A critical vulnerability (CVE-2023-49647) has been identified in Zoom products, exposing the potential for threat actors to exploit it for activities such as denial of service, privilege escalation and unauthorized disclosure of sensitive information on impacted systems. This jeopardizes the confidentiality and integrity of Zoom sessions and user data, underscoring the urgency to implement essential measures to effectively mitigate this threat.
Security researchers uncovered a new technique used by cyber criminals to hack into people' Google accounts without requiring their passwords. Google accounts are potentially exposed due to authentication cookies that bypass two-factor authentication. In this hack, criminals employ malware to gain access to Google accounts without requiring any passwords. According to the findings, the malware uses third-party cookies to gain access to private information from affected accounts. Furthermore, the new weakness allows hackers to access Google services even after a user's password has been reset. However, Chrome is currently cracking down on third-party cookies.
Cybercriminals are continuously looking for and developing new ways to disseminate malware, with the most recent option being through malicious advertisements. These malicious advertising, or malvertising campaign are used to spread .NET loaders, known as MalVirt, that deploy information-stealing malware unto unsuspecting devices. Malvertising is a relatively recent hacking strategy that embeds harmful malware in digital advertisements. Almost every internet user is vulnerable to infection.
![[THREAT ALERT]: PLANNED ATTACKS ON NATION’S CRITICAL INFORMATION INFRASTRUCTURES BY “ANONYMOUS SUDAN” HACKING GROUP AGAINST NIGERIA](https://cert.gov.ng/ngcert/images/alerts-advisories/threat-alert-sm.jpg)
Anonymous Sudan on the 1st of August, 2023 announced via their Telegram channel of planned cyber attacks against critical information infrastructures in Nigeria, following Nigeria’s role and involvement in ECOWAS recent directives to the Niger Military in the process of restoring power to the democratically elected government of Niger Republic.
CISA and its partners recently released an advisory to warn vendors, designers, developers, and end-users of web applications about IDOR vulnerabilities, which are access control vulnerabilities that enable threat actors to modify or delete data. In addition, these vulnerabilities enable threat actors to access sensitive data by issuing requests to a web application programming interface (API) specifying the user identifier of valid users. These vulnerabilities are frequently exploited by malicious actors in data breach incidents because they are common, hard to prevent outside the development process, and can be abused at scale. IDOR vulnerabilities have resulted in the compromise of personal, financial, and health information of millions of users and consumers
