Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

January 20, 2023

www.hackerzhome.org

Friday

A new Android spyware called "Hook" allows hackers to remotely manipulate your phone

Cybercriminals are marketing a new Android spyware called “Hook,” claiming it can remotely control mobile devices in real-time using VNC (virtual network computing).

The developer of Ermac, an Android banking trojan that costs $5,000/month and aids threat actors in stealing passwords from over 467 banking and cryptocurrency apps via overlapping login screens, is promoting the new infection.

Despite having a number of additional functionalities over Ermac, Hook’s creator claims that the new malware was entirely created from scratch. However, researchers at ThreatFabric doubt this assertion and find significant code parallels between the two families.

Hook differs from Ermac in that it adds WebSocket connectivity as a new feature in addition to the HTTP traffic that Ermac only uses. AES-256-CBC is still being used to encrypt the network traffic.

The “VNC” module, which enables threat actors to interact with the hijacked device’s user interface in real-time, is the addition that stands out the most.

Another noteworthy command discovered by ThreatFabric relates to WhatsApp, which enables Hook to record all communications made over the well-known IM program and even permits the operators to write messages using the victim’s account.

NEWS 1
A new Android spyware called Hook allows hackers to remotely manipulate your phone

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

37 million accounts' data were stolen from T-Mobile in a data breach via APIs

T-Mobile announced a new data breach after a threat actor used one of its Application Programming Interfaces to steal personal data from 37 million active postpaid and prepaid customer accounts (APIs).

A software interface or mechanism known as an API is frequently used by programs or computers to communicate with one another.

Many online web services use APIs so that, as long as the proper authentication tokens are passed, their online apps or external partners can get internal data.

On Thursday, T-Mobile disclosed that the hacker began accessing the vulnerable API to steal data around November 25, 2022. On January 5, 2023, the mobile carrier discovered the malicious behavior and one day later blocked the attacker’s access to the API.

According to the organization, the API that was misused in this security compromise did not give the attacker access to the affected customers’ social security numbers, tax identification numbers, passwords, PINs, payment card information (PCI), or other financial account information.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

January 20, 2023 /

Friday

Hackerzhome News

2

Have you heard ?
Via Google Search Advertising For VLC, 7-Zip, And CCleaner, Hackers Spread Malware Know more!

With 14 fixes, the Windows 10 KB5019275 preview update was issued

With 14 fixes, the Windows 10 KB5019275 preview update was issued

With fourteen fixes and enhancements, Microsoft has issued the optional KB5019275 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2.

This version mostly addresses maintenance issues, including multiple faults in ReFS, FIDO2, and various problems that result in unresponsive apps or the Windows desktop.

Administrators can test planned updates that will be made available in the February 2023 Patch Tuesday by downloading the KB5019275 cumulative update preview, which is a part of Microsoft’s January 2023 monthly “C” update.

The “C” preview updates are optional and do not contain security fixes, in contrast to Patch Tuesday cumulative updates.

Windows users can manually run a “Check for Updates” to install this update by heading into Settings, selecting Windows Update, and doing so.

Following the installation of this update, Windows 10 20H2, Windows 10 21H2, and Windows 10 22H2 will all be updated to build 9042.2546, build 19044.2546, and build 19045.2546, respectively.

NEWS 3

EmojiDeploy for RCE Attacks is a New Microsoft Azure Vulnerability That Has Been Discovered

EmojiDeploy for RCE Attacks is a New Microsoft Azure Vulnerability That Has Been Discovered
NEWS 4

An attacker might use a newly found major remote code execution (RCE) weakness that affects numerous Microsoft Azure services to take complete control of a target application.

The Israeli company that specializes in protecting cloud infrastructure called the flaw EmojiDeploy and warned that it might make it easier for hackers to steal sensitive information and move it to other Azure services.

After being responsibly disclosed on October 26, 2022, Microsoft has since patched the vulnerability and paid a bug bounty of $30,000. As of December 6, 2022.

Kudu is the ” engine for a number of source control-based deployment features in the Azure App Service, as well as additional deployment methods including Dropbox and OneDrive sync,” according to the developer of Windows.

By sending a specifically designed request to the “/api/zipdeploy” endpoint to deliver a malicious archive (such as a web shell) and acquire remote access, an attacker might use the CSRF vulnerability in the Kudu SCM panel to go over defenses put in place to block cross-origin assaults.

Recent blog posts

Data theft by a ransomware gang from the owner of the KFC, Taco Bell, and Pizza Hut brands

A ransomware attack on Yum! Brands, the owner of the KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant brands, resulted in the closure of 300 outlets in the United Kingdom.

Yum! 53,000 restaurants are operated by Brands in 155 countries and territories. The company has total assets of over $5 billion and has a yearly net profit of $1.3 billion.

Additionally, the business alerted federal law enforcement, launched an investigation, and hired cybersecurity and forensics experts that are at the top of their fields.

The afflicted restaurants in the United Kingdom have resumed regular business, and no additional issues related to the breach are anticipated.

In order to blackmail their victims, ransomware criminals frequently take data from infiltrated networks.

Yum! Although brands have acknowledged that data was stolen during the hack, they do not believe that customer information was compromised.

Investors were reassured by Yum! Brands in an 8-K form that was submitted to the Securities and Exchange Commission (SEC) that the ransomware assault would not have a material adverse financial impact.

Data theft by a ransomware gang from the owner of the KFC, Taco Bell, and Pizza Hut brands
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.

Leave a Reply

Your email address will not be published. Required fields are marked *