Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias “SandboxEscaper” has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities.

The two new zero-day vulnerabilities affect Microsoft’s Windows Error Reporting service and Internet Explorer 11.

Just yesterday, while releasing a Windows 10 zero-day exploit for a local privilege escalation bug in Task Scheduler utility, SandboxEscaper claimed to have discovered four more zero-day bugs, exploits for two has now been publicly released.

AngryPolarBearBug2 Windows Bug

One of the latest Microsoft zero-day vulnerabilities resides in the Windows Error Reporting service that can be exploited using a discretionary access control list (DACL) operation—a mechanism that identifies users and groups that are assigned or denied access permissions to a securable object.

Upon successful exploitation, an attacker can delete or edit any Windows file, including system executables, which otherwise only a privileged user can do.

Dubbed AngryPolarBearBug2 by the hacker, the vulnerability is a successor to a previous Windows Error Reporting service vulnerability she found late last year, which was named AngryPolarBearBug and allowed a local, unprivileged attacker to overwrite any chosen file on the system.

However, as SandboxEscaper says, this vulnerability is not very easy to exploit, and it “can take upwards of 15 minutes for the bug to trigger.”

“I guess a more determined attacker might be able to make it more reliable,” the hacker said. “It is just an insanely small window in which we can win our race; I wasn’t even sure if I could ever exploit it at all.”

images from Hacker News

Woohooo! Great news for privacy-focused users.

Tor Browser, the most popular privacy-focused browser, for Android is finally out of beta, and the first stable version has now arrived on Google Play Store for anyone to download.

The Tor Project announced Tuesday the first official stable release of its ultra-secure internet browser for Android devices, Tor Browser 8.5—which you can now download for FREE on your mobile devices from Google Play Store.

Tor Browser is mostly used by privacy-focused people, activists, journalists, and even cyber criminal gangs to avoid government monitoring. It allows users to browse the Internet anonymously, by hiding their IP addresses and identity, through a network of encrypted servers that bounce their web requests around multiple intermediate links.

Access to Tor anonymity network was previously available on Android mobile operating system only through other apps or browsers like Orbot/Orfox app, but you can now use the official Tor Browser built on Firefox on your mobile device.

images from Hacker News

Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner.

Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just first installment of what Facebook has to pay for continuously ignoring users’ privacy.

This week, Facebook has been hit with three new separate investigations from various governmental authorities—both in the United States and abroad—over the company’s mishandling of its users’ data.

New York Attorney General to Investigate Facebook Email Collection Scandal

New York Attorney General is opening an investigation into Facebook’s unauthorised collection of the email contacts of more than 1.5 million users during site registration without their permission.

Earlier this month, Facebook was caught practising the worst ever user-verification mechanism by asking users new to its social network platform for their email account passwords to verify their identity.

However, just last week it turned out that the social network “unintentionally” uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge, Facebook admitted while saying the data was reportedly used to “build Facebook’s web of social connections and recommend friends to add.”

According to the New York Attorney General Letitia James, the harvested email addresses may have exposed hundreds of millions of Facebook users to targeted advertisements.

“Facebook has repeatedly demonstrated a lack of respect for consumer information while at the same time profiting from mining that data,” James said in a statement, adding that now it’s time that the social media company should “held accountable for how it handles consumers’ personal information.”

In response to the news, a Facebook spokesperson told The NY Times that the company is “in touch with the New York State attorney general’s office and are responding to their questions on this matter.”

Ireland Investigating into Facebook Over Plaintext Passwords Scandal

The Irish Data Protection Commission had begun an investigation into a separate Facebook’s privacy blunder exposed last month when the social network revealed that it left hundreds of millions of passwords of Facebook, Facebook Lite and Instagram users exposed in plain text on company servers.

At the time, it was reported that the incident exposed “tens of thousands” passwords of Instagram users in plaintext, while just last week it was revealed that the actual number of affected Instagram users were not in hundreds of thousands but millions.

images from Hacker News

Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company’s single Hub database.

Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately.

The breach reportedly exposed sensitive information for nearly 190,000 Hub users (that’s less than 5 percent of total users), including usernames and hashed passwords for a small percentage of the affected users, as well as Github and Bitbucket tokens for Docker repositories.

Docker Hub started notifying affected users via emails informing them about the security incident and asking them to change their passwords for Docker Hub, as well as any online account using the same password.

images from Hacker News

A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households.

Discovered by VPNMentor’s research team lead by hacktivists Noam Rotem and Ran Locar, the unsecured database includes 24GB of extremely detailed information about individual homes, including their full names, addresses, ages, and birth dates.

The massive database which is hosted on a Microsoft cloud server also contains coded information noted in “numerical values,” which the researchers believe correlates to homeowners’ gender, marital status, income bracket, status, and dwelling type.

Fortunately, the unprotected database does not contain passwords, social security numbers or payment card information related to any of the affected American households.

The researchers verified the accuracy of some data in the cache, but they did not download the complete data in order to minimize the invasion of privacy of the affected ones.

The research team discovered the database accidentally while running a web mapping project using port scanning to examine known IP blocks in order to find holes in web systems, which they then examine for weaknesses and data leaks.

Usually, the team alerts the database owner to report the leak so that the affected company could protect it, but in this case, the researchers were unable to identify the owner of the database.

“Unlike previous leaks we’ve discovered, this time, we have no idea who this database belongs to,” the team says in a blog post. “It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.”

The unsecured Database was online until Monday and required no password to access, which has now been taken offline.

images from Hacker News