Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Mortgagae Lender
Cyberattacks CyberCrime Cybersecurity Data Breach Identity Crisis Mortgagae Lender

Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach

 


Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the company will have to spend at least $25 million to repair the problem. 

It has been reported by Mr. Cooper that unknown threats intruded into its network on Oct. 31, causing the network to be immediately and completely shut down. However, the hacker managed to gain access to files that contained sensitive information about both former and current customers as well as co-borrowers despite the quick response protocol that was designed to protect against unauthorized access to customer information. 

It has been determined that cybercriminals have accessed and stolen the personal information of 14.6 million homeowners as a result of a lengthy investigation to determine the extent of the breach. It was disclosed by the financial firm in October that there had been an incident involving its network. 

At first, it was said the incident was isolated and didn't affect the systems or technology of the firm's clients or partners. The mortgage giant revealed that the scope of the cyberattack was much worse than what it had originally believed. 

In a notification filed with the state of California and Maine on Friday, the company revealed that a large number of highly personal records belonging to millions of people were stolen by one or more attackers. He also stated that the hackers had accessed the customers' names, addresses, dates of birth, and phone numbers, as well as their Social Security numbers and bank account numbers as part of the theft. 

It had been reported to Maine's attorney general's office that the hackers had done this. According to Mr. Cooper's previous statements, the customer's banking information is stored by a third-party company and is expected to remain unaffected. 

It has been reported by Mr. Cooper that hackers acquired personal information on nearly all of the company's current and former customers, which was disclosed in a separate filing with federal regulators on Friday. 

According to their website, Mr Cooper claims that there are four million current customers, but it appears that there are actually more, likely due to the historical information shared by the company about mortgage holders that they store on its database. However, Mr Cooper stated that his company has seen no evidence that the stolen data has been used to commit identity theft or fraud; however, he said that it will continue to monitor the dark web for signs that thieves may be sharing, leaking, or misusing the stolen data for other purposes. 

Aside from that, each affected individual will receive a free credit monitoring service for 24 months. Mr Cooper's Breach Scope has Tripled As of September 30, 2023, Mr Cooper had approximately 4.3 million customers as of its website. Based on this number, it is estimated that more than 10 million non-customers were caught up in the breach, thereby extending its scope by more than three times. 

In a breach notice published on the website of the Maine Attorney General's office, it was outlined that victims are not only current customers but also customers in the past. There are four specific types of customers under this category: former customers, current and former sister brand customers, customers of mortgage companies whom Mr. Cooper was a servicing partner for, and customers who were applying for a mortgage through the company. 

Among the sister brands of Mr. Cooper are RightPatch Servicing, Rushmore Servicing, Greenlight Financial Services, and Champion Mortgage, which are all part of the M. Cooper Group. Moreover, the notice noted that those whose loans were acquired or serviced by Nationstar Mortgage LLC or Centex Home Equity may also be affected by the change of ownership. SEC records indicate that Mr. Cooper went into business as Centex Home Equity in 2001, and as Nationstar Mortgage in 2006, both companies servicing its customers as Centex Home Equity.
Read more »
Victoria Court System
Cyber Security Judiciary Ransomware Threat actors Victoria Court System

Records of Crucial Cases May Have Been Compromised by a Cyberattack on Victoria's Court System


Ransomware used to assault Victoria's court system

An independent expert believes that ransomware was used to assault Victoria's court system and that the attack was coordinated by Russian hackers.

According to a representative for Court Services Victoria (CSV), hackers gained access to a portion of the audio-visual archive of the court system. This would imply that hearing records including witness testimony from extremely private situations might have been obtained or pilfered.

To alert those whose court appearances were compromised by hackers, CSV is currently setting up a contact center for those who think they might have been impacted.

Though some hearings from before November may have also been impacted, the recordings came from hearings held between November 1 and December 21. 

Before Christmas break, on December 21, staff members' laptops were locked and warnings stating "YOU HAVE BEEN PWND" were displayed on displays. This was the first indication that the attack had taken place.

Court employees received a message that linked them to a text file with threats from hackers on the publication of files taken from the court system. The message also included instructions on how to retrieve the files from the address on the dark web.

Records from the County Court spanning nearly two months were retrieved.

County Court cases have been most badly impacted, according to a Tuesday morning report from CSV.

All criminal and civil proceedings that were uploaded to the network between November 1 and December 21 might have been viewed, including at least two instances of past and present child sex abuse.

Recordings from the Criminal Division, the Practice Court, the Court of Appeal, and two regional proceedings in November may have been accessed, severely impacting the Supreme Court as well.

One October hearing from the Children's Court might have persisted on the network, but none of the sessions from November or December have been compromised.

Expert: The attack was most likely the product of Russian hackers

Having reviewed the evidence of the attack, independent cyber security expert Robert Potter concluded that the court system was most likely the target of a Russian phishing attack that used Qilin, a commercial ransomware.


Read more »
Technology
AI technology AI-Healthcare system Medical Data Patient Data Technology

Future Health: AI's Impact on Personalised Care in 2024

 



As we dive into the era of incorporating Artificial Intelligence (AI) into healthcare, the medical sector is poised for a profound transformation. AI holds immense potential in healthcare, offering groundbreaking advancements in diagnostics, personalised treatment approaches, and streamlined administrative processes. Casting our gaze forward to 2024, the influence of AI on patient care is increasingly palpable, with the seamless fusion of technology and healthcare charting a collaborative course toward a future marked by synergy. 

AI's influence is particularly notable in diagnostics, where healthcare professionals leverage its ability to interpret intricate health data. Unlike traditional methods, AI systems analyse diverse datasets, providing a more comprehensive understanding of a patient's health. Recent regulatory recommendations from the World Health Organization (WHO) highlight the global recognition of AI's significance in healthcare, emphasising effective integration, patient safety, and data privacy. 

The concept of personalised medicine, tailoring treatments to individual patients, is evolving with AI playing a crucial role. AI's ability to process and analyse diverse patient data, including genetic details and lifestyle factors, is propelling the development of highly individualised treatment plans. This shift marks a pivotal moment in healthcare, promising a future where care is not only more precise but also tailored to the nuanced needs of individuals. 

In the next three years, trends in AI healthcare use cases are expected to shape the industry. Natural Language Processing (NLP) and Conversational AI will aid in symptom checking and triage, while virtual assistants guide patients and improve automated scheduling. Integrating omics data with Electronic Health Records (EHRs) and wearable device data will enhance patient phenotyping. Stringent regulations on AI, particularly in medical devices, are anticipated in the U.S. and Europe. The evolving role of AI in targeted diagnostics and personalised care simplifies data structuring, empowering healthcare professionals to focus on quality care. 

However, the widespread adoption of AI in daily clinical practice poses a critical challenge. The true potential of AI in healthcare can only be realised when medical professionals collaborate with these technologies, leveraging unique human skills and cognitive function. Those embracing this partnership are poised to harness AI's full potential, offering a glimpse into a future defined by advancements and redefined patient care standards. 

As AI reshapes the industry, ethical considerations take centre stage, especially regarding patient data privacy and the potential for algorithmic bias. The World Health Organization's recommendations reinforce the necessity for robust regulatory frameworks to ensure responsible AI use in healthcare. 

While AI brings significant benefits, the crucial role of human oversight cannot be overstated. AI serves as a valuable tool to assist healthcare professionals rather than replace them, with human judgement remaining essential in interpreting AI-generated data and making final treatment decisions. 

The year 2024 signifies a pivotal moment for AI in healthcare, showcasing its evolution from a conceptual idea to a practical tool enhancing patient care. This journey underscores the relentless pursuit of innovation in the medical field. As AI continues to progress, it holds the potential to unlock new dimensions in personalised patient care, making healthcare more efficient, precise, and tailored to individual needs. Challenges accompany this transformative journey, and the healthcare community must navigate them with a steadfast commitment to ethical practices, ensuring that AI integration enhances rather than compromises patient well-being.


Read more »
Xfinity
comcast Data Breach Supply Chain Attack Telecommunication Xfinity

Comcast-Owned Telcom Business 'Xfinity' Suffers Data Breach


Comcast-owned Xfinity has suffered a major data breach, affecting more than 25 million of its customers. 

This intrusion not only demonstrates a risky and expanding practice among hackers, but it has also greatly increased the vulnerability of millions of US-based individuals. In certain cases, the situation is actually a lot worse than one may believe.

According to editor of Scamicide.com, Attorney Steven Weisman, this data breach is significantly dreadful for customers since threat actors were able to access the last four digits of social security numbers of the affected individuals. The first five numbers could easily be figured out by the hackers, as they are based on the owner’s residential address and the location where the card was issued.

“So if a criminal has the last four digits, the first three they can figure out easily, the second set they can get relatively easily, so it puts a lot of people in danger of identity theft,” explained Weisman.

Due to this particular issue of rather uncomplicated identification of social security numbers, the government had started randomizing the numbers in 2011.

Furthermore, these hackers are rather harmful. They introduced their malware in the software that Xfinity bought, rather than really hacking into Xfinity. According to Weisman, they are known as "supply chain" hacks, and their prevalence is significantly on the rise. 

“They put their malware into the legitimate software. A company like Comcast gets some accounting software that they have no reason to think is anyway tainted and bam – the malware is in there and the personal information is stolen,” said Weisman.

In the recent times, these types of data breach are becoming more common. Customers are being asked by Xfinity to check their credit, change their passwords, and sign up for a multi-step verification process after the company announced the incident on its website. Additionally, people ought to routinely check their credit scores and freeze their credit.

About Xfinity

Xfinity is a US-based telecommunications business segment, owned by Comcast Corporation, used in marketing consumer cable television, internet, telephone, and wireless services provided by the company. Xfinty, before being established in 2010 was operating under the common-label of Comcast, where the aforementioned services were marketed.  

Read more »
Zeppelin2
CISA cybersecurity advisory Dark Web FBI malware Online Security Ransomware Threat Zeppelin2

Zeppelin2 Ransomware: An Emerging Menace in the Dark Web Ecosystem

 

In a recent update from an underground online forum, a user is actively promoting the sale of Zeppelin2 ransomware, providing both its source code and a cracked version of its builder tool. This malicious software, known for its destructive capabilities, has garnered the attention of cybersecurity experts and law enforcement agencies globally.

The forum post asserts that the user successfully breached the security measures of the Zeppelin2 builder tool, originally designed for data encryption. The post includes screenshots of the source code, shedding light on the intricate details of the build process and revealing that the ransomware is programmed in Delphi.

The Zeppelin2 ransomware builder tool, being promoted by the threat actor, showcases various features, such as file settings, ransom notes, IP logging, startup commands, task killers, and auto-unlocking busy files. The threat actor underscores the ransomware's capability to comprehensively encrypt files, rendering data recovery impossible without a unique private key held by the attackers.

Upon completing the encryption process, victims are presented with a ransom note declaring the encryption of all their files. The note instructs victims to contact the attackers via email and offers a method for testing the legitimacy of the decryptor by sending a non-valuable file.

Reports indicate that Zeppelin2 ransomware demands ransom payments in Bitcoin, with extortion amounts ranging from several thousand dollars to over a million dollars. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a cybersecurity advisory to address the Zeppelin2 threat.

Zeppelin2, employed by threat actors since 2019 and continuing at least until June 2022, targets various sectors through its ransomware-as-a-service (RaaS) model. These sectors include defense contractors, educational institutions, manufacturers, technology companies, and notably, organizations in the healthcare and medical industries.

The ransomware's modus operandi involves exploiting vulnerabilities such as remote desktop protocol (RDP) exploitation, SonicWall firewall vulnerabilities, and phishing campaigns to gain access to victim networks. Before deploying the Zeppelin2 ransomware, threat actors meticulously map and enumerate the victim's network, identifying critical data enclaves, including cloud storage and network backups.

Consistent with ransomware groups, Zeppelin2 operators exfiltrate sensitive corporate data with the intention of making it accessible to buyers or the public if the victim resists complying with their demands.

Of significance, the FBI has observed instances where Zeppelin2 actors execute their malware multiple times within a victim's network, generating different IDs or file extensions for each attack instance, necessitating multiple unique decryption keys.
Read more »
Ransomware
Artificial Intelligence ChatGPT Cyber Security Cyberattacks CyberCrime Ransomware

Hangzhou's Cybersecurity Breakthrough: How ChatGPT Elevated Ransomware Resolution

 



The Chinese media reported on Thursday that local police have arrested a criminal gang from Hangzhou who are using ChatGPT for program optimization to carry out ransomware attacks for the purpose of extortion. 

An organization in the Shangcheng district of Hangzhou reported the presence of ransomware on its servers on November 20. Thus the company's systems were unable to function normally as a result. The police then began to investigate. 

The attack was first reported by an unidentified company in Hangzhou, the capital of eastern Zhejiang province, which had had its systems blocked by ransomware, according to a report published by the state-run media outlet on Thursday.

According to the hackers, the 20,000 Tether stablecoin that is tied to the US dollar is the price they would charge for restoring access to the site. During the inspection, the local police extracted the Trojan program for analysis and conducted a multidimensional assessment of the virtual currency addresses used by the suspects for extortion, as well as conducting detailed inspections of the affected servers. 

It was ultimately determined that two suspects had been identified due to these actions. It was reported that two suspects were arrested in Beijing in late November and two others in Inner Mongolia in late November, and the accused were said to have "written ransomware versions, optimised the program using ChatGPT, conducted vulnerability scans, gained access to computers through infiltration, implanted ransomware, and carried out extortion" according to the report. 

Two suspects were apprehended in Hohhot, an autonomous region of Inner Mongolia, on November 30, and another two co-criminal suspects were arrested in Beijing on November 30, making a total of four suspects of the gang arrested.

A total of four suspects have been arrested for network security violations. They have all worked for large internet technology companies in the past and have obtained qualifications related to network security. Among their alleged involvement are the writing of the ransomware version, optimisation of programs using ChatGPT, vulnerability scanning, infiltration to obtain permissions, implantation of the ransomware, and extortion through ransomware. 

It is no secret that ransomware attacks are a highly dangerous and widespread hacking method that is closely related to the daily lives of internet users as well as businesses. Ransomware is a type of computer virus that is spread by hackers through email, instant messaging tools, and other means so that they can extort money from their victims by using encryption tools to encrypt files, to disrupt computer functions, as well as to reveal or delete sensitive information about them.

In the wake of this incident, China has highlighted how strictly they resisted foreign-based AI technologies, specifically ChatGPT. ChatGPT has been extremely popular worldwide, but it is not officially available in China because of this incident. In addition to banning this particular AI tool, the Chinese government is also considering extending the ban to all applications containing similar AI programs. 

As part of its efforts to develop and promote its own artificial intelligence technologies, this policy coincides with the government's efforts to develop it. It has gained over 100 million users in a very short period and is now known as Baidu's Ernie Bot, which is similar to ChatGPT in some respects. While OpenAI has spent considerable effort blocking IPs from China, Hong Kong, North Korea, Iran, and other sanctioned markets, determined users have found ways to circumvent these restrictions despite their efforts. 

Generally, they use virtual private networks. These VPNs or virtual private networks (VPNs) will enable them to connect to OpenAI's services in regions where the services are officially available. In addition to ransomware, artificial intelligence is misused in a wide variety of ways. 

Research conducted by Sophos analysts found that, although there are illicit clones of ChatGPT intended for malicious use that have been developed for the purpose of cybercrime, they have not significantly altered the landscape of cybercrime in any substantial way. Although generative AI has been gaining popularity for several years, it is now being deployed more and more in deception. 

Having highlighted the use of voice-cloning technology in scams, Hiya researchers highlight the use of this technology when perpetrators impersonate family members or government officials to defraud their targets. As well, two separate incidents have also served as further evidence that the misuse of artificial intelligence is posing significant challenges. 

A man was arrested by Gansu authorities in May for spreading fake news about a train crash using the ChatGPT app, which allows users to generate and distribute fake news instantly through the application. Six people were arrested in August in Hong Kong for forging identity documents, which ended up being used in loan scams that targeted several banks in the region, using deepfake technology in their attempt to deceive them. One of the hacker's methods for committing crimes that are closely related to the daily activities of individuals and businesses who access the Internet, is engaging in ransomware attacks.
Read more »
Cyber Fraud
Chainlink Crypto Crime Crypto Fraud Crypto Hack Cyber Fraud

"Pink Drainer" Siphons $4.4 Million Chainlink Through Phishing

 

Pink Drainer, the infamous crypto-hacking outfit, has been accused in a highly sophisticated phishing scheme that resulted in the theft of $4.4 million in Chainlink (LINK) tokens. 

This recent cyber crime targeted a single victim who was duped into signing a transaction linked with the 'Increase Approval' feature. 

Pink Drainer exploits 'Increase Approval' function 

The 'Increase Approval' function is a regular method in the cryptocurrency world, allowing users to limit the number of tokens that can be transferred by another wallet. This activity facilitated the illegal transfer of 275,700 LINK tokens in two separate transactions without the victim's knowledge. 

According to Scam Sniffer, a crypto-security website, the tokens were drained in two separate transfers. Initially, 68,925 LINK tokens were routed to a wallet identified by Etherscan as "PinkDrainer: Wallet 2." The remaining 206,775 LINK were sent to a separate address that ended as "E70e." 

ZachXBT, a well-known crypto detective, also revealed that the stolen funds were soon transferred into Ethereum (ETH) and laundered through the eXch service, complicating asset tracking.

Scam Sniffer's investigation verifies the Pink Drainer group's involvement in this theft, although the specific technique employed to trick the victim into allowing the token transfer is unclear.

Scam Sniffer has also discovered at least ten additional scam sites linked to Pink Drainer in the previous 24 hours.

The Pink Drainer syndicate has been linked to incidents involving Evomos, Pika Protocol, and Orbiter Finance. It is also known for high-profile attacks on platforms such as Twitter and Discord. They were also accused earlier this year in a fraud posing as crypto journalists, which resulted in the theft of nearly $3 million from over 1,932 victims. 

According to Dune Analytics' most recent statistics, Pink Drainer's operations have intensified. As of December 19, the total losses suffered by the group amounted to $18.7 million, impacting 9,068 victims.
Read more »
Threats of Technology
Black Basta Ransomware gang cyber attack Ramsomware Threats of Technology

Learn How to Decrypt Black Basta Ransomware Attack Without Paying Ransom

Researchers have created a tool designed to exploit a vulnerability in the Black Basta ransomware, allowing victims to recover their files without succumbing to ransom demands. This decryption tool potentially provides a remedy for individuals who fell victim to Black Basta ransomware attacks between November 2022 and the current month. 

Regrettably, recent intel suggests that the developers of Black Basta identified a flaw in their encryption process about a week ago and swiftly rectified it. As a result, the fix has nullified the effectiveness of the decryption technique against more recent Black Basta attacks. 

Let’s Understand Black Basta Buster Decryptor 

Security Research Labs (SRLabs) successfully leveraged a weakness in the Black Basta ransomware to create a decryptor tool, offering affected companies the ability to retrieve their encrypted files without being compelled to make a ransom payment. The vulnerability identified in the Black Basta ransomware pertained to the XChaCha20 encryption algorithm. 

This particular algorithm encrypts files within targeted systems using an XOR method. "Our analysis suggests that files can be recovered if the plaintext of 64 encrypted bytes is known. Whether a file is fully or partially recoverable depends on the size of the file,"  SRLabs reported.  

Furthermore, it says that "Files below the size of 5000 bytes cannot be recovered. For files between 5000 bytes and 1GB in size, full recovery is possible. For files larger than 1GB, the first 5000 bytes will be lost but the remainder can be recovered." 

What is the Process of Decrypting? 

To unlock files hit by Black Basta ransomware, you need to know a bit of the original content. If your file is small (under 5000 bytes), it is probably gone. But if it is between 5000 bytes and 1GB, you can get it all back. Larger than 1GB? You lose the first bit, but the rest can be saved. 

Black Basta scrambles files using a special code, and there's a hiccup. They reuse part of the code, making certain chunks turn into a key that can unlock the whole file. Good news for big files, like those on virtual machines – even if the ransomware messes with the main stuff, there are tools to fix it. For small files, it might be tough, but if you have an older version without the code mess, there is still hope.

Who is BB Gang?

The Black Basta ransomware gang started its cybercrime activities in April 2022, focusing on double-extortion attacks against businesses. By June of the same year, they teamed up with the QBot malware operation to infiltrate corporate networks using Cobalt Strike for remote access. 

The gang, associated with the FIN7 hacking group, has targeted various organizations, including Capita, the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada. In a recent incident, they attacked the Toronto Public Library, Canada's largest public library system.
Read more »
Windows 11
Cyber Security DLL Search Order Hijacking Exploitation Malicious Code Privilege Escalation Security Bypass Security Joes Threat actors Windows 10 Windows 11

New DLL Search Order Hijacking Variant Evades Windows 10 and 11 Protections

 

Security researchers have outlined a fresh variant of a dynamic link library (DLL) search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and Windows 11.

The new method, disclosed in a report by cybersecurity firm Security Joes and exclusively shared with The Hacker News, exploits executables commonly present in the trusted WinSxS folder, utilizing the classic DLL search order hijacking technique. By doing so, adversaries can avoid the need for elevated privileges when attempting to run malicious code on a compromised system, introducing potentially vulnerable binaries into the attack chain.

DLL search order hijacking involves manipulating the search order used to load DLLs, allowing the execution of malicious payloads for purposes such as defense evasion, persistence, and privilege escalation. This technique targets applications that do not specify the full path to required libraries, relying on a predefined search order to locate DLLs on disk.

Threat actors exploit this behavior by relocating legitimate system binaries into non-standard directories that contain malicious DLLs, named after legitimate ones. This tricks the system into loading the attack code-containing library instead of the authentic one.

The unique aspect introduced by Security Joes focuses on files within the trusted "C:\Windows\WinSxS" folder. WinSxS, short for Windows side-by-side, is a crucial Windows component used for OS customization and updates to ensure compatibility and integrity.

According to Ido Naor, co-founder and CEO of Security Joes, the discovery diverges from traditional cyber attack methods, providing a more subtle and stealthy exploitation technique. The strategy involves identifying vulnerable binaries in the WinSxS folder and combining them with DLL search order hijacking methods. This entails strategically placing a custom DLL with the same name as a legitimate DLL into an actor-controlled directory, triggering code execution when executing a vulnerable file in the WinSxS folder.

Security Joes emphasized the potential for additional binaries in the WinSxS folder susceptible to this DLL search order hijacking, urging organizations to take precautions. They recommended examining parent-child relationships between processes, particularly focusing on trusted binaries, and closely monitoring activities performed by binaries in the WinSxS folder, including network communications and file operations.
Read more »
Technology
Apple Browser Vulnerability Bug Fixes Google Microsoft Technology

Google Patches Around 100 Security Bugs


Updates were released in a frenzy in December as companies like Google and Apple scrambled to release patches in time for the holidays in order to address critical vulnerabilities in their devices.

Giants in enterprise software also released their fair share of fixes; in December, Atlassian and SAP fixed a number of serious bugs. What you should know about the significant updates you may have missed this month is provided here.

iOS for Apple

Apple launched iOS 17.2, a significant point update, in the middle of December. It included 12 security patches along with new features like the Journal app. CVE-2023-42890, a bug in the WebKit browser engine that could allow an attacker to execute code, is one of the issues patched in iOS 17.2.

According to Apple's support page, there is another vulnerability in the iPhone's kernel, identified as CVE-2023-4291, that might allow an app to escape its safe sandbox. In the meantime, code execution may result from two ImageIO vulnerabilities, CVE-2023-42898 and CVE-2023-42899.

According to tests conducted by ZDNET and 9to5Mac, the iOS 17.2 update also implemented a technique to stop a Bluetooth attack using a penetration testing tool called Flipper Zero. An iPhone may experience a barrage of pop-ups and eventually freeze up due to a bothersome denial of service cyberattack.

Along with these updates, Apple also launched tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2, and iOS 16.7.3.

Android by Google

With the fixes for around 100 security problems, the Google Android December Security Bulletin was quite extensive. Two serious Framework vulnerabilities are patched in this update; the most serious of them might result in remote privilege escalation without the requirement for additional privileges. According to Google, user engagement is not required for exploitation.

While CVE-2023-40078 is an elevation of privilege bug with a high impact rating, CVE-2023-40088 is a major hole in the system that could allow for remote code execution.

