Tag Archive for: download

Android Users Should Download This Security Update NOW!

/in


Google has started to roll out the security patch for December, and it evidently fixes multiple vulnerabilities affecting Android devices, but the highlight has to be CVE-2023-40088. This vulnerability allows Remote Code Execution or RCE, and an attacker could leverage this to install malicious code or software on a user’s phone without consent.

Google itself has stated that this vulnerability is dangerous. The company notes that it could lead to “remote (proximal/adjacent) code execution with no additional execution privileges needed” and that “user interaction is not needed for exploitation.” In simple terms, this could have made it easy for hackers and bad actors to gain access, snoop around your device, and get access to your valuable data.

Additionally, it’s important to keep in mind that this vulnerability affected a wide range of Android versions, including Android 11, 12, 12L, 13, and 14.

Story continues below advertisement

This security patch includes additional fixes that address vulnerabilities identified in components from various chip makers, such as ARM, Unisoc, Mediatek, and Qualcomm.

That said, the update should roll out to devices as and when manufacturers decide to optimize and release these security packages for their smartphones. Typically, Samsung and Google Pixel devices receive these security patches quickly after their reveal.

Now, if you happen to have an Android device that is eligible for the December security update, you should definitely update to the latest version as soon as possible. The vulnerability is of a ‘critical’ nature, and if an attacker does gain access to your device, the consequences can be severe, especially given the prevalence of financial fraud and scams.

top videos

  • Facebook Shutting Down Accounts But Why?

  • Could Elon Musk’s X Platform Go Bankrupt?

  • iPhone Users Being Warned About This New Feature

  • Millions Watching Videos Online In India but Are They Fake?

  • Safety Tips to avoid major Aadhaar fraud

    • Shaurya SharmaShaurya Sharma, Sub Editor at CNN-News18, specialises in reporting on consumer, …Read More

    first published: December 06, 2023, 08:07 IST

    News18 Join our Whatsapp channel

    Source…

    Supply chain attack spread Linux malware via free download manager site

    /in


    Linux users have been targeted by a supply chain attack that exploited a download manager website to facilitate Bash stealer deployment from 2020 to 2022, The Hacker News reports.

    Threat actors compromised the “freedownloadmanager[.]org” website in January 2020 to redirect to another domain with a malicious Debian package that eventually resulted in the delivery of the crond backdoor and the Bash information-stealing malware, which sought to exfiltrate cloud service credentials, system information, cryptocurrency wallet files, and saved passwords, according to a Kaspersky report.

    Detection of the now inactive campaign has been hampered by the absence of the Debian package in some of the targets that downloaded the software.

    “While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye. Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions,” said researchers.

    Source…

    Hackers Use “chatgpt5[.]zip” to Trick Users into Download Malware

    /in


    Hackers Use “chatgpt5 [.]zip” to Trick Users into Downloading Malware. Phishing remains a severe cybersecurity threat, deceiving employees with cleverly disguised malicious links and malware attachments, potentially causing company-wide troubles for over a decade.

    The 2022 FortiGuard Labs report and the 2023 Global Ransomware Research both highlight phishing as the leading initial access method in network breaches, setting the stage for subsequent attack stages.

    Threat actors employ creative names to disguise phishing attacks, with a new TLD ‘ .ZIP’ introducing a potential threat by chatgpt5 leading to malicious sites.

    Reach Expansion

    TLDs are vital components of domain names, like ‘.COM,’. ‘NET,. ‘ ‘.ORG,’ represents the highest level in the DNS hierarchy, shaping the structure of the web.

    With internet evolution, countless gTLDs emerged for personalized web addresses, offering branding chances but also phishing opportunities that demand alertness.

    The availability of public ‘.ZIP’ domains has created an unfortunate opportunity for the threat actors seeking new exploits and techniques.

    The inclusion of ‘.ZIP’ as a gTLD adds complexity to phishing detection, particularly due to its association with compressed files, increasing confusion and providing phishers with a potent new tool for their attacks.

    Exploiting ChatGPT

    The cybersecurity researchers acknowledge the security risks of the ‘.ZIP’ TLD, but responsible individuals are actively working to mitigate the abuse of such domain names.

    The hype around ChatGPT lead to the creation and registration of  “chatgpt5 [.]zip ” on May 20th, supposedly for the next GPT iteration, but surprisingly, it holds a neutral text message instead of malware.

    New .ZIP domain (Source – Fortinet)
    Harmless text message (Source – Fortinet)

    To trick the users by claiming to safeguard students from malware, “assignment[.]zip” was registered by the threat actors on May 15th, redirecting visitors to a download of a ZIP archive containing files that are completely safe.

    Fake attack for students (Source – Fortinet)

    Exploiting the widespread use of the .ZIP extension, malicious actors create campaigns and websites reminiscent…

    Source…

    Do not download fake Anti Scam Centre app onto Android devices: Police

    /in


    SINGAPORE – Those who are using Android devices are advised by the police not to download any application via an SMS that claims to be from the police’s Anti Scam Centre (ASC).

    This is because the Android package kit (APK) file may contain malware which allows scammers to access and take control of the device remotely, and to steal passwords in the device, the police said on Sunday.

    In this scam variant, members of the public are sent an SMS claiming to be from ASC and requesting them to download and install an anti-scam app to ensure the security of their devices.

    According to the police, the fake app claims to help identify and prevent scams by providing comprehensive protection and security.

    The SMS contains a URL link to a fake ASC website with a link to download the app. As part of the app installation, the Android user would be prompted to allow access to the device to enable the anti-scam service.

    Those with information relating to such crimes, or who are in doubt, can call the police hotline on 1800-255-0000, or submit it online at www.police.gov.sg/iwitness.

    Source…