Here we are with our weekly roundup, briefing this week's top cybersecurity threats, incidents, and challenges, just in case you missed any of them.
Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discovery of a new malware evasion technique that works on all versions of Microsoft's Windows operating system.
Besides this, the newly discovered Janus vulnerability in the Android operating system and a critical remote code execution (RCE) vulnerability in Malware Protection Engine (MPE) for which Microsoft released an emergency patch made their places in our weekly roundup.
I recommend you to read the entire news (just click 'Read More' because there's some valuable advice in there as well).
So, here we go with the list of this Week's Top Stories:
Process Doppelgänging: New Malware Evasion Technique
A team of researchers, who previously discovered AtomBombing attack, recently revealed a new fileless code injection technique that could help malware authors defeat most of the modern anti-virus solutions and forensic tools.
Dubbed Process Doppelgänging, the method takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader, and works on all versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10.
To know How Process Doppelgänging attack works and why Microsoft refused to fix it, Read More.
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
A newly discovered vulnerability, dubbed Janus, in Android could let attackers modify the code of Android apps without affecting their signatures, eventually allowing them to distribute malicious update for the legitimate apps, which looks and works same as the original apps.
Although Google has patched the vulnerability this month, a majority of Android users would still need to wait for their device manufacturers to release custom updates for them, apparently leaving a large number of Android users vulnerable to hackers for next few months.
To know more about the vulnerability, how it works and if you are affected, Read More.
Pre-Installed Keylogger Found On Over 460 HP Laptop Models
Once again, Hewlett-Packard (HP) was caught pre-installing a keylogger in more than 460 HP Notebook laptop models that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details.
When reported last month, HP acknowledged the presence of the keylogger, saying it was actually "a debug trace" which was left accidentally, and affected users can install updated Synaptics touchpad driver to remove it manually.
To know how to check if your HP laptop is vulnerable to this issue and download compatible drivers.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://thehackernews.com/2017/12/cybersecurity-hacking-news.html