Last calendar week has been really brusque amongst large word from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the uncovering of a novel malware evasion technique that industrial plant on all versions of Microsoft's Windows operating system.
Besides this, the newly discovered Janus vulnerability inward the Android operating organisation together with a critical remote code execution (RCE) vulnerability inward Malware Protection Engine (MPE) for which Microsoft released an emergency while made their places inward our weekly roundup.
I recommend yous to read the entire word (just click 'Read More' because there's about valuable advice inward at that topographic point every bit well).
So, hither nosotros become amongst the listing of this Week's Top Stories:
Process Doppelgänging: New Malware Evasion Technique
Influenza A virus subtype H5N1 squad of researchers, who previously discovered AtomBombing attack, latterly revealed a novel fileless code injection technique that could assist malware authors defeat most of the modern anti-virus solutions together with forensic tools.
Dubbed Process Doppelgänging, the method takes payoff of a built-in Windows component together with an undocumented implementation of Windows procedure loader, together with industrial plant on all versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10.
To know How Process Doppelgänging laid on industrial plant together with why Microsoft refused to prepare it, Read More.
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
Influenza A virus subtype H5N1 newly discovered vulnerability, dubbed Janus, inward Android could permit attackers modify the code of Android apps without affecting their signatures, eventually allowing them to distribute malicious update for the legitimate apps, which looks together with industrial plant same every bit the master copy apps.
Although Google has patched the vulnerability this month, a bulk of Android users would however require to hold back for their device manufacturers to liberate custom updates for them, obviously leaving a large number of Android users vulnerable to hackers for adjacent few months.
To know to a greater extent than nigh the vulnerability, how it industrial plant together with if yous are affected, Read More.
Pre-Installed Keylogger Found On Over 460 HP Laptop Models
Once again, Hewlett-Packard (HP) was caught pre-installing a keylogger inward to a greater extent than than 460 HP Notebook laptop models that could allow hackers to tape your every keystroke together with bag sensitive data, including passwords, line of piece of employment organisation human relationship information, together with credit menu details.
When reported final month, HP acknowledged the presence of the keylogger, proverb it was truly "a debug trace" which was left accidentally, together with affected users tin install updated Synaptics touchpad driver to take it manually.
To know how to banking concern jibe if your HP laptop is vulnerable to this number together with download compatible drivers, Read More.
New Email Spoofing Flaw Affects Over thirty Popular Email Clients
Dubbed MailSploit, the vulnerabilities touching pop e-mail clients including Apple Mail (for macOS, iOS, together with watchOS), Mozilla Thunderbird, Yahoo Mail, ProtonMail, several Microsoft e-mail clients, together with others.
To scout the PoC video released past times the researchers together with know to a greater extent than nigh the vulnerabilities, Read More.
Largest Crypto-Mining Exchange Hacked; Over $80 Million inward Bitcoin Stolen
Last calendar week was the golden calendar week inward Bitcoin's history when the toll of 1 BTC touched almost $19,000, but the media hype nigh the bitcoin toll diminishes the hack of the largest Bitcoin mining marketplace.
NiceHash mining marketplace confirmed a breach of its website, which resulted inward the theft of to a greater extent than than 4,736 Bitcoins, which similar a shot worth nearly $80 million.
The service went offline (and is however offline at the fourth dimension of writing this article) amongst a post on its website, confirming that "there has been a safety breach involving NiceHash website," together with that hackers stole the contents of the NiceHash Bitcoin wallet.
To know to a greater extent than nigh the Bitcoin hack, Read More.
Microsoft Issues Emergency Windows Security Update
Influenza A virus subtype H5N1 calendar week earlier its Dec Patch Tuesday updates, Microsoft released an emergency safety while to address a critical remote code execution vulnerability inward its Malware Protection Engine (MPE) that could allow an assaulter to accept total command of a victim's PC.
The vulnerability (CVE-2017-11937) impacts Windows 10, Windows 8.1, Windows 7, Windows RT 8.1, together with Windows Server, together with affects several Microsoft's safety products, including Windows Defender, Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, together with Exchange Server 2013 together with 2016.
To know to a greater extent than nigh the vulnerability, Read More.
Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL
Scientists discovered a critical implementation flaw inward major mobile banking apps—for both iOS together with Android—that left banking credentials of millions of users vulnerable to man-in-the-middle attacks.
Attackers, connected to the same network every bit the victim, could receive got leveraged vulnerable banking apps to intercept SSL connectedness together with recollect the user's banking credentials, similar usernames together with passwords/pincodes—even if the apps are using SSL pinning feature.
To know how attackers could receive got exploited this vulnerability to accept over your banking concern accounts, Read More.
Massive Data Breach Exposes Personal Data On 31 Million Users
While downloading apps on their smartphones, most users may non realize how much information they collect on them, together with app developers accept payoff of this ignorance, wiping off to a greater extent than information on their users than they truly require for the working of their app.
But what if this information falls into the incorrect hand?
The same happened final week, when a massive trove of personal data (over 577 GB) belonging to to a greater extent than than 31 ane 1000 m users of the famous virtual keyboard app, called AI.type, leaked online for anyone to download without requiring a password.
To know to a greater extent than nigh the information breach incident together with what information users lost, Read More.
Critical Flaw inward Major Android Tools Targets Developers
The vulnerability was discovered past times safety researchers at CheckPoint, who also released a proof of concept (PoC) attack, dubbed ParseDroid, along amongst a video to demonstrate how the laid on works.
To scout the video together with know how this vulnerability tin endure exploited, Read More.
Uber Paid Florida Hacker $100,000 to Keep Data Breach News Secret
It turns out that a 20-year-old Florida man, amongst the assist of another, was responsible for the massive Uber information breach inward Oct 2016 together with was paid an enormous sum past times the ride-hailing society to destroy the information together with proceed the information breach incident secret.
Last week, Uber announced that a massive information breach final twelvemonth exposed personal information of 57 ane 1000 m customers together with drivers together with that it paid 2 hackers $100,000 inward ransom to destroy the information.
To know to a greater extent than nigh the information breach at Uber together with the hackers, Read More.
