Security Alerts & News
by Tymoteusz A. Góral

History
#534 BREACH attacks revived to steal private messages from Gmail and Facebook
The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of the National Technical University of Athens and Dionysis Zindros of the University of Athens debuted their attack framework called Rupture, and demonstrated how BREACH can be resurrected to steal private messages sent over Gmail and Facebook.
#533 WhatsApp enables end-to-end encryption for all forms of communications by default
"WhatsApp has always prioritized making your data and communication as secure as possible. And today, we're proud to announce that we've completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats."
#532 Multiple critical vulnerabilities in Quanta routers won’t be patched
Researcher Pierre Kim found the flaws and reasons that the flaws are due to incompetence, or at worst, calls them “a deliberate act of security sabotage from the vendor.”
#531 US: Four tax scams to watch out for this tax season
Tax season is a ripe time for phishing and spreading malware; without fail, tax-related online scams remain a most popular type of phishing scam each and every year. Through our threat intelligence network, we have identified four types of tax scams that individuals and businesses should be wary of as they’re preparing to file their taxes in 2016.
#530 Firefox add-on flaw leaves Apple and Windows computers open to attack
In a report “CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities” researchers claim 2,000 Firefox extensions – including nine of the top 10 extensions – are exploitable via “extension-reuse vulnerabilities.” Researchers tested the desktop version of the Firefox browser running on Mac OS X and Windows platforms finding them both vulnerable.
#529 Wordpress, Joomla domains under attack through jQuery JavaScript library
Hackers are using the jQuery JavaScript library to inject malicious code into millions of Wordpress and Joomla Web domains, researchers say.

According to cybersecurity firm Avast, fake jQuery injections have become a very popular attack of late. In a blog post, the team said a particular attack method which has surged in popularity over the past few months includes the use of a fake jQuery script injected into the head section of websites powered by the Wordpress and Joomla content management systems, leading to a web of infection supported by compromised and malicious domains.
#528 ‘Surreptitious sharing’ Android API flaw leaks data, private keys
Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12