Hackers exploit Microsoft Office vulnerabilities to spread Zyklon malware

Criminals are delivering Zyklon HTTP malware using three vulnerabilities in Microsoft Office that were recently patched. Security researchers at FireEye reported that the malware campaign leveraging the relatively new Office exploits to execute a PowerShell script on the target system to eventually download the final payload, has been spotted in the wild since early 2016, providing threat actors sophisticated capabilities such as a full-featured backdoor capable of keylogging, the ability to execute additional plugins like cryptocurrency miners, conduct distributed denial-of-service (DDoS) attacks, self-update and self-removal. 

These vulnerabilities include:

1. CVE-2017-8759: Patched by Microsoft last October, it works by tricking target into opening a specially crafted file. In the context of the attack described by FireEye, the infected DOC file contains an embedded OLE Object that, upon execution, triggers the download of an additional DOC file from a stored URL

2. CVE-2017-11882 (RCE vulnerability): 17-year-old memory corruption flaw patched in November that works when “upon opening the malicious DOC attachment, an additional download is triggered from a stored URL within an embedded OLE Object.”

3. Dynamic Data Exchange Protocol (DDE): “Dynamic Data Exchange (DDE) is the interprocess communication mechanism that is exploited to perform remote code execution,” researchers wrote. “With the help of a PowerShell script, the next payload is downloaded.”
The attacks are targeting telecommunications, insurance and financial service firms.

Attackers are attempting to harvest passwords and cryptocurrency wallet data along with recruiting targeted systems for possible future DDoS attacks.

The malware is designed to recover passwords from popular web browsers, PC gaming software, and email services among other software. The malware automatically detects and decrypts the license/serial keys of more than 200 popular pieces of software, including Office, SQL Server, Adobe, and Nero, according to a Jan. 17 Trend Micro blog post.

Researchers warned that “Zyklon also provides a very efficient mechanism to monitor the spread and impact.”

Is AI allegedly hacking users’ account?

Recently the leak of a few documents online seems to reveal insight into the computer gaming industry's use of Artificial Intelligence (AI) to increase advertising revenue and gaming deals. The classified documents showed up on Imgur two days back, and have been doing the rounds on Twitter. The leaked documents, if genuine, uncover the startling lengths that the computer game industry will go to with a specific end goal to snoop on gamers using AI.

The archives state that reconnaissance data is accumulated to order detailed profiles about users. As indicated by the reports AI focused on the users' smartphones and utilized inactive listening innovation/technology to connect with the smartphone's microphone, phones are checked to see whether they (users) stay in a similar area for eight hours or more. On the off chance that this is observed to be genuine the subject is set apart as "at home". 

The unsubstantiated documents at that point go ahead to clarify the detailed observing or monitoring that happens inside a user’s home:
 “When in home, monitor area of common walking space. Pair with information about number of staircases gathered from footfall audio patterns. Guess square footage of house.”

A part of the document marked "Example Highlight" at that point goes ahead to clarify how it was chosen that "high bonus gaming sessions during relaxing times are paradoxically not the time to encourage premium engagement."

Around then, users are focused with free rewards, bonuses and "non-revenue-generating gameplay ads." As per the leak, at these circumstances "the AI severely discourages premium ads.”
As though this wasn't sufficient, the AI additionally listens in, for catchphrases as well as for "non word sounds." Examples include microwave sounds and notwithstanding biting and chewing noises, which are utilized to figure whether packaged meals have been consumed.

A section marked "Calendar K" clarifies how psychological manipulation is utilized to coerce users into making purchases. AI may sit tight for players to be tired after long gaming sessions. Can turn around the shade of free and paid game titles (generally blue and red), with a specific end goal to "trick a player into making a buy unintentionally."

Unbelievably though,it gets worse. As indicated by the leaked documents the gaming business industry likewise utilizes hacked data dumps to gather additional information about users. Also a segment marked "Schedule O" even clarifies how the AI gathers side channel data.
For the present however, it remains to be seen whether this information or data dump will end up being genuine or not.

As is dependably the case, we encourage smart phone users to be careful about the applications they install. Continuously check for obtrusive authorizations before consenting to install any application or game. On the off chance that a game requests authorization to utilize the microphone, please remember that this sort of reconnaissance might happen.

As per these leaked documents, AI software may likewise be utilizing previously hacked information and data to pick up passage to outsider or third-party administrations and services. If it happens, at that point the gaming companies might break into auxiliary services to put users under surveillance and develop a detailed profile about them.

For now, these serious allegations still can't seem to be demonstrated valid. Be that as it may, the users are reminded to dependably utilize solid one of a kind passwords for the greater part of their diverse online accounts – to make it substantially harder for organizations and companies to use such practices.

BitTorrent flaw could let hackers take control of Pcs

Torrents are used worldwide by a plethora of users, both for legal as well as illegal activities. It is the most common peer-to-peer mode of file sharing. Even though the popularity of streaming websites is rising at a fast pace, BitTorrent remains a premier source of entertainment content source for a large chunk of people using the web. With the help of tons of popular torrent sites (there are some completely legal ones as well) and BitTorrent clients, people download content.

But that also means that there is no verification of data being transmitted. According to a recent study by Google’s Project Zero, one of the best torrent clients out there, Transmission has been reported to be vulnerable to foreign hacks.

As reported by ArsTechnica, there happens to be a critical weakness in Transmission BitTorrent app that allows websites to execute malicious code on some users’ computers. Tavis Ormandy, a researcher working with Google’s Project Zero vulnerability reporting team, stated that there is a Transmission function that allows users to control the BitTorrent app with their Web browser.
According to Project Zero, the client is vulnerable to a DNS rebinding attack that effectively tricks the PC into accepting requests via port 9091 from malicious websites that it would (and should) ordinarily ignore.

By exploiting this flaw, a hacker can execute all kinds of attacks, including execution of malicious code on the users’ computer.

Ormandy states that his exploit works on popular web browsers such as Chrome and Firefox, and is applicable to both Windows and Linux. Other browsers will almost certainly be vulnerable too.

Last week, the Project Zero researchers published the proof-of-concept attack code. It’s worth noting that Project Zero normally refrains itself from making the details of such flaws public for 90 days or until the fix is released. However, in this case, the flaw was made public only 40 days after the initial report. This happened because the report included a patch to fix the vulnerability but Transmission developers didn’t respond on their private security mailing list.

Play Store Gaming Apps Infected with Malware

An android malware named “AdultSwine” has attacked children-friendly gaming apps in the play store. Over 60 apps have been pulled by Google after recognizing the malware.

The malware causes pornographic content to show on the devices while the infected app is running, aside from trying to get users to install fake security apps and charging for unregistered premium services. The malware reportedly has the ability to steal user credentials.

The malware was discovered by researchers at Checkpoint and the affected apps have since been pulled by Google, and the developers’ accounts banned.

The affected apps have been downloaded as much as 3 to 7 million times, according to Play Store data.

A comprehensive list of affected apps and related research can be found on Checkpoint’s research blog. Google will continue to send notifications to phones that have the affected apps installed.

Blackberry launches "Jarvis" to secure driverless cars

Cybersecurity in the automotive industry is set to receive a huge boost as a new software hits the market to help the experts to get wind of the lapses on the cars. Blackberry, which has come up with Jarvis, aims to keep the hackers at bay with the software.  

The experts at the North American International Automotive Show say the recently launched software is quite capable to minutely scan the complex automotive cars with a flawed security system. They are of the view that the ongoing schemes of things desperately need a software cybersecurity to discover the lapses if any.

    A car requires a number of components number of components to ensure a foolproof security and these layers and components including the high powered sensors and cameras, in fact, are helping to keep the attackers away from the system.        

The Blackberry promoted Jarvis can help the drivers get wind of security lapses as it would scan the automotive binary code which is available in a self-driving car software.

The Blackberry experts who have promoted the state-of-the-art software are confident that Jarvis has every capability to scan the security system within minutes. There is no need to keep waiting for even a couple of days.   

The experiments are over after Blackberry struck a deal with Jaguar Land Rover for the same. A customized service is available on demand by the automobile companies and these companies are free to go with this software across the software supply system.