Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild
Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days.
“There are indications that CVE-2021–1905, CVE-2021–1906, CVE-2021–28663 and CVE-2021–28664 may be under limited, targeted exploitation,” the search giant said in an updated alert.
CVE-2021–28663 — A vulnerability in Arm Mali GPU kernel that could permit a non-privileged user to make improper operations on GPU memory, leading to a use-after-free scenario that could be exploited to gain root privilege or disclose information.
CVE-2021–28664 — An unprivileged user can achieve read/write access to read-only memory, enabling privilege escalation or a denial-of-service condition due to memory corruption.
The development marks one of the rare instances where zero-day bugs in Android have been spotted in real-world cyber offensives.
Earlier this March, Google revealed that a vulnerability affecting Android devices that use Qualcomm chipsets was being weaponized by adversaries to launch targeted attacks.
Source — https://thehackernews.com/2021/05/android-issues-patches-for-4-new-zero.html
The famous Russian-language hacker forum has banned the mention of ransomware
XSS is a well-known forum where users discuss all kinds of vulnerabilities, exploits, malware, and ways to penetrate other people’s networks. Ransomware was also actively discussed there, moreover, among the forum participants there are representatives of Ransomware groups who actively recruited new partners to work on the “Ransomware-as-a-Service” model.
The goals are not the same, the forum administrator wrote.
He noted that there is a degradation: newcomers see “crazy virtual millions” that are paid from time to time as a ransom for unlocking data, and think that they will be able to get them. Therefore, beginners “do not want anything, do not learn anything, do not code anything, even just do not think, their whole life is reduced to “encrypt — get $”.
This word has become dangerous and toxic,” the forum administrator said.
So he decided to ban everything related to Ransomware. Even old forum threads related to this topic will be deleted.
According to Alexey Vodiasov, technical director of SEC Consult Services said that Ransomware is really a way to make quick money with very little effort.
Source — https://www.ehackingnews.com/2021/05/the-famous-russian-language-hacker.html
Apple Exec Calls Level of Mac Malware ‘Unacceptable’
Apple is using the growing threat of malware on its Mac platform as a defense in a lawsuit that could force the company to open up new channels of applications for its mobile iOS platform.
In testimony in a California court Wednesday, Apple head of software engineering, Craig Federighi called the level of malware threat against the Mac platform one that the company finds “unacceptable” and continue to defend against with restrictive application-distribution platforms, according to a published report on CNET.
Proceedings in the case began earlier this month in the United States District Court, Northern District of California, and top Apple executives were testifying to defend their side this week.
Throwing the security of its own platform under the bus is an about-face for Apple, which for years boasted about the security of Mac over rival Windows platform. For years, it was certainly true that PCs suffered the bulk of the malware woes while the Mac platform remained a more secure option, largely due to its proprietary nature.
Source — https://threatpost.com/apple-mac-malware-unacceptable/166340/
A dozen Android apps exposed data of 100M+ users
Security researchers from Check Point have discovered 23 Android applications that exposed the personal data of more than 100 million users due to misconfigurations of third-party cloud services.
The experts pointed out that the misconfiguration also expose developer’s internal resources, such as access to update mechanisms and storage, at risk.
Check Point experts were able to access the backend databases of 13 apps that were found to contain sensitive information such as email addresses, passwords, personal images, private chats, location coordinates, user identifiers, social media credentials, screen recordings.
In some cases, the apps analyzed by Check Point exposed access keys that would have allowed attackers to send push notifications to all the users of the applications.
One of the apps analyzed by the experts, named Screen Recorder, which is available on Google Play with over 10 million downloads was storing the device’s screen on a cloud service. The researchers discovered that was possible to access the cloud storage keys that allowed them to access to users’ screenshots from the device.
Source — https://securityaffairs.co/wordpress/118112/mobile-2/android-apps-exposed-data.html
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT