The Project Zero team at Google has recently found and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets, which are mainly used in:- Mobile devices Wearables Automobiles Among the 18 zero-day vulnerabilities, four vulnerabilities were classified as the most serious, as they enabled remote code execution (RCE) over the internet to the baseband. Project Zero researchers conducted tests that confirmed that the four vulnerabilities could be exploited remotely by an attacker in order to compromise a phone’s baseband without requiring any user interaction on the attacker’s part and with only the attacker knowing the victim’s phone number as the only condition. In order to pull off the attack, all that is necessary is the victim’s phone number in order to get the job done. Moreover, it’s also possible for experienced attackers to effortlessly create exploits to remotely breach vulnerable devices without alerting the targets. Affected Devices Samsung Semiconductor announced in

  Mandiant recently reported that a group of hackers originating from China utilized a vulnerability within FortiOS SSL-VPN that had only recently been discovered, and marked as a zero-day exploit, in December. The hackers targeted both a government organization in Europe and an African-based managed service provider with a new, specifically designed malware called ‘BOLDMOVE’ that is capable of infecting both Linux and Windows operating systems. The vulnerability, designated as CVE-2022-42475, was addressed by Fortinet in November without any public announcement. However, in December, Fortinet made the vulnerability publicly known and urged their customers to take action in patching their devices, as it had been discovered that malicious actors were actively taking advantage of the flaw. It was only recently that Fortinet provided further insights into how the vulnerability was exploited. They revealed that malicious actors had been targeting government organizations by utilizing custo

A new report from Tenable, a Columbia, Maryland-based cybersecurity firm, outlined an emerging threat related to NETGEAR and TP-Link routers. According to Tenable research, both TP-Link and NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event . For your information, Pwn2Own is a computer hacking competition held yearly at the CanSecWest security conference since 2007.   According to researchers, the NETGEAR Nighthawk WiFi6 Router (RAX30 AX2400 series) was to be included in the bug-finding contest at Pwn2Own . Just one day before the deadline for registering for the contest, the company identified a flaw that invalidated their submission and had to issue a patch urgently. What was the Issue? According to a blog post published by cybersecurity experts at Tenable, network misconfiguration was identified in NETGEAR Nighthawk router versions released before 1.0.9.90. These devices, by default, feature IPv6 for the WAN inter

The Threat Research Unit at Qualys’ has revealed how a new Linux flaw tracked as (CVE-2022-3328 ),  may be combined with two other, seemingly insignificant flaws to gain full root rights on a compromised system. The Linux snap-confine function, a SUID-root program installed by default on Ubuntu, is where the vulnerability is located. The snap-confine program is used internally by snapd to construct the execution environment for snap applications, an internal tool for confining snappy applications. Linux Flaw Let Attackers Gain Full Root Privilege The newly discovered flaw , tracked as  CVE-2022-3328 , is a race condition in Snapd, a Canonical-developed tool used for the Snap software packaging and deployment system.  The issue specifically affects the ‘snap-confine’ tool that Snapd uses to build the environment in which Snap applications are executed. “In February 2022, Qualys Threat Research Unit (TRU) published CVE-2021-44731 in our “Lemmings” advisory. The vulnerability

Google released new security updates for actively exploited Chrome zero-day vulnerability that allows attackers to execute an arbitrary code to take full control of the system remotely using the exploit that exists in the Wild. A Stable chennal update was released for the Desktop version 108.0.5359.94 for Mac and Linux and 108.0.5359.94/.95 for Windows. As part of this emergency security update, Google has patched the ninth zero-day vulnerability in the Chrome web browser this year in 2022. Type Confusion in V8 vulnerability ( High CVE-2022-4262 ) was reported by Clement Lecigne of Google’s Threat Analysis Group on 2022-11-29. Vulnerability Details: A high-severity type Confusion vulnerability in  the V8 Javascript engine  affects all the chrome versions that allow attackers to exploit the bug remotely by executing arbitrary code. Successful exploitation of this zero-day bug leads to crashes of the browser by reading or writing memory out of buffer bounds.

Twitter logged out some users after addressing a bug where some Twitter accounts remained logged on some mobile devices after voluntary password resets. "That means that if you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed. Web sessions were not affected and were closed appropriately," Twitter explained .   Image: Twitter There are some potential privacy risks for Twitter users who were affected by this bug, including having their accounts accessed by others who got their hands on devices that remained logged in without the user's knowledge. Because of this, the company reached out to those who might have been impacted and logged them out of their accounts on all active sessions across all devices. "We have directly informed the people we were able to identify who may have been affected by this, proactively logged them out of open sessions across devices, and prom

