Friday November 22, 2024

Advisory ID: NCC-CSIRT-2811-057 

Summary: ProxyLife security researcher discovered a new phishing exploit on Windows zero-day vulnerability to drop a Qbot malware without displaying Mark of the Web (MoTW) security warnings. The MoTW is a unique property that Windows adds to files when they are downloaded from an untrusted remote location, such as the Internet or an email attachment. When a user tries to open a file that has a MoTW attribute, Windows will ask them if they are sure they want to access the file by displaying a security warning. Consequently, the malicious QBot malware could be loaded onto a compromised device through the exploit without causing any Windows security alerts.

Vulnerable Platform(s): Windows Operating Systems  

Read more: New Phishing Attacks Exploit Windows Zero-Day Vulnerability to Drop Qbot Malware

Advisory ID: NCC-CSIRT-2811-058 

Summary: The app is called Todo a day manager which installs a banking trojan malware called Xenomorph which can hijack your login info from banking apps, and can even read your SMS messages.

Vulnerable Platform(s): Android Operating Systems

Read more: Todo: Day Manager Installs Banking Trojan Malware (Xenomorph) That Steals Banking Login Details

Advisory ID: NCC-CSIRT-1711-055 

Summary: David Schütz, a cybersecurity researcher discovered a lock screen bypass vulnerability on his fully patched Google Pixel 6 and Pixel 5 smartphones. The issue makes it possible for an attacker with physical access to bypass the lock screen security measures (fingerprint, pin, unlocking pattern etc.) and take full control of the device.

Vulnerable Platform(s): Android Operating System 

Read more: Lock Screen Bypass Vulnerability on Android Phones

Advisory ID: NCC-CSIRT-1811-056

Summary: Ukrainian cyber-experts have discovered a new attack that compromises victims’ VPN(Virtual Private Network) accounts to access and encrypt networked resources. The attack  uses Vidar Malware(Vidar Stealer) to steal Telegram session data, which in the absence of configured two-factor authentication and a passcode, allows unauthorized access to the victim's telegram account and corporate account/network.

Vulnerable Platform(s): IOS, Android, Linux, Mac and Windows Operating Systems

Read more: Somnia Ransomware using Vidar Malware(Vidar Stealer) to give unauthorized access to User Telegram...

Advisory ID: NCC-CSIRT-1114-054

Summary: Cybersecurity analysts at DCSO CyTec, discovered a new variant of StrelaStealer Malware. The malware has been aggressively collecting email account credentials from Outlook and Thunderbird, two popular email clients. 

Vulnerable Platform(s): Email

Read more: Outlook and Thunderbird Email Account Credentials Compromised by the New StrelaStealer Malware

  1. Xenomorph Trojan Malware Targets Android Banking Applications
  2. New Variant of BRATA Banking Trojan Infecting Android Devices
  3. Facebook for Android Friend Acceptance Vulnerability
  4. Beware of Juice Jacking when charging mobile phones at public charging stations

Page 19 of 21