Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

February 20, 2023

Monday

To protect users from zero-click malware attacks, Samsung has released a new feature

Samsung has unveiled Message Guard, a new feature that includes measures to defend users from malware and adware via what is known as zero-click assaults.


The South Korean chaebol claimed that by “limiting exposure to invisible dangers disguised as picture attachments,” the solution “preemptively” secures customers’ devices.


While only available on Samsung Messages and Google Messages, the security feature will eventually be made available on other Galaxy smartphones and tablets running One UI 5.1 or higher later this year. It is presently only available on the Samsung Galaxy S23 series.


The bulk of zero-click exploits is designed to take advantage of flaws in email, SMS, and messaging programs that process and receive untrusted data.


As a result, if an app’s interpretation of the incoming data has a security flaw, a threat actor could use this flaw to create a malicious image that, when sent to a target’s device, immediately runs whatever code it contains.


Zero-click assaults are valuable methods to distribute spyware capable of monitoring people and gathering a plethora of sensitive information because there are fewer signs of any illicit activity left behind due to the absence of involvement involved.

NEWS 1
To protect users from zero-click malware attacks, Samsung has released a new feature

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

FortiWeb, FortiOS, FortiNAC, and FortiProxy are affected by 40 flaws for which Fortinet has released patches

FortiWeb, FortiOS, FortiNAC, and FortiProxy, among other Fortinet software products, have all received security updates to fix 40 vulnerabilities.
Two of the 40 defects are classified as Critical, 15 as High, 22 as Medium, and one as Low in terms of their seriousness.

The most serious flaw in the list is a weakness that affects FortiNAC network access control and could execute arbitrary code (CVE-2022-39952, CVSS score: 9.8).

The vulnerability affects the following things: FortiNAC 9.4.0, FortiNAC 9.2.0 through 9.2.5, FortiNAC 9.1.0 through 9.1.7, FortiNAC 8.8 and all previous versions, FortiNAC 8.7 and all previous versions, FortiNAC 8.6 and all previous versions, FortiNAC 8.5 and all subsequent versions
FortiNAC versions 7.2.0, 9.1.8, 9.1.8, and 9.1.8 have patches available.

Users must act swiftly to install the fixes since penetration testing company Horizon3.ai stated it will “soon” release a proof-of-concept (PoC) code for the vulnerability.

The second weakness to be aware of is a group of stack-based buffer overflows in FortiWeb’s proxy daemon (CVE-2021-42756, CVSS score: 9.3) that could allow a remote, unauthenticated attacker to execute arbitrary code by crafting carefully chosen HTTP requests.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

February 20, 2023 /

Monday

Hackerzhome News

2

Have your heard?
Fortinet Devices Are Being Compromised With New Boldmove Linux Malware Know more!

GoDaddy discloses a multi-year security breach that led to the installation of malware and the theft of source code

GoDaddy discloses a multi-year security breach that led to the installation of malware and the theft of source code.

GoDaddy, a supplier of web hosting services, revealed a multi-year security breach on Friday that gave unidentified threat actors access to install malware and steal source code for some of its services.

GoDaddy claimed that in December 2022, it received an unspecified number of complaints from customers about the sporadic redirection of their websites to malicious websites.

It was later discovered that this was caused by an unauthorized third party gaining access to servers hosted in its cPanel environment.

According to GoDaddy, the main goal of the attacks is to “infect websites and servers with malware for phishing campaigns, malware distribution, and other nefarious activities.”

The incident in December 2022 is linked to two prior security incidents the business encountered in March 2020 and November 2021, according to a related 10-K filing with the U.S. Securities and Exchange Commission (SEC).

In the 2020 hack, 28,000 hosting customers and a limited number of its employees’ login information were compromised.

NEWS 3

Trojanized codec installation used to spread new WhiskerSpy malware

Trojanized codec installation used to spread new WhiskerSpy malware
NEWS 4

Security experts have found a brand-new backdoor exploited in a campaign by a relatively recent advanced threat actor known as Earth Kitsune who primarily targets those with an interest in North Korea named WhiskerSpy.

The attacker employed a tried-and-true strategy known as a “watering hole attack,” selecting victims from users of a website that supports North Korea.

Researchers at cybersecurity firm Trend Micro, who have been monitoring Earth Kitsune activity since 2019, found the new operation at the end of last year.

When visitors attempted to watch videos on the website, WhiskerSpy, according to Trend Micro, was delivered. The website was infiltrated by the attacker, who also included a malicious script that required the victim to install a video codec in order for the media to play.

The threat actor altered a trustworthy codec installer so that it finally installed “a previously undetected backdoor” on the victim’s PC in order to evade suspicion.

According to the researchers, the threat actor only targeted users of the website with IP addresses from Brazil, Shenyang, China, and Nagoya, Japan.

It’s possible that Brazil was just utilized to test the watering hole attack using a VPN connection, with visitors from the two locations in China and Japan serving as the true targets.

'CEO fraud' gang that stole €38 million in a few days is busted by Europol

A Franco-Israeli “CEO fraud” enterprise that used business email compromise (BEC) attacks to move funds from organizations to bank accounts under the threat actor’s control has been destroyed by Europol.

In one case involving a single company, the fraudsters were able to steal €38,000,000 ($40.3M) in a matter of days, moving the money fast around Europe and China before withdrawing their loot in Israel.

An investigation that resulted in the breakdown of the criminal network was conducted jointly by Europol, the police forces of France, Croatia, Hungary, Portugal, and Spain.

The police conducted eight house searches as part of the crackdown operation, confiscating electronic devices, vehicles, and bank accounts carrying a combined €5,100,000 in cash as well as another €350,000 in digital assets.

In addition, the police detained eight individuals, including the gang head, who was based in Israel, comprising six suspects in France and two suspects in Israel.

The police operation took place over the course of five days between January 2022 and January 2023.

NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: