The 7 most dangerous vulnerabilities in Android applications 2021

Android application vulnerabilities have become a problem because of Google Play’s open format, and also because users can sideload apps, removing any oversight regarding the safety of apps.

There are also updates and patches to the Android operating system. You can’t count on Android to update itself in a timely manner, because wireless carries control update schedules on all but Google’s Pixel devices.

Expert testing of Android mobile applications shows that in most cases, insecure data storage is the most common security flaw in android apps. According to a report, Vulnerabilities and Threats are slightly more common in Android applications, compared to iOS counterparts(43% vs 38%). But the experts categorize this difference as minimal: the security level of apps is roughly equivalent between the two platforms.

Comprehensive security checks of a mobile application include a search for vulnerabilities in the client and server, as well as data transmission between them.

https://www.serage2020.com/2021/09/the-7-most-dangerous-vulnerabilities-in.html

#android #apk #vulnerabilities
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

SCOOP: a group of "hackers on steroids" gained access to a large dataset belonging to Epik, the web host of the Texas GOP website, Texas Right to Life website, and anti-abortion snitch website.

https://nitter.pussthecat.org/stevanzetti/status/1437482759241469958

via Twitter

#scoop #epik #gop
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Now is a good time to remind people that the Saudi government would not be spying on activists' phones with no-click 0-days without knowledge and approval of the Israeli government, who could put a stop to NSO Group's sales right now.

https://nitter.pussthecat.org/evacide/status/1437501716765626369#m

via Twitter

#saudi #spying #pegasus #nso
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike

Key Findings

-Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratch
-Linux malware is fully undetected by vendors
-Has IoC and technical overlaps with previously discovered Windows DLL files
-Highly targeted with victims including telecommunications, government and finance

Cobalt Strike is a popular red team tool for Windows which is also heavily used by threat actors. At the time of this writing, there is no official Cobalt Strike version for Linux.

In August 2021, we at Intezer discovered a fully undetected ELF implementation of Cobalt Strike’s beacon, which we named Vermilion Strike. The stealthy sample uses Cobalt Strike’s Command and Control (C2) protocol when communicating to the C2 server and has Remote Access capabilities such as uploading files, running shell commands and writing to files. The malware is fully undetected in VirusTotal at the time of this writing and was uploaded from Malaysia.

Based on telemetry with collaboration from our partners at McAfee Enterprise ATR, this Linux threat has been active in the wild since August targeting telecom companies, government agencies, IT companies, financial institutions and advisory companies around the world. Targeting has been limited in scope, suggesting that this malware is used in specific attacks rather than mass spreading.

After further analysis, we found Windows samples that use the same C2. The samples are re-implementations of Cobalt Strike Beacon. The Windows and ELF samples share the same functionalities.

The sophistication of this threat, its intent to conduct espionage, and the fact that the code hasn’t been seen before in other attacks, together with the fact that it targets specific entities in the wild, leads us to believe that this threat was developed by a skilled threat actor.

In this post we will provide a technical analysis of the samples and explain how you can detect and respond to this threat.

https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/

Samples:
https://vx-underground.org/samples/Families/Vermilion%20Strike/

#vermilionstrike #cobaltstrike #windows #linux
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Mozilla has defeated Microsoft’s default browser protections in Windows

It’s easier to switch to Firefox as default now

Mozilla has quietly made it easier to switch to Firefox on Windows recently. While Microsoft offers a method to switch default browsers on Windows 10, it’s more cumbersome than the simple one-click process to switch to Edge. This one-click process isn’t officially available for anyone other than Microsoft, and Mozilla appears to have grown tired of the situation.

In version 91 of Firefox, released on August 10th, Mozilla has reverse engineered the way Microsoft sets Edge as default in Windows 10, and enabled Firefox to quickly make itself the default. Before this change, Firefox users would be sent to the Settings part of Windows 10 to then have to select Firefox as a default browser and ignore Microsoft’s plea to keep Edge.

