Cr
ed
it:
Ha
irem
/
Shu
tt
er
stoc
k.
com
12 21 Aug - 3 Sept 2019 Email us your security questions [email protected]
Q
How worried
should we be
about password-
stealing malware?
Matt Jenkins, Twitter
A
According to
Kasp ersky’s
data, the number
of users target ed by
password thieves ro se from
less than 600,000 in the
first half of 2018 to over
Security flawsfound in
Nvidia graphicscards
Five dangerous vulnerabilities,
including one thatcould allow an
attackerto execute maliciouscode
locally, have been discovered in
a host of Nvidia graphics cards.
Anyone who has an Nvidia
GeForce, Quadro orTesla graphics
processing unit(GPU) in their PC
is urgedto update their drivers
immediately, after thecompany
published details of therecently
discovered fla ws.
The most severe vulnerability
involves a flaw in acomponent of
the Windows GPU Display Driver
software. If exploited, itcould allow
an attackerto install malware ona
victim’s machine.Two other flaws
affect DirectX drivers andwould also
let a hackerexecute maliciouscode
or launch a denial-of-serviceattack.
Although the vulnerabilities are
rated ‘highly severe’, an attacker
940,000 during the same
period of 2019.
Password Stealing Ware
(PSW) is a major weapon in
the cybercriminals’ toolkit.
This type of malici ous
softwareuses various
methods to grab data from
your web browser. Often this
information is se nsitive and
includes access details for
online accounts, as well as
financ ial information such as
saved passwords , autofill
data and bank card details.
Someversions of th is type
of malware are designed to
steal browser cookies, files
from specific locations, such
as your desktop, and files
from apps, including
messenger services.
Because we use the
internet to perform so many
everyday tasks, our digi tal
profiles are filling with data.
This makes them lucrativ e
target s for criminals, who
have various waysof making
money from them.
Kasp ersky offers the
following advice to ensure
your passwords and other
creden tials remain se cure:
- Don’t share passwords or
personal information with
friends or fa mily, because
they could unwittingly make
them vulnerable to malware.
Don’t post them on
forums orsocial media
channels either.
- Alwaysinstall upda tes
and product patches to
ensure you’re protected
from the latest thre ats. - Use a reliable securi ty
tool such as Kasp ersky
Password Manage r ( bit.ly/
kaspersky482), which
is designed to securely
stor e passwords and
personal information,
including passports,
driving licences and
bank cards.
News about the latest threats and advice from security experts
Stay Safe Online
SECURITY ALERT! |What’s been bothering us this fortnight
Security Helpdesk|Your questions answered by security specialists
would need physical access to a device,
so they’re less likelyto be a problem than
flaws that can beexploitedremotely.
Security patches that fix the flaws are
available through Nvidia’s Support site
(bit.ly/patches482) and may also be
rolled outby GPU hardware makers.
bit.ly/nvidia
Google finds vulnerability in
Apple’s iMessage app
Securityresearchers are
urging iPhone usersto update
their devices immediately after
vulnerabilitieswere discovered
in Apple’s iMessage messaging app.
Google’s bug-hunting ProjectZero
team found five flaws in iMessage that
could leave iOS devices opento attack.
The researchers said one of the
vulnerabilitieswas so severe that the
only way to rescue a targeted iPhone
would beto delete all the datastored
on the device. Another flawcould be
used to co py files from an iPhone
without theowner’s permission.
Applereleased fixesfor the
vulnerabilities after ProjectZero
reported its findings, but the
researchers said they also flaggeda
sixth problemto Apple, which hadn’t
been patched at the time of writing.
Apple hasn’tcommented on
the specific iMessage flaws, but
the company urges usersto install the
new version of iOS. “Keepingyour
software upto date is one of the
most important thingsyou can do
to maintainyour Apple product’s
security,” it said in astatement.
bit.ly/imessage
Password StealingWare (PSW)
uses various methods to grab data
from your web browser
THIS ISSUE’S EXPERT:
Alexander Eremin,
securityresearcher
at Kaspersky
(www.kaspersky.co.uk)