‘Nexus’ Android Trojan Targets 450 Financial Applications “How to Transform Your Life: Discover the Secrets to True Happiness!”
The Nexus Android banking trojan has been recently introduced as a malware-as-a-service (MaaS) on underground forums, with a pricing model of $3,000 per month for subscription. It is believed to have a connection to the Sova banking trojan and is primarily utilized for attacking banking and cryptocurrency accounts. Among its functionalities are SMS interception, data…
Nexus Android banking trojan targets 450 financial apps
An Android banking trojan named Nexus is being used by multiple threat actors to target 450 financial applications, cybersecurity firm Cleafy has warned. The malware appears to still be in its early stages of development, but it offers several features to perform account takeover (ATO) attacks against banking portals and cryptocurrency services, such as credentials…
Cisco Patches High-Severity Vulnerabilities in IOS Software
This week, Cisco released its semiannual IOS and IOS XE software security advisory bundle, which addresses ten vulnerabilities, including six rated ‘high severity.’ Of the most important high-severity bugs, three security flaws can be exploited by remote, unauthenticated attackers to cause a denial-of-service (DoS) condition. The first of these, CVE-2023-20080, impacts the IPv6 DHCP version…
CISA Expands Cybersecurity Committee, Updates Baseline Security Goals “Unlock the Secrets of Success – How to Achieve Your Goals!”
This week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of new experts to its Cybersecurity Advisory Committee (CSAC), as well as updated baseline cybersecurity goals. The CSAC’s role is to provide the CISA director with advice on policy and program initiatives, and the new members of the committee include experts from…
Chrome 111 Update Patches High-Severity Vulnerabilities “Unlock the Secrets to a Successful Business: Proven Strategies for Business Owners” “Harness the Power of Success: Uncover the Strategies that Drive Business Success!”
Google this week announced an update to Chrome 111, which comes with patches for eight vulnerabilities, including seven reported by external researchers. All seven of the externally reported issues are high-severity memory safety bugs, with four of them described as use-after-free vulnerabilities. Of the reported issues, the most important is CVE-2023-1528, a use-after-free flaw in…
‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks “Unlock the Hidden Benefits of Investing in Mutual Funds!”
This week, cybersecurity company Black Lantern announced Badsecrets, an open source tool designed to help identify known or weak cryptographic secrets across various web frameworks. The library is written in Python and has a modular design, offering ten modules meant to replace existing tools for finding secrets. Badsecrets is inspired by Blacklist3r, a project from…
Researchers Reveal New Malware Distribution Techniques
Researchers Reveal New Malware Distribution Techniques Mar 22, 2023 – Cyber Threat Intelligence: The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware, according to multiple reports from AhnLab Security Emergency response Center (ASEC), SEKOIA.IO, and Zscaler. ScarCruft is also known as…
Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products Organizations using Aveva’s HMI and SCADA products have recently been informed of the existence of several potentially serious vulnerabilities. Last week, Aveva and CISA published security advisories in regards to three vulnerabilities in the InTouch Access Anywhere HMI and Plant SCADA Access Anywhere products.…