Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for YoWhatsApp — an in ...

 News

Another WhatsApp modification, known as YoWhatsApp, has turned out to be malicious: it downloads the Triada Trojan to smartphones, which shows ads, secretly subscribes the user to paid content, and steals WhatsApp accounts. How did this happen and what lessons can we learn? Dont feed crocodiles with your hand, or   show more ...

Simple Cybersecurity Rules Probably the most important rule of information security is to reduce your risks. To do this: Dont visit suspicious websites — they may contain malicious ads or be a front for a phishing scam. Dont download hacked versions of programs via torrents. If you do, theres a good chance that cracks will contain a password-stealing Trojan, for example. Dont click on links in e-mails that were sent from unknown addresses, and dont open attachments — there could be all kinds of malware lurking there. You get the idea: being careful goes a long way toward protecting yourself against cyberthreats. At the same time, its still important to keep your antivirus enabled and updated — as insurance in case something happens. Dont tempt fate by doing the online equivalent of walking down a deserted alley late at night. If you apply a little bit of common sense, you can greatly reduce your chances of falling prey to scammers. In addition to the above-listed ways to lower the risk of something bad happening, its worth adding one more: dont download mobile apps from unofficial sources. Google and Apple verify apps before adding them to their stores, so the chances of encountering malware there are slim — albeit still not zero (especially in the case of Google Play). Huawei does the same with its Huawei AppGallery store, although malware has already been found there too. But its much more likely that youll run into malware on open platforms that let you simply download an APK file. Theres another key security rule: dont use unofficial clients for messaging apps. To understand why this is important, lets take a few steps back and look a little more closely at how messaging apps work. Most of them operate according to the client-server model, where the user interacts directly with the client app. Data exchange between client and server occurs through a special protocol. For many messaging apps this protocol is open. This makes it possible to create unofficial modified clients with additional features, such as viewing messages other users have deleted, creating mass mailings, customizing the interface, and so on. So wheres the danger? With official clients, youre entrusting your correspondence only to the creator of the messaging app. When you use an unofficial client, youre entrusting it not only to the developers of the messaging system but also to the developers of the unofficial client app. On top of that, the modified client may be distributed through unofficial sources (which, as we recall, shouldnt be trusted). All these are additional stages where something can go wrong — in other words, there are extra risks. Whats up, Triada Naturally, something did go wrong, repeating the scenario we wrote about last year. To recap: back then, attackers infected the FMWhatsapp mod with a dropper that downloaded a multifunctional Trojan — Triada — onto users devices. This modular Trojan mainly shows ads and signs the user up for paid content. Now, practically the same thing has happened — with the same messaging app but a different unofficial client. This time, the YoWhatsApp mod, also known as YoWA, has been infected. This mod attracts users with expanded privacy options, the ability to transfer files up of to 700 MB, increased speed, and so on. Apparently YoWhatsApp caught the eye of the malware distributors because it has a significant user base. Also, the fact that the mod wasnt allowed on Google Play played into the hands of the criminals. Therefore, users are accustomed to downloading YoWhatsApp from sources of varying degrees of trustworthiness. One of the main distribution channels for the infected version of the mod was advertising in SnapTube, an app for downloading video and audio. SnapTube owners themselves probably didnt even suspect that one of its advertising campaigns was spreading malware. Along with the infected YoWhatsApp, users got a dropper that delivered the Triada Trojan to their device. Unlike last years campaign, this time the dropper wasnt the only thing that came with the Trojan. An additional feature was added to YoWhatsApp that allow intruders to steal the keys required for WhatsApp to operate. These keys are enough to hijack an account and use it to do things like distributing malware or extracting money from the victims contacts. As a result, the user not only loses money — since Triada signs them up for paid subscriptions — but also risks compromising their contacts, to whom the criminals may try to write in the users name. How to protect yourself from malware on Android The best way to fight malware is to avoid situations where you might get it in the first place. In this case, there are three simple rules to follow to protect yourself: Dont download apps from unknown sources. In fact, its a good idea to block the ability to install apps from places other than Google Play on your Android smartphone. Dont install alternative clients for messaging apps. Even if official versions of apps arent always ideal, theyre much more reliable and secure. Use good protection and always keep it enabled. Kaspersky for Android can detect different modifications of the Triada Trojan and other Android malware and block them before they have a chance to wreak havoc. Keep in mind that with the free version of our mobile protection you need to manually run the scan every time you download or install something new. The full version automatically scans every new app.

 Identity Theft, Fraud, Scams

Callback phishing operations are evolving. Recently, scammers used old fake subscriptions lure for the first phase of the attack but switch to helping victims deal with an imaginary infection or hack. In one variation, the attackers send PayPal-themed phishing emails, asking users to check for compromise of their account.

 Malware and Vulnerabilities

Bitdefender has identified a cryptojacking campaign that uses a Microsoft OneDrive DLL Sideloading flaw to gain persistence and run undetected on infected devices. H1 2022 witnessed a 30% surge in cryptojacking instances at 66.7 million. Nevertheless, cryptojacking volumes dropped 96%, 87%, and 78% for the education, healthcare, and government sectors, respectively.

 Malware and Vulnerabilities

As part of its scheduled Patch Tuesday release cycle, Adobe warned the vulnerabilities could expose both Windows and macOS users to arbitrary code execution, arbitrary file system write, security feature bypass, and privilege escalation attacks.

 Companies to Watch

ForgeRock announced that it has entered into a definitive agreement to be acquired by Thoma Bravo, a software investment firm, for $23.25 per share, in an all-cash transaction valued at approximately $2.3 billion.

 Malware and Vulnerabilities

VMware has provided a detailed report on how hacker using Emotet malware is shifting their tactics and command-and-control (C2) infrastructure to escape detection. Since its resurgence, Hackers have come up with several changes in its C2 infrastructure. The malware has launched two new botnet clusters dubbed Epochs 4 and 5, which are leveraged heavily during cyberattacks. 

 Malware and Vulnerabilities

The vulnerability that has been exploited is a Windows COM+ Event System Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain system privileges.

 Security Products & Services

Microsoft announced today that IT admins can now configure any Windows system still receiving security updates to automatically block brute force attacks targeting local administrator accounts via a group policy.

 Incident Response, Learnings

Patient portals, electronic prescriptions and some other IT systems are still unavailable at an undisclosed number of locations in the CommonSpirit Health network, the largest Catholic health system and the second-largest nonprofit US hospital chain.

 Threat Actors

Researcher took the wraps off an APT group named Earth Aughisky that has been targeting Taiwanese through its malware toolsets for over a decade and recently started claiming victims in Japan. The security firm linked the activities of Earth Aughisky to another APT known as Pitty Tiger (aka APT24) due to the use of the same dropper in different attacks that happened between April and August 2014.

 Malware and Vulnerabilities

Based on the bug bounty amounts that Google has paid out, the most severe of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics library that serves as Chrome’s graphics engine.

 Emerging Threats

A new phishing-as-a-service, dubbed Caffeine, was found offering an open registration and customer service support for newbies to help the launch their own campaign. It's a bit pricy but what makes Caffeine subscription 3–5 times costlier than its contemporaries is that it offers anti-detection and anti-analysis systems and customer support services.

 Malware and Vulnerabilities

The relatively new PseudoManuscrypt botnet made some changes to its C2 infrastructure that enabled the threat actors infect nearly 500,000 systems across 40 countries in the past eight months. Previously, Kaspersky had reported a similar technique being used by different malware families such as Socelars, SmokeLoader, and RedLine. 

 Trends, Reports, Analysis

Today, we take a look at the new DDoS trends formed this year as the geopolitical situation in Eastern Europe continue to shape the nature and intensity of DDoS attacks. The first half of the year has witnessed multiple attacks on financial and government institutions. Last month, the LockBit ransomware group claimed to have been working on enhancing its DDoS capabilities.

 Feed

Ubuntu Security Notice 5671-1 - It was discovered that AdvanceCOMP did not properly manage memory of function be_uint32_read under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a   show more ...

denial of service. It was discovered that AdvanceCOMP did not properly manage memory of function adv_png_unfilter_8 under certain circumstances. If a user were tricked into opening a specially crafted PNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 5670-1 - Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code.

 Feed

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server

 Feed

In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000.  Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can get you in no time.  Explore the impact of

 Feed

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections," industrial cybersecurity

 Feed

Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as

 Feed

As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply

 Feed

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first

 Security threats

At UKCyberWeek at the Business Design Centre in London, on 3 & 4 November 2022, I'll be offering practical insight on how computer systems are being targeted, shine some light on mysterious and elusive global crime rings that have made billions of dollars, and describe the lessons that today's organisations should learn about how to protect themselves from attack. Grab your free ticket.

 Denial of Service

Ukraine has seen internet outages this week following renewed missile attacks from Russian forces. With a combination of power cuts and DDoS attacks knocking out telecommunications systems, internet availibility suffered a 35% dip. Read more in my article on the Hot for Security blog.

2022-10
Aggregator history
Wednesday, October 12
SAT
SUN
MON
TUE
WED
THU
FRI
OctoberNovemberDecember