New Infamous Chisel Malware Targets Android Users

0
[ad_1]

Another potent malware has appeared online aiming at Android users. Identified as “Infamous Chisel,” the malware currently targets Android users from the Ukrainian military. However, while the campaign presently seems specifically directed against a nation, it may evolve into a more widespread malware campaign.

CISA Warns Of New Infamous Chisel Android Malware

The US CISA has warned Android users to stay wary of the newly discovered Infamous Chisel malware through a recent alert.

Referring to a joint malware analysis report from the US agencies (CISA, NSA, and FBI), together with New Zealand’s National Cyber Security Centre (NCSC-NZ), United Kingdom’s National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD), the alert highlighted the narrowly-focused malware, presumably from Russian threat actor group “Sandworm,” aiming at the Ukrainian military.

Regarding the malware, Infamous Chisel operates over the Tor network, establishing a persistent connection to the target devices. During this period, the malware collects device information, such as the list of installed apps, particularly looking for apps specific to the Ukrainian military.

Moreover, it also exhibits network monitoring capabilities and provides SSH access to the threat actors. Besides, it also manages SCP file transfer, steals stored credentials, tracks location, collects files, and exfiltrates communication data.

To manage all these functionalities, Infamous Chisel includes various components that the malware analysis report describes.

Although the malware exhibits serious malicious capabilities, the researchers found it missing out on obfuscation. That means detecting the malware attack is possible with less effort. However, the attackers, according to the report, may have intentionally ignored this aspect since Android devices often lack a host-based detection system.

It currently remains unclear how the malware manages to reach the target devices.

Presently, Infamous Chisel particularly targets the Ukrainian military, indicating its potential use as another weapon for the ongoing Ukraine-Russia conflict. However, this specificity can expand to include other victims from different regions at any time. Therefore, all Android users must remain careful when interacting with unsolicited links or apps from unknown sources to avoid such threats.

Let us know your thoughts in the comments.


[ad_2]
Source link

Save big on the Anker Nano II 65W wall charger

0
[ad_1]

Amazon has the new Anker Nano II 65W wall charger is on sale right now, dropping about 15% off of its regular price. And now it’s just $33.99. This is going to be a great pickup to go with the new smartphones coming out this Techtember and Techtober.

The Anker Nano II 65W charger has two USB-C ports and a USB-A port. The USB-C ports can do 65W each (but not simultaenously), with the USB-A port is doing 22.5W. Which is pretty impressive. Though, keep in mind that the more things you plug in here, the slower each port is going to charge. As this can only do 65W total, max. So if you use all three ports, the top USB-C port will do 40W still, while the second USB-C port and the USB-A port will do 12W each. For a max of 64W.

It’s a great charger to take on the go with you, since it is pretty small and the prongs are foldable. So you can toss it into your bag with ease. This wall charger uses GaN instead of silicon so it’s smaller than most other USB-C 65W chargers.

You can pick up this Anker charger from Amazon by clicking the link below.

Anker Nano II 65W – Amazon


[ad_2]
Source link

Disney blocks access to its channels for Charter Spectrum users

0
[ad_1]

As part of a major contract dispute, Disney has decided to pull the plug and block access to its 25 channels for Charter Spectrum cable users. This abrupt blackout, which unfolded on Thursday evening without any prior notice, left many users frustrated, as it disrupted not only the U.S. Open but also the opening weekend of college football broadcasts.

The crux of the matter

According to Charter’s CEO, Chris Winfrey, the company, aiming to keep costs low for its 14 million consumers, pushed for a revamped deal with Disney, which would grant access to Disney’s ad-supported streaming services, like Disney+ and ESPN+, without extra charges. And although Charter eventually agreed to Disney’s request for increased fees, both companies weren’t able to reach a deal on the streaming access terms.

As a result, Charter Spectrum expressed their disappointment with Disney’s decision, accusing them of trying to compel their customers to pay for expensive programming, even if they have no interest in it. Moreover, the company believes that its proposed model would offer a better choice to customers.

“We offered Disney a fair deal, yet they are demanding an excessive increase. Spectrum is on your side and fighting to keep costs down while protecting and maximizing customer choice. The rising cost of programming is the single greatest factor in higher cable TV prices, and we are fighting hard to hold the line on programming rates imposed on us by companies like Disney,” said Spectrum.

Disney’s say

In response, Disney asserted that Charter declined their offer despite favourable conditions and creative proposals to make Disney’s streaming services accessible to Spectrum customers. Additionally, the company also emphasized its successful partnerships with various pay-TV providers across the country and clarified that ongoing negotiations had been in progress with Charter Communications.

Despite the issue, Disney stated in a press release that they are “ready to return to the negotiation table to restore access to our unrivalled content for their customers as quickly as possible.”


[ad_2]
Source link

PoC Exploit Released for VMware Aria Authentication Flaw

0
[ad_1]
PoC Exploit VMware Aria

VMware Aria Operations for Network was discovered with an Authentication Bypass vulnerability previously, which had a critical severity. VMware has released patches for fixing this vulnerability. However, a Proof-of-concept and the patch file provided by VMware have been briefed.

CVE-2023-34039 was the CVE ID assigned to this vulnerability. According to VMware, the vulnerability exists due to the lack of unique cryptographic key generation that leads to an authentication bypass. After analyzing, it was discovered that this was not an authentication bypass vulnerability. Instead, this is a hardcoded SSH key issue. 

As per reports submitted to Cyber Security News, researchers analyzed the patch files released by VMware as part of the patch. There were multiple patch files, and one of them was a bash script.

The bash script consisted of a function called “refresh_ssh_keys” which is used for overwriting the current SSH keys used by support and Ubuntu users in the VMware instance. The SSH keys were identical for both users, who were a part of the sudoers group with no limitations.

VMware Aria Operations for Network’s implementation contains two machines, Platform and Collector, which can be exploited due to this vulnerability.

In addition to this, VMware Aria Operations did not implement this refresh_ssh_keys function from version 6.0 to 6.10, giving threat actors a wide vector of attack space. All these versions have unique SSH keys collected by the researchers, and an exploit PoC has been released.

Exploit.py released (Source: Summoning Team)

As per the security advisory released by VMware, Users of VMware Aria Operations for Networks are recommended to upgrade to the latest version, 6.11, which has been confirmed to be unaffected by this vulnerability.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Take a closer look at the eye-catching HONOR V Purse

0
[ad_1]

HONOR showed off two devices at IFA 2023, the HONOR Magic V2 and the HONOR V Purse. The first one is the company’s latest book-style flagship, which was initially launched in China. The second, however, is a concept smartphone, that is rather interesting. We managed to get some hands-on time with the HONOR V Purse in Berlin. In this article, we’ll talk a bit about it.

We managed to get some hands-on time with the HONOR V Purse, kind of

Before we get down to it, do note that the software on the phone was not ready, so we did not get a chance to use it. The only thing that worked is one of the AOD styles that the company is using.

Now, the HONOR V Purse is a concept smartphone. This is a foldable phone that essentially turns into a purse. Initially, I thought that the purse strap attaches to the hinge directly, but it doesn’t, there’s a case that has to be attached to the hinge, basically. That’s something you’ll see in the images below.

HONOR presented quite a few styles of straps that can be used here. They range from the ones that contain pearls and feathers, to the ones with chains, and so on. The styles can be changed on the fly, with ease. This was a fashion-forward launch event, by the way, otherwise a product like this would be quite shocking.

This is an outwards-folding smartphone that resembles the Huawei Mate Xs 2

Now that we got that out of the way, the HONOR V Purse is an outwards-folding smartphone, much like the Huawei Mate Xs 2. It actually does resemble that phone to a degree. There is a button on the back that unlocks the phone, at which point you can unfold it.

When folded, part of its foldable display is exposed on the back, when unfolded, the entire display is on the front, of course. This is a completely different approach to book-style foldables.

It is worth noting that the HONOR V Purse is actually the thinnest foldable smartphone out there. It is even thinner than the Magic V2, which is not surprising, as it has only one display, unlike the Magic V2. The difference is not that big, though. Also, this phone is just a concept for now, so the Magic V2 is technically the thinnest foldable still.

