Google blames manufacturers for the delay in fixing security issues

0
[ad_1]

Google believes manufacturers release security patches for their products late, and this has caused the patch gap. The company says the patch gap was one of its biggest security concerns for 2022.

With over 2 billion active devices, Android is the world’s most extensively used mobile operating system. Due to its fragmented nature and modifications by different manufacturers, the end users won’t get the security patches at the same time. In comparison, Apple’s iOS is controlled by one company, and all users can get an update package simultaneously.

Google blamed smartphone manufacturers for the delay in fixing security issues on Android devices

The latest Google’s Year in Review of 0-days report shed light on the security concerns, blaming manufacturers for their late release of patches to end users. The tech giant noted that in 2022, they saw “a series of cases where the upstream vendor had released a patch for the issue, but the downstream manufacturer had not taken the patch and released the fix for users to apply.”

Of course, Google says patch gaps could be found in most upstream/downstream relationships. However, they’re more common and longer in Android. One example of a manufacturer’s delay in releasing patches to end users is a vulnerability in the ARM Mali GPU. While ARM released a fix for the issue in October 2022, it took six months for users to receive the patch in April 2023.

Another example is a security vulnerability found in the latest version of the Samsung Internet browser. Because the app was running on a version of Chromium 102 which was seven months old. The hackers could take advantage of this gap to exploit the app. Google now called manufacturers to be faster in releasing patches to users so they could protect themselves. The tech giant also asked for a detailed analysis to identify the roots of vulnerabilities. Users must also keep their devices up-to-date with the latest security patches to protect themselves from cyber threats.


[ad_2]
Source link

BleedingPipe vulnerability allows hackers to gain access to Minecraft servers

0
[ad_1]

Ever since its launch back in 2011, Minecraft mods have been a popular way for users to further expand the game’s capabilities. However, according to a new report from MMPA security, hackers have found a new critical vulnerability named “BleedingPipe” in the Minecraft Forge framework, which allows them to execute malicious code on mod servers and clients, effectively taking control of devices.

Specifically targeting mods running on Forge 1.7.10/1.12.2, the BleedingPipe vulnerability exploits the deserialization process of the ‘ObjectInputStream’ class in Java, which facilitates the exchange of network packets between servers and clients in Minecraft mods. As a result, attackers can manipulate network traffic to gain unauthorized access to affected servers and take control of players’ devices. Additionally, the vulnerability enables hackers to steal sensitive information, such as Discord chatters’ credentials and players’ Steam session cookies.

Furthermore, the MMPA report also highlights the names of specific mods affected by the BleedingPipe vulnerability. These include EnderCore, LogisticsPipes versions older than 0.10.0.71, BDLib 1.7 through 1.12, Smart Moving 1.12, Brazier, DankNull, Gadomancy, Advent of Ascension (Nevermine) version 1.12.2, Astral Sorcery versions 1.9.1 and older, and several others.

“After the initial discovery, we discovered that a bad actor scanned all Minecraft servers on the IPv4 address space to mass-exploit vulnerable servers. We do not know what the contents of the exploit were or if it was used to exploit other clients, although this is very much possible with the exploit,” states the report.

What is the solution?

While Minecraft itself cannot directly intervene in this situation, as they are not responsible for the Forge framework, it’s important to note that mod developers are actively working on releasing patches. However, the limited resources of these developers have resulted in a slow rollout of updates.

Until mod developers can patch the vulnerability, users should refrain from downloading any mods and perform an antivirus scan on all recently downloaded mods. Additionally, the MMPA has developed a ‘PipeBlocker’ mod, which filters ‘ObjectInputStream’ network traffic and provides defense for both Forge servers and clients.


[ad_2]
Source link

New WikiLoader Malware Deliver Through Weaponized Files

0
[ad_1]

The Italian organizations, including tax agencies, were targeted by a new malware downloader delivering banking Trojan.

The new loader malware is presently undergoing active development, employing a diverse array of sophisticated mechanisms to evade detection effectively.

This new loader malware was identified by Proofpoint researchers, and they dubbed it “WikiLoader.” This malware was linked to TA544, known as Ursnif, and targets Italian organizations in multiple campaigns since December 2022.

WikiLoader & Campaign Distribution

The sophisticated WikiLoader installs 2nd malware with unique evasion and code implementation for elusive detection and analysis.

Since December 2022, security researchers at Proofpoint found 8 campaigns spreading WikiLoader 2022 via email attachments like:-

Moreover, it’s been observed that there are two threat actors actively spreading WikiLoader malware:- 

While the threat group TA544 still uses macro docs for delivering WikiLoader, unlike other cybercriminals. Proofpoint’s initial WikiLoader distribution was seen on 27 Dec 2022. 

Here below, we have mentioned the most notable WikiLoader campaigns:-

  • 27 Dec 2022
  • 8 Feb 2023
  • 11 July 2023

High-volume malicious emails in Italy targeted firms using Excel spoofing Italian Revenue Agency, featuring VBA macros triggering WikiLoader downloader, which was attributed to TA544.

Excel Attachment (Source – ProofPoint)

On 8 Feb 2023, Proofpoint found an updated WikiLoader in an Italian campaign by TA544. VBA-enabled Excel documents led to WikiLoader installing Ursnif with advanced evasion techniques.

Attack Chain

Security analysts marked that TA551 delivered WikiLoader via OneNote attachments with hidden CMD files on 31 March 2023, targeting Italian organizations, and it’s a notable instance with a non-TA544 actor.

While there are some extended malware changes were identified by the cybersecurity analysts in TA544’s high-volume campaign on 11 July 2023.

As they found that the threat actors were using accounting-themed PDFs to deliver WikiLoader via JavaScript.

Threat actors often use packed downloaders for stealth and control. WikiLoader’s first stage is obfuscated with push/jmp instructions, evading analysis tools, and using indirect syscalls to bypass EDR solutions.

Attack Chain (Source – ProofPoint)

The malware used odd paths to mimic compromised hosts, it’s a common tactic by threat actors to use the existing infrastructure without registration.

WikiLoader Evolution

First version – 27 December 2022:-

  • No string encoding within the shellcode layers
  • Structures used for indirect syscalls were simpler 
  • Shellcode layers didn’t contain as much obfuscation
  • Fewer APIs were used within the shellcode layer
  • Potentially one less stage of shellcode
  • The fake domain was manually created rather than via automation 

Second version – 8 February 2023:-

  • Added complexity to the syscall structure
  • Implemented more busy loops
  • Began using encoded strings
  • Started deleting artifacts from the file download

Third version – 11 July 2023:-

  • Strings are still encoded via skip encoding
  • A new technique for implementing indirect syscalls
  • The second filename is pulled via the MQTT protocol rather than reaching the compromised web hosts
  • Cookies are exfiltrated from the loader which contains basic host information
  • Full execution of the loader takes almost an hour given the abundance of busy loops
  • Shellcode stages are written byte by byte via NtWriteVirtualMemory rather than a single pass

IoCs

IoCs (Source – ProofPoint)

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

SpyNote Spyware Returns with SMS Phishing Against Banking Customers

0
[ad_1]

IN SUMMARY

  1. SpyNote spyware has been active since 2016, with a primary focus on targeting the banking sector.
  2. The latest campaign involves an extensive targeting of banks in Europe by the SpyNote spyware.
  3. SpyNote’s modus operandi involves sending fake SMS messages to victims, commonly known as smishing.

The cybersecurity firm Cleafy Threat Intelligence Team has revealed alarming findings about the Android spyware known as SpyNote, which has been increasingly targeting European financial institutions.

According to Cleafy’s report, over the past few months, an aggressive campaign utilizing SpyNote has been observed, posing significant threats to the security of bank customers. This malware exploits various techniques, including social engineering attacks and Accessibility services, to carry out bank fraud with ease.

The modus operandi of this spyware starts with a deceptive smishing campaign, where potential victims receive fake SMS messages urging them to install a “new certified banking app.” Subsequently, users are redirected to what appears to be a legitimate TeamViewer app but this is, in reality, the initial step to grant remote access to the victim’s device.

SpyNote Spyware Returns: SMS Phishing Targets European Banking Customers
One of the fake text messages used against Italian customers – Clicking on (bit.ly/SupportoRemoto) is still redirecting victims to TeamViewer QuickSupport app on Google Play Store. (Screenshot: Cleafy)

Key Features of SpyNote:

  1. Keylogger: Once granted Accessibility permissions, SpyNote can automatically accept other permission popups, perform keylogging activities, and collect sensitive information such as installed applications, app properties, and user inputs.
  2. SMS Collection & 2FA Bypass: SpyNote intercepts SMS messages, including two-factor authentication (2FA) codes, and transmits them to the attackers’ command-and-control (C2) server, bypassing the security measures implemented by financial institutions.
  3. C2 Communications: The spyware communicates with its C2 server via socket communication, employing various uncommon ports to avoid detection. Data exchanged between SpyNote and the server are packaged with a custom scheme, making it challenging to identify and block.
  4. Screen Recording and Defense Evasion: SpyNote can capture the device’s screen content using Media Projection APIs, granting attackers comprehensive control and access to critical information. The malware also employs obfuscation, anti-emulator controls, and hidden application icons to evade detection and analysis.

However, this is not the first time that SpyNote has been highlighted in a spyware campaign. Active since 2016, the spyware has been behind countless campaigns targeting various institutions. In 2017, SpyNote RAT was found on fake Android apps masquerading as Netflix, WhatsApp and Facebook.

  1. Advanced Vishing Attack “LetsCall” Targets Andriod Users
  2. FakeTrade Android Malware Attack Steals Crypto Wallet Data
  3. Triada Malware Infects Android Devices via Fake Telegram App
  4. Global Android Malware Attack Imitates VPN and Security Apps
  5. Popular Android Screen Recorder iRecorder App Exposed as Trojan

[ad_2]
Source link

Fitbit is updating the look of its app with a simplified design

0
[ad_1]

Fitbit is all about making you the best version of yourself, and the app’s new redesign is all about simplifying that process. More specifically, it’s about giving you a simplified design so you can navigate things better. Which in turn should help you make the most of the app and, improve your health and wellness to a level that suits you.

The Fitbit app redesign, which is coming this Fall Fitbit says, provides you with a holistic view of your health. It’s primarily focused on presenting your data in an easy way that’s glanceable. To achieve this Fitbit is structuring the app’s features in a multi-tab setup. These will be displayed at the bottom of the screen, split up into three separate categories. Today, Coach, and You. Each tab plays a different role depending on what information you’re trying to get to.

The Today tab for example is where you’ll see glanceable highlights of your different metrics. Such as steps, calories burned and more. It also serves as a place to glance at your motivations and goals you’ve set for yourself. You can also customize this tab by focusing on specific metrics. In the Coach tab, you can find a variety of different motivational content like curated workout videos. Some of the content is free but you’ll need to pay for a Fitbit Premium membership to access other parts of it like the HIIT and dance cardio classes.

As for the You tab, this is where you adjust those goals and other settings. Here you can modify things like your daily step goal and manage community connections.

The Fitbit app redesign includes a new Material You look

Aside from the new three-tab setup the app is also getting its Material You style refresh. Information is displayed in large scrollable cards with rounded corners, and the tab icons at the bottom have a pill-shaped color block on the highlighted tab.

There’s also a new color palette and updated icons that Fitbit says will help you find your favorite activities more easily. Tracking your health will be easier too. With new simpler ways to log various kinds of information like steps and water intake. Although the new design isn’t launching officially till this Fall, Fitbit is sending out invites to some users to try out the changes in a limited beta. So check your email inboxes.


[ad_2]
Source link

Apple App Store API usage gets new rules to protect user privacy

0
[ad_1]

User privacy on the internet is a big deal, and the new Apple App Store API usage rule ensures its protection. Apple is making some adjustments to the already existing sets of rules as they aim to protect users’ privacy. These improvements will affect developers and how they access certain information regarding the users of their apps and services.

Occasionally, most netizens worry about how much of their data an app accesses. Most of the time this question goes unanswered as developers on the App Store tend to hold back the reason behind their API usage. Yes, some developers misuse certain APIs present within their apps on the App Store, hence threatening user privacy.

However, Apple is aware of this fact, and they have been working to find a solution to the problem. Finally, the company is introducing a new process to ensure that developers are clear about API usage. This process will give app users a good amount of information they need concerning their privacy.

The new fingerprinting process will help track Apple App Store API usage

Apple is now introducing a new feature they call fingerprinting to help track API usage. This feature will mandate developers to tell the reasons why certain APIs exist in their apps. Also, they’d need to explain to users the use of these APIs, so they can know what they’re getting into before downloading the app.

The breakdown of these details will be made available for users in the app privacy manifest. Developers can give this information in the app manifest or contact Apple if there is a reason to hold back certain details. They only get to contact Apple if they don’t fully cover the reasons for the usage of certain APIs that are still of benefit to users.

App Store developers are now expected to be transparent with their app users when it comes to the matter of privacy. Users, on the other hand, will be able to access the API usage information on the app manifest once available. Apple is requesting that by Fall, developers start getting these details ready.

Come Spring next year, these details on Apple App Store API usage will be available in the app manifest. This information will come in handy to users that care to know how apps handle their data. This is an impressive privacy improvement that will help protect users’ online data.


[ad_2]
Source link

Burp Suite 2023.8 Released – What’s New!

0
[ad_1]
Burp Suite 2023.8

The updated Burp suite scanner has new add-on features and bug fixes that enhance the scanning process’s overall performance.

Burp Suite is an integrated platform/graphical tool for performing security testing of web applications.

On 27 July 2023, Portswigger released all improved versions of Burpsuite, including the reuse of HTTP/1, customizable SNI values, browser updates, and bug fixes.

Burp Suite 2023.8 New Features

The new facility lets the users reuse and control  HTTP/1 connections to speed up attacks found in Intruder > Settings > HTTP/1 connection reuse. 

Users can enable Unrecognized project files settings to open files from unknown sources safely.

Also, users can set intermediate certificates when a new PKCS#11 certificate is added for hardware tokens and smart cards.

SNI values can be customized in Repeater, reproducing external service interaction issues detected by Scanner.

To improve scan efficiency, they have included Crawl Tab in the target tool to display the path information populated from all the scans.

In addition to that, the Isolated scan feature is included to test settings without impacting “live” scan results.

Burp Scanner can now run introspection queries on GraphQL endpoints to gain information on available queries and mutations. 

A new Automatic throttling setting is added to the Resource pool section of the scan launcher.

The crawl optimization technique is tuned to reduce the chance of interesting content being missed.

Also, they have improved minor bugs found in their old versions below 

  • Fixed an issue that was causing the Proxy response panel to freeze.
  • Improved the reliability of the Send to Organizer function.
  • Fixed an issue where requests/responses generated by Intruder
  • Fixed a bug that makes the crawler not always wait for slow, asynchronous queries that cause a DOM mutation to return. 

They upgraded Burp’s built-in browser to 115.0.5790.110 for Windows and Linux and 115.0.5790.114 for Mac.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Public companies must now disclose breaches within 4 days

0
[ad_1]

We take a look at news that a new SEC rule will require public organisations impacted by a cyberattack to disclose it within 4 days.

Public organisations in the US impacted by a cyberattack will now have to disclose it within four days…with some caveats attached. On Wednesday, new rules were approved by the US Securities and Exchange Commission (SEC). These rules mean that publicly traded companies will need to reveal said attack details in cases where it had a “material impact” on their finances.

From the SEC press release:

The Securities and Exchange Commission today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.

“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler. “Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”

Disclosures of a breach can be held off in cases where the US Attorney general decides that such an action would pose a risk to national security or public safety. Otherwise, the new rules regarding the four day time limit will apply:

The new rules will require registrants to disclose on the new Item 1.05 of Form 8-K any cybersecurity incident they determine to be material and to describe the material aspects of the incident’s nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant. An Item 1.05 Form 8-K will generally be due four business days after a registrant determines that a cybersecurity incident is material.

That’s not all. Registrants will also have to describe their processes for “assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous cybersecurity incidents”.

Both management and the board of directors will also have to explain their oversight of potential risks and threats, all required in the organisation’s annual report.

This all sounds like a good idea. However, some folks believe it may help people doing the attacking more than it potentially hinders them. SEC commissioner Hester Pierce, who voted against the new rules, is not impressed as per his comments in Security Week.

He believes the new rules could end up providing attackers with a kind of road map of potential targets. New filings will continually give them updates on how the company is coping with their attack. They could then plan new strategies, or other groups watching the chaos unfold could swoop in to cause more problems for the victim.

While this seems unlikely, it’s probably worth thinking about how the updates are worded just to be on the safe side. As Security Week notes, these concerns are included in the SEC’s document, but ultimately the SEC considered their inclusion to be justified.

For the world of business, the ball is now in your court. You have four days to pass it back.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Microsoft asks CMA to reconsider its Activision Blizzard deal

0
[ad_1]

Microsoft has asked the CMA to reconsider its deal to buy Activision Blizzard, The Verge reports. The deal was initially blocked by the CMA back in late April. After the block, the deal was then approved by the EU, and more recently the company scored a big win in its FTC case. The FTC then filed for appeal in that ruling.

At that time the company said it would be revisiting its proposed terms with the CMA in hopes the UK’s regulatory body would reverse the block. The CMA said it was willing to discuss changes to terms, though it might lead to a new investigation down the road.

While the investigation has yet to happen, Microsoft has now submitted a new change of circumstances document to the CMA to start these talks. Issued on July 25, the document highlights key points that Microsoft feels are worthy of an approval. Such as its new Call of Duty deal with Sony and the EU’s approval of the deal.

Microsoft is also asking the CMA to consider its cloud gaming deals. It’s still unclear if any of this will affect the CMA’s initial decision. But it’s a start.

The CMA could make a final order on the Microsoft Activision Blizzard deal by August 29

Things are looking better lately for Microsoft in its potential deal. But it still needs approval from the CMA for things to be finalized. Luckily its recent case win over the FTC has provided the company with an opportunity. As it now has more time to close the deal.

Microsoft and Activision have agreed to push the deal deadline out to October. Specifically October 18. A good few months from now and, Microsoft is hoping that will be enough time to ease the CMA’s cloud gaming concerns. According to the report, the CMA could make a final order by August 29. It also wants to hear from Microsoft’s rivals by August 4 so there’s a chance there could be more details on things later this week. Though Microsoft’s deal won’t be in the clear until at least a few weeks later.


[ad_2]
Source link

NASA now has an exclusive streaming platform

0
[ad_1]

The United States National Aeronautics and Space Administration (NASA) has launched its own streaming platform. The agency also upgraded its mobile app for a better experience.

When it comes to NASA, most people would think of spaceships and traveling to other planets. This is true, but this time, NASA has something special for space enthusiasts. NASA+ is a streaming platform that’s not intended to compete with Apple TV or Netflix but to cover NASA’s Emmy Award-winning live and become a hub for aeronautics fans. The fans can watch video series related to space travel and aeronautics science.

NASA+ is free and bare of any annoying ads. It’s available through the NASA app on iOS and Android devices as well as a web version for desktop users. You can also find it on other streaming players like Roku, Apple TV, and Fire TV.

NASA launches its own streaming platform for space enthusiasts

The space agency has also upgraded its mobile app, but the stable version will be available to users in the coming months. Likewise, NASA has launched a new version of its website, and you can provide the organization with your feedback. The website is still running on the beta version.

NASA is boosting its online presence by launching digital initiatives. This way, the space agency can stay in touch with the fans and share some valuable knowledge with people interested in this field.

NASA+ will create a direct communication channel between the space agency and fans around the globe. Additionally, NASA can present itself as a friendly yet professional research environment. This might be a lesson for bureaucratic organizations that underestimate the importance of digital presence.

Nicky Fox, associate administrator of NASA’s Science Mission Directorate, noted that the NASA+ platform, new website, and the upgraded mobile app will help the agency to cover a wide range of topics, including understanding Earth’s climate, exoplanet research, the Sun’s impact on our planet, etc. Additionally, various discovery programs will be broadcasted through these channels.


[ad_2]
Source link