In a bid to enhance user experience, Microsoft has reintroduced mouse gestures in its Edge Canary version, a feature previously present in legacy Edge before the transition to Chromium. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
In a bid to enhance user experience, Microsoft has reintroduced mouse gestures in its Edge Canary version, a feature previously present in legacy Edge before the transition to Chromium. […] Read More
BleepingComputer
Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security
The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both Read More
Trellix ESM Flaw Let Attackers Execute Arbitrary Commands
According to recent reports, there have been two serious vulnerabilities found in the Trellis SIEM. These vulnerabilities could potentially allow malicious actors to execute unauthorized commands within the Enterprise Security Manager (ESM) of Trellix.
This poses a considerable risk to the security of the system and should be addressed promptly to prevent any potential breaches.
Trellix has released CVEs and patches for fixing these vulnerabilities.
This vulnerability exists due to incorrect neutralization of special elements leading to command injection, thereby allowing the attacker to gain privilege escalation or execute arbitrary commands in the Enterprise Security Manager.
The CVSS Score of this vulnerability is given as 7.8 (high).
This vulnerability exists due to the failure of sanitization of processing a .zip file and incomplete neutralization of external commands that control process execution of the .zip application leading to privilege escalation or arbitrary command execution for an authorized user.
The CVSS score of this vulnerability is given as 8.1 (high).
Trellix also gave credit to two security researchers Andre Waldhoff (condignum GmbH) and Johannes Bär (condignum GmbH) for discovering these flaws and reporting them.
Below is the list of products affected due to these vulnerabilities and the patched version
Affected ProductsFixed in VersionSIEM Enterprise Security Manager 11.6.xUpgrade to 11.6.7 (June 2023 release)SIEM Enterprise Security Manager 11.5.xSIEM Enterprise Security Manager 11.4.xSIEM Enterprise Security Manager 11.3.x (EOL)
Users of these products are recommended to upgrade to the latest version to patch these vulnerabilities.
Trellix is a computer security company that has more than 40,000 customers, including nearly 80% of the Fortune 500 companies.
The company has a net worth of nearly $3.24 billion and has a revenue of $940 million as of 2020 with nearly 3500 employees worldwide.
“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.
The post Trellix ESM Flaw Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.
Cyber Security News
New Android Malware SpyAgent Taking Screenshots Of Users’ Devices
Android malware has evolved significantly since its inception, transitioning from simple threats like SMS Trojans to complex ransomware and banking Trojans.
The evolution of Android malware reflects a broader trend of increasing sophistication in mobile malware driven by the Android ecosystem’s open nature.
Security Intelligence researchers recently discovered a new Android malware dubbed “SpyAgent” that takes screenshots of users’ devices.
A new Android malware strain, SpyAgent, is now targeting screenshots of cryptocurrency recovery phrases stored on devices using OCR technology.
Attend a Free Webinar on How to Maximize Cybersecurity Program ROI
The SpyAgent malware spreads via phishing, encouraging users to install malware-laden applications. After installation, the spy agent looks for screenshots containing the 12-24-word recovery phrases used in these wallets’ passwords.
Since these long phrases are certainly difficult to remember, many users take screenshots for reference, which makes them vulnerable to theft.
If the threat actors access these recovery phrases, they can use them to recover the associated cryptocurrency wallets and transfer the funds to their own accounts, reads the SecurityIntelligence report.
Once this is done, the stolen funds cannot be recovered as the crypto transactions are non-recoverable. This malware has spread mainly in Korea, affecting over 280 malicious APK files that were distributed externally to the official Google Play market.
There are also signs that SpyAgent may be looking to broaden its base and target users situated in the UK.
In addition to cryptocurrency, the potential of the malware’s ability to capture screenshots would also create dangers over any critical data that the users had screenshots like “business logins,” “personal identity,” and “contact details,” which would facilitate even more data leaks and instances of identity theft.
Screenshots containing critical and sensitive data are prime targets for malicious actors. To mitigate this threat, avoid taking screenshots altogether, be careful about unsolicited text messages, and only install applications from trusted sources.
However, perfect security is a myth, as no amount of precaution is ever enough with all these interconnected devices.
Industry data shows that organizations that use sophisticated security solutions are able to detect and mitigate breaches 100 days faster than the global average.
Here below we have mentioned all the recommendations:-
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
The post New Android Malware SpyAgent Taking Screenshots Of Users’ Devices appeared first on Cyber Security News.