Categories
Security

Anti-vax dating site exposed data for 3,500 users through ‘debug mode’ bug

Unsurprisingly, it seems like the type of people who shun vaccinations are not great at preventative cybersecurity either.

As reported by the Daily Dot, “Unjected” — a dating site specifically for people who are not vaccinated against COVID-19 — failed to take basic precautions to keep users’ data secure, leaving sensitive data exposed and allowing potentially anyone to become a site administrator.

The “Unjected” site was set up to leave the administrator dashboard fully accessible to anyone who knew how to look for it. Through this dashboard, an administrator could access user information for any member of the site, including name, date of birth, email address, and (if provided) their home address.

The configuration error was discovered by a security researcher known as GeopJr, who confirmed the vulnerability to the Daily Dot by editing live posts on the site. GeopJr apparently noticed that the site had been published live to the web with “debug mode” switched on — a special set of features for software developers to use while working on the app, which should never be enabled by default in an application that has been deployed.

Using these features, the researcher was able to make almost any change to the site, including adding or removing pages, offering free subscriptions for paid-tier services, or even deleting the entire database of post backups. Currently, the site is believed to have around 3,500 users, all of whose data was accessible through the administrator features.

Though its user base is small, Unjected seems to have big ambitions for building connections among the unvaccinated community. Besides providing dating services, Unjected also offers a “fertility” section where users can offer their semen, eggs, or breastmilk for donation. In another section of the website, users can also sign up for a “blood bank” by listing their location and blood type. Both the blood bank and the fertility services are branded as helping users find “mRNA-free” donors — a reference to the mRNA molecules used in the Pfizer and Moderna COVID-19 vaccines.

The Unjected website is now one of the main portals for the project after the Unjected app was booted from the Apple App Store in August 2021 for violating Apple’s COVID-19 content policies. However, Android users can still download the app if they want: it’s currently still listed on the Google Play store, where it has more than 10K downloads and an average review of 2.5 stars.

Repost: Original Source and Author Link

Categories
Security

Homeland Security bug bounty reveals huge number of flaws

The outcome of a bug bounty program for the Department of Homeland Security (DHS) has been revealed, and it’s not particularly encouraging news for a government agency synonymous with cyber security.

Participants of DHS’ first-ever bug bounty program, named “Hack DHS,” confirmed that they found a worrying number of security bugs.

Stock Depot/Getty Images

They discovered a total of 122 security vulnerabilities in external DHS systems, according to The Register and Bleeping Computer. Twenty-seven bugs were recognized as “critical severity” flaws.

The Hack DHS initiative saw more than 450 security researchers participate in the program. For their efforts, the government agency paid out a total reward of $125,600 that was distributed amongst the ethical hackers.

As aptly highlighted by The Register, the aforementioned payout figure pales in comparison to what other organizations pay to bug bounty hunters.

For example, Intel has previously offered up to $100,000 for successfully uncovering specific vulnerabilities.

Other technology giants like Microsoft offer 10s of thousands of dollars for finding flaws, while Apple paid a single individual nearly the entirety of the Hack DHS bounty by giving him $100,000 for hacking a Mac.

Google, meanwhile, has awarded nearly $30 million to individuals enrolled in its own bug bounty programs. In one particular case, the company gave a self-taught teenage hacker $36,000 for reporting a certain bug.

Considering the fact that one of the Department of Homeland Security’s key responsibilities involves cyber security, many may understandably be concerned that such a high amount of security bugs were found in the first place. Moreover, the somewhat lackluster payment tiers associated with Hack DHS could be a potential deterrent to future interested parties.

All things considered, it seems the DHS is not as secure as many Americans would have hoped it would be.

A physical lock placed on a keyboard to represent a locked keyboard.
piranka/Getty Images

Homeland Security’s quest to become more secure

Hack DHS was originally introduced in December 2021. Any hacker who joined the program would have to provide a comprehensive breakdown of any vulnerability they find. They also have to detail how that flaw can be targeted and exploited by potential threat actors, as well as explain how it can be specifically utilized to access and extract data from DHS systems.

Once these security defects are put through a verification process by “DHS security experts,” which takes 48 hours to analyze after a bug is detected and submitted, they are generally patched within 15 days or so. In some cases, it takes the government agency longer than half a month to fix the more intricate flaws.

The government agency’s bug bounty program will be conducted via a tiered rollout consisting of three stages. The first phase, payouts, has been completed, while the upcoming second stage will see security researchers hand-picked by the DHS taking part in a live hacking event.

As for the final phase, The Register reports that DHS will share information that it hopes will influence additional bug bounty programs.

The popularity of bug bounty programs is increasingly becoming more prominent in an era where cybercriminals have been intensifying their attempts to infiltrate major companies, especially in the technology space.

For example, Intel unveiled Project Circuit Breaker, an expansion to its bug bounty program that was introduced to recruit “elite hackers.” Google also updated its Vulnerability Reward Program last year by launching a new bug platform.

Elsewhere, Google recently confirmed that a record number of dangerous zero-day exploits were identified in 2021, while cybercrimes are more widespread than ever before.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Computing

A massive Google Search bug is affecting major publishers

Google has reported an issue with its search engine that is currently affecting publishers.

Recent articles and content from several sources appear to have a number of challenges, including newly published articles not showing up in Google search at all, as has been noted by CNET.

There's an ongoing issue with indexing in Google Search that's affecting a large number of sites. Sites may experience delayed indexing. We're working on identifying the root cause. Next update will be within 12 hours.

— Google Search Central (@googlesearchc) July 15, 2022

Other major news sources that have been observed having this issue include CNN, Bloomberg, The New York Times, and Yahoo; however, older articles can be found in search, the publication said.

Similarly, Google searching “Digital Trends” will yield articles from seven to eight hours ago or later, as opposed to the most recently published content on the site.

Additionally, web search expert Barry Schwartz noted that publications, including Reuters and Bloomberg, had recently published articles that were indexing on Google search as if they were published several hours prior.

I think this was either already resolved or it's a bug with the filter. Looking up multiple brand new articles from @Reuters or @business, they ALL show up as indexed 7 hours ago, even though they were published minutes ago. pic.twitter.com/Fygs5TBr5m

— Ziemek Bućko (@ziemek_bucko) July 15, 2022

While Google has not responded to media requests for comment directly, the brand did refer CNET to a tweet from its Search Central page, which states it is working on finding the root cause of the issue and plans to roll out an update within the next 12 hours. The tweet was sent in the early morning, so it will likely still be a few hours before there is progress on the issue. The brand likely won’t have much to say until after the issue is resolved.

However, Google is known for working to address product issues quickly. In March, the brand sent out an update for a bug called CVE-2022-1096, which affected the V8 JavaScript engine on Google Chrome apps running on MacBooks. The “high-severity weakness” zero-day bug was discovered on March 23 and resolved with an update by March 28.

Still, a glitch in Google Search is a major issue that the brand would want to address event faster. There is no telling whether publishers are the only sources affected by this issue. Currently, they are the most obvious.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Game

Huawei App Store Bug Gives Anyone A Free Pass At Paid Apps

Android app developer Dylan Roussel discovered a bug that, while non-trivial to exploit, isn’t impossible either. In a nutshell, Huawei’s AppGallery exposed certain details about an app, including the download link for the Android package (APK). While that may be normal, the bug is that the same link can be used to directly download a paid app without having to pay for it or even having to verify anything.

This bug has two damaging consequences for Huawei’s app marketplace. The first is more obvious in that anyone with a bit of technical know-how can easily bypass restrictions and download paid apps for free. The bigger threat, however, is that the AppGallery makes it too easy to download apps, both paid and free, outside of official channels, which in turn makes it too easy to pirate apps on that platform. This creates a very large deterrent for developers who may not bother putting in the work needed to offer their apps for Huawei’s ecosystem.

This vulnerability was discovered and reported back in February 2022, but it took Huawei 90 days to send a response. The company did apologize for the miscommunication and delay, citing logistics problems in fixing AppGallery across different regions since it apparently works very differently, too. A fix is promised to arrive by May 25, but the bug’s existence still raises concerns about similar issues that may be lurking in the shadows still undiscovered.

Repost: Original Source and Author Link

Categories
Game

‘Battlefield 2042’ is getting a cleaner UI and a ton of bug fixes

Since it launched last month, Battlefield 2042 has gained a reputation for being a buggy mess, instead of a return to form for the long-running shooter franchise. So it’s not too surprising to see EA rush out with a slew of post-launch fixes — let those problems fester too long, and they risk losing dedicated players to Call of Duty and Halo Infinite. With its third update, which arrives on December 2nd, Battlefield 2042 will get over 150 bug fixes, including some major UI improvements. 

For instance, you’ll be able to more easily see the difference between friends and foes, identify people nearby who you can revive (and vice versa), and also see who needs ammo or health. It’ll also take less clicks to prepare your loadout and Plus Menu, and EA has made it easier to determine which attachments you’re using. Those aren’t groundbreaking changes, to be clear, but they should make the BF 2042 experience smoother when you’re in the heat of battle.

As for other fixes, the new update should make matchmaking more reliable (especially when it comes to crossplay between platforms); make it easier to tell when enemies are firing at you; and menus should be a lot smoother. Looking ahead, EA says next week it’ll start launching Weekly Missions, which will give you XP as you complete them. You know, like very other shooter these days. You can expect to see a cosmetic reward if you plow through all of your challenges.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link

Categories
Computing

Windows 11 Bug Is Preventing Basic Applications From Running

Another annoying issue is bothering some Windows 11 users. With this new bug, built-in system apps like the Snipping Tool, which is a common method for taking screenshots, refuse to work.

The good news? Microsoft has already confirmed it is working on a fix.

According to Microsoft’s Windows 11 known issues page, a digital certificate in Windows 11 expired on October 31 and became outdated. This caused the Snipping Tool, Touch Keyboard, Voice Typing, and Emoji Panel to stop working properly or refuse to launch altogether. Also impacted was the Accounts page and landings page in the Settings app in Windows 11 S mode, as well as the Getting Started and Tips app, and Input Method Editor.

To fix issues some of these issues, as well as the performance issues with AMD Ryzen processors, Microsoft issued a security update by the name of KB5006746. It was originally released on October 21 and appears as an optional download. You need to manually force the install by going to Settings > Windows Update > Download and install.

The update only resolves problems with the Touch Keyboard, Voice Typing, and Emoji Panel, as well as the Getting Started app and the Input Method Indicator. Microsoft is still trying to fix the Snipping Tool and the S Mode-only issues. It says it will provide an update when more information is available.

As a temporary workaround, it’s being suggested to use the Print Screen key on your keyboard and paste the screenshot into a document or into the Paint app. Microsoft usually issues Windows patches on the second Tuesday of each month, so we’re assuming that an official fix could come around November 9.

Although Windows 11 has been out for around a month now, the rollout has been a bit rough. Users have reported experiencing a lot of bugs in Windows 11. Empty folders in the subsystem, a delay when using the context menus in Windows 11 itself, and a memory leak in the File Explorer are just some examples.

If you’re hesitant about updating to Windows 11 for any of these issues, or if you experience one yourself, we suggest checking out the Feedback Hub app. The app is where Windows users report and file issues relating to the new operating system, as well as Windows 10.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Computing

Another Windows 11 Bug Is Slowing Down Workflows

There’s yet another bug in Windows 11 that might end up slowing down your workflows. This time around, you might experience a bit of a delay when triggering the context menus in the Windows 11 File Explorer.

Though Microsoft intends for the new File Explorer context menus to give you faster access to copying, pasting, and renaming files, Windows reports that the performance of the menus is actually slower. Some Windows 11 users need to wait for as long as two seconds to open up when right-clicking to summon the context menu.

This is confirmed by many users who are complaining by filing feedback in the Windows 11 Feedback Hub. A search for “context menu delay” returns over seven different results of people detailing the issue. The feedback was filed from as most recently as a month ago to as far back as three months ago.