Additionally, Google has released an update to address CVE-2023-40094, an elevation of privilege vulnerability in its WearOS platform for smart devices. As of this writing, the Pixel Security Bulletin has not been published.

Chrome by Google

Google released an urgent patch for its Chrome browser to cap off a busy December of upgrades in style. The open source WebRTC component contains a heap buffer overflow vulnerability, or CVE-2023-7024, which is the ninth zero-day vulnerability affecting Chrome in 2024. In an advisory, Google stated that is "aware that an exploit for CVE-2023-7024 exists in the wild."

It was not the first update that Google made available in December. In mid-month, the software behemoth also released a Chrome patch to address nine security flaws. Five of the vulnerabilities that were found by outside researchers are classified as high severity. These include four use-after-free problems, a type misunderstanding flaw in V8, and CVE-2023-6702.

Microsoft

More than 30 vulnerabilities, including those that allow remote code execution (RCE), are fixed by Microsoft's December Patch Tuesday. CVE-2023-36019, a spoofing vulnerability in Microsoft Power Platform Connector with a CVSS score of 9.6, is one of the critical solutions. An attacker may be able to deceive the victim by manipulating a malicious link, software, or file. To be compromised, though, you would need to click on a URL that has been carefully constructed.

In the meantime, the Windows MSHTML Platform RCE issue CVE-2023-35628 has a CVSS score of 8.1, making it classified as critical. Microsoft stated that an attacker may take advantage of this vulnerability by sending a specially constructed email that would activate immediately when it is fetched and processed by the Outlook client. This might result in exploitation even before the email is seen in Preview  Pane.
Read more »
malware
Advanced Volatile Threats CyberThreat Cyberthreats Google Google Account malware

Time to Guard : Protect Your Google Account from Advanced Malware

 

In the ever-changing world of cybersecurity, a new type of threat has emerged, causing serious concerns among experts. Advanced malware, like Lumma Stealer, is now capable of doing something particularly alarming – manipulating authentication tokens. These tokens are like secret codes that keep your Google account safe. What makes this threat even scarier is that it can continue to access your Google account even after you've changed your password. In this blog post, we'll explore the details of this evolving danger, shining a light on how it manipulates OAuth 2.0, an important security protocol widely used for secure access to Google-connected accounts. 

Of particular concern is its manipulation of OAuth 2.0, leveraging an undocumented aspect through a technique known as blackboxing. This revelation marks Lumma Stealer as the first malware-as-a-service to employ such a sophisticated method, highlighting the escalating complexity of cyber threats. 

The manipulation of OAuth 2.0 by Lumma Stealer not only poses a technical challenge but also jeopardises the security of Google-related accounts. Despite efforts to seek clarification, Google has yet to comment on this emerging threat, giving Lumma Stealer a distinct advantage in the illicit market. 

In a concerning trend, various malware groups, including Rhadamanthys, RisePro, Meduza, Steal Stealer, and the evolving Eternity Stealer, swiftly adopted Lumma Stealer's exploit. This underscores the urgency for users to update their security practices and stay vigilant against the continuously changing tactics employed by malicious actors. 

This vulnerability traces back to an attacker operating under the pseudonym PRISMA, who unveiled a zero-day exploit in late October. Exploiting this flaw provides the advantage of "session persistence," allowing sustained access even after a password change. The revelation emphasises the widespread impact of the vulnerability across various cyber threats, necessitating urgent user awareness and robust cybersecurity measures. 

The exploitation of this vulnerability extends beyond compromising Google accounts, granting threat actors the ability to manipulate various OAuth-connected services. Pavan Karthick M, a threat researcher at CloudSEK, stresses the serious impact on both individual users and organisations. Once an account is compromised, threat actors can control critical services such as Drive and email login, emphasising the urgent need to fortify defences against the ever-evolving cybersecurity landscape. 

As Lumma Stealer and its counterparts exploit vulnerabilities, it's crucial for users to adopt proactive cybersecurity measures. Regularly updating passwords, enabling two-factor authentication, and staying informed about emerging threats are essential steps in mitigating risks. In the face of advancing cyber threats, staying vigilant and taking proactive steps remain imperative to safeguard our online presence.
Read more »
Subscribe to: Comments (Atom)