BRANDEFENSE BRANDEFENSE
  • Home
  • Product
    How it works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    brandefense background
    Eliminate risks
    Explore the Brandefense
  • Blog
  • Resources
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    We in the Press
  • Partners
    Channel Partners
    Deal Registration
  • Company
    About Us
    Career
    Privacy Policy
    Terms of Use
    Contact Us
Free Trial

BRANDEFENSE

  • Home
  • Product
    How it works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    brandefense background
    Eliminate risks
    Explore the Brandefense
  • Blog
  • Resources
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    We in the Press
  • Partners
    Channel Partners
    Deal Registration
  • Company
    About Us
    Career
    Privacy Policy
    Terms of Use
    Contact Us
Weekly Security News – Week 1

Weekly Security News – Week 1

BRANDEFENSE
Weekly Newsletter
05/01/2023

Last updated on January 31st, 2023 at 05:19 pm

lenovo uefi vulnerabilities

Table of Contents

  • Critical Vulnerabilities on Lenovo ThinkPad X13s BIOS
  • Godfather Trojan Activity Targeting Financial Sector Detected
  • Deezer User Data Detected Shared on Underground Forums

Critical Vulnerabilities on Lenovo ThinkPad X13s BIOS

Security vulnerabilities have been identified that affect the BIOS software of Lenovo ThinkPad X13s model devices and may cause threat actors to execute code remotely on the affected system and access sensitive data of the local user. (Reference Link)

The details of the identified vulnerabilities are as follows;

The vulnerabilities tracked as CVE-2022-40516, CVE-2022-40517, and CVE-2022-40520, are stack-based buffer overflow security vulnerabilities that could allow a local threat actor with elevated privileges to cause memory corruption in the Qualcomm BIOS.

The vulnerabilities, tracked as CVE-2022-40518 and CVE-2022-40519 in the Qualcomm BIOS, allow a local threat actor with elevated privileges to access memory contents.

The vulnerabilities tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435, which are in the ThinkPad X13s BIOS, allow a local threat actor with elevated privileges to access memory contents.

These vulnerabilities affect versions before ThinkPad X13s BIOS 1.47. To avoid being the target of attacks that can be carried out using vulnerabilities, it is recommended to upgrade to current versions that fix the vulnerability.

godfather trojan activity targeting financial sector detected
Security News
Godfather Trojan Activity Targeting Financial Sector Detected
29/12/2022

Read more
the godfather trojan brandefense

Godfather Trojan Activity Targeting Financial Sector Detected

The Group-IB Threat Intelligence team detected that the Godfather Android banking trojan targeted more than 400 international financial companies between June 2021 and October 2022. Half of the targeted financial companies are banks, and the other half are cryptocurrency wallets and exchanges. The Godfather’s targets include 49 US-based companies, 31 Turkish-based companies, and 30 Spanish-based companies. Financial service providers in Canada, France, Germany, England, Italy, and Poland are among the hardest-hit companies.

The Godfather trojan was developed using the source code of another banking trojan called Anubis. However, The Godfather differs from Anubis with its updated functionality, such as updated command and control (C&C) communication, traffic encryption algorithm, a new module for managing virtual network computing (VNC) connections, and Google Authenticator OTPs. The Godfather is distributed through fake apps hosted on Google Play. Fake pages are placed on Godfather-infected devices. These fake web pages are opened when users click on fake notifications or open legitimate apps targeted by the Godfather. All data entered on these pages (usernames and passwords) is sent to command and control (C&C) servers.

godftaher trojan targeting usa and turkey financial companies
Fake Web Pages Imitating Mobile Banking Applications Serving in Turkey

Some activities that Godfather trojan software performs on infected systems;

  • Recording the device’s screen
  • Creating VNC connections
  • Capturing keystrokes (keylogging)
  • Leaking push notifications and SMS messages (to bypass 2FA)
  • Send SMS messages
  • Forward calls
  • Execute USSD requests
  • Start proxy servers
  • Enabling silent mode
  • Establishing WebSocket connections

A Godfather sample analyzed in September 2022 was observed to mimic Google Protect. When a user launches a malicious application, the application imitates the legitimate Google application, but the Godfather activities are running in the background. Once the malware is launched, it persists on the infected device, creates a pinned notification, and hides its icon from the list of installed apps. Considering these details, it is recommended to consider the following security recommendations to avoid being a victim of targeted attacks that the Godfather malware may carry out.

  • Emails, attachments, and links from unknown parties should not be respected.
  • Downloaded applications should be downloaded from legitimate application stores, and by checking the evaluations made,
  • Comprehensive security solutions should be used.
wpbakery page builder plugin’s vulnerability affects 1.6 million wordpress sites
Security News
WPBakery Page Builder Plugin’s Vulnerability Affects 1.6 Million WordPress Sites
19/07/2022

Last updated on August 9th, 2022 at 01:57 am

Read more
deezer underground

Deezer User Data Detected Shared on Underground Forums

Deezer was exposed to a security breach in September 2019 that resulted in a user data vulnerability. Deezer stated that the breach was carried out by compromising the security of 3rd party partners and that users’ sensitive data, such as payment information or passwords, were not affected by the breach. However, during the intelligence studies, it was detected that threat actors in underground forums leaked the user data obtained in the September 2019 breach.

deezer brandefense

The leaked data includes various personal data of Deezer users, such as name, surname, gender, date of birth, e-mail address, location information, IP address, and username. Threat actors who shared the post stated that the breach occurred because a third party made a publicly accessible backup of the data.

Deezer users are advised to be aware of the leaked data, not to trust e-mails, attachments, and links from unknown parties, and to change the password information used on the platform by applying strong password policies. In addition, it is recommended that institutions/organizations and companies store and back up their data in a secure and inaccessible way, keep their systems up-to-date, and benefit from comprehensive security solutions in order not to be the target of data breaches.

a critical vulnerability affecting qnap nas devices has been detected
Security News
A Critical Vulnerability Affecting QNAP NAS Devices Has Been Detected
01/02/2023

Read more
Share on Facebook Share on Twitter
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • Perspective of the Month | APT Groups
    Perspective of the Month | APT Groups
  • BellaCiao: The New Malware From Iran’s Charming Kitten
    BellaCiao: The New Malware From Iran’s Charming Kitten
  • Security News Digest | Security Newsletter | April 27, 2023
    Security News Digest | Security Newsletter | April 27, 2023
  • Cyber Security Trends in 2023: What You Need to Know
    Cyber Security Trends in 2023: What You Need to Know
2023 Ransomware Trends Report
Let’s Dive in Ransomware Attack Trends
Report

Let’s Dive in Ransomware Attack Trends

Download Report
Follow us!

Continue Reading

Previous post

Critical Vulnerabilities on Lenovo ThinkPad X13s BIOS

lenovo thinkpad x13s bios
cve-2022-43931 synology vpn
Next post

Maximum Severity Vulnerability on Synology VPN Plus Server

particle element
We know what hackers know about you
Our cyber threat intelligence and security research team is ready to help you.
Request a demo
Free Trial
Contact
Login

Follow us on

brandefense logo brandefense

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Turkey:

Üniversiteler Mahallesi, 1605.Cadde, Kapı No:3/1, No: 204, 06800 Çankaya/Ankara 06800

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
Channel PartnersDeal Registration
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
Close
Search

Hit enter to search or ESC to close