Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Mobile apps are watc ...

 Privacy

Some mobile apps track your location — and secretly report it to services that sell the data. You almost certainly use at least one such app without even knowing it. How do you find out which apps may be problematic — and what can you do about it? Which mobile apps are tracking you? When he saw a visualization of   show more ...

spring breakers from just one beach in Florida dispersing all over the US during the COVID-19 pandemic, Kaspersky GReAT’s director, Costin Raiu thought not about the coronavirus, but about apps that track their users’ locations. The report used research including location data from X-Mode. But where did X-Mode get the data? Well, X-Mode distributes an SDK — a component developers can embed in their apps — and, depending on the number of regular app users, pays developers monthly to include it. In return, the SDK harvests location data, as well as some data from the smartphone sensors, such as the gyroscope, and sends it to X-Mode servers. Later, X-Mode sells the allegedly anonymized data to whoever wants to buy it. X-Mode claims the SDK doesn’t have a huge impact on battery life, using only about 1%–3% of the charge, so users basically won’t even notice the SDK and won’t be annoyed by it. X-Mode also says that harvesting data this way is “most definitely legal” and that the SDK is fully GDPR compliant. How many of those tracking apps are there? Raiu asked himself: Was he being tracked that way? The easiest way to find out was to identify the addresses of the command-and-control servers the tracking SDKs used — and to monitor outbound network traffic from his device. If an app on his smartphone was communicating with at least one such server, that would mean that he was in fact being tracked. To complete the task, Raiu needed to learn the server addresses. His search became the basis for his talk at this year’s SAS@home conference. After some reverse engineering, some guesswork, some decryption, and some poking around, he found them — and wrote a piece of code that helped him detect if an app was trying to access them. Basically, he found, if an app has a certain line of code, then it uses the tracking SDK. Raiu found more than 240 distinct apps with the SDK embedded. In total, those apps have been installed more than 500 million times. If we go with a rather rough assumption that the average user installed such an app only once, that would mean about 1 in 16 people worldwide has such a tracking app installed on their device. That’s … a lot. Your chance of being one of them is, well, 1/16. What’s more, X-Mode is just one of dozens of companies in this industry. In addition to that, any app can contain more than just one SDK. For example, while Raiu was looking at an app that included the X-Mode SDK in question, he discovered five other components from other companies that were also collecting location data. Obviously, the developer was trying to squeeze as much money as possible out of the app — and it wasn’t even a free app. Paying for an application doesn’t mean, unfortunately, that its creators are not trying to get more money out of the deal. What can you do to avoid the tracking? The problem with these tracking SDKs is that when you download an app, you just don’t know whether it contains such location tracking components. The app may have a legitimate reason to ask for your location — many apps rely on location to function properly. But such an app might also sell your location data — it’s hard to tell. To help tech-savvy users minimize their odds of being tracked, Raiu has created a list of the C&C servers those tracking SDKs use. You’ll find it on his personal GitHub page. A RaspberryPi computer with Pi-hole and WireGuard software installed can help sniff the traffic in your home network and expose the apps that try to contact such servers. The above probably goes a bit beyond most peoples’ tech skills, but you can at least lower your chances of being tracked by such apps and services by limiting apps’ permissions. Check which apps have permission to use your location. You can find information about how to do that on Android 8 here; later versions do not differ significantly. And here’s how to stop location tracking on iOS. If you don’t think that an app really needs such a permission, don’t hesitate to revoke it. Give apps permission to use your location only while you’re using them. Most apps don’t need to know your location when they are running in the background, making this setting ideal for many of them. Delete apps you don’t use anymore. If you haven’t opened an app in, say, a month or more, it’s probably safe to assume you don’t need it at all; and if you need it in the future, you can always reinstall it. Keep in mind that location-tracking components are certainly not the worst things that can be found in an app, even legitimate apps distributed through official stores. Some apps may be outright malicious, and some may become bad after getting sold or just being updated. That is why we recommend using a robust security solution such as Kaspersky Internet Security for Android, which protects you against all kinds of mobile threats.

 Malware and Vulnerabilities

According to Google researchers, the three iOS zero-days are related to the recent spat of three Chrome zero-days and a Windows zero-day that Google had previously disclosed over the past two weeks.

 Companies to Watch

Cado Security, a cloud-native forensics and response company, has announced a $1.5 million seed round of funding. The round was led by Ten Eleven Ventures, a cybersecurity venture capital firm.

 Govt., Critical Infrastructure

The IRS says it has finally tracked down the hacker who stole the Silk Road's nearly 70,000 bitcoins—now worth more than $1 billion—and allowed law enforcement to take control of those funds.

 Trends, Reports, Analysis

According to an annual report by the U.K's NCSC, the cybersecurity agency witnessed 723 reported incidents, including a quarter of them, 194, which were related to the COVID-19 pandemic.

 Malware and Vulnerabilities

Researchers from Zscaler came across another variant of the app portraying itself as TikTok Pro, but the new one is a full-fledged spyware with premium features to spy on victims with ease.

 Malware and Vulnerabilities

Over the past week, an exceptional number of Israeli companies reported ransomware attacks. Several of these attacks involved a previously unknown ransomware variant named Pay2Key.

 Trends, Reports, Analysis

While 2020 has seen a rise in ransomware threats, the Ryuk ransomware accounted for 67.3 million attacks, making up 33.7% of all ransomware attacks this year, according to a report by SonicWall.

 Feed

Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses.   show more ...

An attacker could use this to bypass email address validation. Various other issues were also addressed.

 Feed

Asterisk Project Security Advisory - If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately   show more ...

leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.

 Feed

Ubuntu Security Notice 4620-1 - It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code.

 Feed

Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible   show more ...

for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

 Feed

Ubuntu Security Notice 4599-3 - USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could   show more ...

potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4619-1 - Mário Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2020-4961-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This   show more ...

release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

 Feed

Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more.

 Feed

Red Hat Security Advisory 2020-4960-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that   show more ...

logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

 Feed

Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. The

 Guest blog

Security researchers have uncovered an organised gang of cybercriminals who are compromising the VOIP phone systems of over 1000 organisations worldwide. Check Point has identified a malicious campaign that has targeted a critical vulnerability in the Sangoma PBX open-source GUI, used to manage installations of   show more ...

Asterisk - the world's most popular VOIP phone system for businesses. Read more in my article on the Bitdefender Business Insights blog.

 Industry Intel

Reading Time: ~ 2 min. Maze Ransomware Group Ends Operations A press release issued this week announced the end of the Maze ransomware group’s data theft operations. In the release, the Maze authors revealed their motives behind one of the most successful ransomware campaigns to date, and why they chose to finally   show more ...

shut down their massive project. It also stated the Maze team was working to expose the major security holes key industries fail to address, though their methods created many victims.   Magecart Targets International Gold Retailer Nearly three months after a data breach caused by a Magecart attack struck the international precious metals retailer, JM Bullion has finally released an official statement to customers. After identifying unauthorized activity on their systems in the mid-July, the company went on to find that their systems had been compromised since February by Magecart payment card-skimming software. The company has yet to acknowledge why took so long to discover the breach or why it failed to follow GDPR regulations by immediately contacting affected customers. Ryuk Remains Top Player Throughout 2020 With ransomware continuing its stay at the top of the cyberthreat throne, Ryuk variants have been responsible for over a third of all ransomware attacks in 2020 alone or roughly 67 million attacks. Ryuk has been around for over two years, but found much greater success this year after being found responsible for only 5,100 attacks in 2019. Ransomware attacks grew 40 percent over last year, to nearly 200 million as of Q3. Cannabis Site Leaves Database Exposed An unsecured database belonging to cannabis website GrowDiaries and housing over 3.4 million user records was found to be accessible last month. The data included 1.4 million user passwords that were encrypted using MD5 hashing, which is known to be easily unlocked by cybercriminals. Nearly a week after being informed of the database GrowDiaries properly secured it from public access, though it remains unclear how long it was accessible or who accessed it during that time. Mattel Reveals Ransomware Attack Following a July ransomware attack, Mattel has finally issued an official statement regarding the overall damage. The company has confirmed that no data was stolen during the attack, which was quickly identified by their security, and many systems were taken offline to prevent any damage or theft occured. The ransomware attack was likely perpetrated by TrickBot, as it’s known for concentrating on large organizations and leaving them exposed for some encrypting variant to follow. The post Cyber News Rundown: Maze Ransomware Shuts Down appeared first on Webroot Blog.

2020-11
Aggregator history
Friday, November 06
SUN
MON
TUE
WED
THU
FRI
SAT
NovemberDecemberJanuary