Tag Archive for: Alerts

‘Daam’ virus can steal all records from your phone, alerts cyber security agency

/in


New Delhi:An Android malware called ‘Daam’ that infects mobile phones and hacks into sensitive data like call records, contacts, history and camera has been found to be spreading, the national cyber security agency has said in its latest advisory.

The virus is also capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices”, the Indian Computer Emergency Response Team or CERT-In said.

The agency is the federal technology arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults and similar online attacks.

The Android botnet gets distributed through third-party websites or applications downloaded from untrusted/unknown sources, the agency said.

“Once it is placed in the…

Source…

Windows 10 And 11 Security Feature Alerts Bypassed By Attackers

/in


Two zero-day vulnerabilities have been confirmed for Windows 10 and 11 users as the latest Patch Tuesday security update from Microsoft starts rolling out.

CVE-2022-44698 is one of two Zero-Day Windows vulnerabilities that have been fixed in the latest Microsoft Patch Tuesday security update. This vulnerability, which Microsoft confirms it has already detected being exploited, impacts most versions of Windows and sits within the SmartScreen security feature. Mike Walters, vice president of Vulnerability and Threat Research at Action1, warns that this “affects all Windows OS versions starting from Windows 7 and Windows Server 2008 R2. The vulnerability has low complexity. It uses the network vector and requires no privilege escalation.”

Yet another Mark of the Web security issue for Windows users

Specifically, an attacker is able to create a file that can get around the Mark of the Web defense that is essential to features such as the protected view in Microsoft Office, for example. Windows SmartScreen checks for a Mark of the Web zone identifier to determine if the file being executed originates from the internet and, if so, performs a further reputational check. “An attacker with malicious content that would normally provoke a security alert could bypass that notification and thus infect even well-informed users without warning,” Paul Ducklin, writing for the Sophos Naked Security blog, said.

MORE FROM FORBESZero-Day Hackers Breach Samsung Galaxy S22 Twice In 24 HoursBy Davey Winder

Will Dormann, who is credited with disclosing the vulnerability in the Microsoft security update guide, has been warning of numerous Mark of the Web vulnerabilities for the past six months. Only last month, Microsoft patched CVE-2022-41091, which was a Mark of the Web vulnerability, also being actively exploited by attackers.

Microsoft provides confirmed three potential attack scenarios, but doesn’t provide any further detail of which the exploits it has seen in the wild are using. Those three scenarios are as follows:

  • A web-based attack using a malicious website
  • An email, or instant message, attack which…

Source…

NCC-CSIRT alerts Zoom users to software vulnerabilities – ConsumerConnect

/in


*The Nigerian Communications Commission’s Computer Security Incident Response Team advisory informs Zoom users that a remote attacker can exploit vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine

Gbenga Kayode | ConsumerConnect

As part of the telecoms sector regulator’s mandate to consumers, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users of videotelephony platform, Zoom, to install the latest update of the software from its publisher’s official Web site.

The Commission stated that the latest advisory to  users was sequel to the NCC-CSIRT discovery of vulnerabilities that allow a remote attacker to exploit the app.

Mr. Reuben Muoka, Director of Public Affairs at NCC, September 22, 2022, said in advisory issued on Wednesday, NCC-CSIRT had reported that the Indian Computer Emergency Response Team (CERT-In) found several flaws in the Zoom product.

The videoconferencing platform is said to have become popular for virtual meetings in the wake of the Coronavirus (COVID-19) pandemic with over 300 million daily users.

The NCC-CSIRT advisory also noted that “a remote attacker could exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine.”

It further stated that “these vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130.”

According to advisory, a remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees.

“They can also access audio and video feeds from meetings they were not permitted to attend, as well as interrupt other sessions.”

The Commission also explained that successful exploit of these vulnerabilities could allow an unauthorised remote authenticated user to bypass implemented security limitations on the targeted system.

About CSIRT

The Computer Security Incident Response Team (CSIRT) is the telecoms sector cybersecurity incidence centre set up by the NCC to focus on incidents in the…

Source…

NCC-CSIRT issues alerts on Google Chrome Extensions Malware – WorldStage

/in


WorldStage Newsonline– The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has identified five malicious Google Chrome Extensions that surreptitiously track online browser’s activities and steal their data.

According to NCC-CSIRT, the five malicious extensions which the McAfee Mobile Research Team earlier discovered are Netflix Party with 800,000 downloads, Netflix Party 2 with 300,000 downloads, Full Page Screenshot Capture Screenshotting with 200,000 downloads, FlipShope Price Tracker Extension with 80,000 downloads, and AutoBuy Flash Sales with 20,000 downloads.

The NCC-CSIRT said the five Google chrome extensions identified have a high probability and damage potential and have been downloaded more than 1.4 million times and serve as access to steal users’ data. The telecom sector-focused cybersecurity protection team alerted telecom consumers to be cautious when installing any browser extension.

“The users of these chrome extensions are unaware of their invasive functionality and privacy risk. Malicious extensions monitor victims’ visits to e-commerce websites and modify the visitor’s cookie to appear as if they came through a referrer link. Consequently, the extensions’ developers get an affiliate fee for any purchases at electronic shops,” the advisory said.

In addition, the advisory stated that, although the google team removed several browser extensions from its Chrome Web Store, keeping malicious extensions out may be difficult. The NCC-CSIRT, thus, recommended that telecom consumers observe caution when installing any browser extension.

“These include removing all listed extensions from their chrome browser manually. Internet users are to pay close attention to the promptings from their browser extensions, such as the permission to run on any website visited and the data requested before installing it. Although, some extensions are seemingly legit, due to the high number of user downloads, these hazardous add-ons make it imperative for users to ascertain the authenticity of extensions they access,” the advisory stated.

Google Chrome extensions are software programmes that can be…

Source…