Here nosotros are amongst our weekly roundup, briefing this week's top cybersecurity threats, incidents, too challenges, simply inward representative you lot missed whatever of them.
Last calendar week has been real brusk amongst large intelligence from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the regain of a novel malware evasion technique that industrial plant on all versions of Microsoft's Windows operating system.
Besides this, the newly discovered Janus vulnerability inward the Android operating organization too a critical remote code execution (RCE) vulnerability inward Malware Protection Engine (MPE) for which Microsoft released an emergency piece made their places inward our weekly roundup.
I recommend you lot to read the entire intelligence (just click 'Read More' because there's unopen to valuable advice inward at that spot every bit well).
So, hither nosotros become amongst the listing of this Week's Top Stories:
Influenza A virus subtype H5N1 squad of researchers, who previously discovered AtomBombing attack, late revealed a novel fileless code injection technique that could aid malware authors defeat most of the modern anti-virus solutions too forensic tools.
Dubbed Process Doppelgänging, the method takes payoff of a built-in Windows business office too an undocumented implementation of Windows procedure loader, too industrial plant on all versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10.
To know How Process Doppelgänging assail industrial plant too why Microsoft refused to gear upwards it, Read More.
Influenza A virus subtype H5N1 newly discovered vulnerability, dubbed Janus, inward Android could permit attackers modify the code of Android apps without affecting their signatures, eventually allowing them to distribute malicious update for the legitimate apps, which looks too industrial plant same every bit the master copy apps.
Although Google has patched the vulnerability this month, a bulk of Android users would withal postulate to hold off for their device manufacturers to unloose custom updates for them, manifestly leaving a large number of Android users vulnerable to hackers for adjacent few months.
To know to a greater extent than virtually the vulnerability, how it industrial plant too if you lot are affected, Read More.
Once again, Hewlett-Packard (HP) was caught pre-installing a keylogger inward to a greater extent than than 460 HP Notebook laptop models that could allow hackers to tape your every keystroke too bag sensitive data, including passwords, line of piece of job concern human relationship information, too credit bill of fare details.
When reported concluding month, HP acknowledged the presence of the keylogger, proverb it was genuinely "a debug trace" which was left accidentally, too affected users tin install updated Synaptics touchpad driver to withdraw it manually.
To know how to banking concern fit if your HP laptop is vulnerable to this number too download compatible drivers, Read More.
Researchers discovered a collection of vulnerabilities inward to a greater extent than than 30 pop electronic mail client applications that could allow anyone to ship spoofed emails bypassing anti-spoofing mechanisms.
Dubbed MailSploit, the vulnerabilities impact pop electronic mail clients including Apple Mail (for macOS, iOS, too watchOS), Mozilla Thunderbird, Yahoo Mail, ProtonMail, several Microsoft electronic mail clients, too others.
To lookout adult man the PoC video released past times the researchers too know to a greater extent than virtually the vulnerabilities, Read More.
Last calendar week was the golden calendar week inward Bitcoin's history when the toll of 1 BTC touched almost $19,000, but the media hype virtually the bitcoin toll diminishes the hack of the largest Bitcoin mining marketplace.
NiceHash mining marketplace confirmed a breach of its website, which resulted inward the theft of to a greater extent than than 4,736 Bitcoins, which right away worth nearly $80 million.
The service went offline (and is withal offline at the fourth dimension of writing this article) amongst a post on its website, confirming that "there has been a safety breach involving NiceHash website," too that hackers stole the contents of the NiceHash Bitcoin wallet.
To know to a greater extent than virtually the Bitcoin hack, Read More.
Influenza A virus subtype H5N1 calendar week earlier its Dec Patch Tuesday updates, Microsoft released an emergency safety piece to address a critical remote code execution vulnerability inward its Malware Protection Engine (MPE) that could allow an assailant to accept total command of a victim's PC.
The vulnerability (CVE-2017-11937) impacts Windows 10, Windows 8.1, Windows 7, Windows RT 8.1, too Windows Server, too affects several Microsoft's safety products, including Windows Defender, Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, too Exchange Server 2013 too 2016.
