Vulnerabilities in Safari, Firefox, & Edge were Exposed at Pwn2Own 2018

Internet browsers like Microsoft Edge, Firefox and Safari were a prime target for the white hat hackers at the annual ethical hacking conference, Pwn2Own 2018, that is held in Vancouver, Canada.

According to the latest reports, the prize-money was awarded by Trend Micro's Zero Day Initiative (ZDI), till now hackers have won $267,000 of the total $2 million for hacking Firefox, Edge, and Safari.

 "The biggest surprise is how many people targeted Apple Safari," Dustin Childs, communications manager for ZDI, told eWEEK. "It's really returning to the roots of Pwn2Own when we saw a lot of individuals targeting macOS."

On the first day of the 2018 event vulnerabilities in Microsoft Edge, Oracle VirtualBox and Apple Safari were exploited by the attendees. While, on the second day Apple safari, as well as Mozilla Firefox, was the prime target for the researchers.

Security researcher Richard Zhu won the contest by gaining 12 points for exploiting Firefox and Edge.  Zhu took home $120,000 of the $267,000 total prize money. Each researcher got to keep the laptop they tried their exploits on.

"One thing we learned this year is the importance of giving researchers as much time to build their exploits as possible," Childs said. "We saw some contestants withdraw because they simply didn’t have enough time to complete their chains due to the increased complexity of the targets."

Pwn2Own 2018, show that in recent times operating systems and web browsers have become more secure in recent years, but still, even fully patched systems can be exploited by the best security researchers.

"Software will always be vulnerable," Childs said. "No matter what patches are released, researchers will continue to find holes in popular enterprise platforms." a

Russia is attacking critical US infrastructure: FBI

A new joint analysis by the FBI and the Department of Homeland Security stated that unspecified aviation intrusion early in 2017 was part of a broad attack on the nation’s sensitive infrastructure.

On Thursday, as the Trump administration imposed new sanctions on Russia for “malicious cyber attacks,” officials confirmed that the Kremlin is believed to be behind the attacks, which security firm Symantec described in a report in September. Symantec had warned that the hackers could potentially have the ability to cause blackouts.

Since at least March 2016, Russian hackers are conducting a broad assault on the U.S. electric grid, nuclear facilities, water processing plants, air transportation facilities and other targets in rolling attacks on some of the country's most sensitive infrastructure that millions of Americans rely on.
Bloomberg News reported in July that Russian hackers had breached more than a dozen power plants in seven states, an aggressive campaign that has since expanded to dozens of states, according to a person familiar with the investigation. US officials said that Kremlin-based group of sophisticated hackers known as “Dragonfly” had penetrated energy company systems last year in ways that could be used to sabotage the U.S. electric grid.

However, the attack had limited impact and the industry has taken steps to prevent a repeat of the intrusion, Jeff Troy, executive director of the Aviation Information Sharing and Analysis Center, said Friday. Troy wouldn’t elaborate on the nature of the breach and declined to identify specific companies or the work that was involved.

Critical manufacturing sectors and commercial facilities also have been targeted by the ongoing "multi-stage intrusion campaign by Russian government cyber actors" where they staged malware, conducted spearphishing, and gained remote access into energy sector networks. At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas, Bloomberg reported in July.

Tamil Rockers websites taken down after admins’ arrest

Over 19 websites owned by Tamil Rockers have been blocked by Google after five admins of these domains were taken into custody by Kerala police for piracy. The websites include,,,,, and other similar domain names.

The websites were used for uploading new pirated South Indian movies and members made as much as ₹1 crore over the last few months.

The police had taken the five culprits into custody on Thursday after tracking an email sent by an advertisement company to one Akhil, which had reportedly mentioned having a connection with the piracy website.

“This ad company had sent a mail to Akhil, offering to publish ads on the website he was running. In that email, the company happened to mention that they have ties with Tamil Rockers. We got the information about Tamilrockers through this ad company,” said Anti-Piracy Cell SP B.K. Prasanthan Kani.

The Ad company was connected in a similar case back in 2016.

The accused — TNRockers owner Prabhu, DVD Rockers owner Johnson and his accomplice Maria John, and Karthi from Villupuram along with his accomplice, Suresh — were nabbed by the police by tracing their bank accounts.

Their laptops, mobiles, and such hardware were also confiscated.

“All the gang members were technically qualified. It even included M.Sc. and B.Sc. holders in computer science. They used to record movies in pieces from various parts of the world and join it. We are trying to trace more members of the gang including Karthi’s brothers,” Prasanthan told Deccan Chronicle.

Android is now as secure as its competitors

Every year Google releases their security report on their official blog giving people the review about their security measures and their implementations regarding the same. Google has now officially presented us with the Security Review of 2017. Dave Kleidermacher, Vice President of Security for Android, Play and Chrome OS took the reins of Google Security blog and gave us updates about the Security parameters that Google put in place last year. He also shared the more advanced developments about the same.

After years of big security gaps and struggle to keep users safe, Google says the phones it powers are now as hard to hack as iPhones.

The Android operating system, despite its popularity, has had a history of security loopholes, some of which can be attributed to its open source nature and others to plain incompetence. One of the most notable exploits was discovered in 2015, the StageFright bug, which hackers could exploit just by sending a text message. Next year researchers revealed that millions of Android phones were infected with malicious software called HummingBad, which was used to generate bogus ad revenue. And in 2017, documents revealed by Wikileaks showed that a certain three-lettered agency had developed malicious software for Android phones.
Last year Google rolled a new feature to Android devices called the ‘Play Protect.’ The main aim of this step was to protect the two billion users of Google from Potentially Harmful Application or PHAs. According to Google, the Play Protect automatically reviews 50 billion apps daily and keeps the trouble at bay for Android and ChromeOS users. The application does so by putting its Machine Learning algorithm to use. Google claims that over 60.3% of the PHAs detected were discovered by the Machine Learning part of the program.

Lack of security is one of the prime reasons why corporations shy away from using Android devices, but that’s set to change, thanks to Google’s new Android for enterprise program. Kleidermacher claims that they are working hard on making the platform bug-free.

Contactless debit cards in Wirex's mind

After debit crypto cards for the European Union, Wirex is clearing the decks to launch contactless debt cards for the Asian customers to ensure a hassle free purchasing by the next couple of months.

 The London based company is all set to launch the card this year to help the customers spend money loaded from cryptocurrencies.

Top company officials say the first ever multi currency accounts will help millions of customers in the Asian nations to ensure a quick exchange between fiat and bitcoin by July-August this year.

They further say the Wirex cards would be of great help for purchase in stores, withdrawing money from ATM not to speak of the online marketing.

 An Wirex card, the London based bitcon wallet and card making company claims, will have the 3D support to ensure a safe online payments apart from an extra advantage of virtual debit card which is instantly available for the Asian nations.

 The soon to be launched contactless cards is said to be a giant leap for the company to hit huge popularity in the Asian market after it started operating from Singapore and Tokyo were Japanese investments are pouring in within a short spell of time.

 In 2017 alone, the company pulled $3 million investment from top Japanese groups while some others have already evinced keen interest to follow the suit.

 Wirex claims to have drawn huge response in RU a week after it launched the debit crypto cards---now available in the UK which is set to reach all the EU countries by the next two months.