Data Security News Headlines 6th May 2017

  1. Beware! Don’t Fall for Firefox “HoeflerText Font Wasn’t Found” Banking Malware Scam

Hoefler Text is an old-style serif font by Jonathan Hoefler and released by Apple Computer in 1991 to showcase advanced type technologies. The malicious Hoeflex was previously targeting Google Chrome users to trick them into installing Spora ransomware on their computers. It is back again but this time the target is Firefox. According to report the attack initiates with an alert message, which states that “The ‘HoeflerText’ font was not found,” asking Firefox users to update their “Mozilla Font Pack.” Once clicked, it downloads a ZIP file (Mozilla_Font_v7.87.zip) on the victim’s system, containing a JavaScript file. Meanwhile, the screen will display a set of instructions, asking victims to run the JS file in order to install the missing “Mozilla Font Pack according to news published by Hacker news.

Cyber Security Tips: Users are strongly recommended to avoid the use of Hoefler Text Font, always exercise caution when downloading anything from the Internet, keep all your software’s up-to-date, keep using updated antivirus and beware of a phishing scam.

  1. An Army of Thousands of Hacked Servers Found Mining Cryptocurrencies

A new botnet consisting of more than 15,000 compromised servers has been used for mining various cryptocurrencies. According to the GuardiCore researchers, Bond007.01 is currently using BondNet for mining cryptocurrencies primarily Monero, but also ByteCoin, RieCoin, and ZCas. The researcher also said that an attackers can easily take control over the servers and launch DDOS. The researcher said that the botnet attack targeting windows machine. According to the researcher, the hacker uses a combination of old vulnerabilities and weak user/password combinations to attack mostly old and unsupported Windows Server machines. The most common flaws exploited by the botnet operator include known phpMyAdmin configuration flaws, exploits in JBoss, and bugs in Oracle Web Application Testing Suite, MSSQL servers, ElasticSearch, Apache Tomcat, Oracle Weblogic, and other services. After the successful exploitation attacker is able to installed Remote Access Trojan (RAT).

Cyber Security Tips: To prevent yourself from this attacks keep your servers up-to-date, keep installing security patches, keep updating the firmware, and employing stronger passwords, do Vulnerability Assessment and Penetration Testing (VAPT) to know your network weaknesses, to get excellent VAPT service visit; http://www.anacyber.com/

  1. WWE Divas Charlotte Flair, Victoria Latest Victims of Leaked Photos

Targeting celebrities are not new for us. Hackers are targeting celebrities by leaking their private videos and photos. The latest victim of this scam is Divas Charlotte Flair, Victoria. Private photos and video clip of the famous WWE Divas Lisa Marie Varon known by her WWE name Victoria and Charlotte Flair were leaked. Flair tweeted about her photos being leaked saying that her photos were shared online without her consent. According to the report published by Hack Read, she took photos and videos with her iPhone. It does not happen the first time previously private photos of WWE Divas including Maria Kanellis, Melina Perez, Kaitlyn and Summer Rae were also leaked on different online platforms.

Cyber Security Tips:  Users are recommended to keep their private photos and videos secure, keep their iCloud account secure with a strong password, and never share your private photos and videos.

  1. Anti-Public Combo List with Billions of Accounts Leaked

In December 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Anti Public”. The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The leaked database contains emails, passwords, address, contact details. it seems like the hackers, scammers, and cybercriminals developed these lists from various systems and previous large-scale data breaches including VerticalScope, MySpace, LinkedIn, Twitter, Dropbox, Yahoo, Tumblr and Adobe Systems etc.

Cyber Security Tips: To prevent such data breach keep changing your password regularly, use a strong password, enable two-way authentication and avoid to use same credentials for different accounts.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: