Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems.
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108).
New Chrome Browser 0-day Under Active Attack—Update Immediately!
Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild.
Emotet—a sophisticated Trojan commonly functioning as a downloader or dropper of other malware—resurged in July 2020, after a dormant period that began in February. Since August, emotet increase in malicious cyber actors targeting state and local governments with it's phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats.
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies.
Italy CERT Warns of a New Credential Stealing Android Malware
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.
New Attack Could Let Remote Hackers Target Devices On Internal Networks
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network.
Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy
Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools.
Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers
Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising.
"Adrozek," as it's called an "expansive, dynamic attacker infrastructure" consisting of 159 unique domains, each of which hosts an average of 17,300 unique URLs, which in turn host more than 15,300 unique malware samples.
The campaign — which impacts Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox browsers on Windows — aims to insert additional, unauthorized ads on top of legitimate ads displayed on search engine results pages, leading users to click on these ads inadvertently
Microsoft said the persistent browser modifier malware has been observed since May this year, with over 30,000 devices affected every day at its peak in August.
"Cybercriminals abusing affiliate programs is not new—browser modifiers are some of the oldest types of threats," the Windows maker said. "However, the fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how this threat type continues to be increasingly sophisticated. In addition, the malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks."
Once dropped and installed on target systems via drive-by downloads, Adrozek proceeds to make multiple changes to browser settings and security controls so as to install malicious add-ons that masquerade as genuine by repurposing the IDs of legitimate extensions.
Although modern browsers have integrity checks to prevent tampering, the malware cleverly disables the feature, thus allowing the attackers to circumvent security defenses and exploit the extensions to fetch extra scripts from remote servers to inject bogus advertisements and gain revenue by driving traffic to these fraudulent ad pages.
What's more, Adrozek goes one step further on Mozilla Firefox to carry out credential theft and exfiltrate the data to attacker-controlled servers.
"Adrozek shows that even threats that are not thought of as urgent or critical are increasingly becoming more complex".
"And while the malware's main goal is to inject ads and refer traffic to certain websites, the attack chain involves sophisticated behavior that allows attackers to gain a strong foothold on a device. The addition of credential theft behavior shows that attackers can expand their objectives to take advantage of the access they're able to gain.