Information Security

Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim's device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help people share video, music, files, and apps across various devices. With more than 500 million users, the SHAREit Android app was found vulnerable to a file transfer application's authentication bypass flaw and an arbitrary file download vulnerability, according to a  blog post  RedForce researchers shared with The Hacker News. The vulnerabilities were initially discovered over a year back in December 2017 and fixed in March 2018, but the researchers decided not to disclose their details until Monday "given the impact of the vulnerability, its big attack surface and ease of exploitation."

A new Emotet Trojan variant has been observed in the wild with the added ability to hide from anti-malware software by embedding malicious macros used to drop the main payload inside XML files disguised as Word documents. Emotet (also known as Geodo or Heodo) is a modular Trojan developed by the Mealybug threat group and used by attackers to infect targets via spam e-mails, leading to the theft of financial information such as bank logins or cryptocurrency wallets. The Trojan is also designed to act as a carrier conduit for other banking Trojans or for information-stealing and highly-customizable modular bots such as Trickbot. Hides in plain sight Menlo Security detected a new variant of the Emotet Trojan active since mid-January, which obfuscates the initial infection VBA macro code to minimize anti-malware detection levels. The Menlo Security research team observed two variants of the malware distributed by the mid-January campaign. The first which accounted for 80% of

All these numbers…. "More than 5 billion records from 6,500 data breaches were exposed in 2018" — a report from Risk Based Security says. "More than 59,000 data breaches have been reported across the European since the GDPR came into force in 2018" — a report from DLA Piper says. …came from data breaches that were reported to the public, but in reality, more than half of all data breaches actually go unreported. Now, a new set of databases containing millions of hacked accounts from several websites has been made available for sale on the dark web marketplace by the same hacker who goes by online alias Gnosticplayers. Gnosticplayers last week made  two rounds of stolen accounts  up for sale on the popular dark web marketplace called  Dream Market , posting details of nearly 620 million accounts stolen from 16 popular websites in the first round and 127 million records originating from 8 other sites in the second. The third round, which the hacker told The Hack

Apple believes in your right to privacy . Here is some advice on how to use the tools it has given you to protect your privacy on an iOS device. Use a better passcode You probably already use a 4-digit passcode, but you can improve that with a 6-digit or alphanumeric code. You change this in  Settings>Touch ID/Face ID & Passcode , select  Change Passcode  and then tap the small  Passcode Option s dialog. Alphanumeric codes are harder to decipher, just make sure you remember the code. Once you have protected your device with a solid passcode, it makes more sense to use Touch ID or Face ID, unless security policy forbids you doing so. Erase Data What happens if someone gets their hands on your device and wants to get at the data it contains? Given there are just 10,000 combinations for a 4-digit code (and many more passcodes start with ‘1’, rather than any other number), it makes sense to at least reduce the number of chances a miscreant has of guessing your numbe