News & Updates

Adobe issued security patches that address multiple flaws in 9 products, including fixes for zero-day vulnerabilities that has been exploited in the wild.

Adobe has issued security updates to fix vulnerabilities in nine products, including patches for zero-day flaws that has been exploited in targeted attacks.

The version of Flash Player addresses 17 vulnerabilities, some of them can be exploited by attackers for arbitrary code execution. The most severe vulnerability fixed by the updates is a use-after-free issue, tracked as is CVE-2016-7892, that was reported to Adobe by an individual who wanted to remain anonymous.

The remaining flaws in the Adobe Flash Player vulnerabilities were reported to the company by independent researchers and experts from multiple organizations, Pangu LAB, Tencent, Microsoft, CloverSec Labs, Qihoo 360, Trend Micro’s Zero Day Initiative (ZDI) and Palo Alto Networks.

“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.” reads the Adobe Security Bulletin.

“Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows.”

Adobe confirmed the existence in the wild of an exploit code for the CVE-2016-7892 vulnerability, the company also revealed that it was used in limited, targeted attacks against Windows users running a 32-bit version of Internet Explorer.

Adobe also issued other security updates that patch vulnerabilities in other products, including Animate, Experience Manager Forms, DNG Converter, InDesign, ColdFusion Builder, Digital Editions, and RoboHelp.

None of the above vulnerabilities had been exploited in the wild.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Adobe Flash , Zero-Day, hacking)

The post Adobe patches multiple flaws including a Flash Zero-Day exploited in the wild appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: Dawn Endico)

Police in Mountain View, California, told Ars on Tuesday that they are set to formally present the results of their months-long investigation of an online nude photo exchange of high school girls. The presentation will go to county prosecutors before the end of the year.

“No arrests or charges filed yet in this case,” Katie Nelson, a spokeswoman for the Mountain View Police Department, told Ars by e-mail. “We are presenting the case to the [district attorney] by year’s end, and they will ultimately decide what direction this goes.”

As has happened in similar cases in other parts of the country for years now, ringleaders could be prosecuted with child pornography, among other felony charges.

Read 6 remaining paragraphs | Comments


Enlarge / I’m not sure I need Cortana on my fridge, toaster, or thermostat, but there we have it. (credit: Microsoft)

At its WinHEC event in Shenzhen last week, Microsoft revealed more of its hardware and software plans for Windows devices. This included major announcements, such as Windows returning to ARM systems with built-in x86 emulation, but the company also had things to reveal about the evolving Windows platform.

Mary Jo Foley spotted a presentation describing the next iteration of Cortana and Microsoft’s speech-driven user interface that will be coming in the Creators Update in spring of next year and, beyond, in future Windows iterations. The plan is to make Cortana ever more widely available and accessible, with better hardware capabilities and a greater number of Cortana-capable devices.

First up, Cortana is being added to Windows IoT, the version of Windows for all kinds of embedded devices (in spite of the branding, it’s not just for “Internet of Things” gizmos; it’s also for traditional embedded applications such as point-of-sale systems). Frustratingly, however, this update still isn’t going to enable Cortana on cheap Amazon Echo-style headless hardware. Although Windows IoT itself can be used on headless systems, only IoT devices with screens will be able to enable Cortana.

Read 6 remaining paragraphs | Comments


Enlarge (credit: Getty | Justin Sullivan )

Last Thursday, US Surgeon General Vivek Murthy made headlines by boldly proclaiming that teen e-cigarette use is a “major public health concern.” The assertion came alongside a government report with some eye-popping figures, including that e-cigarette use among high school students increased by more than 900 percent between 2011 and 2015. The apparent blaze in popularity led Murthy and other public health experts to worry that vaping could blow up rates of teen smoking and life-long nicotine addictions.

But new data released stands to stamp out some of that alarm.

In 2016, e-cigarette use among teens dipped for the first time since the devices gained popularity in the last decade or so, according to public health researchers at the University of Michigan. And e-cigs aren’t the only unhip substances among the youths—teen use of regular cigarettes, as well as alcohol and illicit drugs, continued its long-term decline, hitting record lows this year.

Read 9 remaining paragraphs | Comments


Enlarge / The USS Zumwalt (DDG-1000) will be spending a lot of time pier-side in San Diego. (credit: Mark Wilson/Getty Images)

After two unscheduled stops for repairs, the USS Zumwalt (DDG-1000), the US Navy’s new stealthy all-electric-powered destroyer, arrived at its new home port in San Diego on December 8. The ship also brought along new details about the source of its engineering woes. Zumwalt‘s propulsion issues, which caused the ship to have engineering failures off Norfolk, Virginia, and while transiting the Panama Canal, were caused by seawater getting into the ship’s lubrication system for its huge electric motors.

