Tag Archive for: alert

Alert: Pixel Phones’ Exploited Android Zero-Day Flaw Patched

/in


In the realm of smartphone security, the recent spotlight has fallen on Google Pixel devices, where two zero-day vulnerabilities have been unearthed and promptly addressed by Google. As per recent reports, the Android zero-day flaw, and others like it, were exploited by forensic firms, shedding light on the intricacies of smartphone security and the measures taken to safeguard user data and protect against these mobile security risks.

 

Exploited Vulnerabilities, Unique Fixes


Google Pixel phones, although running on the Android operating system, operate under a distinct update mechanism. Unlike other Android devices, Pixels receive tailored updates owing to their specialized hardware platform directly managed by Google. This bespoke approach ensures that Pixel users benefit from exclusive features and heightened security measures.

 

In the latest security bulletin for April 2024, while the broader Android ecosystem didn’t face significant threats, Pixel devices faced active exploitation of two vulnerabilities: CVE-2024-29745 and CVE-2024-29748. These vulnerabilities posed risks of vulnerability disclosure and elevation of privilege, respectively, highlighting the intricate nature of smartphone security.


A Peek into the Android Zero-Day Flaw


Forensic companies, adept at navigating device vulnerabilities, seized upon these flaws to unlock Pixel phones and access their stored data without the need for PIN authentication. GrapheneOS, a renowned name in privacy-focused Android distributions, uncovered these exploits, shedding light on the clandestine world of smartphone security breaches.

 

CVE-2024-29745, identified as a high-severity information disclosure flaw in the Pixel’s bootloader, and CVE-2024-29748, characterized as an elevation of privilege bug in the Pixel firmware, were the focal points of exploitation. These Zero-day exploits enabled unauthorized access to device memory, raising concerns regarding data integrity and user privacy.


Patching the Android Zero-Day Flaw in Pixel Phones


Responding swiftly to the looming threat, Google deployed fixes aimed at patching vulnerabilities. By implementing measures such as zeroing memory during booting and restricting USB…

Source…

‘Disable iMessage ASAP’—‘High-Risk’ Alert Issued Over ‘Credible’ iPhone Dark Web Exploit

/in


Trust Wallet, a crypto wallet owned by the crypto exchange Binance, has issued a warning that hackers may be targeting iPhone’s iMessage.

Subscribe now to Forbes’ CryptoAsset & Blockchain Advisor and “uncover blockchain blockbusters poised for 1,000% plus gains” ahead of bitcoin’s looming halving earthquake!

The so-called “zero-day” exploit could allow attackers to steal users information, messages and cryptocurrency—though the exploit itself could be a scam.

Sign up now for the free CryptoCodexA daily five-minute newsletter for traders, investors and the crypto-curious that will get you up to date and keep you ahead of the bitcoin and crypto market bull run

MORE FROM FORBES‘It’s Going To Zero’-Legendary Billionaire Predicts ‘Rapid, Cataclysmic’ U.S. Dollar Collapse And A $5 Trillion Post-Halving Bitcoin Price BoomBy Billy Bambrough

“We have credible intel regarding a high-risk, zero-day exploit targeting iMessage on the dark web,” Trust Wallet’s X account posted. “This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk.”

So-called zero-day exploits mean the developer, in this case Apple, has no time to fix the vulnerability.

Trust Wallet recommended users take “action to guard against this iMessage exploit,” advising people to “disable iMessage ASAP until Apple patches this.”

However, the hacking software is being sold on a dark web site called CodeBreach Lab for $2 million worth of bitcoin. There is no evidence that it works or that anyone has bought it, as TechCrunch pointed out.

“Threat intel detected an iOS iMessage zero-day exploit for sale in the dark web,” Trust Wallet’s chief executive Eowyn Chen posted to X.

“It is a zero-click exploit to take over control of the phone via iMessages. Its asking price is $2 million. This would make sense for very high value individual targets, as more the zero-day is used, more likely it is caught in the wild by…

Source…

Malware Alert: Windows Devices in Crosshairs of New Threat Byakugan!

/in


Windows devices are now under a new threat – a malware named Byakugan, stealing sensitive data and providing remote access to attackers.

What is Byakugan?

Byakugan is a sophisticated malware that specifically targets Windows devices. It’s built using node.js and includes a variety of libraries such as a screen monitor, miner, keystroke recorder, file manipulator, and browser info stealer. This allows the intruder to steal sensitive data including cookies, credit card details, downloads, and profiles filled automatically. To add salt to the wound, Byakugan can even mine cryptocurrencies using the victim’s CPU or GPU resources.

Distribution and Infection Method

The malware is primarily distributed via a phishing campaign, where victims are lured with a fake PDF file containing a malicious link. The infection starts when the victim clicks this deceptive link. The process continues as a file named require.exe is deposited followed by the downloading of an installer program into a temporary folder. A DLL file is then manipulated through DLL hijacking, to execute require.exe and download the malware’s main module.

The Main Module

The main module of this malware is downloaded from the site thinkforce.com. This server not only aids in distribution but also doubles as a control panel for the attacker, allowing further exploitation and manipulation of the infected device.

Past Incidents

Similar attacks have been carried out before. Adobe was previously targeted with an infostealer disguised as an Adobe Reader install program, prompting users to download what they thought was Adobe Reader, but in reality was a malicious file. Two harmful files were created and a Windows system file was run with admin rights. The malicious DLL file managed to bypass User Account Control (UAC) through DLL hijacking.

About Acrobat Reader DC by Adobe

Acrobat Reader DC by Adobe is a top-notch office tool that is widely used for reading, commenting, printing, and signing PDF documents. It’s a key competitor to Word but distinguishes itself with its superior efficiency and its seamless connection to Adobe’s cloud. It’s a free and highly recommended software for Windows, Android, and iOS users.

Source…

Businesses turn on ‘alert’ after ransomware attacks corporations

/in


ransomware khanhlinh.jpg
Illustrative photo (Photo: Khanh Linh)

Just eight days after a ransomware attack of the VnDirect Securities’ database was discovered, Vietnam’s cyberspace on April 2 recognized another intentional ransomware attack targeting PVOIL, a petroleum distributor, which caused the disruption of the entire information system of the enterprise.

Agencies in charge of network safety and security, with the main force being A05 under the Ministry of Public Security and the Authority of Information Security (AIS) under the Ministry of Information and Communications (MIC), have been helping the two businesses to handle the problems.

Experts believe that the attackers only targeted the two businesses, and more businesses may become their next victims.

AIS in recent days has found an increase in the number of ransomware attacks targeting businesses and organizations in Vietnam. The two attacks above have raised worries about a new ransomware campaign.

Talking to VietNamNet right after PVOIL confirmed the attack, Ngo Quoc Vinh, deputy CEO of VNCS Global, said Vietnam’s cyberspace has been seeing many ransomware attacks recently, but it’s too early to conclude that there is an intentional attack campaign targeting Vietnam.

According to Vinh, one of the reasons Vietnam is among the countries sustaining many ‘Prior Compromised’ attacks is the habit of Vietnamese who use unlicensed software provided on the internet for free. 

The use of pirated software allows hackers to easily install malware inside many systems for a long time.

In general, ransomware attacks don’t begin right after hackers install malware in information systems. Hackers carry out undercover activities for a certain time before they conduct attack at the suitable moment — for example, when they are sure that the attacks will have the biggest impact and bring the highest financial benefits.

In many cases, attacks are tailored based on the characteristics of targeted enterprises’ business activities. “Hackers conduct multi-directional execution, weaponized by AI to help increase the success rate,” he said. 

Commenting about the attack method used in VnDirect and PVOIL cases, Vu Ngoc Son, CTO of NCS, said the…

Source…