Cisco warns of actively exploited IOS XR zero-days
Cisco warned on Saturday about two zero-day vulnerability impacting the Internetwork Operating System (IOS) that ships with its networking equipment.
New Chrome 0-day Under Active Attacks – Update Your Browser Now
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.
Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.
India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why?
The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity.
FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks
A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. "Recent FIN11 intrusions have most commonly led to data theft, extortion and the disruption of victim networks via the distribution of CLOP ransomware".
Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs
Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook.
Watch Out — Microsoft Warns Android Users About A New Ransomware
Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note.
Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server.
Google Researcher Reported 3 Flaws in Apache Web Server Software
If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat
If you're using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers.
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.
Dubbed "Cookiethief" by Kaspersky researchers, the Trojan works by acquiring superuser root rights on the target device, and subsequently, transfer stolen cookies to a remote command-and-control (C2) server operated by attackers.
"This abuse technique is possible not because of a vulnerability in the Facebook app or browser itself," Kaspersky researchers said. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results."
Cookiethief: Hijacking Accounts Without Requiring Passwords
Cookies are small pieces of information that's often used by websites to differentiate one user from another, offer continuity around the web, track browsing sessions across different websites, serve personalized content, and strings related to targeted advertisements.
Given how cookies on a device allow users to stay logged in to a service without having to repeatedly sign in, Cookiethief aims to exploit this very behavior to let attackers gain unauthorized access to the victim accounts without knowing their actual online accounts passwords.
"This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter's account for personal gain," the researchers said.
Kaspersky theorizes that there could be a number of ways the Trojan could land up on the device — including planting such malware in the device firmware before purchase, or by exploiting vulnerabilities in the operating system to download malicious applications.
Once the device is infected, the malware connects to a backdoor, dubbed 'Bood,' installed on the same smartphone to execute "superuser" commands that facilitate cookie theft.
How Do Attackers Bypass Multi-Level Protection Offered by Facebook?
Cookiethief malware doesn't have it all easy, though. Facebook has security measures in place to block any suspicious login attempts, such as from IP addresses, devices, and browsers that had never been used for logging into the platform before.
But the bad actors have worked around the problem by leveraging the second piece of malware app, named 'Youzicheng,' that creates a proxy server on the infected device to impersonate the account owner's geographic location to make the access requests legitimate.
"By combining these two attacks, cybercriminals can gain complete control over the victim's account and not raise suspicion from Facebook," the researchers noted.
It's not yet clear what the attackers are really after, but the researchers found a page found on the C2 server advertising services for distributing spam on social networks and messengers — leading them to the conclusion that the criminals could leverage Cookiethief to hijack users' social media accounts to spread malicious links or perpetuate phishing attacks.
While Kaspersky classified the attack as a new threat — with only about 1,000 individuals targeted in this manner — it warned that this number is "growing" considering the difficulty in detecting such intrusions.
To be safe from such attacks, it's recommended that users block third-party cookies on the phone's browser, clear the cookies on a regular basis, and visit websites using private browsing mode.