Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

May 5, 2023

www.hackerzhome.org

Friday

Google Play has seen 600K installations of the new Android virus Fleckpe.

Over 620,000 times have been downloaded from Google Play, the official Android app store, a new Android virus known as “Fleckpe.”


According to Kaspersky, Fleckpe has recently joined the ranks of other nefarious Android software, like Jocker and Harly, that creates unauthorized charges by enrolling users in premium services.


By receiving a portion of the monthly or one-time membership costs produced by the premium services, threat actors profit from unauthorized subscriptions. The full income is retained by the threat actors that run the services.


The virus may have been operational since last year, according to Kaspersky’s data, but it was just recently identified and reported.


Thailand, Malaysia, Indonesia, Singapore, and Poland are where the majority of Fleckpe victims live, but infections can also be detected elsewhere in the world.


On Google Play, 11 Fleckpe trojan apps distributed under the following names were found by Kaspersky to be posing as image editors, photo libraries, premium wallpapers, and more.

NEWS 1
Google Play has seen 600K installations of the new Android virus Fleckpe.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Kimsuky hackers employ a fresh recon tool to look for security holes.

A global cyberespionage campaign by the North Korean Kimsuky hacking gang has been discovered using a new iteration of its reconnaissance software, now known as “ReconShark.”

According to Sentinel Labs, the threat actor has broadened the range of targets it is now attacking, including government agencies, research institutions, universities, and think tanks in the United States, Europe, and Asia.

Kimsuky, also known as Thallium and Velvet Chollima, started disseminating malicious Chrome extensions that targeted Gmail accounts and an Android malware that operated as a remote access trojan in March 2023, South Korean and German police said.

An earlier Kimsuky effort, targeting South Korean officials, diplomats, university professors, and journalists, was uncovered by Kaspersky in August 2022.

This campaign used a multi-stage target validation mechanism to make sure that only legitimate targets would be infected with malicious payloads.

To reduce the possibility of setting off any warnings on email security systems, these emails include a link to a malicious password-protected document housed on Microsoft OneDrive.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

May 5, 2023 /

Friday

Hackerzhome News

2

Have you heard?
Apple App Store And Google Play Are Infiltrated With Cryptocurrency Scam Apps Know more!

Three vulnerabilities in the Microsoft Azure API Management Service are found by researchers.

Three vulnerabilities in the Microsoft Azure API Management Service are found by researchers.

Microsoft Azure API Management service now has three additional security holes that could be exploited by bad actors to have access to private data or backend services.

According to Israeli cloud security company Ermetic, this includes two server-side request forgery (SSRF) issues and one instance of unfettered file upload functionality in the API Management developer site.

A multi-cloud management platform called Azure API Management enables a variety of linked experiences by enabling organizations to securely expose their APIs to both internal and external clients.

On the other hand, the developer portal’s path traversal vulnerability was found to be caused by a lack of validation of the file type and path of uploaded files.

This vulnerability allows a logged-in user to submit malicious files to the developer portal server and possibly even run arbitrary code on the host computer.

Microsoft has fixed all three problems following appropriate disclosure.

The information was discovered just a few weeks after Orca researchers revealed a “by-design flaw” in Microsoft Azure that could be used by criminals to access storage accounts, move around the environment, or even run remote code.

NEWS 3

No remedy is available for the RCE vulnerability in Cisco phone adapters.

No remedy is available for the RCE vulnerability in Cisco phone adapters.
NEWS 4

An unauthenticated, remote attacker might execute arbitrary code on Cisco SPA112 2-Port Phone Adapters thanks to a vulnerability that Cisco has disclosed in the web-based management interface of the devices.

This vulnerability, identified as CVE-2023-20126, results from a missing authentication mechanism in the firmware upgrade function and has a “critical” CVSS score of 9.8.

The industry’s preferred option for integrating analog phones into VoIP networks without upgrading is these phone adapters.

Although many organizations may use these adapters, they are probably not connected to the Internet, so the majority of these flaws can only be used from the local network.

Having access to these devices could enable a threat actor to move covertly within a network without being noticed, as security software rarely keeps track of these kinds of devices.

Cisco SPA112 is no longer maintained by the vendor and won’t get a security update because it has reached the end of its life. Additionally, Cisco hasn’t offered any CVE-2023-20126 mitigations.

The purpose of Cisco’s security alert is to increase awareness of the need to either replace vulnerable phone adapters or install more security measures to shield them from assaults.

Recent blog posts

Using the university's alert system, a ransomware gang issues threats.

Bluefield University’s emergency alert system, “RamAlert,” was taken over by the Avos ransomware gang, who used it to send email and SMS notifications to students and staff warning them that their data had been stolen and would soon be leaked.

With about 900 students, Bluefield University is a tiny private university in Bluefield, Virginia.

All exams were postponed after the University informed students and staff that they had experienced a cyberattack that had damaged their IT infrastructure.

When the incident first occurred, the University asserted that its investigation had turned up no proof of any instances of financial fraud or identity theft connected to it.

The situation, however, took a nasty turn on May 1st, 2023, when the University’s RamAlert emergency warning system, which is meant to advise students and staff through email and text of campus emergencies or threats, was still accessible to the Avos (aka AvosLocker) threat actors.

The RamAlert system was used by the ransomware gang to send SMS and email notifications warning that confidential information had been seized and would become available if Bluefield University did not pay the demanded ransom, as first reported by WVVA.

Using the university's alert system, a ransomware gang issues threats.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.