#Telegram #Android #CoSoSec

Researchers have identified a zero-day exploit for the Telegram messaging app on Android devices that could have allowed attackers to send malicious payloads disguised as legitimate files.

https://therecord.media/telegram-zero-day-android-app-eset

report:

#Crowdstrike #CoSoSec

pro-Iranian hacktivist group Handala have stated on Twitter that they impersonated CrowdStrike in emails to Israeli companies to distribute the data wiper - emails include a PDF that contains further instructions on running the fake update, as well as a link to download a malicious ZIP archive from a file hosting service. This zip file contains an executable named 'Crowdstrike.exe.'

NCSC also warned that it observed an increase in phishing msgs

https://www.ncsc.gov.uk/news/major-it-outage

#VPN #CoSoSec

team of researchers warns that VPNs are affected by a vulnerability that can be exploited to launch man-in-the-middle (MitM) attacks, enabling threat actors to intercept and redirect traffic

attack technique, named Port Shadow and tracked as CVE-2021-3773, builds on research first presented by Benjamin Mixon-Baca and Jedidiah R. Crandall back in 2021

https://www.breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html

paper detailing the research was published this week

(PDF URL)

https://petsymposium.org/popets/2024/popets-2024-0070.pdf

In its latest State of Application Security Report, Cloudflare paints a sobering picture of the internet's threat landscape in 2024.

#CoSoSec

How sobering?

Try 6.8% of internet traffic is malicious, up a percentage point from last year's study.

https://www.crowdstrike.com/2024-state-of-application-security-report/

Fortunately, there are things you can do to help protect yourself and your websites.

https://www.zdnet.com/article/cloudflare-reports-almost-7-percent-of-internet-traffic-is-malicious/

According to Silent Push, the software currently being targeted by Fin7 includes 7-zip, PuTTY, ProtectedPDFViewer, AIMP, Notepad++, Advanced IP Scanner, AnyDesk, pgAdmin, AutoDesk, Bitwarden, Rest Proxy, Python, Sublime Text, and Node.js.

#CoSoSec

Cybersecurity agencies from eight countries have issued a warning that China-based hackers have been accessing government networks—and doing it with great efficiency.

#CoSoSec

https://www.forbes.com/sites/emmawoollacott/2024/07/09/eight-nations-issue-warning-about-speed-of-chinese-hackers-operations/

Selfie-based authentication raises eyebrows among infosec experts

Vietnam now requires it for some purchases - Vietnam began requiring face scans on phone banking apps as proof of identity for all digital transactions of around $400 and above

#CoSoSec

just days into the new regime, some apps have already been called out for accepting still photos instead of a live image of the individual.

https://www.theregister.com/2024/07/08/selfie_authentication_security/

Definitely not a safe option for verification

'Almost every Apple device' vulnerable to CocoaPods supply chain attack

#CoSoSec #Apple

Dependency manager used in millions of apps leaves a bitter taste

https://www.theregister.com/2024/07/02/cocoapods_vulns_supply_chain_potential/

KnowBe4's Lead Security Awareness Advocate, Javvad Malik's, nightmare became a reality when he became a hacker for an online bank due to a simple mistake. Learn from his experience and ensure your team is properly trained in cybersecurity.

#CoSoSec #Hackers

Hacker Story: Javvad Malik - Hacker Was Me

https://youtu.be/j0TKNVDXJEg

Twilio has confirmed that unauthorized actors had identified phone numbers associated with users of its Authy two-factor authentication app.

#CoSoSec

https://techcrunch.com/2024/07/03/twilio-says-hackers-identified-cell-phone-numbers-of-two-factor-app-authy-users/

The disclosure comes after a hacker claimed last week to have obtained 33 million phone numbers from Twilio.

https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS

Cracking the 5G Fortress: Peering Into 5G's Vulnerability Abyss

#CoSoSec

https://www.blackhat.com/us-24/briefings/schedule/#cracking-the-g-fortress-peering-into-gs-vulnerability-abyss-40620

At the upcoming Black Hat 2024 in Las Vegas, a team of seven Penn State University researchers will describe how hackers can go beyond sniffing your Internet traffic by literally providing your Internet connection to you. From there, spying, phishing, and plenty more are all on the table.