To know to a greater extent than virtually the vulnerability, Read More.
Scientists discovered a critical implementation flaw inward major mobile banking apps—for both iOS too Android—that left banking credentials of millions of users vulnerable to man-in-the-middle attacks.
Attackers, connected to the same network every bit the victim, could receive got leveraged vulnerable banking apps to intercept SSL connective too recall the user's banking credentials, similar usernames too passwords/pincodes—even if the apps are using SSL pinning feature.
To know how attackers could receive got exploited this vulnerability to accept over your banking concern accounts, Read More.
While downloading apps on their smartphones, most users may non realize how much information they collect on them, too app developers accept payoff of this ignorance, wiping off to a greater extent than information on their users than they genuinely require for the working of their app.
But what if this information falls into the incorrect hand?
The same happened concluding week, when a massive trove of personal data (over 577 GB) belonging to to a greater extent than than 31 1000000 users of the famous virtual keyboard app, called AI.type, leaked online for anyone to download without requiring a password.
To know to a greater extent than virtually the information breach incident too what information users lost, Read More.
An easily-exploitable vulnerability discovered inward Android application developer tools, both downloadable too cloud-based, could allow hackers to bag files too execute malicious code on vulnerable systems remotely.
The vulnerability was discovered past times safety researchers at CheckPoint, who also released a proof of concept (PoC) attack, dubbed ParseDroid, along amongst a video to demonstrate how the assail works.
To lookout adult man the video too know how this vulnerability tin endure exploited, Read More.
It turns out that a 20-year-old Florida man, amongst the aid of another, was responsible for the massive Uber information breach inward Oct 2016 too was paid an enormous total past times the ride-hailing society to destroy the information too perish on the information breach incident secret.
Last week, Uber announced that a massive information breach concluding twelvemonth exposed personal information of 57 1000000 customers too drivers too that it paid 2 hackers $100,000 inward ransom to destroy the information.
To know to a greater extent than virtually the information breach at Uber too the hackers, Read More.
Last calendar week has been real brusk amongst large intelligence from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the regain of a novel malware evasion technique that industrial plant on all versions of Microsoft's Windows operating system.
Besides this, the newly discovered Janus vulnerability inward the Android operating organization too a critical remote code execution (RCE) vulnerability inward Malware Protection Engine (MPE) for which Microsoft released an emergency piece made their places inward our weekly roundup.
I recommend you lot to read the entire intelligence (just click 'Read More' because there's unopen to valuable advice inward at that spot every bit well).
So, hither nosotros become amongst the listing of this Week's Top Stories:
Process Doppelgänging: New Malware Evasion Technique
Influenza A virus subtype H5N1 squad of researchers, who previously discovered AtomBombing attack, late revealed a novel fileless code injection technique that could aid malware authors defeat most of the modern anti-virus solutions too forensic tools.
Dubbed Process Doppelgänging, the method takes payoff of a built-in Windows business office too an undocumented implementation of Windows procedure loader, too industrial plant on all versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10.
To know How Process Doppelgänging assail industrial plant too why Microsoft refused to gear upwards it, Read More.
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
Influenza A virus subtype H5N1 newly discovered vulnerability, dubbed Janus, inward Android could permit attackers modify the code of Android apps without affecting their signatures, eventually allowing them to distribute malicious update for the legitimate apps, which looks too industrial plant same every bit the master copy apps.
Although Google has patched the vulnerability this month, a bulk of Android users would withal postulate to hold off for their device manufacturers to unloose custom updates for them, manifestly leaving a large number of Android users vulnerable to hackers for adjacent few months.
To know to a greater extent than virtually the vulnerability, how it industrial plant too if you lot are affected, Read More.
Pre-Installed Keylogger Found On Over 460 HP Laptop Models
Once again, Hewlett-Packard (HP) was caught pre-installing a keylogger inward to a greater extent than than 460 HP Notebook laptop models that could allow hackers to tape your every keystroke too bag sensitive data, including passwords, line of piece of job concern human relationship information, too credit bill of fare details.
When reported concluding month, HP acknowledged the presence of the keylogger, proverb it was genuinely "a debug trace" which was left accidentally, too affected users tin install updated Synaptics touchpad driver to withdraw it manually.
To know how to banking concern fit if your HP laptop is vulnerable to this number too download compatible drivers, Read More.
New Email Spoofing Flaw Affects Over thirty Popular Email Clients
Dubbed MailSploit, the vulnerabilities impact pop electronic mail clients including Apple Mail (for macOS, iOS, too watchOS), Mozilla Thunderbird, Yahoo Mail, ProtonMail, several Microsoft electronic mail clients, too others.
To lookout adult man the PoC video released past times the researchers too know to a greater extent than virtually the vulnerabilities, Read More.
Largest Crypto-Mining Exchange Hacked; Over $80 Million inward Bitcoin Stolen
Last calendar week was the golden calendar week inward Bitcoin's history when the toll of 1 BTC touched almost $19,000, but the media hype virtually the bitcoin toll diminishes the hack of the largest Bitcoin mining marketplace.
NiceHash mining marketplace confirmed a breach of its website, which resulted inward the theft of to a greater extent than than 4,736 Bitcoins, which right away worth nearly $80 million.
The service went offline (and is withal offline at the fourth dimension of writing this article) amongst a post on its website, confirming that "there has been a safety breach involving NiceHash website," too that hackers stole the contents of the NiceHash Bitcoin wallet.
To know to a greater extent than virtually the Bitcoin hack, Read More.
Microsoft Issues Emergency Windows Security Update
Influenza A virus subtype H5N1 calendar week earlier its Dec Patch Tuesday updates, Microsoft released an emergency safety piece to address a critical remote code execution vulnerability inward its Malware Protection Engine (MPE) that could allow an assailant to accept total command of a victim's PC.
The vulnerability (CVE-2017-11937) impacts Windows 10, Windows 8.1, Windows 7, Windows RT 8.1, too Windows Server, too affects several Microsoft's safety products, including Windows Defender, Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, too Exchange Server 2013 too 2016.
To know to a greater extent than virtually the vulnerability, Read More.
Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL
Scientists discovered a critical implementation flaw inward major mobile banking apps—for both iOS too Android—that left banking credentials of millions of users vulnerable to man-in-the-middle attacks.
Attackers, connected to the same network every bit the victim, could receive got leveraged vulnerable banking apps to intercept SSL connective too recall the user's banking credentials, similar usernames too passwords/pincodes—even if the apps are using SSL pinning feature.
To know how attackers could receive got exploited this vulnerability to accept over your banking concern accounts, Read More.
Massive Data Breach Exposes Personal Data On 31 Million Users
While downloading apps on their smartphones, most users may non realize how much information they collect on them, too app developers accept payoff of this ignorance, wiping off to a greater extent than information on their users than they genuinely require for the working of their app.
But what if this information falls into the incorrect hand?
The same happened concluding week, when a massive trove of personal data (over 577 GB) belonging to to a greater extent than than 31 1000000 users of the famous virtual keyboard app, called AI.type, leaked online for anyone to download without requiring a password.
To know to a greater extent than virtually the information breach incident too what information users lost, Read More.
Critical Flaw inward Major Android Tools Targets Developers
The vulnerability was discovered past times safety researchers at CheckPoint, who also released a proof of concept (PoC) attack, dubbed ParseDroid, along amongst a video to demonstrate how the assail works.
To lookout adult man the video too know how this vulnerability tin endure exploited, Read More.
Uber Paid Florida Hacker $100,000 to Keep Data Breach News Secret
It turns out that a 20-year-old Florida man, amongst the aid of another, was responsible for the massive Uber information breach inward Oct 2016 too was paid an enormous total past times the ride-hailing society to destroy the information too perish on the information breach incident secret.
Last week, Uber announced that a massive information breach concluding twelvemonth exposed personal information of 57 1000000 customers too drivers too that it paid 2 hackers $100,000 inward ransom to destroy the information.
To know to a greater extent than virtually the information breach at Uber too the hackers, Read More.
Share This :
comment 0 Comments
more_vert