Today in Cybersecurity news, 9 apps were recently removed from the Android app store for dropping a remote access trojan on mobile devices. The apps changed what they download after the evaluation from play-protect to get around vetting mechanisms for bad apps.
Those apps include
Last month, a popular barcode scanner turned rogue with an update after ownership changed hands. The name of that app is ‘Barcode Scanner’ and it was originally authored by Lavabird, but now is updated by The Space Team.
Apple
Apple is not free from issues. Apple released a patch on March 8th for a remote hacking bug for iOS, macOS, watchOS, and safari. The update is available for devices running iOS 14.4, iPadOS 14.4, macOS Big Sur, and watchOS 7.3.1 (Apple Watch Series 3 and later), and as an update to Safari for MacBooks running macOS Catalina and macOS Mojave. If you are not at that version of OS, you should update to the latest.
Maza
A popular online hacking and cybercrime forum named Mazafaka (or Maza) was also hacked. This is a case of hackers getting hacked. Forum member’s usernames, email addresses, and hashed passwords were made public. Three Russian cybercrime forums were also hacked in the past few weeks. The hackers are of course worried that the stolen data may result in helping the authorities’ ability to track them down.
Exchange Zero-Day
There is a lot of news recently about an Exchange mail server zero-day attack. This is a big one and is reported to have affected over 100,000 mail servers worldwide. Mainstream applied patches as soon as they were available.
SolarWinds
There is a lot more news out there, but the one that sticks out is the SolarWinds hack you may have heard about is being blamed on a weak password. Mainstream forces password complexity, but we are still capable of rendering it ineffective. Please be sure you do not use things like Password#123 or J0llyR0g3r! which checks the boxes for complexity but is still easy to guess. If you want to use words as part of your password, make a short sentence with punctuation as opposed to the common substitutions like using 5 instead of S or 1 for l, 0 for O, 3 for E, etc.
You can also check your current password against known passwords from breach data at https://haveibeenpwned.com/Passwords. If your password has been seen in breach data, it will tell you.
Please check your browsers on home machines to make sure they are patched.
Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.
501-801-6706