technology-cybersecurity2.625 min read
"Apple's Global Alert: Mercenary Spyware Threat to iPhone Users"
1 year ago•Source: The Hacker News
Technology Cybersecurity News
The latest technology cybersecurity stories, summarized by AI
Featured Technology Cybersecurity Stories
View original source
1.535 min•1 year ago
Ivanti Resolves Critical RCE Vulnerability Reported by NATO
Ivanti has released an urgent fix for a critical remote code execution vulnerability (CVE-2023-41724) affecting Standalone Sentry, with a CVSS score of 9.6, urging customers to apply the patches immediately. The flaw impacts multiple versions and could allow unauthenticated threat actors to execute arbitrary commands on the underlying operating system. Ivanti has credited researchers for their collaboration on the issue and emphasized the importance of applying the fix. Additionally, a mutation cross-site scripting (mXSS) flaw impacting the open-source email client Mailspring has been revealed, which could be exploited to achieve code execution when a user interacts with a malicious email.
More Top Stories
2
"Smart Toothbrushes Used in Massive DDoS Attack"
ZDNet•1 year ago
3
"Opera MyFlaw Vulnerability Allows Remote Code Execution on Mac and Windows Systems"
The Hacker News•2 years ago
More Technology Cybersecurity Stories
"Securing Google Accounts: Expert Tips to Thwart Password-Less Hack Attacks"
Originally Published 2 years ago — by BleepingComputer
Google has acknowledged that malware is abusing an undocumented Chrome API to generate new authentication cookies, but considers it a standard token theft issue rather than an API flaw. The malware, including operations named Lumma, Rhadamanthys, Stealc, Medusa, RisePro, and Whitesnake, uses the API to refresh expired Google authentication tokens, allowing prolonged unauthorized access to user accounts. Google advises affected users to log out of Chrome or kill active sessions to invalidate the refresh token and change their Google password. Despite the potential for ongoing abuse, Google has not indicated plans to restrict API access, and users often remain unaware of infections until their accounts are misused. Cybersecurity firm CloudSEK and BleepingComputer have highlighted the issue, but Google's response has been to recommend general security practices without addressing the specific API abuse.
"LastPass Enforces 12-Character Minimum After Security Breach Impacts Millions"
Originally Published 2 years ago — by 9to5Mac
LastPass is enforcing a new security measure that requires users to set a stronger master password of at least 12 characters, including a special character, a number, and an uppercase letter. This move comes as a response to evolving cyber threats and follows a significant data breach in 2022 where hackers accessed sensitive user data. The company has already been applying this standard to new users or those resetting their passwords since last year, but now it's extending the requirement to all users to enhance the encryption keys for their vault data.
"Terrapin Vulnerability Threatens SSH Security Across 11 Million Servers"
Originally Published 2 years ago — by Ars Technica
A significant vulnerability in the Terrapin SSH protocol, identified as CVE-2023-48795, affects around 11 million Internet-exposed servers, allowing attackers to compromise SSH sessions. Despite the availability of patches, many servers remain unpatched, with the majority of vulnerable instances located in the US. The vulnerability requires an adversary-in-the-middle position, limiting its potential for mass exploitation but still posing a risk for targeted attacks. A wide range of SSH implementations are affected, and patches are available for most. Security experts recommend applying these patches promptly to mitigate the risk.
"Terrapin Attack Exposes Widespread SSH Security Vulnerabilities"
Originally Published 2 years ago — by BleepingComputer
Nearly 11 million SSH servers are vulnerable to a new type of cyberattack called the Terrapin attack, which compromises the integrity of SSH connections by manipulating sequence numbers during the handshake process. The attack, discovered by researchers from Ruhr University Bochum, particularly affects servers using certain encryption modes and can downgrade public key algorithms and disable defenses against keystroke timing attacks. Shadowserver's report indicates that a significant number of servers globally are exposed to this risk, with the highest numbers in the United States, China, and Germany. A vulnerability scanner is available for those who wish to check their systems for susceptibility to the Terrapin attack.
"Google Play Alert: Delete These Malicious Apps to Avoid Security Risks"
Originally Published 2 years ago — by NDTV
Tech experts are urging smartphone users to delete 17 identified "SpyLoan" apps that are infected with malware capable of stealing personal information. These apps, which have been downloaded over 12 million times from Google Play before being removed, masquerade as legitimate loan services and are also found on Apple's App Store, scam websites, and third-party app stores. Users are advised to remove these apps immediately, change their passwords, and watch for signs of malware infection.
"Persistent Malware Exploits Google OAuth to Hijack Accounts Despite Password Resets"
Originally Published 2 years ago — by The Hacker News
Cybercriminals are exploiting an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions, allowing them to maintain access to Google services even after victims reset their passwords. The exploit has been adopted by various malware-as-a-service families, enabling them to persistently steal information. Google has acknowledged the issue and stated that users can invalidate stolen sessions by logging out of the affected browser or remotely via the user's devices page. Enhanced Safe Browsing and regular monitoring of account activity are recommended to users for additional security. The situation underscores the need for advanced security measures to combat sophisticated cyber threats.
"Google Removes 13 Android Apps Infected by New 'Xamalicious' Malware; Users Urged to Delete Immediately"
Originally Published 2 years ago — by Fox News
A new Android Trojan named Xamalicious has been discovered masquerading as legitimate apps on the Google Play Store, affecting hundreds of thousands of users. The malware exploits accessibility features to take control of devices and steal personal information. Google has since removed the infected apps, but they may still be available on third-party markets. Users are advised to stick to official app stores, avoid sideloading, use antivirus software, and take immediate action if their data is compromised, including changing passwords, monitoring accounts, using identity theft protection services, contacting banks, alerting contacts, and potentially restoring devices to factory settings.
"Malware Exploits Google OAuth to Hijack Accounts and Steal Information"
Originally Published 2 years ago — by 9to5Google
A new malware exploits a vulnerability in Google Chrome to steal session tokens and create persistent cookies, allowing attackers to access Google Accounts even after password changes. Google has responded by securing compromised accounts and clarifying that users can invalidate stolen sessions by signing out. The company recommends users to remove any malware, turn on Enhanced Safe Browsing, and avoid installing unfamiliar software. Despite Google's countermeasures, multiple malware groups claim to have adapted to these defenses.
"New Malware Exploits Google OAuth to Hijack Accounts and Steal Cookies"
Originally Published 2 years ago — by The Register
Cybersecurity researchers have discovered that several strains of info-stealing malware can maintain access to compromised Google accounts even after victims change their passwords, due to a zero-day exploit involving Google's OAuth endpoint "MultiLogin." The malware, which targets primarily Windows users, steals session tokens from web browsers, allowing attackers to bypass password changes and continually access victims' emails and cloud storage. The exploit has been adopted by at least six malware families, including Lumma and Rhadamanthys, with Eternity Stealer planning to release an update soon. To prevent exploitation, users must log out completely to invalidate their session tokens. Google has yet to respond to inquiries about their plans to address this security issue.
"Unseen Risks: Hackers Secretly Sending SMS from Your Phone"
Originally Published 2 years ago — by Yahoo! Voices
SMS spoofing allows hackers to send text messages impersonating someone else without needing physical access to their phone. This technique can be used for phishing scams, fraud, and damaging reputations. To protect against such threats, individuals should use antivirus software, keep their phone's software updated, change passwords, enable two-factor authentication, and be cautious with Wi-Fi and Bluetooth connections. If victimized, it's crucial to take immediate action such as changing passwords, monitoring bank statements, using identity theft protection services, and alerting contacts.