11.11.2024 Threat Report

Chrome Security Update: Urgent Patch for Serious Security Vulnerabilities

Google has released an important security update for its Chrome browser, addressing two severe vulnerabilities that could allow attackers to take control of a user’s system. The update, issued on 5 November 2024, brings Chrome to versions 130.0.6723.116 and 130.0.6723.117 for Windows, Mac, and Linux users.

‍

Details of the Vulnerabilities

• CVE-2024-10826: A memory issue in Chrome’s Family Experiences component that could allow attackers to execute code or control the system.
• CVE-2024-10827: Another memory flaw in the Serial component, posing similar risks of remote control.

‍

These vulnerabilities could enable attackers to exploit memory errors in Chrome and gain remote access to a system if the user visits a malicious website. No user interaction is needed, making this a widespread risk for all Chrome users.

‍

What Users Should Do

• Update Chrome: Upgrade to version 130.0.6723.116 or higher.
• Enable Automatic Updates: This ensures you get the latest protections without delay.
• Regularly Check for Updates: Monitor Chrome updates to stay ahead of emerging threats.

‍

This patch reflects Google’s ongoing efforts to keep Chrome secure, addressing vulnerabilities quickly in collaboration with security experts. Users are strongly advised to update immediately to avoid these risks.

‍

ToxicPanda Banking Malware: Targeting Users to Steal Account Information

Cybersecurity researchers at Cleafy have identified a dangerous new Android malware known as “ToxicPanda,” designed to steal banking login information. Evolving from a previous malware called “TgToxic,” ToxicPanda uses advanced tactics to gain control over users’ devices, intercepting login information and bypassing two-factor authentication.

‍

Key Abilities of ToxicPanda

• Abuse of Accessibility Services: ToxicPanda exploits Android’s accessibility services to take remote control of devices.
• Bypassing Security: It intercepts One-Time Passwords (OTPs) and bypasses two-factor authentication (2FA).
• Avoiding Detection: The malware uses obfuscation techniques to stay hidden from antivirus software.

‍

The malware has been detected on over 1,500 devices, with most cases in Europe and Latin America. Italy (56.8%), Portugal, Spain, France, and Peru are the most affected regions. ToxicPanda uses fake icons resembling trusted brands, such as Google Chrome and VISA, to trick users. The malware’s command-and-control (C2) server is linked to three specific domains:

• Domains: dksu[.]top, mixcom[.]one, freebasic[.]cn

‍

The malware communicates with the C2 server using encrypted HTTPS requests to send and receive instructions.

‍

Implications and Next Steps

The malware’s infrastructure suggests it is in an early development stage but still capable of causing significant financial harm. Each infected device is monitored by the C2 server, allowing attackers to control it remotely.

This new threat highlights the need for Android users to be cautious of unusual activity on their devices and avoid installing apps from unknown sources.

‍

Nokia Investigates Possible Data Breach as Hacker Claims to Sell Source Code

Nokia is investigating claims of a data breach after a hacker, known as IntelBroker, allegedly obtained and put Nokia’s source code up for sale. IntelBroker, working with another hacker named EnergyWeaponUser, claims to have accessed the data via a third-party contractor involved in developing Nokia’s internal tools.

‍

Stolen Data Allegations

‍

The hacker alleges they accessed a range of Nokia data, including:

• SSH and RSA encryption keys
• Source code
• Bitbucket and SMTP credentials
• Hardcoded access credentials

‍

The stolen data is reportedly for sale on the dark web forum BreachForums for $20,000 in cryptocurrency. The hackers claim that no customer data was accessed, but the internal credentials could expose Nokia to future attacks.

‍

Nokia has confirmed it is investigating, stating, “Nokia is aware of reports that an unauthorised actor claims to have accessed certain data from a third-party contractor and possibly from Nokia. Nokia takes this claim seriously, and we are investigating. To date, our investigation has found no evidence of impact on our systems or data.”

‍

The breach may affect Nokia’s 4G/5G product data related to Vodafone Idea Limited (VIL) in India, raising concerns about the security of critical infrastructure.

‍

This incident highlights the growing threat of supply chain attacks, where attackers target less secure third parties to access larger companies. Nokia’s case serves as a reminder for organisations to strengthen third-party risk management and ensure strong cybersecurity practices across their supply chains.

‍

macOS Users Facing Increased Risk of Malware and Ransomware

Recent reports indicate a rise in sophisticated cyberattacks against macOS users, with hackers exploiting macOS vulnerabilities to deploy malware and ransomware. The primary goal of these attacks is to steal sensitive information or lock users out of their systems until a ransom is paid.

‍

Key Threats

• Targeting macOS: Attackers are increasingly focusing on macOS users, exploiting vulnerabilities within the system.
• Security Measures: Experts advise macOS users to stay updated with the latest security patches and employ strong security practices to minimise risks.

‍

Recommendations for macOS Users

To protect against these threats, macOS users should:

1. Regularly Update: Ensure macOS and all software are updated with the latest security patches.
2. Adopt Strong Security Practices: Use complex passwords, enable multi-factor authentication, and install reputable antivirus software.
3. Stay Vigilant: Be alert to suspicious activity and phishing attempts.

‍

This increase in macOS-targeted attacks highlights the need for proactive security measures to keep systems safe and secure.