Security Flash News from the 13th to 17th of March, 2017

On Monday (13th of March), we aimed to explain a new concept: file-less malware. It has become standard that malware has to be delivered in a file which, later on, is responsible for various types of wrongful activity. However, most people are still unaware of a more novel approach that hackers are trying out: malware that does not require to be distributed in a form of a file. Instead, these secretive attacks can be done thanks to vulnerable software which is already present in a targeted device. File-less infections do not insert executables in systems. Therefore, they are much more difficult to detect. Mostly, various banking institutions are targeted in an attempt to steal either money or sensitive information about users. In our full article, we provided some tips on how can file-less infection be avoided. More at: 2-viruses.com.

A common platform for e-commerce websites Magento remains the main target for credit card scrapers. Cyber criminals targeting Magento customers to steal credit cards identities are on the rise right now. That’s mostly due to vulnerabilities of the platform itself, thus both customers and shops owners should be extremely careful till those security problems are gone. More at: threatpost.com.

On Tuesday (14th of March), we warned our visitors that it is possible to buy a brand new Android device which is, unfortunately, already influenced by malware. 36 Android devices were indicated to have some flaws that were done during the processes from production to distribution. Infected devices might not show any signs of deficiency, as a person will be adjusted to the way device acted from the beginning. However, pre-installed malware is a very big concern for users as it is possible that efforts to keep systems malware-free are doomed to be unsuccessful. If you wish to check whether the devices you have already purchased or are about to get are not compromised, there are options to do so. If an Android is discovered to be a victim of pre-installed infection, then it is not enough to use the regular anti-security tools: more serious options have to undertake. More at: 2-viruses.com.

On Wednesday (15th of March), we finally were able to get our hands on the update we were all waiting for. Microsoft finally made its monthly patch public and indicated which vulnerabilities are going to be fixed. In total, over 130 flaws are solved. There were some vulnerabilities that were labeled according to their severity. Microsoft addressed issues in a number of its products, and put an end to the possible execution of arbitrary codes. If you update your software with the latest patch, you might be certain that flaws, capable of giving remote access to your device, will be solved. Microsoft was quite thorough in the report their posted. The report explains which flaws were able to do what and other important aspects. More at: 2-viruses.com.

Lately a lot of attention was gathered around the safety of data transfer while browsing the Internet. Both public and private organisations share the same goal – to make the Internet a safer place for the users. While HTTPS is a global standard in safety terms, governments around the world are looking for a new ways to ensure the safety. New federal website encryption protocol was introduced on Wednesday (15th of March). More at: technewsworld.com.

On Thursday (16th of March), our article informed about a recent incident on Twitter when swastikas were incorporated into posts from different accounts. It turned out that this was all done by pro-Turkish people that support Turkey in its feud with Germany and the Netherlands. Tons of Twitter accounts were hacked into for the sake of posting offensive posts that were against Germany and the Netherlands. References to Nazi Germany certainly grabbed attention of the Internet and people that posted those posts soon had to explain that they had nothing to do with them. It was revealed that all of these Twitter users were simple puppets in a vile game. Soon after that, it was even discovered which Twitter feature made the attack possible. More at: 2-viruses.com.

On Friday (17th of March), we provided more details about the data breach that Yahoo suffered back in 2014. Until last week, there was a lot of mystery when it came to explaining the massive data leakage. As it turned out, Yahoo was partially right about the culprits that caused this breach. The Russian officials are indicated as the prime suspects in this case for giving an assignment to hack into database of Yahoo. As you might already know, 500 million confidential details were stolen. Of course, representatives of Russia argue with these accusations and claim that they played no part in the data breach of Yahoo. More at: 2-viruses.com.

On the same day WikiLeaks announced that they are not willing to disclose CIA Exploits to companies until they meet certain demands. Even though WikiLeaks gave a promise over a week ago to hand over data about hacking tools used by Central Intelligence Agency, companies of tech industry are still waiting. As reported, instead of actual data and bug reports, companies such as Google or Apple have received an email with demands that have to be met in order to received mentioned information. While demands are still unknown, it’s believed that one of them is to release a patch for the problem within 90 days, i.e. 3 months. More at: thehackernews.com.

 
 

Leave a Reply

Your email address will not be published. Required fields are marked *