Hello Authentication Vulnerabilities Discovered: Stay Safe

From tuxcare.com

In the realm of cybersecurity, a recent study has brought to light a series of Hello Authentication vulnerabilities that could compromise the Windows Hello authentication on popular laptop models, including Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X. Conducted by researchers at Blackwing Intelligence, a firm specializing in hardware and software product security, these findings underscore potential security risks associated with fingerprint sensors from Goodix, Synaptics, and ELAN integrated into these devices. This blog delves into the details of Hello Authentication flaws, as well as the mitigation measures advised.

The Nature of Hello Authentication Vulnerabilities

The fingerprint sensors in question, categorized as “match on chip” (MoC), house both matching and biometric management functions within their integrated circuits. Despite MoC’s ability to prevent the replay of stored fingerprint data, it falls short in preventing a malicious sensor from mimicking a legitimate sensor’s communication with the host. This could lead to false claims of successful user authentication.

Read more…

Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

From thehackernews.com

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under “limited, targeted exploitation” back in October 2023.

The vulnerabilities are as follows –

  • CVE-2023-33063 (CVSS score: 7.8) – Memory corruption in DSP Services during a remote call from HLOS to DSP.
  • CVE-2023-33106 (CVSS score: 8.4) – Memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
  • CVE-2023-33107 (CVSS score: 8.4) – Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Google’s Threat Analysis Group and Google Project Zero revealed back in October 2023 that the three flaws, along with CVE-2022-22071 (CVSS score: 8.4), have been exploited in the wild as part of limited, targeted attacks.

Read more…

Federal agency breached through Adobe ColdFusion vulnerability

From therecord.media

Public-facing servers at a U.S. federal agency were compromised by hackers in June and July through a vulnerability in a popular product from Adobe, according to the nation’s leading cybersecurity agency.

The unidentified hackers exploited CVE-2023-26360 — a bug affecting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) as well as earlier installations of the software that Adobe no longer supports.

ColdFusion is a tool used by organizations for rapid web-application development, allowing them to build web applications and integrate things like databases and other third-party libraries.

Read more…

Vast USPS Delivery Phishing Campaign Sees Threat Actors Abusing Freemium Dynamic DNS and SaaS Providers

From bolster.ai

You may be familiar with the common phishing tactics like fake emails or text messages from a hacker pretending to be someone at your place of work, or maybe it’s someone pretending to be from your bank or credit card company. The latest scam we’ve uncovered now highlights another widespread service used by almost everyone: the postal service. Perhaps it’s not a coincidence that the uptick comes as we turn the corner into the holiday season, emphasized with an increase of ordering and sending packages or items in the mail.

The parcel delivery scam, a phishing campaign initially targeting less tech-savvy individuals with messages about “failed deliveries” or late payments, has significantly evolved since first discovered. As awareness grows, scammers are refining their tactics, shifting from simple misleading messages to more sophisticated methods, like tricking victims to download malicious apps designed to steal banking information.

Read more…

Booking.com users angry at firm’s response to hacks

From bbc.com

Booking.com users have spoken of their anger at the company’s failure to stop them falling victim to cyber-criminals.

For at least a year, fraudsters have been able to infiltrate its app and trick users out of hundreds of pounds.

Dozens of people have contacted the BBC to say they have lost money, with one saying she had been “failed” by the travel firm.

Booking.com said it was implementing new safety features but there was “no silver bullet”.

Read more…

New SugarGh0st RAT targets Uzbekistan government and South Korea

From blog.talosintelligence.com

  • Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.” 
  • We found evidence suggesting the threat actor is targeting the Uzbekistan Ministry of Foreign Affairs and users in South Korea. 
  • We assess with high confidence that the SugarGh0st RAT is a new customized variant of Gh0st RAT, an infamous trojan that’s been active for more than a decade, with customized commands to facilitate the remote administration tasks as directed by the C2 and modified communication protocol based on the similarity of the command structure and the strings used in the code.
  • We observed two infection chains leveraging Windows Shortcut embedded with malicious JavaScript to deliver the components to drop and launch the SugarGh0st payload.
  • In one infection chain, the actor leverages the DynamixWrapperX tool to enable Windows API function calls in malicious JavaScript for running the shellcode.
  • Talos assesses with low confidence that a Chinese-speaking threat actor is operating this campaign based on the artifacts we found in the attack samples.

Read more…