Advisory ID: NCC-CSIRT-280323-017
Summary: Fraud Prevention firm, Cleafy have dubbed an Andriod banking Trojan named Nexus as a new botnet under the malware-as-a-service (MaaS) business model. Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception.
Vulnerable Platform(s): Android Operating Systems
Read more: Nexus Android Trojan Targeting Financial Applications
Advisory ID: NCC-CSIRT-200323-016
Summary: Hackers employ a sophisticated fake Chrome ChatGPT browser extension to compromise thousands of Facebook accounts, including high-profile business accounts. According to Jai Vijayan, a writer from DarkReading, at least 2,000 victims downloaded the malicious app from Goole Play app store. Successful exploits take advantage of the substantial level of public interest in ChatGPT to spread malware on the compromise systems.
Vulnerable Platform(s): Google Chrome Browser
Advisory ID: NCC-CSIRT-130323-015
Summary: Xenomorph is a banking malware that has the capabilities to automatically complete fraudulent transactions on Infected devices from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation.
Vulnerable Platform(s): Andriod Operating Systems
Advisory ID: NCC-CSIRT-0903-014
Summary: Cyber security analysts from ESET discovered a BlackLotusbootkit malware, which can bypass security protections on fully updated Windows 11 systems and persistently infect them.The malware is the first public Unified Extensible Firmware Interface (UEFI, which is a software that connects the operating system with the hardware that runs it). The malware can avoid the Secure Boot mechanism, thus being able to disable security protections that come with the operating system.
Vulnerable Platform(s): Windows Operating System
Threat Type:
- Malware
Product : Google Chrome Browser
Version:
- All versions
Description: According to ESET’s analysis, the developers of the malware have improved it with Secure Boot bypass capabilities that allow it to infect even fully patched Windows 11 systems.Additionally, the malware might be used to damage the memory integrity function, which guards against efforts to hack the Windows Kernel, the BitLocker data protection feature, and the Microsoft Defender antivirus program. Moreover, according to the researchers, the malware can bypass the Secure Boot mechanism by exploiting a Secure Boot Security Feature Bypass Vulnerability.
Consquences: Attackers may have access to the sensitive information of the compromised systems.
Impact/Probability: CRITICAL/HIGH
Solution :
Users should always keep their Windows 11 operating systems and security product up to date.
References:
https://www.securityweek.com/blacklotus-bootkit-can-target-fully-patched-windows-11-systems/
https://www.bleepingcomputer.com/news/security/blacklotus-bootkit-bypasses-uefi-secure-boot-on-patched-windows-11/
Advisory ID: NCC-CSIRT-0603-013
Summary: Google Chrome has been found to have several vulnerabilities that an attacker may use to execute arbitrary code and access sensitive information on the targeted device.
Vulnerable Platform(s): Windows, Mac, and Linux Operating Systems
- Apple Updates IOS as Security Firm Discloses New Class of Vulnerabilities
- Windows 10 Operating Systems for Enterprise and Education Editions to No Longer Get Support from May 2023
- ESXi Servers Targeted in New Wave of Ransomware Attack via Exploits on Old VMware Patched Vulnerability
- Bitwarden Password Vaults Targeted in Google Ads Phishing Attack to Steal Users' Password Vault Credentials.