- 15-Year-Old macOS security flaw leads to full system compromise
One security researcher started a Twitter storm on the New Year’s Eve stating “One tiny, ugly bug. Fifteen years. Full system compromise”. Apple had multiple security disasters in 2017 and it seems that the company is greeting the New Year with more security vulnerabilities. Unlike the macOS root vulnerability, the latest security flaw isn’t that severe but shows that Apple has been sloppy when it comes to software security.
- FOREVER 21 says POS Systems exposed customer data for 8 months
Renowned fashion retailer Forever 21 has recently confirmed a breach happened in November resulted in the theft of credit card data belonging to an undisclosed number of customers. The company had stated that a lack of encryption used on some of its point-of-sales payment terminals could have resulted in unauthorized access to payment card data. In the latest update, Forever 21 mentioned that affected PoS terminals allowed hackers to install malicious software for nearly eight months in 2017.
- VMWare issues 3 critical patches for VSPHERE Data Protection
VMware, a subsidiary of Dell Technologies, released several patches recently fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. The bugs address three vulnerabilities in VMware’s vSphere Data Protection (VDP), a backup and recovery solution used with its vSphere platform. According to the company, a remote attacker could exploit the vulnerabilities and take control of an affected system.
- Devices Running GoAhead Web Server Prone to Remote Attacks
A vulnerability affecting all versions of the GoAhead web server prior to version 3.6.5 can be exploited to achieve remote code execution (RCE) on Internet of Things (IoT) devices. GoAhead is a small web server employed by numerous companies, including IBM, HP, Oracle, Boeing, D-link, and Motorola, is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices.
- Google Play spotted 36 malicious apps advertised as security tools
36 malicious apps on Google Play are posing security threats. These apps were advertised under names of Security Defender, Security Keeper, Smart Security, Advanced Boost etc. Their true purpose was to steal user information and bombard them with ads and pop-ups.
- Major flaw in millions of Intel chips revealed
A serious flaw in the design of Intel’s chips will require Microsoft, Linux, and Apple to update operating systems for computers around the world. It is believed to affect chips in millions of computers from the last decade. The UK’s National Cyber Security Centre (NCSC) confirmed that they were unaware of the issue and the patches have been produced. In response, Intel said the issue was not limited to its processors and that it was working on a fix. Refer to eScan blog here: https://bit.ly/2E9vgoG
- Crypto Currencies hijacked by North Korean hackers
In order to mine cryptocurrencies, North Korean hackers are hijacking computers looking for cash under tougher international sanctions. A hacking unit called Andariel seized a server at a South Korean company in 2017 and stole almost 70 Monero coins – worth about $25 000 till December 29, 2016, says the report.
- Critical Microprocessor flaws affect nearly every machine
After a speculation of the design flaw in Intel processors, security researchers announced a full disclosure of the new and widespread class of attacks affecting most computers worldwide. Researchers from Google’s Project Zero Team, Cyberus Technology, Graz University of Technology, University of Pennsylvania and the University of Maryland, Rambus, and University of Adelaide and Data61, found critical flaws in a method used by most modern processors for performance optimization that could allow an attacker to read sensitive system memory, which could contain passwords, encryption keys, and emails, for example.
- Aadhaar data breach: UIDAI must address privacy concerns urgently
A report in The Tribune on Thursday revealed that access to any Aadhaar holder’s details could be gained, through a mere payment of Rs. 500, via an anonymous service on Whatsapp. As per the report, the payment allowed the person to be designated as an ‘agent’, which in turn granted him access to the grievance redressal system.
