- Pre-Installed Keylogger Found On Over 460 HP Laptop Models
A security researcher who goes by the name of ZwClose discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details. The Keylogger was found in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers. The keylogger component is disabled by default, but hackers can make use of available open source tools for bypassing User Account Control (UAC) to enable built-in keylogger “by setting a registry value.” The researcher reported the keylogger component to HP last month, and the company acknowledges the presence of keylogger, saying it was actually “a debug trace” which was left accidentally, but has now been removed.
Cyber Security Tips: The Company has released a Driver update for all the affected HP Notebook Models. If you won HP laptop, you are strongly recommended to install Driver update.
- Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
The new vulnerability has been discovered in Android called Janus, the vulnerability could allow attackers to modify the code of Android apps without affecting their signature verification certificates, eventually allowing them to distribute malicious update for the legitimate apps, which looks and works same as the original apps. The vulnerability (CVE-2017-13156) was discovered and reported to Google by security researchers from mobile security firm GuardSquare this summer and has been patched by Google, among four dozen vulnerabilities, as part of its December Android Security Bulletin. The vulnerability affects apps using APK signature scheme v1 installed on devices running Android versions 5 (Lollipop) and 6 (Marshmallow). The vulnerability resides in the way Android handles APK installation for some apps, leaving a possibility to add extra bytes of code to an APK file without affecting the application’s signature.
Cyber Security Tips: Android users are strongly recommended that checks APK header information determine if the archive contains code in the compressed DEX files while installing an Android app or its update, your device. Android developers always to apply signature scheme v2 in order to ensure their apps cannot be tampered with.
- Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability
Microsoft has just released an emergency security patch to address a critical remote code execution (RCE) vulnerability in its Malware Protection Engine (MPE) that could allow an attacker to take full control of a victim’s PC. According to Microsoft, the vulnerability affects a large number of Microsoft security products, including Windows Defender and Microsoft Security Essentials along with Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016, impacting Windows 7, Windows 8.1, Windows 10, Windows RT 8.1, and Windows Server. Tracked as CVE-2017-11937, the vulnerability is a memory corruption issue which is triggered when the Malware Protection Engine scans a specially crafted file to check for any potential threat. Successful exploitation of the flaw could allow a remote attacker to execute malicious code in the security context of the LocalSystem account and take control of the target’s computer.
Cyber Security Tips: Users and administrators are strongly recommended that install patches as soon as possible.
- Someone hacked this traffic sign with anti-Trump messages
A traffic sign near North Central Expressway in Dallas was hacked by unknown perpetrator on Friday (November 8th) night and defaced with an obscene message against the President of United States Donald Trump and his voters. According to Dallas news, Texas Department of Transportation (TXDOT) said that “As of now, we don’t have any information that it’s ours. But we have taken steps with our contractors to make sure they understand the importance of additional measures to make sure the signs don’t get hacked.”
Cyber Security Tips: To prevent this hack make sure the traffic signal devices are protected with password strong password, change the default password and keep up-to-date.
- A Trove of 1.4 Billion Clear Text Credentials File Found on Dark Web
The Dark Web marketplace, one can buy anything from illegal drugs to weapons, fake documents to malicious software and even stolen databases, etc. Recently, a dark web monitoring firm 4iQ discovered a massive trove of the 41GB data file containing 1.4 billion billion login credentials including emails and passwords in clear-text format. Researchers believe it is the “largest aggregate database found in the dark web to date” beating the Onliner Spambot dump with 711 Million accounts following Exploit.in data dump in which 593 million accounts were exposed. The dump was discovered on a dark web forum on December 5th, 2017 in which the total amount of data is 1,400,553,869 with usernames/emails and their clear text password. “This database makes finding passwords faster and easier than ever before. As an example searching for “admin,” “administrator” and “root” returned 226,631 passwords of admin users in a few seconds,” explains 4iQ’s Julio Casal. 4iQ is currently in the process of analyzing the full data dump and might take a while to come up with full disclosure of their findings.
Cyber Security Tips: It is not cleared yet what are the affected domain but you are strongly recommended that reset your passwords as soon as possible, never use the same password for the different account, do not use a simple password and beware of data breaches.