<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=156961&amp;fmt=gif">
Threat Thursday Blog Header

#ThreatThursday |  3rd October 2019 | Cyber Security Updates

A little late to the party this week, Threat Thursday becomes a belated Threat Friday as we run down the week’s latest cyber threats.

This week, cyber security enthusiasts have discovered a WhatsApp exploit, cyber security criminals have stolen your valuable data and the National Cyber Security Centre wants you to check your VPN.

WhatsApp Coming over the Hill - is it a Malware?

A self-described security researcher by the online moniker of ‘Awakened’ has found a WhatsApp exploit, which threatens Android users of the popular messaging app. It starts with the attacker sending a malicious gif to the recipient.

Explaining the attack from his post on GitHub, Awakened claims that sending the malicious gif as an attachment allows it to lie near-dormant on the victim’s phone. When the victim next opens their WhatsApp media library, the software plays previews of every media file available, triggering the malicious gif and allowing a Remote Code Execution attack; allowing the user to access the infected device and make changes to available data.

That’s the laymen’s explanation at least – Awakened (how cool is that name, by the way?) goes into much more technical detail on his post here.  

It’s worth noting that Awakened only discovered this vulnerability, and the malware discussed here is entirely rhetorical. Nonetheless, Android took his threat report seriously and patched it in Android version 2.19.244. Make sure you’ve downloaded the latest version if you don’t fancy having your device compromised.

Hacker of Significant Fame to Blame for Data Obtained from Gaming Domain

218 million users are thought to have had their data compromised in an attack on game developer Zynga.

The company behind such popular mobile and social games as Farmville, Words with Friends and Draw Something, Zynga first acknowledged the breach on September the 12th, stating names, email addresses, login IDs, account IDs, connected Facebook accounts, phone numbers, requested password reset tokens and (deep breath) passwords had all been compromised. It wasn’t until earlier this week that Pakistan-based hacker Gnosticplayers (whose name isn’t anywhere near as cool as Awakened’s) claimed to be the mastermind behind the hack.

This isn’t Gnostic’s first rodeo – in fact, he’s compromised no less than 38 companies during his tenure of technological terror, with all their details inevitably finding themselves for sale on Dark Web forums. Yet there’s equal blame to be placed on Zynga, whose passwords were found to be stored in cleartext; a format with zero security and, in this technological age, an unthinkable solution for personal data storage.

Naturally, if you’re a player of Farmville, Draw Something, or any other Zynga-published games, now’s the time to seriously review your password habits and potentially make some changes to yours.

NCSC and GCHQ Suggest Fixing Your VPN PDQ

The National Cyber Security Centre have warned government agencies and big business owners of exploits discovered in VPNs. The VPNs, from Pulse Connect, Palo Alto and Fortinet, are thought to be vulnerable to a number of security flaws - including one remote code execution bug, found in Palo Alto’s GlobalProtect products.

The NCSC suggests that state-sponsored hackers are likely to make use of these vulnerabilities, and warns users of these VPNs to check their VPN logs for anything suggesting a compromised account – especially if access took place from unusual IPs and at odd times of the day.

Patches for these vulnerabilities have since been made available, so be sure to download yours and check your logs; any suspicious activity before the patches were installed might indicate a breach.

Information on assessing and actioning potential threats to your VPN can be found on the NCSC website here.

And Now, Some Good News - Courtesy of Google

Google’s Password Checkup browser extension, now serving over 1 million users worldwide, has been incorporated into its password manager – available for Android, the Google Web dashboard, and coming soon to Chrome.

This app helps users improve their password security by informing them weak and overused passwords, and provides warnings if any of their account details have been compromised in third-party breaches.

Earlier this week, Google teamed up with Harris Poll to release a study into the password habits of American account users. Perhaps unsurprisingly, 75% claim they’re ‘frustrated’ at trying to keep track of passwords, while almost a quarter are still relying on some classically bad ones, including “Qwerty”, “Admin”, “Password”, and the ever-reliable “123456”. Oh dear.

You're no doubt familiar with our regular advice, but it never hurts to reiterate. Use best practice when creating passwords, keep your software and hardware updated, and keep watching the Mirus blogs for more on the latest security threats.

Want a review of your company’s cyber security?

Our FREE Cyber Security Assessment will pinpoint the gaps in your protection, with solutions that support your security and strategy. Call us today to arrange yours.



Would you like to comment, or leave your thoughts?

Recent Posts