News
01 Dec 2017

The Friday Tech Takeaway - 01.12.17

 

77%​ ​of​ ​433,000​ ​sites​ ​use​ ​vulnerable​ ​JavaScript​ ​libraries

If you carry at least one known vulnerability, you likely carry more. 51.8% of vulnerable sites carry more than one known security vulnerability. While the majority of those sites carry one or two, the long-tail is scary. 9.2% of sites carry libraries with a combined four or more known security vulnerabilities. https://snyk.io/blog/77-percent-of-sites-still-vulnerable/

World's biggest Botnet sends 12.5 million emails with Scarab ransomware

A massive malicious email campaign that stems from the world's largest spam botnet, Necurs, is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. https://labsblog.f-secure.com/2017/11/23/necurs-business-is-booming-in-a-new-partnership-with-scarab-ransomware/

Facebook bugs allows anyone to delete your photos

Pouya Darabi, an Iranian web developer, discovered and reported a critical yet straightforward vulnerability in Facebook earlier this month that could have allowed anyone to delete any photo from the social media platform. https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html

Google detects Android spyware for WhatsApp and Skype calls

Google Play Protect—a security feature that uses machine learning and app usage analysis to check devices for potentially harmful apps—recently helped Google researchers to identify a new deceptive family of Android spyware that was stealing user information.  https://security.googleblog.com/2017/11/tizi-detecting-and-blocking-socially.html

New Mirai Botnet variant found Targeting ZyXEL devices in Argentina

Researchers have discovered an increase in traffic scanning ports 2323 and 23 from hundreds of thousands of unique IP addresses from Argentina in less than a day. The targeted port scans are actively looking for vulnerable internet-connected devices manufactured by ZyXEL Communications using two default telnet credential combinations—admin/CentryL1nk and admin/QwestM0dem—to gain root privileges on the targeted devices. http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickly-on-port-23-and-2323-en/

macOS High Sierra bug lets anyone gain root access without password

If you own a Mac computer and run the latest version of Apple's operating system, macOS High Sierra, then you need to be extra wary. A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk. https://thehackernews.com/2017/11/mac-os-password-hack.html

22-year-old hacker pleads guilty to 2014 Yahoo hack, admits helping Russian intelligence

Karim Baratov, a 22-year-old Kazakhstan-born Canadian citizen, has pleaded guilty to hacking charges over his involvement in massive 2014 Yahoo data breach that affected three billion Yahoo accounts. In March, the US Justice Department announced charges against two Russian intelligence officers (Dmitry Dokuchaev and Igor Sushchin) from Russia's Federal Security Service (FSB) and two hackers (Alexsey Belan and Karim Baratov) for breaking into Yahoo servers in 2014. https://www.justice.gov/opa/pr/canadian-hacker-who-conspired-and-aided-russian-fsb-officers-pleads-guilty

Hackers exploit recently disclosed Microsoft Office Bug

A recently disclosed severe 17-year-old vulnerability in Microsoft Office that lets hackers install malware on targeted computers without user interaction is now being exploited in the wild to distribute backdoor malware. First spotted by researchers at security firm Fortinet, the malware has been dubbed Cobalt because it uses a component from a powerful and legitimate penetration testing tool, called Cobalt Strike. https://blog.fortinet.com/2017/11/27/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability

Cryptocurrency mining scripts run after you close your browser

It is now possible for some websites to keep their cryptocurrency mining JavaScript secretly running in the background even when you close your web browser. Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor's PC to mine Bitcoin or other cryptocurrencies. https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/

Want to rid your PC of HP Bloatware? Here’s how

Multiple HP customers from around the world are reporting that HP has started deploying a form of "spyware" onto their laptops—without informing them or asking their permission. The application being branded as spyware is actually a Windows Telemetry service deployed by HP, called "HP Touchpoint Analytics Client," which was first identified on November 15. https://thehackernews.com/2017/11/hp-computers-telemetry-data.html

Uber lawsuits pile up

On Monday, the city of Chicago and Cook County filed a lawsuit asking the court to fine Uber $10,000 a day for each violation of a consumer's privacy. The suit contends Uber took much too long to report the breach. Then on Tuesday, Washington State Attorney General filed a consumer protection lawsuit against Uber, asking for penalties of up to $2,000 per violation. The lawsuit alleges that at least 10,888 Uber drivers in Washington were breached, so the lawsuit could result in millions of dollars of penalties. https://www.darkreading.com/attacks-breaches/lawsuits-pile-up-on-uber/d/d-id/1330530

Russia to launch backup DNS system by August 2018

The Russian government is currently discussing plans to build its own "independent internet infrastructure" that will be used by BRICS member states — Brazil, Russia, India, China, and South Africa. The plan was part of the topic list at the October meeting of the Russian Security Council, and President Vladimir Putin approved the initiative with a completion deadline of August 1, 2018, according to Russian news agency RT (formerly Russia Today). https://www.rt.com/politics/411156-russia-to-launch-independent-internet/