Osuta Yusuf

#iip_updates . #Information_is_Power . Read more here https://informationispowah.blogspot.com/2023/08/malicious-apps-use-sneaky-versioning.html in the link. #we_inform_the_uninformed . Threat actors are leveraging a technique called versioning to evade Google Play Store’s malware detections and target Android users. “Campaigns using versioning commonly target users’ credentials, data, and finances,” Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News. While versioning is not a new phenomenon, it’s sneaky and hard to detect. In this method, a developer releases an initial version of an app on the Play Store that passes Google’s pre-publication checks, but is later updated with a malware component. This is achieved by pushing an update from an attacker-controlled server to serve malicious code on the end user device using a method called dynamic code loading (DCL), effectively turning the app into a backdoor. Earlier th

#iip_updates . #Information_is_Power . Click on this link https://informationispowah.blogspot.com/2023/07/macos-under-attack-examining-growing.html to learn more. #we_inform_the_uninformed . As the number of people using macOS keeps going up, so does the desire of hackers to take advantage of flaws in Apple’s operating system. What Are the Rising Threats to macOS? # There is a common misconception among macOS fans that Apple devices are immune to hacking and malware infection. However, users have been facing more and more dangers recently. Inventive attackers are specifically targeting Mac systems, as seen with the “Geacon” Cobalt Strike tool attack. This tool enables them to perform malicious actions such as data theft, privilege elevation, and remote device control, placing the security and privacy of Mac users at grave risk. Earlier this year, researchers also uncovered the MacStealer malware, which also stole sensitive data from Apple users. Documents, iCloud keychain data, br

#iip_updates . #Information_is_Power . Read more here https://informationispowah.blogspot.com/2023/06/urgent-wordpress-update-fixes-critical.html in the link . #we_inform_the_uninformed . By THN. WordPress has issued an automatic update to address a critical flaw in the  Jetpack plugin  that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since  version 2.0 , which was released in November 2012. “This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation,” Jetpack said in an advisory. 102 new versions of Jetpack have been released to remediate the bug. While there is no evidence the issue has been exploited in the wild, it’s not uncommon for flaws in popular WordPress plugins to be leveraged by threat actors looking to take over the sites for malicious ends. This is not the first time severe security weaknesses in Jetpack

#iip_updates . #Information_is_Power . Read more here http://informationispowah.blogspot.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html in this link #we_inform_the_uninformed . A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected,  Microsoft  and  the “Five Eyes” nations  said on Wednesday. The tech giant’s threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name  Volt Typhoon . The state-sponsored actor is geared towards espionage and information gathering, with the cluster active since June 2021 and obscuring its intrusion footprint by taking advantage of tools already installed or built into infected machines. Some of the prominent sectors targeted include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and

#iip_updates . #Information_is_Power . #we_inform_the_uninformed . Click here http://informationispowah.blogspot.com/2023/05/china-bans-us-chip-giant-micron-citing.html on the link to read more. China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks. The development comes nearly two months after the country’s cybersecurity authority initiated a probe in late March 2023 to assess potential network security risks. “The purpose of this network security review of Micron’s products is to prevent product network security problems from endangering the security of national critical information infrastructure, which is a necessary measure to maintain national security,” the Cyberspace Administration of China (CAC) said. The CAC further said the investigation found “serious cybersecurity problems” in Micron’s products, endangering the country’s critical information infrastructure supply ch

#iip_updates . #Information_is_Power . #we_inform_the_uninformed . Click here http://informationispowah.blogspot.com/2023/05/china-bans-us-chip-giant-micron-citing.html on the link to read more. China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks. The development comes nearly two months after the country’s cybersecurity authority initiated a probe in late March 2023 to assess potential network security risks. “The purpose of this network security review of Micron’s products is to prevent product network security problems from endangering the security of national critical information infrastructure, which is a necessary measure to maintain national security,” the Cyberspace Administration of China (CAC) said. The CAC further said the investigation found “serious cybersecurity problems” in Micron’s products, endangering the country’s critical information infrastructure supply ch

#iip_updates . #Information_is_Power . #we_inform_the_uninformed . Click here https://informationispowah.blogspot.com/2023/05/what-does-copyright-mean.html to read more. Copyright refers to the undivided rights a person has to their work to do with it as they want, which includes giving other people permission to use their work. This protects original works like books, music, and art. It means others can’t copy or use your work without your permission. Copyright protection starts as soon as the work is recorded in material form, as there is no need to register it. Before giving copyright protection, the law considers the following things: 1 . the work should be original and not copied from another person. If someone writes a poem, you cannot turn their poem into a song and claim that it is original work 2. It must be an expression of an idea, as the law does not protect ideas. The idea must be reduced to material form. If it is a song, it has to be written down on paper or in sof

#iip_updates . #Information_is_Power . #we_inform_the_uninformed . Click here https://informationispowah.blogspot.com/2023/05/apple-and-google-join-forces-to-stop.html to read more. Apple and Google have teamed up to work on a draft industry-wide  that’s designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. “The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and iOS platforms,” the companies said in a joint statement. While these trackers are primarily designed to keep tabs on personal belongings like keys, wallets, luggage, and other items, such devices have also been abused by bad actors for criminal or nefarious purposes, including instances of stalking, harassment and theft. The goal is to standardize the alerting mechanisms and minimize opportunities for misuse across Bluetoo

#iip_updates . #Information_is_Power . #we_inform_the_uninformed . Click here https://informationispowah.blogspot.com/2023/05/apple-and-google-join-forces-to-stop.html to read more. Apple and Google have teamed up to work on a draft industry-wide  that’s designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. “The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and iOS platforms,” the companies said in a joint statement. While these trackers are primarily designed to keep tabs on personal belongings like keys, wallets, luggage, and other items, such devices have also been abused by bad actors for criminal or nefarious purposes, including instances of stalking, harassment and theft. The goal is to standardize the alerting mechanisms and minimize opportunities for misuse across Bluetoo

#iip_updates . #Information_is_Power . #we_inform_the_uninformed . Click on the link http://informationispowah.blogspot.com/2023/05/bouldspy-android-spyware-governments.html to read more. A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed  BouldSpy , has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran ( FARAJA ). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. “The spyware may also have been used in efforts to counter and monitor illegal trafficking activity related to arms, drugs, and alcohol,” Lookout  said , based on exfiltrated data that contained photos of drugs, firearms, and official documents issued by FARAJA. BouldSpy, like other Android malware families, abuses its access to Android’s accessibility services and other intrusive permissions to harvest sensitive dat

#Information_is_Power . #we_inform_the_uninformed . Details here http://informationispowah.blogspot.com/2023/04/new-atomic-macos-malware-steals.html in the link Threat actors are advertising a new information stealer for the Apple macOS operating system called  Atomic macOS Stealer  (or AMOS) on Telegram for $1,000 per month, joining the likes of  MacStealer . “The Atomic macOS Stealer can steal various types of information from the victim’s machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password,” Cyble researchers said in a technical report. Among other features include its ability to extract data from web browsers and cryptocurrency wallets like Atomic, Binance, Coinomi, Electrum, and Exodus. Threat actors who purchase the stealer from its developers are also provided a ready-to-use web panel for managing the victims. The malware takes the form of an unsigned disk image file (Setup.dmg) that,

#Information_is_Power . #we_inform_the_uninformed . Click on this link https://informationispowah.blogspot.com/2023/04/vivo-pad-2-worlds-first-121-inch-75.html for more. The global tablet market is not as interesting and competitive as the mobile phone market. For this reason, we don’t get to see many tablets each year, not as many as mobile phones. However, during the pandemic, there was a sharp increase in the demand for large-screen devices. This made many Chinese brands find their way back into the tablet market. Though the demand has now dwindled, a couple of brands are still releasing tablets. Last year, Vivo launched its first flagship tablet, the Vivo Pad. Now, the company has released a follow-up to the original Pad, the Vivo Pad 2. All areas of the screen, hardware, performance, audio, and productivity have been upgraded. It is great and values great production. The company pegs this device as a true flagship with a big screen. The Vivo Pad 2 has a big screen, but it’s sti

#Information_is_Power . #we_inform_the_uninformed . Click on this link https://informationispowah.blogspot.com/2023/04/vivo-pad-2-worlds-first-121-inch-75.html for more. The global tablet market is not as interesting and competitive as the mobile phone market. For this reason, we don’t get to see many tablets each year, not as many as mobile phones. However, during the pandemic, there was a sharp increase in the demand for large-screen devices. This made many Chinese brands find their way back into the tablet market. Though the demand has now dwindled, a couple of brands are still releasing tablets. Last year, Vivo launched its first flagship tablet, the Vivo Pad. Now, the company has released a follow-up to the original Pad, the Vivo Pad 2. All areas of the screen, hardware, performance, audio, and productivity have been upgraded. It is great and values great production. The company pegs this device as a true flagship with a big screen. The Vivo Pad 2 has a big screen, but it’s sti

http://informationispowah.blogspot.com/2023/04/google-launches-new-cybersecurity.html Read details in this link. #Information_is_Power #we_inform_the_uninformed Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. “While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which is the real story,” the company said in an announcement. “Those risks span everything from lag time in OEM adoption, patch testing pain points, end user update issues and more.” Security threats also stem from incomplete patches applied by vendors, with a chunk of the zero-days exploited in the wild turning out to be variants of previously patched vulnerabilities. Mitigating such risks requires addressing the root cause of the vulnerabilities and prioritizing modern secure software development practices to eliminate enti

http://informationispowah.blogspot.com/2023/04/google-launches-new-cybersecurity.html Read details in this link. #Information_is_Power #we_inform_the_uninformed Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. “While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which is the real story,” the company said in an announcement. “Those risks span everything from lag time in OEM adoption, patch testing pain points, end user update issues and more.” Security threats also stem from incomplete patches applied by vendors, with a chunk of the zero-days exploited in the wild turning out to be variants of previously patched vulnerabilities. Mitigating such risks requires addressing the root cause of the vulnerabilities and prioritizing modern secure software development practices to eliminate enti

#Information_is_Power . Click on this link http://informationispowah.blogspot.com/2023/04/apple-releases-updates-to-address-zero.html to read details. #we_inform_the_uninformed . Apple on Friday released security updates for  iOS, iPadOS ,  macOS , and  Safari web browser  to address a pair of zero-day flaws that are being exploited in the wild. The two vulnerabilities are as follows – CVE-2023-28205  – A  use after free issue  in WebKit that could lead to arbitrary code execution when processing specially crafted web content. CVE-2023-28206  – An  out-of-bounds write issue  in IOSurfaceAccelerator that could enable an app to execute arbitrary code with kernel privileges. Apple said it addressed CVE-2023-28205 with improved memory management and the second with better input validation, adding it’s aware the bugs “may have been actively exploited.” Credited with discovering and reporting the flaws are Clément Lecigne of Google’s Threat Analysis Group (TAG) and Donncha Ó Cearbh

#Information_is_Power . https://informationispowah.blogspot.com/2023/04/seo-poisoning-in-action-users-searching.html #we_inform_the_uninformed . Click on this link for more. Portuguese users are being targeted by a new malware codenamed  CryptoClippy  that’s capable of stealing cryptocurrency as part of a malvertising campaign. The activity leverages SEO poisoning techniques to entice users searching for “WhatsApp web” to rogue domains hosting the malware, Palo Alto Networks Unit 42  said  in a new report published today. CryptoClippy, a C-based executable, is a type of  cryware  known as  clipper   malware  that monitors a victim’s clipboard for content matching cryptocurrency addresses and substituting them with a wallet address under the threat actor’s control. “The clipper malware uses regular expressions (regexes) to identify what type of cryptocurrency the address pertains to,” Unit 42 researchers said. “It then replaces the clipboard entry with a visually similar but adver

#Information_is_Power . https://informationispowah.blogspot.com/2023/04/seo-poisoning-in-action-users-searching.html #we_inform_the_uninformed . Click on this link for more. Portuguese users are being targeted by a new malware codenamed  CryptoClippy  that’s capable of stealing cryptocurrency as part of a malvertising campaign. The activity leverages SEO poisoning techniques to entice users searching for “WhatsApp web” to rogue domains hosting the malware, Palo Alto Networks Unit 42  said  in a new report published today. CryptoClippy, a C-based executable, is a type of  cryware  known as  clipper   malware  that monitors a victim’s clipboard for content matching cryptocurrency addresses and substituting them with a wallet address under the threat actor’s control. “The clipper malware uses regular expressions (regexes) to identify what type of cryptocurrency the address pertains to,” Unit 42 researchers said. “It then replaces the clipboard entry with a visually similar but adver

#Information_is_Power  .   #we_inform_the_uninformed  . Read more here. The Italian data protection watchdog, Garante per la Protezione dei Dati Personali (aka Garante), has imposed a temporary ban of OpenAI’s ChatGPT service in the country, citing data protection concerns. To that end, it has ordered the company to stop processing users’ data with immediate effect, stating it intends to investigate the company over whether it’s unlawfully processing such data in violation of the E.U. General Data Protection Regulation ( GDPR ) laws. “No information is provided to users and data subjects whose data are collected by Open AI,” the Garante  noted . “More importantly, there appears to be no legal basis underpinning the massive collection and processing of personal data in order to ‘train’ the algorithms on which the platform relies.” ChatGPT, which is estimated to have reached over 100 million monthly active users since its release late last year,  has not   disclosed   what it used  t

#Information_is_Power . #we_inform_the_uninformed . Read more here in the link. A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google’s Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. The scale of the two campaigns and the nature of the targets are currently unknown. “These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house,” TAG’s Clement Lecigne  said  in a new report. “While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers, and opposition party politicians.” The first of