22 February 2021 Weekly Newsletter

BOCRA website

 

     

NEWSLETTER

Mac Malware Targets Apple’s In-House M1 Processor


                                                     LATEST CYBER HACKS 

 
 

icon

 

Largest commercial bank in Ukraine has 40 million user records sold online

According to the post author, the database for sale contains 40 million entries. PrivatBank denies that the data is from their bank.

 

Yandex Data Breach Exposes 4K+ Email Accounts

In a security notice, Yandex said an employee had been providing unauthorized access to users’ email accounts “for personal gain.”


                                                      VULNERABILITIES

 
 

icon

 

Hackers abuse Google Apps Script to steal credit cards, bypass CSP

Attackers are abusing Google's Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online.

icon

 

Exploit Details Emerge for Unpatched Microsoft Bug

A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.

icon

 

SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps

A vulnerability in an SDK that allows users to make video calls in apps like eHarmony, Plenty of Fish, MeetMe and Skout allows threat actors to spy on private calls without the user knowing.

icon

 

Security bugs left unpatched in Android app with one billion downloads

Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed.


                                     MALWARES

 
 

icon

 

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

A new version of the Masslogger trojan has been targeting Windows users – now using a compiled HTML (CHM) file format to start the infection chain.

icon

 

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign

The WatchDog malware has flown under the radar for two years in what researchers call one of the ‘largest’ Monero cryptojacking attacks ever.


                               GENERAL NEWS

 
 

icon

 

Microsoft Edge is getting a new child-friendly Kids Mode

Microsoft is adding a new 'Kids Mode' to the Microsoft Edge browser that provides a safe environment for children to browse the web and consume family-friendly content.

icon

 

Windows 10 Secure Boot update triggers BitLocker key recovery

Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot.

COMM-CIRT

Botswana Communications Regulatory Authority

Private Bag 00495, Gaborone, Botswana

+2673929961

Disclaimer: This information was gathered from multi-trusted feeds and it is not created by COMM-CIRT