cRyPtHoN™ INFOSEC (EN)

2022-02-17 10:35:23 How to delete the Advertising ID on Android.

The Advertising ID is a unique string that is used for advertising purposes on Android devices. Powered by Google Play, the advertising ID is used by applications for monetization purposes.

Apps and advertisers may use the Advertising ID on Android for identification purposes, as it may provide them with information on user activity on the device. The information is then used to deliver personalized advertisement.

Starting in Android 12, Android users may delete the Advertising ID on a device so that it can't be used anymore by applications or advertisers. Previous versions of Android supported resetting the ID only, but not disabling it entirely. Google plans to bring the deletion option to previous versions of the Android operating system by April 2022.

https://www.ghacks.net/2022/02/17/how-to-delete-the-advertising-id-on-android/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 10:32:38 Vulnerability Spotlight: Vulnerability in Hancom Office could lead to memory corruption, code execution.

Cisco Talos recently discovered a vulnerability in Hancom Office — a popular software suite in South Korea — that could allow an attacker to corrupt memory on the targeted machine or execute remote code.

Hancom Office offers similar services to that of Microsoft Office, including word processing and spreadsheet creation and management.
TALOS-2021-1386 (CVE-2021-21958) exists in Hancom Office’s HwordApp.dll. An attacker-created malicious document could trigger a heap-based buffer overflow, eventually leading to code execution and/or memory corruption if the attacker follows a specific attack vector.

https://blog.talosintelligence.com/2022/02/vuln-spotlight-.html

#oscp #iocteams #spread #snortteams
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 10:26:48 Google doesn't want to pull an Apple with new ad tracking changes for Android.

Google is taking a page out of Apple’s book today, with a more developer-friendly and open twist: Privacy Sandbox is coming to Android from Chrome to help reign in mobile advertisers. Rather than being a blanket “ask app not to track” user-facing opt-in, though, Google wants to work with developers to figure out a more sustainable approach, dangling a carrot for their involvement now before it starts swinging a bigger enforcement stick later

For those out of the loop, last year Apple rolled out a new feature called App Tracking Transparency, and it worked very simply: Apps would have to explicitly ask users whether they could be “tracked.” As they say, “if you’re not the customer; you’re the product” and many ostensibly free services like FB actually use your data to serve you ads

https://www.androidpolice.com/android-privacy-sandbox-changes-ads

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 10:23:40 Canada's major banks go offline in mysterious hours-long outage.

Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers.

The banks hit by the outage include Royal Bank of Canada (RBC), BMO (Bank of Montreal), Scotiabank, TD Bank Canada, and the Canadian Imperial Bank of Commerce (CIBC).

Online banking and e-Transfers down for many

Canada's five major banks went offline yesterday impeding access to e-Transfers, online and mobile banking services for many.

Reports of users having trouble getting to their online banking peaked between 5 p.m. and 6 p.m. Eastern time on Wednesday, although BleepingComputer is continuing to see an influx of these reports into today:

https://www.bleepingcomputer.com/news/security/canadas-major-banks-go-offline-in-mysterious-hours-long-outage/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 10:22:18 TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands.

The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks.

Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies’ customers, according to Check Point Research (CPR), which are being cherry-picked for victimization.

According to a Wednesday CPR writeup, TrickBot is targeting well-known brands that include Amazon, American Express, JPMorgan Chase, Microsoft, Navy Federal Credit Union, PayPal, RBC, Yahoo and others.

https://threatpost.com/trickbot-amazon-paypal-top-brands/178483/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 10:20:41 Russia 'stole US defense data' from IT systems.

Clearly no need for leet zero-day hax when you can spearphish and exploit months-old vulnerabilities

A two-year campaign by state-sponsored Russian entities to siphon information from US defense contractors worked, it is claimed.

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said Moscow's cyber-snoops have obtained "significant insight into US weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology."

The Agency added that the intruders made off with sensitive and unclassified email and documents as well as data on proprietary and export-controlled technology.

https://www.theregister.com/2022/02/17/cisa_russian_attacks/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 10:19:17 Lithuania and Poland Issue Cyber-Attack Warnings.

Lithuania and Poland have warned that increased geopolitical tension could trigger cyber-attacks and power cuts in Eastern Europe.

Lithuania’s central bank has reportedly told the country’s banks to prepare for digital assaults and the sudden loss of electricity and internet access.

A letter sent by the bank to financial institutions and seen by Reuters detailed various “extreme but possible” scenarios that could occur should relations between Russia and Ukraine deteriorate.

https://www.infosecurity-magazine.com/news/lithuania-poland-cyber-attack/

https://www.msn.com/en-xl/europe/europe-top-stories/lithuania-warns-banks-of-cyber-attacks-power-cuts-amid-fears-of-war-in-ukraine/ar-AATVN55

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 10:17:18 VMWare fixes holes that could allow virtual machine escapes.

VMWare’s latest security bulletin doesn’t mince its words about how quickly you should patch:

When do I need to act?

Immediately. The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments.

[… G]iven the severity, we strongly recommend that you act.

The issues referred to here are covered in the company’s just-released advisory VMSA-2022-0004.

https://nakedsecurity.sophos.com/2022/02/16/vmware-fixes-holes-that-could-allow-virtual-machine-escapes/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 10:14:33 Mozilla warns Chrome, Firefox ‘100’ user agents may break sites.

Mozilla is warning website developers that the upcoming Firefox 100 and Chrome 100 versions may break websites when parsing user-agent strings containing three-digit version numbers.

A user-agent is a string used by a web browser that includes information about the software, such as the browser name, its version number, and the various technologies it uses.

When a person visits a website, the browser's user-agent is sent along with the request for a web page. This allows the web page to check the visitor's browser version and modify its response based on the features the browser supports.

https://www.bleepingcomputer.com/news/software/mozilla-warns-chrome-firefox-100-user-agents-may-break-sites/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-16 19:07:03 Cyberattacks reported in Ukraine as Russia signals a willingness to negotiate with NATO. TA2541 targets aviation and allied sectors. BlackCat’s tough to shake. Romance scams. Beamers.

Reports of cyberattacks against Ukrainian targets as the parties to the crisis resume negotiations. The US has been forthcoming with intelligence on Russia’s ambitions in the region; those revelations form part of an influence strategy. An apparent criminal group is targeting aviation and related sectors. BlackCat ransomware victims are having difficulty recovering. Why conditions favor romance scams. Ben Yelin looks at pending cyber breach notification laws. Our guest Padraic O'Reilly from CyberSaint on the effectiveness of Biden's plan to protect the water sector. And “beamers” defraud Roblox players.

https://www.thecyberwire.com/podcasts/daily-podcast/1516/notes

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment