Security Month: February 2019
Security updates and vulnerabilities have been a discussion topic in February. For example, security researchers have discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users.
The malware, described as a “Clipper,” masqueraded as a legitimate cryptocurrency application and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to attackers (for further details follow the link).
Meanwhile Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge. If you haven’t yet, you are highly recommended to update your Apple devices with iOS 12.1.4 release, (for further details follow the link).
Microsoft traditionally issued its Patch on Tuesday to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity. As expected, almost each of the listed critical-rated vulnerabilities leads to remote code execution attacks and primarily impact various versions of Windows 10 and Server editions )for further details follow the link). Adobe also addressed its data leakage flow and resolved a total of 71 vulnerabilities in Acrobat and Reader products. One of them has been described as an information disclosure problem that can lead to sensitive data getting leaked (for further details follow the link).
a popular open-source content management system software Drupal that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The vulnerability in question is a critical remote code execution (RCE) flaw in Drupal Core that could “lead to arbitrary PHP code execution in some cases,” the Drupal security team said (for further details follow the link).
Last but not the least Beware Windows users, a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.
Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software released in last 19 years. Windows users are advised to install the latest version of WinRAR as soon as possible and avoid opening files received from unknown sources (for further details follow the link).
As already stated, February was full of security flaw discoveries and patches, in order to stay secure we recommend end-users to keep track of updates and make sure your systems are running latest versions of software.