Recent #Malware news in the semiconductor industry

➀ A hidden feature in the widely-used ESP32 microcontroller allows attackers to spoof devices, steal data, and install malware, posing risks to millions of IoT devices.

➁ The vulnerability stems from hidden commands in the Bluetooth Host Controller Interface (HCI), which are typically used for debugging but can be exploited for malicious purposes.

➂ Espressif, the manufacturer of ESP32, acknowledges the issue but claims these commands are for internal testing. Users are advised to conduct security audits and follow best practices to mitigate risks.

Bluetooth IoT Malware cybersecurity security

hothardware

7 months ago

Sinister New Phishing Kit Targets Billions Of Gmail And Outlook Users

➀ Phishing attacks are on the rise, with over 800,000 victims in the first quarter of 2024;

➁ Astaroth malware bypasses 2FA restrictions to gain access to Gmail, Outlook, or Yahoo accounts;

➂ The malware intercepts requests, captures session cookies, and uses reverse proxy techniques to steal credentials.

Malware Phishing security

hothardware

9 months ago

Alarming Google Calendar Security Flaw Leaves Half A Billion Users Vulnerable To Attack

➀ Security researchers at Check Point warn of a Google Calendar security threat affecting over 500 million users; ➁ Cybercriminals are exploiting user-friendly features to trick victims into clicking malicious links; ➂ The attack is evolving to align with Google Drawings capabilities.

Google Malware security

tweaktown

10 months ago

Officials warn of new hacking scheme involving QR codes and your physical mailbox

➀ Scammers in Switzerland are using fake letters with QR codes to trick people into downloading a fraudulent 'Severe Weather Warning App'; ➁ The app mimics the official Alertswiss app and contains the Copper trojan malware; ➂ Swiss authorities are investigating the extent of the scam.

Copper Trojan Hacking Malware Phishing Postal Service QR Code Scam Switzerland cybersecurity

tweaktown

about 1 year ago

Microsoft officially approved this extremely dangerous door-opening malware

1. Microsoft approved a fake ad blocker that injected kernel-level malware. 2. The malware, HotPages, was marketed to internet cafes in China as DWAdsafe. 3. The issue raises concerns about Microsoft's code-checking process.

Malware Microsoft cybersecurity

pcwatch

about 1 year ago

Fujitsu Announces Possible Data Leakage Including Personal Information Following March Cyber Attack

1. Fujitsu confirms malware infection without ransomware behavior; 2. Potential data leakage involving personal and customer-related information; 3. Implemented measures include isolating and initializing affected PCs, blocking connections to the source server, enhancing security monitoring rules, and updating virus detection software.

Data Breach Malware cybersecurity

hothardware

10 months ago

Devious FakeCall Android Malware Hijacks Bank Calls To Pick Your Pocket

➀ FakeCall malware has been discovered again with new advancements; ➁ It takes over Android's default call handler; ➂ Uses Android's accessibility services for control and features like recording and location access; ➃ Users are advised to be vigilant and use official app stores.

Android Malware security

hothardware

about 1 year ago

Heads-Up Apple Users, Cthulhu Stealer Malware For macOS Is Targeting You

1. Researchers at Cado Security have identified a new malware named 'Cthulhu Stealer' targeting macOS users, disguising as legitimate software like CleanMyMac and Grand Theft Auto IV. 2. The malware, similar to Atomic Stealer, attempts to steal passwords, credentials, cryptocurrency wallets, and game account data. 3. Users are advised to download software only from the Apple App Store or official vendor websites to avoid potential malware threats.

Malware cybersecurity security

tomshardware

about 1 year ago

Secretive network exploits GitHub to spread malware and phishing links — nefarious actors attack from 3,000 shadow accounts

❶ A secret network of 3,000 'ghost' accounts on GitHub has been discovered spreading malware and phishing links. ❷ The operation, named Stargazer Goblin, has been active since June 2023, using GitHub's community tools to boost malicious code visibility. ❸ The network sells services like repository stars and trusted accounts, potentially earning up to $100,000 since August 2022.

Cyber Security GitHub Malware

SemiVoice

Recent #Malware news in the semiconductor industry

Security Bug In ESP Chips! What Is It? How To Handle It?

Sinister New Phishing Kit Targets Billions Of Gmail And Outlook Users

Alarming Google Calendar Security Flaw Leaves Half A Billion Users Vulnerable To Attack

Officials warn of new hacking scheme involving QR codes and your physical mailbox

Microsoft officially approved this extremely dangerous door-opening malware

Fujitsu Announces Possible Data Leakage Including Personal Information Following March Cyber Attack

Devious FakeCall Android Malware Hijacks Bank Calls To Pick Your Pocket

Heads-Up Apple Users, Cthulhu Stealer Malware For macOS Is Targeting You

Secretive network exploits GitHub to spread malware and phishing links — nefarious actors attack from 3,000 shadow accounts