“When you right-click the desktop or File Explorer in Windows 11, the context menu appears very slowly,” wrote one user in a Feedback thread with 267 upvotes. “After I upgrade[d] my Windows 10 to Windows 11, I notice[d] that [the] context menu [had] few seconds delays,” wrote another user.

In most of these Feedback threads, people seem to be using low-end PCs. Yet, Microsoft indicated that “we’ve got this feedback” to confirm that it is looking into the issue.

In fact, Windows 11 Build 22478, which is being tested in the Windows Insider Program, appears to address the issue. In the changelog, Microsoft mentioned that the command bar was doing unnecessary calculations when navigating folders. It also detailed several bug fixes for the explorer.exe process, which is associated with File Explorer. However, this build is still in beta testing, and it could be a while before everyone sees a fix.

Windows 11 might bring new features like snap layouts and widgets, but it also has had its fair share of bugs. In one instance, there are thousands of empty folders in subsystem folders. In another, there was a memory leak issue that impacted the File Explorer. There even was a since-fixed bug that impacted AMD CPUs, where users could see a 15% drop in performance when gaming.

You can factor these issues into your decision about if it’s worth upgrading to Windows 11. The new operating system is still in the process of rolling out, and Microsoft hopes everyone on compatible PCs should have it by 2022.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

Biden admin’s bug fix mandate aims to prevent the next major cybersecurity attack

The Biden administration is requiring civilian federal agencies to fix hundreds of cybersecurity flaws, as reported earlier by The Wall Street Journal. As the WSJ states, the BOD 22-01 directive from the Cybersecurity and Infrastructure Security Agency (CISA) covers around 200 known threats that cybersecurity experts discovered between 2017 and 2020, as well as 90 more flaws that were found in 2021. Federal agencies have six months to patch older threats and just two weeks to fix the ones that were discovered within the past year.

The WSJ report points out that federal agencies are usually left to their own devices when it comes to security, sometimes resulting in poor security management. The goal is to force federal agencies to fix all potential threats, whether they’re major or not, and establish a basic list for other private and public organizations to follow. While zero-day vulnerabilities that exploit previously unknown openings get major headlines, addressing “the subset of vulnerabilities that are causing harm now” can get ahead of many incidents.

Previously, a 2015 order gave federal agencies one month to fix threats deemed “critical risk.” This was changed in 2019 to include threats categorized as “high risk,” as pointed out by the WSJ. The new mandate distances itself from prioritizing specific threat levels and instead acknowledges that small holes can quickly cause larger problems if hackers can find a way to take advantage of them.

“The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and dramatically reduce their exposure to cyber attacks,” says CISA director Jen Easterly. “While this Directive applies to federal civilian agencies, we know that organizations across the country, including critical infrastructure entities, are targeted using these same vulnerabilities. It is therefore critical that every organization adopt this Directive and prioritize mitigation of vulnerabilities listed in CISA’s public catalog.”

CISA’s newly released list of known vulnerabilities notably includes the Microsoft Exchange Server flaw. In March, emails from over 30,000 US governmental and commercial organizations were hacked by a Chinese group, thanks to four known security holes that, had they been patched, would’ve prevented the attacks. CISA’s list requires patching the “Microsoft Exchange Remote Code Execution Vulnerability” and is calling on federal agencies to install available SolarWinds patches by May 2022.

The Solarwinds Orion Platform is also on the list, which was the victim of a major hack in late 2020 that compromised US government agencies. The CISA notes that the “SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands.”

Cybersecurity has been a priority for President Biden since he entered office. In May, he signed an executive order to help prevent future cybersecurity disasters. The order mandates two-factor authentication across the federal government, establishes a protocol for responding to cyberattacks, and forms a Cybersecurity Safety Review Board, among other safety measures.

Repost: Original Source and Author Link

Categories
Computing

The Latest Windows 11 Bug: Thousands of Empty Folders

Windows 11 is based on the same core as Windows 10, which is great for stability. But the new operating system inherited several issues in the process. The latest problem pertains to hundreds or thousands of empty folders stored deep on your C: drive, which idly accumulate while you use your PC.

