Posts

Unpatched macOS Security Hole Allows for Remote Code Execution

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Another day, another vulnerability. This time it affects macOS Big Sur as well as earlier versions of macOS. More concerning, the security hole remains unpatched, according to a report at Ars Technica. The security vulnerability is a significant one allowing for code execution by a remote attacker.

Independent security researcher Park Minchan discovered the security flaw, which allows hackers to embed commands into shortcut files with the inetloc extension.

These inetloc files are internet shortcut files that often contain typically innocuous server details and connection information. Users open these files expecting them to open a website, for example. They are not expecting the file to execute some random code.

The vulnerability exploits how macOS reads the content of inetloc files. Instead of using HTTPS:// for a web browser, hackers can substitute file:// and execute a file on the user’s computer.

Apple was aware of this flaw and blocked the addition of the file:// prefix in these internet shortcut files. Apple thought it had the bases covered, but the Cupertino giant forgot about case sensitivity.

Minchan discovered that while macOS blocked file://, it did not stop the capitalized version File://. 

Ars tested this vulnerability and launched the calculator app from an inetloc file containing eight lines of code. Launching the calculator app is benign. Unfortunately, the flaw is much more permissive. A skilled hacker could easily open system folders and other folders that contain malicious code downloaded to the user’s machine.

Minchan reported the flaw to Apple using the company’s SSD Secure Disclosure program. Apple has not publicly commented on the vulnerability, but we would expect the company to issue a security patch in the future.

macOS users should be cautious when opening internet shortcut files, especially those sent via unsolicited emails. They also should apply updates as soon as they are released. 

Source…

FlyTrap malware masquerades as a coupon code to steal Facebook data

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


There is a warning about a new form of malware for Android. The so-called FlyTrap malware looks for Facebook data and operates in a cunning manner. How do you recognize malware and what can you do about it?

FlyTrap malware on Android

Cybersecurity company Zimperium has discovered a new form of malware for Android. The malware is called FlyTrap. Thousands of users in at least 144 countries are said to have been affected by the malware. It was discovered that the malware could simply be found in the Google Play Store. It masquerades as an app that supposedly allowed you to register free coupon codes for Netflix, Google AdWords, or something else. In addition, malware has been detected in some football-related applications, where you can vote for the best football team or the best player.

Image via Zimperium

Fake login pages are often used, but the creators of this malware took a different approach. Users were redirected to a legitimate Facebook login page. Then a JavaScript injection was used. This made it possible to store data such as login details. To know the location, email address and IP address of users. They were caught this way. The information is then redirected to the hackers’ server.

Google has removed several apps from the Google Play Store following the Zimperium report. It may still be available for download via other channels. For this reason, it is again cautioned not to download them via any means other than the Google Play Store.

Source…

7 Things You Must Know Before Scanning a QR Code

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360



4. Do not trust a QR code that was supposedly emailed by a friend (whose account may have been hacked) or that appeared in a text, online post or mail piece. Instead, use a browser and visit a website using a domain name you know is legit.

5. Avoid using a QR code to pay a bill. There are many other payment methods that are less susceptible to fraud.

6. QR codes may seem harmless, not least because the naked eye can’t detect what the codes are programmed to do. So trust your gut, Kitten advises. “If the code is stuck to the side of a napkin dispenser and looks suspect, don’t use it. Ask for a menu.”

7. Consider adding protection that checks for malicious or inappropriate content, advises Grant, who says many firms, including Sophos Mobile Security and Kaspersky, offer mobile products.

QR codes can come in handy

The bottom line: QR codes can be created quickly and easily, but like other tech tools highjacked by fraudsters, they also serve a legitimate purpose in commerce and everyday life.

A couple of her friends, Grant says, use QR code generators to share their Wi-Fi passwords with guests, “because when their kids’ friends come over, they’re always like, ‘Hey, what’s your Wi-Fi?’

“So now when their kids’ friends come over, they go over to the refrigerator [where the QR code is placed] and now they’re on the house Wi-Fi without having to bother the parents all the time.”

Source…

Toronto’s Humber River Hospital under code grey after ransomware attack – Toronto

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Officials are Humber River Hospital are scrambling to restore their computer systems after the facility in Toronto’s north end was the target of a ransomware attack.

A statement on the hospital’s website posted earlier in the week said during the early hours of Monday, it experienced a so-called “zero day ransomware of a new malware variant,” forcing staff to declare a code grey (a loss of essential services).

While the emergency department was still operational, some clinics were cancelled and ambulances were redirected.

READ MORE: Recent increases in ransomware attacks may lead to a new internet

“Since our systems are constantly updated (most recent patching June 13, 2021) and monitored this was discovered almost immediately and all IT systems were shut down, including our patient health records system,” the statement said, adding while no confidential information was breaking some files were corrupted.

Story continues below advertisement

“We have over 5,000 computers, 800 of which are servers, (and) each will be restarted manually. [The repair patch] will be added to each computer and then each system recovered as required.”

Security engineer Kellman Mengu said ransomware attacks, which involves taking data, files and systems hostage remotely and often for money, are common and can cause massive disruptions for hospital operations.

READ MORE: World’s largest meat processor gets back online after cyberattack linked to Russia

“We have automated a lot of things in our world and we are now heavily dependent on the technology,” he said.

“I’m willing to bet there aren’t backup paper records easily accessible. Things like patient history and understanding what they have gone through the past for the doctors is critical for them to be able to make medical decisions.

“It’s not just patient records — it’s things like…

Source…