Connect with us

Cyber Security

Chinese-Speaking Threat Actor Targeting Microsoft Exchange Vulnerabilities

Published

on

According to Kaspersky, a previously unknown Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims.

The long-running operation known as GhostEmperor concentrates on Southeast Asian targets and employs a previously unknown Windows kernel-mode rootkit.

According to Kaspersky, GhostEmperor uses a loading technique that relies on a component of the Cheat Engine open-source project to get around Windows Driver Signature Enforcement and install its rootkit.

Kaspersky security researchers uncovered the use of “a sophisticated multi-stage malware framework targeted at allowing remote control over the infected machines” during their examination into the activities.

The threat actor targeted various entities in Southeast Asia, including governmental organisations and telecom companies, according to Kaspersky. The toolset first appeared in July 2020, with the threat actor targeting various entities in Southeast Asia, including governmental organisations and telecom companies.

While looking into numerous efforts targeting Exchange servers, Kaspersky discovered the GhostEmperor cluster of activity.

Several threat actors targeted a set of Exchange vulnerabilities that Microsoft publicly reported in March this year, with the majority of the attacks being blamed on Chinese opponents.

Last Monday, the US and its allies publicly accused China of the assaults.

GhostEmperor, on the other hand, is a wholly new adversary, according to Kaspersky, with no resemblance to established threat actors.

“GhostEmperor is a great example of how fraudsters are always looking for new ways to exploit weaknesses and new strategies to deploy. They added additional issues to the already well-established trend of assaults against Microsoft Exchange servers by using a previously unknown, sophisticated rootkit,” said David Emm, a security analyst at Kaspersky.

The post Chinese-Speaking Threat Actor Targeting Microsoft Exchange Vulnerabilities appeared first on Cybers Guards.
PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/chinese-speaking-threat-actor-targeting-microsoft-exchange-vulnerabilities/

Cyber Security

Google Update on Memory Safety in Chrome

Published

on

Google shared details about its long-term plan for memory safety in Chrome this week. It also announced the first stable release Chrome 94 which addresses a total 19 vulnerabilities.

Google decided to address the issue before it gets worse by identifying memory safety issues as the root cause of over 70% of Chrome’s severe bugs last year.

The Internet search giant chose to concentrate on two solutions out of all the possible options. They introduced runtime checks to verify that pointers are correct and sought a different safe memory programming language.

“Runtime checks have a performance cost. Checking the correctness of a pointer is an infinitesimal cost in memory and CPU time. But with millions of pointers, it adds up,” Google notes.

However, it was considered a viable option and Google is currently experimenting with it.

“[T]he Rust compiler spots mistakes with pointers before the code even gets to your device, and thus there’s no performance penalty,” Google explains.

The company is currently only interested in how it can make C++/Rust work together. However, it has already begun non-user-facing Rust experiments.

Chrome 94.0.4606.54 is now available for Windows, Mac, and Linux. It fixes 19 security vulnerabilities, including five high-severity and ten moderate-severity issues, as well as two low-severity ones.

SEE ALSO:

Google: We’ve changed search rankings to reward ‘original news reporting’

CVE-2021-37956 is the most serious of the severe issues. This flaw can be used in Offline, and Google paid a $15,000 bounty.

The company also paid $7500 for a WebGPU bug, $3,000 for an inappropriate implementation of Navigation, and $1,000 to resolve a Task Manager issue.

Google claims it also paid high rewards to five vulnerabilities of medium severity: $10,000 each for tab strip flaws and one in Performance Manager; $3,000 each side-channel information leakage and ChromeOS Networking inappropriate implementation, and Background Fetch API inappropriate implementation.

Google paid out more than $56,000 in bounty payments to researchers who reported on the issues, though the actual amount could be much greater, as the company has not yet revealed the rewards for seven of them.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/google-update-on-memory-safety-in-chrome/

Continue Reading

Cyber Security

A New Vulnerability Found in Apple’s macOS Finder Lets Attackers Run Commands Remotely

Published

on

New macOS zero-day bug lets attackers run commands remotely

A new vulnerability in Apple’s macOS Finder was revealed today, allowing attackers to run arbitrary instructions on Macs running any macOS version up to the most recent release, Big Sur.

Zero-day vulnerabilities are defects that have been publicly published but have not yet been patched by the vendor and are sometimes actively exploited by attackers or have publicly available proof-of-concept exploits.

The flaw, discovered by independent security researcher Park Minchan, is caused by the way macOS processes inetloc files, which permits it to mistakenly run any commands encoded inside by an attacker without any warnings or prompts.

Internet location files with on macOS.

inetloc extensions are system-wide bookmarks for opening internet resources (news:/, ftp:/, afp:/) or local files (file:/).

“A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands,” an SSD Secure Disclosure advisory published today revealed.

“These files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user.”

SSD Secure Disclosure
Image: SSD Secure Disclosure

Apple botches the patch and fails to assign a CVE ID.

As Minchan later revealed, Apple’s patch only partially addressed the weakness, as it can still be exploited by changing the protocol used to execute the embedded commands from file:/ to FiLe:/.

SEE ALSO:

Guardicore Labs are Sharing Details of a Critical Vulnerability in Hyper-V

“Newer versions of macOS (from Big Sur) have blocked the file:// prefix (in the com.apple.generic-internet-location) however they did a case matching causing File:// or fIle:// to bypass the check,” the advisory adds.

“We have notified Apple that FiLe:// (just mangling the value) doesn’t appear to be blocked, but have not received any response from them since the report has been made. As far as we know, at the moment, the vulnerability has not been patched.”

Although the study did not specify how attackers may exploit this flaw, it might be exploited by threat actors to generate malicious email attachments that, when opened by the target, execute a packaged or remote payload.

BleepingComputer further examined the researcher’s proof-of-concept exploit and found that it could be used to perform arbitrary commands on macOS Big Sur without any prompts or warnings by utilising specially designed files received from the Internet.

An.inetloc file containing the PoC code was not recognised by any of the antimalware engines on VirusTotal, implying that macOS users who may be targeted by threat actors employing this attack vector will be unprotected.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/a-new-vulnerability-found-in-apples-macos-finder-lets-attackers-run-commands-remotely/

Continue Reading

Cyber Security

Roku Will Launch an App on Shopify App Store to Offer SMB advertising

Published

on

Roku, Shopify partner to offer SMB advertising ahead of holidays

Roku will release an app on the Shopify App Store that will allow small businesses to create and manage ad campaigns.

Through a partnership with Shopify, Roku plans to assist small businesses with local advertising.

The streaming media company has announced the release of an app that would allow Shopify clients to create, buy, and measure TV streaming ad campaigns. Roku will be the first streaming app available in the Shopify App Store as a result of the transition.

About 7,000 apps and integrations are available in Shopify’s App Store. Roku’s app should be out before the holidays.

Roku is aiming for the cable and TV ad industry with the Roku app. Roku stated it would be able to give more exact information throughout the marketing funnel if it partnered with Shopify. At the conclusion of the second quarter, Roku had 55.1 million active accounts.

Here are a few crucial points:

  1. Users of Shopify will be able to specify an audience, budget, timing, and duration for their campaigns.
  2. Creative will be uploaded by the company.
  3. Small businesses will be able to create campaigns in a matter of minutes.
  4. Birthdate Co, Jambys, MoonPod, and OLIPOP are among the first merchants to use the Roku ad app.

SEE ALSO:

TrueFort Raises $30 Million Series B To Grow its Application Protection Platform

Roku’s platform, which is installed on a variety of televisions, has been gaining popularity as an advertising medium. Roku’s second-quarter revenue increased by 81 percent year over year to $645 million, with average revenue per user up 46 percent to $36.46.

The company does not break out advertising income, but monetized video ad impressions more than doubled in the second quarter compared to the same period a year earlier, according to the firm. In its August 4 shareholder letter, Roku also stated that it was expanding SMBs on its OneView ad platform.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/roku-will-launch-an-app-on-shopify-app-store-to-offer-smb-advertising/

Continue Reading

Cyber Security

Westpac blocked 24,000 raudulent messages on payments

Published

on

Before payments could be completed, Westpac’s zero-tolerance technology required 19,000 consumers to modify the language of their transaction description.

Westpac stated that it was able to stop approximately 24,000 transactions that were deemed abusive payments.

The bank also stated in its update to its environment, social, and governance plan that it required 19,000 clients to adjust the language they used in transaction descriptions before their payments could be approved and processed.

The bank also stated that it sent over 800 warning letters and account suspensions, as well as reported over 70 customers to authorities for abusive payments.

Earlier this year, the bank stated that it would not tolerate any statements containing abuse being provided in transaction descriptions. The bank considers swear words to be unacceptable, as well as threats of domestic violence.

“We want to create a safer digital banking experience for our customers and send a clear signal that abusive messages in payment transactions will not be tolerated,” Westpac general manager of customer solutions Lisa Pogonoski previously said.

To combat such behaviour, the red and black bank launched a new feature that allows clients to report abuse and harassment in the payment transaction description for inbound payments.

In addition, the bank used technology to monitor outbound payments transmitted through its online and mobile banking platforms, which automatically bans transactions containing unsuitable or obscene language.

SEE ALSO:

Vulnerabilities Allowed Hackers to Change Passwords of TikTok Accounts

In other news, Westpac announced that it has completed 104 of 327 targeted activities for its Customer Outcomes and Risk Excellence (CORE) initiative, which aims to improve the bank’s risk management and governance. These included changing its transaction screen software and settings, identifying data points and developing automated reconciliations and checks, utilising analytics to increase detection, and improving risk reporting via a new insights platform.

Westpac reported that tech expenses climbed by AU$40 million in the first half of the fiscal year 2022, with a portion of the increase attributed to the CORE initiative. This was due to an increase in profit of AU$3.4 billion.

  • The National Sexual Assault and Domestic Family Violence Counselling Service can be reached at 1800 737 732.
  • MensLine Australia can be reached at 1300 789 978.
  • Call the Lifeline at 13 11 14 if you are in need of assistance.
  • Call the Kids Helpline at 1800 551 800.
  • Beyond Blue can be reached at 1300 22 46 36.
  • Headspace can be reached at 1800 650 890.
  • Always dial 000 in an emergency or if you are not feeling safe.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/westpac-blocked-24000-raudulent-messages-on-payments/

Continue Reading
Big Data53 mins ago

If you did not already know

Energy56 mins ago

Global Bromine Market | Growth Of The Oil And Gas Industry to Boost Growth | 17000 + Technavio Reports

Energy1 hour ago

CGTN: China lidera desenvolvimento ecológico e compromete-se a não lançar novos projetos de energia a carvão no exterior

Energy1 hour ago

Sabalo Energy II Secures Initial $300 Million Equity Commitment From EnCap Investments

Esports1 hour ago

YouTube Gaming adds Theatre Mode for mobile, Member Milestone chat

Esports1 hour ago

StreamElements raises $100 million in investment funding, plans to speed up development of tools for platforms

Esports1 hour ago

Fracture removed from VALORANT competitive queue due to bug

Aviation1 hour ago

International borders to open before Christmas

Aviation1 hour ago

International borders to open before Christmas

Cleantech2 hours ago

Interview With Solarflux CEO & CTO On Solving The Problem Of Lack Of Fuels In Rural Areas With Solar

Cleantech2 hours ago

Interview With Solarflux CEO & CTO On Solving The Problem Of Lack Of Fuels In Rural Areas With Solar

Cleantech2 hours ago

China Pledges To End Financing Of Coal Power Plants In Other Countries

Cleantech2 hours ago

China Pledges To End Financing Of Coal Power Plants In Other Countries

Cleantech2 hours ago

Entergy Makes $11 Billion A Year But Failed To Protect Louisiana’s Power Grid During Ida — And Why

Cleantech2 hours ago

Entergy Makes $11 Billion A Year But Failed To Protect Louisiana’s Power Grid During Ida — And Why

Crowdfunding3 hours ago

Akoin’s AKN Token Now on BitMart, Improves Access for African Users

Crowdfunding3 hours ago

Akoin’s AKN Token Now on BitMart, Improves Access for African Users

Crowdfunding3 hours ago

Shares in MoneyLion to Trade on NYSE on September 23rd as SPAC Deal Approved

Crowdfunding3 hours ago

Shares in MoneyLion to Trade on NYSE on September 23rd as SPAC Deal Approved

Covid193 hours ago

Florida Makes Quarantine Optional For Students Exposed To COVID-19

Big Data3 hours ago

Facebook’s technology head Mike Schroepfer to step down

Big Data3 hours ago

Facebook’s technology head Mike Schroepfer to step down

Big Data3 hours ago

Yellen stressed importance of withdrawing digital services taxes in call with UK

Big Data3 hours ago

Yellen stressed importance of withdrawing digital services taxes in call with UK

Big Data3 hours ago

Apple to pay bonuses of up to $1,000 to store employees – Bloomberg News

Big Data3 hours ago

Apple to pay bonuses of up to $1,000 to store employees – Bloomberg News

Big Data3 hours ago

Intel chief plans to attend White House meeting on chip shortage

Big Data3 hours ago

Intel chief plans to attend White House meeting on chip shortage

Energy3 hours ago

Biosurfactants Market by Application and Geography | Global Forecast to 2025 | 17,000+ Technavio Research Reports

Cannabis3 hours ago

Under the Radar Cannabis Companies to Watch | Cannabiz Media

Trending