Weekly Cybersecurity News

We share this week’s important news of current events in the world of cybersecurity that directly or indirectly impact our lives as well as operations of businesses, various institutions and organizations, and governments-nation states in this highly digitalized and interconnected world.

Finland warns of Android malware attacks breaching bank accounts:

In Finland, authorities are warning about an Android malware campaign targeting online bank accounts. Scammers send SMS messages impersonating banks, instructing recipients to call a number and install a fake McAfee app, which is actually malware. Victims risk losing money from their bank accounts. The malware, suspected to be the Vultur trojan, uses smishing and phone call tactics. Users are advised to contact their bank and restore factory settings on infected devices.

Android bug leaks DNS queries even when VPN kill switch is enabled:

A critical Android bug has been found that causes DNS leaks on devices, even when VPN kill switches are enabled. Despite utilizing features like “Always-on VPN” and “Block connections without VPN,” Android devices still leak DNS queries when switching VPN servers or during app reconfigurations. This bug affects various Android VPN apps using the ‘getaddrinfo’ function. While users are suggested temporary fixes like setting up bogus DNS servers, the ultimate solution lies in fixing the OS to protect all Android users. The seriousness of DNS leaks poses significant privacy risks, prompting users to consider additional safeguards until Google resolves the bug.

Multiple Samsung Mobile Devices Flaw Let Attackers Execute Arbitrary Code:

Samsung has patched 25 vulnerabilities in its mobile devices to bolster them against potential code execution and privilege escalation attacks. These vulnerabilities, known as Samsung Vulnerabilities and Exposures (SVE) items, were disclosed in the company’s latest security bulletin. They span various components of Samsung devices, including the operating system, firmware, and proprietary software. Some of the patched flaws include an authentication bypass in the Setupwizard, an improper access control issue within the multitasking framework, and an improper authentication vulnerability in Samsung’s Secure Folder. Samsung urges users to update their devices to the latest software version to benefit from these security enhancements, which also include fixes from Google for issues related to the Android operating system.

20 New Vulnerabilities ‘Pose A Threat To All Xiaomi Users,’ Researchers Warn:

20 vulnerabilities have been discovered in Xiaomi smartphones, potentially allowing hackers to steal passwords and compromise social media accounts. These vulnerabilities are linked to Xiaomi’s deployment of Google’s Android operating system. Sergey Toshin, founder of Oversecured, the mobile security startup that identified the weaknesses, states that the flaws affect various software running on Xiaomi devices, including the settings app and Bluetooth software. The most serious vulnerabilities could grant attackers “system privileges,” enabling theft of user passwords and access to private files. Toshin emphasizes the need for Xiaomi to invest more resources in device security. Although Xiaomi has patched the vulnerabilities, concerns remain about the adequacy of its bug bounty program payouts compared to other companies like Google.

Novel attack against virtually all VPN apps neuters their entire purpose:

The TunnelVision attack, discovered by researchers, targets virtually all VPN applications, compromising their ability to maintain encrypted tunnels for Internet traffic. By manipulating the DHCP server, attackers can force VPN traffic outside the encrypted tunnel, allowing them to intercept, drop, or modify the data. This effectively exposes the victim’s traffic to potential snooping or tampering by attackers. The attack technique exploits DHCP option 121 to divert VPN traffic to the attacker’s server, bypassing the encrypted tunnel. While some mitigations exist, such as running VPNs on Linux or Android, complete fixes are challenging, leaving most VPN users vulnerable to this attack.

New ‘Cuckoo’ Persistent macOS Spyware Targeting Intel and Arm Macs

A new information-stealing malware have been found called Cuckoo targeting Apple macOS systems. It operates on both Intel- and Arm-based Macs and is distributed through websites offering applications for ripping music from streaming services. Cuckoo sets up persistence on infected hosts, gathers system information, and uses fake password prompts for privilege escalation. It poses a significant threat to macOS users, alongside other recent malware discoveries like CloudChat and Rload.

Privacy requests increased 246% in two years:

There has been a significant increase in privacy requests, particularly Data Subject Requests (DSRs), over the past two years, according to DataGrail’s 2024 Privacy Trends Report. Data deletion requests are the most common, accounting for over 40% of all DSRs, while access requests have also risen substantially. However, many organizations struggle to meet these requests efficiently, resulting in increased spending. The report also reveals that 75% of websites ignore Global Privacy Control (GPC) requests, indicating a lack of compliance with privacy preferences. Overall, consumers are increasingly seeking control over their personal data, leading to a surge in privacy requests across all industries.

Chinese network behind one of world’s ‘largest online scams’:

In one of the world’s largest online scams, a Chinese network has reportedly defrauded over 800,000 people in Europe and the US. The scam involved the creation of fake online designer shops offering discounted goods from luxury brands like Dior, Nike, and Prada. These fake shops tricked customers into sharing sensitive personal data and card details, with many customers receiving no goods in return. The operation appears to have started in 2015 and has processed over 1 million fake orders, potentially attempting to take as much as €50 million over the years. The network’s highly organized and ongoing nature raises concerns about data privacy and consumer protection.

Iranian hackers pose as journalists to push backdoor malware:

APT42, an Iranian state-backed threat actor, has been employing social engineering tactics, including posing as journalists, to breach the networks and cloud environments of Western and Middle Eastern targets. Using custom backdoors named “Nicecurl” and “Tamecat,” they initiate attacks through phishing emails, often impersonating media organizations and luring victims with conference-related documents or news articles. Once credentials are obtained, they infiltrate networks to steal sensitive information, utilizing techniques to evade detection such as clearing browser history and using VPNs and Cloudflare-hosted domains. The backdoors, Nicecurl and Tamecat, provide capabilities for command execution, data exfiltration, and system manipulation. This recent campaign highlights the ongoing threat posed by APT42 and underscores the importance of vigilance against sophisticated cyber espionage tactics.

Children must show ID to use social media:

Ofcom, the UK regulator, has proposed tough new age verification measures for social media platforms to protect children online. Under the plan, platforms like Facebook and Instagram would need to implement robust checks, such as requiring photo IDs like passports, to ensure users are over 13. Failure to comply could result in fines up to 10% of global turnover. The move follows concerns about harmful content online, particularly after the death of Molly Russell, who was exposed to self-harm content. Ofcom’s draft code also includes measures to filter harmful content and limit access to age-inappropriate material. The government supports these actions, aiming to create a safer online environment for children and hold tech companies accountable.

Published on Medium