Gentoo Linux Security Advisory 202311-10 - Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution. Versions greater than or equal to 1.27 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: RenderDoc: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #908031  
       ID: 202311-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in RenderDoc, the worst of  
which leads to remote code execution.

Background  
=========  
RenderDoc is a free MIT licensed stand-alone graphics debugger that  
allows quick and easy single-frame capture and detailed introspection of  
any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across  
Windows, Linux, Android, or Nintendo Switch™.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-gfx/renderdoc  < 1.27        >= 1.27

Description  
==========  
Multiple vulnerabilities have been discovered in GRUB. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All RenderDoc users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/renderdoc-1.27"

References  
=========  
[ 1 ] CVE-2023-33863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33863  
[ 2 ] CVE-2023-33864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33864  
[ 3 ] CVE-2023-33865  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33865

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-10

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-10

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

**Latest stable release****Version: 21.1****Release Date: 3 June 2021****Release Notes**

Stable releases are recommended for new users and for users not having much time for possible error handling.

**Latest testing release****Version: 21.2-r2333****Release Date: 1 October 2021****Release Notes**

Testing releases are recommended for experienced users familiar with NZBGet.

**Windows**

nzbget-21.1-bin-windows-setup.exe

nzbget-21.2-testing-r2333-bin-windows-setup.exe

Windows XP and later, 32 or 64 Bit.

Manual: Installation on Windows.

**MacOS**

nzbget-21.1-bin-macos.zip

nzbget-21.2-testing-r2333-bin-macos.zip

MacOS 10.7 Lion and later, 64 Bit.

Manual: Installation on Mac.

**Linux**

nzbget-21.1-bin-linux.run

nzbget-21.2-testing-r2333-bin-linux.run

Linux kernel 2.6 and later, x86 (32 or 64 Bit), ARM (32 or 64 Bit), MIPS, PowerPC.

Manual: Installation on Linux.

**FreeBSD**

nzbget-21.1-bin-freebsd.run

nzbget-21.2-testing-r2333-bin-freebsd.run

FreeBSD 9.1 and later, x86 (64 Bit).

Manual: Installation on FreeBSD.

**Android****Daemon**

nzbget-21.1-bin-android.run

nzbget-21.2-testing-r2333-bin-android.run

Android 5.0 and later, x86 (32 Bit), ARM (32 or 64 Bit).

Use installer and frontend app to install the daemon automatically. See manual below for details.

**Installer and frontend app**

nzbget-android-2.0-testing-r36-bin.apk

Android 5.0 and later, x86 (32 Bit), ARM (32 or 64 Bit).

Manual: Installation on Android.

**Other POSIX systems**

Check the package repository of your OS. If you can't find NZBGet there or if you want a newer version please install from source code.

Manuals: Installation on POSIX, Cross-compiling.

**Source code**

nzbget-21.1-src.tar.gz

nzbget-21.2-testing-r2333-src.tar.gz

Source code includes configure and make files for POSIX and project files for MS Visual Studio.

**Latest development sources**

The latest development sources are available in GitHub repository.

Development code may contain serious bugs and is therefore not recommended for average users.

Manual: Build the latest development version.

**Old releases**

Older versions can be obtained from the GitHub project releases page.

CVE-2023-49102: NZBGet - Download

Here are the innovations we’ve made in our products recently. Are you making the most of them?

At Malwarebytes, we’re constantly evolving to protect our customers. These days, our products don’t just protect you from malware, we protect your identity, defend you from ads, safeguard your social media, and keep your mobile safe too.

Here are the innovations we’ve made in our products recently. Are you making the most of them?

****Malwarebytes Premium******Windows**

**Tamper** / **Uninstall Protection**. This allows you to password protect your software so that it can’t be removed remotely.

**Trusted Advisor**. This dashboard provides an easy-to-understand assessment of your computer’s security with a single comprehensive protection score, and clear, expert-driven advice.

