The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday September 13, 2017

More excitement in technological advancement in the fight against cancer as scientists in Texas reveal a pen-like device that can find cancerous cells in just 10 seconds.

A handheld device can identify cancerous tissue in 10 seconds, according to scientists at the University of Texas.

They say it could make surgery to remove a tumour quicker, safer and more precise.

And they hope it would avoid the "heartbreak" of leaving any of the cancer behind.

Tests, published in Science Translational Medicine, suggest the technology is accurate 96% of the time.

The MasSpec Pen takes advantage of the unique metabolism of cancer cells.

Their furious drive to grow and spread means their internal chemistry is very different to that of healthy tissue.

The pen is touched on to a suspected cancer and releases a tiny droplet of water.

Chemicals inside the living cells move into the droplet, which is then sucked back up the pen for analysis.

The pen is plugged into a mass spectrometer - a piece of kit that can measure the mass of thousands of chemicals every second.

It produces a chemical fingerprint that tells doctors whether they are looking at healthy tissue or cancer.

Source: www.bbc.com

Sent to us by: Roy W. Nash

A potentially dangerous overlay exploit has been found in all versions of Android before Oreo.

Any unpatched Android devices running a version older than Oreo is going to need patching fairly soon, with researchers turning up a class of vulnerability that lets malware draw fake dialogs so users “okay” their own pwnage.

The risk, according to Palo Alto Networks' researchers, comes from what's known as an overlay attack.

It's a straightforward way to trick users: draw a bogus screen for users to click on (for example, to install an app or accept a set of permissions), hiding what's really happening.

The vulnerability turned up by Palo Alto's Unit 42 threat research team bypasses these requirements, by exploiting a notification type called Toast that Android documentation describes as "a view containing a quick little message for the user.

Use of the exploit, the paper explains, “allows an attacker to both modify what [the] user sees and inject fake input, all while maintaining the expected 'user experience' and remaining stealthy”.

Such an attack could occur by simply installing an affected app.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

A massive data breach has happened at credit reporting giant Equifax, raising serious concern over mass identity theft.

About 143 million US customers of credit report giant Equifax may have had information compromised in a cyber security breach, the company has disclosed.

Equifax said cyber-criminals accessed data such as Social Security numbers, birth dates and addresses during the incident.

Some UK and Canadian customers were also affected.

The firm's core consumer and commercial credit databases were not accessed.

Equifax said hackers accessed the information between mid-May and the end of July, when the company discovered the breach.

Hackers won access to its systems by exploiting a "website application vulnerability", it said but provided no further details.

We've since learned that an Apache Struts 2 app was used in the attack, with a new-found code execution vulnerability that allows hackers to push malicious code into servers and run them within corporate networks. Apache quickly patched the software, but too little too late following the Equifax attack.

The hackers accessed credit card numbers for about 209,000 consumers, among other information.

Equifax holds data on more than 820 million consumers as well as information on 91 million businesses.

Equifax has set up a website at equifaxsecurity2017.com that allows consumers to determine if their information was potentially compromised. Click on the tab labeled Potential Impact in the center of the webpage. You’ll then need to enter your name and the last six digits of your Social Security number.

Source: www.bbc.com

Sent to us by: Roy W. Nash

If you've been having trouble finding a reason to replace Windows with Linux, I've got one for you: a design flaw discovered in the Windows kernel allows malicious programs to mask themselves from antivirus programs... and Microsoft says they're not going to fix it.

A design flaw within the Windows kernel that could stop antivirus software from recognizing malware isn't going to be fixed.

The issue, spotted this week by enSilo security researcher Omri Misgav, lies within the system call PsSetLoadImageNotifyRoutine, which has been part of Microsoft's operating system since Windows 2000 and is still active in the latest builds.

Antivirus tools use PsSetLoadImageNotifyRoutine to check if malicious code has been loaded into memory, but Misgav found that a cunning attacker could use poor coding behind the API to smuggle malware past scanners.

Mr. Misgav said in a blog post, "During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which, as its name implies, notifies of module loading. The thing is, after registering a notification routine for loaded PE images with the kernel, the callback may receive invalid image names."

Essentially, malware can use the above API to trick the OS into giving malware scanners other files – such as benign executables – to inspect rather than their own malicious code. This would allow software nasties to evade antivirus packages.

Microsoft's response? "Our engineers reviewed the information and determined this does not pose a security threat and we do not plan to address it with a security update."

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Facebook claims its ads have the potential to reach more people than recent U.S. census data shows exist, and that's troublesome for one analyst, who thinks third-party measurement services stand to benefit.

Recently, Pivotal Research Group analyst Brian Wieser was intrigued by a trade publication study in Australia that said Facebook was claiming to reach 1.7 million more 16- to 39-year olds than actually existed in the country, according to Australian census data.

In reproducing the study for the U.S., Wieser said Facebook's Ads Manager claims it can potentially reach 41 million 18- to 24-year-olds, 60 million 25- to 34-year-olds, and 61 million 35- to 49-year-olds. The problem arises when Wieser pulls up U.S. Census data from a year ago, showing 31 million 18- to 24-year-olds, 45 million 25- to 34-year-olds, and 61 million 35- to 49-year-olds.

So... where is Facebook getting the extra 25 million 18- to 34-year-olds that the U.S. census did not count?

Wieser said, "Conversations with agency executives on this topic indicate to us that the gap between Facebook and census figures is not widely known. While Facebook's measurement issues won't necessarily deter advertisers from spending money with Facebook, they will help traditional TV sellers justify existing budget shares and could restrain Facebook's growth in video ad sales on the margins."

Source: tech.slashdot.org

Sent to us by: Sparklyballs

A WordPress plugin installed on around 200,000 web sites has a backdoor that lets the code authors do pretty much anything they like with your content.

If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor.

The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin. During the past three months the plugin has been removed and readmitted to the WordPress.org plugin repository a total of four times. The plugin is used by approximately 200,000 WordPress websites, according to WordPress repository.

Here's how it happened:

On June 21st a plugin called Display Widgets was sold by its owner to a user known as ‘displaywidget’ on the WordPress.org forums. That new owner released version 2.6.0 of the plugin.

On June 22nd, David Law, a UK based SEO consultant sent an email to the WordPress.org plugin team letting them know that the Display Widgets plugin was installing additional code from an external server. The plugin was downloading a large Maxmind IP geolocation database of around 38 megabytes from the author’s own server. This is not allowed for WordPress plugins in the repository.

The next day, the plugin team removed Display Widgets from the repository. There was some discussion about this on the WordPress.org forums.

Then a week later on June 30th, the developer released version 2.6.1 of the plugin. This release contained a file called geolocation.php which, no one realized at the time, contained malicious code. A back and forth then took place of removal and then re-addition by the author, leaving a huge number of users vulnerable to attack.

The code authors have responded by saying it was a vulnerability however it's important to realize that this was in fact an intentional backdoor, not a "bug".

The code in geolocation.php allowed the plugin author to post new content to any website running the plugin, to a URL of their choosing. They could also update content and remove content. Furthermore, the malicious code prevented any logged-in user from seeing the content. In other words, site owners would not see the malicious content.

Considering the time-span of 2½ months between the releases, it is estimated these coders have access to publish anything they like on most of the 200,000 sites the plugin is installed on.

Now, an update on the story from this afternoon as research continues: cybersecurity experts at WordFence are now warning that the individual responsible for this attack has in fact been buying multiple WordPress plugins and using them to promote various shady businesses. They report that he has also been living a lavish lifestyle thanks to the profits of his activities.

Source: www.wordfence.com

Sent to us by: Robbie Ferguson