- Details
- The Hacker News
A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks.
The novel method, detailed by Jamf Threat Labs in a report shared with The Hacker News, "shows that if a hacker has already infiltrated your device, they can cause Lockdown Mode to be 'bypassed' when you trigger its activation."
In other words, the goal is to implement Fake Lockdown Mode on a device that's compromised by an attacker through other means, such as unpatched security flaws that can trigger execution of arbitrary code. Read More..
- Details
- BleepingComputer
More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites.
SpyLoan Android threats steal from the device personal data that includes a list of all accounts, device info, call logs, installed apps, calendar events, local Wi-Fi network details, and metadata from images. Researchers say that the risk also extends to contacts list, location data, and text messages. Read More..
- Details
- BleepingComputer
Microsoft provides three more years of Windows Server 2012 Extended Security Updates (ESUs) until October 2026, giving administrators more time to upgrade or migrate to Azure.
The company also prolonged the end date for Windows Server 2012 and extended support by five years to provide customers with additional time to transition to supported versions of Windows Server, even though its mainstream support ended in October 2018.
"You can now get three additional years of Extended Security Updates (ESUs) if you need more time to upgrade and modernize your Windows Server 2012, Windows Server R2, or Windows Embedded Server 2012 R2 on Azure," Microsoft said. Read More..
- Details
- BleepingComputer
A threat group known as Anonymous Sudan claimed that they were the ones who took down Cloudflare's website in a distributed denial-of-service (DDoS) attack.
Cloudflare confirmed that the outage resulted from a DDoS attack that only affected the www.cloudflare.com website without impacting other products or services. The company didn't attribute the attack to a specific threat actor.
"Cloudflare experienced a DDoS attack that caused intermittent connectivity issues to www.cloudflare.com for a few minutes. This DDoS attack did not affect any service or product capability that Cloudflare provides, and no customers were impacted by this incident," Read More..
- Details
- The Hacker News
A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z.
"This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection," Malwarebytes' Jérôme Segura said.
While malvertising campaigns are known to set up replica sites advertising widely-used software, the latest activity marks a deviation in that the website mimics WindowsReport[.]com. Read More..
- Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
- New CVSS 4.0 Vulnerability Severity Rating Standard Released
- Samsung Galaxy Gets New Auto Blocker Anti-Malware
- Massive Cybercrime URL Shortening Service Uncovered Via DNS Data
- HelloKitty Ransomware Now Exploiting Apache ActiveMQ Flaw In Attacks