Share Blog post
Recently, Google's security team discovered Tizi — a new strain of Android malware. This has been used primarily to target users in African countries. Categorized as spyware, Tizi can carry out a wide range of operations, but most focus on social media apps and activity.
The malware abuses a decade and half old vulnerability of Microsoft Office. Analysis of CVE-2017-11882 shows that the infamous Cobalt relies on the flaw to send compromised documents to high-value targets such as banks and financial institutions. The spam email poses as a notification from Visa about some rule changes in its payWave service in Russia.
Adobe Flash-Player has released important security updates for Windows, Linux, and MacOS. These updates address critical flaws which could lead to code execution. The versions below 18.104.22.168 can be exploited with 'Out-of-bounds' read and 'Use-after-free' vulnerability that can lead to remote code execution.
In a startling discovery, researchers have come across ways to remotely turn on a phone’s microphone and eavesdrop from anywhere in the world. If the VoIP phone has a webcam, they could also turn that on without anyone’s notice.
The open-source DNS software vendor — PowerDNS — has buggy products ‘Authoritative’ and ‘Recursor’ that require patching as five bugs related to this have been spotted recently. These bugs can allow hackers to gain control of the DNS records and use them for something nasty.
The US government has charged three Chinese nationals with cybercrime offenses and were accused of hacking into Moody's Analytics, Trimble, and Siemens. They are believed to be employees of a cybersecurity firm in Guangzhou and work closely with China’s Ministry of State Security.
Bulletproof Coffee breached
The company behind the trendy energy-boosting, butter-infused java — Bulletproof Coffee — said it has suffered a data breach, compromising the personal and financial details of its customers. It admitted that from May 20 to October 19 of this year, hackers accessed sensitive personal information entered when purchasing stuff online.
Posted on: November 28, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...