**Brute Force Protection**. This blocks Remote Desktop Protocol (RDP) attacks, which are attempts by cybercriminals to access a computer remotely. We do this by blocking IP addresses that exceed a threshold of invalid login attempts.

**Smart Scan.** This enables you to schedule scans at a time when you’re not using your computer, which is best for productivity.

**Mac**

The old adage about Macs not getting viruses is simply not true. Macs need protection too and our **Premium for Mac** is now compatible with macOS Sonoma.

**Mobile Security**

Whether you’re on iOS or Android, our Mobile Security app just got an upgrade. Our **Premium Plus** plan now includes a full-featured VPN to help keep your connections private, no matter where you are. Using the latest VPN technology, WireGuard® protocol, you can enjoy better online privacy at a quicker speed than traditional VPNs.

What you get with our apps:

*   **Android:** Scan for viruses and malware, and detect ransomware, android exploits, phishing scams, and even potentially unwanted apps.

*   **iOS:** Detect and stop robocalls and fake texts, phishing links, malicious sites, and annoying ad trackers (while browsing in Safari).

**Browser Guard**

Available for both Windows and Mac, Malwarebytes Browser Guard is our free browser extension for Chrome, Edge, Firefox, and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It’s the world’s first browser extension to do this, while at the same time identifying and stopping tech support scams.

Browser Guard adds an extra layer to your personal security, on top of your antivirus or firewall. Because it’s a browser extension, it can offer protection in the browser that other means of protection do not have access to.

We’ve recently made enhancements to Browser Guard:

*   **Improved protection:** Stops even more threats with enhanced phishing detection. 
*   **New scanning blocks:** Prevents websites from scanning for vulnerable network ports. 
*   **Facebook support:** Blocks ads and sponsored content from appearing on Facebook feeds. 
*   **Monthly overview:** Summary showcases what has been blocked. 

On top of that, Malwarebytes Premium Security users (Windows only) can now take advantage of:

*   **Content control:** Take control of your browsing experience and define what’s appropriate for you and your family. Fully customize the content you want to block while browsing.
*   **Import and export:** Use your preferences and customized rules with all your browsers, even on other devices. This helps you to experience a consistent and clean web experience. Discover on this video how to transfer Malwarebytes Browser Guard settings to another browser.
*   **Historical Detection Statistics:** View past detections and see what we’ve protected you from.  

Want to see Browser Guard in action? Read the 25 most popular websites vs Malwarebytes Browser Guard

****Malwarebytes Identity Theft Protection****

Newly released, Malwarebytes Identity Theft Protection scours the dark web for your personal information, prevents your social media account from being hacked, and even keeps an eye on your credit (US only) — and it’s all backed by an up-to-$2 million identity theft insurance. (Insurance coverage is $1 or $2 million depending on selected package (latter only available in the US plan **Ultimate)**)

Here’s what you get (based on your selected plan):

*   Ongoing monitoring: Peace of mind that we are actively working in the background to keep you safe
*   Real-time alerts: Immediate notifications if we identify suspicious activity
*   Recommendations and best practices: Advice on how to prevent identity theft, and help if it happens
*   Identity restoration helpline and top-notch customer support.

 Malwarebytes consumer product roundup: The latest 

By Owais Sultan
Ranked and described the functionality of the top 5 best Telegram client applications for Android. Telegram messenger is…
This is a post from HackRead.com Read the original post: Top 5 Best Telegram Client Apps for Android

Ranked and described the functionality of the top 5 best Telegram client applications for Android.

Telegram messenger is gaining popularity, and the number of its users is growing every day. While some users are satisfied with the already included features in the main application, others purchase a Premium version of their favourite messenger, and others have long used the application client Telegram and enjoy the new features of their favourite application. 

****Below is the rating of 5 Telegram messenger client apps for Android********Nicegram** **

What is the Nicegram app? It is one of the most popular Telegram client apps. The app is open source, so you can convince yourself that it is safe. With Nicegram you can get unlocking features for chats and channels, translate messages from a foreign language, forward messages anonymously, add tabs and folders, group chats, create multiple accounts, and view chats without a “read” mark. 

****Telegram X****

We would like to note that it is better to install the beta version of the application, to begin with, as the application has not been updated for a long time. In this messenger you can change the settings of the appearance of the application, also Telegram X has a very clear interface. This client app contains the following features: traffic saving when uploading videos and photos, uploading and sending messages is faster than in the official Telegram app.

****iMe Messenger****

This is a popular app among Android platform users. The app includes many features: a cryptocurrency wallet, sorting chats by topic, a section with music, translating messages from a foreign language right in the chat, blocking selected people to not seeing messages from them, and removing text from photos and image descriptions. You can also use iMe Messenger to convert voice messages to text, and quickly search for GIF images to send in chats. 

****Graph Messenger****

A popular application for those who need privacy when using Messenger. In Graph Messenger developers have included the following features: change your voice when sending voice messages, create and login 100 active accounts at a time, hide chats and channels, chronological display of messages from channels on one page, the ability to edit images directly in the chat, auto-replies for certain contacts directly in the chat. 

** **Vidogram****

This is one of the best Telegram client apps for exploring the content of chats and channels you are subscribed to. With Vidogram you can compile a single news feed from all the channels you are subscribed to, the show history can be in chronological order.

The app also has built-in IPTV, which works very well, so you can watch entertainment, sports and other channels without leaving Vidogram. The app also has features for music lovers: you can form a playlist and listen to music in the app. From the external changes: the user can create animated themes and play online games. 

Thus, there are many client applications of the official Telegram app for Android. They differ from each other in terms of functionality, for example, in many you will find the ability to translate messages from another language right in the chat application.

However, there are also applications with exclusive features, for example, the option to change your voice when sending voice messages. In any case, to select the most convenient and functional application, you should try to install several messengers so that you will be delighted with the new icon on your smartphone. 

****_RELATED ARTICLES_****

1.  **Learn How to Enable Encryption on Facebook Messenger**
2.  **Snowden Explains Why Telegram Messenger App is Unsafe**
3.  **How to use Signal Messenger face blur tool on Android & iOS**
4.  **Encrypted Email Service ProtonMail Supports Physical Security Keys**

Top 5 Best Telegram Client Apps for Android

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.
“Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations,

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.

"Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, such as banks, government services, and utilities," Microsoft threat intelligence researchers Abhishek Pustakala, Harshita Tripathi, and Shivang Desai said in a Monday analysis.

The ultimate goal of the operation is to capture banking details, payment card information, account credentials, and other personal data.

The attack chains involve sharing malicious APK files via social media messages sent on WhatsApp and Telegram by falsely presenting them as banking apps and inducing a sense of urgency by claiming that the targets' bank accounts will be blocked unless they update their permanent account number (PAN) issued by the Indian Income Tax Department through the bogus app.

Upon installation, the app urges the victim to enter their bank account information, debit card PIN, PAN card numbers, and online banking credentials, which are subsequently transmitted to an actor-controlled command-and-control (C2) server and a hard-coded phone number.

"Once all the requested details are submitted, a suspicious note appears stating that the details are being verified to update KYC," the researchers said.

"The user is instructed to wait 30 minutes and not to delete or uninstall the app. Additionally, the app has the functionality to hide its icon, causing it to disappear from the user's device home screen while still running in the background."

Another notable aspect of the malware is that it requests the user to grant it permission to read and send SMS messages, thereby enabling it to intercept one-time passwords (OTPs) and send the victims' messages to the threat actor's phone number via SMS.

Variants of the banking trojan discovered by Microsoft have also been found to steal credit card details along with personally identifiable information (PII) and incoming SMS messages, exposing unsuspecting users to financial fraud.

However, it's worth noting that for these attacks to be successful, users will have to enable the option to install apps from unknown sources outside of the Google Play Store.

"Mobile banking trojan infections can pose significant risks to users' personal information, privacy, device integrity, and financial security," the researchers said. "These threats can often disguise themselves as legitimate apps and deploy social engineering tactics to achieve their goals and steal users' sensitive data and financial assets."

The development comes as the Android ecosystem has also come under attack from the SpyNote trojan, which has targeted Roblox users under the guise of a mod to siphon sensitive information.

In another instance, fake adult websites are being used as lures to entice users into downloading an Android malware called Enchant that specifically focuses on pilfering data from cryptocurrency wallets.

"Enchant malware uses the accessibility service feature to target specific cryptocurrency wallets, including imToken, OKX, Bitpie Wallet, and TokenPocket wallet," Cyble said in a recent report.

"Its primary objective is to steal critical information such as wallet addresses, mnemonic phrases, wallet asset details, wallet passwords, and private keys from compromised devices."

Last month, Doctor Web uncovered several malicious apps on the Google Play Store that displayed intrusive ads (HiddenAds), subscribed users to premium services without their knowledge or consent (Joker), and promoted investment scams by masquerading as trading software (FakeApp).

The onslaught of Android malware has prompted Google to announce new security features such as real-time code-level scanning for newly encountered apps. It also launched restricted settings with Android 13 that prohibits apps from obtaining access to critical device settings (e.g., accessibility) unless it's explicitly enabled by the user.

It's not just Google. Samsung, in late October 2023, unveiled a new Auto Blocker option that prevents app installations from sources other than Google Play Store and Galaxy Store, and blocks harmful commands and software installations through the USB port.

To avoid downloading malicious software from Google Play and other trusted sources, users are advised to check the legitimacy of the app developers, scrutinize reviews, and vet the permissions requested by the apps.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users

By Owais Sultan
Millions of players will enter web3 gaming thanks to a new partnership between READYgg and Aptos Labs realized…
This is a post from HackRead.com Read the original post: READYgg Onboards 15 Million Web2 Players into Web3 in Partnership with Aptos Labs

Millions of players will enter web3 gaming thanks to a new partnership between READYgg and Aptos Labs realized through READYgg’s robust and talented network, all on Aptos, the blockchain with the fastest time-to-finality necessary for seamless gameplay. 

As a result of the new partnership, up to 15 million web2 gamers will migrate to web3 and Aptos. Starting November 20, players can be whitelisted for early access to the new releases launching on December 6. 

READYgg has already signed over 20 major web2 publishers, representing a library of 2,000 games played by over 200m monthly active users. Four of these web2 publishers will now operate on the Aptos blockchain by the end of 2023, with a minimum of a dozen more to follow next year.

Titles will include Runestone Keeper, a roguelike dungeon crawler game (PC/Android/iOS), Rescue Robots Sniper Survival (Android), a first-person action game, Minijuegos, a hypercasual platform, and ToroFun, a browser-based social gaming portal. All these titles will feature web3 elements, such as non-fungible tokens (NFTs), while Minijuegos and ToroFun will also boast an innovative NFT-based loyalty system. 

In addition to benefiting from a performant blockchain with speed and asset portability built-in, publishers joining the READYgg / Aptos ecosystem will enjoy potential funding or grants through the READYgg $RDYX token – known as “The Gamer’s Token” – and predictable Aptos usage fees empowering publishers to run web3 components with less exposure to price volatility.

“It is difficult to overstate just how overjoyed we are about this commitment from Aptos Labs,” said David S. Bennahum, CEO and co-founder of READYgg. “Bridging web2 games to web3 has always been our goal, which is why we’ve built a range of tools traditional publishers can use to seamlessly reach a web3 audience and bring their typical users into the world of on-chain gaming.” 

“Aptos Lab’s expertise will ensure that millions of web2 gamers can get to grips with web3 very quickly, without having to contend with any kind of imposing learning curve,” said Christina Macedo, COO & Co-Founder of READYgg. “They can just have fun, and that’s all that matters”

“This partnership with READYgg will accelerate the delivery of studio-quality web3 games, user experiences, and compelling ownable assets,” said Mo Shaikh, co-founder & CEO of Aptos Labs. 

From the start, READYgg’s vision has been to enable billions of people—developers, players and content creators, in particular in emerging markets—to have the opportunity to access and appreciate web3 easily through games and game economies.

READYgg’s tools and ecosystem democratize access to web3 game creation and open a path to true mass adoption and scale into web3. The partnership with Aptos Labs will expand what’s possible in web3 gaming and deliver unparalleled UX on par or better than anything worth playing on web2.

****About Aptos Labs****

Aptos Labs, co-founded by Mo Shaikh and Avery Ching, is dedicated to creating better network tooling and seamless usability to bring the benefits of decentralization to the masses. Having now raised over $400M, Aptos Labs is backed by top-flight investors, including a16z, Jump Crypto, Binance Labs, Dragonfly, PayPal Ventures, Andreessen Horowitz and Franklin Templeton Investments

****About Aptos Network****

Aptos is a next-generation Layer 1 blockchain. Aptos’ breakthrough technology and programming language, Move, are designed to evolve, improve performance and strengthen user safeguards. Please visit the Apotos Foundation for more information on the Aptos blockchain.

****About READYgg****

READYgg uses blockchain and game development technology to connect and empower games. The company specializes in supporting publishers and studios as they evolve to web3 while providing the best possible experience to their game communities.

****_RELATED ARTICLES_****

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **The Benefits Of Blockchain In The Travel Industry**
3.  **What is Blockchain Gaming and its Play-to-Earn Model?**
4.  **The Advantages of a More Secure and Safer Blockchain**
5.  **The Rise of Blockchain Gaming and Secure Marketplaces**

READYgg Onboards 15 Million Web2 Players into Web3 in Partnership with Aptos Labs

By Deeba Ahmed
The budget tablet, advertised for kids on Amazon, is highly popular among children.
This is a post from HackRead.com Read the original post: Popular Dragon Touch Tablet for Kids Infected with Corejava Malware

The Dragon Touch KidzPad Y88X 10 tablet on Amazon, analyzed by EFF researchers, also comes with preinstalled riskware and an outdated parental control app called KIDOZ.

Retailers like Amazon have played a significant role in popularizing low-cost Android devices for children. However, based on research conducted by the Electronic Frontier Foundation (EFF) on such devices, there is a possibility that they may contain malware.

EFF’s researchers examined the Dragon Touch KidzPad Y88X 10 tablet from Amazon and discovered not only malware but also preinstalled riskware, along with an outdated parental control app called KIDOZ. Following the EFF’s investigations, Amazon removed the product from the platform. However, other Y88X models are still being sold on the site.

Dragon Touch KidzPad Y88X 10 tablet

It is worth noting here that Amazon devices frequently face criticism due to the presence of preinstalled malware. In January 2023, the company gained attention for selling a T95 Android TV box that harboured sophisticated, persistent, and preinstalled malware embedded in its firmware.

Despite awareness of the issue, Amazon continued to sell these compromised devices until February 2023. In both instances, the devices were also infected by the same Corejava malware.

The Android Open Source Project (AOSP) is Google’s open-sourced Android operating system. Consequently, most Android devices available for purchase come equipped with AOSP, featuring multiple customization layers, commonly referred to as AOSP’s ‘skinned’ version.

In addition to beneficial features, these customized versions can facilitate the inclusion of undesired apps or bloatware. For instance, in 2019, Samsung pre-installed the Facebook app on its phones, allowing users only the option to disable it; however, it was later revealed to be a placeholder app. Nevertheless, in more malicious instances, customized versions can come with preinstalled malware.

