- HummingBad’ malware affects 85 million Android devices
Almost 85 million devices running on Google’s mobile operating system have got infected by a malware called HummingBad. The security company further claims that the majority of the HummingBad victims are in India and China. The malware affects most almost all Android OS versions; however, the most affected are devices running on Android KitKat and Android Jelly Bean. HummingBad malware is a “drive-by download attack” that users face when they visit certain websites. It includes two components: First component tries to gain root access on the Android device to exploit vulnerabilities. This could give hackers full access to the device. If the first component is not able to root the device, the second component shows a fake system update notification, tricking users to unknowingly grant system-level access to the HummingBad malware
Cyber security Tips: To prevent from this attacks use antivirus in your system, update antivirus, do not click on any ad, avoid opening spam mails.
- Pandora warn users change passwords after data releases online
Pandora hasn’t been hacked, but its user’s accounts could be. Pandora is warning it’s users to change their passwords thanks to a breach in a different service leading to hacking risks. A “data dump” from a different service that was recently released to the public that contains usernames and passwords of users.Although Pandora’s systems weren’t hacked themselves the risk is that many use the same username and password across various different services and platforms. Unfortunately the issue of login details being hacked and sold on the Deep Web is more prevalent than it may seem.
Cyber security Tips: If you’re a Pandora user, especially if you’ve received that email, you may want to go set a new password to protect your account, use strong password for your account, check mail before changing password.
- TP-Link forgets to renew and loses its domain used to configured router setting
TP-Link has reportedly “forgotten” to renew both domains that are used to configure its routers and access administrative panels of its devices. Networking equipment vendor TP-LINK uses either tplinklogin.net or tplinkextender.net for its routers configuration. Although users can also access their router administration panel through local IP address (i.e. 192.168.1.1).The first domain offered by the company is used to configure TP-LINK routers and the second is used for TP-LINK Wi-Fi extenders. Both domains have now been re-registered using an anonymous registration service by an unknown entity and are being offered for sale online at US$2.5 Million each.If malicious actors get their hands on these domains, they could use them to distribute malware, serve phishing pages instructing users to “download new firmware to your router,” and request device or social media credentials from users before redirecting them to the router’s local admin panel IP.
Cyber security tips: for this avoid accessing their TP-Link routers using the tplinklogin.net domain, recommended Internet Service Providers (ISPs) to block the affected domain names.