US Naval Institute News’ Sam LeGrone reports that the root cause of the engine failures was seawater contamination in the lube oil for the bearings of Zumwalt‘s Advanced Induction Motors. Rather than being driven by dedicated gas turbine engines, the Zumwalt‘s motors are powered by electricity from the gas turbine generators that also power the rest of the ship. The power plant is the first of its kind in a Navy ship, and it could generate enough power to allow Zumwalt to be later refitted with directed energy weapons or electromagnetic railguns.

The seawater apparently got into the motor bearings via a faulty lubrication oil chiller. The chiller uses water drawn in from outside the ship to prevent the oil around the motor’s bearings from breaking down and to cool the bearings themselves while they’re under load. The cause of the leaks has yet to be determined.

Read 1 remaining paragraphs | Comments


By Owais Sultan

KFC is a renowned fast food franchise. Millions enjoy the crispy fried chicken and the delectable Zinger burgers and to avail the goodness of KFC’s delicious meals in discounted rates, chicken lovers get the membership of the franchise’s loyalty scheme. This scheme lets members avail exclusive discount offers and enjoy their meal without hurting their […]

This is a post from Read the original post: KFC’s Colonel’s Club card Scheme Hacked, 1.2million Members Impacted


Enlarge (credit: Porsche)

At long last, Porsche’s exclusive contract with Electronic Arts is at an end. The news, broken by German site SpeedManiacs, followed the appearance of some Porsche cars in Assetto Corsa. Porsche Branded Entertainment Manager Sebastian Hornung told the site that the contract expires this year. That jibes with what we learned last year on a visit to Turn 10, so we can expect many more Porsches to show up in racing games in the coming years.

The deal, which was struck in 2000, has meant that some of the coolest sports cars on wheels have been excluded from most popular racing games ever since. The Gran Turismo series tried a workaround by using the cars modified by Ruf. The Forza franchise sometimes managed to arrange a sublicense from EA and sometimes didn’t. As for everyone else? Forget about it.

Why Porsche signed an exclusive license with EA back then is a mystery. As we understand it, the idea was Porsche’s, a move the company probably came to regret as EA’s racing titles got lapped again and again by GT and Forza on consoles and hardcore sims like iRacing on the PC. Indeed, in conversations on the topic with Porsche North America over the years, we always got the sense the company knew it was paying a hefty price and couldn’t wait for the deal to run its course. (We reached out to Porsche this morning for an official comment but have not received a reply at the time of writing.)

Read 2 remaining paragraphs | Comments


Dozens of low-cost Android phone models come preinstalled with apps that covertly download and install adware and other unwanted programs, researchers said.

At least 26 phone models come preinstalled with a downloader dubbed Android.DownLoader.473.origin, according to a blog post published Monday by antivirus provider Doctor Web. Doctor Web researchers described the app as a downloader trojan that can download not only benign applications but also malicious and unwanted ones. One such app, known as H5GameCenter, displays ads on top of running applications. The image can’t be removed, and infected users report that when they uninstall the app, Android.DownLoader.473.origin quickly downloads and installs it again.

Another preinstalled downloader Doctor Web detected is known as Android.Sprovider.7 and comes encrypted inside another app. It has the ability to automatically download Android application files and install them when users click on a confirmation button, make phone calls to certain numbers, and show ads on top of apps.

Read 3 remaining paragraphs | Comments


Enlarge (credit: Waymo)

The Google self-driving car is no more. As of today, the autonomous vehicle project takes its own place under the Alphabet corporate hierarchy and will be known as Waymo.

Earlier in the day, rumors circulated that Alphabet was pulling the plug on the entire self-driving project, preferring instead to partner with other OEMs. It’s true that the program has been troubled of late, but spinning the company out on its own seems more of a vote of confidence than handing everyone involved a pink slip. Still, there are some—like Elon Musk—who believe that Google’s 2 million autonomously driven miles aren’t sufficient and that companies like Tesla or Uber have now eclipsed one of the early pioneers in the field.

In common with just about everyone else working on a self-driving car, Waymo will be all about mobility. Or, in its own words, “Waymo is a self-driving technology company with a mission to make it safe and easy for people and things to move around.” In a Medium post announcing the new company, Waymo’s CEO John Krafcik highlighted the potential that self-driving vehicles have for cutting the number of road deaths and empowering those who until now have been left behind by the automobile.

Read on Ars Technica | Comments