- Mac malware from Iran targeting US defense industry, human rights activist
According to the analysis of two security researchers Claudio Guarnieri and Collin Anderson, there is a Mac-based malware dubbed as Mac Downloader that is apparently being used by Iranian hackers to launch attacks against the US defense industry and human rights communities, especially those focused on Iran. The malware is easily available for download via an Adobe Flash Installer and interested downloaders can choose from getting either Windows-based or Mac-based version. The malware is designed to spy on the targeted computer and obtain important credentials. To perform its task, the malware generates fake system login boxes, which it collects from Keychain, the password management system of Apple Inc.
Cyber Security Tips: Don’t click on links and attachments you receive from unknown sources on emails or any other social networking sites.
- Retail Giant Sports Direct Suffered Data Breach Affecting 30,000 Employees
Sports Direct, a British retailing group suffered a massive security breach back in 2016 in which a hacker stole personal details of 30,000 of its employees. Negative aspect of this incident is that the company did not inform its workers about the breach. The breach took place in September last year when hacker exploited vulnerabilities in Sports Direct’s employee portal that was using DNN (formerly DotNetNuke) based content management system. An anonymous source told The Register that the stolen data contains unencrypted data of employees including emails, phone numbers, names and postal address. The source also claimed that the hacker left a phone number in Sports Direct’s system for the owners to get it touch with them. However, it is still unclear if the data is being sold on the Internet or leaked on the Internet.
Cyber Security Tips: Keep the software and applications you use updates. Install a good Anti Virus and use Firewall.
- New Fileless Malware Target Banks and Organizations
Newly published report by the Russian security firm Kaspersky Lab indicates that hackers are targeting banks, telecommunication companies, and government organizations in 40 countries, including the US, South America, Europe and Africa, with Fileless malware that resides solely in the memory of the compromised computers. Fileless malware is a piece of nasty software that does not copy any files or folder to the hard drive in order to get executed. Instead, payloads are directly injected into the memory of running processes, and the malware executes in the system’s RAM. Since the malware runs in the memory, the memory acquisition becomes useless once the system gets rebooted, making it difficult for digital forensic experts to find the traces of the malware.
Cyber Security Tips: To protect yourself from such malwares keep using updated antivirus in your systems, avoid to open spam mails as well as unknown links.