Security firm WordFence has warned of an actively exploited vulnerability in a widely-used WordPress plugin that could leave websites totally exposed to hackers. WPGateway is a paid plugin that gives WordPress users the ability to manage their website from a centralised dashboard. The flaw, designated CVE-2022-3180 , allows for threat actors to add their own profile with administrator access to the dashboard, and completely take over a victim’s website. Image: WordPress WordFence, which provides a firewall service for WordPress websites, released a rule to block the exploit for paying customers on its Premium, Care and Response packages ($99, $490 and $950 per year respectively). However, customers using its free package will not receive protection against attacks until October 8, which could leave small or medium businesses exposed. For a business, total website takoever could lead to the exfiltration of sensitive financial information or simply lead to the destruction of

A dangerous malware variant called "Amadey Bot" that has been largely dormant for the past two years has surfaced again with new features that make it stealthier, more persistent, and much more dangerous than previous versions — including antivirus bypasses. Amadey Bot first appeared in 2018 and is primarily designed to steal data from infected systems. However, various threat actors — such as Russia's infamous TA505 advanced persistent threat (APT) group — have also used it to distribute other malicious payloads, including GandCrab ransomware and the FlawedAmmy remote access Trojan (RAT), making it a threat for enterprise organizations. Previously, threat actors used the Fallout and RIG exploit kits, as well as the AZORult infostealer, to distribute Amadey. But researchers at South Korea's AhnLab recently spotted the new variant being installed on systems via SmokeLoader , a malware dropper that attackers have been using since at least 2011. Smoke & Mirrors Resea

Research reveals that around 80% of all malware attacks used MS Office flaws. Atlas VPN has shared its findings for Q1 2022, in which the company revealed startling stats about Microsoft Office. Reportedly, Microsoft Office has become the most commonly exploited software in  malware attacks . It is a fact that most Microsoft Office security flaws are publicly known which makes it easy for cybercriminals to exploit them. On the other hand, because most users ignore essential software updates, scammers can easily inject malicious code after exploiting security loopholes. CVE-2018-0802 CVE-2017-8570 CVE-2017-11882 According to researchers, some Microsoft Office vulnerabilities are being exploited more than others. These include the following: These flaws allow system infection, execute commands autonomically, and spread malware infection including the nasty Cobalt Strike one. Despite that security updates are available for these vulnerabilities, these still top the list of most exploited

Google pulled 60 malware-infected apps from its Play Store, installed by more than 3.3 million punters, that can be used for all kinds of criminal activities including credential theft, spying and even stealing money from victims. Zscaler's ThreatLabZ and security researcher Maxime Ingrao from fraud protection firm Evina discovered the downloader apps stuffed with software nasties including Joker, Facestealer, Coper, and Autolycos malware — the latter is a new family, according to Ingrao, who named and discovered Autolycos in eight different apps with more than three million downloads to Android devices. The new malware strain, similar to Joker, steals SMS messages when downloaded and also unwittingly subscribes users to — and charges them for using — premium wireless application protocol services, Ingrao tweeted. Found new family of malware that subscribe to premium services 👀 8 applications since June 2021, 2 apps always in Play Store, +3M installs 💀💀 No webview like #Joke

A severe security bug existed in the AWS IAM Authenticator for Kubernetes. Exploiting this vulnerability could allow an adversary to gain elevated privileges on target Kubernetes clusters. Also, an attacker could impersonate other users. Thankfully, the bug received a fix before exploitation in the wild. AWS IAM Authenticator for Kubernetes Bug As elaborated in a recent blog post, the security researcher Gafnit Amiga from Lightspin found a severe authentication bypass bug in AWS IAM Authenticator for Kubernetes. IAM Authenticator is a dedicated authenticator that Amazon Elastic Kubernetes Service (Amazon EKS) uses to provide authentication to the Kubernetes cluster. This IAM authenticator is located inside the cluster’s control and authenticates users via IAM identities like users and roles. The researcher analyzed this component and found several vulnerabilities that could allow authentication bypass. The bugs negated any protection against replay attacks. Also, they enabled the adver

A threat actor has been spotted targeting Industrial Control Systems (ICS) to create a botnet network. The attacker is doing so by promoting password-cracking software for PLCs and HMIs via multiple social media accounts. What's happening in the campaign? The campaign offers to unlock PLC and HMI terminals from Automation Direct, Siemens, Fuji Electric, Mitsubishi, Weintek, ABB, and more. Researchers at Dragos have examined one specific incident affecting DirectLogic PLCs from Automation Direct, in which the infected software—not a crack—abused a known vulnerability in the device to steal the password. The exploit (CVE-2022-2003) used by the malicious program was only limited to serial-only communications. This requires a direct serial connection from an Engineering Workstation (EWS) to the PLC. In the background, the tool drops a malware that creates a peer-to-peer botnet for different tasks, named Sality. Let's talk about Sality Sality is an old malware that requires a distri