Update: #CoSoSec

TeamViewer, together with external incident response support, currently attributes the attack to the Midnight Blizzard/APT29 threat actor.

Remote software services like TeamViewer are frequently used by threat actors to gain initial access and establishing persistence on target networks.

https://www.infosecurity-magazine.com/news/vpn-rdp-exploitation-common-attack/

TeamViewer Cyber-Attack Attributed to Russian APT Midnight Blizzard

https://www.reuters.com/technology/cybersecurity/teamviewer-accuses-russia-linked-hackers-cyberattack-2024-06-28/

TeamViewer on Thursday said its security team just "detected an irregularity" within one of its networks – which is a fancy way of saying someone broke in.

#CoSoSec

https://www.teamviewer.com/en/resources/trust-center/statement/

TeamViewer can't bring itself to say someone broke into its network – but it happened

https://www.theregister.com/2024/06/28/teamviewer_network_breach/

Claims customer data, prod environment not affected as NCC sounds alarm

Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecommunications provider, has suffered a major data breach orchestrated by a threat actor known as “kiberphant0m”.

Putting users at risk and a potential national security threat

#CoSoSec

https://gbhackers.com/bsnl-data-breach-exposes-millions/

This incident marks the second data breach BSNL has experienced in the past six months. In December 2023, a threat actor known as “Perell” released a dataset containing 32,000 lines of sensitive information about BSNL

critical vulnerability recently discovered in a widely used piece of software is putting huge swaths of the Internet at risk of devastating hacks, and attackers have already begun actively trying to exploit it in real-world attacks, researchers warn.

Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk

#CoSoSec

similar flaw last year left 1,800 networks breached. Will the latest one be as potent?

https://arstechnica.com/security/2024/06/critical-moveit-vulnerability-puts-huge-swaths-of-the-internet-at-severe-risk/

Chinese hackers are increasingly deploying ransomware, researchers say

#CoSoSec

apparent ransomware attacks against the Brazilian presidency and the All India Institute of Medical Sciences (AIIMS), carried out in 2022 and so far unattributed, were in fact the work of a suspected Chinese-linked cyberespionage operation tracked as ChamelGang, or CamoFei.

(PDF file - report from SentinelLabs and Recorded Future - Wednesday)

https://share.counter.social/s/40b9f9

3 Free Android Keyboards that Respect Your Privacy

#OpenSource #CoSoSec

Why You Should Ditch Google Gboard or Microsoft Swiftkey

https://www.howtogeek.com/3-free-android-keyboards-that-respect-your-privacy/

I use OpenBoard which is one of the three in that article - GBoard & SwiftKey use background data to call home SwiftKey let's Microsoft use your data it collects for ads(its on by default) - OpenBoard uses no background data whatsoever and doesn't get any data from you, same as the other 2

There are always bound to be bugs in software. Sometimes these issues aren’t that big, but sometimes they can be dangerous. Take for example a recent Windows WiFi vulnerability that Microsoft disclosed.

#CoSoSec

This vulnerability wasn't originally publicly disclosed, and is now patched with an up-to-date Windows install, but the incident highlights the necessity of installing critical security patches in a timely manner.

https://www.xda-developers.com/windows-wi-fi-vulnerability/

Kaspersky ban, intel-broker hacking spree, tiktok sued again

Round up of cyber news from our friendly AI

#CyberNews #CoSoSec

https://youtu.be/54ECG9eC4d4

T-Mobile denies it was hacked, links leaked data to vendor breach

#CoSoSec

https://www.bleepingcomputer.com/news/security/t-mobile-denies-it-was-hacked-links-leaked-data-to-vendor-breach/

"We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor's claim that T-Mobile's infrastructure was accessed is false."

This statement comes after IntelBroker, a well-known threat actor linked to numerous breaches, claimed to have breached T-Mobile in June 2024 and stolen source code