Privatnost i sigurnost podataka i korisnika

[tomek@vz]

Citiraj:

Microsoft introduced support for the RC4 stream cipher in Windows 2000 as the default authentication algorithm for the Active Directory services. The system has been insecure for even longer than that, and Redmond is now finally working to put the algorithm out to pasture a few months from now.

Microsoft recently confirmed that it is finally deprecating RC4, the encryption method used by the Kerberos authentication protocol for the past three decades. Developed by mathematician Ron Rivest in 1987, Rivest Cipher 4 has been vulnerable to attacks since 1994, when the secret algorithm leaked to the public.

> Microsoft will soon deprecate the insecure RC4 encryption algorithm

Citiraj:

Pirate downloads of popular media are an attractive attack vector for hackers, and the latest example demonstrates their increasingly creative tactics. While experienced users will likely detect this scam easily, it serves as a textbook example of the risks associated with torrenting the latest movies.

Bitdefender recently discovered a fraudulent torrent for the film One Battle After Another that contains an ingenious Trojan delivery mechanism. The security company claims its tools defended users against the malware from the start, but those unaccustomed to torrenting should exercise caution.

> Fake torrent for "One Battle After Another" delivers trojan through subtitles

Citiraj:

Project Zero is Google's well-reputed security team that is tasked with finding security flaws in the company's own products as well as those developed by others. Discovered security bugs are privately reported to vendors after which they are allotted 90 days to patch them. If this deadline is exceeded, the security issue is made public, which serves as a way to apply more pressure on the vendor and also give customers a chance to secure themselves independently. In some complex cases, a grace extension period is also awarded. In the past, Google Project Zero has reported bugs in CentOS, libxslt, ChromeOS, and Windows. Now, the team has disclosed a security flaw in Insider versions of Windows 11.

In a highly technical report on the Project Zero issue tracker, it can be seen that security researcher James Forshaw discovered an elevation of privilege (EoP) bug in Windows 11's Insider Preview releases. This issue was present in the Administrator Protection feature that is an upcoming Windows 11 capability that enables just-in-time elevation privileges only when needed through Windows Hello and an isolated admin token.

> Google exposes Windows 11 security flaw after Microsoft fails to patch it properly

Citiraj:

An investigation into so-called privacy extensions by security researchers has found that some are secretly harvesting and selling users' complete conversations from major AI platforms. The extensions, which are available in Microsoft Edge and other Chrome-based browsers are able to target and capture conversations from ten AI platforms including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

A key offender identified by the investigation was Urban VPN Proxy which has over six million Chrome users and holds a Google "Featured" badge. It had a 4.7 star rating based on 58.5K ratings, giving the impression that it is a trustworthy app, but this research suggests it is not.

> Malicious VPN steals full ChatGPT and Gemini conversations of over 8 million users

Citiraj:

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.

"KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a statement.

"It builds an internal mesh network, allowing compromised servers to talk to each other and evade security blocks. It uses military-grade encryption to hide its communications and, most alarmingly, features a 'sleeper' mode that lets attackers bypass firewalls by waking the malware up with a secret, invisible signal."

> React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors