Hackerzhome

Cybersecurity news all over the world

HACKERZHOME NEWS

April 3, 2023

Monday

New Azure AD Vulnerability Impacting Bing Search and Major Applications is Fixed by Microsoft

Microsoft has fixed a misconfiguration problem affecting the Azure Active Directory (AAD) identity and access management service that allowed unauthorized access to a number of “high-impact” applications.


One of these apps is a content management system (CMS) that runs Bing.com and gave us access to high-impact XSS attacks against Bing users in addition to modifying search results, according to a report by cloud security company Wiz.

Such attacks may compromise user personal information, including emails sent through Outlook and documents stored in SharePoint.


After receiving reports of the problems in January and February 2022, Microsoft fixed them and gave Wiz a $40,000 bug bounty. Redmond claimed there was no proof that the incorrect configurations were used in the wild.


It’s interesting to note that a few of Microsoft’s own internal apps were discovered to display this behavior, allowing outside parties to access read and write access to the impacted apps.


This includes the Bing Trivia app, which the cybersecurity company exploited as part of an attack chain dubbed BingBang to change search results in Bing and even edit material on the homepage.


Even worse, the flaw might be used to retrieve a victim’s Outlook emails, calendars, Teams chats, SharePoint documents, and OneDrive files by starting an XSS attack against Bing.com.

NEWS 1
New Azure AD Vulnerability Impacting Bing Search and Major Applications is Fixed by Microsoft

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

OpcJacker Virus Attacks Users with Fake VPN Service for Crypto-Stealing

In the second half of 2022, a new piece of information-stealing malware by the name of OpcJacker has been observed in the wild as a result of a malvertising effort.

Keylogging, screenshotting, collecting private information from browsers, loading extra modules, and altering bitcoin addresses in the clipboard for hijacking purposes are some of OpcJacker’s primary capabilities, according to Trend Micro researchers Jaromir Horejsi and Joseph C. Chen.

The campaign’s initial distribution channel is a network of fake websites that promote seemingly innocent software and services related to cryptocurrencies. 

Under the guise of promoting a VPN service in February 2023, consumers in Iran were explicitly sought out.

The installer files serve as a delivery mechanism for OpcJacker, which can also distribute next-stage payloads like NetSupport RAT and a remote access variation of hidden virtual network computing (hVNC).

OpcJacker uses a configuration file to turn on its data-gathering features and is hidden using the crypter Babadeda. It can also execute executables and shellcode of any kind.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at admin@hackerzhome.org or fill out this contact form.

Share this news:

April 3, 2023 /

Monday

Hackerzhome News

2

Have you heard?
Uncovering A Massive AdSense Fraud Campaign That Infected 10,000+ WordPress Sites Know more!

Million-dollar ransoms demanded by the New Money Message ransomware.

Million-dollar ransoms are demanded by the New Money Message ransomware.

A new ransomware group known as “Money Message” has emerged, attacking victims all over the world and demanding $1 million in ransom payments to prevent data leaks and the release of a decryptor.

On its extortion website, the threat actor now names two victims, one of which is an Asian airline with annual sales of about $1 billion. 

The threat actors further assert that they have taken files from the business and provided a screenshot of the file system that was accessed as evidence of the hack.

The JSON configuration file contained in the C++ code of the Money Message encryptor specifies how a device will be encrypted.

This configuration specifies which files should not be encrypted, what extensions should be added, which processes and services should be stopped, if logging should be enabled, and the domain logins and passwords that are probably used to encrypt additional devices.

Although it won’t add any extensions to files when encrypting them, this can vary depending on the victim. 

The encryptor reportedly encrypts the information using ChaCha20/ECDH encryption, according to security researcher rivitna.

NEWS 3

WordPress Elementor Pro Vulnerability Exploited by Hackers, Endangering Millions of Websites!

WordPress Elementor Pro Vulnerability Exploited by Hackers, Endangering Millions of Websites!
NEWS 4

Unknown threat actors are utilizing a vulnerability in the WordPress plugin Elementor Pro website builder.

The flaw, which is regarded as a case of broken access control, affects versions 3.11.6 and earlier. The problem was resolved by the plugin’s developers in version 3.11.7, which was released on March 22.

According to the release notes from the Tel Aviv-based business, WooCommerce components now more effectively enforce code security. The premium plugin is apparently used on close to 12 million websites.

The high-severity bug enables an authenticated attacker to successfully take over a WordPress site that has WooCommerce enabled.

According to a March 30, 2023 advisory from Patchstack, this makes it feasible for a malicious user to enable the registration page (if hidden) and set the default user role to the administrator in order to rapidly create an account with administrator capabilities.

After that, they’ll probably add a malicious plugin or backdoor to further abuse the website, reroute it to another rogue domain, or both.

Threats from a fake ransomware gang to disclose empty data target U.S. organizations

Fake extortionists are using data breaches and ransomware attacks as cover to threaten American businesses with publishing or selling purportedly stolen data if they are not paid.

When sending messages, actors will occasionally threaten the recipient with a distributed denial-of-service (DDoS) assault if they don’t follow the instructions.

The perpetrators of this operation go by the alias Midnight, and they have been targeting American businesses since at least March 16.

They have also claimed to be the ones who carried out the hack and stole hundreds of gigabytes of crucial data while posing as other ransomware and data extortion gangs in emails.

The threat actor claimed to be the Silent Ransom Group (SRG), a branch of the Conti syndicate that specializes in data theft and extortion of the victim, also known as Luna Moth, in one email sent to an employee of a holding firm in the petroleum additives business.

Nevertheless, a different threat actor, the Surtr ransomware organization, which was first observed encrypting corporate networks in December 2021, was referenced in the subject line of the same message.

Threats from a fake ransomware gang to disclose empty data target U.S. organizations
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at admin@hackerzhome.org or fill out this contact form.

Share this news: