InfoSec News

Compromised OEM Android platform certificates used to sign malware Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications were utilized by threat actors to sign apps containing malware. [...] via BleepingComputer (author: Sergiu Gatlan)

How to add a credit card as a Bitwarden vault item and why you should Here's why it could be a smart idea to add a credit card as a vault item with the password manager Bitwarden. via Latest stories for ZDNET in Security

Trigona ransomware spotted in increasing attacks worldwide A previously unnamed ransomware has rebranded under the name 'Trigona,' launching a new Tor negotiation site where they accept Monero as ransom payments. [...] via BleepingComputer (author: Lawrence Abrams)

All You Need to Know About Emotet in 2022 For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. via The Hacker News (author: noreply@blogger.com (The Hacker News))

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Google warns: Android 'patch gap' is leaving these smartphones vulnerable to attack Google says it is working with Android smartphone manufacturers to get them to release patches for multiple critical Arm Mali GPU driver bugs. via Latest stories for ZDNET in Security

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka EDK, is an open source implementation of the Unified Extensible Firmware Interface (UEFI), which functions as an interface between the operating system and the firmware embedded in via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New Windows Server updates cause domain controller freezes, restarts Microsoft is investigating LSASS memory leaks (caused by Windows Server updates released during the November Patch Tuesday) that might lead to freezes and restarts on some domain controllers. [...] via BleepingComputer (author: Sergiu Gatlan)

Google rushes out Chrome browser fix for new zero-day flaw Google patches a sandbox escape in Chrome that an attacker can exploit by luring a target to a malicious web page. via Latest stories for ZDNET in Security

Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in the arrests of 975 individuals and the closure of more than 1,600 cases. This comprised two fugitives via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

U.S. govt seizes domains used in 'pig butchering' scams For the first time, the U.S. Department of Justice seized seven domains that hosted websites linked to "pig butchering" scams, where fraudsters trick victims of romance scams into investing in cryptocurrency via fake investment platforms. [...] via BleepingComputer (author: Sergiu Gatlan)

New RansomExx Ransomware Variant Rewritten in the Rust Programming Language The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Police are sending messages to 70,000 people who may have fallen victim to phone scammers A major anti-fraud operation is underway, following an international crackdown on spoofing. via Latest stories for ZDNET in Security

Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

'iSpoof' service dismantled, main operator and 145 users arrested The 'iSpoof' online spoofing service has been dismantled following an international law enforcement investigation that also led to the arrest of 146 people, including the suspected mastermind of the operation. [...] via BleepingComputer (author: Bill Toulas)

Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

34 Russian Hacker Groups Stole Over 50 Million Passwords with Stealer Malware As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised card details is estimated around $5.8 million," Singapore-headquartered Group-IB said in a report shared with The Hacker News. Aside from looting via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft warns: This forgotten open-source web server could let hackers 'silently' gain access to your system Users of affected network gateway appliances likely don't even know their router is running a web server that was discontinued 17 years ago. via Latest stories for ZDNET in Security

Backdoored Chrome extension installed by 200,000 Roblox players Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform. [...] via BleepingComputer (author: Ax Sharma)