Here we are with our weekly roundup, briefing in which week’s top cybersecurity threats, incidents, in addition to challenges, just in case you missed any of them.
Last week has been very short with big news via the theft of over 4,700 Bitcoins via the largest cryptocurrency mining marketplace to the discovery of a fresh malware evasion technique in which works on all versions of Microsoft’s Windows operating system.
Besides in which, the newly discovered Janus vulnerability inside Android operating system in addition to a critical remote code execution (RCE) vulnerability in Malware Protection Engine (MPE) for which Microsoft released an emergency patch made their places in our weekly roundup.
I recommend you to read the entire news (just click ‘Read More’ because there’s some valuable advice in there as well).
So, here we go with the list of in which Week’s Top Stories:
Process Doppelgänging: fresh Malware Evasion Technique
A team of researchers, who previously discovered AtomBombing attack, recently revealed a fresh fileless code injection technique in which could help malware authors defeat most of the modern anti-virus solutions in addition to forensic tools.
Dubbed Process Doppelgänging, the method takes advantage of a built-in Windows function in addition to an undocumented implementation of Windows process loader, in addition to works on all versions of Microsoft Windows operating system, starting via Windows Vista to the latest variation of Windows 10.
To know How Process Doppelgänging attack works in addition to why Microsoft refused to fix the idea, Read More.
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
A newly discovered vulnerability, dubbed Janus, in Android could let attackers modify the code of Android apps without affecting their signatures, eventually allowing them to distribute malicious update for the legitimate apps, which looks in addition to works same as the original apps.
Although Google has patched the vulnerability in which month, a majority of Android users would likely still need to wait for their device manufacturers to Discharge custom updates for them, apparently leaving a large number of Android users vulnerable to hackers for next few months.
To know more about the vulnerability, how the idea works in addition to if you are affected, Read More.
Pre-Installed Keylogger Found On Over 460 HP Laptop products
Yet again, Hewlett-Packard (HP) was caught pre-installing a keylogger in more than 460 HP Notebook laptop products in which could allow hackers to record your every keystroke in addition to steal sensitive data, including passwords, account information, in addition to credit card details.
When reported last month, HP acknowledged the presence of the keylogger, saying the idea was actually “a debug trace” which was left accidentally, in addition to affected users can install updated Synaptics touchpad driver to remove the idea manually.
To know how to check if your HP laptop is usually vulnerable to in which issue in addition to download compatible drivers, Read More.
fresh Email Spoofing Flaw Affects Over 30 well-known Email Clients
Researchers discovered a collection of vulnerabilities in more than 30 well-known email client applications in which could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms.
Dubbed MailSploit, the vulnerabilities affect well-known email clients including Apple Mail (for macOS, iOS, in addition to watchOS), Mozilla Thunderbird, Yahoo Mail, ProtonMail, several Microsoft email clients, in addition to others.
To watch the PoC video released by the researchers in addition to know more about the vulnerabilities, Read More.
Largest Crypto-Mining Exchange Hacked; Over $80 Million in Bitcoin Stolen
Last week was the golden week in Bitcoin’s history when the cost of 1 BTC touched almost $19,000, yet the media hype about the bitcoin cost diminishes the hack of the largest Bitcoin mining marketplace.
NiceHash mining marketplace confirmed a breach of its website, which resulted inside theft of more than 4,736 Bitcoins, which at in which point worth nearly $80 million.
The service went offline (in addition to is usually still offline at the time of writing in which article) having a post on its website, confirming in which “there has been a security breach involving NiceHash website,” in addition to in which hackers stole the contents of the NiceHash Bitcoin wallet.
To know more about the Bitcoin hack, Read More.
Microsoft Issues Emergency Windows Security Update
A week before its December Patch Tuesday updates, Microsoft released an emergency security patch to address a critical remote code execution vulnerability in its Malware Protection Engine (MPE) in which could allow an attacker to take full control of a victim’s PC.
The vulnerability (CVE-2017-11937) impacts Windows 10, Windows 8.1, Windows 7, Windows RT 8.1, in addition to Windows Server, in addition to affects several Microsoft’s security products, including Windows Defender, Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, in addition to Exchange Server 2013 in addition to 2016.
To know more about the vulnerability, Read More.
Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL
Scientists discovered a critical implementation flaw in major mobile banking apps—for both iOS in addition to Android—in which left banking credentials of millions of users vulnerable to man-in-the-middle attacks.
Attackers, connected to the same network as the victim, could have leveraged vulnerable banking apps to intercept SSL connection in addition to retrieve the user’s banking credentials, like usernames in addition to passwords/pincodes—even if the apps are using SSL pinning feature.
To know how attackers could have exploited in which vulnerability to take over your bank accounts, Read More.
Massive Data Breach Exposes Personal Data On 31 Million Users
While downloading apps on their smartphones, most users may not realize how much data they collect on them, in addition to app developers take advantage of in which ignorance, wiping off more data on their users than they actually require for the working of their app.
yet what if in which data falls into the wrong hand?
The same happened last week, when a massive trove of personal data (over 577 GB) belonging to more than 31 million users of the famous virtual keyboard app, called AI.type, leaked online for anyone to download without requiring a password.
To know more about the data breach incident in addition to what information users lost, Read More.
Critical Flaw in Major Android Tools Targets Developers
An easily-exploitable vulnerability discovered in Android application developer tools, both downloadable in addition to cloud-based, could allow hackers to steal files in addition to execute malicious code on vulnerable systems remotely.
The vulnerability was discovered by security researchers at CheckPoint, who also released a proof of concept (PoC) attack, dubbed ParseDroid, along having a video to demonstrate how the attack works.
To watch the video in addition to know how in which vulnerability can be exploited, Read More.
Uber Paid Florida Hacker $100,000 to Keep Data Breach News Secret
the idea turns out in which a 20-year-old Florida man, with the help of another, was responsible for the massive Uber data breach in October 2016 in addition to was paid an enormous amount by the ride-hailing company to destroy the data in addition to keep the data breach incident secret.
Last week, Uber announced in which a massive data breach last year exposed personal data of 57 million customers in addition to drivers in addition to in which the idea paid two hackers $100,000 in ransom to destroy the information.
To know more about the data breach at Uber in addition to the hackers, Read More.