This posting is here to collect cyber security news in April 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
425 Comments
Tomi Engdahl says:
Lähes kaikkien Android-puhelimien audiokoodekista löytyi tietoturva-aukko
https://etn.fi/index.php/13-news/13460-laehes-kaikkien-android-puhelimien-audiokoodekista-loeytyi-tietoturva-aukko
Tietoturvayritys Check Pointin tutkimusosasto kertoo löytäneensä haavoittuvuuksia useimmissa älypuhelimissa käytetystä ALAC-audiokoodekista. Applen koodekki (Apple Lossless) on käytetty esimerkiksi Qualcommin ja Mediatekin suosituissa piirisarjoissa.
Check Pointin mukaan enimmillään jopa kaksi kolmesta Android-käyttäjästä oli altistunut haavoittuvuudelle. Sen avulla hyökkääjillä oli mahdollisuus päästä etäyhteydellä kiinni käyttäjän media- ja äänikeskusteluihin,
Apple esitteli ALAC-koodekin vuonna 2004. Vuoden 2011 lopulla Apple julkaisi koodekin avoimena lähdekoodina ja sen jälkeen koodekki on olut mukana muidenkin valmistajien laitteissa. Tämä koskee esimerkiksi Android-pohjaisia älypuhelimia, Linux- ja Windows-mediasoittimia ja -muuntimia.
Tomi Engdahl says:
Damien Wilde / 9to5Google:
Google plans to effectively block third-party call recording apps from the Play Store on May 11 after placing further restrictions to its Accessibility API — A new Google Play Store policy coming into force is set to block third-party call recording apps from the online storefront from May 11.
https://9to5google.com/2022/04/21/google-will-block-all-third-party-call-recording-apps-on-play-store-from-may-11/
Tomi Engdahl says:
https://hackaday.com/2022/04/22/this-week-in-security-javas-psychic-signatures-aws-escape-and-a-nasty-windows-bug/
Tomi Engdahl says:
Androidista löytyi hurja aukko: Vaaransi miljoonia ihmisiä https://www.is.fi/digitoday/tietoturva/art-2000008767358.html
Tomi Engdahl says:
Disable the ALAC decoder
https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html?fbclid=IwAR2BZ0aTUtmZuBf4aihNGd-DgLOrkj7df0vLwCer11znI_dFcLVIvYIyQXg
Tomi Engdahl says:
Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program
https://www.cyberscoop.com/dhs-bug-bounty-122-vulnerabilities-27-critical-hackers/
More than 450 security researchers working through the Department of Homeland Security’s “Hack the DHS” bug bounty program identified more than 122 vulnerabilities, 27 of which were deemed critical, according to a DHS statement first obtained by CyberScoop.
The agency awarded $125,600 to participants in the program for finding and identifying the vulnerabilities, the agency said in the statement. The researchers, vetted by the agency before participating, were eligible to receive between $500 and $5,000 for verified vulnerabilities, depending on the severity.
The DHS bug bounty program, launched in December 2021, brought the agency up to speed with other agencies that already had bug bounty programs, such as the Department of Defense and the Internal Revenue Service, which both launched their programs in 2016. In January 2019 President Donald Trump signed legislation requiring DHS to develop a test bug bounty program within six months.
“Organizations of every size and across every sector, including federal agencies like the Department of Homeland Security, must remain vigilant and take steps to increase their cybersecurity,” DHS Secretary Alejandro Mayorkas said in the statement.
The enthusiastic participation by the security researcher community during the first phase of HACK DHS enabled us to find and remediate critical vulnerabilities before they could be exploited.
DHS CIO ERIC HYSEN
Tomi Engdahl says:
Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud
https://thehackernews.com/2022/04/watch-out-cryptocurrency-miners.html
LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign.
“It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses,” CrowdStrike said in a new report. “It evades detection by targeting Alibaba Cloud’s monitoring service and disabling it.”
Known to strike both Windows and Linux environments, LemonDuck is primarily engineered for abusing the system resources to mine Monero. But it’s also capable of credential theft, lateral movement, and facilitating the deployment of additional payloads for follow-on activities.
Tomi Engdahl says:
Researchers Used a Decommissioned Satellite to Broadcast Hacker TV
What happens when an old satellite is no longer in use but can still broadcast? Hacker shenanigans, that’s what.
https://www.wired.com/story/satellite-hacking-anit-f1r-shadytel/?mbid=social_facebook&utm_source=facebook&utm_medium=social&utm_social-type=owned&utm_brand=wired
Tomi Engdahl says:
S-Pankin ja Ålandsbankenin häiriöt ohi
https://www.is.fi/digitoday/art-2000008767690.html
AAMUYHDEKSÄLTÄ alkanut S-Pankin verkkopankin ja S-mobiilin häiriö on saatu korjattua.. S-Pankin viestintäjohtajan Aleksi Moision mukaan kyseessä oli verkkopankin ja S-mobiilin taustajärjestelmien häiriö, joka esti palveluihin kirjautumisen noin kello 911 välillä.
Tomi Engdahl says:
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion.. see also https://therecord.media/t-mobile-confirms-lapsus-breach-says-no-customer-or-government-info-accessed/
Tomi Engdahl says:
Suomi voitti maailman suurimman kyberpuolustusharjoituksen https://www.tivi.fi/uutiset/tv/21537d48-a2bc-4de5-abe2-8db227b9428c
Puolustusvoimat ja maanpuolustusyhdistys MPK ovat voittaneet Naton kyberosaamiskeskuksen järjestämän Locked Shields 2022
- -kyberpuolustusharjoituksen. Kyseessä on maailman suurin tekninen kyberpuolustusharjoitus, johon osallistui yli 2000 pelaajaa 32 eri maasta.
Tomi Engdahl says:
Virolaislehti: Naton kyberosaamiskeskuksen sivuihin hyökätään synkkä viesti ilmestyi Tallinnaan
https://www.tivi.fi/uutiset/tv/e5a201b7-ec4b-47d5-89ae-87dffa5c0d44
Naton kyberosaamiskeskuksen Ccdcoe:n verkkosivut näyttävät kaatuneen.
Sivustolla on Cloudfaren suojaus palvelunestohyökkäyksiä vastaan, mutta sivut ovat silti olleet kaatuneina useita tunteja perjantaina 22. huhtikuuta.. see also https://digi.geenius.ee/rubriik/uudis/fotod-nato-keskuse-ja-kubervaejuhatuse-hoonekompleksi-seinale-jaeti-vene-hakkeriruhmituselt-sonum/
Tomi Engdahl says:
Researcher Releases PoC for Recent Java Cryptographic Vulnerability https://thehackernews.com/2022/04/researcher-releases-poc-for-recent-java.html
A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online.
Tomi Engdahl says:
Atlassian fixes critical Jira authentication bypass vulnerability https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-jira-authentication-bypass-vulnerability/
Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company’s web application security framework.
Tomi Engdahl says:
FBI Flash – BlackCat/ALPHV Ransomware Indicators of Compromise https://www.ic3.gov/Media/News/2022/220420.pdf
This FLASH is part of a series of FBI reports to disseminate known indicators of compromise (IOCs) and tactics, techniques and procedures
(TTPs) associated with ransomware variants identified through FBI investigations.. As of March 2022, BlackCat/ALPHV ransomware as a service (RaaS) had compromised at least 60 entities worldwide.
Threat Assessment: BlackByte Ransomware
https://unit42.paloaltonetworks.com/blackbyte-ransomware/
BlackByte is ransomware as a service (RaaS) that first emerged in July 2021. Operators have exploited ProxyShell vulnerabilities to gain a foothold in the victim’s environment. BlackByte has similarities to other ransomware variants such as Lockbit 2.0 that avoid systems that use Russian and a number of Eastern European languages, including many written with Cyrillic alphabets.
Tomi Engdahl says:
Conti ransomware attack was aimed at destabilizing government transition, Costa Rican president says https://therecord.media/conti-ransomware-attack-was-aimed-at-destabilizing-government-transition-costa-rican-president-says/
Several systems operated by the government of Costa Rica were hit with a ransomware attack this week, according to the countrys president Carlos Alvarado Quesada.
Tomi Engdahl says:
Rio de Janeiro finance department hit with LockBit ransomware https://therecord.media/rio-de-janeiro-finance-department-hit-with-lockbit-ransomware/
The Secretary of State for Finance of Rio de Janeiro confirmed on Friday that it was dealing with a ransomware attack on its systems..
The LockBit ransomware group claimed to have attacked systems connected to the government offices, stealing about 420 GB. The group threatened to leak the stolen data on Monday.