It feels all too familiar. People have reported the issue to Microsoft in the past, but it seems to still have made the jump to Windows 11. One user reported finding 2,451 empty folders. When I navigated to the same directory on my PC, I was met with 540 empty folders, all of which carried a similar naming scheme.

If you want to see if you have empty folders, too, you can find them here: C:WindowsSystem32configsystemprofileAppDataLocal.

The extra folders don’t do anything, really. They don’t impact performance, and although empty folders technically take up space, it’s a negligible amount. MSPowerUser reports that the folders are tied to the provision package runtime processing tool, which basically provides your PC with preset configuration files. As long as the folders are empty, and you see them on your personal Windows 11 PC, you can delete them without any problems.

All of the folders have the .tmp extension, which indicates that they were, at some point, used to temporarily backup data or store information in cache. It seems Windows is deleting whatever files are inside these folders automatically, just not the folders themselves. If you can’t be bothered deleting them, don’t worry — this bug shouldn’t make any difference while using your PC.

Still, it underlines the main issue with Windows 11. It’s Windows 10 under the hood, warts and all. Near launch, we experienced a rather severe memory leak issue that was also present on Windows 10. These issues recontextualize the high Windows 11 system requirements, suggesting that beneath the rounded edges and centered taskbar, Windows 11 isn’t all that different from Windows 10.

Windows 11 is available as a free update to Windows 10 right now, but unless you’re ready to mess around with Android apps or experience the new OS sounds, you don’t need to upgrade. Microsoft is supporting Windows 10 until 2025, so you’ll have plenty of time to upgrade down the line. By then, hopefully Microsoft will have ironed out all of the bugs.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Computing

Memory Leak Bug Is Killing MacOS Monterey Performance

Digital Trends may earn a commission when you buy through links on our site.

Apple’s newest desktop operating system, MacOS Monterey, brings a handful of useful new features, but an assortment of issues as well. Some people are reporting memory leaks after upgrading to MacOS Monterey — some of which have even included warnings that the entire system has run out of memory.

While new operating system rollouts tend to have a few bugs, this one seems particularly bothersome. Memory leaks occur when an application uses more memory, or RAM, than is necessary. This happens because the process in question doesn’t release the memory that’s allocated to it after it’s closed and continues to use more memory, sometimes until there’s none left.

There have been a number of complaints across multiple forums, including Apple’s own support forums, Reddit, and Twitter. YouTuber Gregory McFadden tweeted a picture in which Control Center was using a whopping 26GB of RAM. By comparison, Final Cut Pro was only using 6GB of RAM,  and that’s a full-fledged professional video editing program. Control Center normally only uses a couple of megabytes of RAM.

The issue doesn’t seem to be limited to a particular Mac model either. Users with M1, M1 Pro/Max, and Intel versions have all reported memory leaks. One Firefox user with an Intel Mac reported Firefox usage of almost 80GB of RAM. While some users like Gregory McFadden had upwards of 64GB of RAM installed, a lot of others will likely have much lower RAM and will feel the pinch of a memory leak more acutely.

So glad I got 64GB of memory on my new Mac so I can use 26GB of it for control center… Wait… what. pic.twitter.com/inCOPaii1o

— Gregory McFadden (@GregoryMcFadden) October 28, 2021

This isn’t the only major issue with MacOS Monterey. Those with older Macs who install the new operating system are at risk of bricking their computer. Many of the users reported Macs that simply wouldn’t turn on at all after upgrading. While there does seem to be a temporary fix, that requires access to another Mac.

Lest the Windows faithful get cocky, Windows 11 users have also reported memory issues. Windows Insiders found that File Explorer consumes memory even after being closed. We were able to reproduce the leak on both Windows 11 and Windows 10. Fortunately, it seems this is limited to just the File Explorer and not random programs like MacOS’ issue.

Regardless, the memory leak on MacOS Monterey could just be the teething signs of a new operating system. Apple will hopefully issue a patch to fix the leak, although MacOS memory leaks seem to be a common occurrence. At any rate, it may be worth holding off upgrading your Mac for now.

Editors’ Choice




Repost: Original Source and Author Link