By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Facebook announced that a bug in its application programming interface for photos may have allowed third-party unauthorized access to images on 6.8 million accounts. Apps that receive user-permission to access photos are typically restricted to the content published on the Timeline. However, for a period of about two weeks between September 13 and September 25, an error in the code update for the Photo API extended this permission to other sections of the profile, such as Marketplace or Facebook Stories; furthermore, the pictures that the user did not publish were also exposed. "For example, if someone uploads a photo to Facebook but doesn't finish posting it - maybe because they've lost reception or walked into a meeting - we store a copy of that photo so the person has it when they come back to the app to complete their post," Facebook explains in its notification. Image content shared through Messenger conversations was not impacted. Facebook found the issue internally and has already fixed it. The company estimates that the issue affects up to 6.8 million users and that 1,500 apps from 876 developers could have accessed the image content without consent. It is important to note that the apps had Facebook's approval to access Photos API and the authorization from the user to reach their photos. It is suspected that the number of people affected will ultimately be smaller, but it is too soon into Facebook's investigation to know for sure at this point. More details can be found on OUR FORUM.

 

Microsoft is getting ready to abandon another Windows 10 feature, mostly as the result of only a few people actually using it. This is what Twitter user Albacore, who has a good track on Windows scoops, says in a recent post, explaining that Microsoft is planning to ditch the People bar in Windows 10 19H1.  While Microsoft hasn’t yet announced the change, a deprecation notification is projected to be introduced in a future Windows 10 19H1 preview build to be released to insiders in early 2019. “In upcoming 19H1 Insider builds, the People Bar will show a deprecation notice. It's a shame to see something like this with rather interesting engineering behind it kick the bucket,” the tweet reads.
Windows 10 19H1 ready in spring of 2019

A U.S. Department of Defense Inspector General report released this week outlines the inadequate cybersecurity practices being used to protect the United States' ballistic missile defense systems (BMDS ). Ballistic missile defense systems are used by the U.S.A. to counter short, medium, intermediate and long range ballistic missiles that target the United States of America. As these systems are controlled by computers and software, they are at risk for being targeted by state-sponsored attacks that attempt to gain control of the systems, damage them, or steal classified information & source code. On March 14, 2014, the DoD Chief Information Officer stated that the DoD must implement National Institute of Standards and Technology (NIST) security controls to protect their systems, which includes BMDS. In a heavily redacted report by the DoD, it has been shown that BMDS facilities have failed to utilize required security controls such as multifactor authentication, vulnerability assessment and mitigation, server rack security, protection of classified data stored on removable media, encrypting transmitted technical information, physical facility security such as cameras and sensors, and did not perform routine assessments to make sure that these safeguards were in place. There's more posted on OUR FORUM

A new sample of the Shamoon data-wiping malware has been discovered in the wild, after a period of silence that lasted for about two years. Shamoon was first seen in attacks against Saudi Aramco oil provider in 2012 when it erased data on more than 35,000 computer systems belonging to the company. Four years later, it was spotted in attacks against private organizations in the same region that perpetuated until January 2017. In a report sent to BleepingComputer, the research team from Chronicle (cybersecurity subsidiary of Google's parent company, Alphabet Inc.) says that the new strain was uploaded to VirusTotal on December 10, from Italy. It consisted in the dropper and two modules, Wiper and Network, Brandon Levene, head of applied intelligence at Chronicle told us. They handle the disk wiping activity and the communication with the command and control (C2) server. Levene says that the author(s) of the new Shamoon dropped some resources that were removed some resources that were used to replace the destroyed files, a capability that still exists, though. The alternative to this is to overwrite to data and the hard disk MBR with random data. The variant analyzed by Chronicle has the trigger date and local time set to December 7, 2017, 23:51. The researchers note that this is about one year before it was uploaded to the VirusTotal platform. Further details posted on OUR FORUM.

Microsoft released Windows 10 Preview Build 18298 to Fast ring members of the Windows Insider Program this week. Rather than introducing one standout feature, this update makes a bunch of small improvements to various aspects of the operating system, from sign-in options to accessibility tools. The company's also released updates to Feedback Hub, Snip & Sketch and the Game bar via the Microsoft Store to upgrade those utilities. Preview Build 18298 is the first notable release to Windows Insider Program members in a while. That's probably because Microsoft suffered a series of failures involving Windows 10 updates over the last few months. The company infamously delayed the Windows 10 October 2018 Update to mid-November at least for people who aren't using certain hardware or software--and pulled a cumulative update because it was too unstable. It's hard to hype people up about upcoming versions of Windows 10 if the most recent versions are still unavailable on many systems. The show must go on, however, and that's where Preview Build 18298 comes in. The update introduced the ability to create a security key via the Settings app to quickly "unpin" folders and groups from the Start menu and to create bigger and brighter cursors that should be a little easier to see. For more turn to OUR FORUM.

A Chinese court ordered a ban in the country on iPhone sales in a patent dispute between US chipmaker Qualcomm and Apple, according to a Qualcomm statement Monday. The statement said the Fuzhou Intermediate People's Court had granted Qualcomm's request for two preliminary injunctions against four subsidiaries of Apple, ordering them to immediately to stop selling the iPhone 6S, iPhone 6S Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus and iPhone X. The move marked the latest in a long-running dispute over patents and royalties between the two California tech giants playing out in courts and administrative bodies worldwide. "We deeply value our relationships with customers, rarely resorting to the courts for assistance, but we also have an abiding belief in the need to protect intellectual property rights," said Don Rosenberg, Qualcomm executive vice president, and general counsel. "Apple continues to benefit from our intellectual property while refusing to compensate us. These court orders are further confirmation of the strength of Qualcomm's vast patent portfolio." The China case is based on patents which enable consumers to adjust and reformat the size and appearance of photographs, and to manage applications using a touchscreen, Qualcomm said. An Apple statement to AFP called Qualcomm's effort a "desperate move by a company whose illegal practices are under investigation by regulators around the world." Apple added that Qualcomm "is asserting three patents they had never raised before, including one which has already been invalidated." Apple said that "all iPhone models remain available for our customers in China," adding that "we will pursue all our legal options through the courts." Follow this on OUR FORUM.

 

GTranslate