Here is a rundown of news and events that happened over the week. Chinese App Uses Android Flaw To Spy On Users, CISA Warns A top US security firm has given the government until May 4 to patch a zero-day vulnerability that allowed e-commerce software to eavesdrop on customers. CVE-2023-20963 was added to CISA’s Known Exploited Vulnerabilities List late last week. After “limited, focused exploitation,” Google patched the high-severity issue last month. Darknet offered dangerous Android apps for $20,000+. CISA claimed the weakness allows attackers to raise privileges on vulnerable systems without user intervention. Last month, Lookout found rogue Pinduoduo…
Author: Olivia William
Cisco Systems has taken steps to enhance the security of its products by releasing a series of updates that fix critical vulnerabilities in its system. These vulnerabilities were identified as being capable of being exploited by attackers, who could then manipulate affected systems to execute arbitrary code. One of the most severe vulnerabilities, CVE-2023-20036, is a command injection flaw found in Cisco Industrial Network Director’s web UI component, which arose due to an incorrect input validation during the uploading of a Device Pack. Furthermore, Cisco resolved a medium-severity vulnerability, CVE-2023-20039, that an attacker with authenticated local access could exploit to…
A ransomware attack affecting several of its systems is being dealt with this week by a New England health insurance company that provides services to over two million people. According to Point32Health, created through the merger of Harvard Pilgrim Health Care and Tufts Health Plan, the ransomware was found on April 17 in systems for “service members, accounts, brokers, and providers.” “After identifying the unauthorized party, we took aggressive steps to contain the threat by taking some of the systems offline. We have informed law enforcement and regulatory agencies, and we are collaborating with outside cybersecurity experts to fully investigate…
Security researchers at Check Point Research (CPR) have released an advisory that details the unique evasion techniques employed by threat actors who rely on the Raspberry Robin malware to avoid detection. In the advisory published on Tuesday, CPR experts explain the novel malware features and provide technical details on how to guard against them. According to CPR security researcher Shavit Yosef, evading anti-debugging techniques and other evasion methods can be quite draining, especially when dealing with the high number and complexity of obfuscation methods used by Raspberry Robin. Yosef’s research seeks to showcase a plethora of evasion methods, along with detailed explanations of…
There is a new “class” of Russian hackers, the UK cyber-agency warns. Due to an increased danger of attacks by state-aligned Russian hackers, the National Cyber Security Centre (NCSC) of the UK is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hackers has developed.” These state-aligned organizations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organizations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature,…
According to MalwareHunterTeam, the LockBit ransomware group is purportedly working on a new variant of malware that may encrypt data on Apple macOS. Although LockBit has traditionally concentrated on Linux and Windows systems, this would be the first instance of malware aiming at Mac devices. The ransomware organization is renowned for its RaaS (ransomware-as-a-service) business, which rents out the ransomware to online criminals in exchange for money. Locker Apple M1 64 is the name of the new malware, and there are separate variants for PPC Macs. Vx-Underground, a site that analyzes malware samples, claims that the latest ransomware, locker Apple…
The Chinese app for e-commerce Pinduoduo is suspected of having used a high-severity Android vulnerability as a zero-day to spy on its users, in line with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). For unpatched Android devices, this security hole in the Android Framework (identified as CVE-2023-20963) enables attackers to increase their privileges without the need for user input. According to CISA, “Android Framework contains an unknown vulnerability that permits privilege escalation after updating an app to a higher Target SDK without the need for additional execution rights.” With security updates published at the beginning of March. Google patched…
Here is catching up on news and events that happened this week in the world of cybersecurity. Estonian National Charged in U.S. for Acquiring Hacking-Tools An Estonian was prosecuted for buying U.S. military and government equipment for Russia. On March 28, 2023, Tallinn detained 45-year-old Andrei Shevlyakov. He faces 18 conspiracy charges and others. If convicted, he may serve 20 years. Shevlyakov is accused of importing critical technology from U.S. corporations through front companies. Russia got them without export restrictions. Defense-system analog-to-digital converters, low-noise pre-scalers, and synthesizers were purchased. Rapid7 Metasploit Pro, a legitimate penetration testing and adversary simulation application,…
After hackers stole the Kodi Foundation’s MyBB forum database, which contained user information and private messages, and made an attempt to sell it online, the organization disclosed the Kodi data breach. Open-source, cross-platform Kodi is a media player, organizer, and streaming suite that allows users to access content from various sources and personalize their viewing. The now-defunct Kodi forum had about 401,000 users who posted 3 million messages covering various topics, including video streaming, suggestions, support, sharing new add-ons, and more. Hackers took the forum database by accessing the Admin interface with the credentials of an inactive staff member, according…
Over the Easter weekend, a well-known manufacturer of high-end yachts for the super-wealthy was the victim of a ransomware assault; however, it is unclear if private client data was taken. German Superyacht-Maker Lürssen, established in 1875, is thought to generate close to €2 billion ($2.2 billion) in annual sales and undoubtedly has an exclusive clientele, making it a prime target for cyber extortionists. A spokesman reportedly said, “In conjunction with internal and external specialists, we quickly initiated all necessary preventive measures and alerted the competent authorities.” The company, which has its headquarters in Bremen, has built several of the largest…
