The bloc’s General Data Protection law, which will come into effect in a few months’ time, says people must be able to demand that their personal data is rectified or deleted under many circumstances. A blockchain is essentially a growing, shared record of past activity that’s distributed across many computers, and the whole point is that this chain of transactions (or other fragments of information) is in practice unchangeable – this is what ensures the reliability of the information stored in the blockchain.

…

Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.

Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

…

The government malware market is beyond saturated at this point, with myriad companies looking to sell mobile phone and computer monitoring software to authorities around the world, but still more firms are jumping into the industry.

Source: vice.com

…

On Saturday, the European Network of Transmission System Operators for Electricity (ENTSOE) put out a statement claiming that the Continental European Power System, an electric grid linking 25 European countries, has experienced a shortage of power supply since mid-January. This power supply shortage has caused all the non-quartz electric clocks in Europe to slow down by almost six minutes over the past month and a half.

…

Over the last year, Hungarian security researcher Boldizsár Bencsáth has remained fixated by one of the less-examined tools revealed in that disemboweling of America’s elite hacking agency: A piece of NSA software, called ‘Territorial Dispute,’ appears to have been designed to detect the malware of other nation-state hacker groups on a target computer that the NSA had penetrated. Bencsáth believes that specialized antivirus tool was intended not to remove other spies’ malware from the victim machine, but to warn the NSA’s hackers of an adversary’s presence, giving them a chance to pull back rather than potentially reveal their tricks to an enemy.

…

We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk.

Patched version 4.90.1 is already released and we suggest to upgrade exim immediately.

…

A critical remote code vulnerability in the Exim mail transfer agent (MTA), tracked as CVE-2018-6789, affects most of the email servers online. It has been estimated that as in March 2017, the total number of Internet’s email servers running Exim was over 560,000, that corresponds to 56% of all Mail (MX) Server online.

Source: securityaffairs.co

…


​​The Continental European (CE) Power System -a large synchronized area stretching from Spain to Turkey and from Poland to Netherlands; encompassing 25 countries- is experiencing a continuous system frequency deviation from the mean value of 50 Hz, and this since mid of January 2018. The power deviations are originating from the control area called Serbia, Macedonia, Montenegro (SMM block) and specifically Kosovo and Serbia.

…

The number of Flash Player exploits has recently declined, due to Adobe’s introduction of various measures to strengthen Flash’s security. Occasionally, however, an exploit still arises. On January 31, Kr-Cert reported a zero-day vulnerability, identified as CVE-2018-4878, being exploited in the field.

(Adobe has released an update to fix this flaw.) We analyzed this vulnerability and found that it bypassed the byte array mitigation feature that was introduced to prevent “length corruption” attacks in Flash. This post will focus on how the exploit bypasses the length checks.

…

When the mysterious entity known as the “Shadow Brokers” released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material homed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools that the National Security Agency uses to detect other nation-state hackers on the machines it infects.

…

The Devcore researchers said as many as 400,000 servers are at risk. Queries on the Shodan computer search engine identified a large number of servers that reported running vulnerable versions. The developers published a fix with version 4.90.1, which was released on February 10.

Any organization that uses Exim should ensure it’s using the latest version.

Source: arstechnica.com

…

National Trading Standards said that the defendants set up copycat websites between January 2011 and November 2014 that mimicked government services such as applying for or renewing passports, visas, birth or death certificates, driving licences and tests, car tax discs and the London Congestion Charge.

Source: bbc.com

…

The existence of the Geek Squad informants was first revealed via the prosecution of a California doctor named Mark Rettenmaier. After Rettenmaier sent his computer to Geek Squad for repair in 2011, technicians working out of a massive Kentucky repair shop discovered thousands of images depicting child abuse on Rettenmaier’s device. Court filings later revealed that there were “eight FBI informants at Geek Squad City,” and a number had received $500 to $1,000 payments in exchange for acting as confidential sources.

…

A large number of banks, credit unions and other financial institutions just pushed customers onto new e-banking platforms that asked them to reset their account passwords by entering a username plus some other static identifier — such as the first six digits of their Social Security number (SSN), or a mix of partial SSN, date of birth and surname. Here’s a closer look at what may be going on (spoiler: small, regional banks and credit unions have grown far too reliant on the whims of just a few major online banking platform providers).

…

Academics from the University of Michigan have shown that one single malicious car could trick US-based smart traffic control systems into believing an intersection is full and force the traffic control algorithm to alter its normal behavior, and indirectly cause traffic slowdowns and even block street intersections.

Source: bleepingcomputer.com

…

The company, called Grayshift, has released marketing materials to police and forensics organizations promising to unlock iPhones with its GrayKey tool, according to Forbes, which obtained a copy of those materials. GrayKey will cost law enforcement $15,000 for 300 uses. Those that want to be able to unlock iPhones an unlimited number of times will need to pay $30,000.

…

Use of remote-access software in e-voting systems was reported last month by The New York Times Magazine in an article headlined ‘The Myth of the Hacker-Proof Voting Machine.’ The article challenged the oft-repeated assurance that voting machines are generally secured against malicious tampering because they’re not connected to the Internet.

Source: arstechnica.com

…

Malware was discovered on point of sales systems at more than 160 Applebee’s restaurants, exposing credit card information from unknowing diners.

Source: threatpost.com

…

Records posted Tuesday by the Electronic Frontier Foundation following a freedom of information lawsuit filed last year reveal that federal agents would pay Geek Squad managers who pass on information about illegal materials on devices sent in by customers for repairs.

Source: zdnet.com

…

Given the state’s definition of sexual content, the Ciccone/Gallo bill would force ISPs to block pretty much all pornography, even if it was performed by consenting adults and violates no law.

Source: arstechnica.com

…