Skip to main content

Posts

Showing posts from February, 2020

Google Suggesting Android Developers to Encrypt App Data On Device!!

Google has published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for the same, Google also advised using an easy-to-implement  security library  available as part of its Jetpack software suite. The open-sourced  Jetpack Security  (aka JetSec) library lets Android app developers easily read and write encrypted files by following  best security practices , including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens. To give a bit of context, Android offers developers  two different ways  to save app data. The first one is app-specific storage, also known as internal storage, where the files are stored in a sandboxed folder meant for a specific app's use and inaccessible t...

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat

If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) ' file read and inclusion bug '—which can be exploited in the default configuration. But it's more concerning because several proof-of-concept exploits ( 1 ,  2 ,  3 ,  4  and  more ) for this vulnerability have also been surfaced on the Internet, making it easy for anyone to hack into publicly accessible vulnerable web servers. Dubbed ' Ghostcat ' and tracked as  CVE-2020-1938 , the flaw could let unauthenticated, remote attackers read the content of any file on a vulnerable web server and obtain sensitive configuration files or source code, or execute arbitrary code if the server allows fil...

Most commonly used open-source Software & Security Problems released by Linux Foundation

Linux Foundation and Harvard’s Lab identifies the most commonly used free and open-source software and the potential vulnerabilities associated. The Census II report determines the “important steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive, but not always understood.” The report also identifies the commonly used application in production environments and examine them for potential vulnerabilities. “The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open-source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation. Starting from  Heartbleed  security bug, the importance of FOSS is understood than ever before and they are a critical part of a production environment, throughout the supply chain. Most-Used Packages ...

600 Android Apps from Play Store for Serving Disruptive Ads Banned By Google!!!

Google has banned nearly  600 Android apps  from the Play Store for bombarding users with disruptive ads and violating its advertising guidelines. The company categorizes disruptive ads as "ads that are displayed to users in unexpected ways, including impairing or interfering with the usability of device functions," such as a full-screen ad served when attempting to make a phone call. Although Google didn't name the specific apps in question, many of the apps — which had been installed more than 4.5 billion times — primarily targeted English-speaking users and were mainly from developers based in China, Hong Kong, Singapore, and India, according to  Buzzfeed  News. Highlighting that malicious developers are getting "more savvy in deploying and masking disruptive ads," the company said it has developed new counter mechanisms to detect such behavior. Trouble in Google Play Store This is not the first time adware apps have been removed from the Google Play ...

Fox Kitten – Iranian Malware Campaign Exploiting Vulnerable VPN Servers To Hack The Organizations Internal Networks

Researchers discovered a widespread Iranian malware campaign called Fox Kitten that targeting the several organization networks by exploiting the Vulnerabilities in VPN. The organization its targets are mainly related to IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world. Once the attacker successfully exploited the network, they are gaining the persistence access to the internal system and foothold in the networks of numerous companies. Fox Kitten campaign believed to be originated from Iran, and infamous Iranian offensive group APT34-OilRig are behind this attack also researchers suspected that this campaign has some connection with PT33-Elfin and APT39-Chafer groups. Large infrastructure is used for this campaign to perform a various malicious operation on behalf of the attack including: Develop and maintain access routes to the targeted organizations Steal valuable information from the targeted organizations Maintain ...

Hackers Spreading AZORult Malware As a Fake ProtonVPN Installer To Attack the Windows Computers

Researchers discovered a new wave of Azorult malware campaign that abusing the protonVPN and dropper the malware payload as a fake ProtonVPN installer to infect the Windows System. GBHackers reported  several incidents  involved by the Azorult malware campaign and is one of the well-known malware that often sold in Russian forums for the higher price ($100) since this malware contains a broad range of persistent functionality. In this current attack scenario, Threat actors created a fake ProtonVPN website which is an exact HTTrack copy of the original ProtonVPN website through which they spreading the malware as an installer package to compromised the Windows users. Fake ProtonVPN website The campaign initially started in November 2019 and the attacker register the domain under the name of ProtonVPN{.}store and is Registrar used for this campaign is from Russia. Infection Vectors Attackers handling several infection vectors to spread this malware and infect the v...

Over A Billion Microsoft Windows Users would be affected if not by patched by these IE 0-Days & Other Vulnerabilities!!!

Patch Tuesday Microsoft released a security update for February under Patch Tuesday with the fixes for 99 vulnerabilities that affected various Microsoft products, including Actively exploited Internet Explorer zero-day vulnerability. Microsoft recently achieved a big milestone of 1 billion Windows 10 users, and Microsoft issued current security updates for all the Windows 10 users. Microsoft listed 12 vulnerabilities under “Critical” severity, 87 are listed as Important in severity out of 99 vulnerabilities. The February security release consists of security updates for the following software: Microsoft Windows Microsoft Edge (EdgeHTML-based) Microsoft Edge (Chromium-based) ChakraCore Internet Explorer Microsoft Exchange Server Microsoft SQL Server Microsoft Office and Microsoft Office Services and Web Apps Windows Malicious Software Removal Tool Windows Surface Hub This updates fixed one of the notable actively exploited  internet explorer zero-day vuln...