Ειδοποιήσεις

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.

Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in the wild or have publicly available proof-of-concept exploits.

Not all versions are vulnerable

The vulnerability tracked as CVE-2020-4006 is a command injection bug — with a 9.1/10 CVSSv3 severity rating — found in the administrative configurator of some releases of VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector. Read more »

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call.

The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google’s Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version 284.0.0.16.119 (and before) of Facebook Messenger for Android.

In a nutshell, the vulnerability could have granted an attacker who is logged into the app to simultaneously initiate a call and send a specially crafted message to a target who is signed in to both the app as well as another Messenger client such as the web browser. Read more »

Cisco has fixed today three Webex Meetings security vulnerabilities that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.

Cisco Webex is an online meeting and video conferencing software that can be used to schedule and join meetings. It also provides users with presentation, screen sharing, and recording capabilities.

Cisco’s remote meetings platform has seen a 451% usage increase over four months due to the current COVID-19 pandemic, with roughly 4 million meetings being hosted in a single day for 324 million users at its peak.

Read more »

Κατόπιν ενημέρωσης από κρίσιμη υποδομή, το Εθνικό CSIRT-CY διεξήγαγε τις κατάλληλες ενέργειες για την αντιμετώπιση επίθεσης impersonation, ή αλλιώς πλαστοπροσωπίας. Κατά το συγκεκριμένο περιστατικό, κακόβουλοι χρήστες δημιούργησαν ιστοσελίδα με πανομοιότυπο σύνδεσμο και ιστότοπο με αυτών του γνήσιου όπου αποσκοπούσαν στην υποκλοπή διαπιστευτηρίων.

Η επίθεση πλαστοπροσωπίας αποτελεί μορφή ηλεκτρονικής απάτης κατά την οποία ο εισβολέας παρουσιάζεται ως γνωστό ή αξιόπιστο άτομο με σκοπό την εξαπάτηση για τη μεταφορά χρημάτων σε τραπεζικό λογαριασμό, την κοινή χρήση ευαίσθητων πληροφοριών, ή την αποκάλυψη διαπιστευτηρίων σύνδεσης όπου οι εισβολείς μπορούν να χρησιμοποιήσουν για να εισχωρήσουν στο δίκτυο υπολογιστών μιας εταιρείας. Η απάτη του διευθύνοντος συμβούλου (CEO), ο παραβίαση ηλεκτρονικού ταχυδρομείου επιχειρήσεων και η στοχοποίηση υψηλόβαθμων στελεχών είναι συγκεκριμένες μορφές αυτής της επίθεσης όπου κακόβουλα άτομα παρουσιάζονται ως υψηλά στελέχη μίας εταιρείας. Read more »

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators.

Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information.

Its capabilities are similar to another malware strain dubbed AnarchyGrabber that infects Discord users, also used for harvesting credentials and disabling the victims’ two-factor authentication (2FA).

Netskope discovered the info stealer in October 2020 while collecting data for a previous report, with TroubleGrabber samples (detected as Razy variants) making up over 85% of all 1,650 malware samples targeting Discord during October.

Read more »