BU-CERT News

From ehackingnews.com

Audio-only app Clubhouse gained huge success over the last few months and now attackers are misusing the reputation and fame earned by the app by delivering Facebook ads, wherein they promote the Clubhouse app for PC to deliver the malware. Notably, the attackers have used the old tactics again because the PC version of the Clubhouse app is not yet released.
The Clubhouse app has nearly 8 million downloads so far. Therefore, malware designers have been busy taking advantage of Clubhouse’s rising popularity, creating what they claim is a Clubhouse client for PCs, and then promoting those ads on Facebook to get users to download the app. 

Read more…

From bleepingcomputer.com

Mozilla volunteers have recently been flooded with online merchants and marketers’ requests for their domains to be added to what’s called a Public Suffix List (PSL).

Public Suffix List (PSL) is an initiative of the Mozilla community volunteers to maintain a list of top-level domains (TLDs) and domains that should be treated as one to prevent the mixing of cookies between distinct domains.

Read more…

From ehackingnews.com

A few famous online collaboration tools, including the likes of Slack and Discord, are being hijacked by hackers to disperse malware, experts have cautioned.
Cisco’s security division, Talos, published new research on Wednesday featuring how, throughout the span of the Covid-19 pandemic, collaboration tools like Slack and, considerably more generally, Discord have become convenient mechanisms for cybercriminals. With developing frequency, they’re being utilized to serve up malware to victims in the form of a link that looks reliable. In different cases, hackers have integrated Discord into their malware to remotely control their code running on tainted machines, and even to steal information from victims. 

Read more…

From bleepingcomputer.com

More than 500,000 Huawei users have downloaded from the company’s official Android store applications infected with Joker malware that subscribes to premium mobile services.

Researchers found ten seemingly harmless apps in AppGallery that contained code for connecting to malicious command and control server to receive configurations and additional components.

Read more…

From mcafee.com

Cuba Ransomware Overview

Over the past year, we have seen ransomware attackers change the way they have responded to organizations that have either chosen to not pay the ransom or have recovered their data via some other means. At the end of the day, fighting ransomware has resulted in the bad actors’ loss of revenue. Being the creative bunch they are, they have resorted to data dissemination if the ransom is not paid. This means that significant exposure could still exist for your organization, even if you were able to recover from the attack.

Cuba ransomware, no newcomer to the game, has recently introduced this behavior.

Read more…

From binarydefense.com

Pwn2Own is an annual contest held by the Zero Day Initiative providing a contest for hackers and researchers around the world a chance to win substantial monetary reward for producing never before seen exploits for some of the most used software and hardware, with the goal of assisting software providers in the security of their products.

This year Zoom came under the microscope by Daan Keuper and Thijs Alkemade from Computest. They were able to exploit Zoom messenger with a three bug chained attack obtaining remote code execution not requiring user input. As of this writing it is known to work in the Windows and Mac client versions of zoom and has yet to be proven effective in iOS or Android apps. Zoom was contacted internally and are in the process of producing a patch to cover this vulnerability. A suggested work-around is to use the browser version of Zoom client on Windows or Mac.

Read more…

From kitploit.com

Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cyber threat emulation purposes.

Read more…