Tag: allowing | SpinSafe

Google tests a ‘Private Space’ feature on Android phones, allowing secure hiding of apps

December 15, 2023/in Mobile Security

For Android smartphones, Google is actively developing a feature called “Private Space” that will allow users to safely conceal apps. This feature, which is expected in a future Android OS update, allows users to hide files and apps from other users, similar to Samsung’s Secure Folder feature that has been around for six years.

This feature, found in the Security & Privacy settings, enables users to create a protected Android user profile using biometrics or a password/PIN. Mishaal Rahman found this development in the Android 14 QPR2 beta. This feature improves privacy when sharing the device by hiding not just the presence of the app but also its notifications.

To preserve the covert use of the “Private Space” feature, Google is thinking of implementing a search bar trigger to reveal these apps.
The possible inclusion of the feature in Android 15 may indicate that smartphone makers will use it more widely, giving more people access to Samsung’s Secure Folder-like features. Rahman points out that not all features were activated in the most recent beta because it’s still in development.

Source…

A New Polyglot Attack Allowing Attackers to Evade Antivirus

September 4, 2023/in Computer Security

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file.

The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

“A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF,” researchers Yuma Masubuchi and Kota Kino said. “If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors.”

Such specially crafted files are called polyglots as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC).

This entails adding an MHT file created in Word and with a macro attached after the PDF file object. The end result is a valid PDF file that can also be opened in the Word application.

Put differently; the PDF document embeds within itself a Word document with a VBS macro that’s designed to download and install an MSI malware file if opened as a .DOC file in Microsoft Office. It’s not immediately clear what malware was distributed in this fashion.

“When a document is downloaded from the internet or email, it’ll carry a MotW,” security researcher Will Dormann said. “As such, the user will have to click ‘Enable Editing’ to exit Protected View. At which point they’ll be learn [sic] that macros are disabled.”

While real-world attacks leveraging MalDoc in PDF were observed a little over a month ago, there’s evidence to suggest that it was being experimented (“DummymhtmldocmacroDoc.doc“) as early as May, Dormann highlighted.

The development comes amid a spike in phishing campaigns using QR codes to propagate malicious URLs, a technique called qishing.

“The samples we have observed using this technique are primarily disguised as multi-factor authentication (MFA) notifications, which lure their victims into scanning the QR code with their mobile phones to gain access,” Trustwave said last week.

“However, instead of going to the target’s desired location, the QR code leads them to the threat actor’s phishing page.”

One such campaign targeting the Microsoft credentials of users has witnessed an…

Source…

Nexx Ignores Vulnerabilities Allowing Hackers to Remotely Open Garage Doors

April 5, 2023/in Computer Security

Texas-based smart home product provider Nexx appears to have ignored repeated attempts to report serious vulnerabilities that can be exploited by hackers to remotely open garage doors, and take control of alarms and smart plugs.

Nexx offers smart alarms, garage door controllers, and smart plugs, all of which can be controlled remotely from a dedicated mobile application.

Researcher Sam Sabetan discovered that these products are affected by serious vulnerabilities in late 2022 and disclosed their details on Tuesday.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also released an advisory to warn individuals and organizations using Nexx products about the flaws identified by the researcher. The agency said the impacted products are used by commercial facilities worldwide.

Sabetan and CISA said their attempts to report the vulnerabilities to Nexx were ignored. SecurityWeek has also reached out to Nexx for comment.

The researcher has discovered five types of vulnerabilities, most of which have been assigned ‘high’ or ‘critical’ severity ratings. The list of issues includes the use of hardcoded credentials, authorization bypass flaws that can be leveraged to execute unauthorized actions, information disclosure issues, and improper authentication.

In a real world attack scenario, an attacker can exploit these vulnerabilities to open or close garage doors remotely over the internet, hijack any alarm system, and turn on/off smart plugs connected to household appliances.

In order to conduct an attack, the hacker only needs the targeted user’s device ID, email address, name, or MAC address, depending on the type of device they are targeting.

A video demo made by the researcher shows how a hacker can obtain the information of hundreds of users.

“It is estimated that over 40,000 devices, located in both residential and commercial properties, are impacted. Furthermore, I determined that more than 20,000 individuals have active Nexx accounts,” Sabetan explained.

Source…

Proposed ‘Hack-Back’ Bill Tells DHS To Study Allowing Companies To Retaliate – Breaking Defense Breaking Defense

July 25, 2021/in Computer Security

A new bill could be the first step in companies being able to “hack back” at bad actors – but doing so could come with major risks, experts say. (File)

WASHINGTON: Two members of the Senate Finance Committee have introduced a bipartisan bill that instructs the Department of Homeland Security to study the “potential consequences and benefits” of allowing private companies to hack back following cyberattacks.

Sens. Steve Daines, R- Mont., and Sheldon Whitehouse, D-R.I., have introduced the legislation as frustration over repeated cyberattacks against US companies has led to growing calls across the national security community and the private sector for retaliatory actions. Some, including military legal advisors, are now calling for the US to revisit its policy on military offensive cyber operations, especially in response to increasing ransomware attacks targeting the public and private sectors.

The draft Study on Cyber-Attack Response Options Act tells DHS to study “amend[ing] section 1030 of title 18, United States Code (commonly known as the Computer Fraud and Abuse Act), to allow private entities to take proportional actions in response to an unlawful network breach, subject to oversight and regulation by a designated Federal agency.”

DHS’s report would provide recommendations to Congress on the “potential impact to national security and foreign affairs.” Specifically, the report would address the following issues:

Which federal agency or agencies would authorize “proportional actions by private entities;”
Level of certainty in attribution needed to authorize such acts;
Who would be allowed to conduct such operations and under what circumstances;
Which types of actions would be permissible; and
Required safeguards to be in place.

“The Colonial Pipeline ransomware attack shows why we should explore a regulated process for companies to respond when they’re targets,” Whitehouse said in a statement to Breaking Defense. “This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow.” (A request for comment to Daines’s office was not returned by…

Source…

Tag Archive for: allowing