- Details
- The Hacker News
Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure.
The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023.
"The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar," according to its developer and researcher, who goes by the online alias MrSaighnal. "The target will connect directly to Google." Read More..
- Details
- BleepingComputer
The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, and the previous major version.
CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation (such as low, medium, high, and critical) based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.
It helps prioritize responses to security threats as it provides a consistent way to evaluate vulnerabilities' impact and compare risks across different systems and software. Read More..
- Details
- BleepingComputer
Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices.
Auto Blocker is an opt-in security feature that prevents the side-loading of risky apps (APKs) downloaded from outside the Galaxy Store and Google Play.
This is a measure to protect users from social engineering attacks that convince them to download and install APKs that infect them with malware or spyware. Read More..
- Details
- BleepingComputer
An actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
In less than a month, Prolific Puma has registered thousands of domains, many on the U.S. top-level domain (usTLD), to help with the delivery of phishing, scams, and malware.
Researchers from Infoblox, a DNS-focused security vendor that looks at 70 billion DNS queries daily, first observed Prolific Puma activity six months ago, after detecting a registered domain generation algorithm (RDGA) to create the domain names for the malicious URL shortening service. Read More..
- Details
- BleepingComputer
The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution (RCE) flaw to breach networks and encrypt devices.
The flaw, tracked CVE-2023-46604, is a critical severity (CVSS v3 score: 10.0) RCE allowing attackers to execute arbitrary shell commands by exploiting the serialized class types in the OpenWire protocol.
The security problem was addressed in a security update on October 25, 2023. However, threat monitoring service ShadowServer reported that, as of October 30, there were still 3,329 internet-exposed servers using a version vulnerable to exploitation. Read More..
- Hackers Use Citrix Bleed Flaw in Attacks On Govt Networks Worldwide
- Avast Confirms it Tagged Google App as Malware on Android Phones
- Malicious NuGet Packages Abuse MSBuild to Install Malware
- Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection Misconfigurations
- New ExelaStealer Attack Windows PCs and Steals Private Data