Platform Certificates Used to Sign Android Malware Installers and Droppers

Platform Certificates Used to Sign Android Malware Installers and Droppers - Cybersecurity news - Malware and Vulnerabilities
Several platform certificates, belonging to LG Electronics, Revoview, Mediatek, and Samsung Electronics, were found being abused by threat actors to sign malicious Android apps. Google recommends vendors minimize the number of applications signed with the platform certificate to lower the cost of p ... Read More

Google Patches Ninth Chrome Zero-Day of 2022

Patches for this vulnerability have been included in Chrome 108.0.5359.94 for Mac and Linux, and in Chrome 108.0.5359.94/.95 for Windows. Users are advised to update to a patched iteration as soon as possible.

DuckLogs Advertises its Features and MaaS Capabilities on Cybercrime Forums

DuckLogs Advertises its Features and MaaS Capabilities on Cybercrime Forums - Cybersecurity news - Malware and Vulnerabilities
Cyble research team has unearthed a new MaaS operation dubbed DuckLogs. It reportedly offers beginners and other cyber attackers easy access to malicious modules. DuckLogs mainly includes an information stealer and a RAT component. The malware is most likely distributed using spam or phishing email ... Read More

New CryWiper Malware Targets Russian Entities Masquerading as a Ransomware

According to Kaspersky, the malware masquerades as ransomware, but the analysis of the code demonstrates that it does not actually encrypt, but only destroys data in the infected system.

Android Malware Apps With Two Million Installs Spotted on Google Play

The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation.

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.

Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware

The threat actors were observed spreading fake cryptocurrency apps under the fake brand BloxHolder to deliver the AppleJeus malware for initial access to networks and steal crypto assets.

Schoolyard Bully Trojan Steals Facebook Credentials

Schoolyard Bully Trojan Steals Facebook Credentials - Cybersecurity news - Malware and Vulnerabilities
Schoolyard Bully Trojan, a new Android threat campaign, victimized over 300,000 users across 71 countries. The malware steals Facebook credentials pretending to be educational apps. Experts found 37 apps associated with this campaign and these are actively being distributed via third-party app stor ... Read More

Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges

Qualys’ Threat Research Unit has shown how a new Linux vulnerability could be chained with two other apparently harmless flaws to gain full root privileges on an affected system.

Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws

Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags