New Android Malware Steals Banking Passwords, Private Data and Keystrokes
NA new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.
Microsoft Issues Patches for 4 Bugs Exploited as Zero-Day in the Wild
It's April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely.
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe.
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed
Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history.
Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
Cyber security researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Password Security Advisories
Password Security Advisories
A password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource. The password should be kept secret from those not allowed access. User names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, automated teller machines (ATMs), etc.
A typical computer user has passwords for many purposes: logging in to accounts, retrieving e-mail, accessing applications, databases, networks, web sites, and even reading the morning newspaper online.
Password Security tips
Don't use personal information such as your name, age, birth date, child's name, nickname, phone number or favorite color/song, etc that can be easily accessed or guessed.
Don't use words that can be found in any dictionary of any language.
Develop a mnemonic for remembering complex passwords.
Use both lowercase and capital letters.
Use a long password made up of numbers, letters and special characters
Make sure you use different passwords for each of your accounts.
Be sure no one watches when you enter your password.
Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
Use comprehensive security software such as your anti-virus and keep it up to date to avoid key loggers (keystroke loggers) and other malware.
Avoid entering passwords on computers you don't control (like computers at an Internet cafe or library)—they may have malware that steals your passwords.
Depending on the sensitivity of the information being protected, you should change your passwords periodically.