Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

April 12, 2023

wednesday

QuaDream spyware was installed on compromised iPhones using invisible calendar invitations.

Commercial spyware created by the Israeli business QuaDream was utilized by Microsoft and Citizen Lab to compromise high-risk people’s iPhones using the zero-click END OF DAYS exploit.


Between January 2021 and November 2021, attackers exploited a zero-day vulnerability affecting iPhones running iOS 1.4 up to 14.4.2 by sending “invisible iCloud calendar invitations” that were backdated and unnoticeable, according to Citizen Lab.


In order to avoid detection, the surveillance virus used in this campaign—dubbed KingsPawn by Microsoft—was also built to destroy itself and remove any traces from the iPhones of victims.


The following are all of the capabilities identified while examining the spyware created by QuaDream:
recording phone conversations’ audio, taking a microphone recording,


Using the front or back camera of the device to take images, stealing and taking objects from the keychain of the device,


using the gettimeofday syscall hook and the phone’s Anisette framework to produce iCloud time-based one-time password (TOTP) login codes on any given date. We assume that this is done to enable persistent data exfiltration of the user directly from iCloud by generating two-factor authentication codes valid for future dates,


running phone-based SQL database queries,


removing any potential leftovers from zero-click attacks, and Finding the location of the gadget.

NEWS 1
QuaDream spyware was installed on compromised iPhones using invisible calendar invitations.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

SAP issues security fixes for two vulnerabilities of a significant nature.

The April 2023 security patches from enterprise software provider SAP have been made available for a number of its products.

Two serious issues of the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform are fixed by these releases.

In total, SAP has published 24 notes, of which five are updates to earlier bulletins and 19 are new issues of various seriousness.

The three most important problems resolved this time are CVE-2023-27267, CVE-2023-28765, and, CVE-2023-29186.

In SAP’s most recent security advisory, there are still 11 security holes that are of low to medium severity.

With 425,000 clients in 180 countries and a 24% market share globally, SAP is the largest ERP provider in the world. Its ERP, SCM, PLM, and CRM products are used by more than 90% of the Forbes Global 2000.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

April 12, 2023 /

wednesday

Hackerzhome News

2

Have you heard?
After A Ransomware Assault, The Owner Of KFC And Pizza Hut Announces A Data Compromise Know more!

Launch of the $20K bug bounty program by OpenAI

Launch of the $20K bug bounty program by OpenAI

The crowdsourcing security platform Bugcrowd has been used by AI research startup OpenAI to announce the introduction of a new bug bounty program that will reward registered security researchers who find flaws in the business’s product range.

The prizes, which are based on what the firm disclosed today and depend on the impact and seriousness of the identified concerns, vary from $200 for low-severity security flaws to $20,000 for outstanding discoveries.

Bounty hunters are interested in the OpenAI Application Programming Interface (API) and its ChatGPT AI chatbot, but the business has asked researchers to report model concerns via a different form unless they have a security impact.

OpenAI revealed a ChatGPT payment data leak last month, which it attributed to a flaw in the Redis client open-source code used by their platform.

Due to the flaw, subscribers to ChatGPT Plus started to see other users’ email addresses on their subscription sites. As user complaints poured in, OpenAI shut down the ChatGPT bot to look into the problem.

NEWS 3

Hacked websites discovered distributing malware through fake Chrome upgrades

Hacked websites discovered distributing malware through fake Chrome upgrades
NEWS 4

In order to inject scripts that display false Google Chrome automatic update errors and spread malware to uninformed users, hackers compromise websites.

Since November 2022, the campaign has been running. However, according to NTT’s security analyst Rintaro Koike, it picked up speed after February 2023 and began to target people who spoke Japanese, Korean, and Spanish.

The attack starts with hijacked websites and injects malicious JavaScript code, which launches scripts each time a user hits one of them.

Blocklisting is pointless since the Pinata IPFS (InterPlanetary File System) service hides the origin server hosting the files, and removal attempts are rejected.

The scripts will then initiate the automatic download of a ZIP file with the name “release.zip,” which is actually a Chrome update that the user needs to install.

The Monero miner in this ZIP file will use the device’s CPU power to mine cryptocurrency for the threat actors.

Microsoft Azure's recently found "By-Design" flaw might expose storage accounts to hackers

Attackers may use a “by-design weakness” found in Microsoft Azure to access storage accounts, move laterally within the infrastructure, and even run remote code.

In a recent report that Orca shared with The Hacker News, it was discovered that it was possible to misuse and exploit Microsoft Storage Accounts by tricking Azure Functions in order to move laterally, potentially gain access to crucial business assets, and run remote code by stealing access tokens from identities with higher privileges (RCE).

The feature known as Shared Key authorization, which is enabled by default on storage accounts, is the exploitation vector that supports this attack.

Microsoft claims that when creating a storage account, Azure creates two 512-bit access keys. Via Shared Key authorization or SAS tokens that are signed with the shared key, these keys can be used to approve access to data.

A threat actor with access to an account with the Storage Account Contributor role may be able to escalate privileges and take control of systems if these access tokens are taken, according to the cloud security provider.

Microsoft Azure's recently found By-Design flaw might expose storage accounts to hackers
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: