By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Exploit code demonstrating a memory corruption bug in Microsoft's Edge web browser has been published today by the researcher that discovered and reported the vulnerability in the first place. The code can lead to remote code execution on unpatched machines. The security bug affects Chakra, the JavaScript engine powering Edge, in a way that could allow an attacker to run on the machine arbitrary code with the same privileges as the logged user. Reported by Bruno Keith of the phoenhex team of vulnerability researchers, the flaw has been marked as having a critical impact by Microsoft on most operating systems it affects. The only systems where it has 'moderate' severity are Windows server editions 2019 and 2016. The proof-of-concept code has 71 lines and results in an out-of-bounds (OOB) memory read leak; the effect may not appear that damaging but an attacker can modify the demo exploit to achieve a more harmful outcome. "Chakra failed to insert value compensation which causes the headSegmentsym to be reloaded but not the headSegmentLength sym, we, therefore, accessed the new buffer with the wrong length checked," explains a comment in the demo code. For more turn to OUR FORUM.

Everyone by now is familiar with the specific kind of partisan rage that manifests on Facebook, particularly with the kind of tailored memes meant to incite political outrage that finds a home on its platform. But according to a report from the Wall Street Journal, Facebook mulled a tool meant to facilitate greater tolerance among those with opposing political beliefs before it was reportedly stalled by Facebook’s Vice President of Global Public Policy Joel Kaplan. Citing sources familiar with the matter, the Journal reported Sunday that Kaplan, who memorably pissed off Facebook staff after supporting Brett Kavanaugh, objected to the so-called called “Common Ground” project over concerns that the endeavor would prompt allegations of political bias against conservatives. The project “involved several potential products meant to minimize toxic content and encourage more civil discussion,” per the Journal: The Wall Street Journal writes read more on our Forum

Chinese IT giant Huawei has reportedly found itself in the cross hairs of the Western intelligence network that is seeking to curb its growth. Speaking to Sputnik, academics explained their scepticism over the alleged security threat posed by Chinese high-tech companies.
"Scepticism is healthy and somewhat justified as it would not be the first time that national security interests have been used as a smokescreen for protectionism", Professor Peter Robertson of the University of Western Australia Business School told Sputnik, commenting on the "Five Eyes" intelligence-sharing network's reported incentive to contain China's high-tech giant Huawei.
The academic added that "it also wouldn't be surprising to find that there are commercial interests lobbying government in the US and elsewhere". read more on our Forum

Extortion emails are getting wilder and wilder. First, we had sextortion scams that threatened to reveal victims doing dirty deeds on video, then bomb threats, which brought the worldwide attention of law enforcement, and now we have threats that a hitman is targeting the recipient unless they pay $4,000 in bitcoin. These emails started appearing this week and have a subject line similar to "Pretty significant material for you right here 17.12.2018 08:33:00". The content of the emails are written in poor English and grammar and state that the sender is the owner of a Dark Web site that offers different kinds of services for a fee. The email goes on to say that someone came to the site to hire a hitman to target the recipient for an "instant and pain-free" execution. The owner of the site, though, is willing to call the hitman off if they receive $4,000 in bitcoin. As an extra bonus, they will also "remove the hitman". The enclosed bitcoin address has not received any ransom payment and will most likely not due to its poor execution and threat of physical harm. If anything, similar to the bomb threats, these will just be reported to law enforcement. Once again, if you receive an email like the one above, this is a scam and you are not being targeted by a hitman. Instead you are being targeted by an extortionist who is looking to make a quick buck by trying to scare the living daylights out of you. For more follow the provided link.

Open-source startup Whitewater Foundry has unveiled WLinux Enterprise. WLinux Enterprise is the first product to support the industry-standard Red Hat Enterprise Linux on Windows Subsystem for Linux, allowing companies to integrate and deploy the most stable, secure, and reliable Linux distribution with Windows 10. WLinux Enterprise unleashes developers and IT staff productivity by giving them access to the Linux command line and development tools they need in today's cloud, hybrid, and cross-platform environments, including Git, OpenSSH, Node.js, Python, Go, Ruby, AWS and Azure cloud command-line tools, and more, directly on Windows 10, alongside existing Windows applications. WLinux Enterprise accomplishes this in a cost-effective and secure approach by deploying Linux on Windows devices companies already own within Windows networks they already have deployed, reducing the burden of managing a mixed OS environment and eliminating unsecure device usage. read more on our Forum

Because, let's face it, Cortana is a bit dull. Microsoft is adding further speculation about the future of its voice assistant, Cortana, after revealing that it is looking at ways to give other services deeper integration with Windows 10. At the moment, although Alexa is supported by Windows, it is part of the quid pro quo arrangement with Amazon that has brought Cortana functionality to Echo devices. In both cases, the non-native assistant plays a fairly convincing bridesmaid to the bride.nBut now, several under-the-hood hackers have reported code commits that would see a deeper integration, allowing you to pick your preferred primary partner in proverbial poigniance. It could even mean replacing Cortana in the search bar, following the recent decision to split the digital assistant's development from that of the search. This could, in turn, mean banishing Bing to the sidelines too after the option was removed in the first big Windows 10 update.

 

GTranslate