Hackerzhome

hackerzhome-logo-bg

Malicious apps on google play with 1M+ Downloads- Top 10 cybersecurity news 2/11/22

malicious apps on Google play - cybersecurity news-8

Introduction:

Welcome back! Today’s top 10 cybersecurity news includes Dropbox’s breach, Malicious apps on google play with 1 million+ downloads, the sale of 576 corporate network access, and so on. Read the news and share your thoughts in the comment section.

Top 10 Cybersecurity News:

1. Using a fake website, a Google advertisement for GIMP.org served information-stealing malware.

  • As recently as last week, users who searched for “GIMP” on Google were shown an advertisement for “GIMP.org,” the official website of the well-known graphics editor GNU Image Manipulation Program.
  • Given that the destination URL is listed as “GIMP.org,” this advertisement would seem to be legal. However, clicking on it sent users to a phishing website that looked like GIMP and gave them access to a 700 MB file that was actually malware.

2. Microsoft addresses a serious RCE problem that affects Azure Cosmos DB.

  • A serious flaw in Azure Cosmos DB that enabled unauthenticated read and write access to containers was discovered by analysts at Orca Security.
  • The security flaw, known as CosMiss, affects Jupyter Notebooks that are built into Azure Cosmos DB accounts and the Azure interface to make it simpler to query, analyze, and visualize NoSQL data and results.
  • Microsoft received the information from Orca’s researchers on October 3, 2022, and on October 5, 2022, the software provider corrected the serious problems.

3. Malicious VPN app uses new SandStrike spyware to attack Android devices

  • Threat actors are targeting Android users with SandStrike, a recently identified spyware that is distributed through a rogue VPN application.
  • They concentrate on Bahá’s who speak Persian and practice their religion, which originated in Iran and other regions of the Middle East.
  • The SandStrike adversary created Facebook and Instagram accounts with more than 1,000 followers and created appealing religious-themed materials to entice victims into downloading malware implants, putting up an efficient trap for followers of this creed, according to Kaspersky.

4. What you need to know about the two high-severity vulnerabilities that OpenSSL patches

  • The open-source cryptographic library that the OpenSSL Project uses to secure communication channels and HTTPS connections includes two high-severity security issues that have been addressed.
  • OpenSSL 3.0.0 and later versions are affected by the vulnerabilities (CVE-2022-3602 and CVE-2022-3786), which have been fixed in OpenSSL 3.0.7.
  • While CVE-2022-3786 can be exploited by attackers using phishing emails to cause a denial-of-service situation via a buffer overflow, CVE-2022-3602 is an arbitrary 4-byte stack buffer overflow that could cause crashes or result in remote code execution (RCE).

5. Google Play has malicious Android apps with 1 million or more downloads.

  • Four malicious apps that are now available in Google Play, the official Android app store, are sending users to websites that either steal personal data or bring in “pay-per-click” cash for the developers.
  • Some of these websites encourage users to download fraudulent security updates or tools in an effort to lure them into manually downloading dangerous files.
  • There were four dangerous apps discovered, Mobile transfer: smart switch, Bluetooth App Sender, Driver: Bluetooth, Bluetooth Auto Connect, Wi-Fi, and USB.

6. Dropbox reports a breach after 130 GitHub repositories were stolen by a hacker.

  • Threat actors logged into one of Dropbox’s GitHub accounts using employee login credentials they had gotten through phishing, where they stole 130 code projects. Dropbox consequently disclosed a security flaw.
  • To date, our investigation has revealed that some credentials—primarily, API keys—used by Dropbox engineers were present in the code that this threat actor was able to access.
  • A few thousand names and email addresses of Dropbox workers, current and former clients, sales leads, and vendors were also included in the code and the data around it.

7. Chinese Hackers Deploy LODEINFO Malware Using New Stealthy Infection Chain.

  • In its strikes against Japanese targets, the Chinese state-sponsored threat actor Stone Panda has been seen using a fresh stealthy infection chain.
  • According to two studies released by Kaspersky, the targets in Japan include think tanks, the media, and diplomatic, governmental, and public sector institutions. At least since 2009, the threat actor is thought to have been active.
  • Since April 2021, the gang has also been connected to assaults on numerous Japanese domestic businesses utilizing malware families like SigLoader, SodaMaster, and a web shell dubbed Jackpot.

8. Different Vulnerabilities IT infrastructure monitoring software Checkmk reported.

  • The Checkmk IT Infrastructure monitoring software has a number of flaws that have been publicly revealed and could be exploited by a remote, unauthenticated attacker to completely take control of the vulnerable systems.
  • Stefan Schiller, a SonarSource researcher, wrote in a technical study that “these vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server using Checkmk version 2.1.0p10 and lower.”
  • The four bugs, two of Critical severity and two of Medium severity, are as follows: A command injection flaw in Checkmk’s Livestatus wrapper and Python API, A server-side request forgery (SSRF) flaw in the host registration API, A code injection flaw in watolib’s auth.php, and, An arbitrary file read flaw in NagVis.

9. Return of the Fodcha DDoS Botnet with New Features.

  • Researchers have discovered a resurrected threat actor that was responsible for the Fodcha distributed denial-of-service (DDoS) botnet with upgraded capabilities.
  • In a paper released last week, Qihoo 360’s Network Security Research Lab stated that this includes modifications to its communication protocol and the capacity to demand cryptocurrency payments in exchange for halting a DDoS attack against a target.
  • Fodcha first came to light in April, spreading through known flaws in Android and Internet of Things (IoT) devices as well as through using weak Telnet or SSH passwords.

10. Access to 576 corporate networks is being sold by hackers for $4 million.

  • According to a recent investigation, hackers are funding attacks on businesses by offering access to 576 corporate networks for a total cumulative sales price of $4,000,000.
  • The study was conducted by Israeli cyber-intelligence company KELA, which released its Q3 2022 ransomware report, which showed stable activity in the first access sales sector but a sharp increase in the products’ prices.
  • Although there was almost the same number of network access purchases as in the previous two quarters, the total requested price has now surpassed $4,000,000.

Conclusion:

That’s it for today’s article. cyber-criminals are increasing enormously day by day and so does cyber attacks. Be careful even when downloading apps from google play as some of the apps may contain adware. Only if we are aware of what is happening around us in this tech world, we can prevent ourselves from those cyber attacks so stay connected by subscribing to our newsletter. Share your thoughts in the comment section and Comeback again for another set of cybersecurity news. keep yourself updated!

Share this post
WhatsApp
Telegram
Facebook
Twitter
LinkedIn
Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join Our Community

Table of Contents

weekly trending

SUBSCRIBE VIA EMAIL

Related Articles