Major Security Issues Found With Popular Android App

Major Security Issues Found With Popular Android App

Do you use the app “ShareIt?” It’s one of the most popular apps in the ecosystem, boasting more than a billion downloads from Google’s Play Store and nearly 2 billion downloads overall (including the Windows, iOS and MacOS ecosystems). On top of that, its original creator, Lenovo, preinstalled it on all Lenovo phones, which may have been the means by which you first encountered the app. All that to say, it’s a hugely popular app and was in the top ten most frequently downloaded titles in 2019, so it has an enormous footprint. Recently, Trend Micro conducted a security audit of the app, and their findings may make you rethink your use of it. According to the report the company published not long after their research was complete, they found several major security flaws that would allow for arbitrary code execution, which could result in the complete compromise of the target system. Unfortunately, the security issues stem from a number of unfortunate design decisions that left the software incredibly vulnerable. One example of this is the fact that the app demands extensive permissions that gives it complete control over the entire storage system, access to all media files on the device, the ability to install or delete apps, create accounts, and more. Adding to the problems with the app is the fact that its ‘private storage’ mechanism is anything but. An analysis of the code reveals that the ‘android:exported’ variable is set to False, but the AndroidGrantUriPermissions variable is set to True, which means that literally any third party entity can gain temporary read/write access to the user’s data....
Apple M1 Macs Are Not Immune To Malware

Apple M1 Macs Are Not Immune To Malware

Patrick Wardle is a legend in the Apple ecosystem, and one of the best independent security researchers out there. Not long ago, he sang Apple’s praises for the security of their M1 processor. More recently however, he made a rather disturbing discovery, finding malware in the wild that specifically targets the new chip. Wardle had this to say about the matter: “Today we confirmed that malicious adversaries are indeed crafting multi-architecture applications, so that their code will natively run on M1 systems. The malicious GoSearch22 application may be the first example of such natively M1 compatible code. The creation of such applications is notable for two main reasons. First (and unsurprisingly), this illustrates that malicious code continues to evolve in direct response to both hardware and software changes coming out of Cupertino. There are a myriad of [sic] benefits to natively distributing native arm64 binaries, so why would malware authors resist? Secondly, and more worrisomely, (static) analysis tools or anti-virus engines may struggle [to detect this].” Unfortunately, a number of antivirus solutions that can detect this malware on Intel machines are unable to spot the Apple Silicon M1 variant. If there’s a silver lining though, it lies in the fact that Apple moved quickly and revoked the developer’s certificate. The downside to that is that Wardle was unable to determine whether the binary was notarized or not, but either way, the bottom line is that macOS users were infected by the strain. All that to say that if you own an M1, you will definitely benefit from the processor’s improved security. It is not, however, a free pass. Hackers...
Update Available To Fix Windows 10 Crashing Issue

Update Available To Fix Windows 10 Crashing Issue

Back in the early days of Windows, the OS didn’t have a very good reputation. The dreaded Blue Screen of Death was an all-too-common occurrence and plugging peripherals into a Windows-based PC was referred to as “Plug and Pray” functionality. Since then though, the company really has come a long way and Windows 10 users rarely have any issues adding peripherals to their systems, and almost never see the BSOD. Until recently, that is. Recent changes to the code have resulted in a resurgence of the appearance of the Blue Screen of Death, and it is not a development welcomed by the company’s legions of customers. Fortunately, the company quickly recognized just how serious the issue was and took the step of issuing an emergency, out of band fix to address the issue. Specifically, you need the update if you start seeing crashes when you attempt to connect to WPA3 Wi-Fi networks. Based on research conducted by Microsoft, this bug would have been introduced when you or a member of your IT staff applied one of two updates. The first was KB4598298, which was released on January 21, 2021, and the second KB4601315, which was released on February 9, 2021. The company stressed that if your network is currently using WPA2, you’re almost certain not to be affected by the issue. Also, they said that for those on WPA3 networks, the issue is most likely to occur when you disconnect and reconnect to a WPA3 network, or when your computer wakes from sleep or hibernation, versus a cold boot. In any case, if you are seeing a notable increase...
This WordPress Plugin May Have Exposed Websites To Hacks

This WordPress Plugin May Have Exposed Websites To Hacks

Is your company’s website built around WordPress? It wouldn’t be much of a surprise if that were the case. 24As the most popular platform on the web, there are tens of millions of WordPress sites out there, both personal and business. One of the things that makes WordPress so attractive is that it’s insanely easy to customize. That is because there are thousands of plugins offered by a wide range of third-party vendors and developers that can change the software or enhance its capabilities making it possible to do just about anything. One of the more popular WordPress plugins is something called “Responsive Menu.” As the name suggests, its purpose is to give administrators create W3C compliant and mobile-ready site menus. The idea here is that depending on what type of device you’re browsing a website from, the menu needs to be different in order to display with the greatest efficiency and be responsive to the user’s clicks or taps. The Responsive Menu plugin helps make that happen. Unfortunately, popular, genuinely useful plugins are often targets for hackers. In this case, security researchers on the Wordfence Threat Intelligence team found a trio of different vulnerabilities in plugin, with some evidence that hackers knew about and had been using them in the wild to gain control over systems running the Responsive Menus plugin. All three flaws are rated as critical and all three ultimately allow a hacker to gain complete control over a site running the plugin. The good news is that the company behind the plugin responded quickly and patched the plugin to address the security issues. Unfortunately, that...
This Malware Might Be Undetectable To Some Antivirus Programs

This Malware Might Be Undetectable To Some Antivirus Programs

For a time, a few months ago, it seemed like the gang behind the dreaded Trickbot network and malware was on the ropes. Law enforcement had rocked the group back on its heels and confiscated or shut down large swaths of its network and it appeared that the group wasn’t long for the world. Rumors of their death, it seems, have been greatly exaggerated. The gang has proved to be highly adaptive, and they’ve responded to the recent attacks made by law enforcement and IT security professionals by changing their game. One of the most recent changes they’ve made is the rewrite of their BazarBackdoor malware. By rewriting the code in a little-known language called Nim, they’ve been able to make the malware even harder to detect. Vitali Kremez is the CEO of an internet security firm called Advanced Intel. Kremez had this to say about the recent discovery: “The backdoor component that is capable of command execution is written in NIM programming language to evade anti-virus detection. The crime group likely chose to pursue the lightweight malware development in Nim to frustrate anti-virus and detection mechanism focused on traditional binaries compiled in C/C++ style languages. Not too long ago, Golang has become another preferred language of choice for some malware families including RobbinHood ransomware majorly due to the fact that many anti-virus products fail to process and characterize unconventional binaries as malware due to unique section and binary content introduced by the Nim and similar exotic languages.” It’s also worth mentioning that BazarBackdoor isn’t the first malware to be written in Nim and other little-known languages. Researchers don’t...