4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021 – Tempemail

Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, Continue Reading

Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware – Tempemail

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines. “[T]he stealer is a PowerShell script, short with powerful collection capabilities — in Continue Reading

Parents told they may face police action as teachers targeted on TikTok | Schools- Tempemail

Teachers are being targeted by abusive and humiliating TikTok accounts set up by students, prompting a warning from schools that parents may face police action over offending posts. Officials at the Department for Education have said they are engaging with the social media giant after headteachers complained of dozens of Continue Reading

Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks – Tempemail

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can Continue Reading

Over 10 Million Android Users Targeted With Premium SMS Scam Apps – Tempemail

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed “UltimaSMS” — is believed to commenced in May 2021 and involved apps that cover a Continue Reading

Ransomware hackers targeted three US water facilities in 2021, cyber officials say- Tempemail

Hackers targeted three US water treatment facilities with ransomware over the last eight months, officials with the Cybersecurity and Infrastructure Security Agency (Cisa) said in a bulletin released on Thursday. Cisa said the alert, titled “Ongoing Cyber Threats to US Water and Wastewater Systems,” was released as a result of Continue Reading

Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo – Tempemail

A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group’s first foray into digital surveillance in Africa. Amnesty International tied the covert attack campaign to a collective tracked as “Donot Team” (aka APT-C-35), which Continue Reading

Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users – Tempemail

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have Continue Reading

Russian Turla APT Group Deploying New Backdoor on Targeted Systems – Tempemail

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware “TinyTurla” for its limited functionality and efficient coding Continue Reading

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks – Tempemail

Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. “These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed Continue Reading