News – Page 167

PrivateLoader: Analyzing the Encryption and Decryption of a Modern Loader

Posted on 18 April 2023

From any.run

PrivateLoader analysis introduction

PrivateLoader is a malicious loader family, written in C++ and first discovered in early 2021.

It is known for distributing a wide range of malware, from simple information stealers to complex rootkits and spyware, utilizing payloads.

The distribution of this type of malware is managed by the Pay-Per-Install (PPI) service, a popular tool within the cybercriminal ecosystem that generates revenue by adding payloads to malware.

The code itself involves the decryption of loaded libraries.
At present, there are two versions of PrivateLoader available: one protected by VMProtect, and a regular version.
Every day, between 2 and 4 samples of this malware are uploaded.

CVE-2023-28787: Critical Unauthenticated SQL Injection Vulnerability Discovered in Popular WordPress Quiz And Survey Master Plugin

Posted on 18 April 2023

From securityonline.info

Quiz and Survey Master, a widely-used WordPress plugin with over 40,000 active installations, is now facing a critical security vulnerability. Known for its capability to create engaging content such as viral quizzes, trivia quizzes, and surveys, the plugin is an essential marketing tool for many websites. However, researcher Rafie Muhammad from Patchstack has discovered an unauthenticated SQL Injection vulnerability in the plugin, which could enable malicious actors to directly interact with a website’s database and potentially steal sensitive information. The vulnerability has been assigned the identifier CVE-2023-28787 and given a CVSS score of 9.3, making it a critical risk.

Military helicopter crash blamed on failure to apply software patch

Posted on 18 April 2023

From theregister.com

An Australian military helicopter crash was reportedly caused by failure to apply a software patch, with a heft side serving of pilot error.

The helicopter in question is an MRH-90 Taipan operated by the Australian Army and was engaged in what’s been described as “a routine counter-terrorism training activity” on March 23rd when it ditched just off a beach in the State of New South Wales.

All ten Australian Defence Force personnel aboard the helicopter were accounted for, with two experiencing what the Department of Defence described as “minor injuries”.

Australia grounded its 47-strong Taipan fleet while authorities investigated the incident.

The Australian Broadcasting Corporation (ABC) today reported the likely cause of the incident was failure to apply a software patch to the ‘copter.

Fake Chrome updates spread malware

Posted on 18 April 2023

From malwarebytes.com

Compromised websites are causing big headaches for Chrome users. A campaign running since November 2022 is using hacked sites to push fake web browser updates to potential victims.

Researcher Rintaro Koike says this campaign has now expanded to also target those who speak Korean, Spanish, and Japanese. Additionally, Bleeping Computer notes that some of the affected sites include news, stores, and adult portals. The attackers are likely to be primarily targeting sites based on vulnerability rather than content served. As a result, it’s difficult to predict where these bogus updates will appear next.

CVE-2023-1998: Google researchers reveal Spectre v2 SMT mitigations problem in Linux kernel

Posted on 17 April 2023

From securityonline.info

Spectre v2, a security vulnerability discovered a few years ago, has continued to keep security professionals on their toes. Recently, a new security vulnerability (CVE-2023-1998) in the Linux kernel has come to light, which affects the way the kernel handles Spectre v2 mitigations.

UK Government (Kind Of) Bans TikTok

Posted on 17 April 2023

From pandasecurity.com

Following a similar announcement in the US, the UK government has announced a crackdown on the TikTok app. Under these plans, politicians and civil servants will be banned from installing the globally popular short video app.

What is the problem?

TikTok is currently the world’s most popular video-sharing social networking app. However, security agencies have raised concerns about the app, particularly because of the close relationship between TikTok and the Chinese state government.

Like many apps, TikTok gathers large amounts of personal data from its users, but no one outside the company knows exactly what they do with that information. Like other ‘free’ services (Google for example), TikTok uses at least some of the data for building marketing profiles so they can better target adverts at their subscribers.

QBot trojan being distributed through business e-mails

Posted on 17 April 2023

From kaspersky.co.uk

In early April, Kaspersky experts discovered a mass e-mailing campaign sending messages with a malicious PDF attached. The attackers are taking aim at companies: a dangerous document is attached to business correspondence (we saw e-mails written in English, German, Italian and French). The objective of the campaign is to infect victims’ computers with the QBot malware, also known as QakBot, QuackBot, or Pinkslipbot. Interestingly, about a year ago our specialists observed a similar sudden increase in the flow of e-mails delivering malware (including QBot).