Cyber Security News (1st February 2018)

  1. Critical Oracle Micros POS Flaw Affects Over 300,000 Payment Systems

The OPI (formerly MICROS Payment Gateway) is a payment driver used to process credit card transactions in Simphony. It simplifies credit card payment configuration by enabling Simphony to communicate with different credit card processors using a single payment. According to the latest report, Oracle’s MICROS EGateway Application Service, deployed by over 300,000 small retailers and business worldwide, is vulnerable to directory traversal attack. The attacker can remotely exploitable this critical vulnerability that affects its MICROS point-of-sale (POS) business solutions for the hospitality industry. If exploited, the vulnerability (CVE-2018-2636) could allow attackers to read sensitive data and receive information about various services from vulnerable MICROS workstations without any authentication.

Cyber Security Tips:  If you are using this payment system you are strongly recommended that update your payment system with latest patches.

  1. Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw

Mozilla Firefox is a free and open-source web browser developed by Mozilla Foundation and its subsidiary, Mozilla Corporation. According to a security advisory published by Cisco, Firefox 58.0.1 addresses an ‘arbitrary code execution’ flaw that originates due to ‘insufficient sanitization’ of HTML fragments in chrome-privileged documents. Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim’s computer just by tricking them into accessing a link or ‘opening a file that submits malicious input to the affected software. Affected web browser versions include Firefox 56 (.0, .0.1, .0.2), 57 (.0, .0.1, .0.2, .0.3, .0.4), and 58 (.0).

Cyber security Tips:  Users are strongly recommended to apply the software updates before hackers exploit this issue, and avoid opening links provided in emails or messages if they appear from suspicious or unrecognized sources.

  1. SmokeLoader Malware Abusing MS Office Document and Compromise Windows 8, 10 Users PC

Recently Meltdown and Spectre Vulnerabilities has been disclosed in last modern processors and patched by companies. According to the latest report, A dangerous malicious campaign SmokeLoader Malware abusing MS office document that spreading via spam Email and targeting Windows 8 and above users which taking advantage of Meltdown and Spectre Vulnerability. Email medium is mainly used by attackers nowadays which carried out a variety of malware campaign and spreading across the world to infect a large number of users. Attackers using a different kind of Email body content to gain more trust from the targeting users and compromise them to believe it as a legitimate one. This file is dropped with the name DKSPKD.exe at %Temp% location and launched to perform malicious activities.

Cyber Security Tips:  To protect yourself from such a malware you are strongly recommended that keep your OS up-to-date, avoid opening spam emails, avoid downloading any files from link, turn on your firewall, and Use caution when clicking on links to web pages

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: