Critical security vulnerability discovered in Wordpress Ad Inserter plugin

Pete Linforth / Pixabay

Last month, Alert Logic security experts found a bug in a widely used WordPress plugin WP live chat that was fixed immediately after an alert. But this month, July 12, Threat Intelligence team at Wordfence discovered a security weakness that was residing inside a popular WordPress plugin Ad Inserter.

This bug allowed authenticated users (registered with an affected site as low as subscriber) to execute arbitrary PHP code remotely on the websites using the ad management tool Ad inserter. Users are requested to update the said plugin to the never version released 3-days ago after the bug was patched by the plugin developers.

For those who do not know about the Ad Inserter plugin, it is a tool developed for Wordpress software that allows a publisher to manage Google Adsense ads and other types of ads on ad inserter plugin-installed-websites.

The discovered bug (now patched), allows an attacker to add malicious variables to the site's URL and poses a security risk for personal data leaks of an admin managing the affected Wordpress site. Since the flaw has been fixed, plugin developers claim that the latest version 2.4.22 has the ability to prevent such attacks.

Source

Amazfit GTR smartwatch with AMOLED display, 42mm launched for ¥799 in China

Huami, a biometric and smart wearable manufacturer backed by Xiaomi, announced on Weibo, China's microblogging website, that it has launched two smart wearable Amazfit GTR devices in China for CNY799 (roughly Rs 7,950) and CNY1399 / Rs 13,900 approx.) respectively.

The Amazfit GTR smartwatches sport stainless steel, aluminum, and titanium case options with 42mm and 47mm dial size. The wearable in the talk comes with a wide range of features, including NFC support for UnionPay payments, 24-hours Bio-tracker with uninterrupted accurate heart rate monitoring capabilities, 50-meter water resistance and more.

As stated in the company's report, Amazfit GTR smartwatch of 47mm aluminum alloy and stainless steel version is priced at CYN999, while another version of 47mm titanium is priced at CYN1399. The standard variant of 42mm is priced at CYN799 and the top-end model is set to be sold at CYN999.

The screens of both devices come in color AMOLED display with 326PPI pixel density and are protected with an anti-scratch material corning gorilla glass 3. The lightweight wearable with 47mm has 1.39-inches screen size, while and 42mm model features 1.2-inches screen size.

Both 47mm and 42mm devices have been launched with space-based satellite navigation system GLONASS, a sensor for measuring air pressure, capacitive sensor, 3-axial geomagnetic sensor, sleep analyzer with 24X7 optimized health monitoring tools. Apart from this, Amazfit GTR is compatible with Android 5.0+, iOS 10.0+, making the wearable fully supported by both operating systems.

Weights 36g, and 25.5g, Amazfit GTR 47mm battery runs for up to 74-days (when using normally) which comes with a power capacity of 410mAh. Huami's GTR 42mm, on the other hand, sports 195mAh lithium polymer battery which runs for up to 34-days when getting stick to normal usage.

Source1, 2 | Via

Google to drop support for Android and iOS AdSense mobile apps

Google said that its Android and iOS AdSense mobile apps will be discontinued at the end of this year. The search giant confirmed in a blog post on Monday, July 15 that its new decision will allow AdSense audiences to get the most out of the mobile web interface instead of accessing AdSense statistics via Android and iOS mobile apps.

For those who not aware of AdSense, it is a program launched in 2003 by Google that allows publishers to monetize their contents by offering Google ads to the site visitors. However, as part of responsive web design, the US multinational technology company is terminating the Adsense mobile apps, allowing publishers to check account statistics via the mobile web interface, the Inside AdSense report reads.

As stated in the report, Google has confirmed that 70% of AdSense audiences experience the web on mobile devices. To make the interface much better and mobile compatible, the company has decided to focus on "mobile web interface" rather than keeping its apps there for the Adsense associated audiences.

AdSense currently operates a desktop version of the site for audiences to perform daily activities such as creating ad units and viewing reports. But by implementing a new interface, Adsense users will be redirected to the mobile version URL of the AdSense site, PhoneSpeck has learned.

Future web interfaces will have new features than apps. Both Android and iOS apps will become unavailable for download by the end of 2019, says AdSense product manager Andrew Gildfind.

Source | Via

Instagram vulnerability could have allowed an attacker to remotely hack your account

Laxman Muthiyah, an Indian bug bounty hunter has recently discovered a security vulnerability in Instagram that could have allowed an attacker to hack any Instagram account by sending 1000 brute force requests from different IPs.

