- macOS High Sierra Bug Lets Anyone Gain Root Access Without a Password
If you are using Mac computer and run the latest version of Apple’s operating system, macOS High Sierra, then you need to be extra careful with your computer. According to the latest report a new vulnerability discovered by developer Lemi Orhan Ergin on Tuesday in macOS High Sierra, the vulnerability allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk. According to the researcher, the vulnerability only requires anyone with physical access to the target macOS machine to enter “root” into the username field, leave the password blank, and hit the Enter a few times and Voila! The researcher said that it is impossible to exploit this vulnerability when a Mac machine is turned on, and the screen is protected with a password.
Cyber Security Tips: Apple released a security update which fixes the vulnerability of macOS High Sierra 10.13 and macOS High Sierra 10.13.1, users are strongly recommended to install patches as soon as possible.
- Hackers Exploit Recently Disclosed Microsoft Office Bug to Backdoor PCs
A researcher has recently disclosed a 17-year-old vulnerability in Microsoft Office that lets hackers install malware on targeted computers without user interaction is now being exploited in the wild to distribute a backdoor malware. The malware has been dubbed Cobalt because it uses a component from a powerful and legitimate penetration testing tool, called Cobalt Strike. The vulnerability (CVE-2017-11882) that Cobalt malware utilizes to deliver the backdoor is a memory-corruption issue that allows unauthenticated, remote attackers to execute malicious code on the targeted system when opened a malicious file and potentially take full control over it. This vulnerability impacts all versions of Microsoft Office and Windows operating system. Cybercriminals are quite quick in taking advantage of newly disclosed vulnerabilities, the threat actors started delivering Cobalt malware using the CVE-2017-11882 exploit via spam just a few days after its disclosure.
Cyber Security Tips: To protect yourself against the Cobalt malware attack, you are strongly recommended to download the patch for the CVE-2017-11882 vulnerability and update your systems immediately.
- New Banking Trojan Steal Money From Bank Accounts by Abusing Windows OS
Hackers are targeting users to steal banking credentials. According to the latest report published by gbhackers A new dubbed Banking Trojan “Gozi” discovered that is capable of abusing windows users and stealing bank information from victims computer which has some advanced multi-component malicious programs future. Gozi Banking Trojan Discovered Trojan.Gozi.64,which is used the same source code of the previous version of this malware and also added some advanced future that can infect both 32- and 64-bit Windows versions. Gozi Banking Trojan used malicious plugins that have been discovered in Microsoft Internet Explorer, Microsoft Edge, Google Chrome, and Mozilla Firefox. Once your system infected with this malware, it starts malicious activties such as collecting details for any updates for the Trojan; Download from remote server plugins for browsers used for web injections; Download web-injection configurations from a remote server; Obtain personal tasks, including those requiring the download of additional plugins; Remote computer administration.
Cyber Security Tips: To prevent yourself from this Trojan keep using updated antivirus, avoid clicking on spam emails, pay attention while using the internet and keep your system up to date.