New Alexa & Google Vulnerability; Facebook Dark Mode Gets to Some Desktops; New GeneEditing Tool Almost Like Word Cut & Paste; Malware Invades WAV Files

Here we go, with another vulnerability for smart speakers…and this one hits both Amazon and Google ones. Theverge.com reports that researchers at SRLabs have spotted this one, and it can allow hackers to eavesdrop or even phish unsuspecting users. It works by uploading a malicious piece of software disguised as an Alexa Skill or Google Action. So far, no one has found any of these in the real world, but the best advice is not to install 3rd party skills or actions, but stick with those that have been vetted (as much as they are) by either Google or Amazon. Both say they have put processes in place to look for extra listening or asking for passwords, and stamp those bad actions out.

Some users are starting to see Dark Mode show up as an option on the web interface for Facebook. According to androidpolice.com, users have been prompted in the last few days and asked if they want to try the new interface. It then becomes available under the quick settings at the top right of the page. A few have reported some readability issues with text, but otherwise it seems to be pretty similar with dark mode on other web pages and in apps on mobile devices. So far, there doesn’t seem to be a way to force try it without the invite from Facebook.

It sounds like science fiction, but a research piece published in the October 21st edition of Nature describes a new way of editing DNA. Cnet.com notes that…up too now, tools like CRISPR have worked, but have suffered from a lack of precision, high error rate…and limited scope. All that limits their ability to treat human genetic diseases. The new method, developed by a team at Harvard, has the ability to make very precise DNA edits. It has been called ‘prime editing,’ and has been likened to using cut and paste in Microsoft Word.

As someone who works with audio files all the time, this is particularly disconcerting. ZDnet.com reports that malware makers are experimenting with using .WAV files to hide malicious code. The technique uses steganography…hiding info in plain sight in another data medium. Previously, this has been done by hiding text files within image files like .PNG or .JPG. Symantec first spotted a Russian group hiding malicious code in .WAV files in June. Now, Cylance reports that they have also seen this technique in the wild. Fortunately, in all cases, the computer already needs to be infected with malware that can read the files hidden in the audio or picture files. As long as your security software keeps executable malware off your system, you should be safe from this new threat…or so they say.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s