Advisory ID: NCC-CSIRT-0202-007
Summary: Attackers use OneNote attachments in phishing emails that infect victims with remote access malware. From samples found by BleepingComputer, the malicious emails pretend to be DHL shipping notifications, invoices, ACH remittance forms, mechanical drawings, and shipping documents. Once installed, this type of malware can spread to install further malware, allows threat actors to remotely access a victim’s device to steal files, saved browser passwords, take screenshots, and in some cases, even record video using webcams.
Vulnerable Platform(s): Windows Operating Systems
Read more: Hackers Spread Malware Using Microsoft OneNote Attachments
Advisory ID: NCC-CSIRT-2601-006
Summary: Ken Gannon, a cybersecurity researcher from NCC Group discovered new vulnerabilities in the Galaxy App Store application on Samsung devices that are running Android 12 and below. Successful exploit could allow local attackers to install malicious applications or execute JavaScript code by launching a specific web page. Furthermore, it allows the malicious applications installed on the same Samsung device to automatically install any application available on the Galaxy App Store without the user’s knowledge.
Vulnerable Platform(s): Samsung Android device
Advisory ID: NCC-CSIRT-1901-005
Summary:
Threat actors are using malicious crafted websites for popular free and open-source applications to promote malicious downloads through advertisements in Google search results. Upon a remote attacker's successful exploitation, an information-stealing malware is distributed, giving the attacker access to the victims' cryptocurrency wallets, cookies, Discord tokens, and saved browsers passwords.
Vulnerable Platform(s):
Google Ads
Advisory ID: NCC-CSIRT-1801-004
Summary: Dawid Potocki, a Polish (Poland) security researcher discovered many MSI motherboards to be affected due to changes in the default UEFI secure boot setting. The setting allows any operating system image to run even if it detects security violations. The issue impacts many Intel and AMD-based MSI (Micro-Star International Co., LTD) motherboards that use a recent firmware update version (version 7C02v3C). Moreover, it affects even the brand-new MSI motherboard models.
Vulnerable Platform(s): Operating Systems
Advisory ID: NCC-CSIRT-1601-003
Summary: There are multiple vulnerabilities in the web-based management interface of Cisco Small Business (SMB) routers that reach end-of-life (the routers no longer receive security updates). Successful exploits of these vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device. Additionally, attackers might intercept, or hijack virtual private network (VPN) and session traffic passing via the device, obtain access to a company's network, or execute malware such as botnet clients, crypto-miners, or other malicious software.
Vulnerable Platform(s): Operating systems
Read more: Critical Vulnerabilities in Small Business End-of-Life Cisco Routers
- Hackers Employ Fake Card Game to Take Over Windows PCs
- Multiple Security Vulnerabilities in Linux Kernel
- Vulnerability in Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET could Result to Denial of Service
- Over 300,000 Android Devices Being Attacked with Malware That Compromised Facebook Accounts.