Ειδοποιήσεις

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call.

The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google’s Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version 284.0.0.16.119 (and before) of Facebook Messenger for Android.

In a nutshell, the vulnerability could have granted an attacker who is logged into the app to simultaneously initiate a call and send a specially crafted message to a target who is signed in to both the app as well as another Messenger client such as the web browser. Read more »

Cisco has fixed today three Webex Meetings security vulnerabilities that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.

Cisco Webex is an online meeting and video conferencing software that can be used to schedule and join meetings. It also provides users with presentation, screen sharing, and recording capabilities.

Cisco’s remote meetings platform has seen a 451% usage increase over four months due to the current COVID-19 pandemic, with roughly 4 million meetings being hosted in a single day for 324 million users at its peak.

Read more »

Κατόπιν ενημέρωσης από κρίσιμη υποδομή, το Εθνικό CSIRT-CY διεξήγαγε τις κατάλληλες ενέργειες για την αντιμετώπιση επίθεσης impersonation, ή αλλιώς πλαστοπροσωπίας. Κατά το συγκεκριμένο περιστατικό, κακόβουλοι χρήστες δημιούργησαν ιστοσελίδα με πανομοιότυπο σύνδεσμο και ιστότοπο με αυτών του γνήσιου όπου αποσκοπούσαν στην υποκλοπή διαπιστευτηρίων.

Η επίθεση πλαστοπροσωπίας αποτελεί μορφή ηλεκτρονικής απάτης κατά την οποία ο εισβολέας παρουσιάζεται ως γνωστό ή αξιόπιστο άτομο με σκοπό την εξαπάτηση για τη μεταφορά χρημάτων σε τραπεζικό λογαριασμό, την κοινή χρήση ευαίσθητων πληροφοριών, ή την αποκάλυψη διαπιστευτηρίων σύνδεσης όπου οι εισβολείς μπορούν να χρησιμοποιήσουν για να εισχωρήσουν στο δίκτυο υπολογιστών μιας εταιρείας. Η απάτη του διευθύνοντος συμβούλου (CEO), ο παραβίαση ηλεκτρονικού ταχυδρομείου επιχειρήσεων και η στοχοποίηση υψηλόβαθμων στελεχών είναι συγκεκριμένες μορφές αυτής της επίθεσης όπου κακόβουλα άτομα παρουσιάζονται ως υψηλά στελέχη μίας εταιρείας. Read more »

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators.

Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information.

Its capabilities are similar to another malware strain dubbed AnarchyGrabber that infects Discord users, also used for harvesting credentials and disabling the victims’ two-factor authentication (2FA).

Netskope discovered the info stealer in October 2020 while collecting data for a previous report, with TroubleGrabber samples (detected as Razy variants) making up over 85% of all 1,650 malware samples targeting Discord during October.

Read more »

The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum.

DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

As part of this arrangement, the DarkSide ransomware developers receive a 10-25% cut, and an affiliate gets 75-90% of any ransom payments they generate.

As DarkSide is a private operation, hackers who want to distribute their ransomware must first apply for access. Read more »