Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Zero-click remote ha ...

 Threats

Smartphones, tablets, and even cars with Samsung Exynos microprocessors are at risk of remote hacking. Bug hunters at Google Project Zero say you just need the victims phone number. This is due to the presence of 18 vulnerabilities in the Exynos baseband radio processor, which is widely used in Google, Vivo, Samsung,   show more ...

and many other smartphones. Four of them are critical and allow an attacker to remotely execute code on a victims device without any action on their part. For the rest, either the mobile operator itself must perform malicious actions, or the hacker needs direct access to the device. These vulnerabilities can be fixed only with a firmware update – yet to be released. But in the meantime you need to keep yourself and your phone safe. Thankfully, there are temporary protective measures you can take. What is a BRP? A baseband radio processor (BRP) is the part of a smartphone, tablet, or other smart technology that handles wireless cellular communication in second to fifth-generation devices: 2G — GSM, GPRS, EDGE; 3G — CDMA, W-CDMA; 4G — LTE; 5G — 5G NR. The BRP usually doesnt include Wi-Fi or Bluetooth functions. Once a dedicated chip, for more than a decade now it has been commonly integrated with the CPU. Nevertheless, the BRP has its own memory and a rather complex command system — in fact, its a full-fledged highly-specialized processor that actively exchanges data with the CPU and main memory. The BRPs executable code is written into it by the vendor, and its effectively inaccessible to smartphone apps for analysis or modification. To the CPU, the BRP is a black box, but one with extensive access to the devices main memory where user data is stored. There are many companies that manufacture both CPUs and BRPs. Samsungs arm that makes memory chips and other microelectronics is called Samsung Semiconductor. Its flagship series of chips, Exynos, is used in many (though not all) Samsung smartphones and tablets. Vulnerabilities in Exynos Project Zero researchers discovered that Exynos BRPs incorrectly process various service signals that the user receives from the cellular network. Upon receiving a malformed message, the chip can either freeze or, worse, run a piece of code loaded through the malicious message. Eighteen such bugs relating to service signal mismanagement were found, though to discourage hackers not all of these were described in detail. Since the BRP handles all communication with the cellular network, malicious code can be used for a whole range of spying purposes: from tracking the victims geolocation to listening in on calls or stealing data from the smartphone memory. At the same time, because its a black box, the BRP is virtually impossible to diagnose or disinfect, except by reflashing. The chips affected by the vulnerabilities are Exynos 850, 980, 1080, 1280, 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. Unfortunately, vendors dont always disclose details about which chips are installed in which devices. Using publicly available data, it was possible to compile an incomplete list of devices that most likely use these chipsets. It includes the following models: Samsung Galaxy A04, A12, A13, A21s, A33, A53, A71, M12, M13, M33, S22; Vivo S6, S15, S16, X30, X60, X70; Google Pixel 6, 6a, 6 Pro, 7, 7 Pro; Any vehicles with the Exynos Auto T5123 chipset. How to stay safe The main way to protect yourself is by updating the BRP firmware, which usually occurs during a full firmware update of the smartphone. For instance, Google already released bug fixes for the Pixel 7 and 7 Pro as part of its March update. Unfortunately, the Pixel 6 and 6 Pro are still vulnerable at the time of posting. We recommend that Pixel owners install the latest firmware through their smartphone settings without delay. Samsung has also released code updates for the Exynos BRPs, but has yet to fix all the vulnerabilities. Whats more, the vendor of each particular device containing these chips must independently package these fixes into their new firmware. At the time of posting, such firmware for other vulnerable devices was not yet available. It goes without saying that youll need to install these updates as soon as they appear. Until then, Project Zero researchers recommend disabling Voice over LTE (VoLTE) and Wi-Fi calling on smartphones with Exynos BRPs. This may degrade the quality of voice calls and slow down call connection, but will have no impact at all on the speed and quality of internet access. Until the release of the new firmware, this will protect devices from potential hacking, albeit with some loss of functionality.

image for Why You Should Opt O ...

 A Little Sunshine

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a   show more ...

primer on why you might want to do that, and how. Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. AT&T said the data exposed did not include sensitive information, such as credit card or Social Security numbers, or account passwords, but was limited to “Customer Proprietary Network Information” (CPNI), such as the number of lines on an account. Certain questions may be coming to mind right now, like “What the heck is CPNI?” And, ‘If it’s so ‘customer proprietary,’ why is AT&T sharing it with marketers?” Also maybe, “What can I do about it?” Read on for answers to all three questions. AT&T’s disclosure said the information exposed included customer first name, wireless account number, wireless phone number and email address. In addition, a small percentage of customer records also exposed the rate plan name, past due amounts, monthly payment amounts and minutes used. CPNI refers to customer-specific “metadata” about the account and account usage, and may include: -Called phone numbers -Time of calls -Length of calls -Cost and billing of calls -Service features -Premium services, such as directory call assistance According to a succinct CPNI explainer at TechTarget, CPNI is private and protected information that cannot be used for advertising or marketing directly. “An individual’s CPNI can be shared with other telecommunications providers for network operating reasons,” wrote TechTarget’s Gavin Wright. “So, when the individual first signs up for phone service, this information is automatically shared by the phone provider to partner companies.” Is your mobile Internet usage covered by CPNI laws? That’s less clear, as the CPNI rules were established before mobile phones and wireless Internet access were common. TechTarget’s CPNI primer explains: “Under current U.S. law, cellphone use is only protected as CPNI when it is being used as a telephone. During this time, the company is acting as a telecommunications provider requiring CPNI rules. Internet use, websites visited, search history or apps used are not protected CPNI because the company is acting as an information services provider not subject to these laws.” Hence, the carriers can share and sell this data because they’re not explicitly prohibited from doing so. All three major carriers say they take steps to anonymize the customer data they share, but researchers have shown it is not terribly difficult to de-anonymize supposedly anonymous web-browsing data. “Your phone, and consequently your mobile provider, know a lot about you,” wrote Jack Morse for Mashable. “The places you go, apps you use, and the websites you visit potentially reveal all kinds of private information — e.g. religious beliefs, health conditions, travel plans, income level, and specific tastes in pornography. This should bother you.” Happily, all of the U.S. carriers are required to offer customers ways to opt out of having data about how they use their devices shared with marketers. Here’s a look at some of the carrier-specific practices and opt-out options. AT&T AT&T’s policy says it shares device or “ad ID”, combined with demographics including age range, gender, and ZIP code information with third parties which explicitly include advertisers, programmers, and networks, social media networks, analytics firms, ad networks and other similar companies that are involved in creating and delivering advertisements. AT&T said the data exposed on 9 million customers was several years old, and mostly related to device upgrade eligibility. This may sound like the data went to just one of its partners who experienced a breach, but in all likelihood it also went to hundreds of AT&T’s partners. AT&T’s CPNI opt-out page says it shares CPNI data with several of its affiliates, including WarnerMedia, DirecTV and Cricket Wireless. Until recently, AT&T also shared CPNI data with Xandr, whose privacy policy in turn explains that it shares data with hundreds of other advertising firms. Microsoft bought Xandr from AT&T last year. T-MOBILE According to the Electronic Privacy Information Center (EPIC), T-Mobile seems to be the only company out of the big three to extend to all customers the rights conferred by the California Consumer Privacy Act (CCPA). EPIC says T-Mobile customer data sold to third parties uses another unique identifier called mobile advertising IDs or “MAIDs.” T-Mobile claims that MAIDs don’t directly identify consumers, but under the CCPA MAIDs are considered “personal information” that can be connected to IP addresses, mobile apps installed or used with the device, any video or content viewing information, and device activity and attributes. T-Mobile customers can opt out by logging into their account and navigating to the profile page, then to “Privacy and Notifications.” From there, toggle off the options for “Use my data for analytics and reporting” and “Use my data to make ads more relevant to me.” VERIZON Verizon’s privacy policy says it does not sell information that personally identities customers (e.g., name, telephone number or email address), but it does allow third-party advertising companies to collect information about activity on Verizon websites and in Verizon apps, through MAIDs, pixels, web beacons and social network plugins. According to Wired.com’s tutorial, Verizon users can opt out by logging into their Verizon account through a web browser or the My Verizon mobile app. From there, select the Account tab, then click Account Settings and Privacy Settings on the web. For the mobile app, click the gear icon in the upper right corner and then Manage Privacy Settings. On the privacy preferences page, web users can choose “Don’t use” under the Custom Experience section. On the My Verizon app, toggle any green sliders to the left. EPIC notes that all three major carriers say resetting the consumer’s device ID and/or clearing cookies in the browser will similarly reset any opt-out preferences (i.e., the customer will need to opt out again), and that blocking cookies by default may also block the opt-out cookie from being set. T-Mobile says its opt out is device-specific and/or browser-specific. “In most cases, your opt-out choice will apply only to the specific device or browser on which it was made. You may need to separately opt out from your other devices and browsers.” Both AT&T and Verizon offer opt-in programs that gather and share far more information, including device location, the phone numbers you call, and which sites you visit using your mobile and/or home Internet connection. AT&T calls this their Enhanced Relevant Advertising Program; Verizon’s is called Custom Experience Plus. In 2021, multiple media outlets reported that some Verizon customers were being automatically enrolled in Custom Experience Plus — even after those customers had already opted out of the same program under its previous name — “Verizon Selects.” If none of the above opt out options work for you, at a minimum you should be able to opt out of CPNI sharing by calling your carrier, or by visiting one of their stores. THE CASE FOR OPTING OUT Why should you opt out of sharing CPNI data? For starters, some of the nation’s largest wireless carriers don’t have a great track record in terms of protecting the sensitive information that you give them solely for the purposes of becoming a customer — let alone the information they collect about your use of their services after that point. In January 2023, T-Mobile disclosed that someone stole data on 37 million customer accounts, including customer name, billing address, email, phone number, date of birth, T-Mobile account number and plan details. In August 2021, T-Mobile acknowledged that hackers made off with the names, dates of birth, Social Security numbers and driver’s license/ID information on more than 40 million current, former or prospective customers who applied for credit with the company. Last summer, a cybercriminal began selling the names, email addresses, phone numbers, SSNs and dates of birth on 23 million Americans. An exhaustive analysis of the data strongly suggested it all belonged to customers of one AT&T company or another. AT&T stopped short of saying the data wasn’t theirs, but said the records did not appear to have come from its systems and may be tied to a previous data incident at another company. However frequently the carriers may alert consumers about CPNI breaches, it’s probably nowhere near often enough. Currently, the carriers are required to report a consumer CPNI breach only in cases “when a person, without authorization or exceeding authorization, has intentionally gained access to, used or disclosed CPNI.” But that definition of breach was crafted eons ago, back when the primary way CPNI was exposed was through “pretexting,” such when the phone company’s employees are tricked into giving away protected customer data. In January, regulators at the U.S. Federal Communications Commission (FCC) proposed amending the definition of “breach” to include things like inadvertent disclosure — such as when companies expose CPNI data on a poorly-secured server in the cloud. The FCC is accepting public comments on the matter until March 24, 2023. While it’s true that the leak of CPNI data does not involve sensitive information like Social Security or credit card numbers, one thing AT&T’s breach notice doesn’t mention is that CPNI data — such as balances and payments made — can be abused by fraudsters to make scam emails and text messages more believable when they’re trying to impersonate AT&T and phish AT&T customers. The other problem with letting companies share or sell your CPNI data is that the wireless carriers can change their privacy policies at any time, and you are assumed to be okay with those changes as long as you keep using their services. For example, location data from your wireless device is most definitely CPNI, and yet until very recently all of the major carriers sold their customers’ real-time location data to third party data brokers without customer consent. What was their punishment? In 2020, the FCC proposed fines totaling $208 million against all of the major carriers for selling their customers’ real-time location data. If that sounds like a lot of money, consider that all of the major wireless providers reported tens of billions of dollars in revenue last year (e.g., Verizon’s consumer revenue alone was more than $100 billion last year). If the United States had federal privacy laws that were at all consumer-friendly and relevant to today’s digital economy, this kind of data collection and sharing would always be opt-in by default. In such a world, the enormously profitable wireless industry would likely be forced to offer clear financial incentives to customers who choose to share this information. But until that day arrives, understand that the carriers can change their data collection and sharing policies when it suits them. And regardless of whether you actually read any notices about changes to their privacy policies, you will have agreed to those changes as long as you continue using their service.

 Malware and Vulnerabilities

HinataBot is the latest in the ever-growing list of emerging Go-based threats abusing old vulnerabilities and weak credentials and could launch massive 3.3 Tbps DDoS attacks. The threat actors behind HinataBot were originally distributing Mirai binaries before they began developing their own botnet in mid-January. Organizations are advised to update the firmware of the affected products. 

 Incident Response, Learnings

Convenience retailer Wawa has committed to pay up to $28.5 million to settle negligence claims stemming from a data breach that occurred in 2019, according to filings made in the U.S District Court, Eastern District of Pennsylvania.

 Govt., Critical Infrastructure

The UK’s data protection regulator has reprimanded the country’s largest police service for failing to properly maintain records on organized crime groups (OGCs), resulting in inaccurate information being stored on a key database.

 Malware and Vulnerabilities

Multiple threat groups were found abusing CVE-2023-26360, a high-severity three-year-old bug, in Progress Telerik to infiltrate an unnamed federal entity in the U.S. The successful exploitation of the bug allowed threat actors to remotely execute arbitrary code on an FCEB agency's Microsoft Internet Information Services (IIS) web server.

 Trends, Reports, Analysis

Investments in cybersecurity are expected to reach nearly $300 billion in 2026, driven by the ongoing threat of cyberattacks, the demands of providing a secure hybrid work environment, and the need to meet data privacy and governance requirements.

 Malware and Vulnerabilities

Check Point Research found FakeCalls, a new Android vishing malware tool, targeting victims in South Korea by impersonating 20 leading financial institutions in the region. It lures victims with a fake loan form that would request users’ personal details and banking details including credit card numbers. To stay protected, experts suggest downloading apps only from official and reliable sources.

 Malware and Vulnerabilities

Changing its ransom tactics, the BianLian ransomware group appears to have decided not to encrypt its victims' files, rather only extract data and demand a ransom against that. The ransomware operation surfaced in the wild in July 2022. The ransomware operators, in some of the cases, also referenced the subsections of several laws and statutes that a victim firm can face if its breach news goes public.

 Laws, Policy, Regulations

The new proposed regulations would require broker-dealers to notify customers within 30 days of a data breach, immediately inform the government, and expand the type of customer information protected by data privacy regulations.

 Incident Response, Learnings

The settlement benefits consumers who received a data breach notification from Orlando Family Physicians informing them their personal information or protected health information may have been compromised in a data breach on April 15, 2021.

 Malware and Vulnerabilities

An 'Acropalypse' flaw in Google Pixel's Markup tool made it possible to partially recover edited or redacted screenshots and images, including those that have been cropped or had their contents masked, for the past five years.

 Breaches and Incidents

The SCARLETEEL sophisticated hacking operation, which targets Kubernetes hosted on Amazon to steal confidential proprietary data, also suspect to have a TeamTNT touch. Despite all the similarities, researchers could not connect the two malware with full confidence. According to them, it is possible that another group is simply copying the tactics.

 Breaches and Incidents

KillNet, a cybercriminal collective with ties to Russia, was spotted targeting Microsoft Azure-hosted healthcare apps for more than three months. The highest number of these attacks were launched in February, targeting hospitals, pharma, life science, healthcare insurance, and health services in more than 25 states.

 Feed

Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.

 Feed

Red Hat Security Advisory 2023-1303-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 7.3.10 replaces Data Grid 7.3.9 and includes security fixes. Issues addressed include code execution and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.

 Feed

Red Hat Security Advisory 2023-1154-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.54.

 Feed

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A 

 Feed

This article has not been generated by ChatGPT.  2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in

 Feed

The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora based on code-level similarities. It's worth noting that the use

 Feed

A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families," Check

 Feed

A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu (

2023-03
Aggregator history
Monday, March 20
WED
THU
FRI
SAT
SUN
MON
TUE
MarchAprilMay