Chinese phones are a hazard for India – eScan

Chinese phones - a hazard for India

Chinese phones – a hazard for India

Are Chinese phones spying on your mobile data?

According to the Government of India, mobile phones particularly smartphones are playing a crucial role in achieving the goals of Digital India and have achieved a penetration of 65-75 percent. Indian Cellular Association (ICA), a body of mobile handset companies operating in India; has mentioned that the mobile handset industry is “deeply cognizant” of the security requirements of the nation.

About 54% of the Indian smartphone market has been cornered by Chinese phones companies are making their way to the fastest-growing smartphone market in the world. As per a recent Confederation of Indian Industry study, Chinese investment in the electronics and information technology products sector is worth nearly $22 billion. There is a growing suspicion that Chinese Phones manufacturers might be accessing consumer data from the smart-phones / devices, without user permission and sending it to Chinese servers which is out of Indian jurisdiction. Keeping this in mind, Government of India has recently ordered as many as 21 phone makers, including leading Chinese brands to give “detailed, structured written response” on how they secure data and ensure its safety and security.

As per recent reports, a Chinese mobile device company; One Plus has been collecting user data without their consent. It has been mentioned that the company collects its handset users’ IMEI numbers, mobile network names, MAC addresses, and IMSI prefixes among other information specifically related to WI-FI information, App Access and Screen active timestamps. Furthermore, no provision has been made for the users to disable this telemetry data collection.

It is not just the Mobile device manufacturers we have to be wary of but also the app developers. Mobile Apps have been aggressively developing apps which require permissions to access the sensitive information under the garb of assisting their referral programs or better user experience.

Does it imply that we should be raising our guards the moment a device manufacturer or an app developer transfers the sensitive data to a Chinese controlled server? We have to be judicious in our approach and trust plays an important role in matters concerning privacy. Privacy invariably is protected by the law of the land, but hard evidence is required before we can conclude that the law has been broken.

Malicious Apps have been stealing sensitive data from the devices and storing them on servers, however very recently, researchers discovered a Chinese App for Smartphones, siphoning off with sensitive user data and storing them on private servers. The app in question is the “DU Antivirus Security”, it collected the personal information about its users viz. unique identifiers, contact lists and call logs which was then relayed to two different servers, with one of them belonging to an employee of Baidu. The data was reused commercially by their sister app “Caller ID & Call Block – DU Caller” and as the name suggests is related to providing Caller ID Information.

It’s a long known fact that App Developers have access to user data, furthermore, they use this data for developing and building services, but how much of this is shared with Third-Party is never known unless they suffer some kind of breach or someone stumbles upon it. The third party could be Governments or Advertisement Networks, one cannot be simply sure of this back-door alliance.

It is imperative for all the Governments to wake up to the fact that it’s not just the Device manufactures but also the App Developers who may siphon off the much coveted Citizen’s Personal Information. They also need to introspect about the data being accessed by rogue governments and is the most worrying factor which has had everyone on tenterhooks.

Read more – Blog eScan

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , | Leave a comment

Microsoft patch update released for multiple issues fix – eScan

Emergency Patch Released

Emergency Patch Released

Microsoft patch released for October 2017  as per its monthly update trend. Microsoft patch claimed to have fixed almost sixty-seven security issues including zero-day threats. Microsoft patch includes the bugs in applications like the Windows OS, Internet Explorer, Microsoft Edge, Skype for Business and the Chakra Core browser engine. The most crucial among them is a zero-day threat which got disclosed publicly to attack live targets. Microsoft’s release of patch fixes that too.

The vulnerability of CVE-2017-11826 (as shown in the below list) is an RCE (Remote Code Execution) bug that targets MS Word. Two other bugs namely CVE-2017-8703 and CVE-2017-11777 were undetected in live attacks and became public. Here is the table of all 62 security issues fixed in this month.

Microsoft patch released:

Tag CVE ID CVE Title
Device Guard CVE-2017-8715 Windows Security Feature Bypass Vulnerability
Device Guard CVE-2017-11823 Microsoft Windows Security Feature Bypass
Internet Explorer CVE-2017-11790 Internet Explorer Information Disclosure Vulnerability
Internet Explorer CVE-2017-11810 Scripting Engine Memory Corruption Vulnerability
Internet Explorer CVE-2017-11822 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2017-11813 Internet Explorer Memory Corruption Vulnerability
Microsoft Edge CVE-2017-8726 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2017-11794 Microsoft Edge Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-11816 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2017-11763 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2017-11762 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2017-11824 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2017-8693 Microsoft Graphics Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2017-8718 Microsoft JET Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2017-8717 Microsoft JET Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2017-11776 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2017-11775 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Office CVE-2017-11777 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office CVE-2017-11826 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2017-11825 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office ADV170017 Office Defense in Depth Update
Microsoft Office CVE-2017-11786 Skype for Business Elevation of Privilege Vulnerability
Microsoft Office CVE-2017-11820 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2017-11798 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11799 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11809 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11796 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11797 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2017-11806 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11800 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11808 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11807 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11805 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11804 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11811 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11801 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11802 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11812 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11821 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11793 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2017-11792 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2017-11818 Windows Storage Security Feature Bypass Vulnerability
Microsoft Windows ADV170016 Windows Server 2008 Defense in Depth
Microsoft Windows CVE-2017-11783 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2017-11769 TRIE Remote Code Execution Vulnerability
Microsoft Windows DNS CVE-2017-11779 Windows DNSAPI Remote Code Execution Vulnerability
Microsoft Windows Search Component CVE-2017-11772 Microsoft Search Information Disclosure Vulnerability
Microsoft Windows Search Component CVE-2017-11771 Windows Search Remote Code Execution Vulnerability
Windows Kernel CVE-2017-11784 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-11817 Windows Information Disclosure Vulnerability
Windows Kernel CVE-2017-11814 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-11765 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2017-11785 Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8694 Win32k Elevation of Privilege Vulnerability
Windows Kernel-Mode Drivers CVE-2017-8689 Win32k Elevation of Privilege Vulnerability
Windows NTLM ADV170014 Optional Windows NTLM SSO authentication changes
Windows Shell CVE-2017-8727 Windows Shell Memory Corruption Vulnerability
Windows Shell CVE-2017-11819 Windows Shell Remote Code Execution Vulnerability
Windows SMB Server CVE-2017-11815 Windows SMB Information Disclosure Vulnerability
Windows SMB Server CVE-2017-11782 Windows SMB Elevation of Privilege Vulnerability
Windows SMB Server CVE-2017-11781 Windows SMB Denial of Service Vulnerability
Windows SMB Server CVE-2017-11780 Windows SMB Remote Code Execution Vulnerability
Windows Subsystem for Linux CVE-2017-8703 Windows Subsystem for Linux Denial of Service Vulnerability
Windows TPM ADV170012 Vulnerability in TPM could allow Security Feature Bypass
Windows Update CVE-2017-11829 Windows Update Delivery Optimization Elevation of Privilege Vulnerability

Read more – Blog eScan

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , | Leave a comment

Topic of Discussion this CSAM: Vulnerability vs Risk – eScan

CSAM - Risk vs VulnerabilityCSAM: Vulnerability vs Risk:

Let’s take a review of our online safety practices in this October, which we know as “Cyber Security Awareness Month” (CSAM). Today cybersecurity is a major concern of the entire world and we can secure our digital assets by following some simple basic steps.

1. Protect your accounts’ identity with separate usernames and passwords.

2. Turn on the firewall which is the first line of defense.

3. Use anti-virus software to prevent malware attack and update it regularly.

4. Prevent spyware attacks by installing anti-spyware software.

5. Install the latest OS updates

6. Take your file back-ups regularly

7. Secure your Wi-Fi from intruders

8. Ignore emails from unknown senders and never open those emails

9. Be careful while sharing personal information online

Interestingly, in this (CSAM) awareness month, IT professionals are now brainstorming with a comparative analysis of vulnerability and risk factor in IT security industry. The vulnerability is a weakness in any system/ application which can be violated without any context involved in the impact. On the other hand, a risk is considered as something more than just known vulnerabilities and where any action could result in an impact.

Risk again is independent of vulnerability and enterprises do have risks even if there are no vulnerabilities apparently. If we consider a scenario of a phishing scam, the risk factor lies in opening the spam and the system vulnerability is exploited because of that risk was taken.

Keep fear and emotion aside

We should never forget that security is a service we should be providing, and if any threat snarls, the security professionals should identify the nature and circumstance from where the threat appears. Managing risk is about distinguishing between probability and possibility. Once this distinction is figured out, then actually we can have an itemized list of the risk factors – be it in the network or the system.

Managing Risk

Obviously, there is no golden rule to get through the list of security vulnerabilities, particularly when multiple issues are added to the list before existing ones are resolved. Managing risk is all about being aware of the existing data that you have, why you have it, and how it is stored. Besides, another crucial part of managing risk is to make sure that there is no conversation about risk across the organization.

Lastly, security practitioners should be able to convey the actual risks in such a way that would enable them to build a robust security posture. The data compromise can be inevitable since that is the reality of the digital transformation.

Read more – Blog eScan

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , | Leave a comment

Clickjacking-attacks, Are you aware? – Check list for Facebook users

Clickjacking-Attacks

Clickjacking-Attacks

Clickjacking-attacks, Are you aware?

Yes, clicks can be hijacked too! Clickjacking-attacks are there since 2008 but recently they sprung back to bring the sleepless nights again to the Facebook users with a new wave of Clickjacking attacks.

What is Clickjacking?

Clickjacking-attacks happens once a criminal place any invisible button or some other UI element on the top of an apparently safe web page button. It might read as “Click here to get your holiday voucher” but there is an invisible button on the top which normally –

  • Makes you change your Facebook privacy settings
  • Forces you for “Likejacking” (Nothing but “liking” something that normally you don’t)
  • Tricks you to add yourself as follower for someone non-deserving in Twitter
  • Makes you enable camera/ speaker on your PC

Sometimes the Clickjacking can upload a genuine website and overlay its invisible buttons on top of the website.

How to prevent Clickjacking-attack?

1. Update your Internet browser

If your Internet browser is not updated to the latest version, then you might not stop yourself from getting clickjacked. Hence, you might not get the advantage of rest of the security updates that are part of the latest versions of Firefox, Google Chrome or Internet Explorer. It is wise to update your browser to the latest available versions and even cross-check if there is any more up-to-date version can be installed.

Updating browser plug-ins like Flash is even crucial because few older versions might be vulnerable to Clickjacking attacks. It can be updated by visiting the website of each plug-in maker and download the latest version.

2. Download Clickjacking-attack Prevention Software

There is limited built-in Clickjacking protection in some Internet browsers, whereas some Clickjacking detection plug-ins are available for browsers among which some are free. The two widely known ones are:

I. NoScript which is a free anti-clickjacking Firefox plug-in
II. Comitari which is a Web Protection Suite – Home (Limited Edition)

Prevention of Clickjacking is not only a user-responsibility but also of web application developers. They have a crucial role in stopping the content from being manhandled by Clickjackers. If the users learn on the perils of Clickjacking, then it would be possible for them to recognize the attacks. In addition, it might be possible to make the world free from Clickjackers with the help of coding done by website and web application developers.

Read more – Blog eScan

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , | Leave a comment