Weekly Cybersecurity News
Ayushman Singh
Community Manager
We share this week’s important news of current events in the world of cybersecurity that directly or indirectly impact our lives as well as operations of businesses, various institutions and organizations, and governments-nation states in this highly digitalized and interconnected world.
New Wpeeper Android malware hides behind hacked WordPress sites:
Wpeeper is a newly discovered Android malware utilizing compromised WordPress sites to hide its command and control servers. It can steal various data from infected devices and poses risks like identity theft and financial fraud. Users should stick to official app stores and keep security features like Google Play Protect enabled to mitigate such threats.
Security bugs in popular phone-tracking app iSharing exposed users’ precise locations:The security vulnerabilities in the iSharing app are quite concerning, especially considering the large user base it has. It’s fortunate that the researcher was able to identify these flaws and that iSharing took prompt action to fix them. It’s essential for companies handling sensitive data, such as location information, to prioritize security measures to protect their users’ privacy.
Smart gadgets: Tougher rules for sellers of internet-enabled devices in the UK:The UK has implemented a new law to regulate the security of internet-connected devices, known as “smart” gadgets. The law mandates stronger password practices, clear bug reporting procedures, and transparency regarding support duration for these devices. It aims to protect consumers from cyber threats and incentivize manufacturers to prioritize cybersecurity.
Over a billion users could be at risk from keyboard logging app security flaw:The article discusses a security flaw in keyboard apps used by many Chinese mobile manufacturers, potentially exposing over a billion users to data interception. Keystrokes were transmitted without encryption, making them vulnerable to malicious third parties. While most manufacturers have addressed the issue, some are still working on fixes. Users are advised to update their devices and use secure keyboard apps to mitigate risks.
Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools:This extensive compilation of cybersecurity news covers various threats, vulnerabilities, and trends in the field. It discusses emerging cyber threats, including AI-powered phishing attacks, ransomware tactics, and malware exploits. Additionally, it provides insights into recent data breaches, vulnerabilities in software and hardware systems, and recommendations for mitigating cyber risks. The articles emphasize the importance of adopting advanced security measures, such as AI-powered solutions and zero-trust architectures, to safeguard against evolving cyber threats.
Most people still rely on memory or pen and paper for password management:A survey on password management practices revealed that many people still rely on insecure methods like memory or pen and paper. The study found that a significant portion of respondents reuse passwords across multiple accounts and use personal information in their credentials, posing cybersecurity risks. Despite confidence in identifying phishing attacks, users exhibit risky behaviors like accessing data on public networks. However, there’s a positive trend in adopting password managers and two-factor authentication, indicating increased awareness of cybersecurity. Additionally, the survey highlights growing interest in passkeys as a potential alternative to passwords, although concerns about privacy and security persist.
Surge in fraud for those 60 or older costs them billions, FBI says:The FBI’s elder fraud report reveals that fraud schemes targeting elderly Americans cost victims over $3 billion in 2023. Tech support scams were the most prevalent, followed by personal data breaches and confidence schemes. Cryptocurrency was frequently used in these crimes, with losses totaling over $1.1 billion. Investment fraud was the costliest, followed by tech support scams. The FBI urges victims not to hesitate in reporting such crimes.
Microsoft warns of “Dirty Stream” attack impacting Android apps:Microsoft has identified a new Android attack called “Dirty Stream,” exploiting flaws in Android’s content provider system. This allows malicious apps to overwrite files in other apps’ directories, potentially leading to code execution and data theft. Over four billion app installations, including Xiaomi’s File Manager and WPS Office, are vulnerable. Microsoft collaborated with affected companies to deploy fixes, and Google updated its security guidance. Users should keep apps updated and avoid unofficial sources.
Published on Medium
