We are once again here with our weekly round up based on last week's top cyber security threats and challenges.
I recommend you to read the entire thing (just click 'Read More' because there's some valuable advice in there as well).
Here's the list:
1. Reminder! If You have not yet, Turn Off Windows 10 Keylogger Now
Microsoft is very powerful in tracking every single word you type or say to its digital assistant Cortana using its newest Windows 10 operating system.
The keylogger that Microsoft put in the Technical Preview of Windows 10 last fall made its way to Windows 10 Free public release first rolled out back in July.
Besides various Windows 10 privacy issues, there is a software component that is a bit more complicated than you thought. It tracks your inputs using:
- Keyboard
- Voice
- Screen
- Mouse
- Stylus
- Information about your Calendar and Contacts
If this keylogger, which is more than just a keylogger, makes you feel creepy then need not to worry, because the good news is — You can Turn Off this Keylogger.
For detailed information and to know how You can Turn Off this Keylogger – Read more.
2. 200 Million WhatsApp Users Vulnerable to vCard Vulnerability
A dangerous security vulnerability discovered in Whatsapp last week affected 200 Million WhatsApp Web users.
The web-based extension of WhatsApp was found vulnerable to a vCard exploit that could have allowed hackers to trick users into installing malware on their computers including:
- Remote Access Tools (RATs)
- Ransomware
- Bots
- Other malicious software
Here's How the WhatsApp Exploit Works – Read more.
3. 11 Million Ashley Madison Passwords Cracked In Just 10 Days
Last month, Ashley Madison hackers leaked about 100 GB of sensitive data belonging to the popular extramarital affair website 'Ashley Madison', which includes the source code of company's website, users' details, and hashed passwords.
However, the Password Cracking Team 'CynoSure Prime' has cracked more than 11 Million user passwords within ten days.
Moreover, a member of the team shared the same list of passwords online, and the calculations were terrible.
The top 5 most used passwords by Ashley Madison customers were:
- 123456
- 12345
- password
- DEFAULT
- and 123456789.
For more in-depth information – Read more.
4. Microsoft is Auto-Downloading Windows 10 to PCs without your Knowledge, But Here's How to Stop
Microsoft is auto-downloading Windows 10 installation files — up to 6GB — onto users' PCs even if the users have not opted into the upgrade.
The company has dropped and saved a hidden $Windows.~BT folder on your computer's primary (C) drive, if you are running Windows 7 or Windows 8.1.
Doing so, Microsoft is not only consuming your device storage space but also stealing your Internet bandwidth for large unrequested files, i.e., up to 6 gigabytes.
Until the company provides some official fix to this issue, here are some methods that you can use to stop Microsoft from auto-downloading Windows 10 installation files onto your PCs.
5. Samsung Launches 6GB RAM Chips for Next-Generation Smartphones
Samsung was the first one to bring 4GB RAM access in the Android mobile phones with the launch of Galaxy S6 and Galaxy S6 Edge, and now…
…the company has again taken a step further with the launch of 12GB LPDDR4 (low power, double data rate 4) DRAM Chip to offer 6GB RAM for its Next Generation Smartphones and tablets.
The next generation mobile devices are supposed to be equipped with new mobile DRAM chip to enable increased capacity and fastest speed; simultaneously providing essentials including:
- Excellent energy efficiency
- Reliability
- Smooth multitasking
- Ease of design
- Better performance with the compatible operating system
For more information – Read more.
6. Russian Hackers Hijack Satellite To Steal Data from Thousands of Hacked Computers
Turla APT (Advanced Persistent Threat), a group of Russian hackers, is hijacking commercial satellites to hide its command-and-control operations.
Turla is a sophisticated Russian cyber-espionage group, believed to be sponsored by the Russian government, with a number of high-profile targets including:
- government
- military
- embassy
- research,
- and pharmaceutical organizations...
The group is now taking advantage of the fact that older satellites orbiting around the Earth do not come with support for encrypted connections and rely on unsuspecting users of the satellite Internet service providers across the world. – Read more.
7. How to Remove KeyRaider Malware that Hacked Over 225,000 iOS Devices
At the end of last month, security researchers discovered an iPhone malware, dubbed "KeyRaider," that stole more than 225,000 credentials from jailbroken Apple devices.
