Cyber Creatures

Phone users all over Australia are being warned over a string of app hijackings spreading malicious viruses . Three viruses are in circulation – related to 19 apps on android devices designed to steal private information and sign users up to premium services . Android phones are being targeted in the attacks , with one malware strain being downloaded more than three million times already because it is an open sourced operating system , meaning it can run any third-party app . The operating system makes devices open to cyber attacks with the malware hidden in otherwise safe-looking apps. MalwareFox said cyber criminals can download apps from the Google Play store and manipulated them. “ Cyber criminals download ordinary apps from Google Play, add malicious code to them, and then submit the modified versions to Google Play with a new name ,” MalwareFox said in a statement. “ The functionality indicated in the description of the apps may still be present, thus users may not ev...

  Proof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) reported to Microsoft last year. Tracked as CVE-2022-34689 (CVSS score: 7.5), the spoofing vulnerability was addressed by the tech giant as part of Patch Tuesday updates released in August 2022, but was only publicly disclosed two months later on October 11, 2022. "An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or code signing as the targeted certificate," Microsoft said in an advisory released at the time. The Windows CryptoAPI offers an interface for developers to add cryptographic services such as encryption/decryption of data and authentication using digital certificates to their applications. Web security company Akamai, which released the PoC, said CVE-2022-34689 is rooted i...