Microsoft's April 2018 Patch Tuesday came and went this week and the company issued its regular monthly software patches to fix various vulnerabilities. Patch Tuesday is the unofficial nickname of the second or third Tuesday of each month. This is when Microsoft rolls out bug fixes and security patches for its line of software products like Windows and Microsoft Office.
Netflix has acknowledged a security flaw that puts users who registered to the online streaming service using a Gmail account at risk of a phishing scam. The flaw utilizes a little-known Gmail feature in order to trick users into putting in their credit card information and paying for someone else’s Netflix subscription. This flaw is based on how Netflix and Gmail view dots in the email address. Gmail’s policy on dots in email addresses is to ignore them altogether, so that if someone adds or misses dots in an address the message will still get to the person they are addressing.
On March 29th, popular fitness and nutrition tracking app MyFitnessPal, disclosed a data breach. According to the MyFitnessPal website, the breach occurred sometime in February 2018 but was only discovered on March 25th. Under Armour, the company that owns MyFitnessPal, announced that as many as 150 million accounts were compromised. Stolen information includes usernames, email addresses and passwords hashed with bcrypt. MyFitnessPal has alerted users via email and is requiring all users to change their passwords.
The popular torrent software, uTorrent, was found to have a serious vulnerability. According to Tavis of the Google Project-Zero, the uTorrent software is vulnerable to remote attacks. The way it works is that an attacker can user a website to perform a simple DNS Rebinding attack to download malware anywhere onto the victim’s computer through the uTorrent software. It is suggested to either stop using the software entirely or do not have the uTorrent software running when not in use till the issue is fixed.