1. North Korean malware skulking in computer networks
Recently, a malware developed in North Korea, is creating havoc in multiple desktops, giving the hackers backdoor access to different organizations from government, financial, automotive or media. Department of Homeland Security warned an alert for illegal activity by “Hidden Cobra” hacker group. It is also known as “Lazarus” group. Earlier, US officials blamed this group for a series of cyber-attacks dated back to 2009, which was apparently linked to Pyongyang government.
2. OnePlus vulnerability allows Root Access without Unlocking Bootlocker
OnePlus users have another bad news. It is not even a month when OnePlus was caught collecting personal information of its users. This company has been found with vulnerability on almost all OnePlus handsets. A Twitter user, Elliot Anderson first found this exploit in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices. The application named “Engineer Mode” is made by Qualcomm for device manufacturers to test all hardware components of the device.
3. Boeing 757 hacked by DHS team
Industry experts, mostly led by DHS officials, remotely hacked a parked Boeing 757 plane at an airport in Atlantic City, New Jersey. The incident happened in September 2016 and the experiment was properly planned. The plane was owned by DHS and the pilots had no prior intimation about the research team who was trying to break into the plane. The DHS-led team said they didn’t have internet access with any system on the plane and everything was done remotely through “radio frequency communications.” The entire process took only two days.
4. Star Wars Quotations were Incorporated into Attack Requests by Spam Bots
Several thousand spam bots incorporated quotations from a Star Wars novel into the attack messages they sent out to their targets. The assault began on 10 October 2017. 33 unrelated domains on security CDN Incapsula’s network received approximately 275,000 WinHTTP POST requests leading up to 16 October. The next week, those numbers jumped up to 60 apparent targets and nearly one million requests.
5. Critical Emergency Patch for JoltandBleed by Oracle
Oracle published an emergency update for vulnerabilities that are affecting numerous products relying on its Jolt protocol. The bugs were found by ERPScan researchers who named the vulnerabilities as JoltandBleed. Apparently these vulnerabilities are serious, with two of the bugs scoring 9.9 and 10 on the CVSS scale. The affected products also include Oracle PeopleSoft Campus Solutions, Human Capital Management, Financial Management and Supply Chain Management and other products as well using the Tuxedo 2 application server.