Here we are with our weekly roundup, briefing this week’s top cybersecurity threats, incidents, and challenges, just in case you missed any of them.
Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discovery of a new malware evasion technique that works on all versions of Microsoft’s Windows operating system.
Besides this, the newly discovered Janus vulnerability in the Android operating system and a critical remote code execution (RCE) vulnerability in Malware Protection Engine (MPE) for which Microsoft released an emergency patch made their places in our weekly roundup.
I recommend you to read the entire news (just click ‘Read More’ because there’s some valuable advice in there as well).
So, here we go with the list of this Week’s Top Stories:
Process Doppelgänging: New Malware Evasion Technique
A team of researchers, who previously discovered AtomBombing attack, recently revealed a new fileless code injection technique that could help malware authors defeat most of the modern anti-virus solutions and forensic tools.
Dubbed Process Doppelgänging, the method takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader, and works on all versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10.
To know How Process Doppelgänging attack works and why Microsoft refused to fix it, Read More.
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
A newly discovered vulnerability, dubbed Janus, in Android could let attackers modify the code of Android apps without affecting their signatures, eventually allowing them to distribute malicious update for the legitimate apps, which looks and works same as the original apps.
Although Google has patched the vulnerability this month, a majority of Android users would still need to wait for their device manufacturers to release custom updates for them, apparently leaving a large number of Android users vulnerable to hackers for next few months.
To know more about the vulnerability, how it works and if you are affected, Read More.
Pre-Installed Keylogger Found On Over 460 HP Laptop Models
Once again, Hewlett-Packard (HP) was caught pre-installing a keylogger in more than 460 HP Notebook laptop models that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details.
When reported last month, HP acknowledged the presence of the keylogger, saying it was actually “a debug trace” which was left accidentally, and affected users can install updated Synaptics touchpad driver to remove it manually.
To know how to check if your HP laptop is vulnerable to this issue and download compatible drivers, Read More.
New Email Spoofing Flaw Affects Over 30 Popular Email Clients
Researchers discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms.
Dubbed MailSploit, the vulnerabilities affect popular email clients including Apple Mail (for macOS, iOS, and watchOS), Mozilla Thunderbird, Yahoo Mail, ProtonMail, several Microsoft email clients, and others.
To watch the PoC video released by the researchers and know more about the vulnerabilities, Read More.
Largest Crypto-Mining Exchange Hacked; Over $80 Million in Bitcoin Stolen
Last week was the golden week in Bitcoin’s history when the price of 1 BTC touched almost $19,000, but the media hype about the Bitcoin price diminishes the hack of the largest Bitcoin mining marketplace.
NiceHash mining marketplace confirmed a breach of its website, which resulted in the theft of more than 4,736 Bitcoins, which now worth nearly $80 million.
The service went offline (and is still offline at the time of writing this article) with a post on its website, confirming that “there has been a security breach involving NiceHash website,” and that hackers stole the contents of the NiceHash Bitcoin wallet.
Microsoft Issues Emergency Windows Security Update
A week before its December Patch Tuesday updates, Microsoft released an emergency security patch to address a critical remote code execution vulnerability in its Malware Protection Engine (MPE) that could allow an attacker to take full control of a victim’s PC.
The vulnerability (CVE-2017-11937) impacts Windows 10, Windows 8.1, Windows 7, Windows RT 8.1, and Windows Server, and affects several Microsoft’s security products, including Windows Defender, Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016.
To know more about the vulnerability, Read More.
Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL
Scientists discovered a critical implementation flaw in major mobile banking apps—for both iOS and Android—that left banking credentials of millions of users vulnerable to man-in-the-middle attacks.
Attackers, connected to the same network as the victim, could have leveraged vulnerable banking apps to intercept SSL connection and retrieve the user’s banking credentials, like usernames and passwords/pincodes—even if the apps are using SSL pinning feature.
To know how attackers could have exploited this vulnerability to take over your bank accounts, Read More.
Massive Data Breach Exposes Personal Data On 31 Million Users
While downloading apps on their smartphones, most users may not realize how much data they collect on them, and app developers take advantage of this ignorance, wiping off more data on their users than they actually require for the working of their app.
But what if this data falls into the wrong hand?
The same happened last week, when a massive trove of personal data (over 577 GB) belonging to more than 31 million users of the famous virtual keyboard app, called AI.type, leaked online for anyone to download without requiring a password.
To know more about the data breach incident and what information users lost, Read More.
Critical Flaw in Major Android Tools Targets Developers
An easily-exploitable vulnerability discovered in Android application developer tools, both downloadable and cloud-based, could allow hackers to steal files and execute malicious code on vulnerable systems remotely.
The vulnerability was discovered by security researchers at CheckPoint, who also released a proof of concept (PoC) attack, dubbed ParseDroid, along with a video to demonstrate how the attack works.
To watch the video and know how this vulnerability can be exploited, Read More.
Uber Paid Florida Hacker $100,000 to Keep Data Breach News Secret
It turns out that a 20-year-old Florida man, with the help of another, was responsible for the massive Uber data breach in October 2016 and was paid an enormous amount by the ride-hailing company to destroy the data and keep the data breach incident secret.
Last week, Uber announced that a massive data breach last year exposed personal data of 57 million customers and drivers and that it paid two hackers $100,000 in ransom to destroy the information.
To know more about the data breach at Uber and the hackers, Read More.
Source : THN