Facebook, Instagram and Whatsapp are experiencing network problems around the world.
The issue appears to be connected to issues at US cybersecurity firm Cloudflare.
The first network issues were reported shortly before 16:00 today.
The outages appear to be connected to US cybersecurity firm Cloudflare which has been affected by an outage at telecommunications provider Verizon.
Cloudflare has been responsible for downtime on several websites across the globe the past week, including BuzzFeed, Medium, Soundcloud and Canva.
Last week it blamed its network issues on an outage at telecommunications provider Verizon, and on Tuesday it blamed a "bad software" deployment.
The firm said the issues it is experiencing is not related to a cyber-attack.
Downdetector.com showed that the platforms were particularly hard hit in Europe and the East Coast of the United States.
The first outage issues were reported shortly before 16:00 today.
Users reported that the issues on the social media platforms, all owned and operated by Facebook, appear to be limited only to specific parts of the sites.
Users, for example, report that their feed might load, but that they are not able to post something into it.
If someone tries to post something, an error message appears saying "Photo Can't Be Posted".
Source : https://www.businessinsider.co.za/facebook-instagram-and-whatsapp-down-in-sa-and-across-the-globe-2019-7
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it.
Doing so could allow hackers to remotely take full control over your computer system.
That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.
With more than 3 billion downloads, VLC is a hugely popular open-source media player software that is currently being used by hundreds of millions of users worldwide on all major platforms, including Windows, macOS, Linux, as well as Android and iOS mobile platforms.
Discovered by Symeon Paraschoudis from Pen Test Partners and identified as CVE-2019-12874, the first high-severity vulnerability is a double-free issue which resides in "zlib_decompress_extra" function of VideoLAN VLC player and gets triggered when it parses a malformed MKV file type within the Matroska demuxer.
The second high-risk flaw, identified as CVE-2019-5439 and discovered by another researcher, is a read-buffer overflow issue that resides in "ReadFrame" function and can be triggered using a malformed AVI video file.
Cybersecurity isn't easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy.
However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to detect and block those threats. Rinse and repeat.
Cybersecurity isn't easy, and there is no magic solution, but there are a handful of things you can dothat will greatly reduce your exposure to risk and significantly improve your security posture.
The right platform, intelligence, and expertise can help you avoid the vast majority of threats, and help you detect and respond more quickly to the attacks that get through.
Challenges of Cybersecurity
Effective cybersecurity is challenging for a variety of reasons, but the changing perimeter and the confusing variety of solutions don't help.
Long ago, during a time that is all but a distant memory by tech standards, cybersecurity was built around a concept of inside vs. outside, and us vs. them. The servers, applications, users, and data inside the network were inherently trusted, and everything outside of the network was assumed to be a potential threat.
The advent of free public Wi-Fi, portable laptops, mobile devices, and cloud computing have eroded the idea that there is any sort of perimeter, and most attacks leverage valid credentials and appear to be legitimate users, so the old model of defending the perimeter is no longer valid.
Meanwhile, as new platforms and technologies are developed, cybersecurity vendors inevitably create targeted point solutions for each one.
The result is a confusing mix of tools and services that protect specific facets of the environment, but don't play well with each other and don't provide a holistic view of the whole infrastructure so you can understand your security posture as a whole.
The constantly expanding and evolving threat landscape doesn't make it any easier, either. Attacks are increasingly complex and harder to identify or detect—like fileless or "Living off the Land" (LotL) attacks.
The complexity of the IT infrastructure—particularly in a hybrid or multi-cloud environment—leads to misconfiguration and other human error that exposes the network to unnecessary risk. Attackers are also adopting machine learning and artificial intelligence to automate the process of developing customized attacks and evading detection.
Improve Your Cybersecurity
All of that sounds daunting—like cybersecurity is an exercise in futility—but there are things you can do. Keep in mind that your goal is not to be impervious to attack—there is no such thing as perfect cybersecurity.
The goal is to increase the level of difficulty for an attacker to succeed in compromising your network and to improve your chances of quickly detecting and stopping attacks that occur.
Here are 5 tips to help you do that:
Assess your business objectives and unique attack surface — Choose a threat detection method that can address your workloads. For instance, cloud servers spin up and spin down constantly. Your detection must follow the provision and deprovision actions of your cloud platform(s) and collect metadata to follow events as they traverse this dynamic environment. Most SIEMs cannot do this.
Eliminate vulnerabilities before they need threat detection — Use vulnerability assessments to identify and remove weaknesses before they become exploited. Assess your full application stack, including your code, third party code, and code configurations.
Align data from multiple sources to enhance your use cases and desired outcomes — Collect and inspect all three kinds of data for suspicious activity: web, log, and network. Each data type has unique strengths in identifying certain kinds of threats and together present a whole picture for greater accuracy and actionable context.
Use analytics to detect today's sophisticated attacks — ensure your threat detection methods look at both real-time events and patterns in historical events across time. Apply machine learning to find what you do not even know to look for. If you use SIEM, enlist machine learning to see what correlation missed and better tune your SIEM rules.
Align security objectives to your business demands — There is more than one way to improve your security posture and detect threats. While SIEMs are a traditional approach, they are most useful for organizations that have a well-staffed security program. A SIEM alone is not the best solution for security monitoring against today's web applications and cloud environments.
5 Recommendations to Strengthen Your Security Program
If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim.
Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line text editing applications that come pre-installed with most Linux-based operating systems.
On Linux systems, Vim editor allows users to create, view or edit any file, including text, programming scripts, and documents.
Since Neovim is just an extended forked version of Vim, with better user experience, plugins and GUIs, the code execution vulnerability also resides in it.
Code Execution Flaw in Vim and Neovim
Razmjou discovered a flaw in the way Vim editor handles "modelines," a feature that's enabled-by-default to automatically find and apply a set of custom preferences mentioned by the creator of a file near the starting and ending lines in the document.
Though the editor only allows a subset of options in modelines (for security reasons) and uses sandbox protection if it contains an unsafe expression, Razmjou revealed that using ":source!" command (with a bang [!] modifier) can be used to bypass the sandbox.
Therefore, just opening an innocent looking specially crafted file using Vim or Neovim could allow attackers to secretly execute commands on your Linux system and take remote control over it.
The researcher has also released two proof-of-concept exploits to the public, one of which demonstrates a real-life attack scenario wherein a remote attacker gains access to a reverse shell from the victim's system as soon as he/she opens a file on it.
The maintainers of Vim (patch 8.1.1365) and Neovim (released in v0.3.6) have released updates for both utilities to address the issue, which users should install as soon as possible.
Besides this, the researcher has also recommended users to:
disable modelines feature,
disable "modelineexpr" to disallow expressions in modelines,
use "securemodelines plugin," a secure alternative to Vim modelines.
Microsoft issued a warning on Friday regarding a spam campaign that seems to abuse a security vulnerability in its productivity suite - Office. The campaign involves sending malicious documents that can infect users when they simply open the attached RTF document. As of now, the spam campaign is targeting European users. Microsoft's Security Intelligence account made the announcement in a series of tweets on Friday afternoon.
According to Microsoft's security researchers, the ongoing spam campaign includes RTF documents that exploit the Microsoft Office and Wordpad CVE-2017-11882 vulnerability. Users can be infected by simply opening the attached document.
The CVE-2017-11882 vulnerability enables RTF and Word documents to execute commands right when they're opened. The vulnerability was patched back in 2017, but Microsoft claims the company still sees the exploit being used in spam campaigns which have increased in the last several weeks. Microsoft is recommending users to apply security updates.
Microsoft said that when a user opens an infected attachment, the file will try to execute a number of scripts written in VBScript, PowerShell, PHP, and others to download the 'payload'. These scripts are generally downloaded from a Pastebin repository.
According to Microsoft, the 'payload' that's download on an infected user's system is an executable backdoor trojan, programmed to connect to a malicious domain. Microsoft is asking all Windows users to install the security update for this vulnerability as soon as possible.
The malicious domain has been taken down, but Microsoft says there's always a possible risk of future campaigns that may use a similar tactic to exploit the vulnerability.
In case you've already applied the November 2017 patch, you're already protected from this vulnerability. This exploit has been used several times, in an effort to target users who may have forgotten to install the software update.
Facebook has quietly revealed that it accidentally stored millions of Instagram user passwords in plaintext, a major security issue that the company had previously said only affected “tens of thousands” of users.
In a March 21st announcement titled, “Keeping Passwords Secure,” Facebook stated that during a “routine security review,” it found that some Instagram passwords were being stored in a readable format. The passwords were accessible to Facebook employees but the company didn’t find any evidence that they had been improperly accessed or leaked. #thehackernews
The malware can extract cookies and steal login credentials from popular browsers such as Google Chrome and Mozilla Firefox.
It can also compromise payment information present in the users’ Facebook, Amazon and Airbnb accounts.
Security researchers from BitDefender have unearthed a new rootkit malware called Scranos. The malware reportedly steals sensitive information such as users’ login credentials and payment information saved in browsers. On top of stealing sensitive information, Scranos was also found to have other capabilities to achieve other nefarious purposes.
The researchers also suggest that the actors behind the malware were testing new components on infected users, as well as were revamping old components in the malware.
The malware steals login credentials of users who use well-known browsers such as Google Chrome, Chromium, Mozilla Firefox, Opera, Microsoft Edge, Internet Explorer, Baidu Browser and Yandex Browser.
Payment information furnished by users on Facebook, Amazon, and Airbnb is also stolen.
According to the BitDefender researchers, Scranos also has the capability to download and execute any payload on the infected system.
It can display ads or show muted YouTube videos to users who use Chrome. Some of the droppers also installed Chrome if it was not installed on the victim’s system. Additionally, the malware makes users subscribe to YouTube channels without their knowledge.
Platform for third-party malware
Bogdan Botezatu, Director of Threat Research at BitDefender indicates that Scranos was used as a decoy to deploy third-party malware.
“The motivations are strictly commercial. They seem to be interested in spreading the botnet to consolidate the business by infecting as many devices as possible to perform advertising abuse and to use it as a distribution platform for third-party malware,” he told TechCrunch.