1: Source Code for iPhone Leaked on Github
An Apple source code for a core component of iPhone’s operating system has allegedly been leaked on GitHub. This could allow hackers and researchers find presently unseen zero-day vulnerabilities and create stubborn malware and iPhone jailbreaks. The source code seems to be for iBoot, which is a critical part of the iOS. It is responsible for all security checks and ensures a trusted version of iOS is loaded. The code appears to be from a version of iOS 9, which indicates that the code might not be fully relevant to the latest iOS 11.2.5, but some parts of the code from iOS 9 are likely still used by Apple in iOS 11.
Apple has not commented on the leak yet, but Github has disabled the repository that was hosting the iBoot code after the company issued a DMCA takedown notice. However, the code is already out there.
Credit: thehackernews
2: A Lightning solution to Bitcoin’s scaling problem
Lightning is a project intended to develop a quick, scalable, and cryptographically secure payment network layered on top of the current bitcoin network. It is a vital cryptocurrency experiment since the creation of bitcoin and 3 startups have aimed to launch the solution as of now.
Fundamentally the objective of lightning is to resolve the issue of scalability in the original Bitcoin design. Every full node in the bitcoin’s peer-to-peer network has to receive and store a copy of every transaction made on the network in the initial design.
Lightning could offer a solution to this block. It moves the shifts regular payments outside of the blockchain, eliminating the biggest hindrance to bitcoin’s constant growth. It is believed that Lightning will magnify the appeal of bitcoin just like the Web helped the Internet go mainstream.
Credit: arstechnica
3: CPU Miners installed by Fake Adobe Flash Update
While you surf the net, have you experienced being redirected to sites pretending to be Flash Player updates? The sites then push adware bundles that install further unwanted programs on your computer. Beware of this is a new fake Flash Player update site that installs a CPU miner onto visitor’s PC. The site will automatically initiate a download and while the page shows it is updating your Flash Player update a file named java-player.exe is installed instead. It runs a CPU miner called SystemProcess that will quickly use up all the available processing power on the computer.
Luckily this miner is detected by many security products, so if you weren’t protected by an existing software, you can download and install one and get this cleaned up. However, it’s always better to prevent than to fix, so when you see a similar site immediately close the web page. Make sure you download and install updates from highly trusted sites, or go directly to the software developer for updates.
Credit: Bleeping Computers
4: Download Bombs to Freeze Chrome Browsers on Malicious Sites
Some tech support scam websites have found a new trick to trap visitors on their website and frighten non-technical users into paying for unnecessary software or servicing fees. A JavaScript code is loaded on these malicious pages to initiate thousands of file downloads (Download Bomb) that will
immediately use up the user’s memory resources, freezing Chrome on the scammer’s site.
The expert says the only way to escape the tech support website is to close Chrome via Windows Task Manager. When the user restarts Chrome, if Chrome is configured to reload the previous session, he should quickly close the site while it is loading before the malicious code has a chance to execute.
Credit: Bleeping Computers
5: $5,000 for a day’s work! Just create a fake profile and tweet the same message a few times.
Scammers made over $5,000 worth of Ethereum in just one night by creating fake Twitter profiles of popular celebrities and spamming the social network with messages deceiving users to take part in “giveaways.” cryptocurrency users were duped into sending 0.2 ETH, promising to receive 10 times the sum in return as a part of the giveaway. All the messages were similar in their pattern, except the sums and Ethereum wallet addresses differed between the fake Twitter accounts. One such message read “We are donating 200 Ethereum to the ETH community! First, 50 transactions with 0.2 ETH sent to the address below will receive 2.0 ETH in the address the 0.2 ETH came from”. 6.2 ETH out of the total 7.69ETH tracked down, were made in one night (Feb 6th). By far, a majority of the funds were received in an Ethereum wallet advertised in tweets by fake profiles made in the names of John McAfee, Vitalik Buterin, and Elon Musk.
Users shouldn’t be surprised this trick worked as it has been working for at least three decades. Email spammers are known to exploit current-day events to trick users into visiting malware-laden websites every time a big political event happens, when natural disasters occur, or when a big celebrity passes.
Credit: Bleeping Computers
