During the week under review, WhatsApp announced it will impose further restrictions on the number of contacts a user is permitted to forward a message to at once, in latest efforts to fight fake news. It’s expected to reduce the statistics of false news or misinformation on the social media platform. It’s introducing a limit so that these messages can only be forwarded to one chat at a time but legitimate use of the “forward message” feature is not totally affected.
According to WhatsApp, “We’ve seen a significant increase in the amount of forwarding which users have told us can feel overwhelming and can contribute to the spread of misinformation. We believe it’s important to slow the spread of these messages to keep WhatsApp a place for personal conversation.”
Microsoft recently reported that an Emotet malware infection was able to take down an organization’s entire network by bringing its internet connection down to a crawl, and causing computers to overheat and then crash. The infection mechanism was via an employee who was tricked to open a malicious phishing email attachment. Emotet is a Trojan that is primarily spread through spam or phishing emails. The emails may contain familiar branding designed to look like a legitimate email.
Also during the week under review, Microsoft reported that an Emotet malware infection was able to take down an organization’s entire network by bringing its internet connection down to a crawl, and causing computers to overheat and then crash. The infection mechanism was via an employee who was tricked to open a malicious phishing email attachment. Emotet is a Trojan that is primarily spread through spam or phishing emails. The emails may contain familiar branding designed to look like a legitimate email.
During the operation, firewalls and antivirus software were all evaded, but they were eventually able to get rid of the infection after uploading new antivirus signatures. Microsoft recommends using email filtering tools to automatically detect and stop phishing emails that spread Emotet infection, as well as the adoption of multi-factor authentication (MFA) to stop the attackers from taking advantage of stolen credentials.
In a related development, Microsoft recently purchased the old internet domain name Corp.com to protect its corporate customers. Corp.com poses great security risks for Windows-powered machines deployed in corporate networks. Why is Corp.com a security threat? The problem lies in the fact that older Windows versions (like Windows Server 2000) used “Corp” as the default path for the Active Directory. When the Active Directory domain Corp.com attempts to connect to the internet, it overlaps with Corp.com internet domain resulting it what is called ‘namespace collision’. This, in turn, causes the Active Directory domain to send sensitive data to Corp.com internet domain.
This means that whoever owns Corp.com internet domain can potentially control intercepted sensitive private data from hundreds of thousands of Windows computers across the globe. To help in keeping systems protected, customers are advised to practice safe security habits when planning for internal Active Directory domain names.
Lastly, Google finally removed the Android VPN app SuperVPN which has been downloaded over 100 million times from play store after researchers notified it of a critical vulnerability. VPNpro, a company that reviews and advises on VPN products, warned in February of a vulnerability in the product that could cause a man in the middle (MITM) attack, enabling an intruder to insert themselves between the user and the VPN services.
