Google removed one of its Top 20 most popular Android apps from the Play Store after an investigation from Pentest, a UK-based cyber-security firm who discovered that the application violated the Mountain View-based giant’s policies by showing a deceptive behavior. Pentest’s engineers found that the app requested more permissions than its native behavior needed.
A dangerous new ransomware variant based on the Locky ransomware has security experts worried. The Zepto malware has been carried in nearly 140,000 spam messages sent over four days last week. The ransomware appears to have Locky’s capabilities which could make it one of the more dangerous encryption lockers in circulation. Locky is a dangerous as-yet unbroken ransomware that helped the authors of the Nuclear exploit kit to score US$12 million in revenue from 1.8 million attacks cast over one month.
Makers of popular PDF reader Foxit have patched 12 dangerous vulnerabilities that could have resulted in remote code execution. Some 400 million users run the flagship reader billed as an alternative to Adobe Reader. Users would need to be conned into opening a malicious PDF with Foxit Reader or PhantomPDF in order to be compromised using the vulnerabilities.
Preventive measures to protect a business or individual from hackers:
Almost daily, hackers target major institutions, including banks, health care providers and government entities. These hackers represent nation-states, foreign and domestic competitors, and individuals simply looking for a thrill.
While there is no one-size-fits-all solution, there are precautions everyone can take to lessen the risk of attacks and to make it as difficult as possible for a thief to steal your private data:
- Regularly updating your anti-virus software and applications.
- Avoiding use of public Wi-Fi networks, which are target-rich for cyberthieves.
- Turning off your devices when not in use.
- Regularly changing passwords using a mix of 20 or more characters and dedicated passwords for each site you frequent.
- Recognizing and avoiding phishing scams and other malware intrusions.
- Installing dual-factor authentication/tokens, biometric solutions (e.g., fingerprint, facial recognition and iris scanning software) and other data encryption software onto electronic devices.
- Getting a security audit or risk assessment by an ethical hacker who can point out areas of vulnerability.
- Backing up your files onto the cloud or external drive.
- Preparing a strategy in advance to respond to a breach and conduct a root-cause analysis.