Top five news
1. New Rapidly Growing IoT Botnet Threatens to take down the Internet
Dubbed ‘IoT_reaper,’ first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits vulnerabilities in various IoT devices and enslaves them into a botnet network.
IoT_reaper malware currently includes exploits for nine previously disclosed vulnerabilities in IoT devices from following manufacturers:
• Dlink (routers)
• Netgear (routers)
• Linksys (routers)
• Goahead (cameras)
• JAWS (cameras)
• AVTECH (cameras)
• Vacron (NVR)
Read more: http://bit.ly/2xZ2HXO
2. Google Play Store Launches Bug Bounty Program to protect popular Android Apps
Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps.
Dubbed “Google Play Security Reward,” the bug bounty program offers security researchers to work directly with Android app developers to find and fix vulnerabilities in their apps, for which Google will pay $1000 in rewards.
Read more: http://bit.ly/2hY9if4
3. Microsoft Kept Quiet About 2013 Bug Database Hack
A cyber-attack by a notorious hacking group back in 2013 compromised highly sensitive information on unfixed Microsoft vulnerabilities, data which could have been used to devastating effect, it has emerged.
Microsoft is said to have discovered the breach in early 2013 after a sophisticated hacking group dubbed Wild Neutron also attacked Apple, Facebook, Twitter, and others.
It’s unclear whether said group is state-sponsored, although it’s high skill levels and solid operational security – which has enabled it to keep a relatively low profile over the years
Read more: http://bit.ly/2xfSTZQ
4. 88% of Java Apps Vulnerable to attacks from known security defects
In its 2017 State of Software Security Report, the firm reviewed application security testing data from scans of its base of 1400 customers, discovering that 88% of Java applications contain at least one vulnerable component, making them susceptible to widespread attacks.
A cause of the problem, in part, is that fewer than 28% of companies carry out regular analysis to see which components are built into their applications, Veracode claimed.
“The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications – making many of them breachable with a single exploit,” said Chris Wysopal, CTO, CA Veracode.
Read more: http://bit.ly/2zwtY4R
5. GCHQ Collects Mass Social Media Data on Millions in UK—Report
Privacy International (PI), a privacy watchdog, claims to have documents that show that the spy agency collected and continues to access social-media information from private companies’ databases. It also has mounted litigation to expose the practice, challenging the right of the UK government to have such access.
PI said that it has obtained letters that confirm that “inappropriate and uncontrolled/uncontrollable sharing with industry third parties” is ongoing, without any proper oversight. It also alleges that government contractors have system access rights which could allow them to enter an agency’s system, extract data and then cover their tracks
Read more: http://bit.ly/2yIc7ug
Read more on eScan Blogs – http://blog.escanav.com/