Why your organization should consider an MDR solution and five key things to look for in a service offering
The post Understanding Managed Detection and Response β and what to look for in an MDR solution appeared first on WeLiveSecurity
Webinar In the distant past, a master forger with a quill could fake a signature on the end of a letter but at least then you had time to consider the potential for fraud before any damage could be done. In the digital age of email, it's increasingly hard to spot a scam's threat to your security and react in time.β¦
Unidentified miscreants have siphoned cryptocurrency valued at more than $1.5 million from Bitcoin ATMs by exploiting an unknown flaw in digicash delivery systems.β¦
Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies βΒ but not before more than 9,000 users installed the account-compromising bot.β¦
Eight very B-list celebrities have agreed to cough up fines after being accused of shilling a cryptocurrency without disclosing they were paid to do so, while the chap who apparently paid them has been charged with fraud.β¦
South Korea's Personal Information Protection Commission has fined McDonald's, British American Tobacco, and Samsung for privacy breaches.β¦
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.
In November 2022, researchers at Googleβs Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device.
Google said it believes the exploit chain for Samsung devices belonged to a βcommercial surveillance vendor,β without elaborating further. The highly technical writeup also did not name the malicious app in question.
On Feb. 28, 2023, researchers at the Chinese security firm DarkNavy published a blog post purporting to show evidence that a major Chinese ecommerce companyβs app was using this same three-exploit chain to read user data stored by other apps on the affected device, and to make its app nearly impossible to remove.
DarkNavy likewise did not name the app they said was responsible for the attacks. In fact, the researchers took care to redact the name of the app from multiple code screenshots published in their writeup. DarkNavy did not respond to requests for clarification.
βAt present, a large number of end users have complained on multiple social platforms,β reads a translated version of the DarkNavy blog post. βThe app has problems such as inexplicable installation, privacy leakage, and inability to uninstall.β
Update, March 27, 1:24 p.m. ET: Dan Goodin over at Ars Technica has an important update on this story that indicates the Pinduoduo code was exploiting a zero-day vulnerability in Android β not Samsung. From that piece:
βA preliminary analysis by Lookout found that at least two off-Play versions of Pinduoduo for Android exploited CVE-2023-20963, the tracking number for an Android vulnerability Google patched in updates that became available to end users two weeks ago. This privilege-escalation flaw, which was exploited prior to Googleβs disclosure, allowed the app to perform operations with elevated privileges. The app used these privileges to download code from a developer-designated site and run it within a privileged environment.
βThe malicious apps represent βa very sophisticated attack for an app-based malware,β Christoph Hebeisen, one of three Lookout researchers who analyzed the file, wrote in an email. βIn recent years, exploits have not usually been seen in the context of mass-distributed apps. Given the extremely intrusive nature of such sophisticated app-based malware, this is an important threat mobile users need to protect against.β
On March 3, 2023, a denizen of the now-defunct cybercrime community BreachForums posted a thread which noted that a unique component of the malicious app code highlighted by DarkNavy also was found in the ecommerce application whose name was apparently redacted from the DarkNavy analysis: Pinduoduo.
A Mar. 3, 2023 post on BreachForums, comparing the redacted code from the DarkNavy analysis with the same function in the Pinduoduo app available for download at the time.
On March 4, 2023, e-commerce expert Liu Huafang posted on the Chinese social media network Weibo that Pinduoduoβs app was using security vulnerabilities to gain market share by stealing user data from its competitors. That Weibo post has since been deleted.
On March 7, the newly created Github account Davinci1010 published a technical analysis claiming that until recently Pinduoduoβs source code included a βbackdoor,β a hacking term used to describe code that allows an adversary to remotely and secretly connect to a compromised system at will.
That analysis includes links to archived versions of Pinduoduoβs app released before March 5 (version 6.50 and lower), which is when Davinci1010 says a new version of the app removed the malicious code.
Pinduoduo has not yet responded to requests for comment. Pinduoduo parent company PDD Holdings told Reuters Google has not shared details about why it suspended the app.
The company told CNN that it strongly rejects βthe speculation and accusation that Pinduoduo app is malicious just from a generic and non-conclusive response from Google,β and said there were βseveral apps that have been suspended from Google Play at the same time.β
Pinduoduo is among Chinaβs most popular e-commerce platforms, boasting approximately 900 million monthly active users.
Most of the news coverage of Googleβs move against Pinduoduo emphasizes that the malware was found in versions of the Pinduoduo app available outside of Googleβs app store β Google Play.
βOff-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect,β a Google spokesperson said in a statement to Reuters, adding that the Play version of the app has been suspended for security concerns.
However, Google Play is not available to consumers in China. As a result, the app will still be available via other mobile app stores catering to the Chinese market β including those operated by Huawei, Oppo, Tencent and VIVO.
Google said its ban did not affect the PDD Holdings app Temu, which is an online shopping platform in the United States. According to The Washington Post, four of the Apple App Storeβs 10 most-downloaded free apps are owned by Chinese companies, including Temu and the social media network TikTok.
The Pinduoduo suspension comes as lawmakers in Congress this week are gearing up to grill the CEO of TikTok over national security concerns. TikTok, which is owned by Beijing-based ByteDance, said last month that it now has roughly 150 million monthly active users in the United States.
A new cybersecurity strategy released earlier this month by the Biden administration singled out China as the greatest cyber threat to the U.S. and Western interests. The strategy says China now presents the βbroadest, most active, and most persistent threat to both government and private sector networks,β and says China is βthe only country with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do so.β
Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers β including one critical command execution vulnerability.Β β¦
Police in Ecuador are investigating attacks on media organizations across the country after a journalist was injured by an exploding USB flash drive.β¦
Remember the Who Targets Me browser extension from privacy activists at Noyb? The group yesterday filed explosive complaints based on log records from the extension that claim six of Germany's political parties broke European data law when they targeted voters on Facebook's adtech platform.β¦
A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.β¦
India's rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15 entities/β¦
Russian president Vladimir Putin and his Chinese counterpart Xi Jinping have set themselves the goal of dominating the world of information technology.β¦
BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace's alleged chief administrator.β¦
Microsoft has torn the wraps off its multi-cloud security benchmark (MCSB), which replaces the four-year-old Azure Security Benchmark. Crucially, as the name suggests, it now has usage and configuration guidance that reaches into rival environments.β¦