Details

Cyber Security News

11 March 2024

COM (Component Object Model) hijacking is a technique in which threat actors exploit the core architecture of Windows by adding a new value on a specific registry key related to the COM object.

This allows the threat actors to achieve both persistence and privilege escalation on target systems. However, several malware families have been found to be utilizing this technique to abuse COM objects.

Several samples of these kinds of malware have been discovered by researchers at VirusTotal since 2023. According to the reports shared with Cyber Security News, threat actors also abused several COM objects for persistent access to the compromised systems. Read More..

Details

Cyber Security News

11 March 2024

A recent investigation unveiled a trend of fake trading apps on Google Play and the App Store designed to trick unsuspecting users out of their hard-earned money.

This article delves into the mechanics of these scams, highlighting the urgent need for vigilance among digital finance users. The term “pig-butchering scam” might sound peculiar, but its implications are far from benign.

Originating in Southeast Asia, this scam involves fattening the pig (the victim) by building a relationship and trust over time, only to slaughter it financially in the end.

India has witnessed a significant surge in such scams, with cybercriminals deploying sophisticated social engineering tactics to lure victims into their traps. Read More..

Details

BleepingComputer

11 March 2024

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.

The flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site scripting (XSS) vulnerability impacting Popup Builder versions 4.2.3 and older, which was initially disclosed in November 2023.

Sucuri now reports spotting a new campaign with a notable uptick in the past three weeks, targeting the same vulnerability on the WordPress plugin.

According to PublicWWW results, code injections linked to this latest campaign are to be found in 3,329 WordPress sites, with Sucuri's own scanners detecting 1,170 infections.

A Balada Injector campaign uncovered at the start of the year exploited the particular vulnerability to infect over 6,700 websites, indicating that many site admins hadn't patched quickly enough. Read More..

Details

Cyber Security News

11 March 2024

Two new zero-day vulnerabilities have been discovered in iOS and iPadOS 17.4 versions that could allow threat actors to bypass memory protections and perform arbitrary kernel read and write on the affected devices.

These two vulnerabilities have been assigned with CVE-2024-23225 and CVE-2024-23296. However, Apple has addressed these two vulnerabilities in their recent security advisory and has issued patches for fixing them. Apple also stated that they were aware of the report that threat actors may have exploited these two vulnerabilities in the wild.

This particular vulnerability exists in the iOS kernel due to a memory corruption issue that could allow threat actors to perform arbitrary kernel read and write by bypassing kernel protections. The severity for this vulnerability is yet to be categorised. 

Products affected by this vulnerability include iPhone XS and, later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. Read More..