by CIRT Team
Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws [thehackernews]
Google’s cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich of Google Project Zero, which the company patched just last week...
Read More
by CIRT Team
28 Million Android Phones Exposed To ‘Eye-Opening’ Attack Risk [forbes]
New research has revealed the truly shocking state of Android phone security. The source of that security problem may well come as a surprise: antivirus apps designed to protect devices and users. Researchers at testing specialists Comparitech found that apps with more than 28 million installs between them were presenting attack paths and opportunities to threat actors looking to exploit vulnerabilities on the Android platform....
Read More
by CIRT Team
Understanding the RAMBleed Exploit [cylance]
Side-channel attacks are some of the scariest exploits ever. They don’t usually exploit vulnerabilities in code, they exploit the fundamental implementation of computer systems themselves. Therefore, they’re often hardware-based. Dynamic random-access memory, or DRAM for short, is one of the most common types of memory found in modern computers used by both consumers and businesses. For example, the memory in an x86-64 based PC, such...
Read More
by CIRT Team
Cisco releases guides for incident responders handling hacked Cisco gear [zdnet]
Cisco published last week four guides designed to help incident responders in investigating Cisco gear they suspect has been hacked or otherwise compromised. The guides include step-by-step tutorials on how to extract forensic information from the hacked gear while keeping the data integrity’s intact. Four guides have been made available, for four of Cisco’s major software platforms: Cisco ASA (Adaptive Security Appliance) — software running on...
Read More
by CIRT Team
Android Apps Capture Loudspeaker Data Without Any Permission [thehackernews]
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both covert and side channels. Now, a separate team of...
Read More
by CIRT Team
EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users [thehackernews]
Security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It’s a known fact that there are a very few strains of Linux malware exist in the wild as compared to Windows viruses because of its core architecture and...
Read More
by CIRT Team
MALWARE ALERT: An ‘Agent Smith’ Virus Has Infected 25 Million Phones
If you own an Android device, it might already be infected with a dangerous malware called Agent Smith, named after the menacing character in The Matrix. The malware’s already infected around 25 million Android devices globally, with thousands in Australia thought to be compromised. Here’s what you need to know. What is Agent Smith? As reported on Checkpoint, Agent Smith has been invading devices via dodgy third-party...
Read More
by CIRT Team
Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts. Dubbed “Media File Jacking,” the...
Read More
by CIRT Team
TA505 begins summer campaigns with a new pet malware downloader, AndroMut
Overview Throughout 2018, Proofpoint researchers observed threat actors increasingly distributing downloaders, backdoors, information stealers, remote access trojans (RATs), and more as they abandoned ransomware as their primary payload. In November 2018, TA505, a prolific actor that has been at the forefront of this trend, began distributing a new backdoor we named “ServHelper”. ServHelper has two variants: one focused on remote desktop functions and a second that...
Read More
by CIRT Team
[DNSPIONAGE] – FOCUS ON INTERNAL ACTIONS
Recently, we had an incident response involving the malware DNSPIONAGE. At CERT-OPMD, we thought it would be interesting to share our observations. Mainly, we could observe quietly common actions and tools as described in infography below. HOW DNSPIONAGE INFECTS TARGETS In this blogpost, we will not describe and analyse again the dropper, because Talos did a great job here : https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html But we will focus in...
Read More
