February 27, Softpedia – (International) Apps bypass Google Play verification and spew tempest of ads. Bitdefender security researchers discovered 10 apps hosted in Google Play that use social engineering to trick users into installing ad-spewing software and relied on deceptive tactics to ensure persistence on users’ devices. None of the apps linked to Web sites hosting malware, allowing the apps to bypass Google Play quality controls. Source
February 27, Securityweek – (International) Critical vulnerability found in Jetty web server. Security researchers from Gotham Digital Science discovered a critical vulnerability dubbed JetLeak in the Eclipse Foundation’s Jetty Web server that allows remote, unauthenticated attackers to read arbitrary data from requests previously submitted by users to the server, including cookies, authentication tokens, anti-CSRF tokens, usernames, and passwords. The flaw was addressed February 24 with the release of Jetty version 9.2.9 while the Jetty development team reported an anticipated fix for the vulnerability in version 9.3.0. which is in beta. Source
February 26, Nextgov – (International) It’s official – FCC enacts expansive net-neutrality rules. The Federal Communications Commission (FCC) approved sweeping net-neutrality regulations February 26 that gives the government expanded power over Internet access, and allows the FCC to bar Internet providers from blocking Web sites, selectively slowing down any content, or offering bandwidth increases for specific content with payment. The rules also classify the Internet as a telecommunications service under Title II of the Communications Act. Source