Hackers Review - Get The Latest CyberSecurity News Headline Today

Vulnerability in Apple Pay allows payment with locked iPhone

2021-09-30T03:19:00.003-07:00

A vulnerability in Apple Pay with a linked Visa credit card makes it possible to make payments with a locked iPhone. An attacker therefore only needs to have a stolen iPhone to carry out transactions. However, the transactions can also be carried out via an iPhone in someone's bag, according to researchers from the University of Birmingham and the University of Surrey.

The vulnerability occurs when " Express Transit " is set up for a Visa credit card in the Apple Wallet. Express Transit is an option that allows users to make contactless payments without unlocking their phone or opening an app. There is also no authentication required such as Face ID, fingerprint or a pass code, just placing the device near a contactless reader is sufficient. For example, the option is used in public transport to allow travelers to pay for their journey at the entrance gates.

Using simple radio equipment, the researchers were able to identify a code that is emitted through access gates. This code unlocks Apple Pay so that the traveler can pay via their phone. However, the code can also be used to influence the signals between the iPhone and a store's card reader.

By broadcasting the code and modifying other fields in the protocol used, the researchers tricked the iPhone into thinking it was communicating with a gateway, when in reality it was communicating with a store's card reader. At the same time, the researchers convinced the card reader that the iPhone had completed user authorization, allowing any amount to be withdrawn without the user's knowledge, the researchers said. They add that an attacker does not need cooperation from the store.

According to the research team, the problem lies with both Apple and Visa, but neither party wants to take responsibility and roll out a solution, leaving users still vulnerable. The problem does not occur with Mastercard on iPhones or Visa in combination with Samsung Pay. Apple Pay with Visa users can verify that Transit Express is enabled and disable it if desired.

"There's no reason for Apple Pay users to be at risk, but until Apple and Visa resolve this, they will," said study researcher Tom Chothia. In the video below, the researchers demonstrate how to make a payment of a thousand pounds via a locked iPhone.

watch POC from here

German government starts research into Chinese smartphones

2021-09-28T05:40:00.002-07:00

Following the lead of the Lithuanian government, the German government has launched an investigation into Chinese smartphones. Recently, Lithuania's National Cyber Security Center warned about censorship software in Xiaomi's phones and identified several security vulnerabilities.

It appears that the Mi Browser on the phones collects 61 different parameters about the use of the device. The device also has a content filter. For example, the phone periodically receives a list of banned words in Chinese, including about Tibet and Taiwan. However, the content filter is disabled in the phones the researchers analyzed in Lithuania.

Following the Lithuanian investigation, the Bundesamt für Sicherheit in der Informationstechnik (BSI), part of the German Ministry of the Interior, has launched its own investigation. Earlier, several German politicians had already called for such an investigation. A BSI spokesperson told the German Tagesschau that phones from Xiaomi or other Chinese manufacturers are not used by the federal authorities.

Security.NL previously reported that the VVD has asked outgoing Minister Grapperhaus of Justice and Security to have the Telecom Agency or the National Cyber Security Center conduct an investigation in the short term into the possible presence of censorship software on Xiaomi phones. The minister has not yet responded to the request.

Chinese Central Bank Declares All Crypto Transactions Illegal

2021-09-24T06:47:00.003-07:00

The Chinese government today declared all financial transactions involving cryptocurrencies illegal and declared a national ban on crypto mining. Foreign crypto exchanges that offer services in China are also no longer allowed and are considered an illegal financial activity. In addition, investigations will be launched into employees of foreign crypto companies. Domestic crypto exchanges have been banned in China for years.

Furthermore, the Bank of China reiterated that financial institutions and non-banking institutions are not allowed to offer services and activities related to cryptocurrencies. The bank also claims that it has improved systems to monitor crypto-related transactions and prevent speculative investments.

The announcement of the Chinese central bank caused a drop in bitcoin price. The bank also mentions bitcoin and ethereum by name and states that they are issued by "non-monetary authorities" and cannot be used as currencies in the market. The Chinese central bank previously tested its own digital currency, but it is not mentioned.

Furthermore, several Chinese government agencies have announced that they will tackle crypto mining in the country to meet climate goals, among other things. In addition, crypto mining would hardly contribute to China's economic growth and consume large amounts of energy. As part of the approach, the Chinese regime wants to cut off financial support and energy supplies for crypto mining.

Nijmegen citizen who sold crypto telephones sentenced to 54 months in prison

2021-09-22T09:10:00.003-07:00

A 41-year-old man from Nijmegen who offered and traded crypto telephones for criminal use through his company Ennetcom has been sentenced today to 54 months in prison. According to the court, it is established that the man was targeting criminals with his company and that they actually used the crypto telephones supplied. There were about 40,000 smartphones supplied by Ennetcom in circulation worldwide.

For example, users could request to have their phone wiped remotely if they were stopped by the police. Messages were also automatically deleted after 24 or 48 hours. It also appeared that the company was trying to find out the method of the Netherlands Forensic Institute (NFI) to 'crack' telephones.

"Apparently, the product development of the company was therefore aimed at staying ahead of the investigative authorities. Together, these factors mean that the company has developed a product that was attractive to criminals and also specifically intended for them," said the judge . A sample of the content of messages sent over the phones found that an average of about 75 percent was criminally related.

In addition, it was found that almost all of the users of the 800 email addresses identified at the time of the analysis were known in the police systems on the basis of long-term involvement in various forms of serious and organized crime. Furthermore, data of buyers was not recorded. Something that, according to the judge, was necessary when offering such a product.

In addition to the Nijmegen resident, a 36-year-old woman who, as an office manager, was responsible for accounting for the company was sentenced to a three-month suspended prison sentence and 180 hours of community service. The court finds it proven that she has issued false invoices for the company.

Operation

The operation against the company took place in April 2016 . During the investigation, the High Tech Crime Team of the police gained insight into the servers on which all data traffic was managed. These servers were taken down and copied. About 19,000 users of the cryptophones were automatically notified that the system had been copied by the police and under investigation.

The report further explained that the investigation focused on individuals suspected of serious crimes. For example, users who could invoke the right of nondisclosure could make this known. There was no response to this call, police said.

In the investigation into the 3.6 million encrypted messages found on the servers, the police collaborated with the NFI. The large amount of information could be searched using the forensic search engine Hansken. It involved a total of seven terabytes of data that was secured on Ennetcom's central server in Canada.

Ransomware attack on Marketron hits thousands of media companies

2021-09-22T06:08:00.000-07:00

A ransomware attack on business software provider Marketron has hit thousands of media and broadcasters. Marketron provides advertising solutions that allow businesses to monetize their website visitors and traffic. Marketron claims to have 6,000 media and broadcasting companies worldwide as customers that use the company's services on a daily basis.

In the US market alone, these solutions would handle $5 billion in ad revenue from more than one million advertisers. In an email to customers, Marketron says that the victim is the BlackMatter ransomware group. These criminals are also behind the attack on the American agricultural cooperative New Cooperative .

All Marketron customers have been affected by the attack, CEO Jim Howard said in the email. At the time of writing, several Marketron products and services are offline, including the advertiser and traffic portal. The services for all customers who have their traffic managed by Marketron have also been affected, the status page shows. It is unknown when the services will be back online. Marketron says it is in the process of restoring the affected systems. How the attackers managed to gain access to the systems is unknown.

US takes sanctions against crypto exchange for facilitating ransomware groups

2021-09-22T02:07:00.006-07:00

The US Treasury Department has sanctioned a crypto exchange for the first time for facilitating the transactions of ransomware groups. According to the ministry, an analysis of the transactions of crypto exchange Suex shows that at least eight ransomware groups have facilitated and that more than 40 percent of the transactions are associated with criminal parties.

“Crypto-exchanges such as Suex play a vital role in the profitability of ransomware attacks, which finance other cybercriminal activities. The ministry will hold and disrupt these parties to remove the incentive for cybercriminals to carry out these attacks,” it said. ministry. The sanctions imposed will ban Americans from doing business with Suex and freeze all of the company's assets under US jurisdiction.

According to Chainanalysis, which was involved in the crypto exchange investigation, Suex has received more than $160 million from ransomware groups and other cybercriminals. The company is registered in the Czech Republic, but would not have a physical office there. Instead, it operates out of Russia and the Middle East, where it converts cryptocurrencies into physical money, according to Chainanalysis.

The US Treasury Department states that some crypto exchanges are an indispensable part of the ransomware ecosystem. As part of a government-wide approach to ransomware, these crypto exchanges are now also being looked at. The US authorities have indicated that they do not rule out sanctions against other crypto exchanges.

Firefox starts test among users with Bing as default search engine

2021-09-21T08:35:00.000-07:00

Mozilla has launched a new test among Firefox users where it sets Bing as the default search engine. At the moment, Google is still the default search engine for most Firefox users. Mozilla has entered into an agreement with Google for this. This agreement was extended last year by the Firefox developer. Google would pay Mozilla an estimated amount of between 400 million and 450 million dollars per year for this.

As part of the current experiment , one percent of Firefox users will set Microsoft Bing as their default search engine on their desktop. The experiment started at the beginning of this month and will probably be completed by the end of January next year, Mozilla says on its website. The test was also announced on Twitter , making it clear that users can also change the search engine setting themselves . Why Mozilla runs the test with Bing as the search engine is unknown.

Apple closes critical vulnerabilities in Bluetooth and Face ID in iOS

2021-09-21T04:35:00.000-07:00

Apple has released security updates for iOS and iPadOS that fix multiple critical vulnerabilities that could allow attackers to gain access to iPhones and iPads. The vulnerabilities are present in Bluetooth and Face ID, among other things.

Recently, Apple released iOS 14.8 and iPadOS 14.8 that fixed two actively attacked zero-day vulnerabilities in the operating systems. Now Apple says that these updates fix many more vulnerabilities than initially indicated. Something Apple does often. In addition to the two zero-day vulnerabilities mentioned above, eleven other vulnerabilities have been fixed.

This includes a vulnerability in bluetooth referred to as CVE-2021-30820. This Bluetooth vulnerability allows an attacker to remotely execute arbitrary code on iPhones and iPads. However, further details are not provided by Apple. To the best of our knowledge, the vulnerability has not been exploited.

Furthermore, several vulnerabilities in the FontParser of iOS and iPadOS have been fixed. Processing a malicious font makes it possible for an attacker to execute arbitrary code. Furthermore, several vulnerabilities in WebKit, the Apple-developed browser engine that Safari and all other browsers on iOS use, have been fixed.

Due to the vulnerabilities, just visiting a malicious website is enough for an attacker to run arbitrary code on the system. No further user interaction is required. This is also known as a drive-by download attack.

IOS on iPadOS 15

In addition to the additional information about iOS and iPadOS 14.8, Apple has also rolled out iOS and iPadOS 15 . These releases fix several vulnerabilities not listed in iOS and iPadOS 14.8. This includes a vulnerability in Face ID that allows an attacker with a 3D model to bypass the facial scan of iPhones and iPads to gain access to the device. No further details about the leak are provided by Apple, other than Face ID's anti-spoofing models have been improved.

Furthermore, it was possible for a local attacker with access to a locked device to view contact details via Siri. A vulnerability in the Wi-Fi functionality of iPhones and iPads made it possible for an attacker close to a user to connect them to a malicious Wi-Fi network during device setup. The updates for iOS and iPadOS are available through iTunes and the Software Update feature.

EFF: WhatsApp must make end-to-end encrypted backups by default

2021-09-19T01:27:00.002-07:00

WhatsApp recently announced the arrival of end-to-end encrypted backups, but if it is up to the American civil rights movement EFF, this will become standard for all users. Currently, users can store backups of their chat history in Google Drive and Apple iCloud, but this data is not end-to-end encrypted, allowing the cloud provider to access it.

The EFF, therefore, advises WhatsApp users not to store backups in the cloud and to discourage this from friends. However, this changes with end-to-end encrypted backups, as Apple and Google will no longer be able to access the contents of WhatsApp backups. However, this is optional and the EFF thinks WhatsApp should make it the default for all users.

In addition, the civil rights movement is using the announcement to sneer at Apple. "This privacy win by WhatsApp, owned by Facebook, is in stark contract with Apple, which is under fire for plans to scan photos minors send via iMessage, as well as any photo Apple users upload to iCloud," the EFF said. The organization adds that iCloud backups are also not end-to-end encrypted. "WhatsApp raises the bar and Apple and others should follow suit."

A tool for testing the hardware security of Apple mobile processors has been developed

2021-09-17T04:22:00.002-07:00

A team of researchers from North Carolina State University created a tool to study vulnerabilities in Apple mobile processors and used the results to test a CPU cache fetch attack.

Using an exploit known as checkm8 as a starting point, the researchers implemented a BootROM tool to test the Apple A10 Fusion-on-a-chip (SoC) system, and then developed a new CPU cache pull attack based on the Prime + Probe method.

The checkm8 exploit works on most iPhone models (from iPhone 5 to iPhone X), but researchers focused on the iPhone 7, which was Apple's most ubiquitous mobile device on the market in 2019 when the study began.

The new tool, dubbed openc8, has new extensions to ensure its reliability for extensive hardware safety research. The open source tool includes downloading a handler shell to a device that supports installing and executing the payloads.

Openc8 includes build and boot support on pongoOS (the open source version of the checkra1n toolkit), which introduces updated drivers for iPhone hardware. Scientists also used the Sandcastle project for their research, as it supports pongoOS modules and a patched Linux kernel that can be loaded on the iPhone 7.

The developed attack, dubbed iTimed, involves the synchronous launch of AES encryption using known plaintexts. It is also assumed that the attacker and the victim are in the same core, and the virtual address of the t-tables is known. According to the researchers, the new attack method could easily outperform classical methods when it comes to recovering key material, as only half of the typical amount of side-channel traces is required.

Scientists told Apple about their findings in July last year. The iTimed toolkit is available on GitHub.

12 years in prison for man who bribed AT&T employees to install malware

2021-09-17T02:17:00.004-07:00

A Pakistani man who managed to remove the SIM locks from nearly two million telephones for seven years, including through malware on systems of telecom provider AT&T, has been sentenced in the United States to twelve years in prison.

The man started his practice in 2012 by recruiting AT&T employees at a call center in Washington. He had them remove the SIM locks from a large number of telephones. The phones could thus be resold and used by other telecom providers, which the Pakistani man earned.

In 2013, AT&T implemented a new system that made it more difficult for bribed employees to remove the SIM locks. The Pakistani man then had a software developer develop malware that could be installed on AT&T systems and that would allow him to remotely remove the SIM locks from phones more effectively and in greater numbers.

To develop this malware, the man had bribed AT&T employees install other malware on the telecom provider's systems, collecting information that the software developer used to develop its malware. An AT&T investigation found that the Pakistani man and his accomplices unlocked more than 1.9 million phones over seven years. As a result, the telecom provider would have lost more than $ 201 million in revenue because customers no longer paid the remaining amount for their phone.

AT&T offers customers plans that include telephone. By removing the SIM lock, the phone can also be used on other telecom networks and the owner no longer has to pay AT&T for the purchase of the phone, according to the US Department of Justice. The judge also ordered the man to pay AT&T $200 million in damages.

Facebook has secretly created a system that exempts VIP users of the social network from its key rules

2021-09-15T12:52:00.001-07:00

Although the founder of the social network, Mark Zuckerberg, has publicly stated that Facebook does not distinguish political, cultural and journalistic elites among its three billion users and that its standards are the same for everyone, this is simply not the case, writes WSJ.

As the publication specifies, the control of the records of such users is carried out by a special program known as "cross-checking" or XCheck. Some users are directly whitelisted and completely exempt from Facebook sanctions (for example, from being banned), while others are allowed to immediately publish content that violates the rules, subject to further approval by Facebook employees.

Users monitored by this program, without any sanctions, published posts with statements about the lethality of the coronavirus vaccine, about Hillary Clinton's connection with a secret organization of pedophiles and quoted Donald Trump, who called "animals" seeking asylum in the United States.

The documents show that there were at least 5.8 million accounts in XCheck in 2020. The internal guidelines on the acceptability of cross-validation set out criteria for whitelisting, including "decent press coverage" and "influence or popularity". The program reaches out to virtually everyone who appears regularly in the media or has a significant online following, including movie stars, talk show hosts, academics, and high-follower bloggers.

The WSJ explains how Internet scandals involving famous personalities have occurred with the help of Facebook "exceptions". So, in 2019, footballer Neymar posted nude photos of a woman who accused him of rape. The post was viewed by tens of millions of users before it was deleted by Facebook. Other whitelisted accounts have repeatedly posted inflammatory claims that Facebook's verification services have already been deemed fake, including the deadly harm of Covid-19 vaccines and a "pedophile conspiracy" involving Hillary Clinton.

Facebook contacted some of the VIPs who violated the platform's policy and gave them a 24-hour “self-fix” window to remove content that violates the rules on their own, the newspaper writes.

The WSJ found out that this type of verification was introduced in order to improve the reputation, since there had been a number of incidents with illegal blocking of accounts of famous personalities in the past.

Xiaomi has removed restrictions on the operation of all smartphones that have been blocked in a number of countries and regions

2021-09-15T08:48:00.001-07:00

Xiaomi said that blocking phones in countries and territories that are under sanctions was a “temporary measure” to combat device smuggling. A company spokesman told the Global Times.

Some devices activated in regions where the Chinese manufacturer does not officially supply them, for example, in Cuba or Crimea, were previously blocked.

Xiaomi explained that they blocked some smartphones as part of the investigation of smuggling operations, but now all these devices can be used again without hindrance. The company does not officially supply gadgets to a number of regions such as Crimea, Cuba, North Korea or Sudan.

The countries and regions included in the list are subject to US export sanctions. After being blocked, the user was informed that it was Xiaomi's policy not to authorize the sale of the product or its provision in the territory in which it was attempted to be activated.

Earlier we reported that Xiaomi users are faced with more frequent cases of blocking their devices in Cuba, Iran, Syria, North Korea, Sudan, as well as Crimea. Cuban media have confirmed these reports. At the same time, the Russian representative office of Xiaomi, as well as Rospotrebnadzor, informed that they had not received complaints in connection with such cases.

46% of connected databases contain dangerous vulnerabilities

2021-09-15T06:46:00.006-07:00

Researchers in the field of cybersecurity from Imperva analyzed 27 thousand databases and reported that about 12 thousand of them (46%) contain dangerous and critical vulnerabilities.

“Too often, organizations overlook database security because they rely on their own security practices or on local databases to store sensitive information,” the experts explained.

According to the study, 61% of scanned databases in the UK contained at least one vulnerability, while on average there were 37 vulnerabilities per database. According to experts, many organizations do not prioritize the security of their data and neglect "routine" patching. Some CVEs go unnoticed for three or more years.

Brazil showed the best results in the study - only 19 percent of databases contain one or more vulnerabilities, and an average of 14 problems for each scanned database. In the United States, 37% of databases contain vulnerabilities, with an average of 25 problems per database.

Regional analysis revealed significant differences between countries, with some countries having a much larger number of vulnerable databases, such as France (84%), Australia (65%) and Singapore (64%). In Germany and Mexico, a relatively small number of vulnerable databases were found (19% in each country), but the average number of vulnerabilities was much higher (64 and 70, respectively).

Fake Press Release Leads to 35% Increase in Litecoin Value

2021-09-15T02:46:00.000-07:00

Walmart said a false press release was issued on its behalf on GlobeNewswire, which immediately spread to news outlets. After that, the cost of Litecoin skyrocketed by 35%. This spike occurred in less than 15 minutes. Soon after, it dropped again to $ 175 in a matter of minutes.

“We had no idea about the press release published by GlobeNewswire. It contains absolutely false information, ”a company spokesman told Reuters.

GlobeNewswire representatives clarified that a fraudulent account was used to publish the release. “We haven't had anything like this before. We have taken measures to strengthen the verification of sources so that this does not happen again, ”they said.

The Litecoin Foundation tweeted that it has no information on where the controversial press release came from.

The foundation is a non-profit organization that promotes the aforementioned token and is run by litecoin creator Charlie Lee, who told Reuters that he is conducting its own investigation, but so far without much success.

Google actively fixes attacked zero-day leaks in Chrome

2021-09-15T00:41:00.005-07:00

Google Chrome users have been warned about two zero-day browser vulnerabilities that have been actively used in attacks. Google has since released security updates to fix the vulnerabilities. This brings the total number of zero-day leaks resolved this year to ten.

The vulnerabilities, designated CVE-2021-30632 and CVE-2021-30633, are present in V8 and the Indexed DB API. V8 is the JavaScript engine that Chrome and other browsers use to run JavaScript. Indexed DB is a programming interface for storing data within the browser. The impact of both vulnerabilities has been rated "high".

This concerns vulnerabilities that allow an attacker to execute code within the context of the browser. It is then possible, for example, to read or adjust data from other websites. Vulnerabilities to escape from the Chrome sandbox are also included. The vulnerability in itself is not sufficient to take over a system. This would require a second vulnerability, for example in the underlying operating system.

Details about the observed attacks, such as the number of victims, when the attacks took place and how, were not provided by Google. The tech company was briefed on the vulnerabilities on September 8 by an anonymous security researcher.

Users are advised to update to Google Chrome 93.0.4577.82 , which is available for Linux, macOS, and Windows. This will happen automatically on most systems. Microsoft Edge Chromium, like Chrome, is based on the Chromium browser. It is expected that Microsoft will soon come up with an update for its own browser.

Below is an overview of the ten zero-day leaks in Google Chrome and when they were fixed. It was recently revealed that Google has registered a record number of zero days this year .

CVE-2021-21148 - 4 february
CVE-2021-21166 - March 2
CVE-2021-21193 - March 12
CVE-2021-21220 - 13 april
CVE-2021-21224 - 20 april
CVE-2021-30551 - 9 juny
CVE-2021-30554 - 17 juny
CVE-2021-30632 - 13 sept
CVE-2021-30633 - 13 sept

Scientists have learned to look through walls with a laser

2021-09-13T07:56:00.001-07:00

It is impossible to see with the naked eye what is happening around the corner of the house, but with the help of modern technology, almost nothing is impossible. Technologies that ensure the visibility of objects that are out of sight (the so-called non-line-of-sight or NLOS) are of great interest to manufacturers of unmanned vehicles, because with their help the car will be able to "see" what is happening around the corner, before how will turn.

A team of researchers at Stanford University's Computational Imaging Lab has taken a big step forward in NLOS technology - finding a way to see through walls using a laser and a keyhole.

Currently, NLOS systems are not widely used, but in the future they can be used by rescue services to identify people after disasters, as well as in medicine to obtain improved images of internal organs of patients. The NLOS concept has proven its worth more than once, but current technologies are too slow to be effective enough.

In the past, experiments with NLOS have only been done on flat, reflective surfaces. The researchers exposed these surfaces to pulsed light beams (usually laser), captured the reflected beams, and analyzed what was behind the flat surface.

The Stanford University study does not solve the problem of speed, but it works under more varied conditions. The researchers simply shone a laser beam through the keyhole at a point on the wall. The photons from this beam scattered, "jumping" around the room and all the objects in it. After a while, a small number of photons returned through the keyhole, but they were not enough to determine what was in the room.

The experiment found that moving objects changed the pulsation of laser beams so that researchers could obtain enough data that, after being processed using artificial intelligence algorithms, gave a satisfactory idea of the objects in the room.

The REvil group has returned

2021-09-13T03:54:00.004-07:00

The ransomware group REvil, which disappeared from sight a few months ago, has returned to activity and is attacking companies again. The first signs of activity groups appeared on last week, when the portal REvil in darknet again earned .

REvil entered the ransomware scene in 2019 and became widely known for attacks on a number of large companies, including JBS and Kaseya, from which they demanded multimillion-dollar ransoms to recover encrypted data.

The group turned off its web infrastructure after a massive attack on the American company Kaseya, which affected thousands of enterprises in several countries around the world. The ransomware demanded $ 50 million from the company for a universal decryptor. In late July, Kaseya announced that it had received the decryption key from a "third party".

For almost two months, nothing was heard about the group, but on September 7, the payment site and the site of leaks REvil returned online with the same list of victims, and on September 9, a new version of the REvil ransomware was uploaded to VirusTotal, compiled on September 4.

According to a message on one of the hacker forums, the group has a new public representative instead of the administrator of REvil, who uses the pseudonym Unknown (or UNKN). According to a new spokesman known as REvil, the group has temporarily ceased operations due to suspicions that Unknown has been arrested and the servers have been compromised. He also said that the universal decryptor obtained by Kaseya simply "leaked" due to an error during key generation, and not after a law enforcement operation, as previously thought.

Epic Games vs. Apple Sentenced

2021-09-13T01:54:00.001-07:00

On Friday, September 10, a California court ruled that the company can no longer prevent developers from posting "buttons, external links" to third-party payment services in the App Store. The court issued a permanent injunction. It will come into effect in December.

The decision was made by US Federal Judge Yvonne Gonzalez Rogers during a lawsuit between Apple and the developer of the popular game Fortnite - Epic Games. At the same time, Apple won 9 out of 10 points in the claim that Epic Games brought against it. The latter wanted through the courts to get permission to bypass Apple's payment system with its 30% commission for users of the game Fortnite. Epic Games also demanded that Apple be recognized as a monopoly, which could have dire consequences for the company.

The court refused to recognize Apple as a monopoly and dismissed all other Epic claims.

The New York Times calls the decision a serious blow and loss for Apple: the lost commission will affect the profits of the Californian company and can turn the online market worth $ 100 billion. come to an end.

Hacker returned more than $ 17 million to Cream Finance

2021-09-12T16:13:00.005-07:00

The attacker who hacked the Cream Finance DeFi protocol returned 5.15 thousand Ethereum to the creators of the project (approximately $ 17.5 million at the current exchange rate). This was announced on Twitter by the analytical company PeckShield.

The Cream Finance project was compromised on August 30 this year. As a result of the attack, the project lost more than $ 18 million.

In early September, the developers of the protocol announced that they would compensate for the damage suffered by the users. The developers of Cream Finance claimed that they will allocate 20% of the collected transaction fees for damages, and are also willing to pay 10% of the stolen amount to the hacker if he returns the stolen funds.

In August, a cryptocurrency transfer company, Poly Network, was attacked by a hacker , from which more than $ 611 million were stolen. The hacker later returned all the stolen funds.

Apple pays a lot of money for vulnerabilities found, but does not always fix them

2021-09-12T01:11:00.004-07:00

Apple has supported the Vulnerability Bounty Program for five years now, offering up to $ 1 million for the most dangerous issues. However, many cybersecurity experts complain that the company fixes vulnerabilities with delay and does not always pay adequate remuneration. In general, the researchers believe that Apple's closed approach only harms the program and jeopardizes security, writes The Washington Post.

Apple launched the bug bounty program in 2016 and was closed until 2019. According to Ivan Krstic, head of security development at Apple, this year the company has paid twice the amount of awards last year and leads in the average amount of compensation for vulnerabilities.

However, researchers interviewed by TWP disagree with this statement. Similar programs like Facebook, Microsoft and Google are more open and provide more resources to reach a wider audience of experts, they said. Plus, many of them pay more than Apple.

For example, in 2020, within the framework of the compensation program, Microsoft paid researchers a total of $ 13.6 million, Google - $ 6.7 million, and Apple spent $ 3.7 million for these purposes.

In addition, Apple does not go into details as to why it decided to pay or not pay for a particular vulnerability, sources say. At the same time, the company accumulates vulnerabilities that remain unpatched. Because of this approach, many researchers do not report the problems they find to Apple, preferring to sell them to government departments or companies that develop hacking tools.

According to Krstic, Apple intends to improve its approach to the reward program, respond more quickly to reports from researchers, and add new incentives.

WhatsApp moderators can view users' private messages

2021-09-11T14:10:00.001-07:00

When Facebook CEO Mark Zuckerberg introduced the company's new approach to privacy in March 2019, he cited WhatsApp messenger and its core feature - end-to-end encryption, which turns messages into an unreadable format that only those who intended to see them can see as an example. As Zuckerberg assured, no one else, not even the company itself, can read them. However, all of these assurances are untrue, according to new material from the non-profit investigative journalism organization ProPublica.

According to the article, WhatsApp employs more than 1,000 contractors in Austin, Texas, Dublin and Singapore who study user-generated content using artificial intelligence systems, as well as special software from Facebook. The tool allows you to analyze the streams of private messages, images and videos that the company has received complaints about, for example, fraudulent content, spam, child pornography or materials related to potential terrorism. Typically, the entire content assessment process takes no more than 1 minute.

Basically, the specifics of working as a moderator in WhatsApp is similar to Facebook or Instagram, writes ProPublica. That said, the recruiting announcement mentions “content research,” but does not mention Facebook or WhatsApp. For their work, moderators receive from $ 16.5 per hour. Anyone who asks should respond that they work for Accenture (Accenture itself declined to comment). They also sign a non-disclosure agreement.

Since the content on WhatsApp is encrypted, AI systems cannot automatically scan all chats, images or videos like they do on Facebook and Instagram.

According to former WhatsApp engineers, moderators gain access to private content when a user complains about a message that allegedly violates the service's policy. Further, this message, together with the four previous ones in the dialogue, is redirected to the moderator in unencrypted form and put into the queue.

Unencrypted data includes user profile names and pictures, phone number, status, battery level, language and time zone, phone ID, IP address and OS, wireless signal strength, linked Facebook and Instagram accounts, date of last use of the app, and history violations.

In a commentary on the article, a Facebook spokesperson stated that:

"We are building WhatsApp in such a way that limits the collection of data, but provides tools to combat spam, investigate threats and ban violators, including based on user complaints."

The company also noted that new tools have been added to WhatsApp to protect privacy, in particular disappearing messages.

“Based on the feedback we receive from users, we are confident that people understand that when they send a WhatsApp message, we receive the content they sent,” said a Facebook spokesman.

0Day in Zoho servers is actively exploited in hacker attacks

2021-09-11T10:06:00.001-07:00

The US Cybersecurity and Infrastructure Protection Agency (CISA) has issued a warning regarding a zero-day vulnerability in Zoho ManageEngine servers, which has been actively used in hacker attacks for more than a week.

Issue ( CVE-2021-40539 ) affects password management and SSO (single sign-on) solution Zoho ManageEngine ADSelfService Plus from India's Zoho Corporation. The vulnerability could be exploited to bypass authentication through the ADSelfService Plus REST API URL and execute malicious code on a vulnerable server. The issue is fixed in ADSelfService Plus build 6114.

According to the words of the analyst's information security company CrowdStrike Dal Matt (Matt Dahl), some evidence indicates that the attack could be the work of a group of hands. There is no information yet on the presence of a PoC code or technical details of the vulnerability.

According to the Zoho warning, the presence of the following logs in the \ ManageEngine \ ADSelfService Plus \ logs folder indicates that the server has been compromised:

/RestAPI/LogonCustomization

/RestAPI/Connection

Currently, more than 11 thousand Zoho ManageEngine servers are available on the Web.

Critical Android Vulnerability Could Make Smartphones Unusable

2021-09-11T07:02:00.000-07:00

Google has patched many vulnerabilities in Android during its September patch cycle, including a critical vulnerability that could render smartphones useless. This vulnerability allows a "permanent denial of service" according to Google.

In total, forty vulnerabilities in the operating system have been fixed with the September updates. Through the leaks, among other things, a malicious app can gain additional permissions without user interaction and access protected data from other applications.

The most dangerous vulnerability in the Android code is according to Google CVE-2021-0687. This vulnerability exists in the Android Framework and allows a remote attacker to cause a permanent denial of service by using a specially crafted file. Further details have not been given by Google.

In addition to vulnerabilities in its own Android code, Google also resolves vulnerabilities in parts of chipset manufacturers that Android uses with the monthly patch round. This month it concerns parts of MediaTek, Unisoc and Qualcomm.

Six of Qualcomm's software vulnerabilities have been identified as critical. Four of them are only local by exploiting a rogue app on the device, but two can be exploited remotely. These are CVE-2021-1933 and CVE-2021-1946 that are present in the software for the data modem and, in the worst case scenario, allow an attacker to execute arbitrary code. The impact of these leaks has been rated on a scale of 1 to 10 with a 9.8.

Patch level

Google works with so-called patch levels, where a date indicates the patch level. Devices that receive the September updates will have '2021-09-01' or '2021-09-05' as their patch level. Manufacturers who want their devices to get this patch level must in this case add all updates from the September Android bulletin to their own updates, and then roll them out to their users. The updates have been made available for Android 8.1, 9, 10 and 11.

According to Google, manufacturers of Android devices were informed about the vulnerabilities that have now been fixed at least a month ago and have been able to develop updates in that time. However, that does not mean that all Android devices will receive these updates. Some devices are no longer supported with updates from the manufacturer or the manufacturer releases the updates at a later time.

ProtonMail changes text about IP logs after providing IP address activist to police

2021-09-11T04:01:00.000-07:00

E-mail service ProtonMail has changed the text on its website about not saving IP logs by default after it provided an IP address of a French activist to the Swiss police. On the ProtonMail website, under the heading " Anonymous Email " it read: "By default, we do not store any IP logs that can be linked to your anonymous email account. Your privacy comes first."

ProtonMail is located in Switzerland and thus falls under Swiss jurisdiction. Earlier this year, on orders from the Swiss authorities, it had to log the IP address and browser fingerprint of a specific ProtonMail account and provide that data to the Swiss police.

Andy Yen, founder and CEO of ProtonMail, said after the fuss that the company must comply with Swiss law. "Once a crime has been committed, privacy protections can be suspended and we are obliged under Swiss law to respond to requests from the Swiss authorities." The e-mail service was also unable to object to the order.

ProtonMail further stated that it would state more clearly on its website what the obligations are for the e-mail service. The "Anonymous Email" heading is now gone and replaced with " Your data, your rules ", which states that ProtonMail is email that respects privacy and puts people (not advertisers) first. In addition, it references an anonymous email gateway through the Tor network. This prevents ProtonMail from seeing the real IP address of users.