It has two cameras on the back, and it sits nicely in the hand

The HONOR V Purse has two cameras on the back, and it sits nicely in the hand. As I said, we were not allowed to use it, and that includes unfolding it. I’d assume that the feeling is similar to what we got with the Huawei Mate Xs 2, which is not a bad thing at all. You can check out that review here.

You’ll find quite a few images of this phone in the gallery below. Now, if you’re wondering if it’s coming to market, that’s something we cannot answer, not yet. HONOR did refer to it as a concept smartphone, but considering how many different styles of straps they showed off, and the fact they mentioned they’d invite third-party designers to design AOD displays for this phone… chances are it’s coming.

Its specs & price tag are a mystery at the moment… presuming HONOR will release it at some point

We don’t know absolutely anything about its specifications, nor its price tag, though. That is something HONOR will share with us at a later date, presuming that this phone will hit the market at some point. For now, it’s just a showpiece that managed to grab attention at IFA 2023 in Berlin, and we gave it one of our IFA 2023 awards.

Event & booth pictures:

Hands-on pictures:


[ad_2]
Source link

Analyst confirms iPhone 15 Pro Max will be late to the party

0
[ad_1]

A well-known analyst and source of Apple info, Ming-Chi Kuo, has confirmed that the iPhone 15 Pro Max will be late to the party. In other words, it won’t become available at the same time as its siblings.

The iPhone 15 Pro Max will be late to the party, it seems

We’ve heard this info quite a few times thus far, and it seems to be coming to fruition. Apple already confirmed that the iPhone 15 series will be announced on September 12. The iPhone 15 Pro Max (or possibly Ultra) will be announced too.

The company’s most powerful model will, however, arrive last. It is said that issues with stacked CIS, panels, and batteries might have been fixed, but that doesn’t mean you’ll be able to get the Pro Max at the same time as its siblings.

The stacked CIS issue has been resolved by increasing production capacity, though around 15% of iPhone 15 and 15 Plus shipments may be affected. The issues with batteries and frames were fixed in the same way.

The ‘Pro’ models will be lighter than their predecessors

Kuo also said that the cancellation of the virtual button design led to some challenging production windows for the titanium frame on the two ‘Pro’ models. He also noted that both variants will be lighter than their predecessors. Their weight already surfaced, quite recently actually.

The display issue was allegedly fixed by “changing the supplier shipment ratio”. If you’re wondering how long will you have to wait to get the iPhone 15 Pro Max, well, we’re still not sure. We presume it won’t be a long delay, though.

On top of everything that was said, Kuo also mentioned the colors that we can expect, yet again. The iPhone 15 and 15 Plus will launch in black, blue, green, pink, and yellow color variants. The ‘Pro’ versions will arrive in black, blue, gray, and white colors.


[ad_2]
Source link

Active Exploitation Of Adobe ColdFusion Vulnerabilities Detected

0
[ad_1]

Months after patching the vulnerabilities, researchers still detected active exploitation of Adobe ColdFusion for malware attacks. Researchers warn users to patch their systems as soon as possible.

Adobe ColdFusion Vulnerabilities Under Attack

Researchers from Fortinet’s FortiGuard Labs have detected active exploitation of Adobe ColdFusion vulnerabilities that the tech giant has already patched.

As explained in their post, the researchers found multiple threat actors exploiting ColdFusion flaws to deploy malware. Briefly, they detected numerous probing activities using the tool “interacts, which otherwise facilitates the researchers in checking successful exploits. These activities linked back to various suspicious domains, hinting at malicious use of the tool, likely to identify vulnerable systems.

In the next step, the threat actors triggered shell sessions on vulnerable devices to access the computers. Once obtained, the attackers then deployed different malware on the target systems. These include

  • XMRig Miner – a cryptominer actively involved in various malicious campaigns where attackers try to exploit the victim machines’ resources for Monero mining.
  • Satan DDoS/Lucifer – a cryptojacking malware that can also trigger DDoS attacks. While it initially emerged as a Windows malware, Fortinet researchers noticed another malware variant involved in the attacks that targeted Linux too.
  • RudeMiner – another malware targeting cryptowallets that also conducts DDoS attacks.
  • BillGates/Setag backdoor – a potent backdoor allowing threat actors to hijack target devices.

The ColdFusion vulnerabilities exploited in these campaigns first made into the news in July this year as zero-day flaws when Adobe released urgent patches for the flaws following their active exploitation.

However, even after months since the patches were available, users seem ignorant about updating their systems with the latest versions.

Consequently, despite patching the vulnerabilities as actively exploited zero-days, the threat actors still appear successful in continuously exploiting the flaws for malware attacks. It now seems inevitable for all Adobe ColdFusion users to update their systems immediately to avoid falling prey to malware.

Let us know your thoughts in the comments.


[ad_2]
Source link

Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores

0
[ad_1]

Key Findings

  • Fake Signal and Telegram apps have been distributed through the Google Play Store and Samsung Galaxy Store.
  • The apps are designed to steal user data, including contact lists, call logs, and device information.
  • The apps were created by a Chinese APT known as GREF, while malicious code found in these apps is attributed to the BadBazaar malware.
  • The apps were initially targeted at users in China, but have since expanded to other countries.
  • If you have installed Signal Plus Messenger or FlyGram, you should remove them from your phone.
  • Before uninstalling the apps, make sure to unlink your Signal and Telegram accounts to prevent further data exposure.

Cybersecurity researchers have warned of fake Signal and Telegram apps that have been distributed through the Google Play Store and Samsung Galaxy Store. The apps, which are called Signal Plus Messenger and FlyGram, are designed to steal user data, including contact lists, call logs, and device information.

Signal Plus Messenger, a bogus version of the popular Signal app, managed to slip under the radar for nine months in the Google Play Store. It garnered over 100 downloads before Google finally removed it from the app storefront.

FlyGram, developed by the same threat actor, followed a similar trajectory but was removed in 2021. The Slovak cybersecurity firm ESET has identified these apps as malicious versions of Signal and Telegram, designed to deliver malware to unsuspecting users.

Chinese APT Group Slid Signal and Telegram Apps onto Official App Stores
Fake Singnal and Telegram apps on Google Play Store and Samsung Galaxy Store (Image: ESET)

These fake apps were more than just imitations; they were sophisticated tools for cyber espionage. In a blog post, ESET researchers mentioned that the counterfeit Telegram app could harvest basic device information, sensitive data, Google accounts, and call logs. Additionally, it had a feature enabling it to back up data to a remote server controlled by the attacker.

The malicious Signal Plus app, on the other hand, could monitor both incoming and outgoing messages, transmitting them to a remote server for unauthorized access. To appear legitimate, dedicated websites were created for both apps, complete with links for direct installation from the Google Play Store.

The apps were created by a China-based hacking group known as GREF. GREF, also know as APT15, Ke3chang, Mirage, Vixen Panda and Playful Dragon, was also pointed out in July 2020 over the China’s insidious surveillance against Uyghurs with Android malware

Back in March 2018, these same threat actors were also found targeting a UK Government Contractor to steal military technology secrets. GREF is know the BadBazaar malware and in this campaign, the malicious code found in these apps is also attributed to the BadBazaar malware.

This should not be surprising, as another Chinese APT group, Smishing Triad, was recently reported to be carrying out a large-scale smishing campaign against users in the United States. This attack involved impersonating leading mail and delivery services.

Initially, users in China were the primary targets of these fake apps. However, the threat has since expanded to include users in Ukraine, Poland, the Netherlands, Spain, Portugal, Germany, Hong Kong, and the United States. 

If you’ve unwittingly installed Signal Plus Messenger or FlyGram, removing them from your phone is crucial. However, exercise caution when doing so. Before uninstalling these apps, make sure to unlink your Signal and Telegram accounts to prevent further data exposure. Google has labeled these apps as malicious and capable of stealing personal information.

Some quick tips for staying safe from fake apps

  • Only download apps from official app stores, such as the Google Play Store and the Apple App Store.
  • Be wary of apps that ask for more permissions than they need.
  • Read the reviews of an app before you download it.
  • Keep your apps updated.
  • Regularly scan your device for malware using a security app.
  1. Phishers Now Actively Automating Scams with Telegram
  2. Telegram and Discord Bots Delivering Infostealing Malware
  3. New MMRat Android Trojan Uses Fake App Stores for Bank Fraud
  4. Researcher Identifies Popular Swing VPN Android App as DDoS Botnet

[ad_2]
Source link

iPhone & Pixel enjoy a spa day in Google’s new ad

0
[ad_1]

Google’s #BestFriendsForever ads have been very popular. Ads in which iPhone and Pixel are best friends have been keeping people entertained for a while now, and a new ad just dropped. In this ad, the iPhone and Pixel are enjoying a spa day together, actually.

iPhone & Pixel enjoy a spa day in Google latest #BestFriendsForever ad

First and foremost, the setting itself is quite funny. Both phones have a cucumber over their “eyes”, or should we say “cameras”. People usually do have them over their eyes, so… there you go.

During the video, an iPhone complains to a Pixel that “these launches just keep getting harder”. Then it goes down memory lane, to the very first event, which occurred 16 years ago. Then he admits that he’s a little sad.

That’s the point where an iPhone said: “Now it seems like every time I turn around, phones like you are doing stuff I can’t. Like unblurring old photos, answering unknown calls with AI, and live translating messages. It’s exhausting but I still have a few tricks up my sleeve”.

Following that, Pixel is curious, and he asks the iPhone what tricks? At that point, an iPhone indirectly says it’ll get Type-C charging, trying to keep it a mystery, but the Pixel managed to guess it, which shocks the iPhone.

Google took this opportunity to promote its Pixel 8 launch event

After all that, a tagline appears, and says: “Rest up for October 4”, which is the Pixel 8 launch event, of course. As a reminder, the iPhone 15 event takes place on September 12. Google is also expected to announce the Pixel Watch 2 and the new Pixel Buds Pro colors during that event, in addition to the Pixel 8 series.

This ad is yet another fun way to highlight some features of the Pixel phones, features that iPhones do not have. At the same time, Google kind of poked Apple for taking so long to introduce Type-C charging.

The ad has a duration of around a minute. In case you’re interested, it’s embedded below.


[ad_2]
Source link

Microsoft issues important Windows 11 update reminder

0
[ad_1]

Microsoft has issued a crucial reminder to all users currently running the original version of Windows 11, known as 21H2. The clock is ticking, and the original Windows 11 is about to lose its lifeline of support. In this comprehensive new update, there is a breakdown of the key details and why it’s essential to stay informed.

Neowin reported recently that Microsoft took action to ensure that users on Windows 11 21H2 including Home, Pro, and Pro variants, are well aware of the impending changes. The critical information revolves around the end of support, which Microsoft has set for October 10, 2023. After this date, Windows 11 21H2 will enter a phase where it will no longer receive updates, except for one final cumulative security update that Microsoft has scheduled for release on that exact day. This update will mark the end of an era for this particular Windows 11 version.

To provide further clarity, Microsoft explains, “The September 2023 non-security preview update will be the last optional release, and the October 2023 security update will be the last security release for Windows 11, version 21H2. Windows 11, version 22H2 will continue to receive security and optional releases.”

What this means is that Microsoft will soon prompt users currently on 21H2 to upgrade to version 22H2. Windows 11 itself will take the initiative to initiate this update either when the end date approaches or even a couple of months prior to it. So, if you are still using Windows 11 21H2, prepare for this forced upgrade in the near future.

Importance of this to Windows 11 Users

The importance of this transition cannot be overstated. Keeping your operating system up to date with the latest security fixes is paramount. Failing to do so could leave your PC vulnerable to cyberattacks, as hackers and opportunists actively target systems with known vulnerabilities.

As for the possibility of Windows 11 23H2 arriving soon and potentially diverting users from upgrading to 22H2, it seems rather unlikely. While the exact release date remains unconfirmed, most sources suggest a launch in the fourth quarter, possibly around October or later. The situation will become clearer as time progresses.


[ad_2]
Source link