1.) The first trending news headlines related to Cybersecurity is a malware spread scare in which security researchers confirm that it is being spread on mobile phones by hackers through the Android OS feature called NFC(Near Field Communication). Although Google has issued a fix to this flaw, a recent study carried out by an independent researcher named ShafraNovich says that millions of devices operating on older Android OSes are still vulnerable to a malware attack.
Technically speaking, NFC is meant to transfer data between devices. But the flaw seems to be otherwise offering an entry point to hackers to install notorious apps and malware such as spyware and crypto mining software.
2.) Going forward, a team of security researchers from Upstream has discovered that a 3rd party keyboard app named Ai.type is said to be fraudulently signing up users to illegitimate purchases of premium digital content. News is out that the app has over 40 million downloads so far and an active device number of a million to date. And even though the app has been removed from Google Play Store in June this year, it is still preying on innocent victims by various means and the app is found to be snooping on data such as text messages, photos, videos, contacts of users who downloaded it till date. So, Google has issued a request to all users of Ai.type to delete the app as soon as possible to avoid phony clicks and download malicious content.
3.) Coming to the third news, a team of security researchers from the University of Texas, San Antonio, has found that smart bulbs are proving as access points to hackers for stealing data. For instance, researchers have discovered in their study that hackers could send commands in IR lights to steal data from the bulb or other IoT devices connected to the same network. Note- Usually smart bulbs are equipped with infrared capabilities where threat actors are seen taking control of the invisible wave spectrum to steal data. So, better chose smart bulbs that need a smart WI-fi hub to be on the safer side.
4.) After Wannacry Ransomware attack where hackers from China were seen exploiting flaws from NSA detected Windows Eternal Blue, a British Cybersecurity researcher named Kevin Beaumont claims that hackers have started a mass campaign using the BlueKeep exploit to install crypto-mining malware on Windows machines.
Microsoft has already reacted to the news by releasing a fix to the flaw in May this year. However, it’s being reported that hackers have now found a vulnerability in Windows OS machines by sending specially crafted requests over RDP which can help propagate malware like crypto mining software by overcoming the fix.
5.) Last week, the Perth Anesthetic Group disclosed that it has become a victim to a cyber-attack where hackers managed to infiltrate the database to steal patient records and confidential data.
What’s more concerning the hack is that the threat actors managed to send emails to patients and demanded a ransom for not making their data public.
“As the security breach was detected by the IT staff within two hours after breach, much of the damage was contained”, says Jane McGrath, the Manager of the healthcare group.