Cyber Security News (30th January 2018)

  1. Nearly 2000 WordPress Websites Infected with a Keylogger

WordPress is a free and open-source content management system based on PHP and MySQL. More than 74.6 Million websites are running on WordPress. If you are one of them then bad news for you, according to the latest report, More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors’ computers to mine digital currencies but also logs visitors’ every keystroke. Security researchers at Sucuri discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from CoinHive and a keylogger. Sucuri researchers said the threat actors behind this new campaign is the same one who infected more than 5,400 WordPress websites last month since both campaigns used keylogger/cryptocurrency malware called cloudflare[.]Solutions. Hackers can steal much more valuable data, including payment card data.

Cyber Security Tips:  If your website has already been compromised with this infection, you will require to remove the malicious code from theme’s functions.php and scan wp_posts table for any possible injection. Users and administrators are advised to change all WordPress passwords and update all server software including third-party themes and plugins just to be on the safer side.

  1. Hard-coded Password Lets Attackers Bypass Lenovo’s Fingerprint Scanner

Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 and 8.1 operating systems that allows users to log into their fingerprint-enabled Lenovo PCs using their fingers. Lenovo has recently rolled out security patches for a severe vulnerability in its Fingerprint Manager Pro software that could allow leak sensitive data stored by the users. According to the company, Fingerprint Manager Pro version 8.01.86 and earlier contains a hard-coded password vulnerability, identified as CVE-2017-3762, that made the software accessible to all users with local non-administrative access. According to the report, Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.  The vulnerability impacts Lenovo ThinkPad, ThinkCentre and ThinkStation laptops, and affects more than two dozen Lenovo ThinkPad models, five ThinkStation Models and eight ThinkCentre models that run Windows 7, 8 and the 8.1 operating systems.

Cyber Security Tips:  Customers are strongly recommended to update their devices to Fingerprint Manager Pro version 8.01.87 or later to address the issue.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: