- Details
- BleepingComputer
September 09, 2023 BleepingComputer published A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware.
The campaign started in late August 2023, when Microsoft Teams phishing messages were seen being sent by two compromised external Office 365 accounts to other organizations.
These accounts were used to trick other Microsoft Teams users into downloading and opening a ZIP file named "Changes to the vacation schedule." Read More..
- Details
- BleepingComputer
BleepingComputer published A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code.
An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation.
Additionally, the researchers found that numerous websites with millions of visitors, including some Google and Cloudflare portals, store passwords in plaintext within the HTML source code of their web pages, allowing extensions to retrieve them. Read More..
- Details
- BleepingComputer
BleepingComputer published Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight).
The flaw (tracked as CVE-2023-34039) was found by security analysts at ProjectDiscovery Research and patched by VMware on Wednesday with the release of version 6.11.
Successful exploitation enables remote attackers to bypass SSH authentication on unpatched appliances and access the tool's command line interface in low-complexity attacks that don't require user interaction because of what the company describes as "a lack of unique cryptographic key generation. Read More..
- Details
- The Hacker News
The Hacker News published A New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework.
The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month.
Microsoft's container architecture (and by extension, Windows Sandbox) uses what's called a dynamically generated image to separate the file system from each container to the host and at the same time avoid duplication of system files.
It's nothing but an "operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host," thereby bringing down the overall size for a full OS. Read More..
- Details
- BleepingComputer
August 31, 2023 BleepingComputer published Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking group known as GREF.
This malware was previously used to target ethnic minorities in China, but ESET's telemetry shows that this time, the attackers target users in Ukraine, Poland, the Netherlands, Spain, Portugal, Germany, Hong Kong, and the United States.
BadBazaar's capabilities include tracking the device's precise location, stealing call logs and SMS, recording phone calls, taking pictures using the camera, exfiltrating contact lists, and stealing files or databases. Read More..
- Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents
- Hacking Campaign Bruteforces Cisco VPNs to Breach Networks
- New Android MMRat Malware Uses Protobuf Protocol To Steal Your Data
- Microsoft Releases Patches for 74 New Vulnerabilities in August Update
- QakBot Malware Operators Expand C2 Network with 15 New Servers