Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

June 6, 2023

www.hackerzhome.org

Tuesday

IPhones are checked with a new tool for 'Triangulation' malware infiltration.

The cybersecurity company Kaspersky has launched a tool to check for the presence of the new “Triangulation” virus on Apple iPhones and other iOS devices.


Kaspersky reported that this virus was found on its own network and that it has been infecting many iOS devices across its locations since at least 2019.


The cybersecurity company reported that, although malware investigation is still ongoing, the ‘Operation Triangulation’ malware campaign employs an unidentified zero-day attack on iMessage to execute code with elevated privileges and no user involvement.


This enables the attack to download additional payloads to the target device for use in executing further commands and information gathering.


FSB, Russia’s intelligence and security service, also connected the virus to infections of senior government officials and international diplomats.


The Mobile Verification Toolkit (MVT) may be used to manually verify iOS device backups for potential signs of infiltration by this unidentified virus, as described in great length in the original report by Kaspersky.


Apple’s multiple security measures (sandboxing, data encryption, code signing) hinder live system analysis, therefore iOS can only be analyzed as a backup.

NEWS 1
iPhones are checked with a new tool for 'Triangulation' malware infiltration.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

MOVEit extortion assaults are blamed on the Clop ransomware.

The MOVEit Transfer data-theft assaults, in which a zero-day vulnerability was used to infiltrate the servers of several firms and steal data, were carried out, according to information provided to BleepingComputer by the Clop ransomware gang.

This substantiates Microsoft’s Sunday evening identification of the hacker collective they track as “Lace Tempest,” also known as TA505 and “FIN11,” as the culprit.

The Clop spokesperson also stated that, as Mandiant had previously reported, they began exploiting the vulnerability on May 27th, during the lengthy US Memorial Day holiday.

The Clop ransomware organization frequently carries out assaults around holidays. In the past, it has carried out significant exploitation attacks around holidays when staff is at a minimum.

Even while Clop refused to disclose the total number of businesses affected by the MOVEit Transfer assaults, they did warn that if a ransom was not paid, victims will be listed on their data leak website.

In addition, the ransomware group acknowledged that they have not started to demand ransom from infiltrated businesses from their victims, possibly because they are analyzing data to see what is valuable and how it can use it to its advantage.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

June 6, 2023 /

Tuesday

Hackerzhome News

2

Have you heard?
How to install and use shellphish in termux Know more!

30 million installations of new Android applications revealed to have the SpinOk virus

30 million installations of new Android applications revealed to have the SpinOk virus

A fresh set of Android applications on Google Play were discovered to contain the SpinOk spyware, which has apparently been downloaded 30 million more times.

The discovery was made by CloudSEK’s security team, who discovered a collection of 193 applications using the malicious SDK, 43 of which were live on Google Play when they were found last week.

Dr. Web initially came across SpinOk late last month in a collection of 100 applications that had been downloaded over 421 million times as a group.

According to the mobile security firm’s assessment, SpinOk was disseminated through an SDK supply chain assault that compromised several applications and, as a result, a large number of Android users.

On the surface, the SDK offered mini-games with daily incentives that developers could utilize to attract users’ attention. The malware might, however, be utilized in the background to change clipboard data and steal files.

Dr. Web’s report’s IoCs were used by CloudSEK to find further SpinOk infections, bringing the total number of problematic applications to 193 after finding an additional 92 apps. About fifty percent of those were accessible via Google Play.

NEWS 3

To address newly discovered security weaknesses, GIGABYTE has released updated firmware.

To address newly discovered security weaknesses, GIGABYTE has released updated firmware.
NEWS 4

To address security flaws in over 270 motherboards that might be used to spread malware, GIGABYTE has provided firmware patches.

The firmware patches were made available last Thursday in response to a tip by Eclypsium, a hardware security firm, which discovered bugs in a legal GIGABYTE function used to install a Windows software auto-update program.

Firmware developers may automatically extract an executable from the firmware image and run it on the operating system thanks to a feature of Windows called Windows Platform Binary Table (WPBT).

Vendors and OEMs can launch an.exe program under the UEFI layer thanks to WPBT. Windows checks the UEFI each time it boots and then executes the.exe file. Microsoft notes that it’s used to execute applications that aren’t part of the Windows media.

When a new installation of Windows is made, GIGABYTE motherboards employ the WPBT function to automatically install an auto-update program to “%SystemRoot%system32GigabyteUpdateService.exe.”

This function, which is turned on by default, may be turned off in the BIOS settings by selecting the APP Centre Download & Install Configuration configuration option under the Peripherals tab.

However, Eclypsium found a number of security holes in this procedure that attackers may use in man-in-the-middle (MiTM) attacks to spread malware.

Recent blog posts

Firewalls from Zyxel are under attack! Needs urgent patching

Based on evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two recently discovered security holes in Zyxel firewalls to its list of Known Exploited Vulnerabilities (KEV) on Monday.

The vulnerabilities, identified as CVE-2023-33009 and CVE-2023-33010, are buffer overflow flaws that might allow an unauthorized attacker to execute remote code and create a denial-of-service (DoS) issue.

Zyxel provided patches to resolve the security flaws on May 24, 2023. The gadgets listed below are impacted: Versions of ZyWALL/USG (ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2), VPN (ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), USG FLEX50(W)/USG20(W)-VPN (ZLD V4.25 to V5.36 Patch 1), USG FLEX (ZLD V4.50 to V5.36 Patch 1), and ATP

The specifics of the assaults are unknown, however, this discovery comes only a few days after another Zyxel firewall vulnerability (CVE-2023-28771) was actively used to entangle affected devices into a Mirai botnet.

Firewalls from Zyxel are under attack! Needs urgent patching
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.