9 November 2023
2023
Free Malware Builder for Invicta Stealer Promoted on Facebook
https://cyware.com/news/free-malware-builder-for-invicta-stealer-promoted-on-facebook-dbb4509f
Excerpt:
“Cybersecurity experts have discovered a stealer identified as Invicta Stealer whose creators are extensively active on social media platforms including Facebook and YouTube.”
Tons of Gigabyte motherboards come with a hidden firmware backdoor (Update: Patched)
Michael Crider
Excerpt:
“Eclysium says that the code is meant for Gigabyte to install firmware updates either over the internet or with attached storage on a local network. But according to the researchers, the tool is mostly unsecured, meaning any malicious actor who knows about it can potentially load up their own code on a PC motherboard. The issue was discovered via a Windows startup executable that can install new UEFI firmware, downloading from an unsecured Gigabyte server and installing the software without any signature verification.”
Buhti: New Ransomware Operation Relies on Repurposed Payloads
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Excerpt:
“A relatively new ransomware operation calling itself Buhti appears to be eschewing developing its own payload and is instead utilizing variants of the leaked LockBit and Babuk ransomware families to attack Windows and Linux systems.”
Google launches bug bounty program for its Android applications
Sergiu Gatlan
Excerpt:
“Google has launched the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty program that will pay security researchers for flaws found in the company's Android applications.”
Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected
Ravie Lakshman
https://thehackernews.com/2023/05/active-exploitation-of-tp-link-apache.html?&web_view=true
Excerpt:
“The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.”
China issues report on U.S. CIA’s cyberattacks on other countries
Excerpt:
“China on Thursday released an investigation report revealing an “empire of hackers” of the Central Intelligence Agency (CIA) of the United States, one of the major intelligence agencies of the country’s federal government.”
DeFi Protocol 0VIX Loses Nearly $2M in Flash-Loan Exploit
Oliver Knight
Excerpt:
“Decentralized-finance protocol 0VIX has lost roughly $2 million in a flash-loan exploit, according to on-chain data on Polygon's block explorer.
A total of 1.45 million USDC, along with other tokens, was stolen before being bridged to the Ethereum mainnet on Stargate Finance, where it was eventually swapped for ether (ETH).”
Apple and Google team up to tackle Air Tag stalking
Tom Acres
https://news.sky.com/story/apple-and-google-team-up-to-tackle-airtag-stalking-12871924
Excerpt:
“Devices like AirTags, Tile, Chipolo, and Pebblebee are supposed to be attached to belongings like wallets and bags, but there have been cases of people using them for criminal or malicious purposes - including alleged stalking.”
Cybercriminals use proxies to legitimize fraudulent requests
https://www.helpnetsecurity.com/2023/05/01/malicious-bot-attacks/?web_view=true
Excerpt:
“Bot attacks were previously seen as relatively inconsequential type of online fraud, and that mentality has persisted even as threat actors have gained the ability to cause significant damage to revenue and brand reputation, according to HUMAN.”
T-Mobile discloses second data breach since the start of 2023
Sergiu Gatlan
Excerpt:
“T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023.
Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the amount of exposed information is highly extensive and exposes affected individuals to identity theft and phishing attacks.”
Google Blocks 1.43 Million Malicious Apps, Bans 173,000 Bad Accounts in 2022
Ravie Lakshman
https://thehackernews.com/2023/05/google-blocks-143-million-malicious.html?&web_view=true
Excerpt:
“Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022.
In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions through developer-facing features like Voided Purchases API, Obfuscated Account ID, and Play Integrity API.”
New LOBSHOT malware gives hackers hidden VNC access to Windows devices
Lawrence Abrams
Excerpt:
“A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC.
Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results.”