Security flaws haunt Ghostscript
For the third year in a row, researchers have found exploitable flaws in the open source software Ghostscript, a PDF and PostScript interpreter used by hundreds of programs on all major platforms. While the software includes a sandbox protection option, researchers have now identified a series of sandbox bypass vulnerabilities. For a bad actor to take advantage of the flaw, he or she would only need to send their victim a specially modified file in a format that triggers interaction with Ghostscript (PDF, PS, EPS, or XPS). Doing so would grant the malware’s C&C remote code execution privileges on the infected system, thereby allowing them to essentially take it over. No patch is available yet, so experts are advising that Linux distributions disable PS, EPS, PDF, and XPS coders in ImageMagick’s policy.xml, as the image processing library seems to be the most affected project by the flaw.
Last week on Malwarebytes Labs, we talked about how Process Doppelgänging meets Process Hollowing in the Osiris dropper, provided hints, tips, and links for a safer school year, gave a recap of Black Hat USA 2018, offered some tips for a secure content management system, highlighted a silly snail-mail scamming attempt, and provided insight in why money, power, and ego drive hackers to cybercrime.
Walmart gains patent to eavesdrop on shoppers and employees in stores. (Source: CNet)
FBI warns of “unlimited” ATM cashout (Source: Krebs on Security)
Caesars Palace not-so-Praetorian guards intimidate DEF CON goers with searches. (Source: Ars Technica)
Researchers discovered a way to hack Echo smart speakers. (Source: Techspot)
Researchers have found another serious security flaw in computer chips designed by Intel. (Source: BBC)
Victims lose access to thousands of photos as Instagram hack spreads. (Source: ThreatPost)
Web cache poisoning just got real: How to fling evil code at v..
Google may still be tracking you...
Adding to the growing mistrust consumers have about what tech companies do with the data they collect, we learned this week from an Associated Press investigation that Google still tracks and stores your whereabouts even if you turn off “location history” in your privacy settings. It turns out that disabling location history, on Android devices and iPhones, only removes your location from the Google Maps Timeline feature — which shows you where you've been in Google's data — but some Google apps still store your time-stamped location data, in part so they can better target ads based on where you’ve been. The company argues that it makes clear to users how to disable this setting and delete location history. So, what can you do to prevent Google from saving these location markers? First, disable a setting called “Web and App Activity,” which stores a variety of information from Google apps and websites to your Google account. Then, delete y..
Intel started 2018 with an unfortunate bang — the Spectre and Meltdown flaws inherent in the architecture of their chips was the main topic of conversation in the cybersecurity world. While damage control continues regarding those vulnerabilities, another flaw has been flagged. Intel refers to the new flaw as Level 1 Terminal Fault, or L1TF, but security researchers have dubbed it something more colorful — Foreshadow, and it is present in Intel Core processors and Xeon chips.