New Malware Out In The Wild

An undocumented malware downloader has been spotted phishing attacks to deploy credential stealers and other malicious payloads. Researchers say: "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was seen dropping stealers (i.e. Taurus Stealer) or further loaders (example), yet its design allows [it] to...

Android: Prevent Memory Flaws

Google announced that its open source version of the Android operating system will add support for Rust programming language. The goal is to prevent memory safety bugs.The company says: "Managed languages like Java and Kotlin are the best option for Android app development. The Android OS uses Java extensively, effectively protecting large...

WhatsApp-based Android malware on the Google Play Store

Cybersecurity researchers have discovered wormable Android malware that is directly downloadable from the official Google Play Store. It is disguised as a rogue Netflix app under the name of "FlixOnline". Researchers say: "The application is actually designed to monitor the user's WhatsApp notifications, and to send automatic replies to the user's...

Android: Pre-Installed Malware

Researchers have found a pre-installed auto installer threat on Android mobile devices in Germany. Users of Gigaset mobile devices are facing unwanted apps that are being downloaded and installed through a pre-installed system update app.The researchers say: "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which...

OpenSSL: High-Severity Security Bugs

Two high-severity security flaws in the OpenSSL software could have allowed hackers denial-of-service (DoS) attacks and to bypass certificate verification. OpenSSL is a software library consisting of cryptographic functions that implement the Transport Layer Security protocol with the goal of securing communications sent over a computer network.The bugs have been...

Facebook: 533 Million Users‘ Data Leaked

Data of approximately 533 million Facebook users worldwide has been leaked on a cybercrime forum. Sorted by country, the date includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status, account creation date, and other profile details.Hackers seem to have obtained the data by exploiting a...

Grocery Startup: Possible Account Takeover

Airlift Express is an online grocery service from a Pakistani decentralized urban mass transit startup. Researchers have found a serious OTP vulnerability in their signing-in process. They easily brute-forced the 4-digit OTP within 7 minutes. The company app allows resetting the password via the ‘Forgot Password’ option. Clicking on it makes the...

DuckDuckGo Browser Has The Best Tracking Protection

DuckDuchGo has published a post explaining their browser tracking protection mechanisms. Google Chrome, Mozilla Firefox, and Apple Safari block trackers after they are loaded. This way, the trackers still get a chance to know some information and build users’ profiles. But DuckDuckGo prevents tracking elements from loading in the first place....

Hackers Use a Windows OS Feature to Evade Firewall

Hackers have found a way to use Microsoft's Background Intelligent Transfer Service (BITS) to deploy malicious payloads on Windows machines.Researchers say: "Microsoft introduced the Background Intelligent Transfer Service (BITS) with Windows XP to simplify and coordinate downloading and uploading large files. When malicious applications create BITS jobs, files are downloaded or...

Two New Vulnerabilities in Linux

Researchers have found two new vulnerabilities in Linux-based operating systems that could let attackers circumvent mitigations for speculative attacks. In the end they would obtain sensitive information from kernel memory. The attacks could also be launched remotely via rogue websites running malicious JavaScript code.The researchers say: "Both vulnerabilities are related to the...

de_DEDeutsch