By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Cybersecurity firm Kaspersky Lab has uncovered a vulnerability in the Telegram desktop app which allows the social messaging app to be exploited for mining cryptocurrencies. In a statement, Kaspersky says the zero-day vulnerability provides a backdoor that “has been actively exploited since March 2017 for the cryptocurrency mining functionality.” It adds that they had notified Telegram of the vulnerability and “at the time of publication, the zero-day flaw has not since been observed in [the] messenger’s products.” Research conducted by Kaspersky showed that the zero-day flaw was based on the RLO (right-to-left override) Unicode method, which is generally used for coding languages written from right to left, such as Arabic and Hebrew. However, it can also be used by hackers to dupe unknowing recipients into downloading malware, for example disguised as images. Kaspersky analysts identified “several scenarios of zero-day exploitation in the wild by threat actors.” The threats identified were two-fold. First, the exploit was used to deliver mining software, allowing hackers to use the victim’s machine to mine cryptocurrency including “Monero, Zcash, Fantomcoin and others.”

‘Search bias & leveraging dominance’ Google has been fined $21 million by India’s antitrust watchdog after being accused of search bias and abusing its dominant position. The search giant says it is reviewing the complaints. The Competition Commission of India (CCI) said in a 190-page order that Google was “found to be indulging in practices of search bias and by doing so, it causes harm to its competitors as well as to users.” “Google was leveraging its dominance in the market for online general web search, to strengthen its position in the market for online syndicate search services,” the CCI said, as quoted by Reuters. The accusations against Google revolve around the CCI claiming the search engine places its commercial flight search function in a prominent position on the search results page. This, according to the commission, resulted in a disadvantage to businesses trying to gain market access. The CCI has ordered that the fine – which represents five percent of the average total revenue generated by Google from its Indian operations – be paid within 60 days. The fine was approved by a majority of 4-2. At the same time, the commission said it did not find any violation related to Google’s specialized search design, AdWords, or online distribution agreements.

A source code for a key component of the iPhone's operating system was leaked online, potentially handing hackers coveted data which will make it easier to break into iOS. It was removed after Apple filed a takedown request. The code posted on GitHub is for the iOS 9.3 version of iBoot, a vital component of iOS which ensures the booting of the operating system. It was posted on the website by user 'ZioShiba.' It remains unclear how the user obtained the code, but it appears to be legitimate. That's according to Jonathan Levin, the author of a series of books on iOS, who spoke to Motherboard and called the incident the “biggest leak in history” and a “huge deal.” The website Gadget Hacks also said the code is "definitely the real deal." The source code was eventually taken down, after Apple filed a copyright takedown request with GitHub. The code's release could have a number of implications. For starters, hackers could use it to locate flaws and bugs that could allow them to crack or decrypt an iPhone. Programmers could use the information to mimic iOS on non-Apple devices.

  

Latest Articles