Researchers have recently discovered that Android apps cloud misconfigurations, putting 100 million users at risk of data being disclosed. According to the cybersecurity firm Check Point Research post from yesterday, the research team discovered from last few months, many application developers are putting users at risk by not adhering to the practice when configuring 3rd party cloud services into the applications, hence, many users’ data are exposed.
It is reported that no less than 23 popular mobile apps contained misconfigurations of third-party cloud services. A great shift to cloud services was due to the global pandemic, many services are remotely working from home, though the cloud services provide good data management and storage, but the developers neglect and left the apps vulnerable that leak millions of users’ data.
Image credit: Check Point Research
According to the cybersecurity firm, those apps listed by them like Logo Maker, Astro Guru, and T’Leva, leaked users’ data publicly such as email, chat messages, location information, user IDs, passwords, and images. For example, like what they have shared in a taxi service app, the cybersecurity team sent a request to the app’s database, and all the driver’s and user’s messages, names, phone numbers, and locations are pulled up.
The cybersecurity firm said that those leaked data may lead to data theft, this may result from the threat actors gaining access into other services like using the same username or password. The firm already informed the app developers of the misconfigurations before disclosure and some of them tighten up the services.
The Insurance group Axa was reported one of its Asian business operations has been affected by ransomware, countries include Thailand, Malaysia, Hong Kong, and the Philippines, according to Financial Times.
The attacks happened on Sunday, impacting many Asian operations, almost three terabytes worth of data was stolen by a group of hackers named Abaddon. According to their dark web post, they revealed all data that was stolen include customers’ personally identifiable information, medical records and claims, data from hospitals and doctors and so much more, all these stolen data are shared as proof of a compromised company.
“A dedicated task force with external forensic experts is investigating the incident,” the company added, saying regulators and business partners have been informed, “sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted”, they added.
But that does not stop users from flocking to other alternatives, mobile apps analytics firm Sensor Tower has reported that both Signal and Telegram saw a massive spike since January, users are concerned over the parent company Facebook to gain access to users data. Many users are unsatisfied with the sudden update that appeared to them, WhatsApp later revised the deadline to May 15th.
Malware is running rampant, and it can appear in any programmable device, server, and network web. Now, an app named Ads Blocker helps users remove any pesky ads that will appear and cover the entire screen during browsing or streaming, but recently this app was discovered that it distributes malware that serves even more ads.
Nathan Collier, a researcher at internet security company Malwarebytes who discovered that Ads Blocker in November 2019, is actually distributing malware rather than blocking ads. The creator of this app uses it to make valuer by distributing more ads that are unrelated to the user’s interest, even double up the value by harvesting fake clicks on the ads.
The researcher said that this type of adware like Ads Blocker is one of the common types of malware on any Mobile Android, it also has the potential to steal personal information from the user, it’s frustrating if the ads keep popping up unknowingly while browsing, at the same time, it also frustrating if the root cause of this problem is unknown.
Here’s how you can identify malware that is infecting your phone:
Usually, the creators of this adware are targeting users’ banking credentials, information from the device, phone number or email, and contact lists. The researcher emphasizes that to prevent such adware to appear on your phone:
One of the most used messaging applications is about to release a new update that has an offline mode, which means no internet is required to access, this new update will be coming soon. Although WhatsApp can be used on both smartphones and desktops, it always requires the smartphone to have an internet connection before the desktop version function properly when it comes to desktops.
However, this will not be the case anymore, WhatsApp is now bringing a feature that will allow users to access the messaging platform without turning on the smartphone internet. What’s more, WhatsApp will also cancel the QR code scanning whenever users access the desktop version, which is WhatsApp Web.
For now, this feature is under test mode, but some users already took the opportunity to participate in this testing process. Another news to bring out which is a multi-device feature, this new feature works on devices up to 4 at a time by using the same account, whether it’s your smartphone, tablets or desktop, on top of that, all these 4 devices don’t require to have internet connection from the main device. Soon we will expect these features to be available.
Target sighted, a new group of hackers named Lemon Duck is discovered by the researchers, and they are actively exploiting the zero-day vulnerabilities on the Microsoft Exchange Server, which brings thousands of organizations into a vulnerable state.
Researchers previously discovered there are four flaws that were exploited by ProxyLogon, the exploit caused on-prem Microsoft Exchange Server 2013, 2016, and 2010. The flaws were eventually patched during March.
In the same month, Lemon Duck made a move to embed botnet into the vulnerable server and used the mining system of cryptocurrency. Now, researchers from Cisco Talos have given us a clear glance into the cyberattackers’ current scheme.
