- #LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO INSTALL#
- #LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO UPDATE#
- #LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO PORTABLE#
- #LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO ANDROID#
- #LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO SOFTWARE#
This phishing attack had two phishing attempts as if a user did enter in their Google account information, they would then be redirected to a Facebook page in an attempt to also steal those credentials. The email's content appeared very similar to a legitimate Google notification, however, the email purported to be from If the target clicked the "view activity" button, they were redirected to a fake Google login that used Google Translate to load the malicious domain to trick users into thinking the domain was legitimate, though the domain being translated in the search bar was completely different from a Google page. Larry Cashdollar, a member of Akamai's Security Intelligence Response Team (SIRT), received a phishing email that said his Google account had been accessed on an unknown Windows device. Phishers Leveraging Google Translate to Target Google and Facebook Users ( February 7, 2019) MITRE ATT&CK: Spearphishing Attachment (T1193)
#LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO ANDROID#
Android versions 7.0 to 9.0 are affected. This vulnerability has not been observed in the wild yet.
#LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO PORTABLE#
To exploit this vulnerability, a threat actor would need to send a malicious Portable Network Graphic (.PNG) file to a user's Android device, and would be triggered upon opening the file. Google noted a critical vulnerability in the Android operating system framework that could allow a threat actor to execute arbitrary code and obtain privileged access.
Opening This Image File Grants Hackers Access to your Android Phone ( February 7, 2019)
#LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO SOFTWARE#
The other two vulnerabilities addressed in the new software update, fix the flaws that are related to the FaceTime bug that allowed the caller to see the recipient before they accepted the phone call. The other vulnerability observed in the wild that has been patched, "CVE-2019-7287," impacts the IOKit and could potentially allow a malicious application to execute arbitrary code with kernel-level privileges. The first vulnerability patched in this update, registered as "CVE-2019-7286," affects the Foundation component in iOS and could potentially allow a malicious application elevated privileges.
#LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO UPDATE#
Google Spots Attacks Exploiting iOS Zero-Day Flaws ( February 8, 2019)Īpple released a new software update to their iOS that addressed four vulnerabilities, including two privilege escalation vulnerabilities observed to be exploited in the wild. MITRE ATT&CK: Uncommonly Used Port (T1065) The infection source appears to have started from some IP cameras and web services via TCP port 8161. The observed script downloads a modified version of the "XMR-Stak" cryptominer that mines for Cryptonight cryptocurrency.
#LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS TO INSTALL#
The script appears to be similar to the "KORKERDS" malware, but is notably different in that this malware does not install a rootkit or uninstall antivirus software, as well as this new malware has KORKERDS in its kill list. The script is capable of killing and/or deleting a number of known Linux malware, cryptominers, and connections to other miner services and ports, and after installing its own malware, it implants itself into the machine's system to survive rebooting and deletion. Researchers from Trend Micro found a script on one of their honeypots that was downloading and installing a cryptocurrency mining malware onto a Linux system. Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners ( February 8, 2019) Mumsnet was notified by a user to the issue, and they promptly fixed the issue. Because of the software change that was occurring at that time, users could view the details of other users including account details, email addresses, personal messages, and posting history. Between 2 pm on February 5 and 9 am on February 7, 2019, users that attempted to log into the website could have accessed another user's account information if two users were logging into the site simultaneously. The parenting forum website, "Mumsnet," suffered a data breach following migrating their services to the cloud.
Mumsnet Data Leak Baffled Parents As Cloud Migration Exposed Users' Personal Data ( February 10, 2019)
0 kommentar(er)