KeyRaider, as the malware raids victims' username and passwords, private keys, and certificates, is spreading via the popular Cydia app repositories and is capable of performing:
- Ransomware Attacks
- Data Theft
- DDoS Attacks
However, jailbreak users may implement some measures to mitigate the risk of KeyRaider malware.
Here's Steps to Remove KeyRaider Malware – Read More.
8. Warning! Seagate Wireless Hard Drives Have a Secret Backdoor for Hackers
Yes, you heard right. Security researchers uncovered an undocumented Telnet services with a hard-coded password in Seagate Wireless Hard Drives.
The researchers found a vulnerability (CVE-2015-2874) with an inbuilt user account (default username and password — "root") that could have allowed an attacker to access the device remotely, leaving users' data vulnerable to theft.
Affected devices include:
- Seagate Wireless Plus Mobile Storage
- Seagate Wireless Mobile Storage (Wirelessly streaming your tablet and smartphone's data)
- LaCie FUEL (Wirelessly extending storage for iPads)
Fortunately, there's an easy fix. For patch and more information – Read more.
9. China Police Arrest 15,000 Suspects for Alleged Cyber Crimes
As part of its six-month long operation dubbed "Cleaning the Internet," China Police arrested nearly 15,000 people on suspicion of cyber crimes last month.
Besides the arrest of around 15,000 suspects, Police also suspended more than 190,000 illegal online websites featuring vulgar contents including advertisements for pornography, firearms, explosives, and gambling. – Read More.
10. Android Stagefright Exploit Code Released
Zimperium team finally released the CVE-2015-1538 Stagefright Exploit to the public, demonstrating the process of Remote Code Execution (RCE).
The Stagefright vulnerability allows a hacker to reveal victim's information by injecting malicious code remotely, even without any involvements of the victim.
The purpose of the public release of the exploit code is to put penetration testers and security researchers to test and check the code and analyze the results.
11. Ashley Madison's Parent Company Secretly Running Online Escort Services
Avid Life Media, the company that owns Ashley Madison, was secretly running an Online Escort Service, leaked documents revealed last week.
An internal memo leaked by the Ashley Madison hackers revealed that Avid Life was running an Escorts.ca website that was similar to other online escort services.
Besides running Escorts.ca, Avid Life Media was actively recruiting escorts for another website it owned, called "Arrangement Finders" – "sugar daddy" website with tagline is "Intimacy with a Twi$t." – Read more.
12. URRGH! Evil app Watches YOU WATCHING PORN and takes your snaps
Watching Porn? Maybe the porn app you have installed on your Android smartphone could be taking your snaps to blackmail you for money.
Security researchers has uncovered an Android pornography application called Adult Player that promises free pornographic videos, but actually is taking your photographs to extort you for $500 (£330) ransom – a whole new way of Cyber Extortion.
For detailed information and know how to get rid of this Android Ransomware app – Read more.
13. Contactless Fingerprint Scanner Captures Your Prints from Meters Away
We all are aware of Fingerprint Biometric Readers that requires our touch to authenticate our identity to be authorized.
However, the latest research conducted by the National Institute of Standards and Technology (NIST) indicates that the future of fingerprint scanners lies in a "no-touch" activity by an individual for gaining authorization.
The Contactless Fingerprint Scanners, dubbed 'fast-capture non-contact' devices as NIST calls it, is capable of sensing and reading your fingerprint information while you are standing few meters away from the scanner.
For more in-depth information – Read more.
14. Microsoft Releases 12 Security Updates
In this month's Tuesday Patch Update, Microsoft addressed a total of 56 vulnerabilities in its different products. The updates included five critical, out of which two of them addressed vulnerabilities in all versions of Windows.
For detailed information on each and every update and their security patches – Read more.
15. How to Track Stolen Devices using Mac Addresses
An Iowa police officer David Schwindt has developed a sniffing software, dubbed L8NT (short for Latent analysis of 802.11 Network Traffic), that helps police find more stolen properties.
L8NT is a specialized wireless dongle with an antenna that scans for and locates MAC addresses associated with the known stolen devices.
For detailed information on working of L8NT – Read more.