The researchers are targeting the high-severity vulnerabilities in Microsoft Exchange Server and were shown that the exploit sudden spike in April, starting from the US, then Europe, and South East Asia, also there’s a substantial spike in India too.
The hackers used automated tools to scan, detect and exploit server before loading payloads, like Cobalt Strike DNS beacons and web shell, there were used in mining software and additional malware. The researchers note that the Cobalt Strike tool helps the hackers to operate within the organizations’ environment, they also target Microsoft Exchange Server vulnerabilities and compromise the system with the botnet.
Just recently, Sygic, one of the auto navigation apps alternative other than Google Maps, releases a new update into its app. Now, the rival of all, Google Maps, also releases new updates and offering more advanced features to suit users to conveniently navigate the app.
Google Maps, one of the most used apps, will come up with new updates, Google is working with several updates that are exclusively for Android or Android Auto users. While Google doesn’t specify the date of release, but it’s expected to be sooner or later since Google is making wonderful progress on their part.
So far 3 updates are going to be available soon in the market:
A similar function to Android Auto, Google Maps is bringing new driving experience for users, new driving mode powered by Google Assistance will be added to the list. This mode is available in United States, Germany, and other countries as a preview exclusive to Android users. Since it’s similar to Android Auto, Google is going to change the navigation app into a driving hub, that comes with music apps, calls, and messages. Google didn’t announce any specific date for this mode, but it will offer a preview to users.
Google is planning to embed this new mode to help users save their fuel by implementing a mode that navigates the shortest distance to a specific destination by looking at the traffic light data, maximum speed, etc. This mode will focus on fuel-efficient routes. This mode will be enabled by default, but Google will allow users to revert to the original configuration manually if they wanted to. Both iPhone and Android will be available.
Google is improving the experience for Android and iPhone users by polishing Google Maps on Android Auto and Carplay with a dedicated day and night mode toggle. Similar to Google Maps, it helps users to automatically detect the brightness, from there it will switch to dark or light mode depending on the brightness of the route, Google is also planning to manually switch it to day or night mode.
Google has embedded a new feature on its Chrome 90 which has a new Windows 10 security, named Hardware-enforced Stack Protection, this feature helps to protect the memory stack from hackers. This design helps to protect against return-oriented programming (ROP) malware, it uses CPU hardware to protect the application code while operating inside the CPU memory.
For many years, Intel and Microsoft are working together on the Control-flow Enforcement Technology (CET) to combat the ROP attacks, which bypass the memory-exploit mitigations to install malware, hackers can use ROP to embed malicious code to bypass the operating system like non-executable memory and code signing.
CET introduces ‘shadow stacks' that are exclusively for control transfer operations, but Google afraid that shadow stack might cause problems for some of the software that will happen into Chrome. Google provides the information for developers who requires a debug solution in Chrome’s shadow stack, as Google describes ROP attacks as where hackers take advantage of the process code.
In Microsoft's recent blog post, the company announced that its Windows 10 no longer supports Adobe Flash will be permanently removed from its operating system this summer, the coming new update version 21H1 will also remove the software this month.
Adobe Flash software removal was dated early this year, where this computer software that supports content, viewing applications, and streaming audios and videos was announced to permanently stop the software, this software removal was announced by Adobe in advance 3.5 years ago.
To keep its users to have a secure performance, Microsoft will remove the Flash component from Windows through the KB4the Flash component from Windows through the KB4577586. It says once the update is made, Flash no longer be used and will be removed. Additionally, Microsoft also removed Flash from Its Microsoft Edge browser as well.
Recently, a phishing campaign discovered targeting Office 365 users that include SharePoint, said The Cofense Phishing Defense Center (PDC). The phishing campaign from hackers are targeting users especially those who work from home, a phishing mail is sent, claiming to require an email signature with an urgent demand. It was discovered in an environment protected by Microsoft’s own secure email gateway (SEG) and was successfully bypass by its security.
The hackers use a legitimate SharePoint document that needed a signature urgently, by this phish successfully bypass the SEG, it was reported that this is not the first time that a Spear-phishing campaign from last year in December bypassed the security gateway, hackers target almost 200 million Office users.
(Image credit: Cofense)
The message above seems to be fishing as the recipient asks ‘Urgently’ for the victim to take immediate action, this is one of the gimmicks that hackers usually use but never gets old, whenever there’s a request to take immediate like this usually is not from the native speaker. Cofense said that the recipients use hyperlinks, telling victims to log in and view the document, this could allow hackers to extract users’ personal data. It’s advisable for users to take precautions against any phishing threat and not to entertain any unknown recipients.