Details

BleepingComputer

31 August 2023

August 29, 2023 BleepingComputer published A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices.

MMRat was spotted for the first time by Trend Micro in late June 2023, primarily targeting users in Southeast Asia and remaining undetected on antivirus scanning services like VirusTotal.

While the researchers do not know how the malware is initially promoted to victims, they found that MMRat is distributed via websites disguised as official app stores.

The victims download and install the malicious apps that carry MMRat, usually mimicking an official government or a dating app, and grant risky permissions like access to Android's Accessibility service during installation. Read More..

Details

The Hacker News

10 August 2023

August 09, 2023 The Hacker News published Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month.

This comprises six Critical, 67 Important, and one Moderate severity vulnerabilities. Released along with the security improvements are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System Readiness Scan Tool (ADV230004).

The updates are also in addition to 30 issues addressed by Microsoft in its Chromium-based Edge browser since last month's Patch Tuesday edition and one side-channel flaw impacting certain processor models offered by AMD (CVE-2023-20569 or Inception). Read More..

Details

The Hacker News

10 August 2023

August 08, 2023  The Hacker News published The operators associated with the QakBot (aka QBot) malware have set up 15 new command-and-control (C2) servers as of late June 2023.

The findings are a continuation of the malware's infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed that 25% of its C2 servers are only active for a single day.

"QakBot has a history of taking an extended break each summer before returning sometime in September, with this year's spamming activities ceasing around 22 June 2023," the cybersecurity firm said.

"But are the QakBot operators actually on vacation when they aren't spamming, or is this 'break' a time for them to refine and update their infrastructure and tools?" Read More

Details

BleepingComputer

10 August 2023

August 08, 2023 BleepingComputer published Microsoft's Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux, and macOS credential managers.

These tokens are used for integrating with various third-party services and APIs, such as Git, GitHub, and other coding platforms, so stealing them could have significant consequences for a compromised organization's data security, potentially leading to unauthorized system access, data breaches, etc.

The flaw was discovered by Cycode researchers, who reported it to Microsoft along with a working proof-of-concept (PoC) they developed. Yet, the tech giant decided against fixing the issue, as extensions are not expected to be sandboxed from the rest of the environment. Read More...