Cyber incidents are fast moving and increasing in number and severity. When a cyber incident occurs, the attacked enterprise responds with a set of predetermined actions. Get trending information on exploits, and vulnerabilities every week to help your organisation to be better equipped to avoid being victim of cybercrimes. Anglo African brings you the weekly cyber-attack news wrap-up and remedy tips to support your business to defend against hackers.
A newly discovered Android trojan can sabotage entire Wi-Fi networks and the users who connect to them by accessing the router that an infected device is communicating with and executing a Domain Name System (DNS) hijack attack. According to Kaspersky Lab on Wednesday via its Securelist blog, the malware, named Switcher, uses a compromised Android device to pull up the local router’s admin interface, and then attempts to gain top-level privileges by executing a brute-force attack that guesses commonly used or default log-in credentials.
It’s third time unlucky for the scumbags behind CryptXXX ransomware, as their shoddy coding has been cracked yet again. CryptXXX is a particularly nasty form of the species – a ransomware app that not only encrypts over 40 file formats on a host PC and any external storage devices, but also steals any Bitcoins it can find on there and demands a hefty ransom for a cure.
Hackers had access to protected health information and other information of nearly 400,000 members of Community Health Plan of Washington over a 10-month period, the organization says. The information was held by a server operated by a technology services provider, which was not identified by Community Health Plan. The breach was discovered on November 7 and the server was disabled; members of the plan and the media were notified of the breach on December 20.
Airline booking systems lack basic security checks that would stop attackers changing flight details or stealing rewards, warn experts. The problems emerge because the six-digit codes booking systems use to identify travellers are easy to guess. Two researchers demonstrated the weaknesses by changing a flight booking and seat assignment for a reporter. The security investigators presented their findings at the Chaos Communications Congress in Germany
How to Stay Safe on Public Wi-Fi Networks
Just because most wireless routers have a firewall to protect you from the internet doesn’t mean you’re protected from others connected to the same network. It’s remarkably easy to steal someone’s username and password, or see what they’re doing just by being on the same network. Don’t take that chance.
• Be aware – Public Wi-Fi is inherently insecure – so be cautious.
• Remember – any device could be at risk
Laptops, smartphones, and tablets are all susceptible to the wireless security risks.
• Treat all Wi-Fi links with suspicion
Don’t just assume that the Wi-Fi link is legitimate. It could be a bogus link that has been set up by a cybercriminal that’s trying to capture valuable, personal information from unsuspecting users. Question everything – and don’t connect to an unknown or unrecognized wireless access point.
• Try to verify it’s a legitimate wireless connection
Some bogus links – that have been set up by malicious users – will have a connection name that’s deliberately similar to the coffee shop, hotel, or venue that’s offering free Wi-Fi. If you can speak with an employee at the location that’s providing the public Wi-Fi connection, ask for information about their legitimate Wi-Fi access point – such as the connection’s name and IP address.
• Use a VPN (virtual private network)
By using a VPN when you connect to a public Wi-Fi network, you’ll effectively be using a ‘private tunnel’ that encrypts all of your data that passes through the network. This can help to prevent cybercriminals – that are lurking on the network – from intercepting your data.
• Avoid using specific types of website
It’s a good idea to avoid logging into websites where there’s a chance that cybercriminals could capture your identity, passwords, or personal information – such as social networking sites, online banking services, or any websites that store your credit card information.
• Consider using your cell phone
If you need to access any websites that store or require the input of any sensitive information – including social networking, online shopping, and online banking sites – it may be worthwhile accessing them via your cell phone network, instead of the public Wi-Fi connection.
• Protect your device against cyberattacks
Make sure all of your devices are protected by a rigorous anti-malware and security solution – and ensure that it’s updated as regularly as possible.
• Turn Off Sharing
When you’re at home, you may share files, printers, or even allow remote login from other computers on your network. When you’re on a public network, you’ll want to turn these things off, as anyone can access them—they don’t even need to be a hacker, and depending on your setup, some of that stuff probably isn’t even password protected.
• Enable Your Firewall
Most OSes come with at least a basic firewall nowadays, and it’s a simple step to keeping unwanted local users from poking at your computer.
• Use HTTPS and SSL Whenever Possible
Regular web site connections over HTTP exchange lots of plain text over the wireless network you’re connected to, and someone with the right skills and bad intent can sniff out that traffic very easily. It’s not that big of a deal when the text is some search terms you entered at Lifehacker, but it is a big deal when it’s the password to your email account. Using HTTPS (for visiting web sites) or enabling SSL (when using applications that access the internet, such as an email client) encrypts the data passed back and forth between your
