Tag Archive for: Silent

Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft

/in


A dangerous vulnerability in Apple Shortcuts has surfaced, which could give attackers access to sensitive data across the device without the user being asked to grant permissions.

Apple’s Shortcuts application, designed for macOS and iOS, is aimed at automating tasks. For businesses, it allows users to create macros for executing specific tasks on their devices, and then combine them into workflows for everything from Web automation to smart-factory functions. These can then be shared online through iCloud and other platforms with co-workers and partners.

According to an analysis from Bitdefender out today, the vulnerability (CVE-2024-23204) makes it possible to craft a malicious Shortcuts file that would be able to bypass Apple’s Transparency, Consent, and Control (TCC) security framework, which is supposed to ensure that apps explicitly request permission from the user before accessing certain data or functionalities.

That means that when someone adds a malicious shortcut to their library, it can silently pilfer sensitive data and systems information, without having to get the user to give access permission. In their proof-of-concept (PoC) exploit, Bitdefender researchers were then able to exfiltrate the data in an encrypted image file.

“With Shortcuts being a widely used feature for efficient task management, the vulnerability raises concerns about the inadvertent dissemination of malicious shortcuts through diverse sharing platforms,” the report noted.

The bug is a threat to macOS and iOS devices running versions preceding macOS Sonoma 14.3, iOS 17.3, and iPadOS 17.3, and it is rated 7.5 out of a possible 10 (high) on the Common Vulnerability Scoring System (CVSS) because it can be remotely exploited with no required privileges.

Apple has patched the bug, and “we are urging users to make sure they are running the latest version of the Apple Shortcuts software,” says Bogdan Botezatu, director of threat research and reporting at Bitdefender.

Apple Security Vulnerabilities: Ever More Common

In October, Accenture published a report revealing a tenfold rise in Dark Web threat actors targeting macOS since 2019 — with the trend poised to continue.

The findings coincide with the emergence…

Source…

AI drives silent arms race in security field | News

/in


Artificial intelligence can provide a new frontline in the perpetual war between white-hat and black-hat hackers.

AI has the potential to be a game changer when it comes to digital security because of AI’s capability to detect threats, experts say. Its ability, thanks to algorithms and machine learning, to sift through an ocean of data to pinpoint and neutralize threats puts it far beyond human capability, perhaps offering an ever-alert, tireless sentinel safeguarding important digital fortresses.

“AI is akin to a double-edged sword. On the one hand, it’s the vigilant guardian of the digital realm,” Joseph Harisson, CEO of the Dallas-based IT Companies Network, said. “AI algorithms act like digital bloodhounds, sniffing out anomalies and threats with a precision that human analysts might miss.”

However, it’s that awesome power to quickly analyze large datasets that also makes AI a potent tool for criminals and other malicious actors.

“They use AI to craft more sophisticated cyberattacks, turning the hunter into the hunted,” Harisson said. “These AI-powered threats are like chameleons, constantly evolving to blend into their digital surroundings, making them harder to detect and thwart. It’s a perpetual cat-and-mouse game, with both sides leveraging AI to outmaneuver the other.”

Researchers are building computer networks that resemble the structure of the human brain, which leads to breakthroughs in AI research. This research isn’t just used to power cybersecurity, but enhance real-world security as well. Biometric research, such as fingerprints and facial recognition, helps law enforcement secure important sites like airports and government buildings. Security companies also use these technologies to secure their clients’ property. It’s even reached the home sector, with companies like Ring providing home security solutions.

Katerina Goseva-Popstojanova, professor at the Lane Department of Computer Science and Engineering at West Virginia University, said AI has been part of the…

Source…

Silent cyber coverage here to stay? New Jersey Appellate Court rejects insurers’ attempt to expand scope of the war exclusions to cyber claims

/in


The War and Hostile Action Exclusions have been standard exclusions in property and general liability policies for decades. With the rise of cyber claims, insurers have turned to these exclusions to deny coverage where the bad actor may have governmental roots. In a win for policyholders, the New Jersey Appellate Division rejected the insurers’ attempt to deny coverage and held that the hostile/warlike action exclusion did not apply to non-military, cyber-attack claims. See Merck & Co. v. ACE American Insurance Co.1 This ruling affirms the traditional scope of these exclusions and establishes that coverage under a commercial property policy for property damage caused by cyber-related incidents, colloquially known as “silent cyber” coverage, persists.

Merck & Co. v. ACE American Insurance Co.

On June 27, 2017, New Jersey pharmaceutical company, Merck & Co. (“Merck”), suffered a cyber-attack that left thousands of Merck’s computers damaged and encrypted by the malware known as NotPetya. The malware caused large-scale disruption to Merck’s business, resulting in $699,475,000 in losses. Although the exact origin of the malware was unknown, it was believed to have originated from the Russian Federation.

Merck tendered the claim to its all-risk property insurance carriers. The insurers reserved their right to deny coverage pursuant to hostile/warlike action exclusions and then subsequently denied coverage. Specifically, these exclusions exclude coverage for “loss or damage caused by hostile or warlike action” which was caused by “any government or sovereign power . . . or by military, naval or air forces . . . or by an agent of such government . . . .”2 The insurers argued that the word “hostile” should be broadly read to mean any antagonistic, unfriendly, or adverse action by a government or sovereign power, including the Russian Federation. Rejecting the insurers’ argument, the trial court held that the hostile/warlike action exclusions were inapplicable to the NotPetya related claims. The insurers appealed.

The New Jersey Court of Appeals Narrowly Construed the Hostile/Warlike Action Exclusion

On appeal, the Court looked to the plain and ordinary…

Source…

Ransomware : The Silent Threat to Data Security | by Shellmates Club | Sep, 2023

/in


released by our members : Ait Si Amer Sara, Belharda Aya ,Mechitoua Ikram

Ransomware, the dark specter of the digital realm, is a malevolent form of malware that thrives on fear. It operates by wielding a digital guillotine over its victims, either locking them out of their own data or encrypting it to an unreadable state. The malefactors behind ransomware attacks then exploit this digital stranglehold to demand a ransom for the safe return of the hostage data. This menacing digital charade often begins with a Trojan horse, a seemingly innocent file that dupes the user into downloading or opening it.

Ransomware’s arsenal of infiltration tactics includes:

  1. Phishing Emails Using Social Engineering: Attackers impersonate authority figures, crafting cunning phishing emails to trick employees into clicking malicious links.
  2. Malvertising and Exploit Kits: Malvertisements and exploit kits sow the seeds of ransomware through deceptive pop-ups and concealed malicious code. Exploit kits scan for vulnerabilities to initiate their attacks.
  3. Fileless Attacks: These stealthy techniques sidestep traditional antivirus solutions by exploiting system tools like PowerShell, eliminating the need for malicious files.
  4. Remote Desktop Protocol (RDP) Exploitation: Cybercriminals prey on RDP vulnerabilities to gain unauthorized access, surreptitiously leaving back doors for future maleficent endeavors.
  5. Targeting Managed Service Providers (MSPs) and Remote Monitoring and Management (RMM) Software: MSPs’ RMM software can become conduits for data breaches, imperiling both the MSP and its clients.
  6. Drive-By Downloads: Ransomware deploys drive-by attacks to exploit web browser vulnerabilities and infect devices without user interaction, often leading to data theft.
  7. Pirated Software: Illicit copies of software, bereft of automatic updates, provide fertile ground for ransomware proliferation.
  8. Network Propagation: Modern ransomware strains wield the power of self-propagation within networks, infecting multiple devices, and crippling organizations.
  9. Malware Obfuscation: Some ransomware groups employ open-source software protection tools to obfuscate their malware, complicating detection.
  10. Ransomware as a Service (RaaS) and…

Source…