- Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection
There are two popular languages Java and Python used for programming. The bad news for the programmer, because these two language contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. Hackers can take advantage to design potential cyber-attack operations against critical networks and infrastructures. The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol (FTP) links, where they don’t syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw. According to blog post published over the past week, security researcher Alexander Klink detailed the FTP protocol injection vulnerability in Java’s XML eXternal Entity (XXE) that allows attackers to inject non-FTP malicious commands inside an FTP connection request. Once attacker successfully exploited using the FTP protocol injection issue in Java and Python, an attacker who knows the targeted host’s internal IP address can start a classic mode FTP connection, which attackers can use for nefarious purpose.
Cyber Security Tips: There is no patches are available yet, but temporary mitigation is uninstall Java on their desktops and in browsers, as well as disable support for “classic mode” FTP on all firewalls, and once new version release install immediately.
- Check How Facebook Monitors Your Activities with this Crazy Chrome Extension
Now you have an open source, free tool with which you can easily keep a check on what sort of monitoring mechanism does Facebook has implemented and what kind of activities does the social network tracks. The tool is called Data Selfie and it is a Chrome extension. This tool utilizes machine learning algorithms to inspect what is revealed about your personality by the way you use Facebook. It also checks your social media patterns and offers an opportunity to ensure totally customized and personalized experience. Using this tool you can identify the way machine learning algorithms monitor and process your activities on Facebook and how it gets information about your interests, personality, and habits, tracking your interactions on Facebook; it checks your every single post, your Likes, the amount of time you spent checking out a shared article/post and every little thing such as when you scrolled and for how long.
Cyber Security Tips: To het this extension visit https://chrome.google.com/webstore/detail/data-selfie/kjmnobfdkgaclpkgeniccafoennghjnm
- TeamSpy malware targeting users through malicious TeamViewer app
TeamSpy data-stealing malware has been detected again. This time, the malware being used in a new campaign that has been discovered by researchers at Heimdal Security. Through using TeamSpy (Pdf), attackers and threat actors can easily gain access and full control on any compromised computer. A majority of the targets seem to be unsuspecting online users. According to researcher the malware is spreading due to email, social engineering. The cybercriminals trick innocent users into installing TeamSpy malware using DLL hijacking technique. In this trick, an authentic software program is manipulated in a way that it starts performing illegal activities.
Attack Scenario: users receiving an email that contains an eFax attachment. When the recipient opens that email, an .exe file that is also attached with this file gets activated causing the TeamSpy malware code to be installed on the computer as malicious DLL. A TeamViewer session then commences while the attacker’s activities remain hidden from the victim. Furthermore, attackers can easily carry out a variety of exploits on the machine using the services that the user has been running on the computer. The campaign is also able to circumvent two-factor authentication. The malware also provides attackers full access to encrypted content that has been unencrypted by the victim on the infected computer as per news published in HackRead.
Cyber Security Tips: To protect from this malware avoid to open spam mails, check before clicking, be aware about fake ads and use updated antivirus in your system.
- Cyber criminals now target WhatsApp, Paytm
There are lots of cyber security report are published recently. According to a report published by DNA, the Cyber Crime Police Station (CCPS) at Bandra-Kurla Complex (BKC) has been registering endless cases of fraud wherein the accounts of WhatsApp and Paytm users are being hacked. The hackers would apparently reach out to the contact list of the victim and ask them to transfer funds to their Paytm account to meet their urgent needs. Cisco released their 10th annual report on global cyber security issues late last month which essential highlighted the problem caused by apps being used by employees to improve their productivity in the workplace. The report sampled 900 organizations and identified 222,000 third-party applications being used by employees. Of these apps, 27 per cent were classified as high risk. Today WhatsApp is favorite target of hackers, many peoples are not aware about malicious links, once they receive link the immediately clicks on the links and some malicious activities are start running in background.
Cyber Security Tips: Mobile users are strictly recommended that check the links before clicking, avoid to click on links and keep using updated antivirus.