Tag: revealed | SpinSafe

Google Revealed Kernel Address Sanitizer To Harden Android Firmware

March 29, 2024/in Mobile Security

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature.

However, it has a big attack surface with over 2.5 billion active Android devices all over the world.

It also poses challenges when it comes to prompt vulnerability patching due to its fragmented ecosystem that consists of different hardware vendors and delayed software updates.

Malware distribution, surveillance, and unauthorized financial gain, or any other malicious purpose are some examples of how cybercriminals take advantage of these loopholes in security.

Recently, Google unveiled the Kernel Address Sanitizer (KASan) to strengthen the Android firmware and beyond.

Android Firmware And Beyond

KASan (Kernel Address Sanitizer) has broad applicability across firmware targets. Incorporating KASan-enabled builds into testing and fuzzing can proactively identify memory corruption vulnerabilities and stability issues before deployment on user devices.

Document

Download Free CISO’s Guide to Avoiding the Next Breach

Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.

Understand the importance of a zero trust strategy

Complete Network security Checklist

See why relying on a legacy VPN is no longer a viable security strategy

Get suggestions on how to present the move to a cloud-based network security solution

Explore the advantages of converged network security over legacy approaches

Discover the tools and technologies that maximize network security

Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.

Google has already leveraged KASan on firmware targets, leading to the discovery and remediation of over 40 memory safety bugs, some critically severe, through proactive vulnerability detection.

Address Sanitizer (ASan) is a compiler instrumentation tool that identifies invalid memory access bugs like out-of-bounds, use-after-free, and double-free errors during runtime.

For user-space targets, enabling ASan is…

Source…

Global malware surge revealed in WatchGuard’s latest Internet Security Report

March 28, 2024/in Internet Security

A recent Internet Security Report revealed a significant surge in evasive malware, amplifying the total volume of malware globally. Global cybersecurity leader WatchGuard Technologies compiled the report, which also outlined crucial trends among top malware and both network and endpoint security threats, exploring data collected and analysed by their Threat Lab researchers.

Key findings showed threat actors increasingly exploiting on-premises email servers and a continuing decline in ransomware detections, potentially due to law enforcement’s concerted international efforts to dismantle ransomware extortion groups.

Corey Nachreiner, WatchGuard’s Chief Security Officer, stated that their latest research shows threat actors using various techniques to target vulnerabilities, especially in older software and systems. He emphasised, “Organisations must adopt a defence-in-depth approach to protect against such threats. Updating the systems and software on which organisations rely is a vital step toward addressing these vulnerabilities.”

Among the report’s key findings was a parallel increase in evasive, basic, and encrypted malware in Q4 2023, contributing to an overall rise in malware. The average malware detection per Firebox grew by 80% compared to the previous quarter, evidencing a significant volume of malware threats arriving at the network perimeter. Geographically, the Americas and the Asia-Pacific region experienced the most significant increase in malware instances.

TLS and zero-day malware instances were also noted to rise. Approximately 55% of malware arrived over encrypted connections, a 7% increase from Q3. Meanwhile, zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS fell to 61%, exhibiting a 10% decrease from Q3, shedding light on the unpredictability of malware in the wild.

Two of the top five malware variants led users to the DarkGate network. JS.Agent.USF and Trojan.GenericKD.67408266, both in the top five, redirected users to malicious links. Both of these malware loaders also attempted to load DarkGate malware onto the victim’s computer.

A resurgence of…

Source…

Shadowy world of ransomware-for-hire revealed by online account activity linked to the Medibank hack | Medibank

January 28, 2024/in Internet Security

Who is the hacker being linked to the Medibank cyberattack?

The government has named 33-year-old Aleksandr Gennadievich Ermakov, a Russian citizen, IT worker and alleged cybercriminal, in new sanctions legislation in connection with the most damaging cyberattack on Australians in 2022.

When the UK, the US and Australia announced sanctions against him this week over the ransom attack, they released details of several aliases he operated under.

Experts have now pieced together the online history of the accounts said to be linked to Ermakov, revealing a broader picture of his alleged cybercrime activity in the years leading up to the Medibank attack.

Cybercrime-for-hire

The hack on Medibank resulted in the personal details of 9.7 million current and former customers – including 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers – being published on the dark web.

Additionally, health claims for about 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers were accessed. The information included service provider names and codes associated with diagnosis and procedures.

While the Optus hack drew the bulk of media attention in 2022, the Medibank was much worse in terms of the kind and scale of data exposed.

It’s unclear from government information what exactly Ermakov’s alleged role was, but experts suggest he may be one of a group of attackers. When the Australian government published its sanction notice under its relatively new Magnitsky-type powers, it listed four usernames Ermakov was also known as: GustaveDore, aiiis_ermak, blade_runner and JimJones.

Cybersecurity firm Intel471 pieced together the online history of the accounts, finding they had been active on cybercrime forums and in the cybercrime-for-hire economy, both as buyers and providers of ransomware.

Intel471 said that an account named JimJones advertised a malware development service on the Exploit forum in September 2020 and sought investors for ransomware development, claiming they would provide “ready-to-use” malware, with Jimjones taking 5% of ransoms paid. Although it is the same username it is not clear whether Ermakov himself was behind…

Source…

First state-sponsored cyberattack against UK government revealed two decades later

June 30, 2023/in Computer Security

The UK National Cyber Security Centre (NCSC) has revealed details of the first cyberattack perpetrated against the UK government by another state. The rare insight marks the 20^th anniversary of a malware attack on a government department that was identified by GCHQ’s Communications-Electronics Security Group (CESG) as state-sponsored cyber espionage. The response acted as the forerunner to a capability that became the NCSC, which was launched in 2016.

Today, state-sponsored cyber campaigns against other nations are common, particularly during periods of conflict and political unrest. The current Russia-Ukraine conflict is a prime example. Microsoft’s latest nation-state cybersecurity intelligence report revealed a wave of cyberattacks from an actor it calls “Cadet Blizzard” associated with the Russian GRU. These attacks, which began in February 2023, target government agencies and IT service providers in Ukraine. It also revealed “Cadet Blizzard” as a new Russian state-sponsored threat actor that targeted Ukraine before the Russian invasion began, likely in an attempt to weaken infrastructure ahead of the assault.

GCHQ fused intelligence capabilities with cybersecurity function for the first time

In June 2003, cyber experts were called upon to investigate after a government employee detected suspicious activity on one of their workstations, the NCSC wrote in a blog. At the time, there was no government agency set up to deal with cyberattacks, nor was there a dedicated national incident management function. A suspected phishing email was identified, so technical specialists sought help from the CESG – the information assurance arm of GCHQ at that time.

“CESG’s analysis discovered that malware, designed to steal sensitive data and evade anti-virus products, had been installed, raising suspicions about the attacker’s intent and setting in motion a series of actions that was transformative to cyber incident investigations,” the NCSC said. For the first time, GCHQ fused its signals intelligence capabilities with its cybersecurity function to investigate and identify the actor responsible.

The ground-breaking analysis, coupled with international engagement, led CESG…

Source…

Tag Archive for: revealed

Android Firmware And Beyond

Download Free CISO’s Guide to Avoiding the Next Breach

Cybercrime-for-hire

GCHQ fused intelligence capabilities with cybersecurity function for the first time