Tag Archive for: ‘Fix’

Millions of Android phones come with pre-installed malware, and there’s no easy fix

/in


Why it matters: The Google Play Store is notorious for harboring apps that contain malware, adware, or some flavor of spyware or fleeceware. A little-known fact is that hackers are increasingly turning to pre-installed apps to do their misdeeds, but researchers are once again trying to raise attention to this growing trend. Millions of affordable Android phones come with a large number of pre-installed apps, and hackers only need to subvert one. Solving this problem, however, is a much more difficult task compared to dealing with rogue apps that make it into the Play Store.

Last month, we learned that malware had been discovered in 60 Android apps with over 100 million downloads – another black eye for the mobile operating system that has an estimated three billion active users worldwide. Malicious developers regularly exploit various loopholes in Google’s app vetting process to create apps that steal login credentials or fleeceware that squeeze as much as $400 million per year from users by tricking them into signing up for expensive in-app subscriptions.

However, researchers at Trend Micro are sounding the alarm about the growing trend of Android devices that come with malicious software pre-installed. While you can easily remove an app you’ve downloaded from the Play Store, dealing with malware baked into system apps or device firmware is a much more difficult task.

Android’s open nature allows manufacturers to create a wide range of phone models and target price-conscious consumers with more affordable options, but it also opens the door for hackers to sneak in malicious code before those devices even leave the factory floor. And this risk also applies to other Android devices – everything from smartwatches to tablets, set-top boxes, and smart TVs.

Senior Trend Micro researcher Fyodor Yarochkin says pre-installed malware has become a lot more common in recent years partly because of a race to the bottom among mobile firmware developers. Once it became unprofitable to sell firmware, many of them started offering it for free.

As you’d expect, there’s a catch to this new business model – many of the firmware images analyzed by Trend Micro contained bits…

Source…

Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix • The Register

/in


Patch Tuesday May’s Patch Tuesday brings some good and some bad news, and if you’re a glass-half-full type, you’d lead off with Microsoft’s relatively low number of security fixes: a mere 38.

Your humble vulture, however, is a glass-half-empty-and-who-the-hell-drank-my-whiskey kind of bird, so instead of looking on the bright side, we’re looking at the two Microsoft bugs that have already been found and exploited by miscreants. Plus a third vulnerability, which has been publicly disclosed. We’d suggest patching these three stat.

Six of the 38 vulnerabilities are deemed “critical” because they allow remote code execution.

The two that are under active exploit, at least according to Microsoft, are CVE-2023-29336, a Win32k elevation of privilege vulnerability; and CVE-2023-24932, a Secure Boot security feature bypass vulnerability, which was exploited by the BlackLotus bootkit to infect Windows machines. Interestingly enough, BlackLotus abused CVE-2023-24932 to defeat a patch Microsoft issued last year that closed another bypass vulnerability in Secure Boot. Thus Redmond fixed a hole in Secure Boot, and this malware abused a second bug, CVE-2023-24932, to get around that.

CVE-2023-29336 is a 7.8-out-of-10 rated flaw in the Win32k kernel-mode driver that can be exploited to gain system privileges on Windows PCs. 

“This type of privilege escalation is usually combined with a code execution bug to spread malware,” Zero Dan Initiative’s Dustin Childs said. “Considering this was reported by an AV company, that seems the likely scenario here.” 

Redmond credited Avast bug hunters Jan Vojtešek, Milánek, and Luigino Camastra with finding and disclosing the bug.

Time to boot out a threat

Meanwhile, CVE-2023-24932 received its own separate Microsoft Security Response Center (MSRC) advisory and configuration guidance, which Redmond says is necessary to “fully protect against this vulnerability.”

“This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled,” MSRC warned. “This is used by threat actors primarily as a persistence and defense evasion mechanism.”

If also noted, however,…

Source…

Hyundai and Kia thefts keep rising despite security fix

/in


Nearly three months ago, Hyundai and Kia unveiled software that was designed to thwart an epidemic of thefts of their vehicles, caused by a security flaw that was exposed on TikTok and other social media sites.

So far, it hasn’t solved the problem. Across the country, thieves are still driving off with the vehicles at an alarming rate.

Data from seven U.S. cities gathered by The Associated Press shows that the number of Hyundai and Kia thefts is still growing despite the companies’ efforts to fix the glitch, which makes 8.3 million vehicles relatively easy targets for thieves.

From Minneapolis, Cleveland and St. Louis to New York, Seattle, Atlanta and Grand Rapids, Michigan, police have reported substantial year-over-year increases in Hyundai and Kia theft reports through April. An eighth city, Denver, which was hit early by the theft outbreak, reported a 23% decline from 2022 levels but still endured a high number of thefts.

So far this year, Minneapolis police have received 1,899 Kia and Hyundai theft reports, nearly 18 times the number for the same period in 2022.

“The scope of the problem is only expanding and is exponentially worse than it has been in the past,” Brian O’Hara, the police chief of Minneapolis, said in an email. “We have some weeks where nearly as many Kias and Hyundais are stolen in a week as had previously been stolen in a year.”

The most recent nationwide numbers on Hyundai and Kia thefts aren’t yet publicly available. The figures for early 2023, as calculated by the Insurance Institute for Highway Safety, will be released until later this year. (Hyundai and Kia are part of the same South Korean corporate family.)

Some U.S. cities have reported that 60% or more of their auto theft reports now involve Hyundais or Kias. Videos on TikTok and other sites that illustrate how to start and steal Kia and Hyundai models — using only a screwdriver and a USB cable — have allowed the thefts to spread across the nation since late 2021.

In New York, the Hyundai-Kia theft problem has grown so worrisome that the city held a news conference last last month to offer owners devices that can track their vehicles if they’re stolen. Police there reported 966 Hyundai and…

Source…

Google Scrambles to Fix Chrome’s Second Zero-Day Exploit in Just Days!

/in


Google Chrome Users Beware: Zero-Day Vulnerability Exploited | Update NOW!

Google Chrome Users Beware: Zero-Day Vulnerability Exploited | Update NOW!

In a shocking development, Google has rushed to release an emergency fix for yet another high-severity zero-day exploit in its Chrome web browser . The flaw, known as CVE-2023-2136, is a result of an integer overflow in Skia, an open source 2D graphics library, which was discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG) on April 12, 2023 .

Double Trouble: A Second Zero-Day Exploit

This is the second Chrome zero-day vulnerability exploited by malicious actors this year, coming hot on the heels of Google patching CVE-2023-2033 just last week . It remains unclear whether the two exploits have been used in tandem as part of in-the-wild attacks.

Patch it up, Folks!

Google has urged users to upgrade their browsers to version 112.0.5615.137/138 for Windows, 112.0.5615.137 for macOS, and 112.0.5615.165 for Linux in order to mitigate potential threats . Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as soon as they become available .

Act Now or Regret Later!

In light of these alarming events, it’s crucial for users to stay vigilant and take action by updating their browsers to the latest versions. Don’t let your digital lives fall into the hands of cunning cybercriminals. Stay one step ahead and protect your online presence!

Source…