- Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords
More than 400 million devices are running windows 10 in around 192 countries across the world. If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. On Windows 10 Anniversary Microsoft added a new feature called Content Delivery Manager that silently installs new “suggested apps” without asking for users’ permission. According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called “Keeper,” on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network. A third-party password manager now comes installed by default on Windows 10, Ormandy started testing the software and took no longer to discover a critical vulnerability that leads to “complete compromise of Keeper security, allowing any website to steal any password.” the vulnerability only affects version 11 of the Keeper app, which was released on December 6 as a major browser extension update, the vulnerability is different from the one Ormandy reported six months ago according to the news published by hackernews.
Cyber Security Tips: Users are strongly recommended that check whether any third party password manager installed in your system, if installed then immediately uninstalled it, reset your all passwords with strong one, and disable Content Delivery Manager in order to prevent Microsoft from installing unwanted apps silently on their PCs.
- Lazarus group conducting malware attacks to steal Bitcoins
Bitcoin is a cryptocurrency and worldwide payment system. The network is peer-to-peer and transactions take place between users directly through the use of cryptography. So no one can trace bitcoin transaction. Today bitcoin price is on the rise. According to the current bitcoin marketplace, one bitcoin price is more than $19000 and it looks like North Korea is trying to take full advantage of it. According to security researchers at SecureWorks, the infamous Lazarus group known for their links with the North Korean government has been busy targeting cryptocurrency platforms by conducting a spearphishing campaign. Lazarus was previously in news for targeting banking giants around the globe while their latest attacks are targeting officials working at cryptocurrency firms in which hackers send an email containing a Word file as an attachment. The email tells the victim that in order to view the file they need to enable editing. Once that is done, the document installs a malicious macro on the device that further loads a Trojan that lets attackers take control of the computer.
Cyber Security Tips: Cryptocurrency firms are strongly recommended to improve the cyber security of your network, keep using a reputed security suits, and beware of phishing e-mails.