Mozilla has disabled the execution of inline JavaScripts on Firefox as a defense against code injection attacks, by implementing strict Content Security Policies (CSP) that ensure all scripts are executed only when loaded from a packaged resource within the internal protocol.

The execution of inline scripts and also the potentially dangerous eval-like functions for Firefox inbuilt "about: pages" have often served as gateway to very sensitive preferences and settings on the browser, which in turn presents huge security risks. So Mozilla's blockade is an effort to mitigate such class of potential cross-site scripting (XSS) issues in the browser.

And given that web pages are written in HTML/JavaScript which in the security context of the browser, are also prone to such code injection attacks, and fully capable of allowing remote attackers to inject and execute arbitrary code by cross-site scripting attacks.

Albeit, the changes won't directly affect how websites work on the Firefox browser, but according to Mozilla, it will closely audit and evaluate the usage of harmful functions in third-party extensions and other inbuilt mechanisms.

Mozilla has promptly rewritten all use of eval-like functions from the system privileged contexts and parent processes in the codebase of Firefox browser. Additionally, the company has also added eval() assertions to disallow the use of eval() function and its derivatives in system-privileged script contexts.

Mozilla disables Inline JavaScript Execution on Firefox browser

There is a zero-day vulnerability affecting a component that comes inbuilt with Apple's software, iTunes and iCloud for Windows, which exploitation causes it to evade detection by antivirus.

While the vulnerability stems from Bonjour updater, the zero-configuration networking (zeroconf) implementation of communication protocol that works in the background to automate low-level network tasks, such as downloading future updates of Apple software.

The protocol is a set of technologies which automatically creates usable computer network based on the TCP/IP when PCs or other network peripherals are interconnected, without requiring special configuration servers or any manual operator intervention. Bonjour updater is installed as separate program on PCs, so simply uninstalling Apple iTunes and iCloud doesn't actually remove it, that is the more reason it remain installed on numerous Windows PCs still not updated, and silently running behind the scene.

The zero-day vulnerability exploitation of the Bonjour was disclosed by researchers from Morphisec Labs, made possible when an attacker targeted an unnamed organization in the automotive industry with the BitPaymer ransomware.

And the component was exploitable by the unquoted service path vulnerability, which is a common software flaw that occurs when an executable contains spaces in filename and so, it's not enclosed in the quote tags ("") as required. Therefore the unquoted service path vulnerability is exploitable by simply planting a malicious file to the parent path to trick legit applications into executing the malicious programs to evade detection.

Apple, however has released the fix in iCloud for Windows 7.14, iCloud for Windows 10.7, and iTunes 12.10.1 for Windows to patch the vulnerability. It is recommended that all Windows users with either iTunes or iCloud installed should update to the latest software to ensure their security.

Why You need to Update Apple iTunes and iCloud on Windows PC?

Facebook launched Workplace in 2016, as a collaboration platform that offer standard chat functions and the ability to share files, including photos and videos, also voice clips, between employees within an organization.

And the first update to Workplace allow users to interact with external partners and agencies, with the capability of up to 50 participants to engage in group conversations within the application, via text, voice and video. While the next update to the chat app, was support for communication between workers in separate organizations.

Facebook subsequently launched features such as pinned threads, to make it easier for users to keep track of chats, coupled with the ability to pin important messages at the top of the app, up to 15 messages. And the “do not disturb” mode to allow employees turn off alerts and notifications when busy or away, with “replies” feature that enable direct responses to individual chat within a broader conversation.

Now, Facebook is working on bringing its Portal video hardware to the office with a dedicated Workplace app, which is one among a handful of other updates to the enterprise collaboration platform.

The Portal video display supports video calls between Facebook Messenger and WhatsApp, and utilizes an AI powered “smart camera” that tracks both body movements of the speakers engaging in the call. With the incorporation of Workplace app, Portal would be able to connect workers in an organization as well.

What that means is that Workplace on Portal will facilitate communication not only with friends, but with colleagues at work, in a more secure and safer platform; also users will be able to call other Portal device right from their mobile phone if they are on the go or via their PC or iPads in the office.

The first Portal device shipments started with 54,000 units in 2018, with the period measured from the time those devices were first released in November, meaning that shipments was completed at the end of the year.

Facebook has scheduled next shipment as demand has gone up in 2019, the company announced new devices last month and harping on the potential for the displays to come in handy in the office, as more Workplace customers have requested trials of Portal devices and have commenced testing in their organizations.

Facebook continues its push for Workplace adoption with Portal in the Office

The modern camera offerings with many megapixels, not withstanding, you'd still need a nifty image resize tool to bring out the exact copy of image required for professional image processes.

That is where AI Image Enlarger comes to play, available for Mac and Windows, the super-unique tool uses artificial intelligence (AI) capabilities to enhance small or low-resolution images/photos, making it easy for you to upscale your images. And the beauty of the AI capabilities is that your resized images does not loose its original quality, as it guarantees an even smarter and sharper image than what's obtainable before, and the best part - it's available for FREE.

The AI Image Enlarger software which comes absolutely free, is fully capable of enlarging any small definition image to high definition without losing quality, based on machine learning and AI technology which it packs into its processes.

Unique Features of AI Image Enlarger Software

  • Easy to use User Interface
  • Utilizes Machine learning and AI technology
  • Simple Drag & Drop Option for uploading image
  • Easily Convert Images from Low Definition to High Definition
  • Support for Windows and Mac Computer

AI Image Enlarger software employs hundreds of thousands HD photos to teach its deep learning system, thereby enabling the AI solution to analyze images and be able to add missing details during the enlargement process.

Steps to Convert Images from Low Definition to High Definition

First, go to the official AI Image Enlarger software website and download the software to your Windows or Mac computer. And note that the software is fully compatible with Windows 7/8/10 & Mac OS X and newer versions.

Then create an account for the software and log into your account on the Windows/Mac software.

Now, it is time to upload your image, but before that you should note the file limits as follows:

1. Image must be less than 3MB
2. Image should not be more than 800 width x 750 height
3. And Only .jpg, .jpeg, and .png extensions are currently supported

Once you upload your image, then choose from the styles namely: Artwork, Photo, Face, and High-Grade. You can also enlarge it twice or 4x the size of the original uploaded image, without loosing the original image quality.

After you have chosen a style, then click on submit which will provide a preview of your image. If you are satisfied with the final output, then click on the Download button to get your enlarged image, all for free.

Our Verdict!

The AI Image Enlarger software is perhaps best for quick and easy image enlargement, with the great perk of AI capabilities that makes the procedure almost effortless, and the best part is that you don’t need to pay for the software.

Additionally, you also get to enlarge your image without having to go through any rigorous study on how to use the photo editing software, as the tool is so easy to use, that even a newbie in photo editing won't have an issue.

AI Image Enlarger Review: Freely Enlarge Low Resolution Images with AI Solutions

Opera Software has hopped unto the browser tracking protection bandwagon with Opera 64 bringing the open-source EasyPrivacy Tracking Protection support to bolster privacy.

While EasyPrivacy is an open-source and optional supplementary filter list that removes all forms of tracking from the Web, including bugs, tracking cookies/scripts and data collectors, thereby ensuring better protection for users information, and bolster online privacy.

The growing issue of privacy violations with latest web tracking technologies evading browser privacy add-on has been rampant, which tracking is especially useful for ads targeting campaigns despite that it invade users privacy.

Opera's tracking protection system powered by EasyPrivacy Tracking Protection, is comparable to a similarly-named ad blocking list that support AdBlock and AdBlock Plus extensions, though the new tracking protection employed by Opera will emphasize more on the performance rather than just privacy.

The Opera browser is known for its speed, so any component that will undermine that fastness isn't going to be supported, hence Opera 64 is more private and at the same time more faster, which the company touted as helping users save a lot of time simply by switching on the tracker blocker.

Albeit, that's truly a general reality for all such browsers with ad blocker, as using an advertisement filter or blocker usually ensures speed bolster by not downloading the chunk of ads content, such as images or other components of the display advertisements.

Opera Software claims the speed gain for Opera 64 is up to 23% - and coupled with Opera's built-in ad blocker, which feature also improves on the users' privacy.

Opera 64 brings open-source EasyPrivacy Tracking Protection to bolster privacy

Microsoft has commenced the testing of Phone app for Windows 10 with Windows Insiders, which feature is to allow users to make phone calls right on their PCs without the use of mobile phone.

While the company had earlier explained the functionalities of the phone app for Windows 10 at the Samsung Unpacked event in August, and also demonstrated it in a live demo at last week’s Surface event.

Now, Microsoft has begun testing it with the Windows Insider community, and the feature will gradually roll out on 19H1 builds or newer, so may likely take a few more days to be available inside the Your Phone app.

The phone call feature adds to the growing list of capabilities Microsoft is bringing to Your Phone app, which includes; ability to receive incoming phone calls on PC and initiating same from your PC using only the in-app dialer or contact list. And easily decline any incoming phone calls on PC with custom text or directly sent to your phone’s voicemail.

Additionally, you can access all your recent call history on PC, and by clicking on specific call, it will auto populate the number on the call dialer screen, and you can seamlessly transfer calls between your PC and mobile phone.

For a peek at what build is in the Insider ring, simply head over to Flight Hub or check out the documentation here including a complete list of features and updates that have rolled out as part of the Insider flights for current development cycle.

The feature is expected to roll out to all users in Fall 2020, when Your Phone app would be running all the latest additions, and the fact that Microsoft will be opening up the new features without limiting it only to its own devices, is perhaps a thing of delight.

Microsoft begins testing of Phone app call for Windows 10 with Insiders

The earlier reported flaw in Signal Messenger that allowed just anyone, including malicious actors to initiate an auto-connect call without the receiver's interaction, has now been fixed.

While Signal boasts of a cross-platform encryption system that's touted as one of the world's most secure, but the recent flaw proved that no application is completely hackproof, which according to Google’s Project Zero team, the bug affected audio calls only, as the video option requires manual enabling for incoming calls.

The flaw could only be exploited when the receiver fails to answer audio call over Signal, which eventually will enforce the incoming call to be automatically answered from the receiver's end.

Google’s Project Zero team, which discovered the flaw, added that Signal experienced the remote attack surface due to the limitations in WebRTC, which design flaw also affected the iOS version of the app, but was unexploitable because the call is not completed owing to an error in unexpected sequence of states in the user interface.

Signal has now fixed the crucial flaw for the Android app, as the eavesdropping flaw couldn't be exploited on the iOS version of the messaging app, so it is recommended that all users should update to the latest version of the app on the Play store.

Signal fixes the Messenger bug that allow Hackers to Auto-connect calls

Mozilla and Google have scheduled to implement DNS-over-HTTPS protocol on their respective browsers, with Firefox already rolling out the feature and for Chrome, it has been scheduled to roll out later this year.

While the DNS-over-HTTPS (DoH) protocol works by altering the normal DNS, which queries are made in plaintext from a given app to the DNS server, using settings on the local operating system received from network provider. But DoH attempts to change all these, as it encrypts the DNS queries, disguised as regular HTTPS traffic and sent to DoH-capable special DNS servers, which then resolve the DNS query and reply back in an encrypted form to the user.

The experts think DoH isn't foolproof in ensuring users' privacy, as actually DoH doesn't prevent ISPs from tracking a user, and it weakens enterprise cyber-security set ups, which in turn helps criminals. And the fact that DoH centralizes DNS traffic to a few DoH resolvers, there's the problem of DoH's impact on DNS ecosystem itself, with the decentralized network of servers, giving way to created new layer of DoH resolvers, which sits on top of existing DNS layer.

The main point against DoH is its impact on enterprises, with system administrators using local DNS servers or DNS-based software to monitor local traffic, which prevent users from accessing non-office related sites, and also minimizes malware domains. As DoH creates a mechanism that overwrites the centrally-imposed DNS settings to allow employees to use DoH to bypass any DNS-based traffic filtering solutions, effectively separating DoH from the operating system's regular settings.

Thus, IT administrators will need to keep an eye on the DNS settings across the various operating systems to prevent DNS hijack attacks, with hundreds of apps running their own unique DoH settings, this will be a herculean task for the administrators.

Additionally, If DoH is widely deployed, bypassing enterprise filters by employees to access blocked content, as traffic to certain malware domains are blocked within the enterprises, will become easy.

Albeit, the security researchers understand the need to protect DNS queries from snoopers, and have recommended DNSSEC and DNS-over-TLS (DoT), which is a similar protocol to DoH, but encrypts the DNS connection rather than hiding the traffic within HTTPS.

