Google Play Sneaky Draws Data Harvesting Apps • Log

In the letter After security researchers told Cloud that the code contained some sneaky data-harvest code, Google pulled out several Android apps with more than 46 million downloads from its Google Play Store.

Applications include speed camera radar, several Muslim prayer apps, a QR scanner, a WiFi mouse tool, a weather app and others.

According to Joel Reardon, co – founder of AppCensus, the code was created by Panama – based company Measurement Systems.

As stated in it The Wall Street JournalAs the story first reported, Measurement Systems is affiliated with a Virginia security contractor who does cyber-intelligence, network-security and intelligence-blocking work for US national security agencies.

Google has been deleting apps since March 25, but said they could be re-listed if they removed the bad code in accordance with Google Play Store’s rules for collecting users’ data. Some apps have done this, and have been back on sale since April 6th.

A Google Spokesman said, “All apps on Google Play comply with our policies, regardless of the developers. If we find that an app violates these policies, we will take appropriate action.” Registration.

Infosek opens the Fox Fox News database

Fox News said it had secured the open database after bug hunters at Security Discovery alerted the news agency about a security incident waiting to happen.

For its part, Fox News said the open database was in a development environment, not a live, production environment, and that no customer records had been exposed.

“Security contacted us in October 2021 through Dynamic, which will have an archive snapshot of public video metadata, such as program descriptions and program BIOS, primarily on the PSD development environment,” a spokesman said in an email. Registration.

“In addition, the list of business email addresses and URLs, other IDs and contexts were not in use at the time of discovery,” the report continued. “This environment does not serve any Fox News applications or systems.

Jeremiah Fowler, co-founder of Security Discovery, worked with a research team at webmaster information website Web Planet to discover a non-password protected database. They said the 58GB database contained nearly 13 million records, including storage information, internal emails, usernames, employee ID numbers, and branch information.

“One folder contains 65k names of celebrities, actors and production team members and their internal Fox ID reference numbers,” the threat researchers wrote. “Records also capture a wide range of data points, including event logs, host names, host account numbers, IP addresses, interfaces, device data, and more.”

Although Fox News promised that this would be a test case, Fowler and friends noted that many of the posts were labeled “brat”, which is generally an abbreviation for product records.

But even in a development environment, these data security risks can occur because these environments often use the same storage repositories, middleware and infrastructure as direct production environments, the threat researchers added.

In addition, security researchers made it clear that they were not saying any customer or user data was at risk, and praised the Fox Security team for working “fast and professionally” to close the exposed database. However, they noted that “any non-password protected database will allow malicious code to be inserted into the network.”

Autodesk combines high-intensity bugs

Autodesk incorporates a number of high-intensity vulnerabilities that, if exploited, allow attackers to run malicious code on infected computers and steal sensitive information.

Security firm Fortinet’s threats inspection team found errors that affect Autodesk’s DWG TrueView, Design Review and Navisworks, and reported them to the software provider. Its research team provided a run-down of all seven valences.

Both companies urge users to use the links as soon as possible.

The first five errors, CVE-2022-27525, CVE-2021-40167, CVE-2022-27526, CVE-2022-27527 and CVE-2022-25797 are memory corruption vulnerabilities.

CVE-2022-27525 Affects Autodesk design review. This is caused by an incorrectly formatted Web Design (DWF) file, which “causes inaccurate memory writing due to improper verification,” Fortinet explained.

If exploited, this error will allow cybercriminals to execute arbitrary, malicious code via a specially designed DWF file.

CVE-2021-40167 affects the same product and is caused by a non-standard DWF file. This will allow the attacker to leak memory into the context of the application.

CVE-2022-27526 can also be used to leak memory, affecting Autodesk’s design review product. Invalid Truevision (TGA) file causes this error. In particular, the TGA file “checks inaccurate limits when manipulating a pointer to a allocated cache, causing memory access outside the limit,” Fortinet said.

CVE-2022-27527 Effects Autodesk Navisworks. This is caused by an invalid PDF file, which can lead to unlimited memory access.

The fifth memory decay error, CVE-2022-25797, is caused by an invalid DWG file, which affects DWG Trueview and may allow a criminal to run arbitrary code using a DWG file.

CVE-2022-27523 is a buffer over-read vulnerability in Autodesk DWG TrueView that allows a remote attack to leak sensitive data using malicious DWG files.

Finally CVE-2022-27524 is beyond the limits of DWG TrueView, which can be used to leak sensitive data.

CISA, D-Link urges retirement to be the ultimate router of life

The CISA has advised anyone using some older D-Link routers to take them offline before criminals detect and exploit vulnerabilities in critical remote control functionality.

On Monday, the CISA added an RCE error called CVE-2021-45382 to its list of known exploited vulnerabilities. It is present in all series H / W fixes for D-Link DIR-810L, DIR-820L / LW, DIR-830L and DIR-830L and DIR-836L routers with Dynamic Domain Name System (DDNS) functionality in the ncc2 binary file. .

The ncc2 service allows some firmware and language file updates over the web interface. But as Malwarebytes Labs researcher Pieter Arntz explained, “ncc2 service on infected devices appears to have been sent with multiple detection hooks.”

If exploited, this will allow them to call attackers these hooks without authorization. “These files appear to be rendered when queried, and the given device can be used to inquire for information and run diagnostic services as needed,” he added.

The software bug got a CVSS score of 9.8, which means it’s important that users fix it right away. But D-Link did not provide any connections to the vulnerable devices as the life of the affected routers was over.

Both CISA and D-Link recommend that you stop these models as soon as possible before a cyber criminal finds them.

If you still do not believe, there is a source of feedback on GitHub, which makes it easy to remotely take devices that are vulnerable to any malicious activity and then execute malicious code.

Cybercriminals are still using Spring4Shell

One week after security researchers discovered a bad software bug, the Java Spring architecture’s remote code execution vulnerability continues to be misused.

One week after the initial eruption, Czech Point Research said it had seen about 37,000 attempts to quantify the vulnerability named “Spring4Shell”.

The security shop said Europe was the hardest hit, with companies around the world suffering from the bug.

Within the first four days of discovery, 16 percent of orgs worldwide experienced exploitation attempts. But in Europe that number has risen to 20 percent. Australia and New Zealand are in second place with 17 per cent, followed by Africa (16 per cent), Asia (15 per cent), Latin America (13 per cent) and North America (11 per cent).

Perhaps surprisingly, the software sales industry felt more pain from Spring4Shell. According to Checkpoint, 28 percent of companies in the sector are affected. Education and research institutions are the second most affected, with 26 percent affected. Insurance / Legal, ISPs / MSPs and Finance / Banking companies are in third place with 25%.

Noting that its own CloudGuard AppSec customers are not affected, the security firm advised that “if your company uses Java Spring and does not use CloudGuard AppSec, immediately review your software and follow the official Spring project guidelines and update to the latest versions.” ⁇

Leave a Comment