The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis

Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments

Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments

August 12, 2022Ravie Lakshmanan
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's "Kinibi" Trusted Execution Environment (TEE). A TEE refers to a  secure enclave  inside the main processor that's used to process and store sensitive information such as cryptographic keys so as to ensure confidentiality and integrity. Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant. "Therefore, an attacker can bypass security fixes made by Xiaomi or MediaTek in trusted apps by downgrading them to unpatched
U.S. Government Offers $10 Million Reward for Information on Conti Ransomware Gang

U.S. Government Offers $10 Million Reward for Information on Conti Ransomware Gang

August 12, 2022Ravie Lakshmanan
The U.S. State Department on Thursday  announced  a $10 million reward for information related to five individuals associated with the Conti ransomware group. The reward offer, first  reported  by WIRED, is also notable for the fact that it marks the first time the face of a Conti associate, known as "Target," has been unmasked. The four other associates have been referred to as "Tramp," "Dandis," "Professor," and "Reshaev." The government, besides seeking information about the five operators that could lead to their identification or location, is also calling on people to share details about Conti and its affiliated groups  TrickBot  and  Wizard Spider . Since its rebrand from Ryuk to Conti, the transnational organized crime group has been linked to hundreds of ransomware incidents over the past two years. As of January 2022, the Russia-based ransomware-as-a-service (RaaS) operation is estimated to have hit over 1,000 entities, w
Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger

Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger

August 12, 2022Ravie Lakshmanan
Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature," Sara Su, product management director of Messenger Trust,  said . The incremental development comes a year after it  turned on E2EE  for audio and video calls on the messaging service as well as for one-on-one chats in Instagram, and enabled  encrypted chat backups  for WhatsApp on Android and iOS. E2EE is a secure communication mechanism that scrambles data in transit and prevents third-parties from unauthorizedly accessing information sent from one endpoint to another, including Meta. "This is because with end-to-end encryption, your messages are secured with a
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

August 12, 2022Ravie Lakshmanan
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier  CVE-2022-20866  (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. Successful exploitation of the flaw could allow an attacker to retrieve the RSA private key by means of a  Lenstra side-channel attack  against the targeted device. "If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic," Cisco warned in an advisory issued on August 10. Cisco noted that the flaw impacts only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later. Affected products are listed below -
Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered

Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered

August 12, 2022The Hacker News
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies — things like packet switching and TCP/IP — gave much consideration to the need to secure the data passing through it. But by 1989, hackers like Robert Morris had already spotted the security weaknesses of the fledgling global network and started to exploit them. And that was just the beginning. Today, network administrators and individual internet users spend significant amounts of time and money trying to keep their data safe from prying eyes. The de-facto tool most people use for that purpose is a VPN. It's a software encryption solution that prevents anyone from accessing data traversing the public internet other than its intended recipient. And VPNs make up a data privacy mark
Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

August 11, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  two flaws to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925  (CVSS score: 7.2) - Remote code execution (RCE) through mboximport from authenticated user (fixed in  versions  8.8.15 Patch 31 and 9.0.0 Patch 24 released in March) CVE-2022-37042  - Authentication bypass in MailboxImportServlet (fixed in  versions  8.8.15 Patch 33 and 9.0.0 Patch 26 released in August) "If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible," Zimbra  warned  earlier this week. CISA has not shared any information on the attacks exploiting the flaws but cybersecurity fi
Conti Cybercrime Cartel Using 'BazarCall' Phishing Attacks as Initial Attack Vector

Conti Cybercrime Cartel Using 'BazarCall' Phishing Attacks as Initial Attack Vector

August 11, 2022Ravie Lakshmanan
A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel  said  in a Wednesday report. These targeted campaigns "substantially increased" attacks against entities in finance, technology, legal, and insurance sectors, the company added. The actors in question include Silent Ransom, Quantum, and Roy/Zeon, all of which split from Conti after the ransomware-as-a-service (RaaS) cartel  orchestrated its shutdown  in May 2022 following its public support for Russia in the ongoing Russo-Ukrainian conflict. The advanced social engineering tactic, also called  BazaCall  (aka BazarCall), came under the spotlight in 2020/2021 when it was put to use by operators of the
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.