Cyber news from around the world this week includes
- New Android Update Patches 36 vulnerabilities
- NimbleMamba Implants Used For Cyberattacks
- SEO poisoning used to spread malware
Android’s Feb 2022 Update Patches 36 vulnerabilities
Google announced that the new security updates for February 2022 patch a total of 36 vulnerabilities. The most severe issue is CVE-2021-39675 which lets the attacker get privileges which means the hacker can exploit the vulnerability posing as a user and can gain access upto the super-admin level.
The update is divided into two parts of which the first part is released on Feb 3rd 2022 and the second part of the update was released on Feb 5th 2022.
Security holes in the Framework, Media framework, and System were fixed in the first part of the update and the second part covers additional 21 flaws in the system and multiple components.
Android devices updated with the February patch or later are protected against all of these security issues. Google also released 4 separate patches for its pixel devices, all of them fixing major exploits.
NimbleMamba Implants Used For Cyberattacks
Known for continuously updating malware implants and attack mediums, the APT group was last linked to espionage targeting human rights activists and journalists in Palestine and Turkey.
The attackers used an assault chain focusing on Center Jap governments, international coverage supposes tanks and a state-affiliated airline.
NimbleMamba uses guardrails to make sure that all contaminated victims are inside TA402’s goal area. To put it simple NimbleMamba sends across a spear-phishing mail and sends the confirmed target to a RAR file upon which NimbleMambs installs their malware on the host.
TA402s’ highly targeted campaigns focused on the Middle East.
Cyberattack campaign uses search engine optimization (SEO) poisoning to spread malware
Attackers have used the method in at least two campaigns across Menlo Security’s global customer base, the REvil ransomware and backdoor SolarMarker. In SEO poisoning attacks, malefactors first compromise legitimate websites and later inject high volume keywords that most likely end up in SERP.
As per Menlo Security reports the attack targets user rather than directly targeting the organizations.
This tactic is used to drop REvil ransomware samples and to drop a backdoor called SolarMarker. The SolarMarket creates a backdoor on the users’ system when they are directed to a compromised site and a malicious pdf is displayed.
The attackers are being very creative in finding new ways to exploit an organization or an individual every single moment and it is expected as much. Let’s hone the best cybersecurity practices to reduce such incidents.
Stay up to date with our cyber news blogs