Cyber ​​Security Today, November 25, 2022 - Android patch gap continues, beware of corrupted VPN apps and more

Cyber ​​Security Today, November 25, 2022 – Android patch gap continues, beware of corrupted VPN apps and more

Android patch gap continues, beware of corrupted VPN apps and more.

Welcome to Cyber ​​Security today. It’s Friday, November 25, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.

If you have a specific model Android phones from Google Pixel, Samsung, and other manufacturers that may have vulnerabilities that hackers can take advantage of. ARM, the company that makes the graphics processor with the problems, has patched the vulnerabilities. However, many cell phone manufacturers and carriers have been slow to distribute the fix to devices. According to Google’s Project Zero groupWhich found the vulnerabilities, ARM released patches to close the five holes by the end of August. But as of Tuesday this week, a handful of phones tested by Project Zero had not been patched. This is a common problem with smartphones: cell phone companies don’t automatically push out patches to all devices they sell. It’s something you can mention to your wireless provider.

Threat actors are used Docker Hub’s open image repository for containers to hide malware. Docker Hub reviews some images and approved developers can add content. But the researchers at Sysdig say They recently found more than 1,600 images with malicious content among the 250,000 Linux images they examined. Problem containers include links to malicious Internet sites and domains, built-in SSH and API keys, encryption keys, and corrupt versions of legitimate open source software. The lesson is to thoroughly scan everything downloaded from Docker Hub, just as it should with content from open source repositories like GitHub and PyPI.

Targeted people are being scammed To download corrupted versions of two legit VPN apps for Android by an advanced hacking suite. The apps, supposedly real versions of SoftVPN or OpenVPN, are really spyware that captures text messages when victims use WhatsApp, Facebook, Signal, Viber, and Telegram. The researchers at ESET believe The attackers are researchers from a hacking-for-hire group they call Ba-ha-mut. It usually pursues targets in the Middle East and South Asia. But the lesson for anyone around the world is to only download apps from websites approved by your IT department.

ConnectWise RMM, a remote monitoring management tool used by a number of IT departments and managed service providers, had a stored cross-site scripting vulnerability that could have been exploited by threat actors. this According to researchers at Guardio. They informed the company in June, and it quietly released a patch for the hole in August. The news is only out now because Guardio has agreed to give customers time to install the update. The thing is, the attackers didn’t need to compromise their ConnectWise RMM installations to take advantage of the hole: all they had to do was sign up for a free 14-day trial of ConnectWise RMM, set up a fake customer support page for the company they wanted to hit and start luring victims into signing up. Access. Malware can be sent to the victim’s computer. As you can see, the trial version allowed custom pages to be created, just like the paid version. So an attacker can create a fake IT support page with any company’s logo on it, send emails to company employees and trick them into logging into the fake support page. After being notified, ConnectWise removed the ability to customize pages in beta and fixed the cross-site scripting vulnerability. Two lessons here: First, it’s important that application developers scrutinize their code for bugs. Secondly, do not enable all features in the trial versions of the software.

Remember later today the Week in Review podcast will be available.

Catch Cyber ​​Security Today on Apple Podcasts or Google Podcasts or add us to the Flash feed on your smart speaker.


#Cyber #Security #Today #November #Android #patch #gap #continues #beware #corrupted #VPN #apps

Leave a Comment

Your email address will not be published. Required fields are marked *