Mozilla’s reverse engineering means you can now set Firefox as the default from within the browser, and it does all the work in the background with no additional prompts. This circumvents Microsoft’s anti-hijacking protections that the company built into Windows 10 to ensure malware couldn’t hijack default apps. Microsoft tells us this is not supported in Windows.

https://www.theverge.com/2021/9/13/22671182/mozilla-default-browser-windows-protections-firefox

#firefox #mozilla #microsoft #windows
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Russian Man Allegedly Ran a Real Murder-for-Hire Darkweb Site

Authorities in Russia arrested a man for allegedly orchestrating murders through a platform on the darkweb.

The Main Investigation Department of the Investigative Committee of Russia arrested Sergei Magdanov, 38, resident of Izhevsk in Russia, in connection with at least two murders, one attempted murder, and trafficking weapons.

The investigation began in 2020 after Russian police launched an investigation into the murder of two alleged drug dealers in the Vladimir region. During the investigation, the police arrested alleged accomplices who provided logistical support to the parties responsible for the murders. In part, the accomplices followed the victims and provided the alleged hitman with the locations of the victims.

At some point, Russian authorities identified an onion service where suspects had allegedly ordered the murders. The operator of the site accepted cryptocurrency and fiat as payment. The announcement from Russian authorities did not reveal information about the identification of the site operator.

The investigators concluded that Magdanov orchestrated the murders through the site, assisted the actual hitmen by providing weapons and ammunition, and allegedly sold weapons too.

On September 9, 2021, the police executed search warrants at the suspect’s home and his safe house. The searches led to the seizure of mobile phones, computers, more than one thousand SIM cards, more than 500 bank cards, and large amounts of cash.

https://darknetlive.com/post/russian-man-allegedly-ran-a-real-murder-for-hire-darkweb-site/

#russia #murder #darkweb
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

iTimed: Cache Attacks on the Apple A10 Fusion SoC

Abstract—This paper proposes the first cache timing side- channel attack on one of Apple’s mobile devices. Utilizing a recent, permanent exploit named checkm8, we reverse- engineered Apple’s BootROM and created a powerful toolkit for running arbitrary hardware security experiments on Apple’s in-house designed ARM systems-on-a-chip (SoC).

https://eprint.iacr.org/2021/464.pdf

#itimed #apple #attacks #a10 #fusion #soc #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Facebook Knows Instagram Is Toxic for Teen Girls, Company Documents Show

Its own in-depth research shows a significant teen mental-health issue that Facebook plays down in public.

About a year ago, teenager Anastasia Vlasova started seeing a therapist. She had developed an eating disorder, and had a clear idea of what led to it: her time on Instagram.

She joined the platform at 13, and eventually was spending three hours a day entranced by the seemingly perfect lives and bodies of the fitness influencers who posted on the app.

“When I went on Instagram, all I saw were images of chiseled bodies, perfect abs and women doing 100 burpees in 10 minutes,” said Ms. Vlasova, now 18, who lives in Reston, Va.

Around that time, researchers inside Instagram, which is owned by Facebook Inc., were studying this kind of experience and asking whether it was part of a broader phenomenon. Their findings confirmed some serious problems.

“Thirty-two percent of teen girls said that when they felt bad about their bodies, Instagram made them feel worse,” the researchers said in a March 2020 slide presentation posted to Facebook’s internal message board, reviewed by The Wall Street Journal. “Comparisons on Instagram can change how young women view and describe themselves.”

For the past three years, Facebook has been conducting studies into how its photo-sharing app affects its millions of young users. Repeatedly, the company’s researchers found that Instagram is harmful for a sizable percentage of them, most notably teenage girls.

“We make body image issues worse for one in three teen girls,” said one slide from 2019, summarizing research about teen girls who experience the issues.

“Teens blame Instagram for increases in the rate of anxiety and depression,” said another slide. “This reaction was unprompted and consistent across all groups.”

