- Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day
Microsoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day. Sixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework. All these flaws could be exploited for remote code execution by tricking a targeted user into opening a specially-crafted webpage that triggers a memory corruption error, though none of these has been exploited in the wild yet.
Cyber Security Tips: Users and administrators are strongly advised to apply security patches as soon as possible
- Chinese Man Arrested for Hacking and Demanding Ransom from Travel Agencies
A man arrested by Chinese police for hacking into system and demand ransom. According to the report servers of two Hong Kong travel agencies, stealing their data, and then asked for a ransom in Bitcoin. The hacks took place in the first days of January and hit Big Line Holiday and Goldjoy Travel. Neither police nor the travel agencies revealed how the hacker got in, but they said he obtained a copy of their databases, which included customer names, ID numbers, passport numbers, telephone numbers, and in some cases, payment card details. After making copies of these databases, the hacker emailed both companies, threatening to release the data online unless he was paid a ransom of 1 Bitcoin (around $15,000 at the time of the ransom demand). The hacker claimed to have information on around 200,000 customers. The investigators tracked down the man’s IP address using server logs retrieved from the two hacked travel agencies.
Cyber Security Tips: To prevent yourself from ransomware attack you are strongly recommended that keep your systems up-to-date, avoid opening spam emails, never click on any ads, keep a backup of your data regularly, and keep using reputed antivirus.
- Man indicted accused of hacking into thousands of computers
A man Phillip Durachinsky, 28, of North Royalton accused of hacking thousands of computers in the Cleveland area as well as nationally and internationally has been indicted federally. Officials says he was the creator of a malware that was named “FruitFly,” that, according to the indictment, he installed on computers and that enabled him to control each computer by accessing stored data, uploading files, taking and downloading screenshots, logging a user’s keystrokes, and turning on the camera and microphone to surreptitiously record images and audio. Officials believe surveillance was the primary purpose of “FruitFly,” which was able to spy on people by using the webcam. FBI officials say Durachinsky did not know most of his victims. For more than 13 years, Phillip Durachinsky allegedly infected with malware the computers of thousands of Americans and stole their most personal data and communications.
Cyber Security Tips: To prevent yourself from such attack you are strongly recommended that keep your systems up-to-date, avoid opening spam emails, never click on any ads, keep a backup of your data regularly, update your webcam firmware regularly, and keep using reputed antivirus.