Samsung releases September security update, reveals details

0
[ad_1]

Samsung has revealed the details of the September 2023 security update for Galaxy devices. The latest security patch contains fixes for more than 60 vulnerabilities of varying severity. The Korean firm has already related the update for the Galaxy A14 5G, with other eligible models to follow soon.

According to Samsung, the September SMR (Security Maintenance Release) for Galaxy devices contains 23 Android OS patches. These patches are part of Google’s latest Android Security Bulletin (ASB). Four of these are critical vulnerabilities that could allow bad actors to remotely gain access to an affected phone. The rest were labeled high-severity vulnerabilities by Google.

As usual, the latest ASB also contains some patches that don’t apply to Samsung devices. On the other hand, the Korean firm fixed 35 Galaxy-specific security issues this month. Called Samsung Vulnerabilities and Exposures (SVEs), these flaws don’t exist on Android products from other brands. Samsung hasn’t detailed them all out of security reasons, but we have information about a few SVEs patched with the September SMR.

One of them was a high-severity issue caused by improper access control in Dual Messenger. It allowed local attackers to launch activity with system privilege. Another high-severity issue in Settings Suggestions caused by improper input validation allowed attackers to launch arbitrary activity. Samsung also patched issues with KnoxAI, One UI Home, Samsung Keyboard, LockSettings, and many other system apps and services.

The September SMR for Galaxy devices also contains four Samsung Semiconductor patches. One of those was a moderate severity issue caused by improper authorization of 5G NAS (network-attached storage) messages. These issues affected various Exynos chipsets and modems, including processors found inside smartphones, wearable devices, and automotive products.

The Galaxy A14 5G is getting Samsung’s September security update

All of the aforementioned security patches are already rolling out to the Galaxy A14 5G. The new budget smartphone is currently picking up the September SMR in Malaysia, SamMobile reports. The updated firmware build number for the phone is A146PXXU4BWH4. It’s unclear if Samsung is pushing anything more to the device or if it’s just the latest security update.

Nonetheless, the September security patch should soon reach more Galaxy devices. While flagship models usually get priority, there’s no hard and fast rule. If you’re holding a Samsung device, watch out for an update in the coming days. That’s unless you have a Galaxy Note 10. The Korean firm has ended software support for the 2019 Note series. They will no longer get new updates.


[ad_2]
Source link

Android users might switch to iPhone 15 for this feature

0
[ad_1]

The iPhone 15 series is actually shaping up to be a pretty big upgrade for the iPhone this year. We were not originally expecting it to be much of a redesign, nor bring in new features. But it’s doing both. And the biggest new feature it is bringing in is, USB-C.

That lead SellCell to conduct a survey and see if that might make some Android users witch to the iPhone. And well, it looks like a good number of them would. Now this is a small sample size, as SellCell surveyed only 1,000 iPhone and 1,000 Android users in the US. Existing iPhone users, 63% said that Apple moving to USB-C would influence their decision to upgrade to the iPhone 15. Surprisingly, only 37% said they would upgrade because of USB-C as it would allow them to use one cable to charge everything.

44% of Android users said they would be tempted to switch

In this same survey, about 44% of existing Android owners surveyed said that they would be tempted to buy an iPhone 15 if Apple adopts a USB-C port. Of that 44%, about 35% said that their motivation stemmed from the fact that the iPhone would now work with their existing non-Apple chargers.

Now as to how many would buy an iPhone 15? Well, 66% of the group said they would not be buying one. While about 34% said they would potentially upgrade to the iPhone 15.

While these groups are pretty small, they are also not all that surprising. Most Android users aren’t looking to switch to the iPhone, because then they’d have to leave the Android ecosystem – whether that be Google, Samsung or another company. And start over in another ecosystem. Not to mention they’d have to re-buy all of their apps. But the number of iPhone users willing to upgrade because of USB-C is a bit surprising. As this means they need new cables and potentially new charging bricks too.


[ad_2]
Source link

Hackers Use Flipper Device to Attack Nearby iPhone

0
[ad_1]

Flipper Zero Devices have been discovered with the capability to perform Denial of Service attacks on iPhones.

Threat actors can probably spam the iPhones with so many pop-ups prompting about nearby AirTag, Apple TV, AirPods, and other Apple devices.

Moreover, Flipper Zero Devices can also perform wireless attacks that target car keyfobs, RFID cards, iPhones, and many more.

Security Researcher Anthony, who discovered this attack, termed this as “a Bluetooth advertising assault”.

Flipper Zero Attack Nearby iPhones

Flipper Zero firmware can be used for conducting a broadcast called “Bluetooth Advertising,” which is a type of transmission in the Bluetooth Low Energy protocol used by Apple for enabling iDevice users to connect to Apple Watch and other Apple devices and send pictures using the Bluetooth file sharing system AirDrop.

TechCrunch was able to replicate the vulnerabilities in both the iPhone 8 and the recently released iPhone 14 Pro models, which could potentially be exploited by attackers.

This was done by changing the Flipper Zero firmware with a custom compiled code. After this, a simple switching “ON” of Bluetooth from Flipper Zero begins the broadcasting of pop-up signals to nearby iPhones.

“The exploits worked on iPhones both when Bluetooth was enabled or switched off in the Control Center, but could not reproduce the exploit when Bluetooth was fully switched off from the Settings,”.

Furthermore, the researcher (Anthony) also said that he was able to create an attack that can broadcast signals over longer distances, even miles, and create pop-ups with millions of devices spamming at a high range.

However, he is not providing more details about the attack as it could lead to a vast attack surface for threat actors who intend to spam victims.

A complete exploit and research was published by Anthony, providing more information about the Denial of Service (DoS) attack.

He also added that Apple could mitigate this issue by verifying the integrity of the Bluetooth Devices connecting to the iPhones. They can also reduce the distance at which iDevices can connect to other devices using Bluetooth.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

New Agent Tesla Variant Uses Excel Exploit to Infect Windows PC

0
[ad_1]

The new Agent Tesla variant exploits CVE-2017-11882/CVE-2018-0802 vulnerability to execute the malware. 

Key Findings

  • A new variant of the Agent Tesla malware family is being used in a phishing campaign.
  • The malware can steal credentials, keylogging data, and active screenshots from the victim’s device.
  • The malware is spread through a malicious MS Excel attachment in phishing emails.
  • The malware exploits an old security vulnerability (CVE-2017-11882/CVE-2018-0802) to infect Windows devices.
  • The malware ensures persistence even when the device is restarted or the malware process is killed.

New Agent Tesla Variant Detected in Malicious Phishing Campaign

FortiGuard Labs threat researchers have detected a new variant of the notorious Agent Tesla malware family used in a phishing campaign. Report author Xiaopeng Zhang revealed that the malware can steal “credentials, keylogging data, and active screenshots” from the victim’s device. Stolen data is transferred to the malware operator through email or SMTP protocol. The malware mainly infects Windows devices.

For your information, Agent Tesla malware is also offered as a Malware-as-a-Service tool. The malware variants use a data stealer and .NET-based RAT (remote access trojan) for initial access.

How Phishers Trap Users?

This is a phishing campaign, so initial access is gained through a phishing email designed to trick users into downloading the malware. The email is a Purchase Order notification that asks the recipient to confirm their order from an industrial equipment supplier.

The email contains a malicious MS Excel attachment titled Order 45232429.xls. This document is in OLE format and contains crafted equation data that exploits an old security RCE vulnerability tracked as CVE-2017-11882/CVE-2018-0802 instead of using a VBS macro.

This vulnerability causes memory corruption in the EQNEDT32.EXE process and allows arbitrary code execution through ProcessHollowing method, in which a hacker replaces the executable file’s code with malicious code.

A shellcode download/execute the Agent Tesla file (dasHost.exe) from this link “hxxp://2395.128.195/3355/chromium.exe” onto the targeted device. It is a .NET program protected by IntelliLock and .NET Reactor. Relevant modules are encrypted/encoded in the Resource section to prevent its core module from detection and analysis.

It is worth noting that Microsoft released fixes for this vulnerability in November 2017 and January 2018. However, it is still being exploited by threat actors indicating the presence of unpatched devices. Per FortiGuard research, they observe around 1300 vulnerable devices daily and mitigate 3,000 attacks at the IPS level per day.

New Agent Tesla Malware Uses Excel Exploit to Infect Windows Devices
The phishing email and the ShellCode identified by the researchers (Screenshots: FortiGuard Labs)

Analysis of Agent Tesla Activities

According to FortiGuard Labs’ report, published on 5 Sep 2023, Agent Tesla variant steals stored credentials from web browsers, email clients, FTP clients, etc. There is a long list of targeted software and email clients available here.

The malware sets a keyboard hook through the API SetWindowsHookEx() to monitor low-level keyboard inputs and calls the callback hook procedure “this.EiqpViCm9()” whenever the victim types something on the device. The malware steals the program title, time, and input contents at regular intervals. A Timer calls a method to check the log.tmp file every 20 seconds and sends the info to the attacker via STMP. Moreover, the malware uses another Timer with a 20-minute interval to check for device activities and determine when to capture screenshots.

How does Agent Tesla maintain persistence?

Agent Tesla malware ensures persistence even when the device is restarted, or the malware process is killed, using two methods. It either executes a command for creating a task in the TaskScheuler system in the payload module or adds an auto-run item in the system registry. These methods allow duplication of dasHost.exe to launch automatically when the system restarts.

Protection against such campaigns

Be suspicious of any email that asks for your personal or financial information: Phishing emails often try to trick you into giving up your passwords, credit card numbers, or other sensitive information. Never click on links or open attachments in emails from senders you don’t know or trust.

Keep your software up to date: Software updates often include security patches that can help protect you from malware. Make sure to install security updates as soon as they are available.

Use a strong antivirus and anti-malware program: Antivirus and anti-malware programs can help detect and remove malware from your computer. Keep your antivirus and anti-malware programs up to date and scan your computer regularly.

Be careful what you click on: Phishing emails often contain links that lead to malicious websites. If you click on a link in an email, make sure to check the URL carefully before visiting the website.

Use a spam filter: A spam filter can help reduce the number of phishing emails that you receive.

Educate yourself about phishing: The more you know about phishing, the better you will be able to spot it. Read up on phishing scams and how to protect yourself.

  1. Hackers leak logins of vulnerable Fortinet SSL VPNs
  2. Hackers Using Stolen Ivacy VPN Certificate To Sign Malware
  3. Smoke Loader Drops Location Tracker Whiffy Recon Malware
  4. Luna Grabber Malware Hits Roblox Devs Using npm Packages
  5. Chae$4 Malware Steals Login, Financial Data from Businesses
  6. Adobe ColdFusion Vulnerabilities Exploited to Deploy Malware

[ad_2]
Source link

Phones will soon have more RAM than your computer

0
[ad_1]

Remember the days when the most advanced smartphones came out with 3GB of RAM? Well, the numbers have only gone up from there to the point where phones are gaining on mid-range computers. According to a rumor from Digital Art Station, a phone company is testing a phone with 32GB of RAM.

Since this is a rumor, you’ll want to take this with a grain of salt. Digital Art Station has been a trusted leaker in the past. However, we’ll need to wait for official information from the companies to be sure.

Phones with 32GB of RAM could be in testing

At this point, at least for Android phones, flagship phones typically have either 12GB or 16GB of RAM like the ASUS ROG Phone 7. 8GB, which was flagship grade just a few years ago, is decidedly mid-range while 4GB is now reserved for budget devices.

While 16GB seems to be the ceiling (many decently powerful computers have this much RAM), the OnePlus Ace Pro 2 has a gob-stopping 24GB of RAM. That’s insane, but this is OnePlus, the company that brought the first phone with 8GB of RAM back before Android could even utilize that much RAM.

Now, it seems that sometime down the road, we might see phones with 32GB of RAM. That seems a bit excessive because that’s double what top-tier phones are using now. That should be enough to store any app that a person would use on a daily basis.

While that’s the case, we don’t know if Android will be able to fully utilize all of that RAM when/if that phone comes out.

Right now, we don’t know what company is testing 32GB of RAM on its phone. If that phone comes closer to launching, then we expect it to be the main selling point. In any case, we don’t expect this phone to actually hit the market any time soon. As stated before, we just now got our first phone with 24GB of RAM. We might not see a phone with more RAM for a few years.


[ad_2]
Source link

Sonos Move 2 goes official with better battery life, Stereo Audio

0
[ad_1]

Sonos, today, announced the Move 2. Its second-generation portable speaker that everyone seems to love. The biggest new feature on this one is the improved battery life. Sonos claims that the Move 2 can last a full 24 hours on a charge. That’s more than double what the original Move was able to do.

On top of that, Sonos is also adding a USB-C port to the Move 2. That means that you can charge your speaker with the same cable as your phone, laptop and basically everything else. You can also directly connect things like your phone to the Sonos Move 2.

The other big feature for the Sonos Move 2 is the stereo output. So now you can get stereo audio out of the Sonos Move 2. That’s a big change, since the original version could only output audio in mono. The company also mentions that the Move 2 has a “completely overhauled acoustic architecture” and that includes dual tweeters and a precision-tuned woofer. So it should sound way better than the original.

