No recent events yet!
Security investigations revealed that a self-propagating USB malware released in 2020, is still active and spreading across systems worldwide, through infected USB drives. Monitoring of the PlugX worm variant revealed that about 2.5 million IP addresses were infected, in over 170 countries including Nigeria and over 100,000 unique IPs still send daily requests to the sinkhole, indicating that the botnet remains active. It is worthy to note that 15 out of the 170 countries affected by the malware spread, account for 80% of the infections recorded, Nigeria inclusive.
A new evolving malware family that targets mobile banking apps on Android smartphones has been discovered. The android trojan dubbed Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware. Brokewell is capable of device takeover, remote control, data exfiltration and monitoring capabilities. Furthermore, the malware has the capability to bypass Android 13, 14, and 15 restrictions, while deploying phishing tactics such as fake browser updates as a means to trick targets into downloading and installing a version of the malware.
Security researchers identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS. The vulnerability allows the threat actor to remotely exploit the firewall device, create a reverse shell, and download further tools onto the device. The attacker focused on exporting configuration data from the devices, and then leveraging it as an entry point to move laterally within the victim organizations. Accordingly, users of Palo Alto products in Nigeria are advised to upgrade their products to the latest versions as recommended.
Multiple critical vulnerabilities have been reported in Oracle products. The identified security flaws could allow attackers to remotely execute code, manipulate data, or gain unauthorized access to systems. Notably, security research revealed that over 200 vulnerabilities can be exploited remotely by unauthenticated attackers. Nonetheless, Oracle has released its Critical Patch Update (CPU) including 441 security patches, with over 200 addressing remotely exploitable flaws. Also, the released updates include patches for third-party components in Solaris, Oracle Linux, and Oracle VM Server for x86. Accordingly, users are advised to upgrade their products to the latest versions as recommended.
A new version of the Vultur banking trojan posing as a security app, authenticator or productivity apps to steal sensitive data and gain total control over compromised android devices has been discovered. The malware has been embedded in over 800 apps on the Google Play Store and many android devices have been compromised. This latest version of the malware includes more advanced remote-control capabilities and an improved evasion mechanism, enabling its operators to remotely interact with a mobile device and harvest sensitive data. This type of attack relies on "smishing" (SMS phishing) and phone calls to trick their targets into installing a version of the malware. Additionally, it can also be distributed via trojanized dropper apps known as Brunhilda.
