Newly discovered flaw could allow hacking of Samsung Android devices
Researchers from the mobile cybersecurity firm Kryptowire have discovered a vulnerability that resides in a pre-installed Phone app that executes with system privileges on Samsung devices. Tracked as CVE-2022-22292, and occurring in Android 9, 10, 11, and 12 devices, the vulnerability “could give attackers the ability to initiate a factory reset (deleting all user data), make phone calls (including to emergency numbers such as 911), install/uninstall apps, weaken HTTPS security by installing arbitrary root certificates, all from untrusted apps running in the background and without end-user approval.”
Adobe Creative Cloud Experience makes malware easier to hide
Experience is a service installed via the Creative Cloud installer for Windows that includes a Node.js executable that’s useable as part of an attack chain. Security researcher Michael Taggart recently demonstrated that the node.exe instance accompanying Adobe’s service could be abused by writing a simple proof-of-concept JavaScript file that spawns the Windows Calculator app, and that can “run any JavaScript you point it to.” Security researchers commenting on Taggart’s finding said they’d been under the impression the bundled Node runtime would only execute files signed by Adobe, but evidently that’s not the case.
Parrot redirect service infects 16,500 sites to push malware
A new traffic direction system (TDS) called Parrot is taking advantage of servers that host more than 16,000 websites of universities, local governments, adult content platforms, and personal blogs, to send potential victims who match a specific profile such as location, language spoken, operating system, or browser, to online resources such as phishing and malware-dropping sites. Threat analysts at Avast discovered Parrot TDS, and state that it is being used currently for a campaign called FakeUpdate, which delivers remote access trojans (RATs) via fake browser update notices. As Avast details in its report, the particular campaign’s user profile and filtering are so fine-tuned that “the malicious actors can target a specific person from thousands of redirected users.” Most of the users targeted by these malicious redirections were in Brazil, India, the United States, Singapore, and Indonesia.
New FFDroider malware steals Facebook, Instagram, Twitter accounts
This new information stealer steals credentials and cookies stored in browsers to hijack victims’ social media accounts. Researchers at Zscaler have been tracking its spread and published a detailed technical analysis yesterday based on recent samples. FFDroider is spread through software cracks, free software, games, and other files downloaded from torrent sites. When installing these downloads, FFDroider will also be installed, but disguised as the Telegram desktop app to evade detection. Once launched, the malware will create a Windows registry key named “FFDroider,” which led to the naming of this new malware.
Thanks to our episode sponsor, Code42
Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.
Israeli officials catfished by Bearded Barbie
AridViper, also known as APT-C-23, is a politically-driven APT group active in the Middle East. In the past, it “has conducted spear-phishing attacks against Palestinian law enforcement, military, and educational establishments, as well as the Israel Security Agency (ISA). In February, Cisco Talos researchers uncovered AridViper attacks against activists associated with the Israel-Palestine conflict.” On Thursday, Cybereason’s Nocturnus Research Team published new findings on the APT’s latest activities an operation named “Bearded Barbie,” which targets “carefully chosen Israeli individuals to compromise their PCs and mobile devices, spy on their activities, and steal sensitive data.” The researchers say the APT-C-23 group, alongside MoleRATs, are subset APTs of the Hamas cyberwarfare division and are working to benefit the Palestinian political group.
(ZDNet)
Zoom awards $1.8 million in bug bounty rewards over 2021
According to ZDet, “Zoom has awarded $1.8 million to researchers who submitted bug bounty reports over 2021.” Recent updates made to the program allow for the bounty reward range to be extended, with up to $50,000 per report for the most severe vulnerabilities. “The company also launched a public Vulnerability Disclosure Program (VDP) and a VIP bug bounty program for licensed software.” They attribute the increase in payments to the explosion of usage of Zoom by work-from-home employees paired with a shortage of available talent to hire.
(ZDNet)
Suspected Chinese hackers are targeting India’s power grid
According to a report by Recorded Future, researchers have observed “likely” network intrusions of at least seven state centers that carry out real-time grid control and electricity dispatch. They state this was the work of hackers “likely affiliated with the Chinese government.” Although Researchers weren’t able to pinpoint the initial vector for how the malware got into the networks they believe hackers likely gained access to the dispatch centers by compromising internet-facing camera devices, and using them as a command & control center.
Amazon secures rockets for broadband project
According to the BBC, “over the next five years, three new heavy-lift rockets will put thousands of satellites into low earth orbit as part of Amazon’s Project Kuiper.” The goal is to provide broadband connections using a constellation of 3,236 satellites, which will start to come close to the 2,300 satellites already in orbit for Starlink. The rockets will be manufactired by Arianespace, Blue Origin (founded by Amazon owner Jeff Bezos), and United Launch Alliance. Project Kuiper plans to deliver “high-speed, low-latency broadband to customers including households, businesses, government agencies, disaster relief operations, mobile operators, and other organizations “working in places without reliable internet connectivity”. Like Elon Musk’s Starlink, users will connect to the internet via a terminal that communicates with the satellites. Amazon says its experience in shipping and making products like Echo and Kindle will be useful in producing and distributing these.
(BBC News)