New Android Malware Steals Banking Passwords, Private Data and Keystrokes
NA new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.
Microsoft Issues Patches for 4 Bugs Exploited as Zero-Day in the Wild
It's April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely.
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe.
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed
Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history.
Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
Cyber security researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
How can I protect myself while online?
How can I protect myself while online?
Verify data is encrypted
When sending confidential information over the Internet such as usernames, passwords, or credit card numbers only send it securely. To verify this look for a small lock in the bottom right corner of your browser window or next to the address bar. If visible, this lock should also be in the locked position and not unlocked.
Internet Explorer 7 secure address bar
We also suggest making sure the URL begins with https as shown above.
While the lock is in the lock position, data is encrypted, which helps anyone from understanding the data if it's intercepted. When no lock is visible or in the unlocked position all information is plaintext and if intercepted could be read. If a webpage is not secure, such as an online forum, use a password you wouldn't use with protected sites such as your online banking website.
E-mail is not encrypted
Websites should not transmit confidential data over e-mail, such as passwords, credit card information, etc. E-mail is not encrypted and if intercepted by a third-party could be read.
Be aware of phishing scams
Familiarized yourself with phishing scams and techniques, which are used to trick you into divulging your account information. Online banking sites, Paypal, EBay, Amazon, and other popular sites that require logins are popular targets.
Use a safe password
Websites that store confidential data, such as an online bank site need to use strong passwords. Also, it is highly recommended that you use a different password for each website that requires a login. If you need help remembering your passwords consider using a password manager.
Use caution when accepting or agreeing to prompts
When prompted to install any program or add-on make sure to read and understand the agreement before clicking on the Ok button. If you do not understand the agreement or feel it is not necessary to install the program cancel or close the window.
Additionally, when installing any program watch for any check box that asks if it's ok to install a third-party program, toolbar, etc. These are never required and often cause more issues than good. Leave these boxes unchecked.
Be cautious where you're logging in from
Your place of work can install key loggers or use other methods of monitoring the computer while online. Someone who has access to this information could read these logs and gather usernames and passwords. Also, do not store any passwords in your browser if your computer is shared with other coworkers.
When on a wireless network realize that all information being sent to and from your computer can be intercepted and read by someone nearby. Prevent this from happening by only logging into a secure network using WEP or WPA. If this is a home wireless network, make sure it is secure.
Be concerned when logging into an account from a friends computer. A computer or network you are not familiar with could intentionally or unintentionally log usernames and passwords. Finally, when logging into any site on a friends computer never save the password information on their browser.
Be aware of those around you
While at work, school, library, or anywhere that has people around who could look at the monitor be cautious of anyone shoulder surfing. Someone could watch you type in your password, which would give them access to your account.
If you need everything displayed on the screen to remain private, consider a privacy filter for the display.
Update Internet browser plugins
Often many attackers find security vulnerabilities through browser plugins such as Adobe Flash. Make sure all installed Internet plug-ins are up-to-date.
Secure saved passwords
Make sure to store passwords and login information in a secure area. Never write login information on a sticky note or in a text file that is not encrypted.
To save your passwords we recommend using a password manager, which stores all login information and securely encrypts and password protects that information.
When saving password information in a browser, it may be visible by anyone who has access to your Internet browser. For example, without a master password setup in Firefox anyone can see all stored passwords. [Source: www.computerhope.com]