Select Page
Self-Destructing Messages Received on ‘Signal for Mac’ can be Recovered Later

Self-Destructing Messages Received on ‘Signal for Mac’ can be Recovered Later

It turns out that macOS client for the popular end-to-end encrypted messaging app Signal fails to properly delete disappearing (self-destructing) messages  from the recipient’s system, leaving the content of your sensitive messages at risk of getting exposed.

For those unaware, the disappearing messages in Signal self-destruct after a particular duration set by the sender, leaving no trace of it on the receiver’s device or Signal servers.

However, security researcher Alec Muffett noticed that the messages that are supposed to be “disappearing” can still be seen—even if they are deleted from the app.

images from Hacker News

Microsoft Adds Support for JavaScript in Excel – What Could Possibly Go Wrong?

Microsoft Adds Support for JavaScript in Excel – What Could Possibly Go Wrong?

Shortly after Microsoft announced support for custom JavaScript functions in Excel, someone demonstrated what could possibly go wrong if this feature is abused for malicious purposes.

As promised last year at Microsoft’s Ignite 2017 conference, the company has now brought custom JavaScript functions to Excel to extend its capabilities for better work with data.

Functions are written in JavaScript for Excel spreadsheets currently runs on various platforms, including Windows, macOS, and Excel Online, allowing developers to create their own powerful formulae.

But we saw it coming:

images from Hacker News

7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware.

Security researchers are again warning users of a new malware campaign that has been active since at least March this year and has already infected more than 100,000 users worldwide.

Dubbed Nigelthorn, the malware is rapidly spreading through socially engineered links on Facebook and infecting victims’ systems with malicious browser extensions that steal their social media credentials, install cryptocurrency miners, and engage them in click fraud.

images from Hacker News

Microsoft Issues Emergency Patch For Critical Flaw In Windows Containers

Microsoft Issues Emergency Patch For Critical Flaw In Windows Containers

Just a few days prior to its monthly patch release, Microsoft released an emergency patch for a critical vulnerability in the Windows Host Compute Service Shim (hcsshim) library that could allow remote attackers to run malicious code on Windows computers.

Windows Host Compute Service Shim (hcsshim) is an open source library that helps “Docker for Windows” execute Windows Server containers using a low-level container management API in Hyper-V.

Discovered by Swiss developer and security researcher Michael Hanselmann, the critical vulnerability (tracked as CVE-2018-8115) is the result of the failure of the hcsshim library to properly validate input when importing a Docker container image.

images from Hacker News