- Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable Windows PCs
NSA tools leaked before few days, hackers also started using this leaked tools to target different systems. Script kiddies and online criminals around the world have reportedly started exploiting NSA hacking tools leaked last weekend to compromise hundreds of thousands of vulnerable Windows computers exposed on the Internet. The hacking group known as Shadow Brokers leaked a set of Windows hacking tools targeting Windows XP, Windows Server 2003, Windows 7 and 8, and Windows 2012, allegedly belonged to the NSA’s Equation Group. Microsoft has already patched multiple vulnerabilities but according to the researcher, there are still risks in the wild with unsupported systems as well as with those who haven’t yet installed the patches. Multiple security researchers have performed mass Internet scans over the past few days and found tens of thousands of Windows computers worldwide infected with DoublePulsar, a suspected NSA spying implant, as a result of a free tool released on GitHub for anyone to use. After the scanning researcher found that more than 107,000 Windows computers infected with DoublePulsar.
Cyber Security Tips: Windows users who haven’t applied MS17-010 by now are strongly advised to download and deploy the patches as soon as possible.
- MilkyDoor Android Malware accesses secure corporate networks
A new form of Android malware, named Milkydoor, uses remote port forwarding via Secure Shell (SSH) tunnels by encrypting its payloads to hide malicious traffic and grant attackers access to firewall-protected networks to a variety of an enterprise’s services from web and FTP to SMTP. Around 200 unique Android apps with installs ranging between 500,000 and a million on Google Play have been found embedded with the malware. Security researchers from Trend Micro, the ones who discovered MilkyDoor, say they reported the apps to Google, which promptly removed them from their official app store.
Cyber Security Tips: Organizations are advised to deploy firewalls on BYOD devices to help prevent internal systems from accessing uncommonly used ports like Port 22. At the same time, users are recommended to keep their device up-to date, keep using reputed antivirus and download application only from trusted sources.
- Flaws Allowed Hackers to Bypass LastPass 2FA
LastPass is a freemium password management service that stores encrypted passwords in private accounts. LastPass provide two-way authentication but now hackers can bypass this two-way authentication. Design flaws in LastPass’ implementation of two-factor authentication (2FA) could have been exploited by hackers to bypass the protection mechanism and gain access to user accounts. According to Vigo, an attacker could have also leveraged cross-site scripting (XSS) vulnerabilities on popular websites to avoid having the victim visit his malicious site, which would be more likely to raise suspicion. The researcher also found that attacker can disable 2FA using a CSRF vulnerability. LastPass was informed about these vulnerabilities on February 7 and immediately started working on patches
Cyber Security Tips: Users are recommended that avoid to use LastPass until the issue fix and if you are using Lastpass you are recommended to change your all passwords as soon as possible.