[HackerNews] Hackers Targeting Brazil’s PIX Payment System to Drain Users’ Bank Accounts

Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil’s instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals’ control.
“The attackers distributed two different variants of banking malware, named PixStealer and MalRhino,

Source: Read More (The Hacker News)

You might be interested in …

[ZDNet] CISA orders federal civilian agencies to patch Log4j vulnerability and 12 others by December 24

All posts, ZDNet

The US Cybersecurity and Infrastructure Security Agency added the Log4j vulnerability to its Known Exploited Vulnerabilities Catalog. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SANS ISC] Decrypting Cobalt Strike Traffic With a “Leaked” Private Key, (Mon, Oct 25th)

All posts, Sans-ISC

Cobalt Strike C2 traffic is encrypted with AES. The AES key is randomly generated by the beacon, and communicated to the team server via RSA encrypted metadata. The beacon contains the public RSA key, and the team server the private RSA key. To decrypt traffic, you either need the AES key or the private RSA […]

Read More

[HackerNews] Google Releases New Chrome Update to Patch Dozens of New Browser Vulnerabilities

All posts, HackerNews

Google has rolled out the first round of updates to its Chrome web browser for 2022 to fix 37 security issues, one of which is rated Critical in severity and could be exploited to pass arbitrary code and gain control over a victim’s system. Tracked as CVE-2022-0096, the flaw relates to a use-after-free bug in the Storage component, […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.