Tomi Engdahl says:
‘Hack DHS’ bug hunters find 122 security flaws in DHS systems https://www.bleepingcomputer.com/news/security/hack-dhs-bug-hunters-find-122-security-flaws-in-dhs-systems/
The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its ‘Hack DHS’ bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity.. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to
$5,000 per bug, depending on the flaw’s severity.
Tomi Engdahl says:
Binance freezes stolen Axie Infinity crypto after North Korean hackers move funds https://therecord.media/binance-freezes-stolen-axie-infinity-crypto-after-north-korean-hackers-move-funds/
Binance CEO Changpeng Zhao said the cryptocurrency platform has frozen
$5.8 million in funds that were stolen from popular DeFi platform Ronin Network by cybercriminals connected to the North Korean government.
Tomi Engdahl says:
Aftonbladet: Skandaali Verisuressa: työntekijöiden kerrotaan katselleen asiakkaiden alastonkuvia yhtiö selvittää https://www.is.fi/digitoday/art-2000008769860.html
Verisure on kohun keskellä Ruotsissa. Maan tietosuojaviranomainen käynnistää selvityksen hälytysjärjestelmäjätistä.
Ruotsin tietosuojaviranomainen (IMY) kertoo käynnistävänsä selvityksen turvapalveluyhtiö Verisureen liittyen.
IMY selvittää nyt, ovatko yrityksen työntekijät Ruotsissa aiheettomasti jakaneet valvontakameroiden kuvamateriaalia keskenään ja tallentaneet sitä tietokoneille.
– Aloitamme nyt tarkastuksen yritykseen selvittääksemme mitä on tapahtunut, mutta myös selvittääksemme, mitä teknisiä turvatoimia yhtiöllä on valtuutuksien valvonnan ja lokien muodossa ja mitä ohjeita työntekijöille annetaan kuvamateriaalin käsittelystä, IMY:n selvitystä johtava Jenny Bård sanoo IMYn verkkosivuilla eilen perjantaina julkaistussa tiedotteessa.
https://www.imy.se/nyheter/imy-granskar-larmbolaget-verisure/
Tomi Engdahl says:
Iskut vain kiihtyvät Ihmiset eivät tajua, miten paljon Venäjää hakkeroidaan nyt https://www.is.fi/digitoday/tietoturva/art-2000008761549.html
Venäjältä on varastettu sodan aikana tietomurroissa teratavukaupalla tietoa, jota jaellaan verkossa.
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Oracle patches a critical bug in Java 15 and above, which lets attackers forge TLS certificates and signatures, two-factor authentication messages, and more — A failure to sanity check signatures for division-by-zero flaws makes forgeries easy. — Organizations using newer versions …
Major cryptography blunder in Java enables “psychic paper” forgeries
https://arstechnica.com/information-technology/2022/04/major-crypto-blunder-in-java-enables-psychic-paper-forgeries/
A failure to sanity check signatures for division-by-zero flaws makes forgeries easy.
Tomi Engdahl says:
T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
https://thehackernews.com/2022/04/t-mobile-admits-lapsus-hackers-gained.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisco-umbrella-default-ssh-key-allows-theft-of-admin-credentials/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/us-govt-grants-academics-12m-to-develop-cyberattack-defense-tools/
Tomi Engdahl says:
Hackers hammer SpringShell vulnerability in attempt to install cryptominers
Thousands of hack attempts made in the days following discovery of the vulnerability.
https://arstechnica.com/information-technology/2022/04/hackers-hammer-springshell-vulnerability-in-attempt-to-install-cryptominers/
Tomi Engdahl says:
https://www.techrepublic.com/article/us-critical-infrastructure-targeted-malware/
Tomi Engdahl says:
https://arstechnica.com/information-technology/2022/04/major-crypto-blunder-in-java-enables-psychic-paper-forgeries/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-stealthy-botenago-malware-variant-targets-dvr-devices/
Tomi Engdahl says:
https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html
Tomi Engdahl says:
Google will kill call recording apps on Android for good starting May 11
A Google Play policy change will effectively render third-party call recording apps useless starting May 11.
https://www.androidauthority.com/google-killing-call-recording-apps-3155610/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/
Tomi Engdahl says:
MTV: Lähes 16 000 asiakkaan henkilötiedot vuotivat ainakin kahdessa helsinkiläishotellissa https://www.is.fi/digitoday/art-2000008773951.html
Tomi Engdahl says:
Ukraine Invasion Driving DDoS Attacks to All-Time Highs >
Ukraine Invasion Driving DDoS Attacks to All-Time Highs
https://www.darkreading.com/attacks-breaches/ukraine-invasion-driving-ddos-attacks-to-all-time-highs
Unprecedented numbers of DDoS attacks since February are the result of hacktivists’ cyberwar against Russian state interests, researchers say.
The first quarter of 2022 saw a 46% increase in distributed denial-of-service (DDoS) attacks over Q4 2021, which a new report attributes to a community of “hacktivists” intent on disrupting Russian state interests in retaliation for the Ukraine invasion.
The report, by security vendor Kaspersky, notes that the volume of DDoS attacks was already historically high, but the first months of 2022 saw more targeted and innovative activity than previously seen. The DDoS attacks also persisted for much longer than previously recorded, with the average DDoS session lasting 80 times longer than during the last months of 2021.
The report points to one instance from the past quarter where attackers set up a site similar to a popular puzzle game called “2048″ to make launching attacks on Russian sites more like a game to recruit others to launch additional attacks.
“Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists.”
Tomi Engdahl says:
Ukraine’s postal service hit by cyberattack after sales of warship stamp go online https://www.reuters.com/world/europe/ukraines-postal-service-hit-by-cyberattack-after-sales-warship-stamp-go-online-2022-04-22/
Ukraine’s national postal service Ukrposhta said it had been hit by a cyberattack on Friday after sales of a postage stamp depicting a Ukrainian soldier making a crude gesture to a Russian warship went online.
Tomi Engdahl says:
Näin Venäjän hyökkäys Kiovaan katkesi: Myyräntyö Valko-Venäjällä pysäytti panssarit https://www.is.fi/digitoday/art-2000008771865.html
Venäjän Hyökkäys Kiovaan maaliskuussa epäonnistui huollon sakattua.
Siihen vaikutti laajamittainen rautatiesabotaasi Valko-Venäjällä..
Itseään Kyberpartisaaneiksi kutsuvan hakkeriyhteenliittymän hakkerointi lamautti liikenteenohjausjärjestelmän. Tietomurrot oli helppo toteuttaa, koska Valko-Venäjä käyttää yhä vanhentunutta ja haavoittuvaa Windows XP -käyttöjärjestelmää.
Tomi Engdahl says:
North Korean hackers targeting journalists with novel malware https://www.bleepingcomputer.com/news/security/north-korean-hackers-targeting-journalists-with-novel-malware/
North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain.
Tomi Engdahl says:
Quantum Ransomware
https://thedfirreport.com/2022/04/25/quantum-ransomware/
In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. Once the initial IcedID payload was executed, approximately 2 hours after initial infection, the threat actors appeared to begin hands-on-keyboard activity. Cobalt Strike and RDP were used to move across the network before using WMI and PsExec to deploy the Quantum ransomware. This case exemplified an extremely short Time-to-Ransom (TTR) of 3 hours and 44 minutes.
Tomi Engdahl says:
Everscale blockchain wallet shutters web version after vulnerability found https://therecord.media/everscale-blockchain-wallet-shutters-web-version-after-vulnerability-found/
The company behind Ever Surf, a wallet for the Everscale blockchain ecosystem, is shuttering its web version after a vulnerability was found by Check Point researchers. The Ever Surf team confirmed that the vulnerability allowed attackers to gain access to wallets.
Tomi Engdahl says:
Webcam hacking: How to know if someone may be spying on you through your webcam https://www.welivesecurity.com/2022/04/25/webcam-hacking-how-know-someone-spying/
Camfecting doesnt just invade your privacy it could seriously impact your mental health and wellbeing. Heres how to keep an eye on your laptop camera.
New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices https://thehackernews.com/2022/04/new-botenago-malware-variant-targeting.html
A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware.
Tomi Engdahl says:
‘Hack DHS’ Participants Awarded $125,000 for Over 100 Vulnerabilities
https://www.securityweek.com/hack-dhs-participants-awarded-125000-over-100-vulnerabilities
The Department of Homeland Security (DHS) has announced the results of the first phase of its “Hack DHS” bug bounty program.
The Hack DHS program was announced in December 2021 and it was launched several years after lawmakers passed a bill to create such a program. In the first phase of Hack DHS, vetted cybersecurity researchers were invited to find vulnerabilities in specific DHS systems.