Though, DoT have its own disadvantages, but the researchers believe DoT would cause far less problems, and all ISPs deploying DoT will significantly help ensure better privacy and security with the decentralization, while advising companies to look at alternative methods of blocking its outgoing traffic that doesn't rely only on DNS data.

Why Cybersecurity Experts oppose the DNS-over-HTTPS protocol?

Google has released a web-based password checker as part of its efforts to help identify when a user's login details is compromised, and thus alert the affected individual.

While Google had earlier made available a Chrome plugin dubbed Password Checkup, that also alert users when their login details have been compromised, whose information is found in their recent “Collections” leak, and prompt a warning for them to update their information. But the new password checker service will examine the username and password combinations saved in Chrome's password manager to be able to report on the authentication of the pairings whether it has been compromised in any third-party data breach made public.

Google will return the password checker results in an organized list of the accounts with already-compromised username-password pairs, with accounts for which the user have a shared password and accounts that are having very weak passwords, so as to show to the user where actions are required to safeguard the accounts.

It can be accessed at, available for Chrome users who run the browser after logging into their Google account, which required them to synchronize data between their different devices.

The company also promised to launch a baked-in Chrome hacked-password alert system, that will automatically alert users whose details have been compromised, though it is not yet clear, if Chrome would have a similar to the Firefox Monitor which functions much like Troy Hunt’s Have I Been Pwned, allowing users to search login details on the service to know if their details were exposed in a data breach.

Troy Hunt's "Have I Been Pwned" service catalogs billions of emails exposed in data breaches, which Firefox Monitor API is granted access to the database, to afford users the ability to search their email address, and if exposed in a data breach, will be informed specifically, where and when the compromise took place.

Chrome 78 Beta, which is the build that leads to Stable, and the less-reliable Chrome 79 Canary for Windows and macOS, already sports the new password checker system, though it is hidden behind a setting on the options screen.

Google releases a Web-based Password Checker for Chrome browser

The leading social network, Facebook is under pressure from the UK, US and Australia governments to create backdoor into its encrypted messaging systems to allow the governments access to encrypted users messages.

According to an open leter signed by US attorney general and acting secretary of homeland security, with UK home secretary, and the Australian minister for home affairs, the collective governments are urging the CEO of Facebook, Mark Zuckerberg to Consult with them on how to implement end-to-end encryption on its messaging services.

While on already deployed end-to-end encryption, it must enable law enforcements access to the messages in a usable format, which in other words means providing a lawful access to the content of messages by creating a backdoor for the governments to access them.

Again, the letter raises more concerns about Facebook’s plan to enable end-to-end encryption in its messaging apps to prevent anyone, including law enforcement agencies from finding out the activities of its users by intercepting communications on the platform.

The arguement is that Facebook should prioritize public safety in the designing of its encryption system by creating a backdoor for law enforcements to gain access to illegal contents in a readable format and by duely consulting with relevant government agencies ahead of the implementation to ensure that such changes will not impede their access.

Facebook, however in a statement, said that it will strongly oppose government attempts to build backdoors into its messaging systems, and that deployment of end-to-end encryption is the right thing to do to protect people’s privacy, so it’ll defend it when the time is right.

Facebook under pressure to create “Backdoor” for Encrypted Data access

Dropbox, the San Francisco-based Cloud Storage company, has launched a new collaboration tool dubbed Spaces, that will enable co-workers to share a variety of documents within an organization, which is perhaps another addition to the file-sharing and productivity ecosystem.

The revamped Dropbox app will allow users connect with a variety of third-party video and text messaging platforms. While Dropbox Spaces consist of a shared folder for groups that include documents from different sources, with the ability to chat with co-workers and also share a task among the team.

Albeit, Dropbox Spaces isn't the only collaboration tool, with competitors like Slack, and Microsoft Teams, among others - which all are striving to be the leading collaboration platform for co-workers to share their daily tasks.

Dropbox is offering an enterprise platform that will create a smart work-space and supporting ecosystem, with Spaces, which changes to its core platform will enable office workers to manage the influx of data, instead of relying on the numerous applications that organizations are forced to implement.

It will incorporate artificial intelligence-based capabilities to help workers stay on top of their tasks working in Spaces. And Microsoft Team highlights will offer an overview of activities, such as documents update, with Dropbox’s machine learning capabilities to suggest content, for instance, what might be needed ahead of a meeting.

Dropbox's AI initiative, DBXi, will come handy, with the ‘graph’ that leverages signals from connections and integrations, resulting in a more smarter workspace.

The evolution of collaboration tools will culminate into a new type of app that enable all other apps work together, which means it will be able to organize itself, allowing users to focus more in solving the daily office tasks.

That is what Dropbox wants to achieve, with the accessibility of Google Docs and Microsoft Office in the new collaboration tool.

The company have also promised the integration of Atlassian’s work management application, Trello, which allow users add content to Trello cards, and e-signature app, HelloSign, to Spaces.

What Dropbox Spaces will bring to Office Collaboration tools space?

The emergence of malvertising campaigns is a growing concern in online marketing, that even heavy-weights like Google are still grappling with it. And there is a recent case of exploitation in Chrome for iOS, that allowed malware sites to successfully bypass the browser's inbuilt pop-up blocker on iOS devices to hijack over 500 million mobile sessions to show pop-ads.

While the hacking group, eGobbler was responsible for some massive malvertising campaigns in the past; the new campaigns that exploited Webkit-based browser vulnerabilities to run intrusive pop-up ads by forcefully redirecting users to malicious sites, have also been traced to the hacking group.

The hackers through the exploits were able to run several ad campaigns for free, evading what would have cost a very high budgets to display the ad impressions on high profile sites via legit ad networks.

According to security firm Confiant, the eGobbler hacking group started exploiting the new vulnerability in WebKit, which is the browser engine used by Apple Safari browser on both iOS and macOS, with Chrome for iOS and also earlier versions of Chrome browser for desktop, as it doesn't require clicking anywhere on legit websites they visit, neither spawns any pop-up ad.

The sponsored ads by eGobbler simply uses the WebKit exploit to redirect visitors to websites hosting the fraudulent malware immediately they press the "page down" or "key down" button on the keyboards when reading the content on legit websites.

This is possible because the Webkit vulnerability resides in a JavaScript function, known as the onkeydown event which happens each time a user presses key on the keyboard, allowing ads within iframes to break out of the security sandbox protections. Even the iOS pop-up on Chrome was not spawning as before, but the redirection on WebKit browsers still happens upon the 'onkeydown' event, according to the researchers.

However, Apple has fixed the WebKit flaw in the released iOS 13 and in the Safari browser 13.0.1, but Google is yet to fix it in Chrome.

Apple WebKit Flaw that opened up the browsers to Malvertising campaigns

Microsoft has rolled out its Windows Virtual Desktop service globally with capabilities like multi-session for Windows 10 and support for the Windows Server Remote Desktop Services, among others.

While enterprises will be able to leverage on the virtualized applications and remote desktops, including the provision for multi-session Windows 10 experiences, which is perhaps what sets Microsoft's offering apart from other vendors of virtualized Windows desktops environments, in addition to the Windows desktop client app availability for Mac and iOS devices.

The acquisition of FSLogix by Microsoft, which company also specializes in the provisioning of virtualized Windows environments, may have given Microsoft an edge, allowing it to incorporate FSLogix know-how to ensure better user experience for Windows Virtual Desktop.

Along with Windows 10 virtualization, the service will provide Enterprises support for Windows Server RDS desktop and apps, allowing them to virtualize Windows 7/10 and Microsoft Office 365 ProPlus apps, with some other third-party applications by simply running them remotely in the Azure virtual machines.

Microsoft also provide the ability to virtualize Windows 7 desktops, given the validity of the Extended Security Update support which is through to January 2023, allowing enterprise customers who license and purchase Windows Virtual Desktop to continue getting security updates for Windows 7 even after officially ending support at no additional cost.

The Windows Virtual Desktop service will be available directly, and also through Microsoft Cloud Service Providers (CSPs), with partners such as VMware and Citrix, albeit Microsoft will be talking up storage solutions from other partners specially tailored for the Windows Virtual Desktop service.

Additionally, Microsoft plans to bring support for its Teams group-chat service to reduce latency issues. and the Windows Virtual Desktop-support preview, which employs WebRTC technology, soon.

How Microsoft Azure-based Windows Virtual Desktop will benefit Enterprises