FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities The sophisticated vishing malware known as FakeCall (aka Fakecalls) has become more sophisticated. New research shows an increase in evasion and espionage capabilities for an Android malware that has been known and classified as a banking trojan largely targeting South Korea. In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction. Callie Guenther, senior manager of cyber threat research at Critical Start, told SecurityWeek, “The techniques used, such as native API utilization, advanced obfuscation, and remote surveillance, resemble TTPs seen in state-sponsored campaigns. Although not definitively attributed, these capabilities align with those observed in APT groups focused on espionage and high-value financial targeting.” See more: Security week:
SecurityWeek
FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities
FakeCall Android banking trojan gained advanced evasion and surveillance features, posing increased threats via vishing and UI hijacking.
 Bleeping Comuper:
BleepingComputer
Android malware "FakeCall" now reroutes bank calls to attackers
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker's phone n...
 #cybersecurity #vishing
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said it managed to publish a seemingly harmless browser extension to the Chrome Web Store that could then exploit the flaw when installed on Opera, making it an instance of a cross-browser-store attack. The issue has been addressed by Opera as of September 24, 2024, following responsible disclosure. That said, this is not the first time security flaws have been identified in the browser. See more:
The Hacker News
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
Opera's recent patch fixes a security flaw that exposed users to malicious extensions and data theft.
 #cybersecurity #opera
Google and Mozilla on Tuesday announced security updates for their Chrome and Firefox web browsers, and some of the vulnerabilities they patch are potentially severe. See more:
SecurityWeek
Google Patches Critical Chrome Vulnerability Reported by Apple
Google has patched CVE-2024-10487, a critical Chrome vulnerability, and Mozilla has patched high-severity flaws in Firefox.
 #cybersecurity #chrome #mozilla
Hackers steal 15,000 cloud credentials from exposed Git config files A large-scale malicious operation named "EmeraldWhale" scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. Git configuration files, such as /.git/config or .gitlab-ci[.]yml, are used to define various options like repository paths, branches, remotes, and sometimes even authentication information like API keys, access tokens, and passwords. According to Sysdig, who discovered the campaign, the operation involves using automated tools that scan IP ranges for exposed Git configuration files, which may include authentication tokens. These tokens are then used to download repositories stored on GitHub, GitLab, and BitBucket, which are scanned for further credentials. See more:
BleepingComputer
Hackers steal 15,000 cloud credentials from exposed Git config files
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thou...
 #cybersecurity #git
LottieFiles hit in npm supply chain attack targeting users' crypto LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. As discovered yesterday, following multiple user reports about strange code injections, the affected versions are Lottie Web Player (“lottie-player”) 2.0.5, 2.0.6, and 2.0.7, all published yesterday. LottieFiles quickly released a new version, 2.0.8, which is based on the clean 2.0.4, advising users to upgrade to it as soon as possible. See more:
BleepingComputer
LottieFiles hacked in supply chain attack to steal users’ crypto
The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors...
 #cybersecurity #crypto
Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft 365 login credentials," Netskope Threat Labs researcher Jan Michael Alcantara said in an analysis. See more:
The Hacker News
Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials
Beware of rising phishing attacks using Webflow as cybercriminals target crypto wallets and sensitive info.
 #cybersecurity #crypto #phising
Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland The popular hacking competition set up camp in Trend Micro’s Cork office for the first time last week, with competitors discovering and demonstrating exploits for over 70 zero-day vulnerabilities. These will now be responsibly disclosed to the relevant vendors for patching A growing number of manufacturers are getting involved in the competition in order to place their products in front of a highly motivated bunch of ethical hackers. For the first time, Pwn2Own welcomed Meta as a sponsor this year, although no teams were able to find a workable exploit for WhatsApp in a new Messenger App category of the competition. It is zero-click vulnerabilities like this that commercial spyware makers are notorious for finding and exploiting for their customers. See more:
Infosecurity Magazine
Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland
Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws
 #cybersecurity #zeroday
ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis Malicious instructions encoded in hexadecimal format could have been used to bypass ChatGPT safeguards designed to prevent misuse. The new jailbreak was disclosed on Monday by Marco Figueroa, gen-AI bug bounty programs manager at Mozilla, through the 0Din bug bounty program. If a user instructs the chatbot to write an exploit for a specified CVE, they are informed that the request violates usage policies. However, if the request was encoded in hexadecimal format, the guardrails were bypassed and ChatGPT not only wrote the exploit, but also attempted to execute it “against itself”, according to Figueroa. See more Security Week:
SecurityWeek
ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis
The details of a new ChatGPT jailbreak have been disclosed through Mozilla’s 0Din gen-AI bug bounty program.
 Dark Reading:
Dark Reading
Mozilla: ChatGPT Can Be Manipulated Using Hex Code
LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of thi...
 #cybersecurity #ai #chatgpt #jailbreak
Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia. It was described as due to "compliance requirements" but vague in what those requirements entailed. Linus Torvalds then commented on the Russian Linux maintainers being de-listed and made it clear that they were done due to government compliance requirements / legal issues around Russia. Now today some additional light has been shed on those new Linux kernel "compliance requirements". Longtime Linux developer and EXT4 file-system maintainer Ted Ts'o has also provided some clarity on a separate Linux kernel mailing list thread. In response to a suggested patch removing Huawei from the MAINTAINERS file given their known relations with the Chinese government there was more discussion about possible future removals. See original news:
Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia - Phoronix
Quietly merged into this week's Linux 6.12-rc4 kernel was a patch that removes a number of kernel maintainers from being noted in the official...
 See Torvalds statement:
Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted - Phoronix
Following yesterday's news first featured on Phoronix of several Linux driver maintainers being de-listed from their maintainer positions with...
 See Compliance Requirements update:
Some Clarity On The Linux Kernel's "Compliance Requirements" Around Russian Sanctions - Phoronix
When a number of Russian Linux developers were removed from their MAINTAINERS file in the Linux kernel, it was described as due to 'compliance...
 See the original commit:
Making sure you're not a bot!
 #linux #cybersecurity
Cisco fixes VPN DoS flaw discovered in password spray attacks Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April. The flaw is tracked as CVE-2024-20481 and impacts all versions of Cisco ASA and Cisco FTD up until the latest versions of the software. "A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service," reads the CVE-2024-20481 security advisory. See more:
BleepingComputer
Cisco fixes VPN DoS flaw discovered in password spray attacks
Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute fo...
 #cybersecurity #security