- Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros
Hackers are always targeting users through social engineering. They finding new way to target users. According to the latest report a new type of social engineering attack has been discovered, which doesn’t require users to enable macros; instead it executes malware on a targeted system using PowerShell commands embedded inside a PowerPoint (PPT) file. According to the researcher, the malicious PowerShell code hidden inside the document triggers as soon as the victim moves/hovers the mouse over a link. It further downloads additional payload on the compromised machine even without clicking it. The Security firm SentinelOne has discovered that a group of hackers have been using malicious PowerPoint files to distribute ‘Zusy,’ a banking Trojan, also known as ‘Tinba’. Zusy is a trojan which mainly targets banking websites. This Trojan is also capable to steal users banking data.
Cyber Security Tips: Users are strongly recommended to download PPTs from trusted sites, scan the PPTs before opening, keep using reputed antivirus and disable micros.
- Multiple Vulnerabilities Found in Popular IP Cameras
Multiple vulnerabilities have been found in China’s Foscam-made IP cameras. Foscam is a Chinese video products manufacturer producing IP cameras, network video recorder and baby monitor. It also provides mobile software. According to a latest research, a total of 18 vulnerabilities were discovered by F-Secure and specifically found them in the Opticam i5 and Foscam C2 cameras. The flaws include insecure default credentials, hard-coded credentials, hidden and undocumented Telnet functionality, command injection flaws, missing authorization, improper access control, cross-site scripting, and a buffer overflow. These vulnerabilities were reported to the manufacturer several months ago, but no fixes have been made available.
Cyber Security Tips: Though the Company has not given any statement on this, yet users are strongly recommended to improve security of mentioned products, change default credentials, used strong password and update your signature of security products.