Latest News

2020/05/26

That used or refurbished Android phone might be unsafe: 6 things to know

With flagship phones like the Samsung Galaxy S20 Ultra and iPhone 11 Pro costing over $1,000, it's more tempting than ever to pick up a bargain, refurbished phone. But while you can pick up a used Samsung Galaxy, Sony or HTC phone that's of good quality for a very low price, is it actually safe to use these phones?

Phones released years ago run outdated versions of Android. That may well mean that they don't have critical security updates that can keep you -- and your data -- safe from prying eyes. If you're concerned about security and privacy on your previously owned phone, here are some things you should conside
Source: www.cnet.com
2020/05/26

Security News This Week: Look Out for This Covid-19 Excel Phishing Scam

THE COVID-19 PANDEMIC has provided boundless opportunities for scammers since January at least. But a group of fraudsters known as Scattered Canary has reached new depths, ripping off state unemployment systems for millions of dollars just as funds are running dangerously low.

It's not all bad news, though. For the past several months, the FBI has once again been pressuring Apple to undermine its encryption so that it could get into a mass shooter's iPhones. And just as it did in 2016, the agency ultimately relented after it was able to determine the passwords on its own. Go figure!
2020/05/21

WolfRAT Android Malware Targets WhatsApp, Facebook Messenger

A new Android malware family has been discovered, which targets popular messaging apps like WhatsApp and Facebook Messenger to gather intelligence on Android victims.

The malware, dubbed WolfRAT, is under active development, and was recently identified in campaigns targeting Thai users. Researchers assess with “high confidence” that the malware is operated by Wolf Research, a Germany-based spyware organization that develops and sells espionage-based malware to governments.

The chat details, WhatsApp records, messengers and SMSs of the world carry some sensitive information and people choose to forget these when communications occur on their phone,” said Warren Mercer, Paul Rascagneres and Vitor Ventura, researchers with Cisco Talos, in a Tuesday analysis. “We see WolfRAT specifically targeting a highly popular encrypted chat app in Asia, Line, which suggests that even a careful user with some awareness around end-to-end encryption chats would still be at the mercy of WolfRAT and it’s prying eyes.
2020/05/21

EasyJet reveals cyber-attack exposed 9M customers' details

EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyber-attack on the airline.

The company said on Tuesday that email addresses and travel details were accessed and it would contact the customers affected.

Of the 9 million people affected, 2,208 had credit card details stolen, easyJet told the stock market. No passport details were uncovered.

Those customers whose credit card details were taken have been contacted, while everyone else affected will be contacted by 26 May.
2020/05/19

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol?
Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.
Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655.
In the latest report shared with The Hacker News, Check Point researcher disclosed that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function "PathCchCanonicalize," unchanged.