- All OnePlus Devices Vulnerable to Remote Attacks
OnePlus is a Chinese smartphone manufacturer founded in December 2013. One company having a good market in the world but bad news for One plus users. The researcher Roee Hay of Aleph Research, HCL Technologies discovered 4 critical vulnerabilities in all one plus devices in January 2017. According to research four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T, running the latest versions of OxygenOS 4.1.3 (worldwide) and below, as well as HydrogenOS 3.0 and below (for Chinese users). According to researcher vulnerabilities allows Man-in-the-Middle (MitM) attack against OnePlus device users, allowing a remote attacker to downgrade the device’s operating system to an older version, which could then expand the attack surface for exploitation of previously disclosed now-patched vulnerabilities. The vulnerabilities discovered in January but the company failed to patch after 90 days. The four vulnerabilities are OnePlus OTA Updates over HTTP: CVE-2016-10370, OnePlus OTA Downgrade Attack: CVE-2017-5948, OxygenOS/HydrogenOS Crossover Attack: CVE-2017-8850 and OnePlus OTA One/X Crossover Attack: CVE-2017-8851. The researcher said that vulnerabilities can be exploited only if the attacker and the targeted devices are connected to the same network.
Cyber Security Tips: Company does not release patches yet users are strongly recommended that avoid to connect insecure wireless network, keep your device protected with antivirus and avoid to download any apps from unknown trusted.
- Beware! Built-in Keylogger Discovered In Several HP Laptop Models
The security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes during examining Windows Active Domain infrastructures. Keylogger is software or hardware which is able to record your keystrokes. HP computers come with Audio Chips developed by Conexant, a manufacturer of integrated circuits, who also develops drivers for its audio chips. Dubbed Conexant High-Definition (HD) Audio Driver, the driver helps the software to communicate with the hardware. According to the research, the keylogger is found in HP audio drive. According to the researcher flawed code CVE-2017-8360 written by HP which was poorly implemented, it allows to capture the keys and also records every single key-press and store them in a human-readable file.
Cyber Security Tips: To check yourself then check for two files exist in your system, then this keylogger is present on your PC: C:\Windows\System32\MicTray64 and C:\Windows\System32\MicTray.exe
If any of the above files exist, you are advised that you should either delete or rename the above-mentioned executable and keep a backup of your data.
- Three Chinese Hackers Fined $9 Million for Stealing Trade Secrets
Chines hackers always trying to target companies for stealing their secrete. According to the new report published by hacker News, three Chinese hackers have been ordered to pay $8.8 million (£6.8 million) after hacking email servers of two major New York-based law firms to steal corporate merger plans in December 2016 and used them to trade stocks. According to BBC News, the U.S. Securities Exchange Commission (SEC) alleged the three hackers targeted 7 different law firms, but managed to installed malware on networks belonging to two law firms only, then compromised their IT admin accounts that gave the trio access to every email account at the firms. After successfully accessed emails and web servers allowed them to gain information of the business. The hackers made more than $4 Million in illegal profits.
Cyber Security Tips: To prevent from such attack you are recommended to keep your company account secure, avoid to click on any unknown emails and keep your server secured.