BU-CERT News

Twitter recently discovered that due to a flaw the users’ passwords were stored in a log file unencrypted. All  twitter users are urged to change their passwords. More information can be found on twitter’s blog.

from www.scmagazineuk.com

If the visitor clicks anywhere on the page, then according to Cable, “LinkedIn interprets this as the AutoFill button being pressed, and sends the information via postMessage to the malicious site”. A vulnerability in LinkedIn’s Autofill feature allowed malicious actors to harvest personal information of LinkedIn users by inserting autofill iframes over websites that were whitelisted by LinkedIn, a security researcher has revealed.According to researcher Jack Cable who described the exploit in a detailed blog post, once a malicious actor lures a victim to visit a malicious website which is controlled by the former, the visitor is then greeted by a “LinkedIn AutoFill button iframe” which is styled so it takes up the entire page and is invisible to the user.

More information here

From macrumors.com

There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.
The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

Full article here.

From inforisktoday.com

Want to stop the latest cybercrime bogeyman? Then for the umpteenth time, put in place well-known and proven strategies for repelling online attacks.

That’s one takeaway from a recent threat report issued by Britain’s National Cyber Security Center. Based on open source reporting, the alert calls out a trio of attack campaigns: phishing emails that pretend to be speeding tickets but which instead deliver malware; attackers using stolen or fraudulently obtained digital certificates to “sign” malware; and the cybercrime-extortion group known as the “The Dark Overlord,” which continues to hack into organizations’ websites, hold data for ransom and cause chaos.

Full article here.

From thehackernews.com

Cybercriminals are known to take advantage of everything that’s popular among people in order to spread malware, and Google’s official Play Store has always proved no less than an excellent place for hackers to get their job done.

Yesterday some users spotted a fake version of the most popular WhatsApp messaging app for Android on the official Google Play Store that has already tricked more than one million users into downloading it.
Dubbed Update WhatsApp Messenger, came from an app developer who pretended to be the actual WhatsApp service with the developer title “WhatsApp Inc.”—the same title the actual WhatsApp messenger uses on Google Play.

Full article here.

from zdnet.com

Downloads of a popular Mac OSX media player and an accompanying download manager were infected with trojan malware after the developer’s servers were hacked. Elmedia Player by software developer Eltima boasts over one million users, some of whom have may have also unwittingly installed Proton, a Remote Access Trojan which specifically targets Macs for the purposes of spying and theft. Attackers also managed to compromise a second Eltima product – Folx – with the same malware. The Proton backdoor provides attackers with an almost full view of the compromised system, allowing the theft of browser information, keylogs, usernames and passwords, cryprocurrency wallets, macOS keychain data and more.

Full article here.

From www.zdnet.com

Malicious Minecraft-based Android apps have been uncovered in the Google Play store which compromises devices for the creation of botnets. On Wednesday, researchers from Symantec said that eight apps hosted on the store were infected with the Sockbot malware, with an install base ranging from 600,000 to 2.6 million devices. In a blog post, Symantec said the apps managed to worm their way into the official Google Play Android app store by posing as add-on functionality for the popular Minecraft: Pocket Edition (PE) game. They are not official Minecraft apps but instead offer “skins” which can be used to modify the appearance of in-game characters. The security team believes the apps were originally aimed at generating illegitimate ad revenue. One of the apps was observed connecting to a C&C server for orders to open a socket using SOCKS before connecting to a target server, which gave the app a list of ads and metadata to launch ad requests.

Full article here.