Security news

Google Chrome has now become an industry standard web browser that is used by millions of Windows 10 users. Recently a new exploit was discovered in Google Chrome that consumes 100% of system resources and completely freezes a Windows 10 computer.

So here’s everything you need to know about the Google Chrome Exploit and how to fix it.

ALSO READ: Google Chrome’s Dark Mode For macOS To Arrive In Early 2019

Google Chrome Exploit: The Issue

Google Chrome is one of the most feature-rich web browsers that is very well optimized for Windows OS. According to some reliable sources, a new bug which seems to be a tech support scam completely crashes Windows 10 and informs the users that their computer has been affected by a virus.

Initially, this bug makes Google Chrome browser unusable and then all of the open tabs are completely locked. Once both Windows 10 and Google Chrome are completely frozen a pop-up comes up which claims to be from Microsoft support. A user can’t close this pop-up and this pop-up says that your data is at a risk.

For quite some time, this bug makes your Windows 10 computer useless.

Google Chrome Exploit: The Fix

Well, if you or any of your friends or a family member has encountered this bug then this fix might completely resolve the issue. So here’s how you can get Windows 10 up and running once again.

1. Open Task Manager from Taskbar or by pressing Shift+Ctrl+Esc at the same time.
2. Under the Processes Tab, locate Google Chrome in the Apps Section.
3. Lastly, select Google Chrome and right-click to End Task.

Hopefully, your Windows 10 computer will now return to its normal state. It is worth noting, that the next time you open Google Chrome the browser would prompt you to restore tabs as the browser didn’t had a proper shutdown. Don’t restore the tabs else you would have to face the same issue once again.

Apple recently released the iOS 12.1.2 update that was supposed to fix issues with eSIM support for the iPhone XR, iPhone XS, and iPhone XS Max. After a few days, Apple released another update with similar version number but this time around instead of resolving issues the update brought some significant problems.

After the latest iOS update, many iPhone users have been reporting about a bug that automatically disconnects iPhone’s from cellular data.

So here’s everything you need to know about the issue mentioned above.

ALSO READ: iPhone X explodes after iOS 12.1 Update

iOS 12.1.2 Bug: The Issue

As mentioned earlier the bug that came along the latest iOS update kills the cellular data on iPhones. Consequently, users didn’t receive phone calls and text messages due to the unavailability of mobile data. The issue came into notice when people started reporting on forums and social media platforms like Twitter, Facebook, and Reddit.

In addition to that, some users also reported that the bug affected WiFi connections as well. It is worth noting that the bug has affected many iPhones, but it’s not present on every iPhone.

iOS 12.1.2 Bug: The Fix

Well, if you are one among many affected iPhone users, then these two fixes from 9to5Mac might help you.

1. Firstly you can disable Wi-Fi Calling from the cellular menu of the settings app.
2. Next up, head on to Cellular Data Options and change the Enable LTE field from Voice and Data to Data only.

These two fixes are not the exact solutions, but they might help many users. As of now, Apple hasn’t addressed the bug that disconnects iPhones from cellular data. That said, Apple might soon release the iOS 12.1.3 update which will ultimately resolve this issue.

Do share any personal fix that you have found for the issue mentioned above in the comments section below.

Arizona Man Says Hacker Spoke to Him Through His Home’s Nest Security Camera

As creepy and disturbing it may sound, an Arizona man was startled when a hacker spoke to him through his internet security camera that was meant to keep him safe, reports The Arizona Republic.

The victim, Andy Gregg, a real estate agent in Phoenix, Arizona, said he was in his backyard when he heard a voice speaking to him creepily from inside his home. At first, he thought a burglar had entered his home. However, he soon realized that the voice was coming from his Nest Cam IQ security camera in the front window of his home.

The hacker claimed that he was a “white hat” hacker associated with the Anonymous hacktivist group. He informed Gregg that his personal information was compromised probably in a previous data breach.

The hacker then recited a number of passwords Gregg had used for logging into multiple websites. While the hacker had no access to the cam’s video feed, nor Gregg’s location, he said the loopholes, however, could have been explored by notorious hackers for malicious purposes.

“I’m really sorry if I startled you or anything. I realize this is super unprofessional, and I’m sorry that it’s a little late in the day to do this,” the hacker can be heard telling Gregg, according to a recording obtained by The Arizona Republic/azcentral.

“We don’t have any malicious intent.”

The hacker informed Gregg that he had accessed his camera to warn him about its security vulnerabilities. Gregg immediately unplugged the camera and changed his passwords to avoid any future access to his camera by malicious hackers.

“You basically feel very vulnerable,” Gregg told The Arizona Republic. “It feels like you’ve been robbed essentially and somebody’s in your house. They know when you’re there. They know when you’re leaving.”

Google-owned Nest said in a statement to the Arizona Republic that it is aware of hackers accessing its cameras using passwords exposed in other breaches. It said that the company has no control over the device beyond the user’s login point, as their devices do not come with default logins. Users need to set up their device with a unique set of login credentials that only they are aware. Hence, Nest suggests its users to set up two-factor authentication to provide an additional layer of security on their devices.

