"Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild.
Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023."
"VMware’s Carbon Black Managed Detection and Response (MDR) team observed a surge of TrueBot activity in May 2023."
TLP1 : Green
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.
The threat actor appears to be targeting Spanish-speaking users in the Americas and, based on our analysis, may be located in Brazil.
"Amazon will fork over $30m in fines for multiple privacy violations, including allowing Ring employees to spy on customers, creating a security atmosphere ripe for hackers, and illegally keeping Alexa recordings of children’s voices.
In the first set of charges, the US Federal Trade Commission (FTC) says Amazon’s home security camera company, Ring, violated customer privacy by allowing any Ring employee or contractor to access consumers’ private videos.
"A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times.
Security researchers at Dr. Web discovered the spyware module and tracked it as 'SpinOk,' warning that it can steal private data stored on users' devices and send it to a remote server.
"Google on Thursday announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users, allowing them to automatically acquire and renew TLS certificates for free.
"A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files.
Earlier this month, Google began offering the ability to register ZIP TLD domains, such as bleepingcomputer.zip, for hosting websites or email addresses.
"Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways.
"A Brazilian hacking group has been targeting thirty Portuguese government and private financial institutions since 2021 in a malicious campaign called 'Operation Magalenha.'
Examples of the targeted entities include ActivoBank, Caixa Geral de Depósitos, CaixaBank, Citibanamex, Santander, Millennium BCP, ING, Banco BPI, and Novobanco.
"ESET researchers have discovered an Android app on Google Play that was hiding a new remote access trojan (RAT) dubbed AhRat.
The app, named iRecorder – Screen Recorder, has more than 50,000 installs. The app was initially uploaded to the Google Play store without malicious features on September 19th, 2021. Threat actors introduced the support for malicious functionalities in version 1.3.8 which was uploaded on August 2022.