As a security measure, sending a number of malicious requests to the servers could block login attempts, therefore, the bug bounty hunter sent around 1000 requests from different IPS, and surprisingly, 250 of them went through and the rest 750 requests were rate limited.

At the time of writing this story, the security vulnerability was reported to Facebook for immediate fixes, and Laxman received a reward of $30,000 as part of the Bug bounty program. The program Bug bounty, allows a user to spot and report security weaknesses under certain disclosure policies.

The account takeover mechanism used in this test was "Instagram forgot password endpoint" performed via the web interface, but he said all attempts went unsuccessful as there were no bugs found during the process.

According to the report, the flaw existed inside Instagram's "mobile recovery system" which allows a user to recover "forgot password" via a 6 digit passcode sent to a registered mobile number, if available. Trying all the one million codes on the verify-code endpoint, an attacker could have changed account password without a user's consent, the report reads.

Race Hazard and IP rotation allowed the Bug Bounty hunter to bypass the verification mechanism and rate of traffic. Rate limiting is a DDoS prevention mechanism that controls the rate of traffic within the specific period of time the traffic is sent/received by the network.

Source

Huawei submits an application to trademark Harmony operating system

Despite the announcements made at G20, the Chinese equipment company Huawei is still not able deploying Android operating system on its devices as the company is yet to be removed from the entity list. To get rid of this trouble, Huawei is trademarking its new operating system Harmony for smartphones and computers.

In previous attempts, Chinese telecom giant filed trademark applications to register HongMeng OS and Oak, and now Harmony OS. It had also been reported that the company is considering the Linux-based operating system Sailfish. The Russian-made operating system was not a rumor to the US companies. The reports led President Donald Trump revising his decision to stay competitive.

The recent application submitted to European Union Intellectual Property Office, a government agency responsible for the trademarking the Intellectual properties in Europe, is dated July 12, 2019. As seen during past trademark applications, no official announcement has been made by the Huawei.

The new operating system is said to be used for Huawei's devices, such as smartphones, tablets, and computers, however, it has not been confirmed whether this OS will provide features like HongMengOS that is claimed to be used for routers and data centers. Earlier this month, Huawei's CEO Ren Zhengfei confirmed that HongMengOS is more powerful than Android and macOS.

Via

Asus Max Pro M2 receiving FOTA update with June 2019 Android security patch

Asus Max Pro M2 aka Asus ZenFone Max Pro M2 is continually receiving new firmware updates to accelerate phone performance and improvements. Asus, Taiwanese company released this phone in India in December, but the device was not enrolled for new firmware updates as of now.

Earlier, the phone received Android pie update back in April as reported by XDA. A few days ago, the reports suggested that Asus Max Pro M2 has started receiving FOTA update. The Indian unit of Asus has confirmed that Max Pro M2 has been enrolled for firmware-over-the-air (FOTA) update with the June 2019 Android security patch, reports Gadgets 360.

Now the smartphone is said to be receiving the said update that reportedly improved the call quality and brings optimized dark mode and phone vibration. Apart from this, Max pro-M2 witnesses Digital Wellbeing (a set of tools developed by Google) with the latest update that is currently being rolled out in India.

As mentioned, the FOTA update has been released with the June 2019 Android security update that patches known vulnerabilities residing insides the handset's software.

Source1, 2

Google rolling out redesigned News tab for quality search results

Google, the search giant not only powers the web, but silently introducing new features to its products. The search giant has also closed its some products due to business failure. One of its discontinued services is Google+ that was closed in April 2019. This time, the multinational technology company Google is redesigning News tab on desktop search.

Tech giants are constantly working on their platform to create new designs for several reasons. Recently, we saw Google silently introducing related search under the image tab. But this time the things are been redesigned for the reader's convenience. Yes, you heard it right. Google is refreshing News tab for the desktop search that will transform the old News tab into a carousel design for rich results.

According to an announcement made by the Google News Initiative on July 11, the refreshed News tab on the desktop search is intended to highlight the recent stories more prominently. The feature is aimed at to show the news articles inside a carousel that allows Google to organize articles more clearly, the tweet reads.

When you search for a specific news article on Google, the articles appear as "Top stories", but clicking the News tab displays the same articles as regular search results. Once the redesigned news tab is rolled out, regular search results will be displayed along with the image, video (if available) and the publishers' name.

Source