- Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking
The researcher Google Security Team’s researchers Jason Geffner and Jan Bee discover critical vulnerability in ESET’s antivirus software that could allow any unauthenticated attackers to remotely execute arbitrary code with root privileges on a Mac system. The critical security flaw, tracked as CVE-2016-9892, in ESET Endpoint Antivirus 6 for macOS. all a hacker needs to get root-level remote code execution on a Mac computer is to intercept the ESET antivirus package’s connection to its backend servers using a self-signed HTTPS certificate, put himself in as a man-in-the-middle (MITM) attacker, and exploit an XML library flaw. The issue was related to a service named esets_daemon, which runs as root. The service is statically linked with an outdated version of the POCO XML parser library, version 1.4.6p1 released in March 2013 according to report published in HackerNews.
Cyber Security Tips: Users are strictly recommended avoid to use outdated version and update with latest version. To update version visit: https://www.eset.com/za/download/business/ detail/family/67/
- Internet-Connected Teddy Bear Leaks Millions Of Voice Messages and Password
Use of internet is growing day to day, now parents are buying smart teddies for their children but now they need to think twice before buying it. It may be danger for privacy and data security risks for kids who play with them. The latest security failing of the internet-connected smart toys, more than 2 Million voice recordings of children and their parents have been exposed, along with email addresses and passwords for over 820,000 user accounts. California-based Spiral Toys’ line of internet-connected stuffed animal toys, CloudPets, which allow children and relatives to send recorded voicemails back and forth, reportedly left the voice messages recorded between parents and children and other personal data to online hackers according to news published in HackerNews. Ever the attackers can locked your data and then ask for ransom.
Cyber Security Tips: If you are user of CloudPets, then you are strictly recommended that change your password.
- Amazon Web Services suffer massive outage taking popular sites down
Amazon Web Services (AWS), a subsidiary of Amazon.com, offers a suite of cloud-computing services that make up an on-demand computing platform. According to SimilarTech, Amazon Web Services’ Amazon S3 service is used by 148,213 sites including Airbnb, Pinterest, Slack, Buzzfeed, Netflix Spotify and some Gannett systems. While not all were affected by the outage, some experienced slowdowns. Amazon said that ‘‘we’ve identified the issue as high error rates with S3 in US-EAST-1, which is also impacting applications and services dependent on S3. We are actively working on remediating the issue. According to amazons last statement as of 1:49 PM PST, they are fully recovered for operations for adding new objects in S3, which was our last operation showing a high error rate. The Amazon S3 service is operating normally.
Cyber Security Tips: Users are no need to worry about the site down, no users data is compromised or loss.
- Ransomware attacks doubles to 10.5% in H2, 2016 globally: Check Point
Bangalore: Globally, ransomware attacks doubled in the second half of 2016, compared to the first half, according to Check Point released H2 2016, Global Threat Intelligence Trends report. The percentage of ransomware attacks increased from 5.5% to 10.5% between July and December 2016. The H2 2016 Global Threat Intelligence Trends Report highlights the key tactics cyber-criminals are using to attack businesses, and gives a detailed overview of the cyber-threat landscape in the top malware categories – ransomware, banking and mobile. It is based on threat intelligence data drawn from Check Point’s ThreatCloud World Cyber Threat Map between July and December 2016 according to news published in ETCIO.
Cyber Security tips: To protect from ransomware attacks use reputed ransomware protection, keep using updated antivirus, regularly backup your data, avoid to open spam mails.