Welcome to the weekly dose of cyber security news and views.
Date – 28th Jan 2018
WTF: What The Fun!!!!!
CryptoJacking : Malicious ads these days, focusing towards using browsers to steal cryptocurrency, hopefully you are smart enough to save yourself from Crypto jacking 😀
Natalya Kaspersky’s Cryptocurrency Theory: She says that Cryptocurrency is a project of American Intelligence Agencies to generate quick funding!! 😀
Cryptocurrency Conspiracy Theory: Some says that Cryptocurrency is a rogue work of Artificial Intelligence Bots and if continues, rogue AI will take over the world!! 😀
Danish Municipality leaked the data which was kept on an unauthenticated FTP server and they asked their citizens to confirm that they did not download these sensitive files!!! 😀 😀
HNS IoT Bot:
Affected more than 14k devices and named Hide N Seek because it was first identified in 10th Jan, then faded away and re-emerged on 20th Jan. HNS scans the Internet randomly for specific ports: Port 23, Port 80, Port 2323 and Port 8080, which all are unencrypted ports. If the connection is established, it tries to attempt brute force attack on the IoT device. Good news: HNS can’t achieve persistence so rebooting cleans the compromised device. Make sure to use strong and complex password and change the password of IoT device before connecting it to the internet.
One Plus credit card data breach:
Around 40k One Plus mobile users impacted by credit card breach as a malicious code was injected onto 1+ website into payment page code to sniff credit card info, users who entered credit card details between mid-November 2017 and January 11, 2018″ potentially be impacted. Advice: Check out for Virtual Credit Card feature provided for net banking platform by most of the banks and create a virtual credit card with card number, CVV and restricted amount to secure your primary card info.
Patchy patches of Meltdown and Spectre:
Not ready to go away Patchy Patches of Meltdown and Spectre are causing random reboot issues into servers. If you have used the patches, make sure to be cautious and use defence in-depth mechanism to stop the attack. Once the stable patches are in, make sure to use them. If you have faced the issue, I am open for a discussion, reach out to me!!!
Malicious apps on Google Play Store:
Recently, so much in news that Facebook hacking app, malicious gaming apps and other credentials stealing apps on google platform is available on google platform.
Be smart not to download or use any unnecessary apps from unknown sources, and not to give unnecessary permissions to the apps.
Malware stealing gas from gas station:
Just like famous petrol pump frauds in India, a malware was stealing gas from a gas station in Russia which let customers into paying more than the gas pumped into their car tank as this malware steals some of the gas pumped into customers cars.
Good Morning GIFs on WhatsApp:
A news agency investigated a message floating on WhatsApp which asked not to use Good Morning /Good Night GIFs saying that these are coming from adversary country and used to steal your sensitive information and came out with a verdict that this message was fake and GIFs do not affect your mobile phones. Appreciate if you do not flood the chatgroups with those GIFs!!
Firefox 58 Patch:
Firefox released a patch for its version 58 which includes patches for 3 critical, 13 high, 13 moderate & 3 low severity vulnerabilities that could allow remote attackers to take control of an affected system. Make sure you patch your Firefox browser asap. In fact, practice the good hygiene by keep patching, restarting and updating your browsers.
Personal Recommendation: Use Brave Browser: a version of chrome, default feature that does not allow script to run, allows fingerprinting and scripting manually.
Browsers, scripts and fingerprinting: If you open a regular browser from your cell phone, it takes your IP address, screen resolutions, your OS version, your browser version, Plug-ins, LAN IP of users, Location of the phone and what not.
Want to know more about it, do reach out to me!!!
Check it out at https://brave.com for iOS, Android, Windows, Mac OSX etc.