My Weekly RoundUp #131
These are hard times but, everything will be fine!
Italians are singing songs from their windows to boost morale during coronavirus lockdown
Videos have been shared on social media of Italian citizens singing and dancing during a nationwide lockdown amid the coronavirus pandemic.
The videos, from various cities and towns, show people singing from balconies and windows in an attempt to boost morale, with all non-essential shops and services still closed in the country.
Italy is one of the worst affected countries in the world by COVID-19, with 17,660 confirmed cases and 1,266 deaths, according to the latest data from Johns Hopkins University. That’s the largest outbreak outside of China.
One widely shared video shows neighbors singing a patriotic folk song in Siena, a city in central Italy’s Tuscany region.
Cybersecurity
VMware has fixed three serious flaws in its products, including a critical issue in Workstation and Fusion that allow code execution on the host from guest
VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp.VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.
Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine
Tor Browser Bug Executes Uncalled for JavaScript Codes!
...a bug was discovered in the much appreciated TBB’s security mechanism. When the browser was set to allow the use of the most supreme security level and still permitted the execution of the JavaScript code when instead it should have barred it.
It is a relief that the team of Tor is well aware of the bug and is, with dedication working towards developing a patch for it. Per sources, they also mentioned that if a user requires to “Block JavaScript” they could always disable it entirely.
As per reports, the procedure for doing the above-mentioned is to open the “about config” and search for “javascript.enabled”. If here the “Value” column mentions “false” it means that the JavaScript is disabled and if it mentions “true” then right-click to select “Toggle” or double click on the row to disable it.
Slack Bug Allowed Automating Account Takeover Attacks
Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using an HTTP Request Smuggling CL.TE hijack attack on https://slackb.com/.
Europol Dismantles SIM Swap Criminal Groups That Stole Millions
Europol arrested suspects part of two SIM swapping criminal groups in collaboration with local law enforcement agencies from Spain, Austria, and Romania following two recent investigations.
Hackers Are Using Coronavirus Maps To Spread Malware On Your Computer
The World Health Organisation (WHO) recently declared the coronavirus outbreak as a ‘global pandemic’ prompting users all over the world to keep an eye on it. However, hackers are using this situation to their advantage to spread malware and steal user information on your computer.
According to a new report from a security firm called Reason Labs, hackers are abusing the dashboards made by several organizations to keep track of COVID-19 to inject malware into computers.
Cookiethief, the Android malware that hijacks Facebook accounts
Security experts from Kaspersky recently discovered Android Trojan that was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app.
Accenture Acquires Context Information Security
One of the UK's most recognizable and respected information security service providers has been acquired by Accenture.
Context Information Security was acquired for an undisclosed sum from former parent company Babcock International Group.
The deal is the latest in a string of cybersecurity acquisitions by Accenture, which agreed to acquire Symantec’s cybersecurity services business in January. Context will strengthen an already considerable portfolio, which includes déjà vu Security, iDefense, Maglan, Redcore, Arismore, and FusionX.
In a statement released on Friday, Kelly Bissell, a senior managing director at Accenture, said: "This acquisition is an excellent match for us, combining a group of highly skilled cybersecurity professionals globally while providing differentiated services to clients in the UK market.
"The deal signals continued aggressive growth for Accenture Security and gives us a new branch of talented family members to help clients grow their business with confidence and resilience."
Programming
Programming Without Code: The Rise of No-Code Software Development
Code is the backbone of most software programs and applications. Each line of code serves as an instruction—a logical, step-by-step mechanism for computers, servers, and other machines to perform an action. To create those instructions, one must know how to write code—a valuable skill that’s sometimes in short supply.
But what if you could build software without writing a single line of code? That’s the premise behind no-code development, a software development method that has been gathering momentum. With the help of no-code platforms, it’s possible to develop software without writing any underlying code.
Privacy
Zoom is a work-from-home privacy disaster waiting to happen
Just because you're working from home doesn't mean your boss isn't still keeping tabs on your every mouse click.
In recent days, thanks in part to the social-distancing measures made necessary by the coronavirus outbreak, converts to the work-from-home life are being forced to contend with the widely used videoconferencing service Zoom. There's just one problem: It's not exactly privacy-friendly.
TikTok and other popular iOS apps are spying on your iPhone clipboard
Apps on iOS and iPadOS have unrestricted access to the system-wide general pasteboard, also referred to as the clipboard. The potential security risks of this vulnerability have been thoroughly discussed in a previous article: Precise Location Information Leaking Through System Pasteboard. We have explored popular and top apps available on the App Store and observed their behaviour using the standard Apple development tools. The results show that many apps frequently access the pasteboard and read its content without user consent, albeit only text-based data.
Technology
How coronavirus could lead to a permanent remote workforce
As coronavirus fears hit a high point this week, companies have scrambled to institute new work from home policies. And those policies could become permanent in some cases, substantially altering our work- and life-style landscape in ways none of us would have predicted just a few weeks ago.
Bill Gates steps down from the Microsoft board of directors
45 years after he started his company, Bill Gates is stepping down from the boards of Microsoft and Berkshire Hathaway. While he’s not had a day-to-day role within the company since 2008, he’s now stepping away more fully to focus on his charitable endeavors.
Gates announced his decision in a LinkedIn post, saying he wants to “dedicate more time to philanthropic priorities including global health and development, education, and my increasing engagement in tackling climate change.” This would likely include work with the Bill and Melinda Gates foundation, which Gates and his wife founded in 2000.
SciFi
Natasha Romanoff faces off against Taskmaster in final Black Widow trailer
Natasha Romanoff (Scarlett Johansson) goes back to her roots to take down a ruthless mercenary recruiting other young women to be combat operatives in the final trailer for Black Widow, Marvel's long-overdue standalone feature film delving into the mysterious past of the late titular Avenger.