Some mobile apps track your location — and secretly report it to services that sell the data. You almost certainly use at least one such app without even knowing it. How do you find out which apps may be problematic — and what can you do about it? Which mobile apps are tracking you? When he saw a visualization of show more ...
spring breakers from just one beach in Florida dispersing all over the US during the COVID-19 pandemic, Kaspersky GReAT’s director, Costin Raiu thought not about the coronavirus, but about apps that track their users’ locations. The report used research including location data from X-Mode. But where did X-Mode get the data? Well, X-Mode distributes an SDK — a component developers can embed in their apps — and, depending on the number of regular app users, pays developers monthly to include it. In return, the SDK harvests location data, as well as some data from the smartphone sensors, such as the gyroscope, and sends it to X-Mode servers. Later, X-Mode sells the allegedly anonymized data to whoever wants to buy it. X-Mode claims the SDK doesn’t have a huge impact on battery life, using only about 1%–3% of the charge, so users basically won’t even notice the SDK and won’t be annoyed by it. X-Mode also says that harvesting data this way is “most definitely legal” and that the SDK is fully GDPR compliant. How many of those tracking apps are there? Raiu asked himself: Was he being tracked that way? The easiest way to find out was to identify the addresses of the command-and-control servers the tracking SDKs used — and to monitor outbound network traffic from his device. If an app on his smartphone was communicating with at least one such server, that would mean that he was in fact being tracked. To complete the task, Raiu needed to learn the server addresses. His search became the basis for his talk at this year’s SAS@home conference. After some reverse engineering, some guesswork, some decryption, and some poking around, he found them — and wrote a piece of code that helped him detect if an app was trying to access them. Basically, he found, if an app has a certain line of code, then it uses the tracking SDK. Raiu found more than 240 distinct apps with the SDK embedded. In total, those apps have been installed more than 500 million times. If we go with a rather rough assumption that the average user installed such an app only once, that would mean about 1 in 16 people worldwide has such a tracking app installed on their device. That’s … a lot. Your chance of being one of them is, well, 1/16. What’s more, X-Mode is just one of dozens of companies in this industry. In addition to that, any app can contain more than just one SDK. For example, while Raiu was looking at an app that included the X-Mode SDK in question, he discovered five other components from other companies that were also collecting location data. Obviously, the developer was trying to squeeze as much money as possible out of the app — and it wasn’t even a free app. Paying for an application doesn’t mean, unfortunately, that its creators are not trying to get more money out of the deal. What can you do to avoid the tracking? The problem with these tracking SDKs is that when you download an app, you just don’t know whether it contains such location tracking components. The app may have a legitimate reason to ask for your location — many apps rely on location to function properly. But such an app might also sell your location data — it’s hard to tell. To help tech-savvy users minimize their odds of being tracked, Raiu has created a list of the C&C servers those tracking SDKs use. You’ll find it on his personal GitHub page. A RaspberryPi computer with Pi-hole and WireGuard software installed can help sniff the traffic in your home network and expose the apps that try to contact such servers. The above probably goes a bit beyond most peoples’ tech skills, but you can at least lower your chances of being tracked by such apps and services by limiting apps’ permissions. Check which apps have permission to use your location. You can find information about how to do that on Android 8 here; later versions do not differ significantly. And here’s how to stop location tracking on iOS. If you don’t think that an app really needs such a permission, don’t hesitate to revoke it. Give apps permission to use your location only while you’re using them. Most apps don’t need to know your location when they are running in the background, making this setting ideal for many of them. Delete apps you don’t use anymore. If you haven’t opened an app in, say, a month or more, it’s probably safe to assume you don’t need it at all; and if you need it in the future, you can always reinstall it. Keep in mind that location-tracking components are certainly not the worst things that can be found in an app, even legitimate apps distributed through official stores. Some apps may be outright malicious, and some may become bad after getting sold or just being updated. That is why we recommend using a robust security solution such as Kaspersky Internet Security for Android, which protects you against all kinds of mobile threats.
Cisco informed customers on Wednesday that it’s working on a patch for a code execution vulnerability affecting its AnyConnect product. The company says a proof-of-concept (PoC) exploit is available.
Two men accused of trading on information hacked from a government database will pay $425,000 to settle regulatory claims, a fraction of the illegal profits they were alleged to have earned.
According to Google researchers, the three iOS zero-days are related to the recent spat of three Chrome zero-days and a Windows zero-day that Google had previously disclosed over the past two weeks.
Iran’s Islamic Revolutionary Guard Corps (IRGC) unlawfully used the domains in operations to “covertly influence” opinions in the U.S. and elsewhere, the DoJ said in an announcement Wednesday.
It has been observed that RobbinHood’s favorite infiltration vector is the RDP port. The black-hat hackers usually gain access to the network by brute-force attacking the Remote Desktop Protocol port.
In September, hundreds of hospitals operated by Universal Health Services had their systems disrupted by an apparent Ryuk ransomware infection, with consequent attacks on other healthcare systems.
A specific JavaScript code embedded in a PDF file can lead to an out-of-bounds memory access condition when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034.
A cyberespionage campaign aimed at aerospace and defense sectors in order to install data-stealing implants on victims' machines may have been more sophisticated than previously thought.
Cado Security, a cloud-native forensics and response company, has announced a $1.5 million seed round of funding. The round was led by Ten Eleven Ventures, a cybersecurity venture capital firm.
This partnership will help further the Cyber Accelerator program that supports the growth of startup cyber-companies who aim to bring new better, faster, and cheaper security products to market.
The cyber infrastructure of the Brazilian Superior Court of Justice has suffered a massive ransomware attack, as a result, its services including the official website have been forced to go offline.
Various ransomware groups have posted the stolen data from victims online despite having been paid to not release it or have demanded another payment from victims at a later date.
Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network.
According to a new report released by McAfee, during the second quarter of 2020, there was an average of 419 new threats per minute as overall new malware samples grew by 11.5%.
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.
The IRS says it has finally tracked down the hacker who stole the Silk Road's nearly 70,000 bitcoins—now worth more than $1 billion—and allowed law enforcement to take control of those funds.
The seller offers “convenient access” to the 7,500 compromised networks located in the USA, Canada, and Australia via RDP and claims to be the sole cybercriminal in possession of the network access.
Despite its origin as a banking trojan, Emotet has emerged as a loader to provide access to compromised systems to third-party threat groups to deploy payloads such as trojans and human-operated ransomware.
The ongoing attacks are targeted at Russian firms, leveraging phishing emails for malware deployment. In some cases, documents stolen in previous attacks are leveraged for social engineering.
According to an annual report by the U.K's NCSC, the cybersecurity agency witnessed 723 reported incidents, including a quarter of them, 194, which were related to the COVID-19 pandemic.
Another leading Indian pharmaceutical firm, Lupin, has reported a cybersecurity attack on its IT systems within two weeks of a ransomware attack on Dr. Reddy’s Laboratories.
The advanced malware, which lives on GitHub and also uses Pastebin, comes equipped with reverse shell and crypto-mining capabilities and exploits over 12 known vulnerabilities, therefore the moniker.
While the updated version of the cybersecurity framework will become official in January, banks and financial institutions in Hong Kong will have until December 2023 to complete most of their tasks.
Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices.
According to the CEO, the upload in question was actually of GitHub Enterprise Server, not the GitHub website itself. While the two share a considerable volume of code, the distinction is significant.
Coveware reports that when victims pay for a guarantee that data stolen during an attack - before systems got encrypted - will get deleted, they're often paying for false promises.
Researchers from Zscaler came across another variant of the app portraying itself as TikTok Pro, but the new one is a full-fledged spyware with premium features to spy on victims with ease.
“We know from our earlier experience that fraudsters see this pandemic as an opportunity to trick European consumers,” Commissioner for Justice Didier Reynders said in a statement.
This is the latest mergers & acquisitions (M&A) transaction since ACRE completed the acquisitions of two access control businesses - Open Options in December 2018 and RS2 in May 2019.
Over the past week, an exceptional number of Israeli companies reported ransomware attacks. Several of these attacks involved a previously unknown ransomware variant named Pay2Key.
The University of South Australia (UniSA) and Optus have formed a new strategic alliance to bolster research outcomes in data science and cybersecurity and train future specialists in those fields.
While 2020 has seen a rise in ransomware threats, the Ryuk ransomware accounted for 67.3 million attacks, making up 33.7% of all ransomware attacks this year, according to a report by SonicWall.
Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. show more ...
An attacker could use this to bypass email address validation. Various other issues were also addressed.
Asterisk Project Security Advisory - If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately show more ...
leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.
Ubuntu Security Notice 4620-1 - It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code.
Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible show more ...
for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.
Ubuntu Security Notice 4599-3 - USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could show more ...
potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.
Ubuntu Security Notice 4619-1 - Mário Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2020-4961-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This show more ...
release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.
Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more.
Red Hat Security Advisory 2020-4960-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that show more ...
logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.
Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. The
Security researchers have uncovered an organised gang of cybercriminals who are compromising the VOIP phone systems of over 1000 organisations worldwide. Check Point has identified a malicious campaign that has targeted a critical vulnerability in the Sangoma PBX open-source GUI, used to manage installations of show more ...
Asterisk - the world's most popular VOIP phone system for businesses. Read more in my article on the Bitdefender Business Insights blog.
Reading Time: ~ 2 min. Maze Ransomware Group Ends Operations A press release issued this week announced the end of the Maze ransomware group’s data theft operations. In the release, the Maze authors revealed their motives behind one of the most successful ransomware campaigns to date, and why they chose to finally show more ...
shut down their massive project. It also stated the Maze team was working to expose the major security holes key industries fail to address, though their methods created many victims. Magecart Targets International Gold Retailer Nearly three months after a data breach caused by a Magecart attack struck the international precious metals retailer, JM Bullion has finally released an official statement to customers. After identifying unauthorized activity on their systems in the mid-July, the company went on to find that their systems had been compromised since February by Magecart payment card-skimming software. The company has yet to acknowledge why took so long to discover the breach or why it failed to follow GDPR regulations by immediately contacting affected customers. Ryuk Remains Top Player Throughout 2020 With ransomware continuing its stay at the top of the cyberthreat throne, Ryuk variants have been responsible for over a third of all ransomware attacks in 2020 alone or roughly 67 million attacks. Ryuk has been around for over two years, but found much greater success this year after being found responsible for only 5,100 attacks in 2019. Ransomware attacks grew 40 percent over last year, to nearly 200 million as of Q3. Cannabis Site Leaves Database Exposed An unsecured database belonging to cannabis website GrowDiaries and housing over 3.4 million user records was found to be accessible last month. The data included 1.4 million user passwords that were encrypted using MD5 hashing, which is known to be easily unlocked by cybercriminals. Nearly a week after being informed of the database GrowDiaries properly secured it from public access, though it remains unclear how long it was accessible or who accessed it during that time. Mattel Reveals Ransomware Attack Following a July ransomware attack, Mattel has finally issued an official statement regarding the overall damage. The company has confirmed that no data was stolen during the attack, which was quickly identified by their security, and many systems were taken offline to prevent any damage or theft occured. The ransomware attack was likely perpetrated by TrickBot, as it’s known for concentrating on large organizations and leaving them exposed for some encrypting variant to follow. The post Cyber News Rundown: Maze Ransomware Shuts Down appeared first on Webroot Blog.