LinkedIn Autofill flaw lets hackers harvest website visitors’ personal info

from www.scmagazineuk.com

If the visitor clicks anywhere on the page, then according to Cable, “LinkedIn interprets this as the AutoFill button being pressed, and sends the information via postMessage to the malicious site”. A vulnerability in LinkedIn’s Autofill feature allowed malicious actors to harvest personal information of LinkedIn users by inserting autofill iframes over websites that were whitelisted by LinkedIn, a security researcher has revealed.According to researcher Jack Cable who described the exploit in a detailed blog post, once a malicious actor lures a victim to visit a malicious website which is controlled by the former, the visitor is then greeted by a “LinkedIn AutoFill button iframe” which is styled so it takes up the entire page and is invisible to the user.

More information here

Major macOS High Sierra Bug Allows Full Admin Access Without Password

From macrumors.com

There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.
The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

Full article here.

UK Cybersecurity Center Issues ‘The Dark Overlord’ Alert

From inforisktoday.com

Want to stop the latest cybercrime bogeyman? Then for the umpteenth time, put in place well-known and proven strategies for repelling online attacks.

That’s one takeaway from a recent threat report issued by Britain’s National Cyber Security Center. Based on open source reporting, the alert calls out a trio of attack campaigns: phishing emails that pretend to be speeding tickets but which instead deliver malware; attackers using stolen or fraudulently obtained digital certificates to “sign” malware; and the cybercrime-extortion group known as the “The Dark Overlord,” which continues to hack into organizations’ websites, hold data for ransom and cause chaos.

Full article here.

Fake WhatsApp app on Google Play, downloaded by more than 1M users

From thehackernews.com

Full article here.

Cisco Warns 69 Products Impacted by KRACK

From threatpost.com

Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks (KRACK).

On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers demonstrated how the KRACK vulnerabilities can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.

U.S. CERT advised users to patch immediately.

Full article here.

Related post: Wi-Fi Protected Access II (WPA2) compromised

Mac OSX Trojan malware spread via compromised software downloads

from zdnet.com

Downloads of a popular Mac OSX media player and an accompanying download manager were infected with trojan malware after the developer’s servers were hacked. Elmedia Player by software developer Eltima boasts over one million users, some of whom have may have also unwittingly installed Proton, a Remote Access Trojan which specifically targets Macs for the purposes of spying and theft. Attackers also managed to compromise a second Eltima product – Folx – with the same malware. The Proton backdoor provides attackers with an almost full view of the compromised system, allowing the theft of browser information, keylogs, usernames and passwords, cryprocurrency wallets, macOS keychain data and more.

Full article here.

Malicious Minecraft apps in Google Play enslave your device to a botnet

From www.zdnet.com

Malicious Minecraft-based Android apps have been uncovered in the Google Play store which compromises devices for the creation of botnets. On Wednesday, researchers from Symantec said that eight apps hosted on the store were infected with the Sockbot malware, with an install base ranging from 600,000 to 2.6 million devices. In a blog post, Symantec said the apps managed to worm their way into the official Google Play Android app store by posing as add-on functionality for the popular Minecraft: Pocket Edition (PE) game. They are not official Minecraft apps but instead offer “skins” which can be used to modify the appearance of in-game characters. The security team believes the apps were originally aimed at generating illegitimate ad revenue. One of the apps was observed connecting to a C&C server for orders to open a socket using SOCKS before connecting to a target server, which gave the app a list of ads and metadata to launch ad requests.

Full article here.