Advisory ID: NCC-CSIRT-130323-015
Summary: Xenomorph is a banking malware that has the capabilities to automatically complete fraudulent transactions on Infected devices from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation.
Vulnerable Platform(s): Andriod Operating Systems
Advisory ID: NCC-CSIRT-0903-014
Summary: Cyber security analysts from ESET discovered a BlackLotusbootkit malware, which can bypass security protections on fully updated Windows 11 systems and persistently infect them.The malware is the first public Unified Extensible Firmware Interface (UEFI, which is a software that connects the operating system with the hardware that runs it). The malware can avoid the Secure Boot mechanism, thus being able to disable security protections that come with the operating system.
Vulnerable Platform(s): Windows Operating System
Threat Type:
- Malware
Product : Google Chrome Browser
Version:
- All versions
Description: According to ESET’s analysis, the developers of the malware have improved it with Secure Boot bypass capabilities that allow it to infect even fully patched Windows 11 systems.Additionally, the malware might be used to damage the memory integrity function, which guards against efforts to hack the Windows Kernel, the BitLocker data protection feature, and the Microsoft Defender antivirus program. Moreover, according to the researchers, the malware can bypass the Secure Boot mechanism by exploiting a Secure Boot Security Feature Bypass Vulnerability.
Consquences: Attackers may have access to the sensitive information of the compromised systems.
Impact/Probability: CRITICAL/HIGH
Solution :
Users should always keep their Windows 11 operating systems and security product up to date.
References:
https://www.securityweek.com/blacklotus-bootkit-can-target-fully-patched-windows-11-systems/
https://www.bleepingcomputer.com/news/security/blacklotus-bootkit-bypasses-uefi-secure-boot-on-patched-windows-11/
Advisory ID: NCC-CSIRT-0603-013
Summary: Google Chrome has been found to have several vulnerabilities that an attacker may use to execute arbitrary code and access sensitive information on the targeted device.
Vulnerable Platform(s): Windows, Mac, and Linux Operating Systems
Advisory ID: NCC-CSIRT-0303-012
Summary: Trellix a security firm published some flaws with iOS 16.3 and macOS 13.2. The firm says they are a part of a new class of bugs that can allow attackers to bypass code signing on macOS and iOS systems. The Vulnerability allows an attacker to execute arbitrary code out of its sandbox or with certain elevated privileges. It also allows a remote user to bypass protections set by Apple and access a user’s personal information.
Vulnerable Platform(s): Apple Operating Systems
Read more: Apple Updates IOS as Security Firm Discloses New Class of Vulnerabilities
Advisory ID: NCC-CSIRT-1702-011
Summary: Microsoft will no longer support Windows 10, version 20H2 for enterprise and education in three months, on May 9, 2023. Therefore, these versions of Windows 10 will no longer be receiving security updates to patch critical vulnerabilitie
Vulnerable Platform(s): Windows Operating Systems
- ESXi Servers Targeted in New Wave of Ransomware Attack via Exploits on Old VMware Patched Vulnerability
- Bitwarden Password Vaults Targeted in Google Ads Phishing Attack to Steal Users' Password Vault Credentials.
- Vulnerability on Facebook Allows Two-Factor Authentication Bypass Via Instagram
- Hackers Spread Malware Using Microsoft OneNote Attachments