Shock! It appears Google can track the location of anyone using some of its apps on Android or iPhone even when they’ve told it not to.
Source: Google is tracking your location, even when the setting is turned off
Every week, our researchers round up the latest security news and report our findings in these blog pages. If you’ve been reading, you may have noticed a particularly nasty trend claiming new victims week after week — data breaches. In the last two months alone, we’ve reported on the Ticketmaster UK breach, the Macy’s breach, the MyHeritage breach, the Prince Hotels breach, and the Equifax breach. And that’s only some of them.
The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual
reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24,
2018. This is a CTF-style challenge for all active and aspiring
reverse engineers, malware analysts, and security professionals. So
dust off your disassembler, put a new coat of oil on your old
debugger, and get your favorite chat client ready to futilely beg your
friends for help. Once again, this contest is designed for
individuals, not teams, and it is a single track of challenges. The
contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 5, 2018.
This year’s contest will once again host a total of 12 challenges
covering architectures from x86, x64 on Windows, Java, .NET,
Webassembly, and Linux, with special appearances of Bootloaders and
Bootkits. This is one of the only Windows-centric CTF challenges out
there and we have crafted it to represent the skills and challenges of
our workload on the FLARE team.
If you complete the Flare-On Challenge you will receive a prize and
permanent recognition on the flare-on.com website for your
accomplishment. Prize details will be revealed when the contest ends,
but as always, it will be something that will be coveted and envied by
your peers. In prior years we’ve had rodeo belt buckles, replica
police badges, challenge coins, and a huge pin.
Check out the href="http://www.flare-on.com/">Flare-On website for a live
countdown timer and to see the previous year’s winners. For official
news and support we will be using the Twitter hashtag: #flareon5.
We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has been effectively disabled by default.
The post Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode appeared first on .