- Details
- BleepingComputer
August 03, 2023 BleepingComputer published The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will soon include the main executables for Microsoft’s Outlook email client and Access database management system.
The main executable for the Microsoft Publisher application has already been confirmed that it can download payloads from a remote server.
LOLBAS stands for Living-off-the-Land Binaries and Scripts and are typically described as signed files that are either native to the Windows operating system or downloaded from Microsoft.
They are legitimate tools that hackers can abuse during post-exploitation activity to download and/or run payloads without triggering defensive mechanisms. Read More..
- Details
- BleepingComputer
August 03, 2023 BleepingComputer published Microsoft is investigating an issue causing Outlook Desktop to unexpectedly ask users to restore windows closed during a previous session.
Outlook for Microsoft 365 users on affected systems see dialogs with the "Outlook closed while you had items open. Reopen those items from your last session?" prompt.
With Office perpetual versions, in most instances, the Outlook options will not display the feature causing this issue (named "Ask me if I want to restore previous items"), rendering users unable to configure it through the user interface. Read More..
- Details
- The Hacker News
August 03, 2023 The Hacker News published Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users.
"Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News.
While versioning is not a new phenomenon, it's sneaky and hard to detect. In this method, a developer releases an initial version of an app on the Play Store that passes Google's pre-publication checks, but is later updated with a malware component.
This is achieved by pushing an update from an attacker-controlled server to serve malicious code on the end user device using a method called dynamic code loading (DCL), effectively turning the app into a backdoor. Read More..
- Details
- BleepingComputer
August 03, 2023 BleepingComputer published The malicious Rilide Stealer Chrome browser extension has returned in new campaigns targeting crypto users and enterprise employees to steal credentials and crypto wallets.
Rilide is a malicious browser extension for Chromium-based browsers, including Chrome, Edge, Brave, and Opera, that Trustwave SpiderLabs initially discovered in April 2023.
When first discovered, the Rilide browser extension impersonated the legitimate Google Drive extensions to hijack the browser, monitor all user activity, and steal information like email account credentials or cryptocurrency assets. Read More..
- Details
- Bleeping Computers
May 22, 2023 Bleeping Computers news published The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks. The driver seen by Trend Micro is an improved version of the malware known as 'POORTRY' that Microsoft, Mandiant, Sophos, and SentinelOne spotted in ransomware attacks late last year....Read More......
- Microsoft Investigates Slow Windows VPN Speeds After May Updates
- Ongoing Facebook Phishing Campaign Without a Sender and (Almost) Without Links
- New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages
- Microsoft Fixes Windows Bug, Secure Boot Bypass Under Active Attack
- Gmail Gets Blue Verification Checks to Protect Against Spoofing and Phishing