Category: Alerts and warnings

From www.zdnet.com

Malicious Minecraft-based Android apps have been uncovered in the Google Play store which compromises devices for the creation of botnets. On Wednesday, researchers from Symantec said that eight apps hosted on the store were infected with the Sockbot malware, with an install base ranging from 600,000 to 2.6 million devices. In a blog post, Symantec said the apps managed to worm their way into the official Google Play Android app store by posing as add-on functionality for the popular Minecraft: Pocket Edition (PE) game. They are not official Minecraft apps but instead offer “skins” which can be used to modify the appearance of in-game characters. The security team believes the apps were originally aimed at generating illegitimate ad revenue. One of the apps was observed connecting to a C&C server for orders to open a socket using SOCKS before connecting to a target server, which gave the app a list of ads and metadata to launch ad requests.

Full article here.

After many years being in the wild and widely deployed, the popular WPA2 protocol is compromised. The vulnerability allows a range of different attacks and it relates to the standard itself rather the respective implementation of the protocol. In fact, the “correct” implementation of the standard means that the underlying device is potentially vulnerable.

Users should be very cautious when using wifi access points (and public hotspots in particular), and as a first step are advised to use VPN.

Vendors are issuing patches, more information on the status can be found here.

For more details check CERT’s Vulnerability Note VU#228519 and krackattacks.com, the site maintained by the researchers who discovered the flaw.

Matt Green wrote a nice post on KRACK that’s worth a read for anyone interested in the root cause of KRACK

Netflix is a popular streaming service among students. You may be eager to sign in to watch the latest episodes of your favourite series, but you need to be cautious as you may be a potential target for a phishing attack.

(Source: PhishMe)

Full article available from tripwire.com

From threatpost.com:

Researchers have developed a method for bypassing Windows Defender that will allow any malware to execute on a Windows machine. Microsoft, meanwhile, has told the experts that it does not see this as a security issue and will not address the problem in its native antimalware protection.

…

The bypass involves the use of a custom-built SMB server, tricking Windows Defender into scanning a benign file, and executing a malicious one instead that is passed to the operating system.

Full article here.

From helpnetsecurity.com

The “swiping” unlock patterns typical for Android devices are considerably easier for attackers to discern than PIN combinations.

In fact, after only one observation of a user entering the pattern, 64% of shoulder surfing attackers will be able to reproduce it, a group of researchers from the US Naval Academy and the University of Maryland Baltimore County has found.

In comparison, only one in ten attackers could make out a six-digit PIN after one viewing.

Full article here.

iOS users are reminded to update to latest version, iOS 11. This fixes a number of significant security vulnerabilities.

More information here.

From thehackernews.com

Botnets, like Mirai, that are capable of infecting Linux-based internet-of-things (IoT) devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service (DDoS) attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings.

New research conducted by Russian security firm Doctor Web has revealed that a Linux Trojan, dubbed Linux.ProxyM that cybercriminals use to ensure their online anonymity has recently been updated to add mas spam sending capabilities to earn money.

Full article available here.