Thursday November 21, 2024

Details

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z.

"This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection," Malwarebytes' Jérôme Segura said.

While malvertising campaigns are known to set up replica sites advertising widely-used software, the latest activity marks a deviation in that the website mimics WindowsReport[.]com. Read More..

Details

Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure.

The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023.

"The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar," according to its developer and researcher, who goes by the online alias MrSaighnal. "The target will connect directly to Google." Read More..

 

Details

The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, and the previous major version.

CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation (such as low, medium, high, and critical) based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.

It helps prioritize responses to security threats as it provides a consistent way to evaluate vulnerabilities' impact and compare risks across different systems and software. Read More..

Details

Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices.

Auto Blocker is an opt-in security feature that prevents the side-loading of risky apps (APKs) downloaded from outside the Galaxy Store and Google Play.

This is a measure to protect users from social engineering attacks that convince them to download and install APKs that infect them with malware or spyware. Read More..

Details

An actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.

In less than a month, Prolific Puma has registered thousands of domains, many on the U.S. top-level domain (usTLD), to help with the delivery of phishing, scams, and malware.

Researchers from Infoblox, a DNS-focused security vendor that looks at 70 billion DNS queries daily, first observed Prolific Puma activity six months ago, after detecting a registered domain generation algorithm (RDGA) to create the domain names for the malicious URL shortening service. Read More..

  1. HelloKitty Ransomware Now Exploiting Apache ActiveMQ Flaw In Attacks
  2. Hackers Use Citrix Bleed Flaw in Attacks On Govt Networks Worldwide
  3. Avast Confirms it Tagged Google App as Malware on Android Phones
  4. Malicious NuGet Packages Abuse MSBuild to Install Malware
  5. Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection Misconfigurations

Page 12 of 30