Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 28, 2023

Tuesday

WebKit zero-day vulnerability on older iPhones is fixed by Apple.

The company patched the vulnerability (CVE-2023-23529), a WebKit-type confusion issue, on February 13, 2023, for newer iPhone and iPad models.


After successful exploitation, potential attackers can utilize it to cause OS crashes and obtain code execution on infected iOS and iPadOS devices.


Once the victims have been tricked into viewing malicious web pages, the threat actors can then run arbitrary code on the targeted iPhones and iPads (this bug also impacts Safari 16.3.1 on macOS Big Sur and Monterey).


Processing web content that has been maliciously crafted could result in arbitrary code execution.

According to Apple, the zero-day vulnerability has been reported to have been actively exploited.


Apple is aware of information suggesting that this problem may have been deliberately exploited.


Additionally, Apple has improved checks in iOS 15.7.4 and iPadOS 15.7.4 to address the zero-day vulnerability.


iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) devices are on the list of afflicted devices.

NEWS 1
WebKit zero-day vulnerability on older iPhones is fixed by Apple.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Exchange Online will filter emails coming from unsecured on-premises servers.

Microsoft is proposing a new Exchange Online security feature that, 90 days after administrators are notified to secure them, will automatically begin throttling and eventually ban all emails received from “persistently insecure Exchange servers.”

These Exchange servers, according to Redmond, are found in on-premises or hybrid setups and are either running out-of-date software or haven’t had known security flaws patched.

The Exchange Team explained that any Exchange server that has achieved end-of-support (such as Exchange 2007, Exchange 2010, and shortly, Exchange 2013) or is still unpatched for known vulnerabilities.

This new Exchange Online transport-based enforcement mechanism, according to Microsoft, performs three main tasks: reporting, throttling, and blocking.

The main objective of the new system is to assist Exchange administrators in finding on-premises Exchange servers that are not updated or supported so that they can upgrade or patch them before they pose a security issue.

The ability to throttle and finally block emails from Exchange servers that haven’t been fixed before they reach Exchange Online mailboxes will also be available.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 28, 2023 /

Tuesday

Hackerzhome News

2

have you heard?
Apple’s IOS, IPadOS, MacOS, And Safari Are Under Attack From A New Zero-Day Flaw Know more!

Passwords from the iCloud Keychain are stolen by the new MacStealer macOS virus.

Passwords from the iCloud Keychain are stolen by the new MacStealer macOS virus.

Targeting Mac users, the new data-stealing malware known as MacStealer steals users’ login information from the iCloud KeyChain as well as from online browsers, cryptocurrency wallets, and possibly confidential files.

The creator is selling prepared builds of MacStealer as malware-as-a-service (MaaS) for $100, allowing customers to use the malware in their campaigns.

The new macOS malware may be used with versions of Apple’s OS as recent as Ventura (11.5), according to the Uptycs threat research team that found it (13.2).

In a dark web hacker forum where the developer had been promoting MacStealer since the beginning of the month, it was found by Uptycs analysts.

The vendor claims that early beta testing of the malware is still ongoing and makes no mention of panels or constructors. Instead, it offers pre-made DMG payloads that can infect macOS Big Sur, Monterey, Ventura, and Catalina.

The threat actor justifies the malware’s low price of $100 by claiming that it lacks a builder and control panel, but he also promises that more sophisticated capabilities will be added in the near future.

NEWS 3

New IcedID iterations switch from delivering malware to bank fraud

New IcedID iterations switch from delivering malware to bank fraud
NEWS 4

The ability of the new IcedID variants to commit online banking fraud has been eliminated, and they now focus on infecting victim systems with more malware.

Since late last year, three different threat actors have apparently exploited these new versions in seven campaigns, all of which have as their major purpose the transmission of extra payloads, most notably ransomware.

Two new iterations of the IcedID loader are now available: “Lite” (first discovered in November 2022) and “Forked” (discovered in February 2033) both of which provide the same IcedID bot with a more condensed feature set.

IcedID can be made more nimble and stealthy, which can help threat actors avoid being noticed. Since 2017, it has been employed in numerous malicious campaigns without undergoing many code modifications.

Beginning in November 2022, systems infiltrated by the recently resurrected Emotet virus would receive the “Lite” version of the IcedID loader as a second-stage payload.

The “Forked” variant of the malware loader first appeared in February 2023 and spread quickly by way of phishing emails with a customized invoice style.

The malicious HTA files used in these communications then executed PowerShell commands to retrieve IcedID from a remote resource using Microsoft OneNote attachments (.one).

Remcos RAT and Formbook Spyware Spreading in Europe through Stealthy DBatLoader

A new phishing attempt has targeted European organizations in order to spread Formbook and Remcos RAT using a malware loader known as DBatLoader.

According to experts at Zscaler Meghraj Nandanwar and Satyam Singh, the malware payload is disseminated through WordPress websites that have valid SSL certificates, which is a common strategy employed by threat actors to avoid being discovered.

The information expands on a SentinelOne report from a month ago that described phishing emails with malicious attachments that pose as financial documents to start the infection chain.

OneNote attachments and a multi-layered obfuscated HTML file are two of the file types utilized to transmit the DBatLoader payload.

Although Microsoft decided to disable macros by default in files received from the internet late last year, abuse of OneNote files as an initial vector for malware spread has been on the rise.

DBatLoader, also known as ModiLoader and NatsoLoader, is a malware program that uses the Delphi programming language.

It can download additional payloads from cloud storage services like Microsoft OneDrive and Google Drive while also using image steganography to avoid being discovered by antivirus software.

Remcos RAT and Formbook Spyware Spreading in Europe through Stealthy DBatLoader
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: