Cyb0rn™

TikTok, the now widely popular social media platform that allows users to create, share, and discover, amateur short clips—usually something akin to music videos—has been enjoying explosive growth since it appeared in 2017. Since then, it hasn't stopped growing— more so during the current pandemic . Although the latest statistics continue to show that in the US the single biggest age group ( 32.5 percent , at the time of writing) is users between 10 and 19 years of age, older users (aged 25 to 34 years) in countries like China, Indonesia, Malaysia, Saudi Arabia, and the UAE are quickly overtaking their younger counterparts . Suffice to say, we can no longer categorize TikTok as a "kids' app". This, of course, further enforces the many concerns parents already have about the app. We're not even talking about the possibilities of young children, tweens, and teens seeing dangerous challenges and trends , or pre-teens lip-synching to songs that make grown up eyes...

The research team at JSOF found seven vulnerabilities in dnsmasq and have dubbed them DNSpooq, collectively. Now, some of you may shrug and move on, probably because you haven't heard of dnsmasq before. Well, before you go, you should know that dnsmasq is used in a wide variety of phones, routers, and other network devices, besides some Linux distributions like Red-Hat. And that's just a selection of what may be affected. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The vulnerabilities disclosed by the JSOF team have been listed as CVE-2020-25687 , CVE-2020-25683 , CVE-2020-25682 , CVE-2020-25684 , CVE-2020-25685 , CVE-2020-25686 and CVE-2020-25681 . What is DNSpooq? DNSpooq is the name the researchers gave to a collection of seven vulnerabilities they found in dnsmasq, an open-sourc...

Metadata, which gives background information on pieces of data , is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps , it can be timestamps . It might be location . In some cases, it can be log analysis . Many tutorials exist to strip this information out . This is because it can reveal more than intended when it hits the public domain. Default settings are often to blame. For example, a mobile photography app or camera may embed GPS data by default. Some people may find this useful; quite a few more may object to it as a creepy privacy invasion. Well, that's metadata. Now you have an idea what kind of things can lurk without knowledge. We can see what happens when we deliberately enable a data / tagging related function. Watermarking: what's the deal? An interesting story has recently emerged on The Intercept, of voluntary data (in the form of watermarks) wrapped into Zoom recordings, which could cause headaches in...

This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vulnerability for their own purposes. This is the story of ZeroLogon. What is ZeroLogon? The ZeroLogon vulnerability was discovered by researchers at Secura and is listed in the Common Vulnerabilities and Exposures (CVE) database under CVE-2020-1472 : "An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'." This vulnerability exploits a cryptographic flaw in Microsoft's Active Directory Netlogon Remote Protocol (...

A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations. We first reported on the event in our December 14 blog and notified our business customers using SolarWinds asking them to take precautionary measures. While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments. How did this impact Malwarebytes? We received information from the Microsoft Security Response Center on December 15 about suspicious activity from a th...

WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem? Are you at risk? Or should you keep using your apps as you were previously? Setting the scene WhatsApp users found themselves facing down an in-app notification this past week, letting them know of upcoming privacy policy changes. The message read: By tapping Agree, you accept the new terms, which take effect on February 8, 2021. After this date, you'll need to accept the new terms to continue using WhatsApp. You can also visit the Help Center if you would prefer to delete your account. Generally, I'm somewhat suspicious whenever a trusted app starts popping messages, or anything else I wasn't expecting. After the initial burst of "Is this genuine?", follows...