Among teens who reported suicidal thoughts, 13% of British users and 6% of American users traced the desire to kill themselves to Instagram, one presentation showed.

https://www.wsj.com/articles/facebook-knows-instagram-is-toxic-for-teen-girls-company-documents-show-11631620739

#facebook #DeleteFacebook #instagram #teen #girls
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Wikipedia bans 7 mainland Chinese power users over ‘infiltration and exploitation’ in unprecedented clampdown

The move by the Wikimedia Foundation came after "long and deep investigations" into a group of mainland Chinese users, two months after HKFP revealed that some of them allegedly threatened to report their Hong Kong peers to the city's national security police.

The foundation that oversees Wikipedia has taken unprecedented action to ban seven mainland Chinese users from its websites globally and revoke administrator access and other privileges for 12 other users, following an HKFP report of alleged threats to Hong Kong users.

HKFP also reported on fears among Hong Kong users over election canvassing within the online encyclopaedia as users from the mainland, Hong Kong and Taiwan angled for coveted administrator access. There were also “editing wars” over politically sensitive articles about current events in the city.

Wikipedia hosts elections for users wishing to become administrators, who enjoy more access to users and greater powers to edit articles. There were past reports that users of the Chinese edition engaged in election canvassing outside of Wikipedia to try to ensure the election of mainland administrators.

The Wikimedia Foundation investigated an “unrecognized group” of Wikipedia users from mainland China and identified “security risks” relating to “infiltration of Wikimedia systems, including positions with access to personally identifiable information and elected bodies of influence,” Maggie Dennis, the foundation’s vice president of community resilience & sustainability, said in an online statement on Tuesday.

https://lists.wikimedia.org/hyperkitty/list/[email protected]/message/6ANVSSZWOGH27OXAIN2XMJ2X7NWRVURF/

https://hongkongfp.com/2021/09/14/exclusive-wikipedia-bans-7-mainland-chinese-power-users-over-infiltration-and-exploitation-in-unprecedented-clampdown/

#wikipedia #china #infiltration #exploitation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

I think your site is hacked - @MassGov @USCERT_gov

https://nitter.pussthecat.org/idclickthat/status/1437809583045677064

via Twitter

https://urlscan.io/result/385e2ab9-44a7-4dd5-a397-7c2c4b2aedb4/#summary

#cybersec #threathunting #massgov #uscertgov
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

FreeBSD SSH Hardening

Hi! This might all look scary, but dont worry, instructions for backing up your ssh configuration and reverting change are included. Have fun, and if you're unsure, reach out for help or questions @ #freebsd libera IRC or Twitter #freebsd.

If you are running this hardening script and reporting results back here, it is important for validation purposes that the instructions are copied verbatim, as they will be sent upstream. Please copy-paste commands, rather than manually typing them.

Not doing so may result in an undefined system state. If errors occur, please report tham to koobs @ Libera Chat IRC.

https://gist.github.com/koobs/e01cf8869484a095605404cd0051eb11

#freebsd #ssh #hardening
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Welcome to Privacy Guides

We are excited to announce the launch of Privacy Guides and r/PrivacyGuides, and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.

As we announced on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and growing issues with the .IO top-level domain. As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.

We chose the name Privacy Guides because it represents two things for us as an organization: An expansion beyond simple recommendation lists, and a goal of acting as the trusted guides to anyone newly learning about protecting their personal data.

As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more education — rather than direction — surrounding privacy-related topics. You can see the very beginnings of this work in our new page on threat modeling, or our VPN and Email Provider recommendations, but this is just the start of what we eventually hope to accomplish.

https://privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/

#privacyguides #privacytools
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hackers steal 'decade's worth of data' from far-right webhost Epik - report

Epik is a company rife with controversy, associated by many with the far-Right due to hosting sites like Gab, 8chan, BitChute, the Daily Stormer and sites for the Proud Boys and Oath Keepers.

Hacktivist group Anonymous has allegedly hacked web domain registrar Epik and has stolen "a decade's worth of data," including considerable info regarding their clients and domains.

https://www.jpost.com/diaspora/antisemitism/hackers-steal-decades-worth-of-data-from-far-right-webhost-epik-report-679573

⚠️ Web hosting Company "Epik", known for hosting far right Neonazi sites, hacked by "Anonymous" which claims it leaked a decade worth of userdata. Their press release site contains a torrent, but I'm not gonna touch this shit with a stick. ⚠️

Here's their "press-release": epikfail.win

‼️ Visiting this site will very likely put you on a list. Downloading the torrent is probably illegal in many jurisdictions. ‼️

💡 Read as well:
https://t.iss.one/BlackBox_Archiv/2537

#epik #hack #anonymous
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Darknet Diaries - EP 100: NSO

The NSO Group creates a spyware called Pegasus which gives someone access to the data on a mobile phone. They sell this spyware to government agencies around the world. How is it used and what kind of company is the NSO Group?

https://darknetdiaries.com/episode/100/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

The Battle for Digital Privacy Is Reshaping the Internet

As Apple and Google enact privacy changes, businesses are grappling with the fallout, Madison Avenue is fighting back and Facebook has cried foul.

SAN FRANCISCO — Apple introduced a pop-up window for iPhones in April that asks people for their permission to be tracked by different apps.

Google recently outlined plans to disable a tracking technology in its Chrome web browser.

And Facebook said last month that hundreds of its engineers were working on a new method of showing ads without relying on people’s personal data.

The developments may seem like technical tinkering, but they were connected to something bigger: an intensifying battle over the future of the internet. The struggle has entangled tech titans, upended Madison Avenue and disrupted small businesses. And it heralds a profound shift in how people’s personal information may be used online, with sweeping implications for the ways that businesses make money digitally.

At the center of the tussle is what has been the internet’s lifeblood: advertising.

https://www.nytimes.com/2021/09/16/technology/digital-privacy-reshaping-internet.html

#digital #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Enigma Reloaded

Offline ready web app, that allows encrypted communication across less trustworthy channels.

No ads, tracking and external services. Implements private public key encryption.

💡 Features:

- DIY Encrypt and decrypt messages and files
- Open source license(GPL V3) and open source code
- Local data such as contacts and messages are encrypted using AES-256, and your PIN is used as the passphrase
- Messages and files are encrypted using Public-key authenticated encryption (box) from https://github.com/dchest/tweetnacl-js. Which is implements x25519-xsalsa20-poly1305
- No ads, tracking, remote server
- Offline support
- Compatible with services such as: Messenger, Signal, Slack, Whatsapp, Twitter, Instagram DM, SMS etc. You can even print the cypher on a paper
- Import export encrypted backups

💡 Why not use PGP, instead of this?
https://github.com/enigma-reloaded/enigma-reloaded/blob/master/why-not-pgp.md

💡 Demo Video:
https://enigma-reloaded.github.io/enigma-reloaded/static/media/example.87b40669.mp4

💡 Latest version is deployed at:
https://enigma-reloaded.github.io/enigma-reloaded/

https://github.com/enigma-reloaded/enigma-reloaded//

#enigma #encrypted #communication
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Dodging Attack Using Carefully Crafted Natural Makeup

In this study, we present a novel black-box AML attack which carefully crafts natural makeup, which, when applied on a human participant, prevents the participant from being identified by facial recognition models. We evaluated our proposed attack against the ArcFace face recognition model, with 20 participants in a real-world setup that includes two cameras, different shooting angles, and different lighting conditions.

https://arxiv.org/abs/2109.06467

https://arxiv.org/pdf/2109.06467.pdf

#dodging #aml #attack #facialrecognition #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Chinese teenagers can now use Douyin, China’s TikTok, for only 40 minutes a day

Play time’s over for China’s youth as the country increasingly cracks down on culture and business following President Xi Jinping’s call for a “national rejuvenation.” Joining a three-hour ban on “electronic drugs” (popularly known as video games), is yet another limitation on how the demographic spends their free time.
TikTok on the clock

On 18 September, ByteDance, the parent company of Chinese video-sharing app TikTok—known as Douyin—imposed a daily usage limit for those under the age of 14. The new measures not only restrict them to a maximum of 40 minutes spent on the app per day but bans them from accessing it between 10 p.m to 6 a.m.

Called Xiao Qu Xing, which translates to ‘Little Fun Star’, these restrictions are implemented with a built-in feature called ‘teenage mode’. “If you are a real-name registered user under 14 years old, you will automatically find yourself in ‘teenage mode’ upon opening Douyin,” the company wrote on its corporate blog. Apart from the daily usage limits, the mode offers a personalised feed of short video-based educational content including “interesting popular science experiments, exhibitions in museums and galleries, beautiful scenery across the country, explanations of historical knowledge, and so on.” While young users are allowed to ‘like’ these clips, they are banned from sharing them with others or even uploading their own.

The autonomy to adjust the time limit further (from a maximum of 40 minutes) is under parental control. The company also encourages them to help their children complete the ‘real-name’ authentication process—which requests their name, phone number and an official ID—and activate the mode when prompted by the app.

https://screenshot-media.com/technology/social-media/douyin-teenage-mode/

#china #beijing #tiktok #douyin
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Global Innovation Index 2021: Innovation Investments Resilient Despite COVID-19 Pandemic; Switzerland, Sweden, U.S., U.K. and the Republic of Korea Lead Ranking; China Edges Closer to Top 10

Published by WIPO, in partnership with the Portulans Institute and our corporate partners: The Brazilian National Confederation of Industry (CNI), Confederation of Indian Industry (CII), Ecopetrol (Colombia) and the Turkish Exporters Assembly (TIM).

https://www.wipo.int/pressroom/en/articles/2021/article_0008.html

#innovation #index
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Call for Participation to MCH2022

Due to the uncertainties surrounding the COVID-19 pandemic, MCH2021 did not take place. However, we are planning for a MCH2022, happening between July 22nd and July 26th of 2022.

May Contain Hackers 2022 is requesting proposals for participation, including content.

💡 What is May Contain Hackers 2022 (MCH2022)?

— MCH2022 is a five-day international outdoor technology and security conference, to be held in the Netherlands, running from the 22nd till the 26th of July 2022. We are calling for participation in the form of talks, workshops, installations, volunteers - the only limits are your imagination!

💡Is this a new thing?

— No, it is the 9th edition of an event with a proud lineage and which happens every four years. Starting with the Galactic Hacker Party in 1989 and going outdoors with Hackers at the End of the Universe in 1993, here we are, several wars and pandemics later, with another outdoor hacker camp. So there'll be 32 years of history by the time it rolls around.

💡 Where is it?

— Near Zeewolde, the Netherlands, Europe, Earth. The exact location is the Scoutinglandgoed in Zeewolde, 55km east of Amsterdam and a bit less than 55km north-east of Utrecht. OpenStreetMap shows it here.

💡 When is it?

— The 22nd to the 26th of July 2022.

💡 What kind of participation are you looking for?

— Right now we want your content: the things that you are enthusiastic about and want to share on a stage and engage an audience with. Lectures, workshops, art installations - all those kinds of things.

💡 What kind of an audience can I expect?

— A motley crew of around 3500 hackers, freethinkers, philosophers, activists, geeks, scientists, artists, makers, creative minds, and others from all over the world will convene to share, discuss, criticise, look ahead, code, build, and reflect.

https://mch2022.org

#mch22 #event
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Using Tor Browser Safely

Tor Browser is a great tool when used the right way. We cover how browsing habits can link you to your identity and a few rules I suggest Tor browser users stick to (at the least). We all have that basic, fundamental Human Right to Privacy.

https://devtube.dev-wiki.de/videos/watch/5deade87-1a54-4d0b-8bbd-ae7dec59ed49

#tor #browser #privacy #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv