- 5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update
Rustwave’s SpiderLabs analysts discovered a hidden backdoor in Skype for Apple’s macOS and Mac OS X operating systems that could be used to spy on users’ communications without their knowledge. The backdoor actually resides in the desktop Application Programming Interface (API) that allows third-party plugins and apps to communicate with Microsoft-owned Skype. This backdoor allow attacker to read notifications of incoming messages (and their contents), intercept, read and modify messages, log and record skype call audio, create chat sessions, retrieve user contact information. All hackers need to do is change a text string in apps to this value → “Skype Dashbd Wdgt Plugin,” and the desktop API would provide access to sensitive features of Skype.
Cyber Security Tips: Users are strongly recommended to update their Skype installation as soon as possible.
- Microsoft release 12 security Update: including 6 critical
Microsoft has released security bulletins Patch Tuesday for this year, including 6 critical. The critical vulnerabilities found in Microsoft Edge, Microsoft Graphics Component, Microsoft Uniscribe Microsoft Office, Internet Explorer, Adobe Flash Player .NET Framework and this could allow attacker to remote code execution. The informational vulnerabilities are Microsoft Windows, Secure Kernel Mode, Kernel-Mode Drivers, Windows Kernel, and Common Log File System Driver this could allow information disclosure.
Cyber Security Tips: Users and IT administrators are strongly recommended to apply these critical security updates as soon as possible.
- KFC’s Colonel’s Club card Scheme Hacked, 1.2million Members Impacted
KFC is a renowned fast food franchise and millions are members of the Colonel Club Card loyalty scheme from KFC. This particular scheme lets the members get stamps when they purchase a meal at KFC and exchange the stamp for getting free food or money-off. Particular loyalty card scheme was targeted by cyber-criminals and according to KFC the scheme has been compromised, which has made personal data of around 1.2 million members of the scheme vulnerable to exploitation. According to report company confirmed that the data breach has occurred and its Colonel’s Club card loyalty scheme is the key target of a data breach. The data breach occurred after KFC’s website was hacked by malicious cyber-criminals. There is no credit card information or other financial data is hacked said by company. They provided notification to users for changing their passwords.
Cyber Security Tips: If you are member of Colonel’s Club then immediately reset your password and use strong password for it.
- Office 365 Business Users Targeted in Punycode-based Phishing
A new phishing attack targeting Office 365 business email users was found using Punycode to go undetected by both Microsoft’s default security and desktop email filters, Avanan security researchers warn. The main aim of attack is to steal Office 365 credentials and abuses a vulnerability in how Office 365 anti-phishing and URL-reputation security layers deal with Punycode. Punycode is used to encode them in the limited character subset of ASCII, which is supported by the Domain Name System (DNS). Phishing attacks leveraging Punycode attempted to trick users into clicking links and a site that looks like http://www.pаypal.com/ might actually take users to http://www.xn--pypal-4ve.com/, said researcher.
Cyber Security Tips: To prevent from such a phishing attack avoid to click on any link and use updated antivirus to protect your system.