Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

May 1, 2023

Monday

Google Bans 173,000 Bad Accounts and 1.43 Million Malicious Apps in 2022

Google revealed that in 2022, it was able to prevent 1.43 million subpar apps from being added to the Play Store because of improved security measures and app review procedures. so Google Bans Bad accounts and malicious apps.


Additionally, the company claimed that developer-facing features like the Voided Purchases API, Obfuscated Account ID, and Play Integrity API helped it block 173,000 malicious accounts and stop over $2 billion in fraudulent and abusive transactions.


According to Google, the introduction of identity verification procedures for Google Play membership, such as phone number and email address, helped to reduce the number of accounts used to publish programs that violate its regulations.


In contrast, Google banned 190,000 bad accounts in 2021 and prevented the publication of 1.2 million apps that violated its policies.


The change occurs a few weeks after Google implemented a new data deletion policy requiring app developers to provide users with a “readily discoverable option” inside and outside an app.
Despite Google’s efforts, hackers continue to publish dangerous and adware apps by finding ways to get through the app storefront’s security measures.


For instance, the McAfee Mobile Research Team found 38 games that were spoofs of Minecraft that have been downloaded by at least 35 million people globally, mostly in the United States, Canada, South Korea, and Brazil.

NEWS 1
Google Bans 173,000 Bad Accounts and 1.43 Million Malicious Apps in 2022

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Hackers target the Ukrainian government by using fraudulent "Windows Update" guidelines.

According to the Computer Emergency Response Team of Ukraine (CERT-UA), fraudulent emails purporting to give instructions on how to upgrade Windows as a defense against cyberattacks are being sent to various government organizations in the nation by Russian hackers.

CERT-UA believes that in order to more easily fool their targets, the Russian state-sponsored hacking outfit APT28 (also known as Fancy Bear) sent these emails and pretended to be the system administrators of the targeted governmental organizations.

In order to accomplish this, the attackers used genuine employee identities that they had obtained through unidentified ways during the attack’s planning stages to construct @outlook.com email addresses.

The malicious emails instruct the recipients to execute a PowerShell operation in place of actual instructions on upgrading Windows systems.
This command simulates a Windows update procedure by downloading a PowerShell script to the PC while simultaneously downloading a second PowerShell payload in the background.

The second-stage payload consists of a straightforward information-gathering tool that takes advantage of the ‘tasklist’ and’systeminfo’ commands to gather information and submit it to a Mocky service API via an HTTP request.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

May 1, 2023 /

Monday

Hackerzhome News

2

Have you heard?
An AI-Powered Malware Analysis Feature Is Now Available On VirusTotal. Know more!

Vietnamese Threat Actor Uses "Malverposting" Techniques to Infect 500,000 Devices

Vietnamese Threat Actor Uses Malverposting Techniques to Infect 500,000 Devices

Over the past three months, a “malvertising” campaign on social media platforms has been blamed on a Vietnamese threat actor. Its goal was to spread variants of information thieves like S1deload Stealer and SYS01stealer to over 500,000 devices worldwide.

Malverposting is the practice of using sponsored social media posts on platforms like Facebook and Twitter to disseminate harmful malware and other security risks widely. The purpose of purchasing advertisements to “amplify” their posts is to reach a larger audience.

According to Guardio Labs, the attacker in such attacks starts by setting up new company profiles and assuming control of well-known accounts in order to deliver advertisements for free adult-rated photo album downloads.

These ZIP package files include what appear to be photos but are actually executable files that, when opened, start an infection chain and launch stealth malware to steal session cookies, account information, and other data.

The assault chain is very successful because it establishes a “vicious circle” where the data stolen by the stealer is utilized to build an ever-growing army of Facebook bot accounts that are then used to push additional sponsored posts, effectively escalating the scam further.

NEWS 3

Attackers target online-exposed Veeam backup servers that are weak

Attackers target online-exposed Veeam backup servers that are weak
NEWS 4

At least one group of threat actors known to collaborate with numerous well-known ransomware gangs is focusing on Veeam backup systems.
Less than a week after an exploit for a high-severity vulnerability in Veeam Backup and Replication (VBR) software became public on March 28, malicious behavior and tools echoing FIN7 attacks have been seen in incursions.

The security flaw, identified as CVE-2023-27532, makes unauthenticated users in the backup infrastructure able to access encrypted credentials kept in the VBR configuration. Access to the hosts of the backup infrastructure may be possible via this.

On March 7, the software provider fixed the problem and offered a remedy.

The Horizon3 pen-testing company published an exploit for CVE-2023-27532 on March 23. This vulnerability also showed how the credentials may be extracted in plain text by abusing an unprotected API endpoint. The vulnerability also allows remote execution of code with the maximum privileges by an attacker.

Huntress Labs issued a warning at the time stating that there were still roughly 7,500 internet-exposed VBR hosts that seemed susceptible.

CISA Issues Warnings Regarding Serious Problems with Illumina's DNA Sequencing Tools

A significant weakness affecting Illumina medical equipment has been alerted to in an Industrial Control Systems (ICS) medical advisory published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The problems affect the DNA sequencing systems from Illumina, including the MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000.

The most serious vulnerability, CVE-2023-1968 (CVSS score: 10.0), enables remote attackers to bind to vulnerable IP addresses, allowing them to listen in on network traffic and remotely execute arbitrary instructions.

The Food and Drug Administration (FDA) warned that an unauthorized user could exploit the flaw to negatively affect the genomic data results in the clinical diagnosis instruments, including by making them produce no results, inaccurate results, altered results, or even result in a potential data breach.

There is no proof that the two flaws have been used in the wild. To reduce potential risks, users are advised to implement the patches made available on April 5, 2023.

CISA Issues Warnings Regarding Serious Problems with Illumina's DNA Sequencing Tools
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: