Scam Of The Week: Browser AutoFill feature can leak your personal information to hackers
Just like most of you, I too really hate filling out web forms, especially on mobile devices.
To help make this whole process faster,
Finnish web developer and whitehat hacker Viljami Kuosmanen published a demo on GitHub that shows how an attacker could take advantage of the autofill feature provided by most browsers, plugins, and tools such as Password Managers.
Although, this trick was first discovered by Ricardo Martin Rodriguez, Security Analyst at ElevenPaths, in the year 2013, but it seems Google haven’t done anything to address weakness in Autofill feature.
Read full article: https://thehackernews.com/2017/01/browser-autofill-phishing.html
Security Headlines
HealthcareinfoSecurity – A New In-Depth Analysis of Anthem Breach
Seven state insurance commissioners, in a new report on their investigation into the massive cyberattack against health insurer Anthem Inc. in February 2015, offer a detailed account of what happened in the incident, which began with a phishing campaign. They conclude, as had already been widely speculated, that a nation-state was behind the attack, which affected 78.8 million individuals. But they stop short of naming the nation involved.
https://www.healthcareinfosecurity.com/new-in-depth-analysis-anthem-breach-a-9627
BankinfoSecurity – ‘Explosive’ Report Details Alleged Russia-Trump Team Ties
President-elect Donald Trump was briefed last week on a report, prepared by a former Western intelligence official, that includes allegations – none of which have been externally verified – that the Russian government possesses personal and financial information that could be used to blackmail Trump, and that Trump’s team has deep ties to the Russian government, multiple sources report.
https://www.bankinfosecurity.com/explosive-report-details-alleged-russia-trump-team-ties-a-9630
Krebsonsecrurity – Adobe, Microsoft Push Critical Security Fixes
Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software.
Microsoft’s batch includes updates for Windows, Office and Microsoft Edge (Redmond’s replacement for Internet Explorer). Also interesting is that January 2017 is the last month Microsoft plans to publish individual bulletins for each patch. From now on, some of the data points currently in the individual updates will be lumped into a “Security Updates Guide” published with each Patch Tuesday.
https://krebsonsecurity.com/2017/01/adobe-microsoft-push-critical-security-fixes-9/
TheHackerNews – Cellebrite Hacked! Hacker Steals 900GB of Data
The company that sells digital forensics and mobile hacking tools to others has itself been hacked.
Israeli firm Cellebrite, the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker.
But the hacker has not yet publicly released anything from the stolen data archive, which includes its customer information, user databases, and a massive amount of technical data regarding its hacking tools and products.
https://thehackernews.com/2017/01/mobile-hacking-cellebrite.html
CyberHiestNews – LA College District Pays 28 Grand Ransom After Hacker Takes Hundreds of Systems Hostage
Alright, here is another apparent backup failure. Read it and weep. When a malicious hacker locked out 1,800 staff and teachers from their computers at Los Angeles Valley College this week, college administrators faced an agonizing choice: pay a ransom or leave 20,000 students in the lurch. They elected to pay a 28k ransom. In Bitcoins.
Computer systems throughout the Valley Glen campus suffered a massive meltdown Friday that continued through the New Year’s holiday into the start of college’s winter session. While classes that began Tuesday were conducted as usual, 1,800 Valley College administrators and teachers were shut out from hundreds of computers, crippling access to spreadsheets, lesson plans, emails, voicemail, even the LAVC website.
Vendor Information
Sophos – Sophos Mobile 7.0 – What’s New
We’re excited to share some initial details about our plans to announce the new Sophos Mobile version 7 to customers in February 2017. With the full Sophos Mobile feature set now managed in Sophos Central, new management support for Android enterprise (formerly “Android for Work”), extended Office 365 support, and much more, Sophos Mobile 7 is an even better EMM solution for businesses that want to spend less time and effort to manage and secure mobile devices.
For more information about what’s new, please see the knowledgebase article New Features in Sophos Mobile 7.
Timeline:
- 18 January 2017 – Sophos Mobile Control as a server (SMCaaS) upgrade to version 7
- 18 January 2017 – Sophos Mobile 7 for on premise installation generally available to download from MySophos
- 27 February 2017 – Sophos Mobile 7 announcement and public launch
https://community.sophos.com/kb/en-us/125650
Cisco – Cisco buying cloud startup CliQr for $260 million
Cisco is buying San Jose startup CliQr Technologies for $260 million as it continues to boost its cloud offerings, the San Jose networking company said Tuesday.
CliQr was started in 2010 by a couple of former VMware engineers. It makes cloud-management software for companies that are on the hybrid cloud — public and private. A company blog post from April 2015 said it had raised $38 million to date from backers such as Polaris Partners, Foundation Capital, Google Ventures and TransLink Capital.
https://www.siliconbeat.com/2016/03/01/102902/
Security Bulletins from the FBI and DHS
DHS – DHS Announces 2017 Cyber Student Volunteer Initiative
The Department of Homeland Security today announced it will begin accepting applications for the 2017 Cyber Student Volunteer Initiative, inviting current undergraduate and graduate students to support the DHS cyber mission at Department field offices in over 40 locations across the country.
In support of the Department’s goal to expand our cybersecurity workforce and develop future professionals, students will gain hands-on experience and exposure to the cybersecurity work performed across DHS. Selected students learn about the DHS cybersecurity mission and build technical experience in key areas such as cyber threat analysis, digital forensics, network diagnostics, and incident response. They will also participate in mentoring and professional development events with DHS managers and senior leaders.
https://www.dhs.gov/news/2016/12/19/dhs-announces-2017-cyber-student-volunteer-initiative
FBI – Addressing Threats to the Nation’s Cybersecurity
The FBI’s cyber experts are committed to serving the public by meeting cyber challenges head on and imposing consequences on those who victimize the American people through the misuse of computers and networks.
https://www.fbi.gov/file-repository/addressing-threats-to-the-nations-cybersecurity-1.pdf/view