There is support for AirPlay 2, Bluetooth, Amazon Alexa and Sonos Voice Control. You’ll notice that Google is missing, and that likely has to do with their lawsuit.

When can you buy the Sonos Move 2

Pre-orders for the Sonos Move 2 open up today. It’ll cost $449, and start shipping on September 20. And it’ll be available in three colors. There’s the usual black and white colorways, but Sonos has also added an Olive color this time around. Since the Sonos Move is something that Sonos things you’ll be taking around and out of the house, having some more fun colors are a good move.

That is a $50 price increase over the original Sonos Move. However, given the pretty big upgrades here, that $50 increase isn’t that bad. It is one of the more expensive portable speakers on the market, but given the incredible sound here, and battery life, it is definitely a better option than a lot of other options on the market.


[ad_2]
Source link

Russian APT28 Hackers Attacking Critical Power Infrastructure

0
[ad_1]

The АРТ28 hacking group, suspected to have ties to Russian special services, has made an audacious attempt to breach the critical power infrastructure of Ukraine

This latest cyberattack has raised alarms within the cybersecurity community and heightened concerns over the security of vital infrastructure.

Deceptive Tactics Exposed

The modus operandi of the АРТ28 group involved the use of bulk emails from a forged sender’s address. These emails contained a link to a seemingly innocuous ZIP archive.

However, upon opening this deceptive attachment, the attackers would have gained unauthorized access to the targeted organization’s systems and sensitive data.

Security experts have underscored the sophistication of this attack, emphasizing that the hackers leveraged legitimate services, including Mockbin, and exploited standard software functions to conceal their activities.

CERT-UA has provided an in-depth analysis of the attack chain, revealing the intricate details of the cyber assault.

They have also shared their findings on how the attack was ultimately thwarted. For those seeking comprehensive insights into this cyber threat, the detailed analysis is available on the CERT-UA website at [cert.gov.ua/article/5702579](https://cert.gov.ua/article/5702579).

The Computer Emergency Response Team of Ukraine (CERT-UA), operating under the State Service of Special Communications and Information Protection (SSSCIP), swiftly detected and analyzed a targeted cyberattack orchestrated by the notorious АРТ28 group.

The attackers intended to compromise a Ukrainian critical power infrastructure facility, potentially causing widespread disruption.

АРТ28’s Troubling History

The АРТ28 hacking group, which is known by various aliases such as Pawn Storm, Fancy Bear, and BlueDelta, has consistently targeted Ukraine in previous cyber operations:

  • In July 2023, CERT-UA uncovered an АРТ28 cyberattack aimed at stealing Ukrainians’ email account credentials.
  • In June, through collaboration with Recorded Future, CERT-UA exposed a spying campaign directed against Ukrainian organizations.
  • In April, cybercriminals associated with АРТ28 attempted to infiltrate Ukrainian governmental agencies through fake ‘OS updates.’

This pattern of relentless cyber aggression against Ukraine underscores the ongoing security challenges in the region and the need for constant vigilance against cyber threats.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Meta will discontinue Facebook News in UK, France and Germany

0
[ad_1]

Meta, the parent company of Facebook, has slowly been moving away from news-related content due to various reasons. Now, as part of its efforts to realign investments, Meta has announced that it will discontinue Facebook News in the United Kingdom, Germany, and France, starting in early December.

The company first introduced Facebook News in 2019 as a dedicated news section for publishers residing within the main Facebook interface and serving as a platform for both local and international news. However, shortly after its launch, the platform came under scrutiny from countries such as Canada, which demanded that the company must equally compensate publishers. This resulted in Meta blocking news content in Canada.

In contrast, the company’s decision to discontinue news content in these European countries stems from its strategic direction to allocate resources toward services and products that align more closely with users’ preferences. This is because news content currently constitutes less than 3% of what users encounter in their Facebook feeds. Therefore, instead of focusing on news content, the company will shift its attention to short-form videos and explore new interests.

“We know that people don’t come to Facebook for news and political content – they come to connect with people and discover new opportunities, passions and interests,” reads the company’s blog post.

What will happen to the existing agreements?

Despite the plans for the United Kingdom, Germany, and France, Meta has confirmed that it will honor the existing agreements with publishers in these countries. However, the company has pointed out that it does not foresee the introduction of new Facebook products specifically tailored for news publishers in the future.

Additionally, Meta has also clarified that it is not blocking access to articles or publishers’ pages in the affected European countries. Moreover, publishers will continue to have access to their Facebook accounts and Pages, allowing them to post links to their stories and direct users to their websites like any other individual or organization.


[ad_2]
Source link

iPhone 15 series Cameras get detailed ahead of Apple’s “Wonderlust” event

0
[ad_1]

Just like every other phone, the iPhone 15’s biggest feature is going to be the camera. And we’re hearing from some analysts that the cameras are going to be the “star of the show” on September 12. With TrendForce stating that the upgrades are a “pivotal factor” and it could “tip the scales for potential buyers”.

So what are we expecting out of these cameras this year? Let’s start with the iPhone 15 and 15 Plus. These phones are getting the upgraded 48-megapixel main sensor that the iPhone 14 Pro series got last year. So that’s a 48-megapixel sensor with a f/1.6 aperture. It is also getting the same 12-megapixel ultrawide sensor, with a f/2.4 aperture.

Why is this 48-megapixel camera important on the iPhone 15 and iPhone 15 Plus? Well, because it gives these phones a decent zoom. It will give them a 2x telephoto zoom without a telephoto lens. Since Apple will crop in on that 48-megapixel sensor. So it’s still a good zoom, without adding a third camera.

iPhone 15 Pro and Pro Max get the real upgrades

Now moving onto the Pro models, both of these are apparently getting the same sensors, with the Pro Max getting a periscope lens. But let’s break it down.

The iPhone 15 Pro is getting a 48-megapixel Sony IMX803 main sensor, with a f/1.78 aperture. There’s a 12.7-megapixel telephoto lens with a f/2.8 aperture and then a 13.4-megapixel ultrawide camera with a f/2.2 aperture.

Over on the iPhone 15 Pro Max (or Ultra, if it does get renamed), we’re looking at the same Sony IMX 803 48-megapixel main sensor with the f/1.78 aperture. It also has the same ultrawide camera that’s 13.4-megapixels and a f/2.2 aperture. But the telephoto lens is a bit different. It’s a 12.7-megapixel f/2.8 aperture periscope lens.

According to MacRumors, this new periscope lens is going to be “entirely new” and does confirm from a number of other leaks and rumors we’ve seen lately about the phone. This new periscope lens could allow for 5x or even 10x zoom on the iPhone 15 Pro Max. That would be a big upgrade from the 3x that’s currently available on the iPhone 14 Pro Max.

Apple is expected to announce the iPhone 15 series on September 12, along with a few other products.


[ad_2]
Source link

Caldera Open Source Security tool for critical  Infrastructure

0
[ad_1]

MITRE has CISA (America’s cyber defense agency) unveiled a collection of plugins designed to extend the capabilities of Caldera into the Operational Technology (OT) environment. 

MITRE Caldera is a cyber security platform designed to easily automate adversary emulation, assist manual red teams, and automate incident response.

These plugins promise to bolster the defense mechanisms and testing capabilities within critical infrastructure systems.

Contained within the “caldera-ot” repository, these plugins serve as essential tools for securing OT environments. 

They are available as Git submodules, making them easily accessible to security professionals and researchers.

Installation Made Simple

To install the full suite of Caldera for OT plugins, users can employ the following command:

git clone https://github.com/mitre/caldera-ot.git --recursive

Alternatively, individuals can set up specific plugins individually, tailoring their OT security approach to their precise needs. 

Currently, three key plugins are available:

  • BACnet Catering to Building Automation and Control Networks (BACnet) protocol.
  • DNP Addressing the Distributed Network Protocol 3 (DNP3).
  • Modbus Supporting the Modbus protocol.

These plugins are poised to bring a new level of sophistication and customization to OT security strategies.

Unifying and Exposing Open-Source OT Protocol Libraries

MITRE’s Caldera for OT plugins serves to unify and expose open-source OT protocol libraries, offering them as protocol-specific plugins. 

Each plugin provides comprehensive documentation, including high-level README.md files, source code-specific README.md files under /src, and Caldera Field Manual documentation under /docs.

Enhanced Security and Training

The motivation behind these plugins lies in enabling adversary emulation within the OT environment. 

This empowers organizations to bolster their security defenses and prepare for potential threats effectively. 

Moreover, it supports traditional Caldera use cases, such as operator training and comprehensive testing of security measures.

MITRE’s initiative represents a significant step forward in the ongoing effort to safeguard critical infrastructure systems and bolster security within the OT realm. 

For those seeking more detailed information, MITRE has also provided a presentation on “Emulating Adversary Actions in the Operational Environment with Caldera (TM) for OT.”

Stay tuned for further updates as the security community explores the potential of these Caldera for OT plugins in fortifying critical infrastructure against emerging threats.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link