OyeTalk was leaking unencrypted data through unprotected access to Firebase, Google’s mobile application development platform that provides cloud-hosted database services.
A popular Android voice chat app, OyeTalk, has leaked private user data, including their unencrypted chats, usernames, and cellphone International Mobile Equipment Identity (IMEI) numbers.
With over five million downloads on Google Play, the app has compromised the privacy of all its users while simultaneously exposing them to malicious threats.
OyeTalk on Android
OyeTalk was leaking data through unprotected access to Firebase, Google’s mobile application development platform that provides cloud-hosted database services.
The researchers warned that malicious actors could have deleted the dataset, resulting in a permanent loss of users’ private messages, if the leaked data had not been backed up.
According to the Cyber News blog post, Despite being informed of the data spill, the app developers failed to close off public access to the database. Google’s security measures had to step in, since the spill got too big, to close off the database.
This isn’t all. The developers also carelessly left sensitive information hardcoded in the application’s client-side, including a Google API (application programming interface) key and links to Google storage buckets. The exploitation of this security practice in the past has resulted in data loss or a complete takeover of user data stored on open Firebase or other storage systems.
It turns out, this was not the first occurrence of a data leak affecting OyeTalk. The researchers found that the database had been discovered and marked as vulnerable by unknown actors, likely with no malicious intent. The database contained specific fingerprints used to mark open Firebases, known as “Proof of Compromise” (PoC) and Evidence of Compromise (EoC) or Indicator of Compromise (IOC).
Repercussions
The repercussions of a data leak like the one that occurred with the OyeTalk voice chat app can be severe and far-reaching. First and foremost, the personal information of users can be compromised, leaving them vulnerable to scams.
Furthermore, the leak of personal data can also have a negative impact on the reputation of the app and the company behind it. Users may lose trust in the app and its ability to protect their data, leading to a decline in its user base and revenue. This can also result in legal consequences for the company, as they may face lawsuits and fines for violating data privacy laws.
Overall, the OyeTalk data leak can have significant and lasting consequences for users, the app and its company, and society at large. It underscores the importance of robust data protection measures and responsible handling of personal information and highlights the need for ongoing vigilance in the face of ever-evolving cybersecurity threats.
As of now, the Stealc malware targets only Windows devices and steals data from browsers, cryptocurrency wallets, messengers, and email clients.
Cybersecurity researchers from Sekoia have released details of new information-stealing malware called Stealc which has surfaced on several underground hacking forums and on the Dark Web.
According to researchers, a threat actor using the alias “Plymouth” has developed the malware and is advertising it on the dark web. This malware is different, as it simultaneously steals data from its victims and customers. It is also being promoted on Telegram channels.
The malware developer offering free samples for the malware on a Russian forum (Credit: Sekoia)
The threat actor stated that Stealc, currently at version 1.3.0, is fully featured and ready-to-use malware. It is not built from scratch but is based on other popular information-stealing malware such as Racoon, Vidar, and Redline Stealer. The malware is continually being upgraded; according to the researchers, it is tweaked every week. It was first spotted in January 2023.
How Does it work?
After it is installed on the target’s PC, the malware starts an anti-analysis check to ensure it isn’t running on a sandbox or a virtual environment. It loads Windows API functions and establishes a connection with the C2 center. It sends the attacker’s hardware identifier and device build name, after which the malware receives commands.
According to Sekoia’s blog post, this is when the malware starts collecting data from the browsers, extensions, and applications and executes its file grabber to exfiltrate all files to the C2 server. Once the entire data is stolen, Stealc self-erases and downloaded DLL files are removed from the device to avoid detection.
Stealc Capabilities
Some of Stealc’s features include a C2 center URL randomizer and an advanced log sorting and searching system. Moreover, the malware spares victims from Ukraine, uses legitimate third-party DLLs, and abuses Windows API functions. It is written in C and automatically exfiltrates data without requiring any interference from the attacker.
The malware can target 75 plugins, 22 browsers, and 25 desktop wallets. Furthermore, it can hide most of its strings using base64 and RC4.
Stealc is Popular among Cybercriminals
Apart from advertising it on the Dark Web, the threat actor also deploys the malware on target endpoints by creating fake YouTube tutorials about cracking software. Or by offering links in the description, which deploys the info-stealer instead of the offered crack.
Researchers discovered over 40 C2 servers, leading them to conclude that Stealc is gaining traction quickly. Therefore, it is vital to make sure your security software is updated regularly and to avoid downloading and installing software from suspicious or unauthorized sources. Also, never open links or attachments from unknown sources.
According to a report from DigiTimes, Apple has secured all orders for TSMC’s 3nm node process-based chipsets. These 3nm chipsets are expected to power upcoming iPhone 15 Pro and M3 Macs.
A new report from DigiTimes has revealed that Apple has successfully acquired the entire initial supply of N3 chips from TSMC. TSMC, Apple’s main chipset supplier, began mass producing the 3nm process in late December and has been gradually increasing its process capacity. According to sources cited in the report, TSMC plans to produce 45,000 wafers per month by March.
Apple will reportedly use TSMC’s 3nm technology into for the A17 Bionic chip. This chipsert is likely power the iPhone 15 Pro and iPhone 15 Pro Max models this year. The 3nm node process will reportedly provide 35% better power efficiency over the previous 4nm process, which is currently used in the A16 Bionic chip.
In addition to this, Apple is also planning to release new 14 and 16-inch MacBook Pro models in 2024 that will be equipped with the M3 Pro and M3 Max chips built on TSMC’s 3nm process, according to Ming-Chi Kuo. The M3 Pro and M3 Max chips are expected to offer significant improvements in performance and power efficiency compared to the current 5nm chips such as the M2 Pro found in Apple’s current high-end Mac models.
Samsung is widely rolling out the One UI 5.1 update to the Galaxy Z Fold 3 and Galaxy Z Flip 3. The company began the rollout last week but it was initially limited to users in Asia. But today, the new One UI version is available for the 2021 foldable duo in Europe and Latin America as well. The update should soon reach the US too.
The One UI 5.1 update for the Galaxy Z Fold 3 arrives with the firmware build number F926BXXU3EWB1 in all of these regions. That for the Galaxy Z Flip 3 is F711BXXU4EWB1. As of this writing, the rollout in Latin America is limited to Argentina and Panama for both models. Samsung also hasn’t expanded the update beyond India and Thailand in Asia. But in Europe, the new One UI version is widely available for the two foldable smartphones. Hopefully, it won’t take the company much longer to go global with this update.
Galaxy Z Fold 3 and Galaxy Z Flip 3 users are getting tons of goodies with the latest firmware release. The changelog for the former is slightly bigger than that for the latter. That’s because the Fold model is getting a shortcut to Expert RAW in the stock camera app. It is also getting improvements to Samsung DeX. The company has made it easier to resize windows in split-screen mode. The changes allow for more efficient multitasking, something the Fold series foldables are already pretty good at.
Apart from those two features, the Galaxy Z Flip 3 is getting everything else that One UI 5.1 brings to its Fold counterpart. That includes new selfie effects in the stock camera app, Shared Family Album in the Gallery app, enhanced image remastering, new features, improved modes and routines that allow wallpapers to switch automatically based on your activity, a dynamic weather widget, smart settings suggestions, and more. You can find the full changelog for the Galaxy Z Fold 3 here and Galaxy Z Flip 3 here.
The Galaxy Z Fold 3 and Flip 3 are also getting the February security patch
The One UI 5.1 update also brings the February security patch to the Galaxy Z Fold 3 and Galaxy Z Flip 3. Samsung’s latest SMR (Security Maintenance Release) contains more than 50 vulnerability patches. At least five of those were critical flaws. You can install the new update to keep your foldable safe from those issues, while also getting a host of new features. Go to Settings > Software update and tap on Download and install to check for updates manually.
iPhones have long been the go-to choice for everyday consumers in the United States, while Android has appealed more to tech enthusiasts. However, a new report from the Financial Times suggests that Android may face an existential problem as Gen Z, or Zoomers, increasingly prefer Apple’s iPhone over the best Android phones, particularly in the US.
The report reveals that Gen Z is becoming more concerned about social ostracism for not owning an iPhone. And this social pressure is driving young people to purchase Apple products and services, leading to a growing market share across multiple categories. As a result, 34% of all iPhone owners in the US belong to Gen Z, while Samsung’s share is only 10%.
Since Apple has designed its ecosystem to make it difficult for consumers to use cross-platform devices, for every 100 iPhones sold, Apple also sells 26 iPads, 17 Apple Watches, and 35 pairs of AirPods, according to the research firm Canalys. These figures are impressive, especially considering that the average selling price of an iPhone is almost three times that of an Android device.
iMessage is the driving factor
One of the reasons behind Apple’s growing popularity amongst Gen Z is iMessage. The fact that it does not work well with Android forces people to either switch to an iPhone or remain with iOS at all costs. While some may argue that iMessage is only prevalent in the United States, a similar trend is evident in Europe, where iMessage is less popular, and Android has a larger market share. According to Canalys research, 83% of Apple users in western Europe under 25 intend to keep using an iPhone, while less than half of Android users in that group say they will stick with Android.
Although Google has been actively trying to combat the iMessage problem by promoting RCS (Rich Communication Services), it is highly unlikely that Apple will ever adopt RCS, as the company’s business model revolves around creating a closed ecosystem that ties its customers to its products and services.
The attack, which took place on February 16, saw the websites of airports including Dortmund, Nuremburg and Dusseldorf taken offline. Larger German airports, including Munich, Berlin and Frankfurt were not targeted in the attack.
In a statement, the chief executive of Germain airport association, Flughafenverband ADV said “once again, airports fell victim to large-scale DDoS attacks,” but added that “according to the information we have so far, other systems are not affected”.
What is a DDoS attack?
Distributed denial of service attacks, or DDoS attacks, see malicious actors attempt to disrupt a site by overwhelming it or its infrastructure with a large amount of internet traffic. As DDoS attacks overwhelm a site’s bandwidth, this prevents users from accessing the site.
On June 1, 2022, Google reported that it had blocked the “largest” distributed denial of service (DDoS) attack on record, which had a peak of 46 million requests per second (rps).
The attack targeted a Google Cloud Armor user with HTTPS for a duration of 69 minutes and had 5,256 source IPs from 132 countries contributing to it. Google reported that the attack was the biggest Layer 7 DDoS attack reported to date and was 76 percent larger than the previous record.
In a blog post about the attack, Emil Kiner, senior product manager for Cloud Armor, and Satya Konduru, technical lead, both at Google, noted that the attack was akin to “receiving all the daily requests to Wikipedia…in just 10 seconds”.
Sn1per is an automated scanner that can automate the process of collecting data for exploration and penetration testing.
In their work sn1per involves such well-known tools like: amap, arachni, amap, cisco-torch, dnsenum, enum4linux, golismero, hydra, metasploit-framework, nbtscan, nmap smtp-user-enum, sqlmap, sslscan, theharvester, w3af, wapiti, whatweb, whois, nikto, wpscan.d during a penetration test to enumerate and scan for vulnerabilities.
Automatically launches Google hacking queries against a target domain
Automatically enumerates open ports
Automatically brute forces sub-domains and DNS info
Automatically checks for sub-domain hijacking
Automatically runs targeted NMap scripts against open ports
Automatically runs targeted Metasploit scan and exploit modules
Automatically scans all web applications for common vulnerabilities
Automatically brute forces all open services
Automatically exploit remote hosts to gain remote shell access
Performs high level enumeration of multiple hosts
Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
Create individual workspaces to store all scan output
MODES:
REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append ‘report’ to any sniper mode or command.
STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP’s that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
LOOT: Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type ‘sniper loot’.
Detailed Demonstration – sn1per
Step 1:
Download the Sniper clone Repository from Github . Extract it Zip file in the Desktop
Here you will get some information about the fingerprint of specfic Target .
Domain name lookup service “who is information” to search the whois database for domain name registration information.
theHarvester
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
Here you will get some information about the DNS Information of specfic Target .
Sublist3r
Sublist3r is python tool that is designed to enumerate subdomains of websites through OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.
wafw00f
Web Application firewalls are typically firewalls working on the application layer which monitors & modifies HTTP requests.
The key difference is that WAFs work on Layer 7 – Application Layer of the OSI Model. Basically all WAFs protect against different HTTP attacks & queries like SQLi & XSS
Wafw00f is simply a python tool which automates a set of procedures used in finding a WAF. Wafw00f simply queries a web server with a set of HTTP requests & methods. It analyses the responses from them & detects the firewall in place.
XST
the “XS” in XST evokes similarity to XSS (Cross-Site Scripting) which has the consequence of leading people to mistake XST as a method for injecting JavaScript.
Nikto
Running Nikto yourself is not overly difficult. you will be able to start your web server testing with one of the most well known website / server testing tools. This the same tool we use on our online nikto scanner page.
INURLBR
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.
MassBleed
MassBleed is a SSL Vulnerability Scanner .main functions with the ability to proxy all connections:
To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16)
To scan any CIDR range for OpenSSL vulnerabilities via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443)
To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single)
To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh massbleed.sh 192.168.0. subnet)
Yasuo
Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.
While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities.
Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on.
BruteX
Automatically brute force all services running on a target .
Open ports
DNS domains
Usernames
Passwords
so collection of advanced information gathering and scanning tools are playing their role with Sn1per and Distribute the Exact information and scanning result from a specific target.
You can also learn the complete YouTube videos here for all the Sn1per pentesting module training.
We explain how to to enable hardware key authentication on Twitter.
If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post explains how to enable hardware key authentication instead.
Enabling a hardware security key
1. While logged in, navigate to Settings and Support > Settings and Privacy > Security and account access > Security > Two-factor authentication.
2. Click Security key. You can then either insert the key into the USB port of your computer, or sync it over your computer’s Bluetooth or NFC. You should also name your key, which makes it easier for you to keep track of multiple security keys.
3. Click Get started. It’s worth noting here that many types of hardware keys work with mobile devices. You don’t necessarily need to insert keys into your phone, because they’ll authenticate via NFC or Bluetooth instead.
4. Insert the key into your device or sync with a phone via NFC or Bluetooth. Click Add key. Touch the key to add it to your account.
5. You’ll be asked if you want to allow Twitter.com to start using a security key to sign in. The message may differ slightly from the below image.
6. Give the key a name and press Next. Save the backup code in case you lose access to your device or your authentication method.
Your Twitter account is now significantly more secure than it once was. The hardware key means phish attacks won’t work, as there’s no text or application code which can be stolen by phishing or SIM-swap attacks. This should be everything you need to keep your account safe.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Samsung‘s One UI 5.1 update has reached the Galaxy Z Fold 2 and Galaxy A73 5G. The former is getting the update in Europe, while the rollout for the latter has begun in Asia. The company should push the new One UI version to the two phones globally over the next few days.
As of this writing, the Galaxy Z Fold 2 is getting the One UI 5.1 update in Germany. The new firmware build number for the second-gen Samsung foldable in Europe is F916BXXU2JWB5. The update should soon reach other European countries and also cross boundaries to global markets, including the US. The firmware version may vary slightly depending on your carrier and market, but the content will mostly remain unchanged.
The same goes for the Galaxy A73 5G as well. While this phone wasn’t released in the US, Samsung sold it in most other markets. The company has begun seeding One UI 5.1 to the premium mid-ranger in Malaysia. It is picking up the update with firmware version A736BXXU3CWB7 (via). Galaxy A73 5G users in Europe, Africa, Latin America, and other regions can also expect to receive the new One UI version soon.
Samsung’s Galaxy Z Fold 2 and Galaxy A73 5G get One UI 5.1
The Galaxy Z Fold 2 and Galaxy A73 5G are getting the February 2023 Android security patch with this update. The latest SMR (Security Maintenance Release) contains more than 50 vulnerability patches, including a handful of critical ones. But the update is primarily about One UI 5.1 rather than the latest security release. The new version of Samsung’s custom Android software brings a host of new features and improvements.
The Korean smartphone giant has improved its stock camera app with new presets for selfie effects. It has also added a Shared Family Album to the Gallery app so families can easily share photos and videos of their vacations. New gestures and DeX improvements make multitasking more efficient, while Samsung Notes now lets you remotely collaborate while you’re on a Google Meet call. Bixby text Call can also now transcribe your audio calls in English. Improved widgets, smart settings suggestions, and activity-based wallpapers are some other highlights of One UI 5.1.
If you’re using either of these Samsung smartphones, most of these new features will be available to you shortly. One UI 5.1 has also been rolled out to the Galaxy S22, Galaxy S21, Galaxy S20, Galaxy Note 20, and all of the recent Galaxy foldables, as well as the Galaxy A53 5G and Galaxy A33 5G. If you haven’t already updated, go to Settings > Software update and tap on Download and install to check for updates manually.
Once again, Facebook gets dragged to court, but this time for a $3.7 billion case. The case in question went before a London tribunal, and Facebook will get some breathing space. After hearing the case, the tribunal gave the plaintiff time to file more evidence against the defendant.
This ruling will cut Facebook some slack and give the plaintiff time to gather more evidence. Facebook previously referred to this case as being “without merit” and they welcome the court’s decision. The court will look into this case again in the next six months after the plaintiff must have prepared more evidence to back up their case.
Well, Meta and its companies are not new to court cases of various kinds. But what exactly is Facebook being dragged for this time? The plaintiff is accusing Facebook of abusing its position and misusing millions of users’ data for profit.
Mass action lands in a $3.7 billion case against Facebook over handling of user data
The $3.7 billion case against Facebook was filed by Liza Lovdahl Gormsen over concerns about how the company handles user data. She accuses Facebook of abusing its position and monetizing user personal data. This is a mass action case, which means it is on behalf of 45 million Facebook users in Britain.
Liza says that Facebook demands more data from users than it needs to operate. In addition, users then receive less than they are meant to from the economic value that Facebook generates. This she says is a form of exploitation of millions of users around the world.
Liza Lovdahl Gormsen also says that this action is an abuse of the position Facebook holds in their industry. This case was taken before the Competition Appeal Tribunal in the fourth quarter of last year. By the end of January 2023, the tribunal sat and heard the case against social media giants Facebook.
Finally, the tribunal has come up with a verdict and will put the case on hold. The Competition Appeal Tribunal has given Liza Lovdahl Gormsen’s lawyers six months to strengthen their allegations. According to the tribunal, a “root-and-branch re-evaluation” is needed to establish any losses Facebook users have faced concerning this case.
Both parties will return before the tribunal in six months for a final verdict on the case. Liza Lovdahl Gormsen and her lawyers will use this time to get more evidence to win the $3.7 billion case against Facebook. Until then, Meta will continue improving the services on their social media platforms.
