The US Federal Communications Commission has named its first robocall gang, dubbing the crew "Royal Tiger," and detailed its operations in an attempt to encourage international action against the scammers.β¦
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two βzero-dayβ vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.
First, the zero-days. CVE-2024-30051 is an βelevation of privilegeβ bug in a core Windows library. Satnam Narang at Tenable said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacker.
βCVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,β Narang said. βOnce exploited, the attacker can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which are security features designed to protect end users from malicious files.β
CVE-2024-30040 is a security feature bypass in MSHTML, a component that is deeply tied to the default Web browser on Windows systems. Microsoftβs advisory on this flaw is fairly sparse, but Kevin Breen from Immersive Labs said this vulnerability also affects Office 365 and Microsoft Office applications.
βVery little information is provided and the short description is painfully obtuse,β Breen said of Microsoftβs advisory on CVE-2024-30040.
Meanwhile, Kaspersky Lab, one of two companies credited with reporting exploitation of CVE-2024-30040 to Microsoft, has published a fascinating writeup on how they discovered the exploit in a file shared with Virustotal.com.
Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a.Β QbotΒ andΒ Pinkslipbot) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.
The only vulnerability fixed this month that earned Microsoftβs most-dire βcriticalβ rating is CVE-2024-30044, a flaw in Sharepoint that Microsoft said is likely to be exploited. Tenableβs Narang notes that exploitation of this bug requires an attacker to be authenticated to a vulnerable SharePoint Server with Site Owner permissions (or higher) first and to take additional steps in order to exploit this flaw, which makes this flaw less likely to be widely exploited as most attackers follow the path of least resistance.
Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser. Chrome usually auto-downloads any available updates, but it still may require a complete restart of the browser to install them. If you use Chrome and see a βRelaunch to updateβ message in the upper right corner of the browser, itβs time to restart.
Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches. To ensure your Mac is up-to-date, go to System Settings, General tab, then Software Update and follow any prompts.
Finally, Adobe has critical security patches available for a range of products, including Acrobat, Reader, Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate and Adobe Framemaker.
Regardless of whether you use a Mac or Windows system (or something else), itβs always a good idea to backup your data and or system before applying any security updates. For a closer look at the individual fixes released by Microsoft today, check out the complete list over at the SANS Internet Storm Center. Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on any wonky Windows patches.
Posted by malvuln on May 14
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by malvuln on May 14
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by malvuln on May 14
Updated and fixed a payload typo and added additional info regarding thePosted by malvuln on May 14
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by malvuln on May 14
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by malvuln on May 14
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by malvuln on May 14
Updated, fixed typoPosted by malvuln on May 14
Proof-of-concept tool that automates the creation of PE files, used toPosted by Apple Product Security via Fulldisclosure on May 14
APPLE-SA-05-13-2024-8 tvOS 17.5Posted by Apple Product Security via Fulldisclosure on May 14
APPLE-SA-05-13-2024-7 watchOS 10.5Posted by Julia Wunder on May 14
Hello there,Posted by Apple Product Security via Fulldisclosure on May 14
APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5Posted by Apple Product Security via Fulldisclosure on May 14
APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7Posted by Apple Product Security via Fulldisclosure on May 14
APPLE-SA-05-13-2024-4 macOS Sonoma 14.5Posted by Apple Product Security via Fulldisclosure on May 14
APPLE-SA-05-13-2024-3 iOS 16.7.8 and iPadOS 16.7.8The latest effort to reduce the number of ransom payments sent to cybercriminals in the UK involves the country's National Cyber Security Centre (NCSC) locking arms with insurance associations.β¦
Authored by Vignesh Dhatchanamoorthy, Rachana S
Instagram, with its vast user base and dynamic platform, has become a hotbed for scams and fraudulent activities. From phishing attempts to fake giveaways, scammers employ a range of tactics to exploit user trust and vulnerability. These scams often prey on peopleβs desire for social validation, financial gain, or exclusive opportunities, luring them into traps that can compromise their personal accounts and identity.
McAfee has observed a concerning scam emerging on Instagram, where scammers are exploiting the platformβs influencer program to deceive users. This manipulation of the influencer ecosystem underscores the adaptability and cunning of online fraudsters in their pursuit of ill-gotten gains.
The Instagram influencer program, designed to empower content creators and influencers by providing opportunities for collaboration and brand partnerships, has inadvertently become a target for exploitation. Scammers are leveraging the allure of influencer status to lure unsuspecting individuals into fraudulent schemes, promising fame, fortune, and exclusive opportunities in exchange for participation.
The first step involves a cybercrook creating a dummy account and using it to hack into a targetβs Instagram account. Using those hacked accounts hackers then share posts about Bitcoin and other cryptocurrencies. Finally, the hacked accounts are used to scam target friends with a request that they vote for them to win an influencer contest.
After this series of steps is complete, the scammer will first identify the target and then send them a link with a Gmail email address to vote in their favor.
Fig 1: Scammer Message
While the link in the voting request message likely leads to a legitimate Instagram page, victims are often directed to an Instagram email update page upon clicking β not the promised voting page. Β Also, since the account sending the voting request is likely familiar to the scam target, they are more likely to enter the scammerβs email ID without examining it closely.
During our research, we saw scammers like Instagramβs accounts center link to their targets like below hxxp[.]//accountscenter.instagram.com/personal_info/contact_points/contact_point_type=email&dialog_type=add_contact_point
Fig 2. Email Updating Page
We took this opportunity to gain more insight into the details of how these deceptive tactics are carried out, creating an email account (scammerxxxx.com and victimxxxx.com) and a dummy Instagram account using that email (victimxxxx.com) for testing purposes.
Fig 3. Victimβs Personal Details
We visited the URL provided in the chat and entered our testing email ID scammerxxxx.com instead of entering the email address provided by the scammer, which was βvvote8399@gmail.comβ
Fig 4. Adding Scammerβs Email Address in Victim Account
After adding the scammerxxxx.com address in the email address field, we received a notification stating, βAdding this email will replace vitimxxxx.com on this Instagram accountβ.
This is the point at which a scam target will fall victim to this type of scam if they are not aware that they are giving someone else, with access to the scammerxxxx.com email address, control of their Instagram account.
After selecting Next, we were redirected to the confirmation code page. Here, scammers will send the confirmation code received in their email account and provide that code to victims, via an additional Instagram message, to complete the email updating process.
In our testing case, the verification code was sent to the email address scammerxxxx.com.
Fig 5. Confirmation Code Page
We received the verification code in our scammerxxxx.com account and submitted it on the confirmation code page.
Fig 6. Confirmation Code Mail
Once the βAdd an Email Addressβ procedure is completed, the scammerβs email address is linked to the victimβs Instagram account. As a result, the actual user will be unable to log in to their account due to the updated email address.
Fig 7. Victimβs Profile after updating Scammerβs email
Because the scammerβs email address (scammerxxxx.com) was updated the account owner β the scam victim will not be able to access their account and will instead receive the message βSorry, your password was incorrect. Please double-check your password.β
Fig 8. Victim trying to login to their account.
The scammer will now change the victimβs account password by using the βforgot passwordβ function with the new, scammer email login ID.
Fig 9. Forgot Password Page
Β
The password reset code will be sent to the scammerβs email address (scammerxxxx.com).
Fig 10. Reset the Password token received in the Scammerβs email
After getting the email, the scammer will βReset your passwordβ for the victimβs account.
Fig 11. Scammer Resetting the Password
After resetting the password, the scammer can take over the victimβs Instagram account.
Fig 12. The scammer took over the victimβs Instagram account.
The post How Scammers Hijack Your Instagram appeared first on McAfee Blog.
Telegram CEO Pavel Durov issued a scathing criticism of Signal, alleging the messaging service is not secure and has ties to US intelligence agencies.β¦
Google and Apple are rolling out an anti-stalking feature for Android 6.0+ and iOS 17.5 that will issue an alert if some scumbag is using a gadget like an AirTag or similar to clandestinely track the user.β¦
Sponsored Post Defending against the cyber threats of today isn't dissimilar to protecting a medieval castle from attack a thousand years ago.β¦
The UK's NHS is warning of the possibility that vulnerabilities in Arcserve Unified Data Protection (UDP) software are being actively exploited.β¦
Christie's website remains offline as of Monday after a "technology security issue" shut it down Thursday night β just days before the venerable auction house planned to flog $840 million of art.β¦
A Post-Compromise granular, fully reflective, simple and convenient .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines. The techniques incorporated are not novel but I've yet to come across any documented approach of modifying SCM/Service's SDDL by directly modifying registry keys. Modification of SD for WMI and Remote registry was also added in as an after thought but this means there's a lot more to explore and add for the curious minds.
US information security agencies have published advisories on how to detect and thwart the Black Basta ransomware gang β after the crew claimed responsibility for the recent attack on US healthcare provider Ascension.β¦