New Android Malware Steals Banking Passwords, Private Data and Keystrokes
NA new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.
Microsoft Issues Patches for 4 Bugs Exploited as Zero-Day in the Wild
It's April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely.
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe.
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed
Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history.
Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
Cyber security researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Responsible Computer Usage
Responsible Computer Usage
Computers and networks may never be completely safe from security risks but we can follow some simple rules and procedures to try and prevent attacks on our computer systems. Remember that the way you operate your computer has a definite impact on everyone else on the network. A compromised organization's computer can be used to sniff passwords from its neighbors' network traffic or cause poor network performance for other users so it is important to consider the following tips for responsible computer usage to help you mitigate the risks.
Always run up-to-date virus protection
You should make sure that your computer has an anti-virus program and that it is always updated. If it is not evidently running on your PC, you should contact your IT officer. Also, make sure that all the files you send to other people are virus free. Viruses are frequently spread through infected email attachments. So before forwarding an attachment to your colleagues or friends, scan it for viruses.
Check before you install software
While browsing the internet, users may encounter websites that tempt them to install something on their computers. Some software may also be installed without the user's knowledge. These programs may contain spyware or adware. Do not install software that you were not specifically looking for. Some websites trick people into installing programs that claim to improve the performance of their computers. More often than not, the opposite is true. It is also a good practice to research on any software before installing. If you are using a computer at work, do not install unauthorized or personal software. If you need a program installed, ask permission to your IT officer to do so.
Stop sending spam
Are you the type who forwards every joke or cute picture that gets emailed to you? If you are, then you may be considered a spammer. Professional spammers send out millions of email, flooding the network with junk email. This slows down the performance of the entire network. If everyone stops forwarding jokes and chain email, the speed and performance of our networks would greatly improve.
Avoid the use of non-business resource intensive software
Peer to peer programs like Napster, Morpheus and Kazaa are just a few examples of software that slow down computer resources. These programs are non-business tools that are usually a heavy load on the network. They run constantly, and allow people to download files from your computer so you should avoid installing these programs on your computer.
Passwords should be routinely change
The confidentiality of passwords is critical to the protection of any sensitive information and systems. In many cases, passwords offer the first line of defense in stopping unauthorized and malicious users from accessing a user's personal account, or from accessing an organization's systems. It is paramount that the passwords used are adequately protected and remain secret.
It is recommended to change your password routinely as a good practice and it is recommended to use a password that has a minimum of 8 characters. Where possible, passwords should not be identifiable with the user (such as first name, last name, spouse name, friends, relations, colleagues, or other easily guessed names, although you can use names or phrases that you can easily remember that contain a combination of numbers, upper and lower case letters, and non-alphanumeric characters (such as: !@#$%^&*()_~"?><,./\) so the password can be strong. E.g.: theMoon!3*
Never write down your password on a sheet of paper that can be found near your computer. Memorize the password instead. Non-disclosure of passwords: Do not share your password with co-workers since you may be held liable for any misuse or unauthorized activity using your password.
Avoid personal and unauthorized websites
There are some websites that install spyware and adware on your computer without your knowledge. Websites that are known to do this are adult/ sexually explicit sites, hacking sites and sites that distribute pirated software.
Pay attention to the usage and copyright of downloaded files
Check the legality of downloading the information, particularly with respect to copyright permission. If in doubt of the legality, staff members should contact the Center focal point on IP matters for advice.
Do not redistribute downloaded material unless the owner has given permission for them to do so either directly or in the copyright/license terms.
Do not download unlicensed software or violate limitations on the use of particular software as imposed by any license agreements.
Most downloaded software, including shareware and freeware, is copyrighted and subject to license, which sets limitations on its use. Downloading MP3, movie files and games slows down the network. You may also be violating company policy by downloading these files.
Avoid viewing of non-business related streaming media
Streaming media like internet radio or music videos eat up a lot of bandwidth. They run continuously and slow down the network. Avoid using these services if they are non-business related.
Make sure your operating system is patched
The IT departments in the organization are in charge of maintaining your operating system patched, but it is important that you verify that these updates are being implemented successfully because if not updated, your computer may be vulnerable to worms and viruses.
Backup your files
Make sure to regularly backup your most important data and files. Computers are never 100% safe. Even if you get attacked by a hacker or even hardware failure, backing up your data makes recovery much easier. The IT departments usually have some backup procedures in place, so please contact your IT officer for more information about the options in your center.
Be sure to use high-quality media to store your backups. CD-RWs, DVD+RWs, external hard drives are good storage devices you can use.
Keep backup copies in a fireproof and heatproof safe or vault, or offsite (a location separate from the computer site).
Check USB (universal serial bus) memories from virus
USB memories are portable devices that are convenient to transfer files from one place to another. However, it is very easy to get virus transmissions, corruption or loss of data with these devices, so it is recommended to check them before connecting them to your computer in office.
Be careful when transmitting Sensitive or Personal Information
You should not use the Internet to send sensitive information belonging to the center (such as non-public research data or passwords used to gain access to systems and devices within a center) in unencrypted form. This includes the sending of sensitive information using any of the following means: E- mail, Posting to newsgroups or Posting to forums, blogs or websites.
Lock your computer with password when away from your desk
When you leave your workstation unlocked, anyone can assume your identity and gain access to any applications or files that you may have access to. To prevent this, automatic password protection should be invoked after a minimum time period of inactivity (15 minutes recommended) and you should lock your workstation whenever you leave it.