- Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection
Security researcher at Trusteer IBM have discovered a new variant of Dridex. Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers can steal banking credentials and other personal information on the system to gain access to the financial records of a user. This new malware targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called “AtomBombing. AtomBombing does not exploit any vulnerability but abuses the system-level Atom Tables, a feature of Windows that allows applications to store information on strings, objects, and other types of data to access on a regular basis. An attacker can write malicious code into an atom table and trick legitimate applications into retrieving it from the table to execute malicious actions on nearly any Windows operating system released in the past 16 years accrding to news published by HackerNews.
Cyber Security Tips: Users are strictly recommended that avoid to use system without any security protection, keep using updated antivirus and ransomware protection.
- 9 Popular Password Manager Apps Found Leaking Your Secrets
A password manager is a software application or hardware that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database. The report, published on Tuesday by a group of security experts from TeamSIK of the Fraunhofer Institute for Secure Information Technology in Germany, revealed that nine of the most popular Android password managers available on Google Play are vulnerable to one or more security vulnerabilities. Researcher has discover vulnerabilities in most popular password manager apps such as LastPass, Keeper, 1Password, My Passwords, Dashlane Password Manager, Informaticore’s Password Manager, F-Secure KEY, Keepsafe, and Avast Passwords. According to researcher the vulnerability could allow data residue attacks and clipboard sniffing and some password manager apps are storing passwords in plain text.
Cyber Security Tips: Users are strongly advised to update their password manager apps as soon as possible and immediately change your password of all accounts.
- Coachella festival website hacked; user data at risk
Coachella Valley, Music and Arts Festival, is a famous event that is attended by a large number of citizens. For this event they are required to register on the Coachella festival website and provide personal as well as financial information to buy tickets. But bad news for the users recently, the website admins have announced that the site has undergone a data breach and possibly the information of registered users has been compromised. According to the official announcement made by the festival authorities, they have already started the investigation process and it is confirmed that none of the financial data has been compromised or stolen. Coachella Valley has informed their users because hackers has already stolen their emails so they can send malicious mails and tell them to click on it. Once the user click on the link the attack will start.
Cyber security Tips: Users are strictly recommended that avoid to click on any emails come from Coachella Valley until the issues has been solve, keep using reputed antivirus to fight with such malicious mails.
- Apps Containing Malicious IFrames Found on Google Play
Cyber Security Tips: Developers are strictly recommended that check the app coding and immediately update the apps and users must keep watch on your application and be alert and avoid to use such apps and use updated antivirus.
- Police officer loses Rs 10,000 to caller posing as bank executive
Banking fraud is increasing day to day, hackers are using new technique get access in bank accounts. The new incident is happened with senior police officer, Aasma Khan, a resident of Saheen Bagh on Tuesday. The hacker called her and said that he is calling from his bank and told that your aadhar card is not linked with your account, then he ask for her CVV. After providing CVV immediately got an SMS that Rs 10,000 has been debited from her account,” she said.
Cyber Security Tips: Hackers are using social engineering to get details of banks users are strictly recommended that never share your banking details without verifying, make sure that your sharing your information with authorized persons only.