New Purchases For JailBroken iPhones Closed Down On Cydia App Store

Cydia app store creator Jay “Saurik” Freeman on Friday announced in a Reddit post that software purchases would no longer be available on Cydia App Store.

For the unaware, Cydia App Store for iOS provides user software packages that can be installed on jailbroken iPhones, iPads and iPod touch devices. Basically, it allows users to install software from third-party by bypassing Apple’s own App Store lockdown.

However, the number of users who have cracked the iPhone has decreased in recent years due to Apple’s iOS ecosystem has grown more strong and secure.

While Freeman had initial plans to shut down the store purchases option by the end of 2018, a recently found security vulnerability in the app that would allow hackers to buy apps using other people’s accounts led to the shut down earlier than planned.

“The reality is that I wanted to just shut down the Cydia Store entirely before the end of the year, and was considering moving the timetable up after receiving the report (to this weekend); this service loses me money and is not something I have any passion to maintain: it was a critical component of a healthy ecosystem, and for a while it helped fund a small staff of people to maintain the ecosystem, but it came at great cost to my sanity and led lots of people to irrationally hate me due to what amounted to a purposeful misunderstanding of how profit vs. revenue works,” he writes.

The shutting down announcement does not mean the immediate end of jailbreaking since Freeman will continue to bear the cost of running the platform. iOS users will still be able to download apps that they have purchased from Cydia store in the past; however, they would now be no longer able to purchase new apps.

Further, Freeman is going to publish a more “formal” post this week with further details about the past and future of Cydia.

Also Read- Apple sued for lying about screen size and pixel count in its iPhone X series

Beware! Do not update to iTunes 12.8.1 if you are on OS X Yosemite 10.10.5

iTunes users took to MacRumors Forums, Twitter, Reddit, and Stack Exchange recently to report that upgrading to iTunes 12.8.1 version is breaking Safari 10.1.2, the latest version of the browser for OS X Yosemite 10.10.5.

Users who updated to iTunes 12.8.1 were greeted with following error message when opening Safari on OS X Yosemite 10.10.5:

“Safari cannot be opened because of a problem.

Check with the developer to make sure Safari works with this version of Mac OS X. You may have to reinstall the application. Be sure to install any available updates for the application and Mac OS X.

One Stack Exchange user was of the opinion that the iTunes 12.8.1 update is likely updating the MobileDevice.framework in /System/Library/PrivateFrameworks/ to a version incompatible with Safari 10.1.2.

However, it now appears that Apple has pulled the iTunes 12.8.1 update. Some users have found a workaround to fix Safari. For that, you need to go the Finder app, click on Go > Go to Folder… in the top menu bar, typing in /System/Library/PrivateFrameworks/ and drag MobileDevice.framework to the Trash.

Note: These steps have not been tested by us.

Also Read- What is Mac OS? Pros and Cons Of Using It

Facebook accidentally exposed 6.8 million users’ private photos to developers

Facebook on Friday disclosed a data breach that may have exposed unposted photos of as many as 6.8 million users.

According to the company’s developer blog, a photo API bug accidentally gave hundreds of third-party apps unauthorized access to photos of as many as 6.8 million users during a 12 days period between September 13 and 25. It is believed that up to 1,500 apps built by 876 developers may have been affected by the bug.

“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” engineering director Tomer Bar said in a message to developers.

“In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.”

Apparently, the bug inadvertently also gave third-party apps access to photos that were not shared on timelines, for example, if someone uploads a photo to Facebook but doesn’t finish posting it, Bar added.

“We store a copy of that photo so the person has it when they come back to the app to complete their post,” he said.

Bar added that potentially affected Facebook users will get a Facebook notification, which will direct them to a Help Center link where they will be able to see if they have used any apps that were affected by the bug.

“We’re sorry this happened,” Bar said. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

Bar also suggested that users should log into any apps with which they have shared their Facebook photos to find out if they have access to photos they shouldn’t.

Besides the Facebook photo API bug discovered in September, the social networking giant was also hit by another data breach the same month where data of some 30 million users were exposed to hackers as a result of a flaw in Facebook’s ‘View As’ feature.

Another data leak forces Google to close down Google+ in April 2019

In October this year, we had reported how personal data of hundreds of thousands of Google+ social media users were exposed after a software glitch between 2015 and March 2018. Following the data exposure, Google had decided to shut down Google+ permanently over a span of 10 months.

However, a newly discovered second data leak has now forced Google to shut down much before it has planned. According to the company, a bug in the Google+ API has exposed the data of 52.5 million users, which has compelled the search giant to kill off Google+ in April 2019. The company also added that the bug was fixed within a week of it being introduced.

“We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API. We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way,” David Thacker, VP, Product Management, G Suite said in a blog post.

“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users.”

Profile information of Google+ users such as name, email address, occupation, and age were exposed even when their profile was set to not-public. In addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly. However, no access was given to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.

The company has started notifying consumer users and enterprise customers affected by the bug. Although the platform will shut down for consumer users in April 2019, Google will continue to invest in Google+ for businesses.

