Tag Archive for: adds

Google Wallet adds ‘Verification settings’ to balance security and convenience

/in


What you need to know

  • Google Wallet has added a new verification settings menu for Android devices.
  • This setting allows users to decide whether or not they need to be verified before paying for a ticket on public transport.
  • This will help to make Google Wallet even more secure.

The ability to store card details, transit passes, boarding passes, and contactless payments, means Google Wallet is a convenient way to save time.  Now, Google is working hard to make Wallet even more secure and user-friendly by introducing a new ‘Verification settings’ menu.

The new addition, as spotted by 9to5 Google, lets users decide whether or not verification is required, specifically when paying for a transit ticket. Under “Wallet settings” is the new “Security” heading, under which “Verification settings” are listed. When selected, the user can “choose if you’ll need to verify it’s you when using your items stored in Wallet.” 

At the moment, the only available option here is “Transit payments.” When the “verification required” toggle is on, Wallet will require “verification for paying for bus, metro, and more with a credit or debit card.” This means the usual options for a device include a PIN or fingerprint scan, for example.  

Screenshots of the new verification settings menu in Google Wallet

(Image credit: Phone Arena)

If a user already has a transit pass stored in Wallet, the toggle will be switched on by default. The wallet will then require verification before paying with their bank card. If no transit pass is stored, this option will be automatically turned off. 

Source…

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

/in


CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Pierluigi Paganini
March 06, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:

The Android Pixel vulnerability, tracked as CVE-2023-21237, resides in applyRemoteView of NotificationContentInflater.java. The exploitation of this vulnerability could lead to local information disclosure with no additional execution privileges needed. The exploitation doesn’t require user interaction.

Google addressed the issue in June 2023, the IT giant is aware of “limited, targeted exploitation.”

“There are indications that CVE-2023-21237 may be under limited, targeted exploitation.” reads the security bulletin published by the company.

The issue is likely chained with other flaws in an exploit used by a commercial spyware vendor or a nation-state actor.

The second issue added to the Catalog is an OS Command Injection vulnerability in Sunhillo SureLine. The exploitation of the flaw can allow to execute arbitrary commands with root privileges.

The exploitation can lead to complete system compromise.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by March 26, 2024.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – ransomware, CISA

Source…

Hunters International Ransomware Adds Four New Victims

/in


The Hunters International ransomware group has claimed four new victims, expanding its reach across industries and countries.

The targeted organizations include Gunning & LaFazia in the United States, Thermosash Commercial Limited in New Zealand, PROJECT M.O.R.E. in the U.S., and Bradford Health Care, a healthcare institution.

The Targets: Diverse Industries and Geographic Locations

The announcement of cyberattack was made through the group’s dark web portal, showcasing their continued audacity in breaching security systems. The implications of these Hunters International ransomware attacks could be far-reaching, given the diverse industries and geographic locations of the victims.

Hunters International Ransomware
Source: Twitter
Hunters International Ransomware
Source: Twitter

The USA and New Zealand have found themselves at the forefront of this latest cyber onslaught.

Hunters International ransomware
Source: Twitter

Hunters International Strikes Again: Four New Victims Added to Dark Web Portal

To verify the legitimacy of the Hunters International ransomware attack claim, The Cyber Express Team reached out to the targeted organizations. Unfortunately, as of the writing of this report, no responses have been received, leaving the claims unverified.

Interestingly, the official websites of the targeted organizations were found to be fully functional, raising questions about the authenticity of the Hunters International ransomware group’s assertions.

Hunters International ransomware has become synonymous with a repetitive attack pattern, drawing parallels to their previous operations. A significant revelation from October exposed code overlaps between the ransomware used by Hunters International and the once-dominant Hive ransomware.

Bitdefender, a cybersecurity vendor, confirmed this finding, suggesting a strategic decision by the Hive group to transfer its operations and assets to Hunters International.

Repetitive Tactics: Hunters International Ransomware Attack Pattern

This recent cyberattack on multiple organizations echoes a similar pattern observed in 2023 when the L’Azienda USL di Modena Regional Health Service in Italy fell victim to a cyber breach attributed to Hunters International.

Before these incidents, the ransomware group targeted InstantWhip, a major player with a revenue of US$300 million. InstantWhip has yet to release any…

Source…

Roblox adds strict new anti-cheat and hackers are mad about it

/in





News, reviews, tips and guides for the biggest and best games
Jailbreak brings the top action game genre to Roblox.
The Byfron Anti-Cheat engine has been added to Roblox to stop hackers from leveraging exploits in the game. Players who want to employ third-party mods to enhance their Roblox experience were not enthusiastic about the update.
Roblox’s expansive metaverse is filled with active users having fun in their preferred games. The standard gameplay might grow dull, so users turn to third-party modifications to spice things up and cause havoc on the server.
Hackers have been a constant problem for dedicated gamers throughout the years, whether in the form of account theft or server crashes. In order to penetrate Roblox’s security measures, these hackers employ applications that are able to easily breach the platform’s firewall.
Roblox partnered with Byfron last year to implement their anti-cheat engine, which blocks these types of hackers from playing the game, in an effort to combat this issue. However, now that it’s here, hackers are extremely mad about the same.
Byfron, the latest anti-cheat engine, is currently live and fully operational on Roblox. The anti-cheat box appears whenever a Roblox session is initiated, scanning the user’s computer for any third-party software that might harm the game and immediately blocks it.
Roblox players, who have been dealing with hackers for years, are relieved by this update. A Reddit user who likes to play the game legitimately commented, “Exploiters who are more like modders (take for example, doors custom hard modes) in fact, have their days ruined.”
But, modders are concerned because they worry that even non-malicious third-party apps might get them banned. Defending the modding community, a user exclaimed, “I f**king hate the “hacker” stereotype that everyone who exploits ruins everyone’s day. Has it ever crossed their mind that we can make games MORE fun?”.
In response, players who like to be on the fair side replied, “True, but for every ‘fun’ exploiter, there are thousands of others that just instakill the whole server or run around aim botting like…

Source…