Cyber Security News Today

"UAC-0099 using WinRAR Exploit to target Ukrainian firms with LONEPAGE Malware."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 24 December 2023, 1439 UTC.

Content and Source:  https://cyware.com/cyber-security-news-articles ("Cyware.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Latest Cybersecurity News And Articles

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The LONEPAGE malware, deployed through phishing messages and malicious attachments, can contact a command-and-control server to retrieve additional payloads and carry out activities like keylogging and stealing screenshots.

ESET Fixed a High-Severity Bug in the Secure Traffic Scanning Feature of Several Products

The vulnerability was due to improper validation of server certificates, allowing browsers to trust sites with certificates signed with outdated algorithms. ESET has released security patches and is not aware of any attacks exploiting this flaw.

Real Estate Agency Exposes Details of 690K Customers in Dubai

The leaked data included personal information such as names, emails, phone numbers, and scanned copies of receipts, checks, contracts, and IDs, increasing the likelihood of targeted scams and unauthorized access to sensitive accounts.

Bandook - A Persistent Threat That Keeps Evolving

Bandook malware, a remote access trojan, has evolved with a new variant that uses a PDF file to distribute its payload and injects it into msinfo32.exe, allowing remote attackers to gain control of infected systems.

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the Predator spyware reveals that it now has the ability to persist between reboots on infected Android systems. Predator, developed by the Intellexa Alliance, is a sophisticated commercial spyware sold on a licensing model.

Ukrainian Hackers Claim Attack on Popular Russian CRM Provider

A group of Ukrainian hackers known as the IT Army claimed responsibility for disrupting the operations of Bitrix24, a Russian provider of customer relationship management (CRM) services.

Online Platform Carousell Violated Hong Kong Privacy Laws, Watchdog Finds

The violation comes after the personal data of over 320,000 local users was discovered being sold on the dark web. Carousell reported the incident last year, attributing it to a loophole exploited by hackers in its system migration process.

Cyber-Espionage Group Cloud Atlas Targets Russian Companies With War-Related Phishing Attacks

The hacker group known as Cloud Atlas has recently targeted a Russian agro-industrial enterprise and a state-owned research company in an espionage campaign. The group, believed to be state-backed, primarily attacks Russia and surrounding countries.

Crypto Drainer Steals $59 Million From 63K People in Twitter Ad Push

The MS Drainer operates through phishing websites, tricking users into approving malicious contracts and transferring their money to the attacker's wallet address without their consent.

Android Banking Trojan Chameleon can Now Bypass Any Biometric Authentication

The Chameleon banking trojan has evolved with new advanced features, including the ability to bypass biometric prompts and display HTML pages for enabling Accessibility Services on Android 13, making it a potent threat to mobile banking security.

Comments

Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.