Advisory ID: NCC-CSIRT-0512-060
Summary: Over 5.4 million Twitter users' data were exposed due to the discoverability by phone number/email restriction bypass vulnerability that was publicized on a hacker forum.Attackers are exploiting the vulnerability to find a twitter account by its phone number/email even if the user has prohibited this in the privacy settings.
Vulnerable Platform(s):
Twitter social networking platform
Advisory ID: NCC-CSIRT-3011-059
Summary: Maxime Ingrao, an Evina's security researcher discovered a fraudulent Android SMS app called "Symoo" that has over 100,000 downloads on Google Play store. The malicious app discreetly serves as an SMS intermediary for a service that creates accounts on websites including Facebook, Instagram, Telegram, Google, and Instagram. After being installed successfully, the malicious app takes over the victims' devices and creates many OTPs (one-time passwords). Furthermore, the attackers rented out the infected devices as virtual numbers for relaying a one-time passcode used to verify a user while creating new accounts.
Vulnerable Platform(s): Microsoft, Google, Instagram, Telegram, and Facebook.
Read more: A Malicious Android SMS Application Hijacks Victims' Devices Using an SMS Relay.
Advisory ID: NCC-CSIRT-2811-057
Summary: ProxyLife security researcher discovered a new phishing exploit on Windows zero-day vulnerability to drop a Qbot malware without displaying Mark of the Web (MoTW) security warnings. The MoTW is a unique property that Windows adds to files when they are downloaded from an untrusted remote location, such as the Internet or an email attachment. When a user tries to open a file that has a MoTW attribute, Windows will ask them if they are sure they want to access the file by displaying a security warning. Consequently, the malicious QBot malware could be loaded onto a compromised device through the exploit without causing any Windows security alerts.
Vulnerable Platform(s): Windows Operating Systems
Read more: New Phishing Attacks Exploit Windows Zero-Day Vulnerability to Drop Qbot Malware
Advisory ID: NCC-CSIRT-2811-058
Summary: The app is called Todo a day manager which installs a banking trojan malware called Xenomorph which can hijack your login info from banking apps, and can even read your SMS messages.
Vulnerable Platform(s): Android Operating Systems
Advisory ID: NCC-CSIRT-1711-055
Summary: David Schütz, a cybersecurity researcher discovered a lock screen bypass vulnerability on his fully patched Google Pixel 6 and Pixel 5 smartphones. The issue makes it possible for an attacker with physical access to bypass the lock screen security measures (fingerprint, pin, unlocking pattern etc.) and take full control of the device.
Vulnerable Platform(s): Android Operating System
Read more: Lock Screen Bypass Vulnerability on Android Phones
- Somnia Ransomware using Vidar Malware(Vidar Stealer) to give unauthorized access to User Telegram Account/Corporate Account
- Outlook and Thunderbird Email Account Credentials Compromised by the New StrelaStealer Malware
- Xenomorph Trojan Malware Targets Android Banking Applications
- New Variant of BRATA Banking Trojan Infecting Android Devices