Tag Archive for: Shopping
CISA adds Android zero-day that infected Chinese shopping app to KEV catalog
An Android zero-day that exploited millions of devices via a Chinese ecommerce app was added Thursday to the catalog of known exploited vulnerabilities by the U.S. agency in charge of securing the nation’s cybersecurity and infrastructure.
The U.S. Cybersecurity and Infrastructure Security Agency was responding to reports in the press about the zero-day vulnerability and confirmation from researchers on the vulnerability’s authenticity.
About a week after Google removed Pinduoduo from its Play Store in late March, researchers at mobile security company Lookout confirmed for Ars Technica that the Pinduoduo app appeared to take control of devices, harvest data, and install other software, with millions of devices potentially impacted.
Google described the bug — CVE-2023-20963 — as a high-severity (7.8 CVSS score) privilege escalation flaw that targets Android’s framework component. The vulnerability affects Android 11, Android 12, Android 12L, and Android 13. CISA advised security teams to patch the bug immediately and civilian federal agencies have two weeks to patch the vulnerability.
The suspension by Google of Pinduoduo app comes at a time of increased tensions between the United States and China over the popular social media app TikTok, which some U.S. lawmakers and intelligence officials say could pose security threats.
CISA’s addition of CVE-2023-20963 to its Known Exploited Vulnerabilities (KEV) list aligns with our findings regarding exploitation of this vulnerability in the wild, said Justin Albrecht, threat intelligence researcher at Lookout. According to Lookout telemetry data, Albrecht said many of these victims were located outside of China, including victims within the United States.
Albrecht said the privileges gained by exploiting this vulnerability let the malicious code install apps and grant permissions, such as accessing notification content without user interaction; remove apps; make it impossible for the user to remove certain apps; infect third-party apps present on the device with malicious code; and access and manipulate data that is private to third-party apps.
“The prevalence of iOS and Android exploits continues to grow,” said Albrecht. “Recent…
Pinduoduo, a Top Chinese Shopping App, Is Laced With Malware
A United States Immigration and Customs Enforcement database WIRED obtained through a Freedom of Information Act request shows that the agency has been leaning on a certain type of administrative subpoena to collect data from elementary schools, abortion clinics, and other vulnerable populations. And new details about a recent supply chain attack against the VoIP software 3CX indicate that attackers—likely hackers working for the North Korean government—were targeting cryptocurrency companies in the broad assault.
We also looked at this week’s move by Italy’s data regulator, Garante per la Protezione dei Dati Personali, to temporarily stop OpenAI from incorporating Italians’ personal information into training data. In response, the company has currently stopped people in Italy from accessing its generative AI platform, ChatGPT. Meanwhile, we explored the dangerous missing security defense in the US agriculture sector and the nation’s food supply chain, and we went deep on the saga of a small US gadget blog that found troubling flaws in foreign security cameras and took on the Chinese surveillance industry to get them fixed.
In virtual private network news, the open source VPN Amnezia has been allowing users in Russia to stay one step ahead of the Kremlin’s inveterate censorship and digital control. And the Tor Project collaborated with the open source VPN maker Mullvad to create a new privacy-focused browser that incorporates the VPN of your choosing.
Plus, there’s more. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.
The Chinese ecommerce giant Pinduoduo has more than 750 million customers a month and sells a vast array of products and groceries. But cybersecurity researchers who analyzed the company’s Android app found that it is laced with invasive malware that exploits Android vulnerabilities to take control of users’ devices—gaining access to data from other apps, changing system settings, and monitoring people’s digital activity in a number of ways.
Current and former Pinduoduo employees told CNN that the company has a specific initiative to discover…
Hundreds of crimes reported near shopping centers in Memphis – FOX13 News Memphis
MEMPHIS, Tenn. — A shopper posted on Reddit that he went inside a Kroger store about 4 p.m. earlier this week.
He returned to his car to find out that the vehicle’s window was broken with the interior destroyed, even though there was security around.
He claimed that he learned shortly after the car break in, the crooks carjacked a woman across the parking lot.
”The criminal element, they see you way before you see them, and they count on that,” said Mike Collins, a crime analyst and retired Shelby County Sheriff detective. “That is part of their element of surprise.”
Police data showed that 166 crimes were reported this year within a half-mile of the Kroger shopping center at Poplar Avenue and Kirby Parkway, including 45 on just this block.
But it’s not only isolated to this location.
FOX13 learned that more than 500 crimes were reported in a half-mile radius of the Kroger store at Poplar Avenue and Highland Street. That includes about 80 just in this part of the shopping center.
Crimes at both spots range from shoplifting and theft to robbery and assault.
Collins said that those types of crime are not uncommon for shopping centers.
”They are ideal. That’s the exact hunting grounds for criminal activity, because people are bustling, moving in and out of those particular areas,” Collins said.
Collins encourages everyone to have their guard up when running errands.
He also encourages businesses to beef up security.
”Hopefully these businesses have mobile security, so they can move around and keep the criminal off balance,” Collins said.
Download the FOX13 Memphis app to receive alerts from breaking news in your neighborhood.
Trending stories:
©2022 Imagicomm Memphis, Inc.