According to the DHS, more than 450 white hat hackers took part in this phase of the project and they have identified 122 vulnerabilities, including 27 that have been assigned a “critical” severity rating.
The bug bounty hunters who discovered eligible vulnerabilities were awarded a total of $125,600.
In the next phase of Hack DHS, participants will take part in a live, in-person hacking event. In the third and final phase, the DHS will identify lessons learned.
In addition to helping the DHS identify security flaws in its systems, the goal of this program is to help the US government develop a bug bounty program model that can be used by other agencies to increase their resilience to cyber threats.
Tomi Engdahl says:
Atlassian Patches Critical Authentication Bypass Vulnerability in Jira
https://www.securityweek.com/atlassian-patches-critical-authentication-bypass-vulnerability-jira
Atlassian last week announced that its popular issue and project tracking software Jira is affected by a critical vulnerability, and advised customers to take action.
The security flaw, identified as CVE-2022-0540, is an authentication bypass issue that affects Seraph, the web authentication framework of Jira and Jira Service Management. A remote, unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization by sending a specially crafted HTTP request.
Many versions of Jira are affected, but the vendor noted that Jira Cloud and Jira Service Management Cloud are not impacted. Fixes are included in versions 8.13.18, 8.20.6 and 8.22.0 or newer.
Tomi Engdahl says:
Cyberattack Causes Chaos in Costa Rica Government Systems
https://www.securityweek.com/cyberattack-causes-chaos-costa-rica-government-systems
Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information.
The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin.
The Finance Ministry was the first to report problems Monday. A number of its systems have been affected from tax collection to importation and exportation processes through the customs agency. Attacks on the social security agency’s human resources system and on the Labor Ministry, as well as others followed.
The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.
Conti had not published a specific ransom amount, but Costa Rica President Carlos Alvarado said, “The Costa Rican state will not pay anything to these cybercriminals.” A figure of $10 million circulated on social media platforms, but did not appear on Conti’s site.
Tomi Engdahl says:
State TV Says Iran Foiled Cyberattacks on Public Services
https://www.securityweek.com/state-tv-says-iran-foiled-cyberattacks-public-services
Iran’s state television said authorities have foiled massive cyberattacks that sought to target public services, both government and privately owned.
The report late on Sunday said Iran thwarted the attacks that planned to target the infrastructure of more than 100 public sector agencies. It did not elaborate or name specific examples of public sector agencies, organizations or services but said the incidents happened in recent days.
The report said that unidentified parties behind the cyberattacks used Internet Protocols in the Netherlands, Britain and the United States to stage the attacks.
Iran occasionally announces cyberattacks targeting the Islamic Republic as world powers struggle to revive a tattered nuclear deal with Tehran.
Tomi Engdahl says:
North Dakota-Based Healthcare Billing Services Group Hacked
https://www.securityweek.com/north-dakota-based-healthcare-billing-services-group-hacked
Federal investigators say a cyber attack on a North Dakota-based company that provides software and billing services for doctors and healthcare professionals affected more than a half-million customers.
Adaptive Health Integrations of Williston was the target of a hacking incident that happened in mid-October, according to the U.S. Department of Health and Human Services. The data breach was reported to the government earlier this month.
Tomi Engdahl says:
Audio Codec Made by Apple Introduced Serious Vulnerabilities in Millions of Android Phones
https://www.securityweek.com/audio-codec-made-apple-introduced-serious-vulnerabilities-millions-android-phones
An open source audio codec developed by Apple is affected by serious vulnerabilities that have been pushed to millions of Android devices by some of the world’s largest mobile chipset manufacturers.
The Apple Lossless Audio Codec (ALAC) was introduced by Apple in 2004 and, in 2011, the tech giant decided to make ALAC open source. The open source ALAC code has been picked up by many other vendors for non-Apple devices.
Apple has continued to improve the proprietary version of the codec, but the open source code has never been updated in the past 11 years and it seems that the third-party vendors using that code have not made efforts to ensure it’s secure.
Researchers at cybersecurity firm Check Point discovered that the open source ALAC code is affected by serious vulnerabilities, and at least two major mobile chipset makers — Qualcomm and MediaTek — have used it for their audio decoders.
Qualcomm and MediaTek have significant market shares and Check Point believes that millions of smartphones worldwide were made vulnerable to attacks due to the use of the ALAC codec.
The security firm estimates that the flaws found by its researchers — the vulnerabilities have been dubbed ALHACK — put roughly two-thirds of Android users’ privacy at risk.
The vulnerabilities can be triggered using specially crafted audio files and they can lead to remote code execution.
“The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera,” Check Point explained in a blog post published on Thursday. “In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations.”
The MediaTek vulnerabilities, patched in December 2021, are identified as CVE-2021-0675 and CVE-2021-0674 and they have been assigned “high” and “medium” severity ratings. Qualcomm also released patches in December 2021. The Qualcomm flaw is tracked as CVE-2021-30351 and it has been assigned a “critical” severity rating.
Largest Mobile Chipset Manufacturers used Vulnerable Audio Decoder, 2/3 of Android users’ Privacy around the World were at Risk
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
Tomi Engdahl says:
Several Critical Vulnerabilities Affect SmartPTT, SmartICS Industrial Products
https://www.securityweek.com/several-critical-vulnerabilities-affect-smartppt-smartics-industrial-products
A security researcher has discovered several vulnerabilities, including ones rated critical- and high-severity, in industrial products made by Elcomplus, a Russian company specializing in professional radio communications and industrial automation.
Researcher Michael Heinzl discovered a total of nine vulnerabilities in Elcomplus’ SmartPTT SCADA product, which combines the capabilities of SCADA/IIoT systems with dispatch software for professional radio systems.
In addition, it appears that products made by SmartICS, an Elcomplus unit that specializes in SCADA and industrial IoT visualization platforms, are also affected by some of the vulnerabilities, as they share code.
The affected products are used by more than 2,000 organizations across 90 countries, including in the United States, which is why the US Cybersecurity and Infrastructure Security Agency (CISA) this week published two advisories to inform organizations about these vulnerabilities. Heinzl has also made public individual advisories for each flaw.
Tomi Engdahl says:
Strike Security Scores Funding for ‘Perpetual Pentesting’ for SMBs
https://www.securityweek.com/strike-security-scores-funding-perpetual-pentesting-smbs
South American startup Strike Security has secured $5.4 million to fund an ambitious plan to disrupt the penetration testing and attack surface management business.
Strike Security, founded by Uruguayan security researcher Santiago Rosenblatt, said the seed stage financing was led by Greyhound Capital, with participation from venture capital outfits FJ Labs, Canary, NXTP, VentureFriends, Magma Partners, Latitud and Orok Ventures.
A roster of boldfaced names in cybersecurity, including former IOActive CTO Cesar Cerrudo and Palo Alto CSO Sergej Epp, have backed the startup, Rosenblatt said in an interview with SecurityWeek.
Rosenblatt said the plan is to build a plug-and-play platform for small businesses to purchase access to some of the best white-hat hackers in the world for what Strike Security calls “perpetual pentesting.”
The company is bucking the trend by publishing its price list to appeal to startups and smaller companies that struggle to keep pace with patching and mitigating serious vulnerabilities across computing devices.
https://strike.sh/pricing
Tomi Engdahl says:
Osato Avan-Nomayo / The Block:
A hacker stole millions of dollars’ worth of NFTs via a phishing attack compromising Bored Ape Yacht Club’s Instagram and promoting a malicious “mint” link — Quick Take — Bored Ape Yacht Club’s official Instagram account was hacked. — A hacker stole 91 NFTs from users …
Bored Ape Instagram account hacked: NFTs worth $2.8 million stolen
https://www.theblockcrypto.com/post/143328/bored-ape-instagram-account-hacked-nfts-worth-2-8-million-stolen
Quick Take
Bored Ape Yacht Club’s official Instagram account was hacked.
A hacker stole 91 NFTs from users who connected their wallet to receive the fake airdrop.
A hacker has stolen 91 NFTs worth at least $2.8 million through a phishing attack targeting Bored Ape Yacht Club owners today. It was carried out through the official Bored Ape Instagram account.
“There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything,” tweeted Bored Ape Yacht Club.
When the Instagram account was accessed, it was used to post a fake update claiming there was a LAND airdrop and users had to connect their wallets to claim the airdrop. This was taking advantage of the Bored Ape roadmap, which includes a metaverse game that will contain virtual land. When users connected to their wallets — and likely approved a transaction — the website stole their NFTs.
Tomi Engdahl says:
Viime viikolla löydettiin paha sisäänkirjautumista koskeva tietoturva-aukko – tätä se tarkoittaa https://www.is.fi/digitoday/tietoturva/art-2000008768450.html