The popular Samsung SmartCam security cameras contain a critical remote code execution vulnerability that could allow hackers to gain root access and take full control of them. The flaw allows for command injection through a web script, even though the vendor has disabled the local web-based management interface in these devices. Read more.
Oracle released its first batch of security patches this year, fixing 270 vulnerabilities, mostly in business-critical applications. Many of the flaws can be exploited remotely without authentication, reports CSO. The majority of the fixes are for flaws in business products such as Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server. Read more.
Amid an ongoing investigation, Ukraine’s national power company Ukrenergo has confirmed that the recent electricity outage in the Kiev region was caused by a cyberattack. In a statement emailed to SecurityWeek on Thursday, Ukrenergo said a preliminary analysis showed that the normal operation of workstations and SCADA servers had been disrupted due to “external influences.” Read more.
New research indicates Mac malware has been spying on biomedical research centers for years. Antivirus vendor Malwarebytes uncovered the malicious code after an IT administrator spotted unusual network traffic coming from an infected Mac. The malware, which Apple calls Fruitfly, is designed to take screen captures, access a Mac’s webcam, and simulate mouse clicks and key presses, allowing for remote control by a hacker, Malwarebytes said in a blog post on Wednesday. Read more.
According to the Register, French authorities are warning political parties about the increased threat of cyber attacks as the country prepares to elect a new president in May. The French authorities are concerned that their elections could be affected like the U.S. elections allegedly were by Russian interference. Read more.
There have been accusations that WhatsApp has a backdoor intended for eavesdropping on user messages, which have been rebuked by the company and Open Whispers Systems, the company that developed the underlying encryption technology. But experts say what’s really going on is less backdoor snooping and more prosaic key change encryption management. The argument from Boelter is that the public key change process introduces the opportunity for a backdoor. Read more.
The hacker collective stated the following via Twitter: "This isn't the 80's any longer, information doesn't vanish, it is all out there. You are going to regret the next 4 years," NBC News reports. Trump, who is normally very active on Twitter, has been quiet on the matter. “On Twitter, the group put out a call to action to its followers, urging them to expose any potential compromising information they can find about the soon-to-be new leader of the free world.” Read more.