Tag: fine | SpinSafe

Opera found a significant security flaw that could have allowed hackers to run any file they want – but it says everything is now fine

January 17, 2024/in Computer Security

UPDATE: Opera has published a response to the reports, claiming that the flaw is no longer active and has been addressed.

“There is no evidence that the vulnerability was ever exploited, and Opera users’ security was never compromised as a result,” it said. “It’s also important to note that, as mentioned above, the vulnerability would require the installation of a malicious add-on in order to work. This would be very hard to accomplish on Opera, because we employ manual review in our add-ons store – another measure we take to protect users.”

“This vulnerability, which no longer exists, was identified as part of a collaboration with security researchers Guardio Labs, and was subsequently fixed within only five days – as such, Opera users are not at risk.”

Opera, a popular Chromium-based browser, was found carrying a vulnerability that would allow hackers to install pretty much any file on both Windows and macOS operating systems.

The vulnerability was discovered by cybersecurity researchers from Guardio Labs, who notified the browser’s developers and helped it plug the hole.

In its technical writeup, Guardio Labs explained that the flaw stemmed from a feature built into the browser, called My Flow. This is a feature built on a browser extension called Opera Touch Background, which comes preinstalled with the browser and technically can’t be removed.

Abusing a landing page

My Flow allows users to take notes and share files between the desktop and mobile versions of the browser. There is a trend among software developers to allow users a seamless transition between desktop and mobile solutions for both work and play. In this case, however, the feature came at the cost of security.

“The chat-like interface adds an “OPEN” link to any message with an attached file, allowing users to immediately execute the file from the web interface,” the researchers explain. “This indicates that the webpage context can somehow interact with a system API and execute a file from the file system, outside the browser’s usual confines, with no sandbox, no limits.”

The second important factor is the fact that specific, other web pages, as well as extensions, can connect to My Flow. When…

Source…

More defence spending? Fine, but Sunak needs to tell us where the money is coming from

January 31, 2023/in Internet Security

Throughout his political career, Boris Johnson has often said things that later came back to haunt him. But as we approach the one year anniversary of Vladimir Putin’s invasion of Ukraine, one of the former PM’s most embarrassing blunders was his verdict on tank warfare.

Just three months before Russian forces launched their onslaught, Johnson clashed with Commons Defence Committee chairman Tobias Ellwood as he appeared before the Liaison Committee of senior MPs.

“We have to recognise that the old concepts of fighting big tank battles on the European land mass, which I think is what you’re driving at, are over and there are other better things that we should be investing in,” the PM said.

As Johnson set out that a shift to cyberwarfare made more sense, Ellwood retorted: “You can’t hold ground with cyber.” But Johnson, clearly needled by the exchange, was unabashed: “I don’t think that going back to a 1940s style approach will serve us well.” He added a final, mocking flourish: “You’re saying we should commit UK tanks to the defence of Ukraine…?”

Well, as we all now know, that didn’t age well. The past fortnight has been full of stories about Ukraine’s desperate need for battle tanks to both fend off an expected Russian spring offensive and to expel the enemy from more of its sovereign territory.

Far from the age of the tank being over, the old warhorses of armoured infantry are now central to any debate about the war’s progress. Germany has made the historic decision to allow its Leopard 2 tanks to join the conflict, the UK is sending a squadron of 14 of its Challenger 2s and the US is sending a battalion of 31 of its own Abrams tanks.

Only today, Rishi Sunak updated the Cabinet to underline just how pivotal the UK’s tank intervention had been as a catalyst for Germany’s move. Defence Secretary Ben Wallace also revealed that the Russians had lost two thirds of their own tanks so far.

Johnson claims to have got most of the “big calls right” in his premiership, not least on Ukraine. But on defence policy overall he has got several big calls wrong, not least his 2021 decision to slash the British Army from 82,000 personnel to 72,500 by 2025.

Given…

Source…

Google appeals against India’s fine over ‘unfair’ business practices on Android • TechCrunch

December 23, 2022/in Mobile Security

Google said on Friday it has appealed against the Indian antitrust body’s order against the firm over alleged anti-competitive practices surrounding Android mobile devices in the key overseas market.

The company has approached the National Company Law Appellate Tribunal (NCLAT), the nation’s appellate tribunal, to appeal against the Competition Commission of India’s October order, in which the watchdog fined Google $162 million.

“We have decided to appeal the CCI’s decision on Android as we believe it presents a major setback for our Indian users and businesses who trust Android’s security features, and potentially raising the cost of mobile devices,” a Google spokesperson said in a statement.

“We look forward to making our case in NCLAT and remain committed to users and partners.”

In October, the CCI, which began investigating Google three and a half years ago, said that it finds Google requiring device manufacturers to pre-install its entire Google Mobile Suite and mandating prominent placement of those apps “imposition of unfair condition on the device manufacturers” and thus was in “contravention of the provisions of Section 4(2)(a)(i) of the Act.”

Days later, the CCI hit Google with another $113 million fine for allegedly abusing the dominant position of its Google Play Store and ordered the firm to allow app developers to use third-party payments processing services for in-app purchases or for purchasing apps.

India is a key overseas market for Google, which has amassed over 500 million users in the South Asian market. The company, which has poured billions in its India business over the past decade, has pledged to invest another $10 billion in the country over the next couple of years.

Source…

Transportation Proposes Near $1M Fine for Colonial Pipeline One Year After Hack

May 7, 2022/in Internet Security

The Department of Homeland Security also noted the anniversary of the attack with … but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you …

Source…

Tag Archive for: fine