Cybersecurity news headlines (October 16-22)
October 16-22 was a busy week for cybersecurity, from malware detected in Google Play store to the discovery of a vulnerability that makes everything and everyone using WiFi vulnerable. It can be difficult to keep up with all the news so we have prepared summaries of the most significant happenings from last week.
Without further ado, here’s what made headlines last week.
Mathy Vanhoef, a Belgian researcher from KU Leuven university, discovered a critical vulnerability in WPA2 (the protocol securing all modern WiFi networks) that essentially effects everyone and everything using WiFi. The weakness, known as Krack, is not in individual products but rather in the WiFi standard itself. It is recommended that users update affected products the moment an update becomes available.
“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites,” Vanhoef explains.
PCWorld provides a comprehensive article about Krack and how to protect devices, and it can be accesses here.
Adobe Flash vulnerability used to infect computer with FinSpy, a highly dangerous piece of spyware.
Security company Kaspersky Lab reported on the 16th that a vulnerability in Adobe Flash Player was used to infect computers with the infamous FinSpy spyware. The spyware, also known as FinFisher, was sold to law enforcement agencies and governments all over the world, and was used as surveillance software. FinSpy is notorious for having extensive spying capabilities as it can turn on the webcam and microphone, record keyboard clicks and intercept Skype calls, among other things.
Kaspersky noticed the vulnerability when they were investigating a hacking attempt against their customer, and reported it to Adobe. According to the security company, the exploit was in an Microsoft Office document that was most likely attached to an email. A security update has been released since then.
Microsoft suffered from a hack back in 2013, and kept it a secret.
Former Microsoft employees have revealed that the tech giant suffered from a highly sophisticated hacking attack back in 2013. The database that was breached contained important information about critical and unfixed vulnerabilities in software that was used worldwide. And Microsoft did not disclose the breach, it was revealed 5 years later. If you’re thinking it’s not a bit deal, keep in mind that the hackers could have developed exploits and hacking tools using the data they obtained from Microsoft. The company denies that that the stolen information has been used in a data breach. Although vulnerabilities described in the database were used in cyber attacks, Microsoft believes that the information could have been from somewhere else.
Google Play Security Reward program promises $1000 for reported and fixed vulnerabilities in app on Google Play.
Introducing “Google Play Security Reward”, a new bounty program that invites security researchers to report vulnerabilities in apps found on Google Play. Researchers will be able to report vulnerabilities directly to the app developers, which, according to Google, will “improve app security which will benefit developers, Android users, and the entire Google Play ecosystem.” Security specialists will then be able to work together with the developers in order to patch the issue. If/When the vulnerability is fixed, the researcher can request a reward of up to $1000, depending on the vulnerability criteria.
However, according to Google, “the scope of this program is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof of concepts) that work on Android 4.4 devices and higher.” That means that fake, adware or malware apps are not included in the program yet.
Cyber crooks hack Eltima website to spread Proton malware.
Researchers from security company ESET have reported that popular multimedia player for macOS, Elmedia Player, was replaced with a malicious one on the official website. Users who downloaded the player from the site on the 19th may have ended up with the Proton malware instead. Proton is known to be a dangerous infection that can gather all kinds of information, such as browser history, cookies, passwords and even cryptocurrency wallets. The malware also works as a backdoor for hackers to install more malicious programs on the target computer. The company behind the player, Eltima, quickly replaced the malware with a clean version. Reportedly, around 1000 users downloaded the malicious version.
Eight Google Play apps found to be infected with Sockbot malware.
Software company Symantec identified eight apps on Google Play that were infected with the Sockbot malware. This is certainly not the first time malware was found on Google Play, and it’s likely not going to be the last. This time, the malware was disguised as apps that allow users to customize characters in Minecraft: Pocket Edition. Between the eight apps, the download count goes up to 2.6 million. All apps are by the same developer, FunBaster.
“The app connects to a command and control (C&C) server on port 9001 to receive commands. The C&C server requests that the app open a socket using SOCKS and wait for a connection from a specified IP address on a specified port. A connection arrives from the specified IP address on the specified port, and a command to connect to a target server is issued. The app connects to the requested target server and receives a list of ads and associated metadata (ad type, screen size name). Using this same SOCKS proxy mechanism, the app is commanded to connect to an ad server and launch ad requests,” Symantec explains.
All eight apps have since been removed, after Symantec reported them to Google Play.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.
Leave a comment