A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using Steganography.

Steganography is the act of hiding information or messages inside objects that are not themselves secret. This allows people to covertly distribute messages, files, and other types of data in files or data that appear to be non-secretive in nature.

In a recent experiment, security researcher Dаvіd Вucһаnаn created a JPEG image of Shakespeare that also included a RARed copy of his complete works in HTML format. Buchanan went on to further show that this image could also be uploaded to Twitter, which would create a thumbnail that continued to contain the embedded RAR file.

The desktop variant for Telegram secure messaging app fails to protect chat content locally and offers access to plain text conversations and media that otherwise travel encrypted.

Telegram’s focus on providing secure communication is well known. The app uses encryption to ensure that a third party cannot read the conversations on their way to the destination.

A feature called ‘secret chats’ is available for those that want complete privacy for their communication, by using end-to-end encryption to guarantee that only the sender and the receiver can access the contents.

Kernel RCE caused by buffer overflow in Apple’s ICMP packet-handling code (CVE-2018-4407)
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407

This post is about a heap buffer overflow vulnerability which I found in Apple’s XNU operating system kernel. I have written a proof-of-concept exploit which can reboot any Mac or iOS device on the same network, without any user interaction. Apple have classified this vulnerability as a remote code execution vulnerability in the kernel, because it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel.

The following operating system versions and devices are vulnerable:

Apple iOS 11 and earlier: all devices (upgrade to iOS 12)
Apple macOS High Sierra, up to and including 10.13.6: all devices (patched in security update 2018-001)
Apple macOS Sierra, up to and including 10.12.6: all devices (patched in security update 2018-005)
Apple OS X El Capitan and earlier: all devices

Civil servant who watched porn at work blamed for infecting a US government network with malware
https://techcrunch.com/2018/10/29/porn-sites-blamed-after-government-network-infected-malware/

A U.S. government network was infected with malware thanks to one employee’s “extensive history” of watching porn on his work computer, investigators have found.

The audit, carried out by the U.S. Department of the Interior’s inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and “exploited the USGS’ network.” Investigators found that many of the porn images were “subsequently saved to an unauthorized USB device and personal Android cell phone,” which was connected to the employee’s government-issued computer.

Investigators found that his Android cell phone “was also infected with malware.”

Facebook is separating Workplace from the main Facebook site to appease business customers concerned about security
https://www.cnbc.com/2018/10/31/facebook-introduces-workplace-domain-to-calm-enterprise-security-fears.html

Workplace by Facebook, the company’s enterprise business, is moving onto a website domain separate from Facebook.com in an effort to build trust with customers and build its brand.
The Workplace by Facebook unit informed Walmart, a top customer, of the domain change the day Facebook disclosed a security breach that impacted millions of consumers.
Workplace by Facebook expects to begin using the new domain for its customers in 2019.

Security advocate Jerry Gamblin has posted a set of instructions – essentially basic lines of XML – that can easily pull important information off of the Google Home Hub and, in some cases, temporarily brick the device.

The Home Hub, which is essentially an Android tablet attached to a speaker, is designed to act as an in-room Google Assistant.