Technology

New Android Malware Targeting Brazil’s Itaú Unibanco Bank Customers

Researchers have discovered a new Android banking malware that targets Brazil’s Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. “This application has a similar icon and name that could trick users into thinking it is a legitimate app related to […]

New Android Malware Targeting Brazil’s Itaú Unibanco Bank Customers Read More »

New BLISTER Malware Using Code Signing Certificates to Evade Detection

Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed “Blister” by researchers from Elastic Security, with

New BLISTER Malware Using Code Signing Certificates to Evade Detection Read More »

New Ransomware Variants Flourish Amid Law Enforcement Actions

Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement’s disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. “Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service]

New Ransomware Variants Flourish Amid Law Enforcement Actions Read More »

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security Read More »

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities

Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by nefarious adversaries. “These vulnerabilities, especially Log4Shell, are severe,” the intelligence agencies said in the new guidance. “Sophisticated cyber threat actors

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities Read More »

4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories

A security flaw has been unearthed in Microsoft’s Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. The vulnerability, codenamed “NotLegit,” was reported to the tech giant by Wiz researchers on October 7, 2021,

4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories Read More »

Researchers Disclose Unpatched Vulnerabilities in Microsoft Teams Software

Microsoft said it won’t be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March. The disclosure comes from Berlin-based cybersecurity firm Positive Security, which found that the implementation of the link preview feature was susceptible to a number of issues

Researchers Disclose Unpatched Vulnerabilities in Microsoft Teams Software Read More »

Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers

Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept (PoC) tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw affecting the

Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers Read More »

New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw

A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. “The attachments represent an escalation of the attacker’s abuse of the CVE-2021-40444 bug and demonstrate

New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw Read More »