MOBILE CYBERATTACKS SOAR, ESPECIALLY AGAINST ANDROID USERS BY ROBERT LEMOS
Attackers are increasingly targeting mobile device users through vulnerabilities in applications and SMS phishing attacks, according to Zimperium's 2023 Global Mobile Threat Report. The report highlights a 51% increase in unique mobile malware samples in 2022, with an average of 77,000 new samples detected monthly. Around 23% of Android apps and 24% of iOS apps from public repositories were found to be malicious. Meanwhile, compromised devices nearly tripled (up 187%), with an average of four malicious phishing links clicked per device. The Android platform attracts more threats due to vulnerabilities and app development mistakes, while iOS is evenly targeted for spyware. Mobile phishing, spyware, and future mobile ransomware pose significant concerns for businesses and users.
SECURITY RESEARCHERS LATEST TO BLAST UK’S ONLINE SAFETY BILL AS ENCRYPTION RISK BY NATASHA LOMAS
Nearly 70 IT security and privacy academics in the UK have expressed concern about the potential damage to online safety posed by the country's Online Safety Bill. In an open letter, the academics warned that the draft legislation, unless amended, could undermine strong encryption and essential security technologies used to protect digital communications. The proposed bill includes provisions for routine monitoring of communications to combat the spread of child sexual abuse content, which academics argue is incompatible with maintaining privacy guarantees and security protocols. They caution against the use of additional technologies, such as client-side scanning or crypto backdoors, as they could fail and compromise privacy rights.
3 CRITICAL RCE BUGS THREATEN INDUSTRIAL SOLAR PANELS, ENDANGERING GRID SYSTEMS BY NATE NELSON
A recent blog post revealed that hundreds of solar power monitoring systems are at risk due to three critical vulnerabilities that allow remote code execution (RCE). The Mirai botnet, as well as other hackers, have already begun exploiting these vulnerabilities, with experts predicting that more will follow. The vulnerabilities, including a command injection flaw (CVE-2022-29303) in the SolarView Series software developed by Contec, can lead to loss of visibility or potential control of compromised systems. Two other vulnerabilities, CVE-2023-23333 and CVE-2022-44354, also affect SolarView, increasing the risk of active exploitation. Internet-exposed instances of SolarView are particularly vulnerable, and many systems lack the necessary patches, making them susceptible to attacks.
CHINA'S MUSTANG PANDA LINKED TO SMUGX ATTACKS ON EUROPEAN GOVERNMENTS BY ELIZABETH MONTALBANO
A Chinese threat group known as SmugX has been targeting European policy-makers with a campaign aimed at spreading the PlugX remote access Trojan (RAT). The campaign, utilizing an attack vector called HTML Smuggling, involves embedding malicious payloads within HTML documents to evade detection. The malware is delivered through HTML documents containing diplomatic-related content, such as articles about Chinese human rights lawyers or official documents from embassies and ministries. Once opened, the document decodes JavaScript that activates the PlugX RAT, enabling the attackers to carry out various malicious activities. SmugX mainly targets governmental ministries in Eastern European countries and has connections to Chinese APT groups RedDelta and Mustang Panda. Organizations are advised to implement threat detection strategies and educate employees about the risks of unknown links and files.
FREE AKIRA RANSOMWARE DECRYPTOR HELPS RECOVER YOUR FILES BY BILL TOULAS
Cybersecurity firm Avast has released a free decryptor for the Akira ransomware, allowing victims to recover their data without paying the ransom. Akira, which emerged in March 2023, targeted organizations worldwide in various sectors. The ransomware's encryption scheme was analyzed by Avast, revealing that it used a symmetric key encrypted by an RSA-4096 public key. The decryptor, available for both 32-bit and 64-bit Windows, requires users to provide an encrypted file and its original plain-text version to generate the correct decryption key. Avast recommends using large files for accurate decryption and backing up encrypted files before attempting decryption. A Linux decryptor is also currently in development.
