02-Oct-23: In Security News Today

New Android Malware ‘Zanubis’ Disguises Itself as a Governmental Organization

A recent study by Securelist reveals the emergence of new versions of Lumma stealer and Zanubis Android banking malware. ASMCrypt, a cryptor/loader variant associated with the DoubleFinger loader, was found to be potentially acting as a ‘front’ for a TOR network service. Zanubis, an Android banking trojan, disguises itself as a legitimate Android app from Peruvian governmental organizations and targets financial and cryptocurrency users in Peru.

Israeli Surveillanceware Company Exploits Zero-Day Vulnerabilities to Target Egyptian Organizations

Israeli surveillanceware company Intellexa has used three Apple zero-day vulnerabilities and a Chrome zero-day to develop an exploit chain for iPhones and Androids, targeting organizations in Egypt. The company used man-in-the-middle attacks to intercept users and install its signature ‘Predator’ spyware. The findings highlight the harms caused by commercial surveillance vendors and the need for the security industry to learn from these exploits to make it harder for attackers to create new ones.

Active Exploitation of Critical Flaw in Progress Software’s WS_FTP Server Detected

Security experts have detected active exploitation of a critical pre-authentication flaw in Progress Software’s WS_FTP server product. The vulnerability, known as CVE-2023-40044, has a CVSS score of 10/10 and affects all WS_FTP Server versions prior to 8.7.4 and 8.8.2. The flaw allows attackers to trigger the vulnerability over the internet and affects the entire Ad Hoc Transfer component of WS_FTP.

Malware Disguised as Images Used in Spear-Phishing Attack on Azerbaijan Businesses

A spear-phishing campaign targeting businesses associated with an Azerbaijan company used images purporting to be of the Armenia and Azerbaijan conflict to deliver malware. The emails contained a zip file with both genuine and malicious content, and the images within the file hid the malware. The malware, written in Rust, steals basic computer information and sends it to a command-and-control server, suggesting it may be part of a targeted attack or reconnaissance phase.

Iran-Linked APT34 Targets Saudis with Menorah Malware

APT34, a notorious advanced persistent threat group linked to Iran, is conducting a phishing campaign targeting users in the Middle East. The campaign utilizes a custom tool called Menorah, which can identify the target’s machine, upload and download files, and execute shell commands. The document used in the attack contains pricing information in Saudi Riyal, suggesting at least one targeted victim is located in Saudi Arabia.

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

A critical security vulnerability in JetBrains TeamCity could allow unauthenticated attackers to achieve remote code execution, potentially exposing source code, service secrets, and private keys. The flaw has been addressed in the latest version of TeamCity, but it is likely to be weaponized by threat actors. Active exploitation attempts have already been detected, with over 1,200 servers estimated to be susceptible to the flaw.

Microsoft Defender Flags Tor Browser as a Trojan and Removes it from the System

Windows users have reported that Microsoft Defender is flagging the latest version of the Tor browser as malware. The false alert is believed to be due to the new heuristic detection method used in Microsoft Defender, which marks Tor as malicious. Tor representatives advise users to check if the browser was installed from the official website and recommended adding Tor to Microsoft’s protection software exclusion list.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.