Cyber Security News Roundup: Introducing the Daily Edition
Kicking off the week with some tainted anime, fake WhatsApp and some tips for better passwords.
It’s time to kick off another week – the first full week of November – with a new daily feature. The daily news roundup will cover the most interesting stories from the previous day (or in Monday’s case, the weekend). Let us bring the news to you! Of course, we’ll continue on providing our usual content as well. Now there will just be twice as much of it!
So, sit back. And start your Monday off with the most interesting cyber security news from the past weekend:
Crunchyroll delivers Malware
Crunchyroll is a popular anime website, and recently hackers piggybacked on that popularity to try and distribute malware. Over the weekend, the website was hacked and its visitors were prompted to download a new desktop version of the site. The desktop version, as you probably guessed, was riddled with malware. Per Crunchyroll, the website itself was not hacked, rather it was a DNS hijack that redirected users. Fortunately, the issue has been resolved.
[Source: Security Affairs]
Over 1,000,000 Android Users Duped by fake WhatsApp
A fake WhatsApp impostor that was spamming users with ads. The app, named “Update WhatsApp” was housed on the Google Play Store, Android’s app marketplace. It’s unclear whether there was any activity beyond just the spammy ads, but if you’ve made the mistake of downloading this app – which was briefly renamed ‘Dual WhatsWeb Update” before it was removed entirely – you need to go ahead and delete it from your phone. Something else to keep in mind, the app had nearly 4,500 5-star reviews. So those Play Store ratings are pretty worthless.
[Source: HackRead]
Zeus Panda SEO
Search Engine Optimization is the bane of my existence practice of creating and optimizing web pages so they perform well in search results. It’s a murky world full of back-links and concerns over keyword density and proximity. If none of that means anything to you, consider yourself lucky. Anyway, hackers have begun using SEO to get their malicious links ranked higher in search engines. According to Cisco, hackers are currently poisoning the results around banking- and finance-related keywords to distribute the Zeus Panda Banking Trojan. Also, who is naming these things?
[Source: Dark Reading]
TOR Browser Flaw leaks users real IP Addresses
The whole point of the TOR browser is anonymity. Or it was. Until recently, when a flaw was found – called TorMoil – that triggers when a user clicks a local file-based address rather than a web URL. This creates a scenario where, if a user clicks a specially crafted web page, that a direct connection between the user’s OS and the remote host can be made. That connection would bypass TOR and leak the user’s information. This is an extremely narrow vulnerability, and one that will be quickly fixed. As of now TOR says there’s no evidence that this vulnerability is being exploited in the wild.
[Source: ZDNet]
Three Tips for Better Passwords
This last item isn’t so much news as it is sound advice. Nerd Wallet has three tips for creating stronger passwords:
- Start with a complete sentence – longer is better.
- Don’t use real words – drop vowels or only use the first few letters of each word.
- Mix in numbers and symbols – sprinkle them in liberally.
The article concludes by suggesting the use of a password manager. Give the whole thing a read, it’s worth a few minutes.
[Source: Nerd Wallet]
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown