Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment.
Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area.
Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers.
Source: Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON
A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state.
According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a grain of rice, has been found hidden in the servers used by nearly 30 American companies, including Apple and Amazon.
The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China.
The report, based on a 3-year-long top-secret investigation in the United States, claims that the Chinese government-affiliated groups managed to infiltrate the supply chain to install tiny surveillance chips to motherboards which ended up in servers deployed by U.S. military, U.S. intelligence agencies, and many U.S. companies like Apple and Amazon.
Source: Chinese Spying Chips Found Hidden On Servers Used By US Companies
In 2018, some developers fail to deactivate debug mode for their web apps, leading to potentially catastrophic scenarios.
Source: After two decades of PHP, sites still expose sensitive details via debug mode | ZDNet
Pigeoncoin hack confirms that the CVE-2018-17144 vulnerability fixed in the Bitcoin source code in mid-September was, indeed, as bad as it gets.
Source: Hacker wastes entire day hacking Pigeoncoin cryptocurrency only to make $15,000 | ZDNet
While APT28 was making fun of the DNC through Western media, Turla APT remained active and hacking in the shadows.
Source: Russia’s elite hacking unit has been silent, but busy | ZDNet