Researchers from security firm ICEBRG found malicious extensions in the Google Chrome Web Store with more than 500,000 overall downloads. Firstly they discovered that “HTTP Request Header” extension were using for a click-fraud scam when they noticed unusual spike in outgoing network traffic. The extension visited advertising-related links in the Web from the infected machines to generate revenue from per-click rewards. Later they investigated another three Chrome extensions that did the same: Nyoogle, Stickies, and Lite Bookmarks.
Earlier this week, research published by the Project Zero security team at Google brought to public attention a group of security vulnerabilities affecting many modern processors. The vulnerabilities have been given the names Meltdown and Spectre, and could allow an attacker to read arbitrary locations in virtual memory (e.g. read data stored in memory belonging to other user or kernel processes).
Apple announced on Thursday a new bug bounty program with rewards as high as $200,000 for some categories of exploit. The new program will initially only be available to a select group of security researchers who have previously found vulnerabilities in their products, but eventually will be opened up to additional groups and individuals. Continue reading
The world can be a dangerous place in which to tell the truth. The Guardian Project (TGP) wants to make it safer to do so. Founded in 2009, TGP is a collective of activist software engineers who design, develop, and distribute secure Android apps that serve the needs of modern reporters, filmmakers, citizen journalists, and just about anyone looking to maintain their privacy online. For Boyle Software’s most recent TechTalk, TGP’s Bryan Nunez came in to discuss the human needs driving TGP’s app development as well as the open source philosophy and technology being utilized.