An advanced PHP variant of the Ducktail malware poses a risk to Facebook users.
On October 13th, 2022, ZScaler, a cloud security firm, published a blog post detailing this latest discovery. The new PHP version is being distributed by “pretending to be a free/cracked program installer.” It also targets numerous platforms, such as Telegram and Microsoft Office applications.
This revised version of the malware uses a PHP script instead of the previously used .Net binary to execute the malware. When the app is installed, the victim is told it is “checking application compatibility.” In reality, two .tmp files are generated. The file then executes two processes to steal data.
The original version of the Ducktail malware was discovered in late 2021. A Vietnamese operator used it to hack into Facebook Business and Ads Manager accounts.
The original strain of Ducktail, as reported by ZScaler, has the ability to steal sensitive financial information and manipulate website content. These cyberattacks were exceptionally well-planned and managed to evade Facebook’s security measures. The attacks targeted high-ranking employees with advanced permissions in a company.
Additionally, the Ducktail malware can attempt to access two-factor authentication codes to bypass extra account security. Ducktail also targets various data, such as client information, email addresses, and payment card information.
Similarly, the PHP variant of Ducktail malware is intent on stealing sensitive data that can be exploited for financial gain. In addition to payment information, this variant of PHP Ducktail malware also targets email addresses, payment records, funding sources, account statuses, and funding records.
Ducktail’s PHP variant and original Ducktail share many similarities, making them a significant threat to Facebook accounts. To enhance the effectiveness of Ducktail’s attacks, Ducktail’s developers are likely to continue developing future versions of their original code. Therefore, users should be vigilant in protecting their account information and be aware of the dangers of this malware.
Microsoft announced the Azure DDoS IP Protection released as a public preview on October 19, 2022. Small and medium-sized businesses (SMBs) can now benefit from DDoS protection with a pricing model customized to their specifications.
DDoS Protection provides similar capabilities to DDoS Network Protection (previously known as DDoS Protection Standard). It is designed for enterprises and organizations to protect significant deployments of resources against DDoS attacks.
This new SKU includes all the essential features, such as automatically detecting and mitigating L3/L4 attacks, metrics and alerts, mitigation flow logs, and mitigation policies tailored to the customer’s needs. It also includes Azure Firewall Manager, Microsoft Sentinel, and Microsoft Defender for Cloud Integration.
Unlike the DDos Network Protection product, DDoS IP Protection does not include DDoS rapid response support, cost protection, or WAF discounts.
According to Amir Dahan, Microsoft’s senior product manager for Azure Networking, “With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses. This low-cost DDoS protection option is ideal for SMB clients who only need to secure a handful of public IP addresses.
Azure’s global network provides cloud-scale DDoS protection so that users can defend their workloads against sophisticated DDoS threats. Users can minimize false negatives while protecting their apps and resources by tuning the application’s scale and actual traffic patterns. In near real-time, users can monitor and respond to DDoS attacks based on visibility into the attack lifecycle, vectors, and mitigation.
With Azure’s firewall manager, users can manage their DDoS protection and other network security services in one place. Microsoft Defender for Cloud security sends alerts and recommendations to the user. In addition, Microsoft Sentinel’s rich attack analytics and telemetry integration allow users to strengthen their security measures.
Upon enrollment, customers can enable the Public IP Standard SKU with DDoS IP protection in selected regions. Within the Azure Preview Portal, the SKU can be managed under the Azure DDoS Protection configuration window.
Billing for the new DDoS IP Protection will begin on February 1, 2023.
DDoS IP Protection is an excellent solution for SMBs that need to secure their public IP addresses against DDoS threats. It offers similar capabilities as DDoS Network Protection but at significantly lower prices. This makes it an ideal choice for small and medium-sized businesses looking to take advantage of Azure’s world-class DDoS protection without breaking the bank.
Fortinet addressed a critical vulnerability that gave remote access to numerous services and was being exploited by threat actors in the wild.
The company described the vulnerability as an authentication bypass on the admin interface, allowing unauthenticated users to connect to FortiProxy web proxies, FortiGate firewalls, and FortiSwitch Manager on-prem management instances. Specifically, the flaw (CVE-2022-40684) is an authentication bypass on the administrative interface that allows remote threat actors access to the previously mentioned services.
In a customer support bulletin released today, Fortinet explains that “an authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.”
The company stated, “This is a critical vulnerability and should be addressed with the utmost urgency.”
Fortinet advised customers using the vulnerable versions to upgrade immediately since it is possible to exploit the problem remotely.
Over 100,000 FortiGate firewalls may be accessed from the Internet, according to a Shodan search; however, it’s uncertain if their control interfaces are also affected.
In addition, the business stated that the fix was deployed on Thursday and alerted some of its clients via email, asking them to disable remote management user interfaces “immediately.”
A few days after issuing the fix, the business provided more information, stating it had discovered proof of at least one real-world campaign using the flaw.
According to the company, “Fortinet is aware of an instance where this vulnerability was exploited and recommended immediately validating your systems against the following indicator of compromise in the device’s logs: user=”Local_Process_Access.”
The following products are susceptible to attacks attempting to exploit the CVE-2022-40 flaw:
FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1
FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0
FortiSwitchManager: Versions 7.0.0 and 7.2.0
In today’s customer support advisory, Fortinet stated that susceptible devices should be updated to FortiOS 7.0.7 or 7.2.2 and above, FortiProxy 7.0.7 or 7.2.1 and above, and FortiSwitchManager 7.2.1 or above after the company published security fixes on Thursday.
The Fortinet CVE-2022-40684 authentication bypass vulnerability is a critical flaw that allows remote access to numerous services. The company has released security fixes and advises customers to upgrade immediately. Additionally, Fortinet recommends that the internet-facing HTTPS Administration be immediately deactivated until the upgrade can be completed.
On October 7, 2022, Toyota Motor Corporation made an announcement that the personal information of approximately 296,000 consumers had been compromised.
The Toyota T-Connect system enables owners of Toyota automobiles to link their cell phones to their vehicles. By doing so, users can monitor the status of their engines, listen to music, navigate, and track fuel consumption.
Recently, Toyota discovered that a source code section was published on GitHub. Included in the source code were access keys to the T-Connect data server.
Anyone possessing these keys could gain access to the T-Connect data server. The data server stores customers’ email addresses when they register through the T-connect application. Due to this, unauthorized third parties could access the records of customers between December 2017 and September 2022.
The database keys were updated on September 17, 2022, to prevent any other unauthorized access.
The compromised information did not include the consumers’ personal information, such as their names, credit card numbers, or phone numbers.
In addition, Toyota issued an apology for any inconvenience caused by the improper handling of customer information and stated that a subcontractor was responsible for the mistake.
There are no indications that data has been misused. However, the Japanese automobile manufacturer cannot rule out the possibility of the information being accessed and stolen.
T-Connect users enrolled between July 2017 and September 2022 are cautioned to avoid accepting email attachments from unknown senders. Threat actors may attempt to commit phishing attacks by posing as Toyota officials.
On October 18, 2022, Firefox 106 Stable and Firefox 102.4 ESR were released to the public.
New features
A new Colorways theme, Firefox view, PDF editing, text recognition, and extraction on macOS are all included in the most recent Firefox Stable release.
While Firefox 106 introduces several brand-new features, the version also resolves security concerns. Mozilla corrected six unique vulnerabilities in Firefox 106 and four vulnerabilities in Firefox 102.4 ESR.
Firefox view
One of the most notable new features is Firefox view. The accessibility of previously opened tabs in the web browser is improved with Firefox view. However, Firefox view also enables users to access tabs from desktop or Android Firefox browsers. This distinct feature will allow users to switch between devices, making it a more convenient browsing experience. Firefox View has three sections: Tab pickup, Recently closed, and Independent voices. However, if consumers are not interested in Firefox View, it is simple to disable it. Users can right-click the Firefox symbol in the browser’s upper left corner and select “Remove from Toolbar.”
Tab Pickup
A Firefox account is necessary to use the tab pickup function. Mozilla uses Firefox Sync to display recently visited pages on other devices within this section. The title, favicon, URL, time stamp, and name of the device the user used to view the tab are all displayed. Additionally, a context menu is visible by right-clicking on a tab. This capability also imports tabs from previous versions of Firefox on the same device. This unique feature allows users to pick up where they left off reading from their phone, tablet, or computer.
Recently Closed
The recently closed section displays the most recent tabs that have been closed in the current window. Details about the closed tab are shown here, such as its title, URL, favicon, and timestamp. Unfortunately, there is no ability to conceal specific closed tabs. However, the arrow button allows you to collapse the recently closed tabs section.
Users can also recover closed tabs by left-clicking. This functionality is helpful if users mistakenly close a tab. However, because recently closed tabs are not synced between devices, Firefox will only show the tabs that were closed in the current browser. Therefore, when users close a tab and exit the browser, the tab is not recoverable through the recently closed section.
Colorways
Firefox users can alter themes, set intensity, and apply themes with one click by enabling Colorways to provide a customizable browsing experience. There are eighteen new themes currently available through January 16, 2023.
PDF Viewer
Firefox’s built-in PDF viewer supports basic PDF editing with version 106 Stable. In addition, the integrated options allow users to write, draw, and add signatures to PDF documents opened in Firefox.
Features for macOS
Users of macOS 10.15 (Catalina) or later can benefit from text recognition and extraction. Unfortunately, the feature currently only supports English on macOS 10.15. However, macOS 11.0 (Big Sur) or later support a more comprehensive range of languages. Users can right-click the image and select “Copy Text from Image.”
Following the text recognition prompt, a modal box with a loading animation will analyze the text in the image and automatically copy the text. Additionally, VoiceOver is also compatible with text recognition.
Developers
In the 106 release, Mozilla made sure to include improvements for developers.
Developers can expect several new features, including improvements to the WebRTC platform and manifest key properties. In addition, the upgrade improves screen sharing on Windows and Linux Wayland, lowers CPU usage, and increases macOS screen capture FPS.
Update
Most versions of Firefox will update automatically. However, users can see what version of Firefox they are using by going to the menu and selecting Help > About Firefox and manually upgrade. As of right now, the release date for Firefox 107 Stable is November 11, 2022.
Overall, Firefox 106 adds a slew of new features and enhancements for all users. Whether you’re a casual user or a developer, this update has something for everyone. Check out all of the new features that Firefox has to offer.
