Internal Threats












        SBI cautions against charging your phone at charging stations. India’s largest lender, State Bank of India (SBI)
        has warned customers against charging their phones at charging stations. The bank has advised the customers
        to think twice before plugging-in their phone at charging stations as malwares could infect their smartphone,
        thus in turn getting robbed off all their important data and passwords. Juice jacking, a USB charger scam could
        end up draining your bank account, the bank has warned. Juice jacking is a type of cyber attack involving a
        charging port that doubles as a data connection, typically over USB. This often involves either installing
        malware or surreptitiously copying sensitive data from a smartphone, tablet, or other computer device.
                Source: https://www.livemint.com/money/personal-finance/sbi-cautions-against-charging-your-phone-
                at-charging-stations-11575863675053.html



        New Mac Malware Hides in Memory and Masquerades as a Crypto App. So-called “fileless” malware is
        infecting Mac OS machines by hiding in memory and never touching files or drives. The malware,
        masquerading as a piece of crypto trading software called UnionCryptoTrader.dmg, is suspected to be the
        work of the North Korean hacking group, Lazurus APT. The malware infects Mac OS computers by injecting an
        executable file into the boot process, thereby hiding it from the user and rendering it difficult to remove. The
        executable then looks for various online payloads and runs them in memory, ensuring that anti-virus software
        could miss the malware after reboots and other OS events. Ultimately, there is very little for an anti-virus app
        to find as the payload changes over time and the malware has root privileges on infected machines.

                Source:  https://sg.finance.yahoo.com/news/mac-malware-hides-memory-masquerades-
                203000477.html




        Latest Microsoft Update Patches New Windows 0-Day Under Active Attack. With its latest and last Patch
        Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that
        attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over
        vulnerable computers. Microsoft's December security updates include patches for a total of 36 vulnerabilities,
        where 7 are critical, 27 important, 1 moderate, and one is low in severity—brief information on which you can
        find later in this article. Tracked as CVE-2019-1458 and rated as Important, the newly patched zero-day
        Win32k privilege escalation vulnerability, reported by Kaspersky, was used in Operation WizardOpium attacks
        to gain higher privileges on targeted systems by escaping the Chrome sandbox. Although Google addressed
        the flaw in Chrome 78.0.3904.87 with the release of an emergency update last month after Kaspersky
        disclosed it to the tech giant, hackers are still targeting users who are using vulnerable versions of the browser.
                Source: https://thehackernews.com/2019/12/windows-zero-day-patch.html














                                                    www.accumepartners.com
                                                                                                                    11