- Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild
Opening Microsoft word file could compromise your system. Security researchers are warning of a new in-the-wild attack can installs malware on your patched computers by exploiting a unpatched zero-day vulnerability in all current versions of Microsoft Office on fully-patched PCs. Researchers from security firms McAfee and FireEye starts simply with an email that attaches a malicious Word file containing a booby-trapped OLE2link object. Once victim opened the malicious file the exploit code gets executed and it starts connecting to a remote server controlled by the attacker. After that attacker downloading additional payloads from “different well-known malware families” to take over the victim’s PC, and closing the weaponized Word file.
Cyber Security Tips: Users are strictly recommended that do not open or download any suspicious Word, enable Office Protected View feature, always keep your system and antivirus up-to-date, regularly backup your files in an external hard-drive, disabling Macros, always beware of phishing emails, spams, and clicking the malicious attachment.
- Someone hacked tornado emergency siren in Dallas
You are always hearing about hacking CCTV, Smart TV, websites, traffic signboards or radio stations but now any siren is also can be hacked. Someone hacked every single tornado emergency siren (156) in Dallas, TX on Friday night which sounded something like this. According to an investigator, it is not compromised remotely. Someone had the physical access to the server connecting 156 sirens. The server will remain off until Monday since the investigations are underway.
Cyber Security Tips: To prevent from such hacking keep your critical devices physically secured, keep monitoring your servers, keep using CCTV in server location to catch criminals and keep locking your system with a strong password.
- Gaming giant GameStop’ website hacked; credit card data stolen
GameStop is an American video game, consumer electronics, and wireless service retailer. The Video game giant GameStop confirmed that their official website was compromised and the hacker had stolen credit card data information and other customer data. GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. It must be noted that the breach was originally identified by Brian Krebs. The billion dollar company has over 7000 retail stores worldwide and over million customers which mean that the hackers could make millions of dollars just by selling the customers information on the DarkWeb marketplaces.
Cyber Security Tips: Users are recommended to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank, keep watch on your account.
- “BrickerBot” permanently damage your IoT Devices
New malware targeting IoT devices called as BrickerBot. The Security researchers at security shop Radware have found a new malware called BrickerBot that can permanently scramble Internet of Things (IoT) devices around the world by corrupting device’s storage capability. BrickerBot is capable of effectively bricking IoT devices by corrupting the device’s storage capability. On March 20, researchers spotted the malware via honeypot servers, which targeted only Linux BusyBox-based IoT devices. The Bricker Bot attack used Telnet brute force the same exploit vector used by Mirai to breach a victim’s devices. The two different versions of BrickerBot were detected. BrickerBot.1 and BrickerBot.2 and both the versions have very different set of commands. Once this malware successfully installed on your IoT device, it can permanently damage your device.
Cyber Security Tips: Users are recommended to improve their cyber security, keep your devices up to date, keep using updated antivirus and avoid to click on any link, ads.