• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » News » Cyber Security News Update 11/10/2017

Cyber Security News Update 11/10/2017

2017-11-10 by Max

As the week wraps up, there’s plenty of cyber security news to go around.

The Android Eavesdropper vulnerability may affect more then 170+ million users who’ve downloaded compromised applications Appthority reports. At least 700 apps in the Android app store are affected by the vulnerability, and they’ve been downloaded millions of times. The vulnerability originates from the way the affected applications are written, they have developer credentials hard-coded into them. This goes against established best practices because it leads to security risks and increased vulnerability. The Eavesdropper vulnerability gives attackers access to a treasure trove of personal data, historical call records, texts and MMS messages. Unfortunately there’s no recourse for those who’ve had their data exposed by Eavesdropper, users are cautioned to protect themselves by checking whether or not the apps on their phones are among those effected.
Source: Eavesdropper Vulnerability Exposes Hundreds of Mobile Apps

Tens of millions of dollars in Ether remains frozen due to user error, which ended up trapping the funds in the Parity wallet. By modifying the code in the wallet, the user managed to lock away up to $100 million dollars in ether. An emergency update by the developers has temporarily made the cryptocurrency available again, and they’ve issued a new version of the code that hopefully stops this soft of thing from happening. This is not the first bug that Parity has had to overcome, in July ~$30 million of ether was stolen due to another vulnerability in the wallets code.
Source: HUNDREDS OF MILLIONS IN DIGITAL CURRENCY REMAINS FROZEN

Another cyber attack tool from Vault 8 has been released. We’ve previously covered the various tools and programs in Vault 7, and there hasn’t been a major release in a while. The program released is Hive, specifically WikiLeaks released the source code for it. Hive is the controller software for the other attack programs and utilities in Vault 7. Vault 7 was the actual programs used by the CIA & NSA to prosecute their cyber attacks, Vault 8 will be about the backbone and support programs that facilitate those released as part of Vault 7. Hive is a multi-function program that sets up an infrastructure that allows several users to work with it at once and helps to prevent attribution. What this means is that Hive works to set up chains of evidence that lead investigators away from the attack being linked to the CIA or NSA. It does this by setting up fake websites, spoofing location data, and other useful tricks. Hive also works to disguise the other programs, by implanting falsified security certificates in infected devices. Attack programs read as coming from Kaspersky Labs, or other trusted cyber security developers. This capability to modify the certificates with trusted ones is a very strong method for covering your tracks, as anti-virus software would have difficulty tracking down the attack program. Worse, if Hive is capable of seeing what sort of programs are on an infected device it may modify the certificates of the attack programs to match those of other programs on the infected device. This would further stump anti-virus software, and make it difficult to clean out an infected device.
Source: Vault 8: WikiLeaks Releases Source Code For Hive – CIA’s Malware Control System

Filed Under: News

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Offers

Artistic Checks VPN

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Malaysia Airlines Reports Data Breach

Intelligence Manager – Emerging Threats

Email Scam Impersonates Your HR Department

FTC Warns of COVID Vaccine Scam Text Messages

Weak Password At SolarWinds: Saturday Sitrep

IPVanish

IPVanish VPN

Cyber Security News

Malaysia Airlines Reports Data Breach

… [Read More...] about Malaysia Airlines Reports Data Breach

Email Scam Impersonates Your HR Department

… [Read More...] about Email Scam Impersonates Your HR Department

Microsoft Releases Open Source Tool to Root Out SolarWinds Malware

… [Read More...] about Microsoft Releases Open Source Tool to Root Out SolarWinds Malware

French Ministry of Health Warns of Stolen Hospital Worker Credentials

… [Read More...] about French Ministry of Health Warns of Stolen Hospital Worker Credentials

More Cyber Security News

Tags

amazon Android app Apple bitcoin China chrome CISA credit card Cyber Attack DHS Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware Romance Scam Russia smartphone tax scam TikTok tutorial VPN WhatsApp WiFi Windows

Government

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

Texas DOT Hit by Ransomware Attack

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2021 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version