- Millions of Devices Remain Exposed via SMB, Telnet Ports: Rapid7
According to the Rapid 7, despite being exploited in wide-spread malicious attacks, SMB, Telnet, RDP, and other types of improperly exposed ports continue to put both enterprises and consumers at risk. Rapid7 said that there are 5.5 million machines with SMB port exposed, up from 4.7 million prior to May 2017, when WannaCry emerged. The ransomware managed to spread fast via a worm component leveraging the SMB-targeting EternalBlue exploit. Of the total endpoints exposing Microsoft file-sharing services (SMB, TCP port 445), 800,000 of them are confirmed Windows systems. According to Shodan founder John Matherly, over 2 million machines with SMB appear in the device search engine, and most of them (90%) run SMB version 1.
Cyber Security Tips: Users are recommended to disable the SMB and telnet if not necessary or filtered with firewall, use SSH instead of Telnet, keep your systems up to date, keep your antivirus updated and regularly backup your data.
- Hundreds of Fake Android Antivirus Apps Deliver Malware
Android devices are being targeted by hacker due to unawareness of use. According to the latest report, millions of users has downloaded malicious antivirus application. According to RiskIQ, there are 6,295 total Android apps, past and present, claiming to either be an antivirus solution, review antivirus solutions or be associated with antivirus software in some way. RiskIQ discovered that 707 of the apps triggered blacklist detections in VirusTotal. 655 of these “antivirus” apps are in Google Play, and 131 of them triggered blacklist detections. According to the report, 4,292 of these apps are active today, including 525 of those that triggered blacklist detections in VirusTotal. 508 of the apps are in Google Play, yet only 55 of them triggered blacklist detections.
Cyber Security Tips: Users are recommended that avoid to use unknown antivirus on your mobile, use reputed antivirus, be aware of social engineering and if you have already installed such apps immediately remove it.
- Hackers Using Chinese Malware to Rob ATMs Using Outdated Windows XP
Researcher and security experts have already warned about ATM hacking. Most of the ATM machines are still running Windows XP which is vulnerable to cyber-attacks. According to the latest report hackers are targeting ATM machines by using chines malware. According to the report published by Hack read, the Rufus malware can exploit old and outdated ATM software. All of the affected ATMs were found to be still using the old versions of Windows XP. This was discovered despite the fact that they were notified about the system’s vulnerability to the WannaCry attack. West Bengal, Gujarat, Odisha, and Bihar were all affected by this new way of stealing the money. The researcher said that only the ATMs with this software were affected, but that doesn’t guarantee that the others are completely safe.
Cyber Security Tips: The Reserve Bank of India is also aware of this situation and they are working closely with National Payment Corporation of India. To prevent from such malware need to improve cyber security, keep systems up-to-date.