Cyber Security News (7th February 2018)

  1. Critical Flaw in Grammarly Spell Checker Could Let Attackers Steal Your Data

Grammarly is an app that automatically detects grammar, spelling, punctuation, word choice, and style mistakes in writing. Grammarly’s algorithms flag potential issues in the text and suggest context-specific corrections for grammar, spelling, wordiness, style, punctuation, and even plagiarism. According to Google Project Zero researcher Tavis Ormandy, a critical vulnerability discovered in the Chrome and Firefox browser extension of the grammar checking software Grammarly inadvertently left all 22 million users’ accounts, including their personal documents and records, vulnerable to remote hackers. Any website a Grammarly user visits could steal his/her authentication tokens, which is enough to login into the user’s account and access every “documents, history, logs, and all other data” without permission.

Cyber Security Tips:  users are strongly recommended that remove existing Grammarly extension until update release by company and reset your all passwords

  1. Watch Out! New Cryptocurrency-Mining Android Malware is Spreading Rapidly

Just in the month of January, Kaspersky researchers spotted fake antivirus and porn Android apps infected with malware that mines Monero cryptocurrency, launches DDoS attacks, and performs several other malicious tasks, causing the phone’s battery to bulge out of its cover. Another month another cryptocurrency malware. The security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new piece of wormable Android malware, dubbed ADB.Miner that scans wide-range of IP addresses to find vulnerable devices and infect them to mine digital cryptocurrency. ADB.Miner scans for Android devices—including smartphones, smart TVs, and TV set-top boxes—with publicly accessible ADB debug interface running over port 5555 and then infects them with a malware that mines Monero cryptocurrency for its operators. It is not cleared yet which vulnerability hackers using to spread malware.

Cyber Security Tips:  To prevent yourself from such a malwares you are strongly recommended that do not install unnecessary and untrusted applications from the app store, even from Google Play Store, and keep your devices behind a firewall or a VPN and keep using reputed antivirus.

  1. All Ledger hardware wallets vulnerable to man in the middle attack

Hardware wallets are usually considered the safest option for storing cryptocurrency, but according to the latest report, Ledger hardware wallet that is currently operating in the cryptocurrency market is vulnerable to cyber-attacks. The vulnerability was identified by unknown security researchers in every single hardware wallet that allows cybercriminals to show fraudulent addresses to Ledger users/customers. When funds are requested to these addresses, the cryptocurrency is transferred to the attacker’s wallet instead of the user. The report stated that a Ledger wallet creates a brand new address every time a payment is to be received but through man-in-the-middle attack, while the user is trying to generate this address in order to transfer cryptocurrency to their wallet, the amount would be transferred to a fraudulent address if the computer is infected with malware.

Cyber Security Tips:  To prevent attack users must verify whether the wallet address is correct or not before transferring funds. This can be done by clicking on the button under the QR CODE. This button will display the address of the hardware wallet and users will be able to verify the address.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: