LayerSlider WordPress Plugin Vulnerability Threatens Websites

andreasc
-
0
LayerSlider WordPress Plugin Vulnerability Threatens Websites
[ad_1]

WordPress admins using the LayerSlider plugin on their websites must update their sites with the latest plugin release as soon as possible. The plugin developers patched a critical security vulnerability in LayerSlider that could allow SQL injection attacks from unauthenticated attackers.

LayerSlider Plugin Had A Critical SQL Injection Vulnerability

According to a recent report from Wordfence, a security researcher found a critical vulnerability in the popular WordPress plugin LayerSlider. The researcher discovered an SQL injection flaw that could let an adversary steal data.

Specifically, the vulnerability affected the plugin’s ls_get_popup_markup action. The plugin uses this action to query sliders markup for popup, allowing to specify “id” with the ‘id’ parameter. However, in case of no specific number in the parameter, the plugin would pass the query without sanitization, ultimately allowing SQL injection. The researchers have explained the technicality behind this flaw in their report.

Exploiting the vulnerability requires the adversary to use a time-based blind approach to steal data. Regarding this approach, Wordfence stated,

Since Union-Based SQL injection is not possible due to the structure of the query, an attacker would need to use a time-based blind approach to extract information from the database. This means that they would need to use SQL CASE statements along with the SLEEP() command while observing the response time of each request to steal information from the database. This is an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities.

This vulnerability, CVE-2024-2879, received a critical severity rating and a CVSS score of 9.8. The flaw typically affected LayerSlider plugin versions 7.9.11–7.10.0.

Vulnerability Addressed With Latest Plugin Release

Following the researchers’ report, the developers patched the vulnerability with plugin release 7.10.1. While the plugin’s official website lists the latest release with some security fixes, it hasn’t described the exact patches. Nonetheless, Wordfence confirmed version 7.10.1 as the latest release; hence, this is the version that users should upgrade to.

LayerSlider is a popular WordPress plugin that helps developers build attractive websites without much coding. Its usefulness has earned it over 1,000,000 active installations, which, on the other hand, also hints at the massive security risk this plugin can pose if exploited. To prevent the threat, WordPress admins running this plugin should immediately update their sites with the latest release.

Let us know your thoughts in the comments.


[ad_2]
Source link

Kid Security app exposed children’s locations, messages & more

andreasc
-
0
Kid Security app exposed children’s locations, messages & more
[ad_1]

Kid Security, a popular parental control app with millions of downloads, has been found to leak sensitive information about children. The app, which is available on Android and iOS, exposed GPS locations, private messages, email addresses, IP addresses, and more. The data was accessible to anyone for over a year, security researchers at Cybernews discovered. The same team previously reported a data leak by Kid Security in November 2023.

Security researchers discover another data leak by Kid Security

Kid Security is a mobile app that parents can install on their children’s phones to track their locations, listen to their surroundings when away, limit screen times, control digital interactions, and more. Developed by a company headquartered in Kazakhstan, it works in tandem with another app called ‘Tigrow!’ to give parents full control over what their children do on their phones.

Unfortunately, poor security measures mean the app did more harm than good to its users. According to Cybernews, the developers of Kid Security “failed to configure authentication for their Kafka Broker Cluster.” This compromised sensitive data collected from minors’ phones. The leaked data included private messages from various chat apps, including Instagram, WhatsApp, Telegram, Viber, and Vkontakte.

The leak also exposed parents’ email addresses, IP addresses, lists of apps installed on phones and their usage statistics, audio recordings of minors’ environments, device locations, IMEI numbers, and other forms of data. The worst part is that anyone, including threat actors, could access the data. And not for a day or a week, but for a whole year, which is a massive security risk for parents and minors.

Information like email addresses, social media messages, IMEI numbers, and GPS locations are more than enough to pinpoint a user. Some leaked group chats had specific school names and class designations in the title, further enabling a threat actor to narrow down an individual. They could also use the Sound Around feature to listen to and record a kid’s surroundings without their knowledge.

The leak also impacted children who don’t use this app

This data leak also impacted children who don’t have Kid Security installed on their phones. Their messages sent to children with this app were exposed. This included group chats with the aforementioned specifics. The leak predominantly affected people in the Russian Federation, Eastern Europe, and the Middle East, though a substantial number of people from other regions also use the app.

Cybernews discovered this leak in February 2024. The cluster has been open since January 2023. Over this period, it had exposed over 100GB of information. The researchers observed the cluster for over one hour and received 456,000 private messages and app usage statistics from 11,000 phones. That’s a remarkably high volume of data compromised within an hour. Threat actors could use the information to launch more devastating attacks.

The publication reached out to the developers of Kid Security after discovering this leak. The company subsequently secured the cluster but damage was already done. Considering that the leak remained unpatched for over a year, the developers probably weren’t actively monitoring the cluster. A previous leak also exposed thousands of phone numbers, email addresses, and activity logs of the app’s users.

If you or someone you know uses Kid Security, it might be a safer option to uninstall it and switch to some other parental control app. You should also remain vigilant regarding the safety of your kid as the leak could have compromised your data.


[ad_2]
Source link

Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Pass

andreasc
-
0
Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Pass
[ad_1]

Cybersecurity experts have identified a new threat lurking in the shadows of the dark web, a Remote Access Trojan (RAT) known as Oxycorat.

This malicious software is specifically designed to infiltrate Android devices. Cybercriminals looking for a comprehensive toolkit to execute various infamous activities can purchase it.

The Threat at Hand

Oxycorat boasts an alarming array of features that pose significant risks to Android users.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

According to the details, the RAT includes a file manager, an SMS manager, and a wallet stealer, which could give attackers access to sensitive financial information.

Additionally, it can manage WhatsApp messages, potentially exposing private conversations.

One of the most troubling capabilities of Oxycorat is its ability to act as ransomware, locking users out of their devices and demanding payment for access restoration.

It can also steal Wi-Fi passwords, leading to unauthorized access to private networks, further compromising personal data, and spreading the infection to other devices connected to the same network.

ThreatMon recently reported on Twitter that Oxycorat, a Remote Access Trojan (RAT) targeting Android devices, is currently available for purchase.

The sale and distribution of such malware are illegal and constitute a serious cybercrime.

Law enforcement agencies around the world are ramping up efforts to combat the proliferation of RATs like Oxycorat.

Cybersecurity experts are working closely with legal authorities to track down the creators and distributors of this RAT, mitigate its spread, and protect users from potential harm.

Impact on Android Users

The existence of Oxycorat on the dark web is a stark reminder of the persistent threats that Android users face.

While Android’s open ecosystem is beneficial for innovation and user choice, it can also make it more susceptible to such attacks.

Users are advised to remain vigilant, avoid downloading apps from untrusted sources, and update their devices with the latest security patches.

Preventative Measures

To safeguard against threats like Oxycorat, users should:

  • Install a reputable antivirus and anti-malware application on their devices.
  • Regularly update their operating system and apps to the latest versions.
  • Be cautious when granting app permissions, especially those that seem unnecessary for the app’s function.
  • Avoid clicking on suspicious links or downloading attachments from unknown sources.
  • Use strong, unique passwords for their Wi-Fi networks and change them periodically.

The discovery of Oxycorat is a reminder of the evolving landscape of cyber threats.

As cybercriminals become more sophisticated, so must the cybersecurity community and everyday users.

It is a collective effort to stay one step ahead of these threats, and awareness is the first line of defense.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Both Galaxy Z Fold FE & Z Flip FE allegedly coming in 2024

andreasc
-
0
Both Galaxy Z Fold FE & Z Flip FE allegedly coming in 2024
[ad_1]

According to a rumor from China, both the Galaxy Z Fold FE and Galaxy Z Flip FE are on the way. Their processors have also been revealed, along with some other details. Before we get down to it, however, take this rumor with a grain of salt. We have heard of the Galaxy Z Fold 6 FE already, and it will probably launch in 2024, but this rumor doesn’t come from a trusted source, so we’re still not sure about the details.

Both the Galaxy Z Fold FE & Galaxy Z Flip FE are allegedly coming this year

In any case, the source claims that the Galaxy Z Fold FE and Galaxy Z Flip FE will both launch this this year. Both of them could have a number ‘6’ in their names, though, we’ll see.

It is also stated that the Galaxy Z Fold FE model will use both Snapdragon and Exynos chips. That will depend on the market where you buy the device. We’re still not sure what chips, though. The Galaxy Z Flip FE, on the other hand, is tipped to utilize the Snapdragon 7s Gen 2.

The source also shared the alleged dimensions of the devices. The Galaxy Z Fold FE, when folded, is said to measure 155.1 x 67.1 x 14.2mm. The Galaxy Z Flip FE, when unfolded, is tipped to measure 165.2 x 71.9 x 6.9mm.

Even their RAM & storage options have been tipped

The Galaxy Z Fold FE could arrive in two RAM variants, 12GB and 16GB flavors. The Galaxy Z Flip FE will, allegedly, include 8GB of RAM. Both devices could end up offering 256GB and 512GB storage options.

That is basically everything that the source shared. As already mentioned at the beginning, take this information with a grain of salt. Not only because of the source, but because this is the first time we’re hearing news of the Galaxy Z Flip FE, at least for this year’s launch.

The Galaxy Z Fold FE aka Galaxy Z Fold 6 FE is said to arrive after the Galaxy Z Fold 6 and Galaxy Z Flip 6. The phone is said to come in September or October.


[ad_2]
Source link

Winnti Hackers’ New UNAPIMON Hijacks DLL And Unhook API Calls

andreasc
-
0
Winnti Hackers’ New UNAPIMON Hijacks DLL And Unhook API Calls
[ad_1]

Hackers commonly employ dynamic-link library (DLL) hijacking and unhooking of APIs to damage security measures and authorize harmful activities on breached systems.

In this regard, DLL hijacking permits them to load malicious code by utilizing flaws in the way applications load external libraries.

On the other hand, API unhooking helps bypass some monitoring mechanisms by modifying processes’ interaction with system APIs.

APT41 (aka Winnti) ‘s most recent attack on an organization was just traced back to Earth Freybug, a cyber threat group that has been active since 2012 and has been actively targeting firms in different sectors and countries.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Earth Freybug uses two mechanisms, “DLL hijacking and API unhooking,” to evade child process monitoring. It utilizes a new unknown malware called UNAPIMON. 

This case was about exploiting genuine Windows utilities (schtasks.exe, vmtoolsd.exe) to implant malware.

It began by injecting codes into vmtoolsd.exe to create a scheduled task from the remote that started a batch script pre-staged.

This script gathered wide details about the system and created another scheduled task that ran a second script.

Earth Freybug attack chain (Source – Trend Micro)

The second script used DLL side-loading in order to load malicious DLLs into SessionEnv service and a new cmd.exe process which turned the machine into a backdoor for the attacker.

Experts observed using a strange malware dubbed UNAPIMON, a straightforward C++ DLL that hooks the CreateProcessW API. 

Its hooking mechanism launches new suspended processes, loads a local copy of each loaded DLL, creates an in-memory copy in the suspended process, and verifies that the two copies match before resuming the new process. 

This obfuscates monitoring of loaded DLLs in child processes as a defense evasion technique.

UNAPIMON verifies the in-memory copy matches the local copy by comparing headers and exported function details for each loaded DLL in the suspended child process. 

It analyzes the first few bytes of code to check if any exported functions were modified (hooked). Any hooked functions are then “unpatched” by overwriting the modified code with the original bytes from the local DLL copy. 

This removes any hooks/patches applied to the child process’s loaded DLLs before allowing execution, evading monitoring.

When unloaded, UNAPIMON removes its CreateProcessW hook.

UNAPIMON aims to unhook monitored API functions in child processes, evading detection from sandboxes and other API hooking-based monitoring. 

Its originality lies in creatively using existing tools like Microsoft Detours—instead of the malware doing the hooking, it un-hooks any hooked functions before execution. 

This simple yet effective technique showcases the malware author’s coding skills in repurposing ordinary libraries maliciously.

By removing API hooks, UNAPIMON allows unmonitored execution of malicious child processes.

Limiting administrative privileges follows the principle of least privilege, which limits attack possibilities.

Earth Freybug evolves its strategies over time by applying simple yet effective methods to old patterns, making detection difficult.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

[ad_2]
Source link

Android 15 could add adaptive screen timeout to save battery

andreasc
-
0
Android 15 could add adaptive screen timeout to save battery
[ad_1]

Android 15 may add a new option for screen timeout settings. Code strings spotted in the second Developer Preview (DP2) released last month hint at an “adaptive timeout” setting that automatically turns off the screen when the device is not in use. The feature isn’t live on DP2 but Google could add it to the next build.

Android 15 may automatically turn off the screen when not in use

Android OS offers several options for screen timeout settings. By default, the screen is turned off after 30 seconds of inactivity and the device is locked five seconds later. Depending on the device, you can set screen timeout to as high as 30 minutes of inactivity, with a lower limit of just 15 seconds. Some OEMs also offer the ability to customize how long the device stays unlocked after the screen goes off.

Additionally, you get a toggle to keep the screen on as long as you are looking at it, even beyond your existing timeout duration without any activity. The feature uses your phone’s front camera to detect if you are staring at the screen. The new “adaptive timeout” feature will seemingly work the other way around. It will check whether someone is looking at the screen; if not, it will turn off the screen.

Spotted by Android expert Mishaal Rahman, the new setting “automatically turns off your screen early if you’re not using your device.” Say, you have set the screen timeout at two minutes. Currently, the screen will remain on for two minutes even when not in use. This unnecessarily drains the battery. Google aims to address this issue with the new feature. It automatically turns off the screen when you aren’t using it.

The strings and descriptions spotted in Android 15 DP2 don’t detail how Google plans to detect whether someone is looking at the screen. It will likely use the front camera or other sensors on the device to determine that. The feature is currently in development. More details may be available in due course. The first public beta build of Android 15 is scheduled to arrive sometime this month.

Android 15’s adaptive screen timeout may be Pixel-exclusive

These code strings were found in the settings app of Android 15 DP2 and belong to “classes under the com.google.* namespace.” This suggests Google won’t make the adaptive timeout feature part of the open-source version of Android (AOSP). Instead, it could keep the feature exclusive to Pixel devices. Screen attention also isn’t available in AOSP out of the box, so that makes sense. Stay tuned for more on Android 15.


[ad_2]
Source link

Progress Flowmon Vulnerability Let Attackers Inject Malicious Code

andreasc
-
0
Progress Flowmon Vulnerability Let Attackers Inject Malicious Code
[ad_1]

A new critical vulnerability has been discovered in Progress Flowmon, assigned with CVE-2024-2389.

Progress Flowmon is a Cloud Application Performance monitoring solution that can help analyze network and application traffic.

Moreover, it can also be used for several purposes, such as Troubleshooting, network visibility, bandwidth monitoring, attack evidence and analysis, network capacity planning, and many others.

Last year, the progress software’s MOVEit Vulnerability was exploited widely by CL0P Ransomware Group.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

However, this new vulnerability has been patched and a security advisory has also been released for addressing this vulnerability.

According to the advisory, the existence of this vulnerability has been confirmed in Flowmon versions v11.x and v12.x.

This vulnerability could allow an unauthenticated remote threat actor to gain access to the web interface of flowmon.

Once this access has been gained, the threat actor can then issue a specially crafted API command that will let the attacker execute arbitrary system commands without any authentication.

The severity for this vulnerability has been given a maximum of 10.0 (Critical).

Furthermore, this vulnerability also affects all the platforms of Flowmon versions 11.x and 12.x. Nevertheless, it has been confirmed that versions prior to 11.0 are not affected by this vulnerability.

However, there has been no evidence of threat actors exploiting this vulnerability in the wild.

Progress has immediately acted upon this vulnerability and has released the patched versions of Flowmon 12.3.5 and Flowmon 11.1.4.

In order to upgrade these versions, users can use the automatic package download feature on their Flowmon appliance or download the releases manually.

It is recommended that users of these product versions upgrade to the latest versions to prevent threat actors from exploiting this vulnerability.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

[ad_2]
Source link

Samsung is getting ready to build the Galaxy S24 FE

andreasc
-
0
Samsung is getting ready to build the Galaxy S24 FE
[ad_1]

Last year, Samsung released the Stellar Galaxy S23 FE (Review). This is a phone that was able to get a five-star review here at Android Headlines, and it’s still an amazing option today. However, if you’re looking forward to the next generation of Fe devices,  then you’ll be happy to know that Samsung is getting ready to build the Galaxy S24 FE.

At this point, details about this device are very scarce. Firstly, since we’re dealing with early information, it should be taken with a grain of salt. Also, we don’t expect to see this device hit the market For at least another half a year. So, we will be getting more information as time goes on.

Samsung is getting ready to build the Galaxy S24 FE

Right now, the company is starting to put together the blueprint for this phone and gather suppliers for key components. According to the report, Samsung was able to secure a supplier for the display driver ICs (integrated circuits). The company is Korea-based Anapass.

Reports also state that the Galaxy S24 FE will have a rigid OLED display panel. Also, it could employ chip-on-film packaging for the display driver. Regardless of what the company does with the display, it will be a great-looking display. The Galaxy S23 FE has an absolutely beautiful screen, and it lives up to the standard that Samsung has established for its phone displays.

Also, Samsung is no stranger when it comes to working with Anapass, so it’s familiar with using the company’s ICs.

Galaxy S24 FE speculated specs

Right now, we have no information about this phone to go on. However, based on information that we have on past FE phones, there are some assumptions that we can make. Firstly, we can expect this phone to have a modestly sized display that’s similar to the Galaxy S24’s display 6.2-inch. We know that the display is going to be OLED, and we expect it to be the standard 1080p+ resolution.

As for the processor, it seems likely that Samsung will go for the Qualcomm Snapdragon 8 Gen 2 for this phone. Backing that up, we could see 8GB of RAM and up to 256GB of storage.

As far as the design goes, we feel like Samsung will opt for the flatter edges of the S24 rather than the rounded edges of the Galaxy S23. In any case, we expect the Galaxy S24 FE to be a fantastic device and continue the FE brand’s legacy


[ad_2]
Source link

WhatsApp plans to add picture-in-picture option for videos

andreasc
-
0
WhatsApp plans to add picture-in-picture option for videos
[ad_1]
One of the world’s most popular messaging apps, WhatsApp is getting better and better each month. Meta has been quite consistent when it comes to keeping the app updated.

Aside from the usual improvements and bug fixes, WhatsApp is getting new features every month, while the beta version introduces new features almost on a weekly basis.

One of the recent updates for the beta version of WhatsApp introduces a very important feature: picture-in-picture mode for videos. The folks over at WABetaInfo have learned that WhatsApp for iOS 24.6.77 features the ability to watch videos while browsing through multiple chats or other parts of the app.
WhatsApp plans to add picture-in-picture option for videos

Currently, WhatsApp allows users to take advantage of the picture-in-picture mode, but only when watching YouTube and Instagram videos. The latest beta version of WhatsApp makes it possible to use picture-in-picture even when watching videos shared directly within the app.

According to the report, the improved picture-in-picture feature is limited to watching videos in the app, so it’s not possible to use the mode when switching to another app.

[ad_2]
Source link

Bing Ads Exploited by Hackers to Spread SecTopRAT

andreasc
-
0
Bing Ads Exploited by Hackers to Spread SecTopRAT
[ad_1]

Hackers have been exploiting Microsoft Bing’s advertising platform to launch a malvertising campaign that impersonates the reputable VPN service NordVPN.

This sophisticated scheme aims to trick users into downloading a Remote Access Trojan (RAT) known as SecTopRAT, which poses security risks.

The campaign was discovered when users searching for “nord vpn” on Bing were presented with a fraudulent ad.

The ad’s URL featured a domain name, nordivpn[.]xyz, registered only a day before its discovery on April 3, 2024.

The domain’s name, intentionally misspelled, is a tactic to deceive users who may not scrutinize the URL closely.

Clicking on the ad redirects users to another deceptive site, besthord-vpn[.]com, also registered recently.

This site is a near-perfect replica of the legitimate NordVPN website, designed to convince visitors of its authenticity.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

The Deceptive Download

Unlike the genuine NordVPN, which requires users to sign up, the fake site offers a direct download link for the installer, hosted on Dropbox.

As reported by Malwarebytes, The file named NordVPNSetup.exe is misleadingly digitally signed to appear as if it originates from the official vendor.

However, the signature is fraudulent. The executable contains not only the NordVPN installer but also the SecTopRAT malware.

The malware is designed to inject itself into MSBuild.exe, a legitimate process, and establish a connection to a command and control server located at 45.141.87[.]216 on port 15647.

This traffic pattern is associated with the Arechclient2 Backdoor, another name for SecTopRAT.

Industry Response

Upon discovery, the malicious Bing ad and its associated infrastructure were reported to Microsoft.

Dropbox has taken swift action to remove the malicious download link.

The cybersecurity community, including ThreatDown, is working with industry partners to dismantle this malvertising operation.

Malvertising illustrates the ease with which malware can be distributed using legitimate software.

Threat actors can rapidly deploy infrastructure to evade content filters and target unsuspecting users.

For organizations looking to safeguard against such threats, DNS Filtering is a robust solution.

ThreatDown customers can enable rules to block online ads, significantly reducing the risk of malvertising. This preventative measure can be applied across an organization or tailored to specific areas.

The exploitation of Bing ads to spread malware is a stark reminder of the ever-evolving landscape of cyber threats.

Users must remain vigilant when downloading software and ensure they use official sources.

Organizations should consider implementing additional security measures, such as DNS Filtering, to protect against sophisticated attacks.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link
1...213214215...1,452Page 214 of 1,452