Pentagon Looks Into ‘Critical Compromise’ of Air Force and FBI Contacts

0
[ad_1]

The communications systems of 17 Air Force stations were concerned about “critical compromise” after $90,000 in federal radio technology had been stolen by a Tennessee-based engineer.

According to the warrant that Forbes was able to obtain, the breach could potentially have affected FBI communications.

As law enforcement searched the engineer’s house, they discovered that he had “unauthorized administrator access” to radio communications equipment used by the Air Education and Training Command (AETC), which was “affecting 17 DoD installations”.

The Pentagon defines the possible compromise of technology employed by the AETC, one of the nine “major commands,” as “interrelated and complementary” to Air Force headquarters. This occurred only three months after another breach of security at the Pentagon was exposed.

Air Force Engineer’s Home Raided 

During the raid, authorities also found an open computer screen that showed the suspect was using Motorola radio programming software, which included the “entire Arnold Air Force Base (AAFB) communications system.”

The suspect was running a Motorola radio programming software, “which contained the entire Arnold Air Force Base (AAFB) communications system,” according to a Department of Justice search warrant.

Authorities claimed to have discovered evidence the suspect may have had access to communications of the FBI and several Tennessee state agencies.

He was found to have a USB that included “administrative passwords and electronic system keys” for the AETC radio network, according to a paper outlining the forensics on the technologies that were confiscated from his residence.

He was found to have a USB that included “administrative passwords and electronic system keys” for the AETC radio network, according to a paper outlining the forensics on the technologies that were confiscated from his residence.

Additionally taken from the flash drives were “local law enforcement radio programming files,” Another USB device included “Motorola radio programming files,” which, when accessed, displayed a banner informing the user that they were U.S. government property.

When accessed, installation files found during the search displayed a “CONFIDENTIAL RESTRICTED” pop-up.

The warrant states that “witnesses and co-workers” informed investigators that the suspect sold radios and radio equipment, worked irregular hours, was arrogant, frequently lied, engaged in inappropriate workplace behavior and sexual harassment, had money issues, and owned (Arnold Air Force Base land mobile radio) equipment.

According to investigators, a colleague had twice reported him because of “insider threat indicators” and unauthorized possession of Air Force equipment, reads Forbes report.

According to his LinkedIn profile, the 48-year-old engineer at the Arnold air force base has extensive experience in both radio communications and cybersecurity.

He claimed to have conducted multiple tests of the security at Arnold Air Force Base, enhanced radio communication protection on the site, and knew the encryption used for government data.

As of right moment, the police have not charged the suspect with any crimes.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

FakeTrade Android Malware Attack Steals Crypto Wallet Data

0
[ad_1]

IN SUMMARY

  • The malware campaigns have been dubbed CherryBlos and FakeTrade.
  • The prime target of this attack is crypto wallet data on Android devices.
  • TikTok, Twitter and Telegram are being used to promote malicious apps.

A new malware campaign is currently focusing its sights on Android devices, aiming to surreptitiously steal personal information and cryptocurrency wallet credentials from unsuspecting users.

According to the latest report by Trend Micro, cybersecurity researchers have detected two financially motivated malware campaigns. These malicious operations exploit applications within the official Google Play Store, making the platform an attractive target for such cybercriminal campaigns.

Dubbed CherryBlos and FakeTrade by researchers, these two malware campaigns have been identified as potentially related by Trend Micro. The link between them lies in the fact that both types of malware utilize identical application certificates and network infrastructure.

Researchers have identified that campaign operators are increasingly targeting Android users with banking trojans to steal cryptocurrency. To achieve their malicious objectives, they distribute fake Android applications loaded with malware. These apps are advertised on the Google Play Store, phishing websites, and social media platforms. The same pattern is identified in the latest campaigns.

It is worth noting that the malware operators are exploiting various social networking platforms, including X (formerly Twitter), TikTok, and Telegram, to promote fraudulent Android apps. All of the offensive apps have been removed from Google Play.

FakeTrade Malware Attack Steals Crypto Wallet Data on Android Phones
Fake TikTok and (X) Twitter account dropping malicious apps (Screenshots credit: Trend Micro)

CherryBlos Campaign

The CherryBIos campaign exploits social network sites to promote fake services and ads, leading users to phishing websites. Unsuspecting individuals are deceived into downloading and installing Android apps infected with malware from these sites.

The malware, known as CherryBIos, first appeared online in April 2023. It earned its name from the unique string found in its hijacking framework. Once installed, CherryBIos can pilfer cryptocurrency wallet credentials and alter a user’s address, diverting funds to the attackers’ address during withdrawals.

“Upon further investigation, we were able to trace its source to a telegram group called Ukraine ROBOT that had been posting messages related to cryptocurrency mining since early 2023. This group’s profile directly points to the phishing website where the malware was downloaded,” Trend Micro’s report read.

(Screenshots credit: Trend Micro)

Later, the malware was found in Happy Miner, GPTalk, and SynthNet apps. An interesting feature of CherryBIos malware is that it exploits OCR (optical character recognition) to read mnemonic phrases found in images on a compromised device and send the data to a C2 server.

These phrases are specifically helpful when users want to restore a crypto wallet. It is a notorious Android banking trojan that first requests Android accessibility permissions to perform malicious activities. These permissions are designed for people with disabilities and help them interact with the device via gestures and perform tasks like reading screen content aloud or automating repetitive tasks.

FakeTrade Campaign

In the FakeTrade campaign, malware operators use numerous fake money-earning apps that appear to be e-commerce platforms, promising increased income through referrals and top-ups. The malware (AndroidOS FakeTrade.HRXB), hidden inside the apps, prevents users from withdrawing funds.

Researchers found approximately 31 fake Android apps distributing the FakeTrade malware, most of which were designed for shopping or persuading users to complete various tasks in order to earn money or purchase app credits to top up their accounts. However, those who fell for this trap were unable to withdraw funds when they attempted to do so. Most of the apps were uploaded to Google Play in 2021, with some appearing in 2022.

Researchers suspect that the threat actors behind these campaigns aren’t targeting any specific region, considering the languages used in their analyzed samples. This means their victims could be dispersed worldwide, as attackers can conveniently replace resource strings and upload these fake apps to different Google Play regions such as Vietnam, Mexico, Indonesia, the Philippines, and Uganda.

  1. Triada Malware Infects Android Devices via Fake Telegram App
  2. Google Removes Swing VPN Android App Exposed as DDoS Botnet
  3. Iranian Stalkerware ‘Spyhide’ Steals Data from 60K Android Devices
  4. Popular Android Screen Recorder iRecorder App Revealed as Trojan
  5. Global Malware Attack Imitates VPN, Security Apps on Android Phones

[ad_2]
Source link

Certification reveals the battery capacity of Galaxy S24+, S24 Ultra

0
[ad_1]

With the new foldables out of the way, more information about Samsung‘s 2024 flagships has started to hit the internet. We recently learned that the Galaxy S24 series would feature a titanium body and come in two processor variants. A certification listing has now revealed the battery capacities of the Galaxy S24+ and Galaxy S24 Ultra. The Plus model will seemingly get a bigger battery than its predecessor.

Certification agency Dekra recently listed battery modules for the Galaxy S24+ and Galaxy S24 Ultra. The former unit has the model number EB-BS926ABY, while the latter has the mode number EB-BS928ABY (S926 and S928 are the model identifiers of the two phones, respectively). These listings reveal that the Plus model has a rated battery capacity of 4,755mAh. The Ultra model’s battery has a 4,855mAh rated capacity.

A quick look at the rated battery capacities of the Galaxy S23 series reveals that Samsung is adding more power to the Plus model. This year’s Galaxy S23+ has a rated capacity of 4,565mAh. Comparing this value with the one seen in the new certification listing, the battery capacity of the Galaxy S24+ is 190mAh more than its predecessor. This should mean a typical capacity of 4,900mAh (vs. 4,700mAh of the Galaxy S23+).

Samsung is increasing the battery capacity of its Plus flagship, again

This is incredible work on Samsung’s part, considering that it increased the battery capacity of the Plus model by 200mAh this year as well (from 4,500mAh on the Galaxy S22+). Unfortunately, the Ultra model hasn’t gotten a battery boost ever since Samsung started making Ultra-branded Galaxy S flagships (since the Galaxy S20 Ultra in 2020). It has remained at a rated capacity of 4,855mAh and a typical capacity of 5,000mAh.

The base model, on the other hand, got a 4,000mAh battery (typical capacity) in 2020 and 2021. Samsung lowered it to 3,700mAh with the Galaxy S22 last year, before increasing to 3,900mAh this year. It remains to be seen if the base Galaxy S24 will get a bigger battery or if the Korean firm will keep things unchanged. The base Galaxy S23’s rated battery capacity is 3,785mAh.

The Dekra certifications don’t reveal anything else about the Galaxy S24 duo. It’s unclear if Samsung will increase the charging speed a little next year. The base Galaxy S23 charges at a maximum speed of 25W, while the Plus and Ultra go up to 45W. You can expect to get more information about the next-gen Samsung flagships in the coming months. The devices should debut in early 2024.


[ad_2]
Source link

Twitter phishing campaign is targeting Blue subscribers amidst X rebranding

0
[ad_1]

Twitter’s erratic changes since Musk’s acquisition, including the recent rebranding to X, have caused widespread confusion among users. Taking advantage of this havoc, threat actors have launched a new phishing campaign, targeting unsuspecting Twitter Blue subscribers in an attempt to gain unauthorized access.

First discovered by the Twitter Blue user @fluffypony, the phishing emails appear deceptively authentic, seemingly originating from a reputable source labelled ‘[email protected].’ And although the emails do appear legitimate, threat actors are sending them through the mailing list platform, Sendinblue, now known as Brevo. Additionally, to make matters worse, the emails successfully pass SPF authentication checks, further enhancing their perceived trustworthiness.

What do the emails contain?

Taking advantage of the rebranding, the emails claim that the recipient’s existing Twitter Blue subscription is about to expire, urging them to migrate to the new platform, X. To achieve this migration, users are prompted to click on a link that directs them to what appears to be a legitimate API authorization page. Unfortunately, unsuspecting users who authorize this new X app unknowingly grant access to their entire Twitter accounts, including the ability to view, update, and delete followers, manipulate profile and account settings, post and delete Tweets, and engage with other Tweets.

How to regain access?

If you have unknowingly fallen victim to this phishing scam or a similar one, you can get your account back by revoking access to Twitter’s API. To do this, head over to Settings > Security and Account access > Apps and Sessions > Connected Apps, and revoke permissions for any suspicious or unrecognized apps. Afterwards, change your Twitter password immediately and enable 2-step authentication, preferably using non-SMS methods like One-Time Passwords (OTP).

However, this incident once again raises concerns about Twitter’s practices, which have repeatedly caused widespread confusion among users. Additionally, users should remain vigilant and exercise caution when dealing with any emails advising them to take immediate action.


[ad_2]
Source link

Peloton Treadmill Vulnerabilities Risk Users Data

0
[ad_1]

Researchers found numerous vulnerabilities affecting Peloton Treadmill systems that allow malware attacks. An adversary may exploit the flaws to access sensitive device data, including users’ information.

Multiple Vulnerabilities Affected Peloton Treadmill Firmware

According to a recent blog post from Check Point Research, their researchers found numerous security issues with Peloton Treadmills.

Peloton is a popular brand producing a wide range of fitness and workout equipment, particularly boasting internet-connected features. The smart technology empowers the users to demonstrate effective workout sessions with live training videos.

Explaining the issues, the researchers specified that they found multiple security vulnerabilities in the Peloton Treadmill firmware.

Precisely, they first noticed that the treadmills run on Android 10 – a much older version with numerous potential vulnerabilities. Next, the equipment allows an adversary to enable USB debugging and access the shell.

Accessing the shell empowers an attacker to scan installed apps for vulnerabilities, exploiting which could help steal data. Hence, the researchers do not recommend enabling USB debugging.

Moreover, the researchers also found hardcoded sensitive data on the device firmware, including the license key. Accessing these details lets an attacker perform DoS attacks on the target equipment.

Another severe issue CPR highlighted is the existence of unprotected services that allow third-party apps to gain elevated privileges. Again, an attacker may exploit the apps’ tokens to access personal data.

Similarly, attackers may exploit broadcast receivers, preventing device system updates and gaining infinite control over the treadmills.

Above all, an attacker may exploit the flaws in the standard APIs running on the treadmill systems to install malware. In turn, the attacker may perform various malicious activities on the equipment, including exploiting the integrated webcam and microphone to spy on the user.

Peloton To Patch the Flaws Soon

After discovering the vulnerabilities, Check Point Research responsibly disclosed the flaws to Peloton. In response, Peloton explained that exploiting the flaws require an attacker to have physical access to the treadmills. Nonetheless, they appreciated the researchers for highlighting the bugs. It remains unclear if the vendors plan to address these issues anytime soon.

On a side note, McAfee researchers also highlighted numerous security issues with Peloton Bike+ and Tread+ in 2021. At that time, Peloton deployed the patches with subsequent firmware release.

Let us know your thoughts in the comments.


[ad_2]
Source link

OnePlus 12 camera setup detailed, periscope camera coming

0
[ad_1]

The OnePlus 12 is the company’s upcoming flagship, and its camera setup just got detailed, again. We’ve seen similar rumors before, but this time around they’re coming from a very trusted source.

The OnePlus 12 camera setup gets detailed again, periscope camera will be included

Digital Chat Station, a well-known Chinese tipster, shared the details. A 50-megapixel main camera will be included. That will be Sony’s IMX9xx 1/1.4-inch sensor. That camera will offer OIS support, of course.

A 50-megapixel ultrawide camera will also be included, but we still don’t know the details regarding it. The third camera on the back will be a 64-megapixel unit from OmniVision. It will be the OV64B sensor. That camera will offer 3x optical zoom, and it will be a periscope camera. Truth be said, we’re expecting a higher level of optical zoom, this seems to be a bit weird.

Regular telephoto cameras do offer 3x optical zoom. Not all of them, but many of them do, especially on flagship smartphones. Considering this will be a periscope camera, you’ll be able to capture far-away objects, likely up to 80-100x. Still, getting a 5x or 10x optical zoom in addition to digital zoom for far away objects would be ideal. We’ll see.

Hasselblad will be a part of the picture too

On top of everything, Hasselblad will be a part of the offering as well. The company will help OnePlus optimize these cameras, as it did in the past. We’ll also get Hasselblad’s color tuning here.

As for the rest of the OnePlus 12’s specs, we’ll most of them are not difficult to guess. The Snapdragon 8 Gen 3 will fuel the phone, while a 6.7-inch QHD+ curved AMOLED display is expected too. That will be a 120Hz panel.

OnePlus will likely offer up to 16GB of LPDDR5X RAM inside the OnePlus 12. UFS 4.0 flash storage will also be on offer here. Android 14 will come pre-installed on the phone, along with OxygenOS 14.

In regards to the battery, we’re still not sure what will the capacity be, but we’ll get immensely fast charging on the phone. 100W or 120W charging is expected, and let’s hope that OnePlus will also include 50W wireless charging.


[ad_2]
Source link

Tweets have a new name, as X continues scrapping Twitter brand

0
[ad_1]

About a week ago, the Twitter rebrand started. Elon Musk kicked off a rebrand to ‘X’. Little by little, Twitter branding is going away in all shapes and forms. Following a new logo, name, and handles, X has also found a new name for Tweets.

Tweets now have a new name, as the rebrand continues

So, what are they called? Xs? As that’s one of the names Elon Musk considered, or at least joked about. Well, no. That would be too much, even for Musk. Tweets are now called ‘posts’, which makes sense. Do note that this change is not visible to everyone just yet, as it’s still tied to a beta version of the app. It’s coming to the stable channel soon, though.

That is basically the most generic name that X could have picked, and also one that best describes tweets. Many would say that the ‘tweets’ name was preferred, and well-known for the brand, and that’s true.

When people said that someone tweeted, it was easily recognizable what they meant. Elon Musk decided to ditch everything Twitter brand related, though, and that includes tweets too. So, now we have a new name.

The ‘X’ name has also landed on Android

In addition to that, the ‘X’ name now landed on Android too. The logo arrived earlier, and so did some other changes, but we had to wait a bit for the new name to become available.

The main app will be called ‘X’, while the beta app will be called ‘X Beta’, as expected. The app package name, however, is still com.twitter.android, at least it was at the time of writing this article.

That is also not as likely to change. Why? Well, because X would need a brand new Play Store listing, which is not likely to happen, but who knows.

We’re set to see more changes soon. The ‘Dim’ dark mode option is also going away, as only light and dark (OLED dark) modes will remain.


[ad_2]
Source link

X’s latest rule: brands required to invest $1,000 monthly in ads

0
[ad_1]

X, the previous Twitter, depends largely on advertisements, similar to many other websites, social media platforms, and media outlets. However, advertising on X has decreased since Elon Musk took over the company, mainly due to concerns about content moderation. Many companies are worried about their ads appearing next to content that goes against their values. Despite this, Elon Musk and his team are working on attracting more advertisers by cutting ad prices. They also want verified brands to pay more for displaying their ads. According to a report from The Wall Street Journal, the company has warned brands that they’ll lose their verified status unless they meet specific spending thresholds.

Starting August 7, if brands haven’t spent at least $1,000 on ads in the last 30 days or $6,000 in the last 180 days, their accounts will lose the gold check mark that shows they genuinely represent their brand, as per an email from X.

Elon Musk responded to the report in a tweet, saying that brands can simply pay for a verified organization subscription instead, which costs $1,000 per month, making it practically the same. However, this might be a burden for small brands, NGOs, and cultural organizations with lower budgets.
Musk justified this decision by stating that the goal is to set a moderately high standard for verified organizations. The company aims for organizations to be of a non-trivial size to qualify and to prevent scammers from creating millions of accounts.

To boost profitability after a 50% revenue drop, X is focusing more on its main source of income, advertising. The Wall Street Journal also mentions that X offers discounts on some ad slots, such as a 50% discount for all new bookings until July 31. This move allows advertisers to reach more audiences during important moments, like sporting events.


[ad_2]
Source link

Ivanti Warns Of Another EPMM Zero-Day Flaw Under Attack

0
[ad_1]

Days after the details about a severe zero-day vulnerability in Ivanti mobile management software surfaced online, the vendors warned of another zero-day flaw affecting the EPMM. Users must rush to patch their systems with the latest updates to avoid damage.

Second Ivanti Zero-Day Found Actively Exploited

According to a recent alert from Ivanti, the vendors have spotted another zero-day vulnerability in its EPMM software actively exploited.

As explained, the vulnerability, CVE-2023-35081, is a severe (CVSS 7.2) path traversal vulnerability that allows arbitrary file write. Exploiting the flaw allows an authenticated attacker to bypass admin authentication and ACL restrictions and execute OS commands.

The vendor elaborates that this vulnerability differs from the recently reported CVE-2023-35078 zero-day. But an attacker may chain the two flaws for malicious purposes.

Ivanti confirmed detecting active exploitation of the flaw that affects all supported EPMM releases (11.10, 11.9, 11.8) and older versions. And the exploits reportedly affected the same limited number of customers that faced an impact from CVE-2023-35078 exploits.

It remains unclear if the attackers practically chained the two vulnerabilities for real-world attacks. In this case, the extent of damages may be higher than predicted earlier. Nonetheless, as clarified in its support article, the firm has ruled out the possibility of a supply-chain attack.

Patch Released

Upon detecting the vulnerability, Ivanti released the patch with EPMM 11.8.1.2, 11.9.1.2, and 11.10.0.3, urging users to update.

EPMM (Endpoint Manager Mobile), formerly MobileIron Core, is Ivanti’s mobile management software engine, facilitating IT personnel in configuring mobile applications, mobile devices, and mobile content management policies.

Recently, Ivanti EPMM made it to the news for an actively exploited zero-day that even targeted the Norwegian National Security Authority.

While Ivanti initially hesitated to disclose the flaw publicly, it eventually admitted the issue and shared details as the matter drew attention. However, this time, the vendors have stepped up for a direct public disclosure of the second zero-day, confirming the patch release too.

Hence, all EPMM users must update their systems with the latest software releases. Moreover, users should closely monitor their systems for any signs of breaches and intrusions to alleviate potential threats.

Let us know your thoughts in the comments.


[ad_2]
Source link

Motorola Moto G14 appears again, revealing more details

0
[ad_1]

The Motorola Moto G14 has appeared again, and has revealed more details about its design. This time around, two new images have surfaced, containing 6 renders of the phone. Those images were shared by Sudhanshu Ambhore, a tipster.

The Motorola Moto G14 appears again, with more design details, and specs

The images show the phone from the front, back, and they’re also revealing its right and left sides. This follows our report from earlier this month. We were the first to reveal the Moto G14 design, in case you’d like to know more about that.

As you can see, the device will feature a centered display camera hole, and its bottom bezel will be thicker than the rest. Two cameras will sit on the back, and they will be vertically-aligned. They’ll also be a part of the same camera island.

Motorola’s logo is easily noticeable on the back, while the sides of the phone are flat. Its corners are, however, rounded. All the physical buttons on the device are placed on the right-hand side. The phone will be on offer in dark gray and blue colors, it seems.

It’ll be extremely affordable

The tipster also said that the phone is coming to India on August 1, and that it’ll launch in Europe soon too. It’ll cost between €100 and €130 in Europe, according to him.

He did also share some specs of the device. The Moto G14 is expected to offer a 6.5-inch fullHD+ LCD display. It will also feature 4GB of RAM and 128GB of storage (UFS 2.2).

The Unisoc T616 processor will fuel the phone, while a side-facing fingerprint scanner will also be a part of the package. Its power/lock button will double as a fingerprint scanner.

The phone will be IP52 certified, and it’ll include a 5,000mAh battery. 20W wired charging is also mentioned here, as are stereo speakers with Dolby Atmos support.


[ad_2]
Source link