Data Security News Headlines 9th May 2017

  1. Google 0-Day Hunters Find ‘Crazy Bad’ Windows RCE Flaw

Project Zero researcher Natalie Silvanovich have discovered another critical remote code execution (RCE) vulnerability in Microsoft’s Windows operating system. According to the researcher, this critical vulnerability could allow an attacker to remote code execution. The researcher said that new RCE vulnerability in Windows will likely be disclosed in 90 days from now even if Microsoft fails to patch the issue. Successful exploitation could allow an attacker to execute remote code. An attacker can take control over victim system.

Cyber Security Tips: Users and administrator are recommended to apply patches once release by Microsoft and keep your system up-to-date.

  1. Website of Popular Mac Software Hacked to Spread Malware

If you have downloaded the most popular open source video transcoder app HandBrake on your Mac then there is bad news for you.  The HandBrake team issued a security alert on Saturday, warning Mac users that one of its mirror servers to download the software has been compromised by hackers. According to the security team, your system can be infected with Remote Access Trojan (RAT). According to the team, an unknown hacker or group of hackers compromised the download mirror server and then replaced the Mac version of the HandBrake client with a malicious version infected with a new variant of Proton. To check if you are infected or not install OSX Activity Monitor application on your mac and check for a process called “Activity_agent”, if the mentioned process is running that means you are infected.

Cyber Security Tips: Users are strongly recommended that update HandBrake version 1.0 or later to remote this Trojan and follow the below mentioned steps;

  1. Open the terminal and type command;                                                                  launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
  2. Then run the command to remove folder:                                                                           rm -rf ~/Library/RenderFiles/activity_agent.app
  3. Once done, you should remove any installations of Handbrake.app you may find.

3. Thousands of Devices Hacked by Rakos Botnet

According to the researcher, thousands of devices have been hacked by a Linux malware called as Rakos. Rakos is a Linux botnet. The researcher said that it is a powerful malware which could allow launching powerful distributed denial-of-service (DDoS) attacks. Rakos targets Linux systems by launching brute-force attacks via SSH.  Brazil-based Morphus Labs recently deployed some high interaction honeypots that were quickly targeted by Rakos. A closer analysis revealed that the botnet had ensnared roughly 8,300 devices per day across 178 countries. The researcher said that Rakos consists of bots and command and control (C&C) servers, but since it’s a peer-to-peer botnet some infected machines may play both these roles. Rakos bots obtain a list of IP addresses from a C&C server and attack those hosts via SSH. Each compromised device will in turn target other devices. The countries which are infected with this malware was China (3,300), followed by Vietnam, Taiwan, Thailand, Russia, India, Brazil and the United States, which had near about 1,000 unique infections.

Cyber Security Tips:  Users can remove this malware by resetting devices, keep monitoring your network activities, use an anti-botnet tool and Linux users are recommended to use a strong password for SSH.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: