facebook is still way ahead of all its competitors in terms of membership numbers. It has more than 2 billion users worldwide. But the idea that those people are spending less time on the site could mean a lot to big brands that spend hundreds of millions to advertise on Facebook. Several researchers, including eMarketer, have also tracked the movement of younger users (12-34) away from Facebook and toward services like Instagram (which Facebook owns), Snapchat, and TikTok. Facebook also has a serious consumer trust issue after misusing private user data and, for years, being less than forthcoming about how it uses personal data in its advertising operation. The government is now looking closely at Facebook and its various businesses and considering reining in the massive company via new regulations. Politicians like Elizabeth Warren have called for the government to break up Facebook. Wolf said that Facebook won’t be disrupted and defeated by a single, similar company. Rather, a number of smaller and more focused communities will systematically skim off more and more of the time people spend on the general-purpose Facebook social network. Activate says people in the U.S. now belong to an average of 5.8 social networks, and projects that number will rise to more than 10 social networks by 2023. Facebook may realize this. The trend toward niche social networks may be one reason the company has been promoting private Facebook groups as a big part of its future. For more browse to OUR FORUM.

October 22, Microsoft started rolling out an optional cumulative update for Windows 10 version 1903 with fixes for critical bugs. In addition to the optional cumulative update, Microsoft also shipped a standalone package KB4523786 to make quality improvements to Windows Autopilot configured devices. Windows Autopilot is commonly used by businesses and enterprises to set up and pre-configure new devices in their organizations. Businesses also use Windows Autopilot to reconfigure, recover and reset devices in the organization, and KB4523786 comes with several fixes for such devices. A number of users have reported that Microsoft accidentally delivered KB4523786 to PCs with Windows 10 Home and Pro. If you see ‘Cumulative update for Autopilot in Windows 10 version 1903: October 22, 2019’ on Windows Update page when you check for updates, you should avoid it. Windows 10 doesn’t immediately restart after downloading the patch. Instead, it will offer you to restart the PC and schedule the restart. In this case, you can click on pause updates for 7 days and the patch will not appear again when Windows checks for updates next time. KB4523786 is supposed to be a cumulative update for Autopilot-configured devices and not for normal installations of Windows 10. In a tweet, Microsoft’s Intune team has confirmed that the update was released accidentally and it has been pulled: “Sorry for your experience! An Intune Autopilot update, which was targeted as part of the out of box experience for new devices, was incorrectly offered to customers running Windows Home edition during a regularly scheduled Windows update scan,” a Microsoft representative stated. “Once we became aware of the issue, we stopped distribution of the update. If you have already installed the update, it will not affect you. If not, there is further action required”. Further details can be found on OUR FORUM.

 

Translate