Samsung, LG and Mediatek Certificates Are Used to Sign Android Malware

It was found that the certificates that Android OEM manufacturers Samsung, LG and Mediatek use to sign basic system applications were also used to sign malware. me remind you that we also wrote that Hackers stole Mimecast certificate to attack Microsoft 365 users, and also that Critical vulnerabilities in HP Teradici PCoIP endanger 15 million endpoints. Google experts say that Android device OEMs use special certificates or keys to sign the main ROM images of devices containing the OS itself and related applications. When applications are signed with this certificate and assigned the highly...

Mali GPU Driver Vulnerabilities Threaten Millions of Devices

Google Project Zero experts are alarming, becvause five vulnerabilities in the ARM Mali GPU driver remain unpatched on a variety of devices, although the chipmaker released patches several months ago. As a result, millions of Android devices may be vulnerable to potential attacks. me remind you that we also wrote that AMD fixed dozens of vulnerabilities in graphics driver and more, and also that NVIDIA Released Update That Fixes Ten Vulnerabilities in Windows GPU Drivers. According to experts, the problems affect devices from Google, Samsung, Xiaomi, Oppo and other smartphone manufacturers...

Instead of Cobalt Strike, Hackers an Can Use Nighthawk

Experts from Proofpoint have released a report on Nighthawk, an advanced C2 framework that hackers can start using instead of Cobalt Strike. observing how the framework was used by a certain red team in September 2022, the researchers concluded that criminals might also like Nighthawk. Let me remind you that we also wrote that Google Decided to Fight Hacked Versions of Cobalt Strike, and also, for example, that Hackers Are Switching from Cobalt Strike to Brute Ratel C4. Nighthawk is developed and marketed by the European company MDSec, which offers its customers tools and services for...

$300,000 Are Stolen from DraftKings Customers, but Company Denies a Hack

Sports betting company DraftKings said its customers suffered credential stuffing attacks, but denies a hack of its own systems. total loss of users is estimated at $300,000. At the same time, DraftKings emphasizes that its own resources and systems have not been affected. Let me remind you that we also wrote that General Motors Users Hit by Credential Stuffing Attack. Let me remind you that the term credential stuffing usually refers to situations where usernames and passwords are stolen from some sites (as, for example, in this case), and then used on others. That is, attackers have a ready...

Google Decided to Fight Hacked Versions of Cobalt Strike

Google Cloud Threat Intelligence announced the release of YARA rules, as well as a collection of indicators of compromise VirusTotal, which should facilitate the detection of Cobalt Strike components and prevent abuse of this pentest tool. the way, we wrote that some Hackers Are Switching from Cobalt Strike to Brute Ratel C4. Let me remind you that Cobalt Strike is a legitimate commercial tool created for pentesters and the red team and focused on exploitation and post-exploitation. It is probably well known to most readers, but, unfortunately, hackers has long loved Cobalt Strike, ranging...

F5 Fixes Serious Vulnerabilities in BIG-IP and BIG-IQ

F5 developers have released patches for BIG-IP and BIG-IQ products and the patches fixed two serious vulnerabilities that could allow unauthenticated attackers to remotely execute arbitrary code (RCE) on vulnerable endpoints. , exploitation of both problems requires certain conditions to be met, which makes these vulnerabilities difficult to exploit. However, F5 warns that successful exploitation can lead to complete compromise of devices. Let me remind you that we also reported that After publication of the attacks, information security experts record massive on vulnerabilities in F5 BIG-IP...

November Windows Updates Broke Kerberos Authentication

Microsoft says they are already aware of a new issue in Windows updates that causes corporate domain controllers to fail when using Kerberos authentication, as well as other authentication issues that have emerged since the November patches. me remind you that we wrote that Microsoft Updates May Break Printing in Windows Server, and also that Microsoft Silently Fixes ShadowCoerce Bug. Let me remind you that the Kerberos protocol has long since replaced NTLM and has become the default authentication protocol for domain-joined devices in all versions of Windows above Windows 2000. Bleeping...

Bypassing the Lock Screen on Pixel Smartphones Netted a Researcher $70,000

This month, Google developers fixed a serious issue that could bypass the lock screen on Pixel smartphones and could be lead to use of other people’s devices. independent researcher who discovered this bug received a reward of $70,000, and now, after the release of the patch, he spoke about the vulnerability in a similar way. Let me remind you that we also wrote that Google Pixel bug prevented users from calling 911, and also that A bug in the Google Search app disturbed users from making and receiving calls. The problem received the identifier CVE-2022-20465 and was found back in June...