Tag Archive for: Reveals

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine

/in


Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari.

The bug, assigned as CVE-2024-23222, stems from a type confusion error, which basically is what happens when an application incorrectly assumes the input it receives is of a certain type without actually validating — or incorrectly validating — that to be the case.

Actively Exploited

Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. “Apple is aware of a report that this issue may have been exploited,” the company’s advisory noted, without offering any further details.

The company has released updated versions of iOS, iPadOS, macOS, iPadOS, and tvOS with additional validation checks to address the vulnerability.

CVE-2024-23222 is the first zero-day vulnerability that Apple has disclosed in WebKit in 2024. Last year, the company disclosed a total of 11 zero-day bugs in the technology — its most ever in a single calendar year. Since 2021, Apple has disclosed a total of 22 WebKit zero-day bugs, highlighting the growing interest in the browser from both researchers and attackers.

In parallel, Apple’s disclosure of the new WebKit zero-day follows on Google’s disclosure last week of a zero-day in Chrome. It marks at least the third time in recent months where both vendors have disclosed zero-days in their respective browsers in close proximity to each other. The trend suggests that researchers and attackers are probing almost equally for flaws in both technologies, likely because Chrome and Safari are also the most widely used browsers.

The Spying Threat

Apple has not disclosed the nature of the exploit activity targeting the newly disclosed zero-day bug. But researchers have reported seeing commercial spyware vendors abusing some of the company’s more recent ones, to drop surveillance software on iPhones of target subjects.

In September 2023, Toronto University’s Citizen Lab warned Apple about two no-click zero-day vulnerabilities in iOS that a vendor of surveillance software had exploited to drop the Predator spyware tool on an iPhone belonging to an employee at a Washington, D.C.-based organization. The same month,…

Source…

Microsoft hacked: Tech company reveals hack by Russia-backed group, Midnight Blizzard, or Nobelium

/in


CHICAGO — Microsoft revealed Friday that some of its corporate email accounts were hacked by a Russian-backed group.

The tech company said in a blog post that its security team detected the attack on Jan. 12 and quickly identified the group responsible: Midnight Blizzard, “the Russian state-sponsored actor also known as Nobelium.”

In late November, the group allegedly used a “password spray attack,” where a user uses a single common password against multiple accounts on the same application, to “compromise a legacy non-production test tenant account and gain a foothold,” according to Microsoft.

The group then “used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the company said.

The hackers allegedly were targeting email accounts for information related to Midnight Blizzard, Microsoft said.

RELATED: Man says fraudulent accounts opened, home purchased in his name after city ransomware hack

Microsoft was able to remove the hacker’s access to the email accounts on Jan. 13, according to a company filing with the SEC.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the company said.

The company said it is in the process of informing its affected users.

The investigation is ongoing.

Copyright © 2024 ABC News Internet Ventures.

Source…

Akira Ransomware Alert! Kaspersky Reveals Global Impact on Windows and Linux

/in


Ransomware

Ransomware, Stealers and Fake Updates – Inside the Evolving Cybercrime Landscape

The online dangers we face are always changing, with cybercriminals coming up with new ways to harm people on the internet. Experts at Kaspersky keep an eye on these threats and study them to help everyone stay safe.

One group at Kaspersky called the Global Research and Analysis Team (GReAT), is focused on understanding and stopping new kinds of malicious software. They’re looking into tricky attacks, like ransomware that works on different devices, viruses that go after Apple computers, and sneaky methods hackers use to trick people, like fake browser alerts. According to Kaspersky’s latest findings, cybercriminals are getting smarter and using more advanced tricks to infect computers without getting caught.

Fake Browser Updates Hide Trojans

One threat uncovered by Kaspersky GReAT researchers is the cunning FakeSG campaign. Legitimate websites are compromised to display fake browser update alerts. Clicking these prompts a file download that seems to update the browser but actually runs hidden malicious scripts. These establish persistence and expose command infrastructure revealing the operation’s sophistication.

Cross-Platform Ransomware Wreaking Havoc

Akira ransomware is the latest threat able to infect both Windows and Linux systems. Within months over 60 organizations globally were impacted, including in retail, manufacturing and education. Akira shares code similarities with Conti ransomware but has an old-school command panel design making analysis trickier. Its cross-platform adaptability shows the broad reach of modern ransomware.

MacOS Malware Joining the Fray

The AMOS information stealer surfaced in April 2023, was sold via Telegram and was initially written in Go before shifting to C code. By deploying malvertising on phishing sites spoofing popular Mac apps, AMOS can infiltrate Apple systems and exfiltrate sensitive user data. This reflects a wider trend of Mac-focused malware moving beyond traditional Windows targets.

Staying Safe in an Evolving Landscape

With cybercriminals rapidly innovating their tools and tactics, end users must be proactive about security. Maintaining device software…

Source…

New Security Study Reveals AutoSpill Vulnerabilities in Android Password Managers

/in


A recent security study conductedresearchers at the International Institute of Information Technology (IIIT) has unveiled a new attack called AutoSpill, which targets Android password managers and can potentially lead to the theft of account credentials. The researchers discovered that most password managers for Android are vulnerable to this attack, even without the use of JavaScript injection.

The attack worksexploiting weaknesses in Android’s WebView framework, which is commonly usedAndroid apps to render web content. Password managers on Android rely on this framework to automatically fill in a user’s account credentials when logging into services like Apple, Facebook, Microsoft, or Google.

The AutoSpill attack is particularly concerning because it allows rogue apps to capture a user’s login credentials without leaving any trace of the compromise. This can lead to unauthorized access to sensitive accounts.

The researchers tested AutoSpill against several password managers on various Android versions and found that 1Password, LastPass, Enpass, Keeper, and Keepass2Android are all susceptible to the attack. However, Google Smart Lock and DashLane follow a different technical approach and are safe from AutoSpill unless JavaScript injection is used.

The AutoSpill vulnerability stems from Android’s failure to clearly define the responsibility for securely handling auto-filled data. This loophole can result in the leakage or capture of sensitive informationthe host app.

The researchers have reported their findings to the affected software vendors and Android’s security team. While the validity of the report has been acknowledged, no details regarding plans for fixing the issue have been shared yet.

In response to the disclosure, password management providers impactedAutoSpill, such as 1Password and LastPass, have assured their users that they are working on fixes to address the vulnerability. They emphasize the importance of user vigilance and explicit actions required for autofill functions.

Users are advised to exercise caution while installing apps and only download from trusted app stores like Google Play. Android developers are also encouraged to implement WebView best…

Source…