ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week...

EUVD-2024-24421

Malicious code in bioql PyPI...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious person could exploit the vulnerabilities to bypass a security measure, grant themselves elevated privileges, access sensitive data, execute arbitrary code, possibly with kernel privileges or cause a Denial-of-Service. Successful abuse requires...

CVE-2024-27180

An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL...

CVE-2024-27180

CVE-2024-27180 is described as a TOCTOU-type vulnerability in Toshiba e-STUDIO MFPs where an attacker with admin access can install rogue applications. The Initial description is minimal, and connected sources corroborate a vulnerability pattern affecting Toshiba multi-function printers, with bro...

CVE-2024-27180 TOCTOU vulnerability

An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL...

CVE-2024-27180 TOCTOU vulnerability

An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL...

PT-2024-21715 · Toshiba Tec · Toshiba Tec E-Studio Multi-Function Peripheral +44

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An attacker with admin access can install rogue applications. There is no information provided about the estimated number of potentially affected device...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Meta accuses apps of stealing WhatsApp accounts

Meta is attempting to clamp down on rogue WhatsApp-styled applications which originate from China. Bleeping Computer reports that no fewer than one million WhatsApp accounts have been compromised, allegedly as a result of using these apps which are claimed to bundle malware. Dubious apps The apps...

Android RSSI Broadcast Information Disclosure

Blog post here: https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-9581/ NOTE: This bug is part of a series of three related Android bugs with the same root cause: CVE-2018-9489, CVE-2018-9581 and CVE-2018-15835. A presentation covering all three bugs was given at BSides DE in the fall ...

Apple Mac OS X Gatekeeper Bypass

Gatekeeper is Mac OS X’s guardian against rogue applications and malware sneaking into Apple’s famous walled garden. It’s also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow at Virus Bulletin in Prague, researcher Patrick Wardle,...

Android IMSI-Catcher Detector: AIMSICD

AIMSICD is an app to detect IMSI-Catchers . IMSI-Catchers are false mobile towers base stations acting between the target mobile phones and the real towers of service providers. As such they are considered a Man-In-The-Middle MITM attack. In the USA the IMSI-Catcher technology is known under the...

Android malware - Works on remote commands form encrypted blog

Android malware - Works on remote commands form encrypted blog Researchers from Trend Micro have spotted a piece of malicious software for Android. This is the first known Android malware that reads blog posts and interprets these as commands. It can also download and install additional...

Account protection status warning scares Facebook Users !

Over the last few weeks we have been contacted by a number of members of the our Facebook page, concerned by a message they saw on Facebook, warning them that their account protection was "very low". With fake anti-virus also known as scareware attacks becoming an ever-growing problem they attemp...

'Dislike' Button Scam on Facebook Goes Viral

Researchers are advising Facebook users to avoid offers to download an “official dislike button”, which the firm claims has spread virally across the service. There are two different versions of the ruse thus far, both with tiny URL links to rogue applications. Read the full article...