Hackers Exploit Openfire Vulnerability To Deploy Kinsing Malware

0
[ad_1]

The Kinsing malware has resurfaced with a new attack method that exploits the Openfire vulnerability tracked as CVE-2023-32315. A path traversal attack caused by this vulnerability allows an unauthorized user access to the Openfire setup environment.

Researchers from Aqua Nautilus report that the threat actor may upload malicious plugins and create a new admin user as a result of this. The attacker eventually has complete control of the server.

Openfire is a real-time collaboration (RTC) server that serves as a chat platform for transmitting instant messages over the XMPP (Extensible Messaging and Presence Protocol).

It was discovered in May of this year, intended to act as an internal IM server for businesses, supporting more than 50,000 concurrent users and giving them access to a secure channel for departmental interaction.

Kinsing Campaign Attack Flow

This Kinsing campaign makes use of the flaw, injects runtime Kinsing malware and a crypto miner, works to avoid detection, and seeks to establish persistence.

The threat actor checks the internet for Openfire servers, and once a server is identified, it is immediately checked to see if it is CVE-2023-32315 susceptible.

“In this campaign, the threat actor uses the vulnerability to create a new admin user and upload a plugin (cmd.jsp), which was designed to deploy the main payload – Kinsing malware”, researchers said.

Request made by the attacker to create a new user on our Openfire server

The threat actor can then successfully finish the authentication procedure for the Openfire Administration Panel and acquire full access as an authenticated user once the new user has been successfully formed. 

Furthermore, the threat actor is given increased access within the system because the person has been added as an admin.

The threat actor then uploads a malicious plugin, enabling web shell commands on the server.

“The threat actor uploads a zip file which is a Metasploit exploit aimed to extend the cmd.jsp to enable HTTP requests at the threat actor’s disposal. This allows downloading the Kinsing malware which is hard coded in the plugin”, researchers explain.

File flagged in VirusTotal (VT) as malicious (backdoor/Kinsing)

In less than two months, researchers have seen over a thousand attacks that take advantage of the Openfire vulnerability.

Recommendation

It is advisable to increase your understanding and give the protection of resources a higher priority.

  • Keep your environment up-to-date
  • Configure environments diligently
  • Perform extensive environmental scans for unknown threats.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

HONOR Magic V2 showcased on a global stage for the first time

0
[ad_1]

The HONOR Magic V2 was announced in China back in July. At that time, we had no idea whether the phone would become available in more markets, even though we expected it to happen. Well, today, HONOR showcased the Magic V2 on a global stage for the first time ever, hinting at what’s to come.

The HONOR Magic V2 gets showcased on the global stage

The phone got presented at IFA 2023 in Berlin. The company did not say anything about its availability outside of China, though, not yet. It seems like it is coming to more markets, though, we just don’t know when… yet.

HONOR’s latest foldable is the thinnest book-style foldable smartphone on the market, at least as far as inwards-folding foldables are concerned. It is only 9.9mm thick when folded, which makes it almost as thin as some regular smartphones. The Xiaomi MIX Fold 3 and Mate X3 come close to this, but not quite. The Magic V2 holds the crown at the moment.

It’s extremely thin, and actually not that heavy for what it is

On top of that, the phone is quite light for its size. It weighs 231 grams, which is not light per se, but considering the fact it’s a rather large foldables… it’s light. It’s all in the perspective of things. The Pixel Fold, for example, weighs over 280 grams.

How did HONOR manage to do this? Well, it had to rebuild its hinge from the ground up (it’s made out of titanium), and in addition to that, the company used a Silicon-Carbon-Dual-Battery setup here. They have an average thickness of 2.72mm, which is crazy thin in terms of such high battery capacities. Those two batteries form a combined battery capacity of 5,000mAh.

It has been tested to withstand more than 400,000 folds

HONOR also wanted to emphasize that the phone has been tested to withstand more than 400,000 folds, which means you can fold it 100 times a day for 10 years. That’s plenty, needless to say.

The device looks quite sleek, and it comes in vegan leather (9.9mm when folded) and glass (10.1mm when folded) variants. When unfolded, the phone is 4.8mm thick, which is also unbelievably thin.

The Snapdragon 8 Gen 2 is here to fuel the phone, while 16GB of LPDDR5X RAM is included, and up to 1TB of UFS 4.0 flash storage. A 50-megapixel main camera is backed by a 50-megapixel ultrawide camera, and 20-megapixel telephoto cameras. For the two front-facing cameras (one on each display), HONOR used 16-megapixel cameras.

The HONOR Magic V2 has two 120Hz displays

Two 120Hz OLED displays are included here too, and both support a 120Hz refresh rate. The main, foldable one measures 7.92 inches, while the cover panel measures 6.43 inches.

We’ll let you know as soon as we get more information regarding the device’s availability outside of China.


[ad_2]
Source link

New MMRAT Android Malware Runs Sneaky Campaigns

0
[ad_1]

Another threat for Android users has emerged online, emphasizing the need to use apps from legit sources only. Researchers have spotted a new Android malware, “MMRAT,” that targets devices via fake app stores.

MMRAT Android Malware Spreads Via Fake App Stores

Elaborating on the matter in a detailed post, researchers from Trend Micro urged Android users to remain vigilant.

As explained, Trend Micro researchers discovered a new Android malware, “MMRAT,” actively running malicious campaigns this year.

In brief, the threat actors target Android users via phishing websites impersonating fake app stores that deliver the malware “AndroidOS_MMRat.HRX” to the target devices.

Upon reaching the device, the malware requests necessary permissions from the victim to access various device components. Besides, it connects with its C&C server to transmit the data collected from the device.

MMRAT serves as a potent remote access trojan, giving the attackers unrestricted access to the victim’s devices. The malware can then perform various spying activities, including keylogging, screen recording, gathering data such as contacts, installed apps, network details, and even performing bank fraud. It exploits the device’s Android Accessibility service and MediaProjection API to execute these tasks.

Once the intended actions are completed, the malware sneakily uninstalls itself, leaving behind no traces. That’s how the malware has managed to stay under the radar despite running active campaigns.

The malware has been active since June 2023 and mainly targets Android users from Southeast Asia. Analyzing the campaign patterns also indicates that the threat actors behind this campaign specifically aim at a particular user group.

Given the stealthy execution of this malware, the researchers advise all Android users to remain careful for their devices’ security. At first, users must avoid downloading apps or interacting with app stores other than the official sources. Then, users must remain cautious when granting permissions to an app, especially if the app asks for seemingly unnecessary access. In addition, users must equip their devices with robust antimalware programs to repel known malware attacks.

Let us know your thoughts in the comments.


[ad_2]
Source link

HONOR turned a phone into a purse, meet the HONOR V Purse

0
[ad_1]

In addition to showcasing the HONOR Magic V2 globally for the first time, HONOR also showed off its new concept smartphone at IFA. The device in question is called the HONOR V Purse, and… well, it’s interesting, that’s for sure.

The HONOR V Purse is a fashion-forward concept device

HONOR says that this phone “reimagines a foldable smartphone as a wearable, fashion-forward purse, offering endless possibilities for style and self-expression”.

Are you confused? Well, that’s understandable, so let me explain. The HONOR V Purse is essentially an outwards-folding smartphone, to which you can attach a strap, basically. That way, you can turn it into a purse. That strap attaches to the phone’s hinge.

HONOR V Purse lifestyle image 2

HONOR also showed off various different straps for the device, including chains, features, and tassels, so that you can adapt the phone to any occasion. That’s not all, though. Its display also plays a part in the whole thing.

Its display also plays here, from the fashion standpoint

Several well-known designers partnered up to bring a series of designs for this phone’s AOD feature. In other words, HONOR utilizes the Always-On Display feature to change the style of the HONOR V Purse when you wear it.

HONOR will soon start inviting talent from all over the world to offer their designs. To utilize sensors like gyroscope and ambient light sensor to create something unique.

HONOR does plan to invite designers to pitch in with AOD designs

HONOR did not share any spec info when it comes to this device. That’s not surprising, as this is just a concept phone at this point. Based on the fact HONOR plans to invite designers to pitch in, however, it seems like it plans to shape this into an actual product.

When folded, on one side, there’s only a display, while most of the other side is also covered by the display. Aside from the display, you’ll also see the phone’s cameras, and a place to grab the phone.

The HONOR V Purse is definitely not aimed at just about anyone, though it’s an interesting concept. The fashion-centric announcement also fits well here.


[ad_2]
Source link

Kiss the iTunes Movie Trailers app goodbye… and say hello to the Apple TV app

0
[ad_1]

Win some, lose some. Today, one iOS application goes down for good – the iTunes Movie Trailers app. It has just received a terminal update and now instead of showing movie trailers (like it used to do since its inception in 2011), it prints a message that reads “Apple TV app is the new home of iTunes Movies Trailers” (via 9to5Mac).The relevant iTunes Movie Trailers (trailers.apple.com) website is gone, too – it is now redirecting users to the URL of the Apple TV website, landing at the trailers section.

That change is not unexpected. At the beginning of August, Apple introduced this same message (“Apple TV app is the new home of iTunes Movie Trailers”) on both the mobile application and on the website, preparing users for this present situation.

Upon opening the now-non-functional iTunes Movie Trailers app, users are not only informed where to go for their favorite flick teasers and trailers but there’s also a blue button at the bottom that says “Open” and serves as a getaway to the Apple TV app.

Tapping on it takes you directly to the “Movie and TV Trailers” section of the Apple TV app. But if you’re opening the same app from ground zero and wish to get to the trailers module, you can do that by going to the “Store” tab of the app, and then scrolling down to the “Watch the Latest Trailers” header.

Some users are not amused by the change: “I’m gonna miss it. I actually used it to add showtimes to my calendar since it would account for the exact time of the movie”, while some are nostalgic: “I remember going to the Apple movie trailer website to kill some time while my iPhone 3G was syncing with iTunes for the first time on launch day. Memories.” Others are completely on board with Apple’s decision and cheer the update, stating that the standalone app was archaic.


[ad_2]
Source link

Smishing Campaign Attack the US Citizens to Steal Payment Data

0
[ad_1]

Smishing is a type of cyberattack in which attackers use SMS (text messages) to trick individuals into revealing the following type of Personal and financial data or information:-

  • Passwords
  • Credit card numbers
  • Debit card numbers
  • Banking Credentials
  • Make download malicious software

In attacks like this, threat actors mimic government, bank, or postal agencies like USPS to seem legitimate, tricking victims into sharing payment info for fake fees.

Recently, cybersecurity researchers at RSecurity uncovered a new extensive smishing campaign dubbed “Smishing Triad,” in which threat actors are actively targeting the citizens of the United States.

Besides the US, researchers also unveiled that in earlier incidents, threat actors targeted victims from several other countries:-

  • The U.K.
  • Poland
  • Sweden
  • Italy
  • Indonesia
  • Japan

Entities Mimicked

Here below, we have mentioned all the entities that the operators of this campaign mimicked:-

  • The Royal Mail (UK)
  • New Zealand Postal Service (NZPOST)
  • Correos (Spain)
  • Postnord (Sweden)
  • Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate)
  • J&T Express (Indonesia)
  • Poczta Polska (Poland)

USPS warns of summer package tracking text scams via SMS/iMessage, noting a surge in August with many attacker-registered a huge number of domains.

In this latest campaign, ‘Smishing Triad’  threat actors employed compromised Apple iCloud accounts to send malicious messages solely through iMessage.

This shift set it apart from the following previous scams, which relied on traditional SMS or calls:-

Furthermore, these perpetrators are supplying other cybercriminals with tailor-made ‘smishing kits,’ available for purchase through a group in Telegram.

On August 27, through iMessage, a victim received a fraudulent message from a compromised and threat actor-controlled Apple iCloud account (mjlozak@icloud[.]com).

Fraudulent message (Source – Resecurity)

Domains Identified

Resecurity found “Smishing Triad” using “.top” domains via NameSilo, which Cloudflare protects, and analyzing texts and DNS history the earlier domains were found to be registered in the following zones:-

Here below we have mentioned all the domains that were identified by the security experts:-

  • ususmx[.]top
  • ususnb[.]top
  • ususgs[.]top
  • ususcgh[.]top
  • uspoddp[.]top
  • uspsjh[.]top
  • ususnu[.]top
  • usushk[.]top
  • ususcsa[.]top
  • uspoky[.]top
  • usplve[.]top
  • ususcac[.]top
  • uspshhg[.]top
  • uspodad[.]top
  • uspogumb[.]top
  • uspsuiu[.]top
  • uspshhg[.]top
  • uspsuiu[.]top
  • uspskkq[.]top
  • ususuua[.]top
  • uspodaa[.]top
  • uspoadc[.]top
  • uspshhg[.]top
  • usplve[.]top
  • usushk[.]top
  • uspshhg[.]top
  • ususcgh[.]top
  • ususnu[.]top
  • ususnb[.]top
  • uspoddp[.]top
  • ususuua[.]top

Threat actors mimic the delivery failures with familiar routes that are sourced from hacked online shops. 

They often pinpoint the billing and location details of the victims, and besides this, some craftily accurate routes distract the victims from verifying the source.

Fake delivery failure (Source – Resecurity)

Smishing Triad targets ID theft and financial fraud, supplying custom kits to cybercriminals for $200/month. After crypto payment, they give activation codes and scripts for the following frameworks:-

  • ThinkPHP
  • Laravel
  • VueJS
  • React
  • Uniapp

Online shopping sites were also attacked by the operators of the ‘Smishing Triad,’ from which they steal customer data by injecting malicious code.

Indicators Of Compromise (IOCs)

  • wangduoyu[.]me
  • wangduoyu[.]shop
  • wangduoyu[.]site
  • poczta-polska[.]cc
  • ususmx[.]top
  • ususmx[.]top
  • ususnb[.]top
  • ususgs[.]top
  • ususcgh[.]top
  • uspoddp[.]top
  • uspsjh[.]top
  • ususnu[.]top
  • usushk[.]top
  • ususcsa[.]top
  • uspoky[.]top
  • usplve[.]top
  • ususcac[.]top
  • uspshhg[.]top
  • uspodad[.]top
  • uspogumb[.]top
  • uspsuiu[.]top
  • uspshhg[.]top
  • uspsuiu[.]top
  • uspskkq[.]top
  • ususuua[.]top
  • uspodaa[.]top
  • uspoadc[.]top
  • uspshhg[.]top
  • usplve[.]top
  • usushk[.]top
  • uspshhg[.]top
  • ususcgh[.]top
  • ususnu[.]top
  • ususnb[.]top
  • uspoddp[.]top
  • ususuua[.]top

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

OnePlus announced OxygenOS 14 and its launch date

0
[ad_1]

Android 14 is around the corner, and companies are gearing up to launch the latest versions of their Android skins. OnePlus is one of those companies, as it announced OxygenOS 14. According to the company, this latest version is going to be the smartest and most intuitive version of the software.

If you’re wondering how long you’ll need to wait for this version of OxygenOS 14, there’s good news. OnePlus confirmed that this version of the software will come out on September 25th. That’s less than a month away. If you’ve purchased the OnePlus 11 or any other recent phone, then you’ll be able to get the update.

OxygenOS 14 brings the Trinity Engine, says OnePlus

OnePlus didn’t give us too much information about what will actually be different in the software. It did, however, let us in on what will be powering this new experience. Called the Trinity Engine, this is the software’s new proprietary performance platform. Again, details on this are scarce, so we’ll need to wait for more information about it.

OnePlus introduced six new technologies called CPU Vitalization, RAM Vitalization, ROM Vitalization, HyperBoost, HyperTouch, and HyperRendering. That’s a lot to take in, so we should expect to hear more about this when the software launches.

There’s so much new stuff with this version of OxygenOS that OnePlus can’t just silently launch it. Hopefully, the company has some sort of event or posts a video explaining what all of this does. We’re not sure if the company will do that, however, there could be one thing pointing to that possibility.

The launch of the OnePlus V was postponed and pushed to early October. Well, if that’s the case, then it’s possible that OnePlus could have an event announcing the OnePlus V where it could also talk about OxygenOS 14. Pre-orders could start on the date of the announcement with the official launch taking place in October. That’s just speculation, however. Only time will tell how the company will announce this.


[ad_2]
Source link

Google Docs Introduces A New AI-driven Proofread Feature

0
[ad_1]

During Cloud Next ’23, Google not only unveiled updates to Chat and Meet but also introduced an exciting addition to the Google Docs Proofread feature, according to 9To5Google.

This feature utilizes AI to provide advanced writing suggestions, surpassing the capabilities of the current Spelling and Grammar Check. The previous existing feature in the Google Docs app is spell check, which only corrects spellings and at times corrects grammatical errors. But, with this new feature, it goes a step further in getting your work properly proofread.

Google Docs Proofread details

Google Docs Proofread as AI-powered writing enhancement, representing a departure from conventional spell and grammar checking. In addition to addressing spelling and grammar, this new feature encompasses a broader spectrum of writing improvements.

It encompasses conciseness, active voice, wording, and sentence split (breaking complex sentences into more digestible segments. In other words, it just means making sentences much easier to understand.)

Accessible through the familiar ‘A’ and ‘check mark’ icons within the toolbar, a distinctive blue dot will alert users when writing suggestions are available. Tapping this icon opens a side panel, presenting users with an organized array of suggestions. Users can conveniently review and accept/reject suggestions based on their types.

This innovation streamlines the process of creating high-quality content within Google Docs. Importantly, users retain full control, as they can easily enable or disable the Proofread feature from the Tools menu.

Proofread promises to enhance the conciseness, clarity, and readability of documents. Importantly, these suggestions seamlessly integrate into the writing process, avoiding disruption. Users can thoughtfully review suggestions via the Proofread sidebar, deciding which aligns with their writing style.

It’s essential to note that Proofread is a premium offering, available as a Duet AI for Workspace Enterprise add-on. The rollout is underway, ensuring that Google Docs users can soon benefit from these writing enhancements, catering to diverse professional domains.


[ad_2]
Source link

YouTube Music redesign shows comments and other changes

0
[ad_1]

YouTube Music is always pushing design tweaks to its UI. According to 9To5Google, YouTube Music is bringing a new redesign to the Now Playing screen that will let users view the comments.

The redesign

This new redesign seems to make YouTube Music look more like the main YouTube app. On the Now Playing screen, you’ll see a horizontally scrolling carousel of chips showing the Like, Dislike, Comments, Save to Playlist, and Share buttons.

Nothing really changes up top aside from the color of the song/video toggle. Also, the album art now has rounded corners. This might be related to the recent change that gave rounded corners to YouTube videos on the website.

In order to make room for the carousel, there’s less empty space. The album art is a little bit closer to the song/video toggle, and the controls have been pushed down closer to the bottom bar.

Also, when you look at the queue, it will show some chips above the music. This will help filter the songs present in the queue. We see a Familiar, Discover, Popular, and Deep Cuts chip.

This new redesign brings the comments to YouTube Music

What’s probably the most notable change is the introduction of the Comments button. When you tap on this button, you’ll see the feed of comments show up just as if you were on the main app.

This comment section shows you all of the comments posted on the original YouTube for the song you’re listening to. So, this isn’t a separate comment feature unique to YouTube Music.

YouTube basically plugged the comments from the main app into YouTube Music. You’re able to like/dislike and reply to other users’ comments. You’re also able to post your own comments.

Right now, this new update is making its way to both Android and iOS users. If you want to see this update, make sure that your app is fully updated. If you don’t see it yet, then you’ll want to wait a day or two.


[ad_2]
Source link

Victim records deleted after spyware vendor compromised

0
[ad_1]

We take a look at another compromise of a mobile spyware app maker, and ask whether this action comes with hidden danger.

Anonymous hackers have breached the servers of spyware app “WebDetetive, accessing the user database.

However, this doesn’t appear to be a typical compromise along the lines of stealing the data, according to Tech Crunch. Instead, it’s part of a slow move toward “spying” apps being attacked and taken down by compromise-literate folks who don’t approve of the apps business practices.

Spyware apps are installed on a potential victim’s phone without permission and lurk invisibly, collecting data and sending it back to the app operator. They’re often marketed at employers or parents, but are also used by abusive partners or ex-partners, and can be a nightmare scenario for those affected.

The hackers responsible for this attack claim to have broken into the server via “several security vulnerabilities” which allowed them to initially gain a foothold. From there they went on to exploit additional flaws in the app developer’s web dashboard, downloading all records including customer email addresses.

To be clear here, “customer” would mean the people who have decided to sign up and make use of the tool, not the victims. Indeed, TechCrunch notes that the 1.5GB cache of data related to this heist contains customer IP addresses and purchase history alongside all devices compromised by a customer, their phone model, and the data type collected.

The victims’ records had another fate in store. Namely, deletion from the network, which means the compromised mobiles can no longer upload data to the WebDetetive network. The cache of WebDetetive customer data does not include any data swiped from phones via WebDetetive.

In terms of numbers, roughly 76k devices were compromised at the time the breach happened, with somewhere in the region of 74k customer emails showing in the cache. While the breach cannot currently be independently verified, TechCrunch says it has already verified the authenticity of the stolen data.

Additionally, further investigation suggests the elusive WebDetetive may allegedly have some ties to a similar spying app allied Ownspy. TechCrunch claims WebDetetive to be a “largely repackaged” copy of OwnSpy’s software. Perhaps more tellingly, WebDetetive’s user agent refers to itself as OwnSpy while uploading dummy data to WebDetetive.

If you’re unfamiliar with the term, a user agent is how a program tries to identify itself online. If I use Chrome as a browser, then when I visit a website, it will see my Chrome user agent. If the website is mobile only, it may redirect me or refuse entry if I’m not running an identifiable mobile browser.

This isn’t the only recent attack on a mobile spying application, nor the only attack generally. A few weeks back we covered a similar incident involving a server breach attack on an app called LetMeSpy. The story largely played out the same as the above. Unknown attackers breached the server, and the company behind the app shut down a little while after.

On the surface it may sound great that someone is taking the spyware authors to task, but there is a big note of caution here. A sudden deletion or breakage of an app could have serious consequences for the person being monitored. The person who put the spyware there in the first place may assume tampering by their target which could place them in additional danger. These situations must be handled carefully, and perhaps mass deletions don’t qualify.

How to prevent spyware and stalkerware-type apps

  • Set a screen lock on your phone and don’t let anyone else access it
  • Keep your phone up-to-date. Make sure you’re always on the latest version of your phone’s software.
  • Use an antivirus on your phone. Malwarebytes for Android shows you exactly what information you’re sharing with each app on Android, so you can keep an eye on your privacy.

Coalition Against Stalkerware

Malwarebytes is a founding member of the Coalition Against Stalkerware. We continue to share intelligence with the Coalition Against Stalkerware to improve industry-wide detections while also guiding the domestic abuse support networks within the coalition through thorny, technical questions of detection, removal, and prevention.


We don’t just report on threats—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today.


[ad_2]
Source link