Cybermiraki

08/05/2021

*Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy*

WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its new privacy policy rolling out on May 15, adding it will continue to keep reminding them to accept the new terms.

"No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service said in a statement.

The move marked a turnaround from its previous stance earlier this year when the company outlined plans to make the accounts inaccessible completely should users choose not to comply with the data-sharing agreement and opt not to have their WhatsApp account information shared with Facebook.

"If you haven't accepted by [May 15], WhatsApp will not delete your account. However, you won't have full functionality of WhatsApp until you accept," the company had previously said. "For a short time, you'll be able to receive calls and notifications, but won't be able to read or send messages from the app."

While the revised privacy policy is set to go into effect in exactly a week from today, WhatsApp won't disable the features for people who don't accept the changes. Instead, it will continue to push users into accepting the updates with a "persistent reminder" in return for a "limited functionality."

"You won't be able to access your chat list, but you can still answer incoming phone and video calls," WhatsApp said. "If you have notifications enabled, you can tap on them to read or respond to a message or call back a missed phone or video call." Ultimately, users failing to agree to the revised terms even after a few weeks of limited functionality will be prevented from receiving incoming calls or notifications, as well as messages to their devices.

28/04/2021

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.

The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

03/03/2021

New 'unc0ver' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3
********************************************
A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild.

The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its compatibility to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.

Tracked as CVE-2021-1782, the flaw is a privilege escalation vulnerability in the kernel stemming from a race condition that could cause a malicious application to elevate its privileges.

"We wrote our own exploit based on CVE-2021-1782 for to achieve optimal exploit speed and stability," Pwn20wnd said in a separate tweet.

The vulnerability has since been addressed by Apple as part of its iOS and iPadOS 14.4 updates released on January 26, 2021, but not before admitting that the issue may have been under active attack by bad actors.

The iPhone maker, however, did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.

Jailbreaking, similar to rooting on Google's Android, involves a privilege escalation that works by exploiting flaws in iOS to grant users root access and full control over their devices. In doing so, it allows iOS users to remove software restrictions imposed by Apple, thereby allowing access to additional customization and otherwise prohibited apps.

For its part, Apple has steadily made it difficult to jailbreak devices by locking down its hardware and software for security reasons, which it says helps counter malware attacks.

ZecOps CEO Zuk Avraham said the jailbreak is "yet another example that attackers have an edge on iOS vs. defenders," adding "[Apple] needs to stop the need to jailbreak the device in the first place and should just enable users to have full access without a need to run an exploit."

Last May, the unc0ver team released a similar jailbreak for iPhones running iOS 11 to iOS 13.5 by exploiting a memory consumption issue in the kernel (CVE-2020-9859). But it was patched by Apple in a matter of days with the release of iOS 13.5.1 to prevent the vulnerability from being exploited maliciously.

15/01/2021

Experts Uncover Malware Attacks Against Colombian Government and Companies
----------------------------------------->>
Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries.

In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed "Operation Spalax" — began in 2020, with the modus operandi sharing some similarities to an APT group targeting the country since at least April 2018, but also different in other ways.

The overlaps come in the form of phishing emails, which have similar topics and pretend to come from some of the same entities that were used in a February 2019 operation disclosed by QiAnXin researchers, and subdomain names used for command-and-control (C2) servers.

15/10/2020

India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why?

The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity.

With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have started relying more on technology and are busy fighting with the pandemic, the attackers now have plenty of options to target them more than ever.

According to PWC's April report, the number of security threats to the Indian company doubled in March 2020—especially what's more worrying is a 100% rise between March 17 and 20—from Jan 2020.

Sanjay Dhotre, the Union Minister of State for Electronics & Information Technology (MeITY), said that India has seen over 350,000 cyberattacks in the second quarter, triple the number of recorded events in the first quarter of 2020. He also highlighted that there were 700,000 cybersecurity incidents until August 2020.

26/08/2020

Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud

A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.

According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server.

The malicious iOS SDK has been named "SourMint" by Snyk researchers.

The Snyk research team has uncovered malicious behavior in a popular Advertising SDK used by over 1,200 apps in the AppStore which represent over 300 Million...

15/08/2020

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls.

The attack doesn't exploit any flaw in the Voice over LTE (VoLTE) protocol; instead, it leverages weak implementation of the LTE mobile network by most telecommunication providers in practice, allowing an attacker to eavesdrop on the encrypted phone calls made by targeted victims.

VoLTE or Voice over Long Term Evolution protocol is a standard high-speed wireless communication for mobile phones and data terminals, including Internet of things (IoT) devices and wearables, deploying 4G LTE radio access technology.

02/08/2020

17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested

A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive bitcoin scam.

According to the U.S. Department of Justice, Mason Sheppard, aka "Chaewon," 19, from the United Kingdom, Nima Fazeli, aka "Rolex," 22, from Florida and an unnamed juvenile was charged this week with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

Florida news channel WFLA has identified a 17-year-old teen named Graham Clark of Tampa Bay this week in connection with the Twitter hack, who probably is the juvenile that U.S. Department of Justice mentioned in its press release.

Graham Clark has reportedly been charged with 30 felonies of communications and organized fraud for scamming hundreds of people using compromised accounts.

On July 15, Twitter faced the biggest security lapse in its history after an attacker managed to hijack nearly 130 high-profile twitter accounts, including Barack Obama, Kanye West, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Uber, and Apple.

The broadly targeted hack posted similarly worded messages urging millions of followers of each profile to send money to a specific bitcoin wallet address in return for larger payback.

23/07/2020

Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions

An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information, cybersecurity firm Malwarebytes revealed in the latest report shared with The Hacker News.

The attacks were observed during the first week of July, coinciding the passage of controversial security law in Hong Kong and India's ban of 59 China-made apps over privacy concerns, weeks after a violent skirmish along the Indo-China border.

Attributing the attack with "moderate confidence" to a new Chinese APT group, Malwarebytes said they were able to track their activities based on the "unique phishing attempts" designed to compromise targets in India and Hong Kong.

The operators of the APT group have leveraged at least three different Tactics, Techniques, and Procedures (TTPs), using spear-phishing emails to drop variants of Cobalt Strike and MgBot malware, and bogus Android applications to gather call records, contacts, and SMS messages.

"The lures used in this campaign indicate that the threat actor may be targeting the Indian government and individuals in Hong Kong, or at least those who are against the new security law issued by China," the firm said.

Using Spear-Phishing to Install MgBot Malware

The first variant, observed on July 2, alerted recipients with the "gov.in" domain stating some of their email addresses had been leaked and that they are to complete a security check before July 5.

The emails come attached with a "Mail security check.docx" purportedly from the Indian Government Information Security Center. Upon opening, it employs template injection to download a remote template and execute a heavily obfuscated variant of Cobalt Strike.

23/07/2020

US Charges 2 Chinese Hackers for Targeting COVID-19 Research and Trade Secrets

The U.S. Department of Justice (DoJ) yesterday revealed charges against two Chinese nationals for their alleged involvement in a decade-long hacking spree targeting dissidents, government agencies, and hundreds of organizations in as many as 11 countries.

The 11-count indictment, which was unsealed on Tuesday, alleges LI Xiaoyu (李啸宇) and D**G Jiazhi (董家志) stole terabytes of sensitive data, including from companies developing COVID-19 vaccines, testing technology, and treatments while operating both for private financial gain and behalf of China's Ministry of State Security.

"China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being 'on call' to work for the benefit of the state, [and] to feed the Chinese Communist party's insatiable hunger for American and other non-Chinese companies' hard-earned intellectual property, including COVID-19 research," said Assistant Attorney General John C. Demers, who leads the DoJ's National Security Division.

17/07/2020

New Android Malware Now Steals Passwords For Non-Banking Apps Too

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps—in total 337 non-financial Android applications on it's target list.

Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

Chief among its features are stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps, in addition to being capable of hiding from antivirus software.

13/07/2020

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

https://youtu.be/GuGCfGSNmMQ