Data Security News Headlines 17th October, 2016

  1. Android Banking Trojan tricks victims into submitting selfie holding their ID card

Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card. Once successfully installed, the Trojan asks users for a number of device’s permissions to execute the malicious code and then waits for victims to open apps, specifically those where it would make sense to request payment card information.

Cyber Security Tips: No app needs a photo of you holding your ID card except perhaps a mobile banking service, avoid to download apps from untrusted site, check for app permission.

  1. Dangerous Pork Explosion backdoor found in Android Devices

Serious flaw has been discovered by a security expert Jon Sawyer aka Justin Case or jCase, which affects Android smartphones. This new flaw is so dangerous that it sabotages all the security measures of the operating system to such an extent that the device becomes vulnerable to all kinds of attacks. Sawyer has dubbed this vulnerability as Pork Explosion and it was mainly identified in the apps bootloader from hardware developer Foxconn Technologies. When an attacker encrypts the device and obtains access to the root shell then using the compromised bootloader, the attacker can execute two types of commands, normal (such as getvar or reboot) and OEM. OEM commands are basically non-standard commands, which are usually implemented by the developers of the device whereas normal commands can be sent via USB after being hard-coded into the fastboot client. Two devices Nextbit Robin and Infocus manufactured by Foxconn were identified to be vulnerable to this security flaw.

Cyber Security Tips:  Wait until issue is solve, use updated software and antivirus in your mobile.

  1. Internet service providers face DDoS attack second time in the last three months

Internet service providers (ISPs), mainly from Mumbai and Pune, claimed they are being targeted in a distributed denial of service (DDoS) attack for the second time in the last three months, and said they will raise the issue of cyber terrorism with IGP (Cyber) Brijesh Singh. Some unknown people are involved in crashing the networks of ISPs by making lakhs of requests at a particular terminal at a particular time at an unprecedented level, thus slowing down the whole internet.

Cyber Security Tips: To prevent from DDOS attack filter the requests, Intrusion detection and prevention system.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: