Tag Archive for: confirms

Google Confirms Hidden Android Security Threat Affecting A Billion Users

/in


A new threat at a vast scale has just been revealed, and it impacts multiple Android apps with hundreds of millions of installs—here’s what you need to know…

Microsoft has discovered a serious new security vulnerability that impacts popular Android apps and puts billions of devices at risk. “The implications of this vulnerability pattern” its report warns, “include arbitrary code execution and token theft, depending on an application’s implementation.”

The vulnerability relates to ContentProvider in Android enabling one app to securely share files with another. “If the client application does not properly handle the filename provided by the server application,” Google’s own advisory confirms, “an attacker-controlled server application may be able to implement its own malicious FileProvider to overwrite files in the client application’s app-specific storage.”

ForbesiMessage’s Lock On America-Is This Really The Beginning Of The End?By Zak Doffman

Exploiting the flaw, Microsoft says, could “provide a threat actor with full control over an application’s behavior,” and “access to a user’s accounts and sensitive data.”

Now the vulnerability has been exposed and reported through a co-ordinated Microsoft/Google release, developers have been provided with mitigation advice.

Microsoft gives two examples of popular apps that were susceptible to this risk, but which have both now been patched: “Xiaomi Inc.’s File Manager (1B+ installs) and WPS Office (500M+ installs).”

Because Android assigns separate memory space to apps to enforce device security, a common space is required to share files. But if both sides of the exchange don’t follow the rules, it’s possible for a sending app to use a crafted filename to trick the receiving app into overwriting legitimate files with malicious alternatives and content. Those malicious files can then be inadvertently executed on the device.

ForbesFBI Issues Warning If You Privately Message People From Dating AppsBy Zak Doffman

There’s nothing that users can do other than ensure they update apps as soon as those updates come available, and take…

Source…

Omni Hotels confirms customers’ personal data stolen in ransomware attack – KIRO 7 News Seattle

/in


DALLAS — Officials with Omni Hotels & Resorts confirmed that cybercriminals stole the personal information of its customers during what appeared to be a ransomware attack last month.

>> Read more trending news

According to a post on its website on Sunday, the hotel giant said that “limited information pertaining to a subset of our customers may have been impacted.”

Omni said the stolen data includes customer names, email addresses, postal addresses and guest loyalty program information. The breach does not include information pertaining to financial information or Social Security numbers.

Omni said it shut down its systems on March 29 after discovering intruders in its systems, TechCrunch reported. Guests reported outages across Omni’s properties, with some customers experiencing issues with telephone and wi-fi issues, according to the technology news website.

Some customers said their room keys stopped working.

Omni officials said the chain’s systems were restored by April 8, TechCrunch reported.

“Omni Hotels & Resorts continues to investigate a recent cyberattack on its systems with the assistance of a leading cybersecurity response group,” the company wrote in an update on its website.

The FBI reported that more than 2,825 ransomware complaints were reported during 2023, an increase of 18% over 2022. Losses reported rose by 74%, from $34.3 million to $59.6 million, according to the agency.

Omni Hotels & Resorts is based in Dallas, and the chain operates 50 hotels and resorts in the United States and Canada, according to The Dallas Morning News.

© 2024 Cox Media Group

Source…

Leicester Council confirms ransomware attack

/in


The confirmation comes after the criminals responsible for the attack uploaded stolen documents to their dark web site, prompting concerns over data security and user privacy.

INC Ransom, the group that has claimed responsibility, is notorious for targeting various governmental, educational and healthcare institutions.

The council revealed on 3rd April that approximately 25 sensitive documents, including rent statements, council housing purchase applications and personal ID records such as passport information were among those leaked.

“The breach of confidential information is a very serious matter and its publication is a criminal act. We are in the process of trying to contact all of those affected by this breach, and have also notified the Information Commissioner,” said Richard Sword, the council’s strategic director.

While the exact extent of the breach remains uncertain, Sword acknowledged the possibility that additional documents may have been compromised.

The INC Ransom group, which claims to have extracted 3 terabytes of data from Leicester City Council, has also published a ‘proof pack’ on a data leak site.

While the majority of the council’s systems and phone lines are now functioning normally, following a shutdown on 7th March when the attack was first detected, several critical services are still disrupted.

Emergency contact numbers were provided on the council’s website as alternative means of communication, particularly for essential services like child protection, homelessness support and adult social care safeguarding.

The council has cautioned residents to remain vigilant and report any suspicious approaches from parties claiming to possess their data to Leicestershire Police. It says it is cooperating with law enforcement agencies, including Leicestershire Police and the National Cyber Security Centre, as part of the investigation.

The Information Commissioner’s Office has also been notified of the breach.

“As this is a live investigation, we are not able to comment in further detail, but will continue to provide updates when we have news to share,” Sword said.

INC Ransom’s involvement in the cyber incident extends beyond Leicester, as the group has also…

Source…

MarineMax confirms data breach | SC Media

/in


MarineMax has disclosed having employee and customer data stolen from its systems following a cyberattack last month, BleepingComputer reports.

“…[O]ur ongoing investigation has identified that this organization exfiltrated limited data from this environment that includes some customer and employee information, including personally identifiable information,” said the major U.S. global recreational boat, yacht, and superyacht retailer in an updated filing with the U.S. Securities and Exchange Commission.

No additional details regarding the perpetrator of the breach have been provided but the Rhysida ransomware-as-a-service operation already laid claim on the incident, demanding more than $1 million worth of bitcoin as ransom for financial documents and other data, which MarineMax denied.

MarineMax’s confirmation comes nearly a month after Rhysida leaked all of the data it purportedly stole from Chicago-based Lurie Children’s Hospital after it refused to pay the ransom. Sony-owned video game developer Insomniac Games also had 1.67 TB of files exposed by the ransomware gang as a result of not paying the $2 million ransom.

Source…