Snowblind is effective on all modern Android devices and primarily targets banking apps. It avoids detection by modifying the app and exploiting the Linux kernel’s seccomp feature to control the app’s system calls.
Major secrets, including cloud environment credentials, internal infrastructures, and telemetry platforms, have been found exposed on the internet due to Git-based processes and Source Code Management (SCM) platforms behavior.
The non-profit cybersecurity organization, the Shadowserver Foundation, has observed exploitation attempts against CVE-2024-5806. They noted that the exploitation began soon after the vulnerability details were made public.
The adoption of ransomware in cyberespionage attacks helps adversaries blur the lines between APT and cybercriminal activity, leading to potential misattribution or concealing the true nature of the operation.
These vulnerabilities include SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. Ubuntu has released updates for various versions, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM.
Siemens recently patched several vulnerabilities in its Sicam products that could be exploited to target the energy sector. The updates addressed two high-severity and one medium-severity flaws.
The vulnerability, tracked as CVE-2024-27867, affects various AirPods models, Powerbeats Pro, and Beats Fit Pro. An attacker in Bluetooth range could spoof the source device and gain access to the headphones, potentially allowing eavesdropping.
The Medusa banking trojan (aka TangleBot) operates as a malware-as-a-service, providing keylogging, screen controls, and SMS manipulation. Note that this operation is different from the ransomware gang and the Mirai-based botnet with the same name.
UK and US law enforcement agencies have collaborated to combat the Qilin ransomware gang, which has targeted the global healthcare industry through several recent attacks.
The polyfill.io domain, which offers JavaScript code to add functionality to older browsers, has been compromised and is infecting over 100,000 websites with malware. The domain was purchased by a Chinese organization earlier this year.