Skip to main content

Posts

Showing posts from January, 2020

PayPal Users under attack by - 16Shop - Malware-as-a-service Phishing Toolkit Attack with Anti-Detection Techniques

A prolific phishing kit distribution network dubbed “16Shop” believed to be active since 2018 and developed by a hacking group called the “Indonesian Cyber Army.” It’s a huge first attack targeting Apple kits and then attacked Amazon customers before the prime day in 2019. The analysis also explained that 16Shop is using three different anti-bot and anti-indexing features.  16Shop Phishing Kit Service 16Shop offers services that are similar to software-as-a-service (SaaS), where the users can purchase the kits and distribute them for a cost. Earlier this January, ZeroFOX Alpha  obtained  a phishing kit that targets PayPal customers along with Apple and Amazon, also traces are indicating the possibility of an American Express kit. This indicates that threats actors behind the Phishing Kit Distribution network continuously upgrading its features and attack methods. The latest version of 16Shop obtained by the ZeroFOX Alpha Team includes several features ...

Serious breach at Microsoft Customer Support, 250 Million Records Exposed Online

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support team and customers. According to Bob Diachenko, a cybersecurity researcher who spotted the unprotected database and reported to Microsoft, the logs contained records spanning from 2005 right through to December 2019. In a blog post, Microsoft  confirmed  that due to misconfigured security rules added to the server in question on December 5, 2019, enabled exposure of the data, which remained the same until engineers remediated the configuration on December 31, 2019 Microsoft also said that the database was redacted using automated tools to remove the personally identifiable informat...

For Leaking Customers Sensitive Data Such as Email Address & Mobile Number , Amazon Terminates Employees

Amazon fires a number of employees who have leaked customer’s sensitive data such as Email addresses and phone numbers to unauthorized 3rd parties. Amazon disclosed this data leak to its customers via email and said that the actions committed by employees are a “violation of our policies.” The company now supporting law enforcement for their prosecution, but there is very small information gathered about to whom they have shared the data. Amazon didn’t reveal any information about how many customers were affected but the Email said that “No other information related to customer account was shared “ Email that sent to customers about Data Leak The email read to customers that “This is not a result of anything you have done, and there is no need for you to take any action,” Amazon spoke person who said via  Tech Crunch  “We have fixed the issue and informed customers who may have been impacted.” The company emailed all impacted users to be cautious. “ Last year...

5 * Ratings & Fake Reviews given to Malicious Apps by newer Malware Installed by Hackers on Android Devices

Researchers discovered a new type of strange malware that targeting android device, and use the victim’s mobiles to provide fake ratings in Google play store apps for malicious apps. You may have seen reviews in Google Play apps that seem to be talking about something unrelated to the apps. this malware named as Trojan-Dropper.AndroidOS.Shopper.a. give it five stars, while dozens of users rate it as 1 start. Cybercriminals used this trojan to boosting malicious, fake and adware apps and increasing the number of installations. Also, the Trojan will perform various malicious activities such as display advertising messages on the infected device, create shortcuts to ad sites, and perform other actions. Apart from reviewing with fake comments, the malware evades the user’s detection, the installation window is concealed by the app’s “invisible” window.  Shopper.a also enables the AccessibilityService to install the new apps from the 3rd party services. Acc...

Cable Haunt – Critical Vulnerability Let Hackers Control Cable Modems Remotely

Researchers discovered as critical vulnerability dubbed Cable Haunt affects cable modems from different manufacturers across the globe. The vulnerability enables a remote attacker to gain complete control over the modem through its endpoint. Successful exploitation allows attackers to intercept private messages, redirect traffic, or participate in botnets. Cable Haunt vulnerability was discovered by a team of Danish security researchers in Broadcom cable modems. Cable Haunt Attacks Middleware The vulnerability targets the middleware running on the chip used in the Broadcom  cable  modems, the middleware is the real-time operating system in cable modems that runs all the networking tasks. It affects multiple vendors as the same software being used by various cable modem manufacturers to create their cable modem firmware. All the traffic goes through the cable modem middleware (CM), by gaining control over it attackers can manipulate any traffic going through t...

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [ 1 ,  2 ] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets. Just before the last Christmas and year-end holidays, Citrix  announced  that its Citrix Application Delivery Controller (ADC) and Citrix Gateway are vulnerable to a critical path traversal flaw (CVE-2019-19781) that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers. Citrix confirmed that the flaw affects all supported version of the software, including: Citrix ADC and Citrix Gateway version 13.0 all supporte...

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released  Firefox 72.0.1  and  Firefox ESR 68.4.1  versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Tracked as ' CVE-2019-17026 ,' the bug is a critical 'type confusion vulnerability' that resides in the IonMonkey just-in-time (JIT) compiler of the Mozilla's JavaScript engine SpiderMonkey. In general, a type confusion vulnerability occurs when the code doesn't verify what objects it is passed to and blindly uses it without checking its type, allowing attackers to crash the application or achieve code execution. Without revealing details about the security flaw and any ...

Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

TikTok , the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds—but it's not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. Cybersecurity researchers at Check Point revealed that chaining multiple vulnerabilities allowed them to remotely execute malicious code and perform unwanted actions on behalf of the victims without their consent. The reported vulnerabilities include low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when combined could allow a remote attacker to perform high impact attacks, including: delete any videos from victims' TikTok profile, upload un...

Magellan 2.0 – Multiple Chrome Vulnerabilities that Exists in SQLite Let Hackers Execute Arbitrary Code Remotely

Critical SQLite vulnerabilities named “Magellan 2.0” discovered in World’s most popular browser Google Chrome let hackers exploit the Chromium render process and execute the remote code. SQLite is a well-known database that widely used in popular embedded database software, and SQLite is a popular choice for local/client storage in application software such as web browsers and operating systems. The vulnerability affects the users who all are using Chrome that is prior to 79.0.3945.79 with WebSQL enabled, and the researchers confirmed that the other devices such as PC/Mobile devices/IoT devices may also be affected depends on the attack surface. The vulnerability was initially discovered by the Tencent Blade Team, and they have successfully tested in Chrome and exploited the vulnerability in Chromium render process. Tencent Blade Team @tencent_blade Magellan 2.0 on its way! Blade researcher @ leonwxqian found another set of vulnerabilities in # SQLite...