Tag Archive for: issues

Sunbird iMessage for Android Returns After Shutting Down Due to Security Issues : Tech : Tech Times

/in


Sunbird is returning to bring iMessage to Android after the company shut down its services due to security issues. 

The last time it was available, the company partnered with Nothing for the service known as ‘Nothing Chats,’ another iMessage for Android service that promised blue bubbles but faced massive security issues.

Sunbird iMessage for Android Returns Soon

(Photo: Sunbird )

The company promises that the experience will be returned soon for all to enjoy.

According to their latest press release, they will start with a beta release for everyone to try, which already features several fixes, enhancements, and improvements compared to its initial run. 

From its earlier AV1 iMessage architecture, the company has developed its better and new take on this implementation, the AV2. It is now focused on improving user privacy and uses an MQTTS message broker, an OASIS standard for secure messaging. 

Sunbird promises that when the decrypted message is passed to the iMessage and RCS/Google Messages Network, it will only exist in memory for a brief time.

Read Also: Nothing Chats: Security Concern over Apple ID, iMessage Login-Should You Download?

Sunbird’s Shut Down and Security Issues

In 2022, Sunbird was among the first to bring iMessage for Android and promised this experience for all, after which it was made partner by Nothing Chats to bring the same experience for its app.

However, many security issues were found, including privacy problems wherein the messages were stored in the Firebase Database, unencrypted HTTP API Calls, and more. 

Now, the company is looking to fix all this, make it more secure, and roll it out gradually to users who have signed up (with the waitlist still open for those who want to join it via this link), with Sunbird sending out invitations to accepted ones. 

iMessage for Android’s Interconnectivity

Last year, there came a massive wave of companies looking to bring the iMessage service for Android, and this was amidst the sparking conversations regarding Apple’s reluctance to adopt RCS.

Among the many companies to do this, the first was Sunbird, followed by Nothing Chats via a…

Source…

DarkMe Malware Exploits Windows Defender Vulnerability: Microsoft Issues Patch

/in


Cybersecurity firm Trend Micro’s Zero Day Initiative recently unmasked a critical vulnerability, designated as CVE 2024-21412, that enabled the notorious APT group Water Hydra to circumvent Microsoft Defender SmartScreen and unleash the DarkMe malware upon unsuspecting victims. In a timely response, Microsoft has since patched the vulnerability, and Trend Micro now offers protection against this insidious threat.

The DarkMe Malware: A Sinister Force Unleashed

The DarkMe malware, a formidable adversary in the cyber world, has gained notoriety for its ability to infiltrate systems and wreak havoc on a grand scale. This malware variant, also known as TrojanWin32Powessere.G or ‘POWERLIKS’, typically employs the rundll32.exe file to execute its nefarious operations. Under normal circumstances, Windows Defender thwarts such attempts, presenting attackers with an ‘Access is denied’ error message.

However, the recently discovered vulnerability has provided a chink in Windows Defender’s armor, allowing the DarkMe malware to slip through the cracks and infect countless systems. By inserting multi-commas (,,) when referencing mshtml, cybercriminals found a way to bypass the mitigation measures, enabling the trojan to execute successfully and leaving victims at the mercy of the Water Hydra APT group.

The Vulnerability: A Critical Flaw in Windows Defender SmartScreen

The vulnerability, classified as having a high severity rating, requires local network access to be exploited. This means that an attacker must first gain entry to a victim’s network before they can capitalize on the flaw. Once inside, the attacker can then leverage the vulnerability to bypass Windows Defender SmartScreen, paving the way for the DarkMe malware to infiltrate the system.

The discovery of this vulnerability has sent shockwaves through the cybersecurity community, as it highlights the ever-evolving nature of the threats we face in today’s digital landscape. As cybercriminals continue to refine their tactics and develop new methods of attack, it’s crucial that cybersecurity professionals remain vigilant and proactive in their efforts to protect against such…

Source…

CERT-In Issues High-Risk Security Alert On Certain Samsung Mobile Android Versions

/in


SUMMARY

The affected software includes Samsung mobile Android versions 11, 12, 13 and 14

Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system: CERT-In

Samsung is one of the leading smartphone manufacturers in India, along with companies including Xiaomi, OPPO, OnePlus and Apple

The Computer Emergency Response Team (CERT-In), the Centre’s nodal agency dealing with cyber security, has issued a high-risk security alert for four versions of Samsung phones, saying that multiple vulnerabilities have been reported in the products with certain software.

The affected software includes Samsung mobile Android versions 11, 12, 13 and 14.

“Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system,” said CERT-In in its vulnerability note.

These vulnerabilities exist due to issues such as improper access control in Knox features, issues in the facial recognition software, improper authorisation verification vulnerability in AR emoji, improper input validation vulnerability in Smart Clip, and others, said the advisory. 

“Successful exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR emoji, bypass Knox guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system,” it added.

These vulnerabilities are likely to affect a range of Samsung devices, including the Galaxy S23 series, Galaxy Flip 5, and Galaxy Fold 5. 

Meanwhile, Samsung is one of the leading smartphone manufacturers in India, along with companies including Xiaomi, OPPO, OnePlus and Apple. The company has also been bolstering its position as one of the top smartphone manufacturers in the country.

As per a Canalys report, Samsung maintained its top position with…

Source…

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

/in


Jan 20, 2024NewsroomNetwork Security / Threat Intelligence

CISA Issues Emergency Directive

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.

The development arrives as the vulnerabilities – an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) – have come under widespread exploitation by multiple threat actors. The flaws allow a malicious actor to craft malicious requests and execute arbitrary commands on the system.

The U.S. company acknowledged in an advisory that it has witnessed a “sharp increase in threat actor activity” starting on January 11, 2024, after the shortcomings were publicly disclosed.

Cybersecurity

“Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems,” the agency said.

Ivanti, which is expected to release an update to address the flaws next week, has made available a temporary workaround through an XML file that can be imported into affected products to make necessary configuration changes.

CISA is urging organizations running ICS to apply the mitigation and run an External Integrity Checker Tool to identify signs of compromise, and if found, disconnect them from the networks and reset the device, followed by importing the XML file.

In addition, FCEB entities are urged to revoke and reissue any stored certificates, reset the admin enable password, store API keys, and reset the passwords of any local user defined on the gateway.

Cybersecurity firms Volexity and Mandiant have observed attacks weaponizing the twin flaws to deploy web shells and passive backdoors for persistent access to infected appliances. As many as 2,100 devices worldwide are estimated to have been compromised to date.

Cybersecurity

The initial attack wave identified in December 2023 has been attributed to a Chinese nation-state group that is being tracked as…

Source…