That is precisely the case with the Dragon Touch Tablet. Researchers discovered that it harboured the notorious Corejava malware, as evidenced by the presence of directories such as “/data/system/Corejava” and “/data/system/Corejava/node” in the tablet’s firmware. These directories indicated the active presence of Corejava on the device. Another red flag was the inclusion of links to other manufacturers and unusual requests originating from the tablet.

Researchers initially powered on the tablet after the C2 servers of Corejava were taken down to prevent any attempts to download malicious payloads. However, the absence of any noticeable activity suggested a residual remnant of the malware, resembling a ‘copied homework,’ possibly a result of hurried production or left for potential future activities.

Moreover, this tablet was preloaded with Adups, which serve as “firmware over the air” (FOTA) update software and is also found on Android TV boxes. It was incorporated into the system under the name “Wireless Update.”

Adups is classified as malware, although there are supposedly “clean versions,” and one such version was present on this tablet. Adups comes preinstalled with the Dragon Touch OEM, and even after a factory reset, the application reappears, making it impossible to uninstall or disable.

Researchers also noted a significant correlation between Android TV box sellers and the Dragon Touch tablet. The group had registered multiple brands and shared an address with the tablet on Walmart. This led to the conclusion that all devices associated with this seller should undergo thorough scrutiny.

The Dragon Touch tablet is equipped with an outdated KIDOZ app that is apparently adware. Despite being COPPA Certified, this app functions as a mini operating system. Notably, its referrer, Tablet Express, is no longer operational.

This suggests that Dragon Touch has repurposed an old version of the app, which continues to collect and send data to Kidoz.net. The information includes details such as device model, brand, country, screen size, timezone, click events, view events, logtime of events, and the unique KID ID.

Furthermore, researchers discovered that the app Kids Paint FREE transmits precise GPS coordinates to an ad server, even though the server itself does not exist. This raises concerns about the privacy and security implications of the tablet’s preinstalled applications.

“This leakage of device-specific information over primarily HTTP (insecure) web requests can be targeted by bad actors who want to siphon information either on the device or by obtaining these defunct domains,” EFF blog post read.

Despite Amazon’s efforts to combat fake reviews, the marketplace giant needs to do more to address the escalating cybersecurity concerns, particularly when the targets are vulnerable children.

****_RELATED ARTICLES_****

1.  **Malware duo pre-installed on cheap Android phones**
2.  **Researcher finds pre-installed keylogger in HP laptops**
3.  **Pre-installed Android malware made $115k revenue in 10 days**
4.  **There is a Pre-Installed Backdoor in OnePlus 5, 3 and 3T Devices**
5.  **Amazon, a safe haven for Android Tablets with pre-installed malware**

Popular Dragon Touch Tablet for Kids Infected with Corejava Malware

An alarm system company that allows people to call for help at the touch of a button has suffered a cyberattack, causing serious disruption.

An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption.

Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023.

Tunstall, among others, provides services and systems to allow smart monitoring in various healthcare settings. One of the services provides sick or disabled persons, and the elderly with an alarm button that can be used in case of an emergency.

Under normal circumstances, the control room would relay the distress call to a caregiver so they can check on and provide help.

The alarm button systems are used in situations where people that require care are not constantly surrounded by caregivers, like care homes that provide independent living, elderly who live at home but need the ability to call for help, and people with a heightened risk of falling.

It’s unknown what the exact nature of the cyberattack is. In case of a ransomware attack, it is unlikely that any group will claim responsibility or demand a ransom. These types of services are usually the type that they want to avoid for fear of repercussions.

Estimates say that tens of thousands of people are unable to reach the control room at the press of a button and will have to call an emergency number instead.

Tunstall says it’s worked hard to remediate the situation. It has engaged a specialized cybersecurity company to investigate the situation. Meanwhile it advised clients to keep their mobile phones handy so they can reach out in case of an emergency. At the moment the first services have been brought back online and the hope is that soon everything will be fully functional again.

Some organizations that use Tunstall’s system say they have provided their clients with the direct number they would need to call when they need help. But obviously pressing a button is a lot easier when you are in distress than having to call a phone number.

**How you can call without having to unlock your phone first**

Having the number pre-programmed and available at the press of a button makes things a bit easier if you do need to call for help via your phone. If you have or are someone who may need immediate help and you don’t have an alarm button or it doesn’t work, there are methods to make it easier to use your phone to raise help.

**iPhones** provide an “Emergency” option on the lock screen. Tapping it opens an on-screen keyboard, which allows you to dial a number. The restriction with this option however, is that it is designed primarily to call emergency numbers. Another option is to use the smart assistant by saying ‘Hey Siri’, and then ask it to call one of your contacts or a phone number. 

Some **Android** phones offer the option to add emergency contacts. Activating Emergency SOS requires you to save at least one emergency contact to your phone. This will need to be done first. Please note that Android phones’ menus may differ from vendor to vendor and version to version.

*   Open the Settings app.
*   Scroll down and tap Safety & emergency. On some types this menu can be found in the Advanced Settings menu.
*   Tap Emergency contacts > Add contact
*   Select one or more emergency contacts from your contact list.
*   Now you can enable Emergency SOS
*   In Safety & emergency, toggle the Use Emergency SOS and set the Use Emergency SOS slider to enabled
*   Confirm the setting and select what information you want to share.
*   You will need to provide the app with the necessary permissions.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Alarm system cyberattack leaves those in need struggling to call for help 

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.

**AUTEL smart drones have a vulnerability to unauthorised breaches of no fly zones**

AUTEL smart drones have a vulnerability to unauthorised breaches of no-fly zones

**The vulnerability involves the item: AUTEL Intelligent UAV-EVO NANO Series  
**https://www.autelrobotics.com/****

Shenzhen AUTEL Intelligent Aviation Technology Co., Ltd. was founded on 29 May 2014, which is a company focusing on the research, development, production and sales of drones, and its main business scope includes the production of civil avionics equipment, automatic control equipment, civil unmanned aerial vehicles, radio data transmission systems, filming equipment, camera products, electronic components, and computer software. AUTEL drones currently occupy 7 per cent of the global market share.

**0x01 Attack Scenarios and harm from vulnerabilities**

There are two roles in a scenario where drone use is considered, the vendor (who manages the cloud), and the operator (who controls the drone via a remote control). When you buy an autel-NANO drone you get a drone body as well as a remote control, which has to be connected to a mobile phone and clocked to a specific app on the phone (AutelSky) for use. We assume that the manufacturer is benign, while the operator may be malicious and will try to get the drone to fly in no-fly zones as much as possible.

Normally drones are not allowed to take off in no-fly zones (e.g. airports) that are preset by the manufacturer, but we found that it is possible to break out of the no-fly zones by hitting the app in the hands of the operator.

Attackers can ignore the no-fly zones (covering all airports, nuclear power plants, prisons, and other sensitive areas) set by the manufacturers in advance, and allow the drones to take off and fly in the no-fly zones. Attackers can cause airliners to crash or use drones for classified surveys.

**0x02 Attack step**

1.  reverse AutelSky APP and find package com.autel.drone.sdk.expose.module.flight.controller;
    
2.  find public void setNFZEnable(CallbackWithNoParam callbackWithNoParam, boolean z) function;
    
3.  through frida hook, call this function when the app starts and set the second parameter to false.
    
4.  At this time, open the APP on the mobile phone to connect the remote control, the drone can take off and fly freely in the no-fly zone.
    

**0x03 Vulnerability Testing Procedure**

Autel Drone Model: NANO Drone

Firmware Version: 1.6.5

Remote Control Firmware Version: 1.6.5

You can download APP from google play or https://www.autelrobotics.com/download/app/

**First way to test**

I have repackaged the Autel Sky APP via frida persistence and uploaded the apk file to this repository(autel\_frida\_sign.apk). You can install the zip and put the frida\_script.js file(uploaded in repository too) in the data/local/tmp directory of your Android phone.

Launch the APP to turn on the remote control, you can find that the drone can still take off when it is in the no-fly zone.

**Second way to test**

Because the remote control has to be connected through the type-c port of the mobile phone, you need to use remote adb + remote Frida to complete the wireless hook (the mobile phone needs to be rooted)

Remote adb pairing command:

adb tcpip 5555

adb connect \[ip address :port\]

Remote frida command:

./frida-server -l 0.0.0.0.:8888

Use this js to complete the hook (the file is already in the repository).

After the configuration is done, launch the APP to turn on the remote control, you can find that the drone can still take off when it is in the no-fly zone.

This vulnerability has been given a CNVD(China National Vulnerability Database) number.

CVE-2023-47335: GitHub - czbxzm/AUTEL-smart-drones-have-a-vulnerability-to-unauthorised-breaches-of-no-fly-zone: AUTEL-smart-drones-have-a-vulnerability-to-unauthorised-breaches-of-no-fly-zones

Microsoft has patched a total of 63 vulnerabilities this Patch Tuesday. Make sure you update as soon as you can.

Another important update round for this month’s Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The zero-days patched in these updates are listed as:

CVE-2023-36025: a Windows SmartScreen security feature bypass vulnerability that would allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. SmartScreen is a built-in Windows component designed to detect and block known malicious websites and files.

It requires user interaction since the user would have to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be compromised by the attacker. Microsoft listed this vulnerability with the remark “Exploitation Detected.”

CVE-2023-36033: a Windows Desktop Window Manager (DWM) Core Library elevation of privilege (EoP) vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability is also listed with the remark “Exploitation Detected.”

CVE-2023-36036: a Windows Cloud Files Mini Filter Driver EoP vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability is also listed with the remark “Exploitation Detected.”

EoP type of vulnerabilities are typically used in attack chains. Once the attacker has gained entrance, the vulnerabilities allow them to increase their permission level.

CVE-2023-36413: a Microsoft Office security feature bypass vulnerability. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. Full exploitation requires that the attacker sends the target a malicious file and convince them to open it. This is a publicly disclosed vulnerability but there are no known cases of exploitation.

CVE-2023-36038: a vulnerability in ASP.NET that could lead to core denial of service. This vulnerability could be exploited if http requests to .NET 8 RC 1 running on IIS InProcess hosting model are cancelled. Threads counts would increase and an OutOfMemoryException is possible. A successful exploitation might result in a total loss of availability. So, basically an attacker would send requests and then cancel them until the program runs out of memory and crashes. Microsoft notes that this vulnerability was publicly disclosed, however no in-the-wild exploitation has been observed, which is not likely to happen either if the denial of service is the best achievable goal for an attacker.

An extra warning for organizations running Microsoft Exchange Server: Prioritize several new Exchange patches, including CVE-2023-36439, which is a vulnerability that enables attackers to install malicious software on an Exchange server.

**Other vendors**

Other organizations have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.

**Adobe** has released security updates to address vulnerabilities affecting multiple Adobe products:

*   APSB23-52: Adobe ColdFusion
*   APSB23-53: Adobe RoboHelp Server
*   APSB23-54: Adobe Acrobat and Reader
*   APSB23-55: Adobe InDesign
*   APSB23-56: Adobe Photoshop
*   APSB23-57: Adobe Bridge
*   APSB23-58: Adobe FrameMaker Publishing Server
*   APSB23-60: Adobe InCopy
*   APSB23-61: Adobe Animate
*   APSB23-62: Adobe Dimension
*   APSB23-63: Adobe Media Encoder
*   APSB23-64: Adobe Audition
*   APSB23-65: Adobe Premiere Pro
*   APSB23-66: Adobe After Effects

**Android**’s November updates were released by Google.

**SAP** released its November 2023 Patch Day updates.

**SysAid** released security updates for a zero-day vulnerability that is actively being exploited by a ransomware affiliate.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Tag

#android