- Details
- BleepingComputer
August 31, 2023 BleepingComputer published Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking group known as GREF.
This malware was previously used to target ethnic minorities in China, but ESET's telemetry shows that this time, the attackers target users in Ukraine, Poland, the Netherlands, Spain, Portugal, Germany, Hong Kong, and the United States.
BadBazaar's capabilities include tracking the device's precise location, stealing call logs and SMS, recording phone calls, taking pictures using the camera, exfiltrating contact lists, and stealing files or databases. Read More..
- Details
- The Hacker News
August 31, 2023 The Hacker News published A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S.
"The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit activities," Trend Micro researchers Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, and Gilbert Sison said.
Active since at least 2020, Earth Estries is said to share tactical overlaps with another nation-state group tracked as FamousSparrow, which was first exposed by ESET in 2021 as exploiting ProxyLogon flaws in Microsoft Exchange Server to penetrate hospitality, government, engineering, and legal sectors. Read More..
- Details
- BleepingComputer
August 30, 2023 BleepingComputer published Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA).
Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access.
Rapid7 security researchers have provided additional insights regarding these incidents in a report published on Tuesday, revealing that attackers have been directing their efforts towards these devices since March of this year in brute force attacks designed to guess the targets' login credentials.” Read More..
- Details
- BleepingComputer
August 29, 2023 BleepingComputer published A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices.
MMRat was spotted for the first time by Trend Micro in late June 2023, primarily targeting users in Southeast Asia and remaining undetected on antivirus scanning services like VirusTotal.
While the researchers do not know how the malware is initially promoted to victims, they found that MMRat is distributed via websites disguised as official app stores.
The victims download and install the malicious apps that carry MMRat, usually mimicking an official government or a dating app, and grant risky permissions like access to Android's Accessibility service during installation. Read More..
- Details
- The Hacker News
August 09, 2023 The Hacker News published Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month.
This comprises six Critical, 67 Important, and one Moderate severity vulnerabilities. Released along with the security improvements are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System Readiness Scan Tool (ADV230004).
The updates are also in addition to 30 issues addressed by Microsoft in its Chromium-based Edge browser since last month's Patch Tuesday edition and one side-channel flaw impacting certain processor models offered by AMD (CVE-2023-20569 or Inception). Read More..
- QakBot Malware Operators Expand C2 Network with 15 New Servers
- Microsoft Visual Studio Code Flaw Lets Extensions Steal Passwords
- Hackers Increasingly Abuse Cloudflare Tunnels for Stealthy Connections
- Google Play Apps with 2.5M Installs Load Ads When Screen's Off
- Hackers can Abuse Microsoft Office Executables to Download Malware