Web / Internet Threats















        Researchers Disclose Another SIM Card Attack Possibly Impacting Millions. A new variant of a recently
        disclosed SIM card attack method could expose millions of mobile phones to remote hacking, researchers have
        warned. Earlier this month, cyber telecoms security firm AdaptiveMobile Security disclosed the details of
        Simjacker, an attack method that involves sending specially crafted SMS messages to the targeted mobile
        phone. An attacker could issue commands to conduct various types of activities, including sending SMS
        messages, making phone calls, launching a web browser, and collecting information about the targeted device,
        regardless of operating system and manufacturer. AdaptiveMobile estimated that the attack could work
        against over 1 billion mobile phones considering that the S@T Browser is present on SIM cards provided by
        mobile operators in more than 30 countries.
                Source: https://www.securityweek.com/researchers-disclose-another-sim-card-attack-possibly-
                impacting-millions



        IoT under fire: Kaspersky detects more than 100 million attacks on smart devices in H1 2019. Kaspersky
        honeypots – networks of virtual copies of various internet connected devices and applications – have detected
        105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of the year.
        This figure is seven times more than the number found in H1 2018, when only around 12 million attacks were
        spotted originating from 69,000 IP addresses. Capitalising on weak security of IoT products, cybercriminals are
        intensifying their attempts to create and monetise IoT botnets.

                Source: https://www.itsecurityguru.org/2019/10/15/iot-under-fire-kaspersky-detects-more-than-100-
                million-attacks-on-smart-devices-in-h1-2019/



        Tens of million PCs potentially impacted by a flaw in HP Touchpoint Analytics. Security researchers at
        SafeBreach have discovered that the HP Touchpoint Analytics service is affected by a serious flaw tracked as
        CVE-2019-6333. The vulnerability received a CVSS score of 6.7 (medium severity). The TouchPoint Analytics is a
        service that allows the vendor to anonymously collect diagnostic data about hardware performance, it comes
        pre-installed on most HP PCs.

                Source: https://securityaffairs.co/wordpress/92392/hacking/hp-touchpoint-analytics-flaw.html



        Outlook for Web Bans 38 More File Extensions in Email Attachments. Malware or computer virus can infect
        your computer in several different ways, but one of the most common methods of its delivery is through
        malicious file attachments over emails that execute the malware when you open them. Therefore, to protect
        its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions
        by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook
        on the Web. The list of blocked file extensions currently has 104 entries, including .exe, .url, .com, .cmd, .asp,
        .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh, and more.
                Source: https://thehackernews.com/2019/09/email-attachment-malware.html





                                                    www.accumepartners.com
                                                                                                                    13