securityXspace: a blog about cyber-philosophy.

Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command. There are various ‘egg’ modules which contain patterns to scan for, it can scan through files recursively limited by file extension and logs results to an XML text…

Google contractors regularly listen to and review some recordings of what people say to artificial-intelligence system Google Assistant, via their phone or through smart speakers such as the Google Home. read more Source: Human Workers Can Listen to Google Assistant Recordings

iGiant acts to protect users Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.… Source: Wondering how to whack Zoom’s dodgy hidden web server on your Mac? No worries, Apple’s done it for you

One of the two Windows zero-day vulnerabilities fixed by Microsoft with its July 2019 Patch Tuesday updates was used by a threat group known as Buhtrap to target a government organization in Eastern Europe, according to cybersecurity firm ESET. read more Source: Buhtrap Group Used Windows Zero-Day in Government Attack

Magecart strikes again! Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. Source: Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

Source: Marriott Faces $123 Million GDPR Fine In The UK For Last Year’s Data Breach

By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the “Sea Turtle” DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial findings and coverage and are redoubling their efforts with new infrastructure. Source:…

by Ian Mercado Powload gained notoriety as a catalyst for other malware, a prominent example being Emotet, a banking trojan known for its modular capabilities. Powload has since remained a cybercrime staple due to its ability to combine simple infection methods with constantly evolving features — including capabilities intended for evading security technology. Source: Powload…

Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was primarily being found targeting European and Brazilian users earlier this year. Dubbed Astaroth, the malware trojan has been making the rounds since at least 2017 and designed to steal users’ sensitive information like their…

If you use Zoom video conferencing software on your Mac computer—then beware—any website you’re visiting in your web browser can turn on your device camera without your permission. Ironically, even if you had ever installed the Zoom client on your device and simply uninstalled it, a remote attacker can still activate your webcam. Source: Flaw…