compromised websites Archives

Winsage

February 5, 2025

Windows 10 on the brink of extinction: This is how vulnerable you really are!

Microsoft will cease support for Windows 10 in October 2025, meaning new security vulnerabilities will not be patched, increasing exposure to threats. Cybercriminals are expected to target Windows 10, which still has over 60% market share, making it an attractive target. ESET estimates that around 32 million PCs in Germany are still using Windows 10. Users can opt for the Extended Security Updates program for an additional cost, extending updates until October 2026, or use 0Patch for updates until 2030. Windows 10 IoT Enterprise LTSC 2021 will receive updates until 2032, but its use as an office PC is restricted. Users are encouraged to upgrade to Windows 11 where hardware compatibility exists for ongoing security updates and new features.

Tech Optimizer

December 24, 2024

‘Fix It’ social-engineering scheme impersonates several brands

Malicious actors are increasingly exploiting web browsers to deliver malware, often bypassing conventional antivirus defenses through sophisticated social engineering. A notable tactic involves copying harmful commands into the clipboard, allowing victims to execute them unknowingly. Recent investigations revealed a campaign using malicious advertisements and counterfeit pages that mimic reputable software brands, leading victims to a fake Cloudflare notification that prompts them to execute specific key combinations. This process triggers PowerShell code that retrieves and installs malware. The investigation began with a suspicious advertisement for a 'notepad' application, which redirected users to a Cloudflare-like page asking them to verify they are human. Instead of a standard CAPTCHA, users encountered a prompt instructing them to follow steps that would inadvertently execute a malicious command. By clicking a 'Fix It' button, the harmful command is copied to the clipboard, and users are led to paste and run it, initiating a download from a remote domain. The campaign targeted several brands, including Microsoft Teams, FileZilla, UltraViewer, CutePDF, and Advanced IP Scanner. The same domain linked to the malicious PowerShell command for Notepad++ also appeared in another campaign. Indicators of compromise include various malicious domains and URLs associated with the malware and its command and control server. Malwarebytes provides protection against these threats.

Winsage

November 27, 2024

‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

In October, Russian hackers gained the ability to deploy arbitrary code against users of Firefox and Tor, exploiting two zero-day vulnerabilities: CVE-2024-9680 in Mozilla software and CVE-2024-49039 in Windows. The first vulnerability, a use-after-free flaw in Firefox's animation timelines, was rated 9.8 on the CVSS and allowed attackers to execute arbitrary commands. The second vulnerability enabled privilege escalation through an undocumented remote procedure call (RPC) endpoint. Both vulnerabilities were quickly patched, with CVE-2024-9680 addressed on October 9 and CVE-2024-49039 on November 12. The majority of targets were located in North America and Europe, particularly in countries like the Czech Republic, France, Germany, Poland, Spain, Italy, and the US. None of the victims tracked by ESET were compromised via Tor.

AppWizard

September 27, 2024

SilentSelfie Exploited 25 Websites To Deploy Malicious Android Application

Researchers uncovered a cyber espionage campaign called “SilentSelfie” targeting Kurdish communities, exploiting 25 compromised websites with four variants of malicious JavaScript. The campaign, active since late 2022, utilized watering hole attacks and a covert Android application disguised as a news app to collect sensitive data, including location and contacts. The attackers employed obfuscation techniques and used compromised web servers for communication. A total of 21 Kurdish websites were affected, primarily linked to “Rojava” and Kurdish political entities. The campaign remained undetected for over 18 months, with potential links to Turkish intelligence, Syrian government agencies, and the Kurdistan Regional Government of Iraq. Compromised sites included ‘RojNews’ and ‘YPG Rojava.’

Winsage

September 23, 2024

Hackers are leveraging pirated games to spread malware

Pirated or cracked versions of video games are increasingly being used by cybercriminals to distribute malware, with CAPTCHA challenges being employed to mislead users into believing that malicious websites or downloads are legitimate. A report from McAfee Labs indicates that this tactic is particularly common among individuals searching for cracked games, where dubious websites use CAPTCHAs to create an illusion of credibility. The malware, known as Lumma Stealer, targets sensitive data such as login credentials and cryptocurrency wallet information. It spreads through phishing campaigns, malicious downloads, and compromised websites, often hidden within pirated software. The use of CAPTCHA allows these malicious sites to evade automated security scanners, as users are tricked into thinking they are engaging with secure content. To mitigate risks, it is recommended to avoid pirated content and use legitimate platforms for downloading software.

Winsage

August 14, 2024

Microsoft fixes 6 zero-days under active attack – Help Net Security

Microsoft's August 2024 Patch Tuesday update addresses 90 vulnerabilities, including six zero-days actively exploited and four publicly known vulnerabilities. The zero-day vulnerabilities include: - CVE-2024-38178: A Scripting Engine Memory Corruption Vulnerability in Microsoft Edge's Internet Explorer Mode, allowing remote code execution if an authenticated user clicks a malicious URL. - CVE-2024-38106: A Windows Kernel bug that could enable SYSTEM privileges through a race condition. - CVE-2024-38107: A privilege escalation vulnerability in the Windows Power Dependency Coordinator requiring local access or user deception. - CVE-2024-38193: A local privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, potentially allowing malware execution with SYSTEM privileges. - CVE-2024-38213: A vulnerability allowing attackers to bypass Windows SmartScreen by persuading users to open malicious files. - CVE-2024-38189: A vulnerability in Microsoft Project that can lead to remote code execution by tricking users into opening a specially crafted Project file. The publicly known vulnerabilities include: - CVE-2024-38200: A spoofing vulnerability in Microsoft Office that may allow NTLM hash capture. - CVE-2024-21302 and CVE-2024-38202: Elevation of privilege flaws in Windows Secure Kernel Mode and Windows Update Stack, respectively, facilitating downgrade attacks. - CVE-2024-38199: A use-after-free flaw in the Windows Line Printer Daemon Service that can lead to remote code execution. Additionally, two server-side request forgery (SSRF) vulnerabilities were identified: CVE-2024-38206 in Microsoft’s Copilot Studio and CVE-2024-38109 affecting Azure Health Bot, both requiring no action from customers for resolution.

Winsage

August 6, 2024

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a significant vulnerability in Microsoft COM for Windows, identified as CVE-2018-0824, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability has a CVSS score of 7.5 and involves a deserialization of untrusted data, allowing remote code execution when an application fails to properly handle serialized objects. An attacker can exploit this vulnerability through malicious files or compromised websites. Researchers from Cisco Talos reported that the APT41 group linked to China compromised a Taiwanese government-affiliated research institute, deploying ShadowPad malware and Cobalt Strike, and utilizing CVE-2018-0824 to escalate local privileges. Federal agencies are required to address this vulnerability by August 26, 2024, under Binding Operational Directive (BOD) 22-01.

AppWizard

August 3, 2024

Android users, beware! Text message stealing malware is targeting smartphones to gain access to users’ data

A new SMS stealer malware campaign targeting Android users has been uncovered by ZLabs researchers from Zimperium. The malware is distributed through fake app advertisements on compromised websites and Telegram bots that promise free pirated apps in exchange for phone numbers. Once installed, the malware accesses SMS messages, allowing cybercriminals to capture sensitive information like one-time passwords (OTPs) used for financial transactions. Over 107,000 malware samples linked to this campaign have been documented, affecting victims in 113 countries, particularly in India and Russia, as well as Brazil, Mexico, the United States, Ukraine, and Spain. Users are advised to use Google Play Protect for protection against such malware.

Tech Optimizer

July 27, 2024

Don’t take your antivirus software for granted

There is a significant issue with Secure Boot, a key method for protecting PCs from attacks. Users can protect themselves by ensuring their antivirus software is up to date and running smoothly. Some users disable automatic updates or turn off antivirus protection, leaving them vulnerable to attacks exploiting the security flaw in Secure Boot.

Tech Optimizer

June 29, 2024

Rafel RAT malware: What it is and how to protect your Android phone | – Times of India

Rafel RAT is a type of malware designed to remotely control and monitor infected devices. Hackers use phishing techniques to distribute this malware through messaging apps and social media platforms. Once installed, Rafel RAT can track the user's location, access the camera and microphones, steal sensitive data, monitor messages and calls, and exfiltrate data. The malware has impacted phones from various top brands running Android 11 or older versions. To protect your Android phone from Rafel RAT and similar threats, only download apps from official app stores, be cautious with links, remain vigilant on official platforms, secure sensitive information, update regularly, and use antivirus software.