Advisory ID: NCC-CSIRT-0702-010
Summary: The France Computer Emergency Response Team (CERT-FR) has discovered a ransomware attack employing a high-severity ESXi (bare metal hypervisor) vulnerability that VMware addressed in February 2021, which might lead to the execution of arbitrary code and encrypts files associated with virtual machines. The attack is targeting Unpatched and unprotected VMware ESXi servers that are exposed to the Internet on port 427 across the world.
Vulnerable Platform(s): VMware ESXi Servers
Advisory ID: NCC-CSIRT-3101-009
Summary: Bitwarden and other password managers (a software application that is used to store and manage the passwords that a user has for various online accounts and security features. It provides a secure access to all the password information with the help of a master password) are being targeted in Google ads phishing campaigns to steal users' password vault credentials by creating phishing Web pages.
Vulnerable Platform(s): Operating Systems
Advisory ID: NCC-CSIRT-0702-008
Summary: Gtm Mänôz, a bug-bounty hunter discovered the lack of rate-limiting issue in Meta's Instagram application programming interface (API) endpoints which could have allowed an attacker to bypass two factor authentication (2FA) on Facebook by confirming the targeted user’s already-confirmed Facebook mobile number using the Meta Accounts Center.
Vulnerable Platform(s): Social Media
Read more: Vulnerability on Facebook Allows Two-Factor Authentication Bypass Via Instagram
Advisory ID: NCC-CSIRT-0202-007
Summary: Attackers use OneNote attachments in phishing emails that infect victims with remote access malware. From samples found by BleepingComputer, the malicious emails pretend to be DHL shipping notifications, invoices, ACH remittance forms, mechanical drawings, and shipping documents. Once installed, this type of malware can spread to install further malware, allows threat actors to remotely access a victim’s device to steal files, saved browser passwords, take screenshots, and in some cases, even record video using webcams.
Vulnerable Platform(s): Windows Operating Systems
Read more: Hackers Spread Malware Using Microsoft OneNote Attachments
Advisory ID: NCC-CSIRT-2601-006
Summary: Ken Gannon, a cybersecurity researcher from NCC Group discovered new vulnerabilities in the Galaxy App Store application on Samsung devices that are running Android 12 and below. Successful exploit could allow local attackers to install malicious applications or execute JavaScript code by launching a specific web page. Furthermore, it allows the malicious applications installed on the same Samsung device to automatically install any application available on the Galaxy App Store without the user’s knowledge.
Vulnerable Platform(s): Samsung Android device
- Google Ads Platform is Misused by Hackers to Promote Malicious Downloads in Search Results
- Changes in Default firmware of UEFI Secure Boot Setting Impacts Several Intel and AMD-Based MSI Motherboards
- Critical Vulnerabilities in Small Business End-of-Life Cisco Routers
- Hackers Employ Fake Card Game to Take Over Windows PCs