Malicious Excel XLL add-ins push RedLine password-stealing malware
www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/ Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware.RedLine is an information-stealing Trojan that steals cookies, user names and passwords, and credit cards stored in web browsers, as well as FTP credentials and files from an infected device. In addition to stealing data, RedLine can execute commands, download and run further malware, and create screenshots of the active Windows screen. All of this data is collected and sent back to the attackers to be sold on criminal marketplaces or used for other malicious and fraudulent activity.
Microsoft phishing uses fake Office 365 spam alerts
www.bleepingcomputer.com/news/security/convincing-microsoft-phishing-uses-fake-office-365-spam-alerts/Convincing A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. What makes these phishing emails especially convincing is the use of quarantine[at]messaging.microsoft.com to send them to potential targets and the display name matching the recipients’ domains.
New Twitter phishing campaign targets verified accounts
www.bleepingcomputer.com/news/security/new-twitter-phishing-campaign-targets-verified-accounts/ A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter’s recent removal of the checkmarks from a number of verified accounts, citing that these were ineligible for the legendary status, and were verified in error.
OnePlus Nord 2 has a vulnerability that grants root shell access within minutes on a locked bootloader, without a data wipe
www.xda-developers.com/oneplus-nord-2-vulnerability-root-shell/ OnePlus might have cemented its name among the major Android OEMs, but its phones are no stranger to security flaws. This time, the company has left a rather interesting (read: worrying) vulnerability unpatched on the OnePlus Nord 2 since its release. Although exploiting the loophole requires physical access to the device, the attacker can effectively gain an unrestricted root shell before the user can even enter their credentials. Notably, the newly released Pac-Man edition of the Nord 2 is affected as well.
Apple AirTags being used by thieves to track high-end cars to steal
arstechnica.com/cars/2021/12/apple-airtags-being-used-by-thieves-to-track-high-end-cars-to-steal/ When Apple debuted its new AirTag tracker earlier this year, part of our review focused on the privacy implications of the device. We called the device “a rare privacy misstep from Apple.” This week, Canadian police announced that car thieves have been using AirTags to track vehicles they want to steal.
Setting app permissions in iOS 15
www.kaspersky.com/blog/ios-15-permissions-guide/43041/ With each version of iOS, we’ve seen developers try to protect user data better. However, the core principle remains unchanged: You, the user, gets to decide what information to share with which apps. With that in mind, we’ve put together an in-depth review of app permissions in iOS 15 to help you decide which requests to allow and which to deny.
The Fall of a Russian Cyberexecutive Who Went Against the Kremlin
www.bloomberg.com/news/features/2021-12-03/who-is-ilya-sachkov-russian-cyber-ceo-linked-to-2016-election-fancy-bear-leaks Ilya Sachkov, who’s been charged with treason in Russia, is alleged to have given the U.S. information about the “Fancy Bear” operation that sought to influence the U.S. election.
Kun hakkerointi vaati sukeltamista: amerikkalaiset vakoilivat Neuvostoliiton puhelinkaapelin valtameren pohjassa
www.tivi.fi/uutiset/tv/a73d1dc9-3055-4b56-a9d3-4289747e67f5 Vedenalaisten kaapelien salakuuntelu alkoi yli 50 vuotta sitten.