Fake Chrome errors known as ClickFix are used to trick victims into running a malicious powershell script as a "fix". This "fix" does some "checks" displays a "Google Chrome warning stating a problem displaying the webpage." The victim is instructed to install a "root certificate" by copying a PowerShell script into the Windows Clipboard and running it as Admin in a Windows PowerShell console which installs DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, a clipboard hijacker, and Lumma Stealer. #Windows #Chrome #Malware #ClickFix https://lnkd.in/euKZbv-Y
Donnie Webb’s Post
More Relevant Posts
-
"In a Friday morning Form 8-K filling with the SEC, AT&T says that the stolen data contains the call and text records of nearly all AT&T mobile clients and customers of mobile virtual network operators (MVNOs) made from May 1 to October 31, 2022 and on January 2, 2023. The stolen data includes: Telephone numbers of AT&T wireline customers and customers of other carriers. Telephone numbers with which AT&T or MVNO wireless numbers interacted. Count of interactions (e.g., the number of calls or texts). Aggregate call duration for a day or month. For a subset of records, one or more cell site identification numbers." #ATandT #DataBreach https://lnkd.in/eY8HxeQy
Massive AT&T data breach exposes call logs of 109 million customers
bleepingcomputer.com
-
"Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We take our obligation to safeguard personal information very seriously, and this incident has been a top priority," Rite Aid said. #RiteAid #DataBreach #Ransomware https://lnkd.in/eWqQTXM7
Rite Aid confirms data breach after June ransomware attack
bleepingcomputer.com
-
Wireshark 4.2.6 has been released addressing several bugs, including: Corrections to the SOME/IP dissector Improvements to the QUIC TLS decryption process Resolution of issues with the SCTP INIT chunk dissector Fixes for the MGCP dissector to prevent potential infinite loops Wireshark 4.2.6 adds updated protocol support for the following: DHCP, E.212, MySQL, NAS-5GS, PKT CCC, ProtoBuf, RADIUS, RLC-LTE, RTP, SIP, SPRT, Thrift, and Wi-SUN #Wireshark #Packets #ProtocolAnalyzer https://lnkd.in/eCTPNyxQ
Wireshark 4.2.6 Released - What's New!
https://cybersecuritynews.com
-
A new ssh vulnerability, CVE-2024-6409, has been discovered which is different than the recent CVE-2024-6387 (RegreSSHion) vulnerability. It appears it only impacts versions 8.7p1 and 8.8p1 in Red Hat Enterprise Linux 9. #SSH #Vulnerability #CVE20246409 #Redhat #RHEL9 #RedhatEnterpriseLinux https://lnkd.in/gH_RT6zT
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
thehackernews.com
-
"Ghostscript comes pre-installed on many Linux distributions and is used by various document conversion software, including ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, and the CUPS printing system. Tracked as CVE-2024-29510, this format string vulnerability impacts all Ghostscript 10.03.0 and earlier installations. It enables attackers to escape the -dSAFER sandbox (enabled by default) because unpatched Ghostscript versions fail to prevent changes to uniprint device argument strings after the sandbox is activated." #Ghostscript #RCE https://lnkd.in/eyHmnaF7
RCE bug in widely used Ghostscript library now exploited in attacks
bleepingcomputer.com
-
Microsoft’s official guide to switching from a Microsoft Account to a local account in Windows has returned. Link to Instructions: https://lnkd.in/eGicAxSD #Microsoft #LocalAccount #Windows10 #Windows11 https://lnkd.in/eDF6M9FY
Microsoft’s official guide to switching from a Microsoft Account to a local account in Windows has been reinstated
tomshardware.com
-
After 41 years Microsoft adds spellcheck and autocorrect to Windows Notepad Since March, this was available to insiders, however, now it is available to the masses. #Microsoft #Notepad https://lnkd.in/eJHpWzV2
After 41 years Microsoft quietly adds spellchecking and autocorrect to Windows Notepad
tomshardware.com
-
"“Sygnia identified that CVE-2024-20399 was exploited in the wild by a China-nexus threat group as a ‘zero-day’ and shared the details of the vulnerability with Cisco. By exploiting this vulnerability, a threat group – dubbed ‘Velvet Ant’ – successfully executed commands on the underlying operating system of Cisco Nexus devices.” reads the report published by Sygnia. “This exploitation led to the execution of a previously unknown custom malware that allowed the threat group to remotely connect to compromised Cisco Nexus devices, upload additional files, and execute code on the devices.“" "The vulnerability impacts the following devices: MDS 9000 Series Multilayer Switches (CSCwj97007) Nexus 3000 Series Switches (CSCwj97009) Nexus 5500 Platform Switches (CSCwj97011) Nexus 5600 Platform Switches (CSCwj97011) Nexus 6000 Series Switches (CSCwj97011) Nexus 7000 Series Switches (CSCwj94682) * Nexus 9000 Series Switches in standalone NX-OS mode (CSCwj97009)" https://lnkd.in/e5YM8GwX #Cisco #NXOS #ZeroDay
CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com
-
PSA: iPhone users, beware phising SMS messages attempting to steal your Apple ID by routing you to a fake login page. "The Mechanics of the Attack According to the Broadcom reports, the recent smishing campaign involved the distribution of deceptive SMS messages that appeared to be from Apple. One such message read: “Apple important request iCloud: Visit signin[.]authen-connexion[.]info/iCloud to continue using your services.” Upon clicking the link, users were directed to a malicious website miming an outdated iCloud login page." #Apple #iPhone #phishing #smishing https://lnkd.in/e7e6acsP
Hackers Attacking Users with Apple IDs Via Malicious SMS
https://cybersecuritynews.com
