Cyber Security News (10th April 2018)

  1. BSF website down, had malware capable of sending fake emails

The Border Security Force is the primary border guarding force of India. According to the report published by CIO, An official website of the Border Security Force was discovered to be hosting files infected with malware. A BSF spokesperson told TOI that the website has been under security audit for little over a month now. An Indian security expert found the malware files capable of sending fake emails pretending to be from Mumbai’s United Services Club, which serves military officers and eminent citizens. Now the website is up, and security team is investigating the issues.

Cyber Security Tips:

To prevent your website from such a malware infection, you are strongly recommended that install patches regularly, keep your website CMS up-to-date, regularly scan your website for malware infection, use web application firewall and keep monitoring your website.

  1. Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault

Enterprise password manager (EPV) solutions help organizations to securely manage their sensitive passwords, controlling privileged accounts passwords across a wide range of clients/server and mainframe operating systems, switches, databases, and keep them safe from external attackers, as well as malicious insiders. According to the news published by Hacker news, a critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. According to the German cybersecurity firm RedTeam Pentesting GmbH, the vulnerability (CVE-2018-9843) resides in CyberArk Password Vault Web Access, a .NET web application created by the company to help its customers access their accounts remotely. According to the researchers, when a user logs in into his account, the application uses REST API to send an authentication request to the server, which includes an authorization header containing a serialized.NET object encoded in base64. This serialized.NET object holds the information about a user’s session, but researchers found that the “integrity of the serialized data is not protected.”

Cyber Security Tips: Users are strongly recommended to upgrade their software to version 9.9.5, 9.10 or 10.2.

  1. ATMJackpot Malware Stealing Cash From ATMs

A new ATM malware called as ATMJackpot has been identified by security researchers at Netskope Threat Research Labs. According to Netskope’s blog post, it is yet unclear how ATMJackpot is deployed or used (physically or remotely) but its purpose is quite clear, which is to steal money from ATMs (automated teller machines). The researcher said that the malware was in development phase with limited features. This ATM Malware propagates via physical access by an attacker using USB and also spreading via a network by downloading the malware on to already compromised ATM machines. Once malware install it start reading your PIN, Malware has the functionality to dispense cash and finally has the functionality to eject the card. But to install this malware attacker need physical access of ATM machine.

Cyber Security Tips: To prevent from these malware banks are recommended to make sure that their banks ATM’s physically secured, appoint security guard in near ATM machines, use CCTV cameras and check your ATM machines daily for any hardware changes.

  1. Hackers compromise AOL advertising platform to mine cryptocurrency

The IT security researchers at Trend Mirco have discovered that on March 25th, 2018, malicious hackers compromised AOL’s advertising platform and modified its script to mine Monero cryptocurrency. According to Trend Micro’s analysis, the compromised ads were found creating a large number of web miners. Its homepage was infected with the mining script which happens to be the default page of Microsoft’s browser and the page that Outlook (Hotmail and Live) users are redirected to once they log out from their account according to the news published by Hackread. The Researchers identified 500 other websites infected with the same CoinHive cryptocurrency mining script used on AOL advertising platform.

Cyber Security Tips: To prevent yourself from such as mining malware you are recommended to use minerBlock and No Coin extensions in your browser, think before clicking on any ads, avoid visiting malicious websites and keep using reputed antivirus.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: