Posts

1,000 Vulnerabilities Surpass Apple and Google


According to research from Beyond Trust, the total number of vulnerabilities relating to Microsoft products had risen by 48% comparted to 2019. To break the numbers down, I looked to my go-to for vulnerability statistics, Stack Watch.

This is where things get interesting for Microsoft watchers, with the company taking top place, by vendor, with 1,188 published security vulnerabilities in 2020 compared to Google, in second place, on 950. Apple, for the record, came in at number eight with 381 vulnerabilities.

At the time of writing, the 2021 statistics are similar in terms of positioning: Microsoft at number one with 510 vulnerabilities, Google just behind on 507 and Apple down in ninth with 147.

How does Windows 10 compare to Android or iOS in security vulnerability terms?

What if we were to look at product rather than vendor? Would Microsoft fare any better? Erm, no is the answer.

In 2020, Microsoft products took seven of the top ten places by product vulnerability. Windows 10 was top of the tree with 802 vulnerabilities, followed by Windows Server 2016 on 790 and Windows Server 2019 with 743.

The remaining Microsoft top ten products were Windows Server 2012 in at six, Windows 8.1 at seven, Windows RT 8.1 at eight and Windows 7 at ten.

Google, meanwhile, slotted in at number four thanks to 696 Android vulnerabilities. Apple, however, didn’t appear until number 14 with 233 iOS vulnerabilities.

MORE FROM FORBESAmazon Hackers Made $832,135 In Just 10 Days-Here’s How

So far, the 2021 published security vulnerabilities table looks better for Microsoft with Windows 10 dropping to number three on 256, behind Fedora and Debian Linux.

Microsoft still manages to claim six of the top ten spots, though. Google has also dropped down the table to number six with 219 Android vulnerabilities, but Chrome is new in at seven on 172. How is Apple doing so far this year? iOS has dropped to 15 with 111 vulnerabilities, but macOS is in at 14 with 112.

The good news for Microsoft is that it looks like Windows 10 is on track to have fewer published security vulnerabilities than last year. The bad news is that the average Common Vulnerabilities and Exposures…

Source…

Google funds Linux project to fix vulnerabilities and enhance security

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Linux

Source: Computerworld

Google, the search engine company and the Android-maker, has recently announced to be backing a project by Linux to make the Operating System harder to hack by fixing its vulnerabilities and enhancing its security. Google mentioned in a report on Thursday that it is funding a project to increase the security of Linux by re-writing the core parts “Kernel” of the Linux Operating System in Rust programming language which is basically a modernization effort to make it harder for the hackers to attack Linux-based devices.

Linux has been around for quite a while, and the Operating System is written on C Programming language which was developed back in 1972, and now with the modern advancements of the 21st century where the hackers have got all the skills and tools required for major hacking, anything written in C programming language can easily be entered into. We can say that time has outgrown Linux’s security, and now, Google will fund the project to modernise Linux and increase its overall security.

Making changes in the Kernel of Linux by replacing the written software with Rust programming language will mark a significant cultural shift in the open-source software project which is a substantial foundation to Google’s Android Operating System and Chrome OS along with other resources on the internet, as mentioned in a report by CNET.

Rust is a programming language developed by Mozilla, the developer of Firefox. The programming language is now run independently by Rust Foundation and it is known to be the most popular programming language for over five years. Rust makes it safer for software developers to write in memory as it continuously checks for hiding malicious problems or viruses in and around the memory area. According to a survey, Rust is considered to be the best alternative to decades-old C and C++ programming languages.

Linux and Google have pitched in Miguel Ojeda, whose written parts of the software used in the Large Hadron Collider particle accelerator, for writing the software for Linux in Rust programming language. As sources suggest, Google is funding the contract and the project which is being extended through the Internet Security…

Source…

Chinese Hackers Breached the New York Subway Computers Through Pulse Connect Secure Vulnerabilities


The Metropolitan Transportation Authority (MTA) disclosed that the New York subway system was attacked by hackers associated with the Chinese government. The Chinese hackers are believed to be part of threat actors involved in a global cyber espionage campaign against government agencies, critical infrastructure entities, and private organizations.

Chinese hackers used Pulse Connect Secure VPN to breach the New York subway system

The Chinese hackers exploited Pulse Connect Secure VPN zero-day vulnerabilities whose patches were yet to be released.

The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) had issued a joint alert on hackers targeting organizations via VPN vulnerabilities.

The joint alert recommended various mitigations to block Chinese hackers from exploiting Pulse Connect Secure VPN vulnerabilities. A day later on April 21, The MTA applied those mitigations.

Additionally, CISA had said it assisted several federal agencies, critical infrastructure entities, and private organizations breached since March 31 via Invanti’s Pulse Connect Secure. Transit officials believe the exploit was part of the wider breach identified by CISA.

Chinese hackers breached the New York subway twice in the second week of April before they were discovered on April 20.

The New York subway reported the attack to the federal authorities without publicly acknowledging the breach until the New York Times reported.

Investigation into the New York subway breach

The transit agency involved FireEye’s Mandiant division and IBM to conduct a forensic audit. The investigation revealed that hackers accessed three out of 18 computer systems.

Investigation on the New York subway data breach found that the attack did not affect operational systems and “no employee or customer information breached, no data loss and no changes to our vital systems.”

“Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain…

Source…

How to Check Your Android Security Patch Level to See if You’re Protected Against the Latest Vulnerabilities « Android :: Gadget Hacks

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Numerous potential exploits are found for every operating system each month, and Android is no exception. Trouble is, lots of Android devices don’t receive timely updates — but many are now getting regular monthly security patches to at least shore up these vulnerabilities.

If you want protection from the latest dangerous hack, you’ll need to be on the newest security patch level. Google publishes these each month alongside a report on what’s been changed, but they can only guarantee the updates will be sent out to their own Pixel devices. For all other phones, there’s a chance you might not receive the security patch in a timely manner, but at least there’s a way to check.

Checking Your Security Patch Level

Different Android skins place their settings in varying locations, so we’ve divided this guide up by manufacturer. If your OEM is not listed below, try the Google/Stock Android method, as it’s typically the most universal.

1. Samsung

Samsung has taken so much criticism over the years about their poor update schedules that, in response, they’ve slowly become one of the best Android OEMs at updating their phones.

To check your security patch level on a Galaxy phone, open Settings, then scroll down toward the bottom and select About Phone. Inside, tap Software Information, then you’ll see the Android security patch level at the very bottom of the list.

2. Google/Stock Android

Google is responsible for the base-level patches for all of Android, but they also handle all software updates for both the Pixel line and any Android One device.

To check your security patch level on a Google-developed phone, start by opening your Settings app. From there, scroll down and choose About Phone towards the bottom. Next, tap Android Version, then your Android security update level will be displayed towards the top of the screen.

3. OnePlus

OnePlus’ lauded OxygenOS skin is close to stock Android, but it still reorganizes the Settings menu a bit. OxygenOS is also updated fairly frequently.

To check your security patch level on a OnePlus phone, open your Settings app and scroll down almost all the way to the bottom to tap About Phone. Here, tap Android Version, then you’ll see your Android security update

Source…