Cyber Security News (13th January 2018)

  1. New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

Recently Meltdown and Spectre vulnerabilities have been discovered in popular processors. According to the latest report, a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely. F-Secure reported unsafe and misleading default behavior within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user’s device in less than 30 seconds. AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organization. o exploit this issue, all an attacker with physical access to a password (login and BIOS) protected machine needs to do is a reboot or power-up the targeted PC and press CTRL-P during boot-up. The attacker then can log into Intel Management Engine BIOS Extension (MEBx) with a default password. Once logged in, the attacker can then change the default password and enable remote access, and even set AMT’s user opt-in to “None.”

Cyber Security Tips: Users and IT administrators in an organization are recommended to change the default AMT password of their device to a strong one or disable AMT if this option is available, and never leave their laptop or PC unattended in a public place.

  1. Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users

The first malware of 2018 is reported in macOS. A security researcher has revealed details of a new piece of undetectable malware targeting Apple’s Mac computers. The malware named OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012. DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information. Once your system infected with this malware is able to take screenshots, generate simulated mouse events, Perhaps persist as a launch item, download and upload files and execute commands. To check if your Mac computer is infected with MaMi malware, go to the terminal via the System Preferences app and check for your DNS settings particularly look for 82.163.143.135 and 82.163.142.137.

Cyber Security Tips:  None of 59 popular antivirus software is detecting this malware at this moment, so you are advised to use a 3rd-party tool such as a firewall that can detect and block outgoing traffic.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: