Summary: Cybersecurity researchers have discovered a renewed cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy.
Threat Actor: LightSpy | LightSpy Victim: Users in South Asia | South Asia
Key Point :
The LightSpy iOS spyware campaign, dubbed “F_Warehouse,” has a modular framework with extensive spying features.…Threat Actor: Unknown | Unknown Victim: Android and iOS device users | Android and iOS device users Price: Not specified Exfiltrated Data Type: Not specified
Additional Information:
The threat actor claims to have a serious security vulnerability on Android and iOS devices, allowing for remote code execution (RCE) and granting control over targeted devices.…Summary: Microsoft has addressed two zero-day vulnerabilities that threat actors are exploiting to deliver malware.
Threat Actor: Unknown | Unknown Victim: Microsoft | Microsoft
Key Point :
Microsoft has patched two zero-day vulnerabilities, CVE-2024-29988 and CVE-2024-26234, that were actively exploited by threat actors to deliver malware.…Summary: Cybersecurity researchers from Bitdefender discovered critical vulnerabilities in LG TVs running webOS versions 4 through 7, which could allow attackers to gain complete control over the TV, steal data, or install malware.
Threat Actor: N/A
Victim: LG TV owners
Key Point :
Cybersecurity researchers from Bitdefender discovered critical vulnerabilities in LG TVs running webOS versions 4 through 7, which could allow attackers to gain complete control over the TV, steal data, or install malware.…Summary: A new threat actor named “Starry Addax” is targeting human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause in North Africa using a mobile malware called “FlexStarling.”
Threat Actor: Starry Addax | Starry Addax Victim: Human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause | Sahrawi Arab Democratic Republic
Key Points:
Starry Addax conducts phishing attacks and uses malicious Android apps disguised as legitimate tools to compromise sensitive information.…In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious.
Figure 1: Version info of the detected file. Note the typos ‘Copyrigth’ and ‘rigths’
The file’s metadata indicates that it is a “Catalog Authentication Client Service” by “Catalog Thales ” – possibly an attempt to impersonate the legitimate company Thales Group.…
09/04/2024
Phishing home pageA sophisticated malicious campaign is currently underway, aimed at compromising Android devices in Italy through the SpyNote malware. This is disguised as the “INPS Mobile” application, available for download on a specifically created domain yesterday, with the aim of deceiving victims.
The phishing page, reported by D3lab to CERT-AGID, is carefully designed with logos and content that reproduce the official ones of the Institute.…
Summary: Google is suing two China-based Android app developers for allegedly scamming 100,000 users worldwide through fake cryptocurrency and investment apps, with victims losing up to $75,000.
Threat Actor: China-based Android app developers | China-based Android app developers Victim: 100,000 users worldwide | 100,000 users worldwide
Key Point :
Google is suing two China-based Android app developers for allegedly scamming 100,000 users worldwide through fake cryptocurrency and investment apps.…Summary: A self-service check-in terminal used in a German Ibis budget hotel was found to be leaking hotel room keycodes, potentially affecting hotels around Europe. The security flaw allowed anyone to easily aggregate room keycodes, posing risks such as theft and jeopardizing the personal safety of guests.…
Summary: This article discusses the escalating threat of a fake e-shop campaign that targets banking security across various regions. The campaign has expanded from targeting Malaysian banks to financial institutions in Vietnam and Myanmar, using sophisticated tactics and Android malware with screen-sharing capabilities.
Threat Actor: Unknown | fake e-shop campaign Victim: Financial institutions in Malaysia, Vietnam, and Myanmar | Malaysian banks, Vietnam, Myanmar
Key Point :
A fake e-shop campaign has expanded its reach from Malaysian banks to financial institutions in Vietnam and Myanmar.…In this report, we will conduct a comprehensive analysis of Gafgyt, which is an ELF malware. Our aim is to examine the malware’s capabilities and determine its functions:
DDoS Attack Capabilities Communication with Command and Control (C&C) Server Evade detection Network Setup and Configuration Process ManipulationGafgyt malware, which is also known as Bashlite has targeted millions of vulnerable IoT devices in the last few years.…
The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions.…
Hihi 
! In this blog post, we’ll explore the functionality, features, and advantages of Incinerator, an advanced Android reverse engineering suite inspired by the success of Shambles.
Our mission is straightforward: we want an advanced hassle-free solution to reverse Android applications, especially malware. We need a tool that integrates decompilation, decryption, dynamic debugging, and vulnerability detection.…
The Pixel Update Bulletin provides details on security vulnerabilities, functional improvements, and updates for supported Pixel devices.
Key Point:
Security patch levels of 2024-04-05 or later address all issues in the bulletin and the April 2024 Android Security Bulletin. All supported Google devices will receive an update to the 2024-04-05 patch level.…______________________ Vultur banking malware for Android poses as McAfee Security app
Key Point : * Vultur banking trojan for Android has advanced remote control capabilities and an improved evasion mechanism. * Distributed over Google Play through dropper apps in late 2022. * Included in Zimperium’s top 10 most active banking trojans for targeting 122 banking apps in 15 countries.…
____________________ Summary: A PhaaS campaign called “Darcula” has been targeting organizations in over 100 countries using more than 20,000 fake domains. The campaign utilizes unique tools and platforms to carry out phishing attacks, including sending messages through iMessage and RCS protocols. The attackers primarily target postal services and other institutions that rely on consumer trust.…
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time.
Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.…
____________________ Summary: Google’s latest research shows a significant increase in zero-day vulnerabilities exploited by attackers in enterprise-specific software and appliances compared to previous years.
Key Point 
:
– The number of found and exploited enterprise-specific technology zero-day vulnerabilities increased by 64% in 2023.
– End-user platforms like Windows, Safari, iOS, and Android were also targeted, with notable investments from vendors like Apple, Google, and Microsoft.…