“We understand that our ability to build reliable products that protect your data drives user trust. We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs. We will never stop our work to build privacy protections that work for everyone,” said David Thacker in the closing statement.

For those who are unaware, Google+ is an Internet-based social network that was launched in June 2011 and is owned and operated by Google. The major reason why Google developed this social media platform was to compete with the exponentially growing social-media platform Facebook.

To increase the active user base Google interlinked Google+ with other services like Gmail and YouTube; however, the integration didn’t work out. In fact, even after massive investments and development Google+ didn’t gain immense popularity among users.

What do you think about Google+ being shut down? Do let us know your thoughts in the comments section below.

Quora hack exposes data of about 100 million users

Quora, the question-and-answer sharing website, announced yesterday that data of about 100 million of its users was compromised as a result of unauthorized access to one of their systems by a “malicious third party”.

“We recently became aware that some user data was compromised due to unauthorized access to our systems by a malicious third party,” Quora CEO Adam D’Angelo said in a security update blog post. “We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing.  We have notified law enforcement officials. We are notifying affected Quora users. We have already taken steps to ensure the situation is contained, and we are working to prevent this type of event from happening in the future. Protecting our users’ information and fostering an environment built on trust remains our top priority so that together we can continue to share and grow the world’s knowledge.”

Quora discovered the breach on Friday, November 30, when they found that user’s data was accessed by an unauthorized third-party.

According to Quora, the following information may have been compromised:

• Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
• Public content and actions, e.g. questions, answers, comments, upvotes
• Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)

However, as a safety measure, the company is currently notifying users whose data was compromised and logging out all affected Quora users. It has also notified law enforcement officials and has retained a leading digital forensics and security firm to assist them.

The users who wrote questions and answers anonymously were not affected by this breach, as the website does store information of people who post anonymous content. Currently, it is unknown how the attacker gained access to Quora’s systems.

“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust,” Dylan added.

Quora has advised its users to not reuse the same password as Quora across multiple services, and suggested them to change it if they are doing so. Also, we would advise our readers to use unique passwords for every site that you visit to avoid being a victim of data breach.

Dell.com resets all customer passwords after a network breach

Dell Inc., the U.S. based hardware giant, announced yesterday that the company had suffered a security breach earlier this month, on November 9, 2018. However, the company said that it managed to stop hackers who were looking to access data such as customer names, email addresses and hashed passwords.

“Dell is announcing that on November 9, 2018, it detected and disrupted unauthorized activity on its network attempting to extract Dell.com customer information, which was limited to names, email addresses and hashed passwords,” the company said in its press release.

“Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation. Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement.”

According to reports, Dell did not inform its customers about the breach when it forced the password resets for all customer accounts on November 14, 2018. Also, the company did not mention how the hackers were able to breach its network.

“Our investigations found no conclusive evidence that any information was extracted,” Dell said in its press release. “Credit card and other sensitive customer information was not targeted. The incident did not impact any Dell products or services.”

Dell said that it is still investigating the incident, but said the breach wasn’t extensive one, as the company’s engineers were able to detect the intrusion on the same day it took place.

While a Dell spokesperson refused to provide the number of affected accounts, he said that “it would be imprudent to publish potential numbers when there may be none.”

Following the security breach, the company has encouraged its customers to change password for their Dell.com account and also for other online services if they use the same or similar passwords.

Facebook to pay up to $40,000 for finding ways to hack Facebook or Instagram accounts

Facebook has been going through a rough patch this year after suffering two severe security breaches that affected millions of its users.

While every year, Facebook pays millions of dollars to researchers and bug hunters to find security holes in its products and organization, it is still facing security breaches. Facebook has been running its Bug Bounty program since 2011.

Now, in order to step up its efforts to tighten the security of the platform, Facebook on Tuesday announced in a post that it has increased the average payout for account takeover vulnerabilities so as “to encourage security researchers to work on finding high-impact issues”.

The announcement further read, “The researchers who find vulnerabilities that can lead to a full account takeover, including access tokens leakage or the ability to access users’ valid sessions, will be rewarded an average bounty of:

* $40,000 if user interaction is not required at all, or
* $25,000 if minimum user interaction is required.

“This change applies to all products owned by Facebook, including Instagram, WhatsApp, and Oculus.

“Further, we will not require a full exploit chain in cases where leveraging the vulnerability requires bypassing our Linkshim mechanism.

“While monetary reward may not be the strongest incentive for why bug bounty researchers hack, we believe it remains a strong motivator for our white hat researchers to invest time in helping us identify and mitigate vulnerabilities. We encourage researchers to share their proof of concept reports with us without having to also discover bypasses for Facebook defense mechanisms.

“By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high-quality submissions from our existing and new white hat researchers to help us secure over 2 billion users.”

For those unaware, earlier this year, it was the Facebook–Cambridge Analytica data scandal where the personal information of 87 million Facebook users was harvested by Cambridge Analytica without their consent and used for political purposes.

Later, in September this year, Facebook discovered a major security issue that allowed hackers to access information, which could allow them to take over around 50 million accounts.

Source: Facebook