BU-CERT News

From thehackernews.com

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser.

Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia).

Exploitation of such buffer overflow flaws can result in program crashes or execution of arbitrary code, impacting its availability and integrity.

Clément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone noting on X (formerly Twitter) that it has been abused by a commercial spyware vendor to target high-risk individuals.

Read more…

From gbhackers.com

Cybersecurity analysts at NSFOCUS Security Labs recently uncovered an unknown phishing-based attack process during threat-hunting. 

Apart from this, during their further investigation, they identified two new Trojans and rare attack methods.

NSFOCUS Security Labs suspects a skilled APT attacker is behind the novel phishing process, using it as a primary method for in-domain penetration against specific targets.

AtlasCross is the attacker, while DangerAds and AtlasAgent are the new Trojans identified by NSFOCUS Security Labs.

Security researchers reported that threat actors behind AtlasCross are actively using the weaponized Word documents to deploy malware.

Read more…

From thehackernews.com

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild.

Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm –

With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.

Read more…

From bankinfosecurity.com

Microsoft updated Windows 11 on Tuesday to simplify passwordless adoption, protect against malicious code and have the ability to refresh configuration in the event of tampering.

The Seattle-area software and cloud computing giant said enhancements to the Windows 11 operating system will allow users to replace passwords with passkeys to prevent hackers from exploiting stolen passwords through phishing attacks. Passkeys create a unique, un-guessable cryptographic credential that’s stored on the user’s device, and Microsoft said it is promoting passkeys as part of the FIDO Alliance (see: Apple, Google, Microsoft Unite to Make Passwordless Easier).

“Instead of using a username and password to sign in to a website or application, Windows 11 users will be able to use and protect passkeys using Windows Hello or Windows Hello for Business on their phone,” David Weston, vice president of enterprise and OS security at Microsoft, wrote in a blog post. “This will enable users to sign in to the site or app using their face, fingerprint or device PIN.”

Read more…

From thehackernews.com

A “multi-year” Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations.

Recorded Future’s Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to “Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government, military, and political entities in South Korea, Japan, and Russia.”

The cybersecurity firm characterized the targeting of South Korean academic institutions as in alignment with China’s broader efforts to conduct intellectual property theft and expand its influence, not to mention motivated by the country’s strategic relations with the U.S.

Social engineering attacks mounted by the adversary make use of Microsoft Compiled HTML Help (CHM) file lures to drop a custom variant of an open-source Visual Basic Script backdoor called ReVBShell, which subsequently serves to deploy the Bisonal remote access trojan.

Read more…

From thehackernews.com

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.

“The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections,” the Citizen Lab said, attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool.

According to a joint investigation conducted by the Canadian interdisciplinary laboratory and Google’s Threat Analysis Group (TAG), the mercenary surveillance tool is said to have been delivered via links sent on SMS and WhatsApp.

Read more…

From finance.yahoo.com

There’s a new gang on the dark web that claims it’s breached all of Sony’s systems in a ransomware attack.

Interestingly, Ransomed.vc seems to be a ransomware operator and a ransomware-as-a-service organization. That means that alongside these large-scale hacks of major corporations, Ransomed.vc (which VGC claims operates out of Russia and Ukraine) also reportedly works with the EU’s general data protection and regulation (GDPR) and other data privacy laws to report vulnerabilities in company systems and violations in the laws. According to Cyber Security Connect, the group is leveraging laws to reportedly bully victims into submission.

Sony has not publicly commented on the breach or the nature of Ransomed.vc’s impact on the company just yet. Kotaku reached out to Sony for a statement.

Read more…