Security News > 2022 > April

A previously unknown Android malware uses the same shared-hosting infrastructure previously seen used by the Russian APT group known as Turla, though attribution to the hacking group is weak at best. Researchers from Lab52 identified a malicious APK [VirusTotal] named "Process Manager" that acts as Android spyware, uploading information to the threat actors.

A previously unknown Android malware has been linked to the Turla hacking group after discovering the app used infrastructure previously attributed to the threat actors. Researchers from Lab52 identified a malicious APK [VirusTotal] named "Process Manager" that acts as Android spyware, uploading information to the threat actors.

GitLab on Thursday issued security updates for three versions of GitLab Community Edition and Enterprise Edition software that address, among other flaws, a critical hard-coded password bug. "A hard-coded password was set for accounts registered using an OmniAuth provider in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts," the company said in its advisory.

Apple, as ever, isn't saying anything about the platforms that didn't get updates, so it's impossible to say whether they're immune and thus unaffected, affected but simply being ignored, or affected and still awaiting updates that will show up in a few days. Intriguingly, Apple's core Security Updates page at HT201222 reports that there are updates denoted tvOS 15.4.1 and watchOS 8.5.1, but Apple merely remarks that these updates have "No published CVE entries".

A Mirai-based distributed denial-of-service botnet tracked as Beastmode has updated its list of exploits to include several new ones, three of them targeting various models of Totolink routers. The authors of DDoS botnets did not waste any time and added these flaws to their arsenal to take advantage of the opportunity window before Totolink router owners applied the security updates.

A new edition of NCC Group's Monthly Threat Pulse report showed that the number of ransomware attacks are on the rise. The report details that ransomware attacks grew by a staggering 53% in February alone, a number that may increase even more with the passing of the Strengthening American Cybersecurity Act in March.

Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely. Apex Central is a web-based management console that helps system admins manage Trend Micro products and services throughout the network.

Phishing attacks exploit free calendar app to steal account credentials. Cybercriminals who specialize in phishing attacks like to point people to actual websites as much as possible.

GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. The bug affects both GitLab Community Edition and Enterprise Edition.

Browser in the browser attacks consist of simulating a browser window within the browser to spoof a legitimate domain. The principle is pretty straightforward: The user connects to a website, which in turn opens a new browser window that asks for Google, Apple, Microsoft or other third parties' credentials, to allow the user to log in.