Tag Archive for: windows

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows


Jan 15, 2024NewsroomVulnerability / Browser Security

Opera MyFlaw Flaw

Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system.

The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called My Flow that makes it possible to sync messages and files between mobile and desktop devices.

“This is achieved through a controlled browser extension, effectively bypassing the browser’s sandbox and the entire browser process,” the company said in a statement shared with The Hacker News.

The issue impacts both the Opera browser and Opera GX. Following responsible disclosure on November 17, 2023, it was addressed as part of updates shipped on November 22, 2023.

My Flow features a chat-like interface to exchange notes and files, the latter of which can be opened via a web interface, meaning a file can be executed outside of the browser’s security boundaries.

Cybersecurity

It is pre-installed in the browser and facilitated by means of a built-in (or internal) browser extension called “Opera Touch Background,” which is responsible for communicating with its mobile counterpart.

This also means that the extension comes with its own manifest file specifying all the required permissions and its behavior, including a property known as externally_connectable that declares which other web pages and extensions can connect to it.

Opera MyFlaw Flaw

In the case of Opera, the domains that can talk to the extension should match the patterns “*.flow.opera.com” and “.flow.op-test.net” – both controlled by the browser vendor itself.

“This exposes the messaging API to any page that matches the URL patterns you specify,” Google notes in its documentation. “The URL pattern must contain at least a second-level domain.”

Guardio Labs said it was able to unearth a “long-forgotten” version of the My Flow landing page hosted on the domain “web.flow.opera.com” using the urlscan.io website scanner tool.

Opera MyFlaw Bug

“The page itself looks quite the same as the current one in production, but changes lie under the hood: Not only that it…

Source…

This is why we update… Data-thief malware exploits unpatched Windows PCs • The Register


Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.

The malware abuses CVE-2023-36025, which Microsoft patched in November. Specifically, the flaw allows Phemedrone and other malicious software to sidestep protections in Windows that are supposed to help users avoid running hostile code. When Redmond issued a fix, it warned the bug had already been found by miscreants and exploited in the wild. 

Shortly after Microsoft plugged the hole, the patch was reverse-engineered to produce a proof-of-concept exploit. Now that everyone knows how to attack systems using this vulnerability, update your Windows machines to close off this avenue if you haven’t already.

In research published today, Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun detail the Phemedrone info-stealer, including how it works, how it uses CVE-2023-36025 to infect a PC, and how to detect its presence on a network.

We’re told the malware targets a ton of browsers and applications on victims’ PCs, lifting sensitive info from files of interest and sending the data to fraudsters to exploit. These targets include Chromium-based browsers as well as LastPass, KeePass, NordPass, Google Authenticator, Duo Mobile, and Microsoft Authenticator. Phemedrone looks for things like passwords, cookies, and autofill information to exfiltrate; once this data is in the hands of the malware’s operators, it can be used to log into the victims’ online accounts and cause all sorts of damage and strife.

The code also steals files and other user data from several cryptocurrency wallets and messaging apps including Discord and Telegram, and login details for the Steam gaming platform.

In addition it gathers up a bunch of telemetry, including hardware specs, geolocation data, and operating system information, and takes screenshots, sending all of this off to the attackers via Telegram or to a remote command-and-control server.

Miscreants infect victims’ machines with Phemedrone by tricking marks…

Source…

Best antivirus software for Windows PCs 2023: Reviews and best picks


Source…

Akira Ransomware Alert! Kaspersky Reveals Global Impact on Windows and Linux


Ransomware

Ransomware, Stealers and Fake Updates – Inside the Evolving Cybercrime Landscape

The online dangers we face are always changing, with cybercriminals coming up with new ways to harm people on the internet. Experts at Kaspersky keep an eye on these threats and study them to help everyone stay safe.

One group at Kaspersky called the Global Research and Analysis Team (GReAT), is focused on understanding and stopping new kinds of malicious software. They’re looking into tricky attacks, like ransomware that works on different devices, viruses that go after Apple computers, and sneaky methods hackers use to trick people, like fake browser alerts. According to Kaspersky’s latest findings, cybercriminals are getting smarter and using more advanced tricks to infect computers without getting caught.

Fake Browser Updates Hide Trojans

One threat uncovered by Kaspersky GReAT researchers is the cunning FakeSG campaign. Legitimate websites are compromised to display fake browser update alerts. Clicking these prompts a file download that seems to update the browser but actually runs hidden malicious scripts. These establish persistence and expose command infrastructure revealing the operation’s sophistication.

Cross-Platform Ransomware Wreaking Havoc

Akira ransomware is the latest threat able to infect both Windows and Linux systems. Within months over 60 organizations globally were impacted, including in retail, manufacturing and education. Akira shares code similarities with Conti ransomware but has an old-school command panel design making analysis trickier. Its cross-platform adaptability shows the broad reach of modern ransomware.

MacOS Malware Joining the Fray

The AMOS information stealer surfaced in April 2023, was sold via Telegram and was initially written in Go before shifting to C code. By deploying malvertising on phishing sites spoofing popular Mac apps, AMOS can infiltrate Apple systems and exfiltrate sensitive user data. This reflects a wider trend of Mac-focused malware moving beyond traditional Windows targets.

Staying Safe in an Evolving Landscape

With cybercriminals rapidly innovating their tools and tactics, end users must be proactive about security. Maintaining device software…

Source…