Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 17, 2023

Friday

Samsung Exynos chipsets contain 18 zero-day vulnerabilities discovered by Google.

The Exynos chipsets made by Samsung, which are used in mobile devices, wearable technology, and automobiles, have 18 zero-day vulnerabilities that Project Zero, Google’s bug-hunting team, has identified and disclosed.


Between late 2022 and early 2023, security issues with Exynos modems were discovered.


The four most critical zero-day vulnerabilities, which allow remote code execution from the Internet to the baseband, were among the eighteen zero-day vulnerabilities.


Several Internet-to-baseband remote code execution (RCE) flaws, such as CVE-2023-24033 and three others that are awaiting a CVE-ID, give attackers the ability to remotely compromise affected devices without the involvement of the user.\


According to Samsung, the CVE-2023-24033 vulnerability can cause a denial of service or code execution in Samsung Baseband Modem because the baseband software does not properly check the format types of the accept-type attribute given by the SDP.


The remaining 14 vulnerabilities include CVE-2023-24072, CVE-2023-24073, CVE-2023-24074, CVE-2023-24075, CVE-2023-24076, and nine others requiring CVE-IDs, are less serious but nevertheless dangerous. Local access or a rogue mobile network provider is required for successful exploitation.

NEWS 1
Samsung Exynos chipsets contain 18 zero-day vulnerabilities discovered by Google.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Microsoft makes its remedy for the WinRE BitLocker bypass issue available.

Microsoft has simplified remedying a BitLocker bypass security flaw in the Windows Recovery Environment by releasing a script (WinRE).

The process of protecting WinRE images from efforts to exploit the CVE-2022-41099 hole, which allows attackers to get around the BitLocker Device Encryption feature on system storage devices, is made easier with the help of this PowerShell script.

In a support post released on Thursday, Microsoft states that the sample PowerShell script was created by the company’s product team to aid in automating the updating of WinRE images on Windows 10 and Windows 11 devices.

Administrators are able to provide the path and name of the Safe OS Dynamic update package that should be utilized to update the WinRE image by running the CVE-2022-41099 patch scripts from a Windows PowerShell command line.

These update packages must first be obtained from the Microsoft Update Catalog and are unique to the OS version and processor architecture.

The scripts also permit choosing the scratch space to be used during the patching operation by giving a workDir option (if not specified, the script will use the default Windows temp folder).

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 17, 2023 /

Friday

Hackerzhome News

2

Have you heard?
To Protect Users From Zero-Click Malware Attacks, Samsung Has Released A New Feature Know more!

FakeCalls Android malware is back with new phone-hiding techniques.

FakeCalls Android malware is back with new phone-hiding techniques.

The Android malware “FakeCalls” is again in circulation in South Korea, impersonating calls from over 20 financial institutions in an effort to trick bankers into disclosing their credit card information.

The specific malware is not new; Kaspersky reported on it a year ago. Researchers from Check Point claim that several escape strategies that were not present in earlier samples have been incorporated in more current versions.

Malware may be installed on the victim’s device as the first stage of the attack using phishing, black SEO, or malvertising.

The FakeCalls malware is disseminated on fake banking apps that pose as significant Korean financial organizations, leading victims to believe they are using a genuine app from a reputable developer.

The app starts the attack by giving the target a low-interest loan. Once the victim shows interest, the virus places a call and starts a recording of the bank’s actual customer service, which gives instructions on how to get the loan application accepted.

The software can conceal the attackers’ calling number, however, and display the legitimate number of the fictitious bank instead, making the discussion seem genuine.

NEWS 3

Redline information-stealing malware is promoted using Adobe Acrobat Sign.

Redline information-stealing malware is promoted using Adobe Acrobat Sign.
NEWS 4

Cybercriminals are misusing Adobe Acrobat Sign, an online document signing service to trick customers into downloading malware that steals their personal information.

The service is being misused to send malicious emails that come from the software company in an effort to get around security measures and dupe recipients into believing the email they received is legitimate.

Abusing legitimate services is not a novel tactic. Recent examples of similar incidents include the misuse of Google Documents comments, PayPal bills, and more.

Users can send, sign, track, and manage electronic signatures using Adobe Acrobat Sign, a cloud-based e-signature service that is available to trial for free.

Threat actors sign up for the service and take advantage of it to send emails with links to DOC, PDF, or HTML files stored on Adobe’s servers to target email addresses (“eu1.documents.adobe.com/public/”).

The documents include a link to a website that serves visitors a ZIP archive that contains a copy of the Redline information thief once they successfully complete a CAPTCHA to verify their identity.

Redline is harmful software that can steal credit card numbers, cryptocurrency wallets, account credentials, and other data from compromised devices.

Targeting Vatican, Lithuanian, Slovakian, and Indian Authorities is the Winter Vivern APT Group

Since 2021, efforts aimed at leaders in the governments of India, Lithuania, Slovakia, and the Vatican have been connected to the sophisticated persistent threat known as Winter Vivern.

According to a report sent to The Hacker News by SentinelOne, the activity targeted Polish government agencies, the foreign ministries of Ukraine, Italy, and India, as well as individuals working for the Indian government.

Last month, the Computer Emergency Response Team of Ukraine (CERT-UA) described a new malware campaign aimed at the state authorities of Ukraine and Poland to deploy a malware variant known as Aperetif.

This campaign also tracked as UAC-0114, attracted notice.

The gang has used weaponized Microsoft Excel documents with XLM macros to implant PowerShell on compromised hosts, according to earlier public revelations about the group.

Although the threat actor’s origins are unclear, the cluster appears to be aligned with goals that serve the interests of the governments of Belarus and Russia, according to the attack patterns.

UAC-0114 has used a range of techniques to disseminate its bespoke payloads and obtain unauthorized access to sensitive systems, including phishing websites and malicious papers that are tailored to the targeted company.

Targeting Vatican, Lithuanian, Slovakian, and Indian Authorities is the Winter Vivern APT Group
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: