Advisory ID: NCC-CSIRT-1901-005
Summary:
Threat actors are using malicious crafted websites for popular free and open-source applications to promote malicious downloads through advertisements in Google search results. Upon a remote attacker's successful exploitation, an information-stealing malware is distributed, giving the attacker access to the victims' cryptocurrency wallets, cookies, Discord tokens, and saved browsers passwords.
Vulnerable Platform(s):
Google Ads
Advisory ID: NCC-CSIRT-1801-004
Summary: Dawid Potocki, a Polish (Poland) security researcher discovered many MSI motherboards to be affected due to changes in the default UEFI secure boot setting. The setting allows any operating system image to run even if it detects security violations. The issue impacts many Intel and AMD-based MSI (Micro-Star International Co., LTD) motherboards that use a recent firmware update version (version 7C02v3C). Moreover, it affects even the brand-new MSI motherboard models.
Vulnerable Platform(s): Operating Systems
Advisory ID: NCC-CSIRT-1601-003
Summary: There are multiple vulnerabilities in the web-based management interface of Cisco Small Business (SMB) routers that reach end-of-life (the routers no longer receive security updates). Successful exploits of these vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device. Additionally, attackers might intercept, or hijack virtual private network (VPN) and session traffic passing via the device, obtain access to a company's network, or execute malware such as botnet clients, crypto-miners, or other malicious software.
Vulnerable Platform(s): Operating systems
Read more: Critical Vulnerabilities in Small Business End-of-Life Cisco Routers
Advisory ID: NCC-CSIRT-0901-002
Summary:
Cybersecurity analysts at ASEC (South Korea’s cybersecurity emergency response centre), discovered a NetSupport RAT malware being distributed by threat actors from a phishing web site disguised as a popular Pokemon card game. The malware serves as a remote access tool that easily takes control over victims' PCs (Personal Computers). Moreover, the malware may allow the attackers to remotely control the compromised computer’s mouse and keyboard, access the system’s file management and history and even execute commands allowing them to install additional malware.
Vulnerable Platform(s):
Windows Operating System
Read more: Hackers Employ Fake Card Game to Take Over Windows PCs
Advisory ID: NCC-CSIRT-0401-001
Summary: Multiple vulnerabilities were identified in Debian Linux Kernel.
Read more: Multiple Security Vulnerabilities in Linux Kernel
- Vulnerability in Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET could Result to Denial of Service
- Over 300,000 Android Devices Being Attacked with Malware That Compromised Facebook Accounts.
- Exploiting an Acer Laptop Vulnerability to Disable Secure Boot Protection and Install Malware
- Hackers Exploit Discoverability by phone number/email restriction bypass Vulnerability to Steal Users' Data on Twitter