It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information.

**The hard news:** they're often successful, have a long-lasting negative impact on your organization and employees, including:

*   Loss of Money
*   Reputation damage
*   Loss of Intellectual property
*   Disruptions to operational activities
*   Negative effect on company culture

**The harder news:** These often could have been easily avoided.

Phishing, educating your employees, and creating a cyber awareness culture? These are topics we're sensitive to and well-versed in. So, how can you effectively protect your organization against phishing attempts? These best practices will help transform your employees' behavior and build organizational resilience to phishing attacks.

****Plan for total workforce training:****

According to the 2022 Tessian Security Cultures Report, "security leaders underestimate just how much they should be a part of the employee experience" across onboarding, role changes, offboarding, relocations, and day-to-day activities.

But we've repeatedly seen that ad hoc, scattershot employee training attempts don't work. If you want sufficient internal defenses against sophisticated phishing threats, you should train 100% of your employees monthly.

Granted, it isn't easy if your team is growing rapidly or spread across different locations and time zones. Yet doing anything less than 100% employee training leaves you with too many security holes and opportunities for hackers to break in. Unfortunately, it also means you have no way of knowing your employees' level of threat awareness or whether they know how to react to threats. You might be missing your weakest link or getting into a scenario that could have been easily avoided.

****Apply Continuous Training****

Ever been told there'll be a fire evacuation drill? Likely, you weren't caught off guard when the practice started and could have paid more attention. That's the thing about drills; they're in place to prepare us for present and future threats.

Cybersecurity training is no different. While it can quickly become ticking a compliance box to satisfy minimum requirements. To prevent it, you need to catch your staff off guard. Knowing that a threat could present itself at any time keeps employees vigilant and accountable between more extensive training campaigns.

It would be best if you kept giving your employees these unexpected opportunities to learn on an ongoing basis. They will likely make easily avoidable mistakes if they only receive occasional simulations. You might miss new employees without sufficient cybersecurity training, or it might take time for them to revisit and build on this training.

**The solution:** Conducting consistent cybersecurity training is the best way to keep it top of mind for everyone—train for yesterday, today, and tomorrow.

****Deploy Adaptive Content****

You might use cybersecurity understanding or departments as categories. Start by segmenting your workforce into groups. Then, develop adaptive training based on each group's needs - and even based on individual behavior. That's critical to adequately address the challenges of given scenarios of future attack campaigns.

These can include data or password requests, messages from legitimate sources, or realistic content tailored to an organization's specific role or department.

You strengthen employees' defenses by adapting your content to individual responses and specific attack vectors. Doing so turns the human element from a security gap to a security advantage.

****Localize Your Cybersecurity Training****

English might be your corporate language, but it might not be every employee's mother tongue, and cultural contexts might be perceived differently in some branches.

Using employees' mother tongue within a location's cultural context will dramatically enhance their learning retention. By citing local references (such as national holidays, significant news sources, popular social media platforms, and more), you make your simulations more believable and relatable. Your employees will likely pay better attention during training and will be less susceptible to attacks.

Lastly, there could be different implications regarding email compliance standards in different places. Ensure your team is aware of that and incorporate the necessary precautions in these locations' training.

****Back Your Cyber Training with Data Science****

In our experience, one in every five employees is a "serial clicker." Serial clickers click, open, and download attachments that often place them and your organization in danger. They might be a new or existing employee. We've seen it all, from entry-level positions to company stakeholders.

They're not trained or equipt to reliably identify phishing attacks, nor understand how dangerous and their destructive impact. So they keep clicking links in emails that they shouldn't have opened.

**The good news:** We believe serial clickers can be cured because we've seen it repeatedly happen with employee training and education.

We know that serial clickers are just some of the ones to worry about. Employees respond differently to a variety of attack vectors. It's recommended to use data science to understand how employee groups within your organization - from new hires, executive leadership, and veteran employees - respond to potential threats.

Once you analyze the data to understand these groups' behavior, you can develop programs that shift them toward a more discerning approach to email management based on their specific needs and their current place in their cybersecurity awareness journey.

These programs must include expert knowledge, adjusted frequency, timely reminders, custom simulations, and training content designed for highly susceptible groups while respecting employees' privacy.

****Automate Your Cybersecurity Education****

Regardless of the size of your organization, the complexity required to run a training program like the one described above can be challenging. Whether you're looking at it from the perspective of time, resources, or economics, it's almost impossible without a truly automated solution that has expert knowledge baked into the software.

CybeReady provides a fully-automated platform powered by machine learning technology. It mitigates the risks of human error through an educational approach that continuously provides frequent, adaptive, engaging training. Get in touch today to foster a culture that cares, retains information to keep your organization safe, and feels accountable. Make your organization cyber-ready. Learn how you can upgrade your security awareness program with a short, perosanilized demo.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

The 5 Cornerstones for an Effective Cyber Security Awareness Training

It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information. 
The hard news: they're often successful, have a long-lasting negative impact on your organization and employees, including:

It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information.

**The hard news:** they're often successful, have a long-lasting negative impact on your organization and employees, including:

*   Loss of Money
*   Reputation damage
*   Loss of Intellectual property
*   Disruptions to operational activities
*   Negative effect on company culture

**The harder news:** These often could have been easily avoided.

Phishing, educating your employees, and creating a cyber awareness culture? These are topics we're sensitive to and well-versed in. So, how can you effectively protect your organization against phishing attempts? These best practices will help transform your employees' behavior and build organizational resilience to phishing attacks.

****Plan for total workforce training:****

According to the 2022 Tessian Security Cultures Report, "security leaders underestimate just how much they should be a part of the employee experience" across onboarding, role changes, offboarding, relocations, and day-to-day activities.

But we've repeatedly seen that ad hoc, scattershot employee training attempts don't work. If you want sufficient internal defenses against sophisticated phishing threats, you should train 100% of your employees monthly.

Granted, it isn't easy if your team is growing rapidly or spread across different locations and time zones. Yet doing anything less than 100% employee training leaves you with too many security holes and opportunities for hackers to break in. Unfortunately, it also means you have no way of knowing your employees' level of threat awareness or whether they know how to react to threats. You might be missing your weakest link or getting into a scenario that could have been easily avoided.

****Apply Continuous Training****

Ever been told there'll be a fire evacuation drill? Likely, you weren't caught off guard when the practice started and could have paid more attention. That's the thing about drills; they're in place to prepare us for present and future threats.

Cybersecurity training is no different. While it can quickly become ticking a compliance box to satisfy minimum requirements. To prevent it, you need to catch your staff off guard. Knowing that a threat could present itself at any time keeps employees vigilant and accountable between more extensive training campaigns.

It would be best if you kept giving your employees these unexpected opportunities to learn on an ongoing basis. They will likely make easily avoidable mistakes if they only receive occasional simulations. You might miss new employees without sufficient cybersecurity training, or it might take time for them to revisit and build on this training.

**The solution:** Conducting consistent cybersecurity training is the best way to keep it top of mind for everyone—train for yesterday, today, and tomorrow.

****Deploy Adaptive Content****

You might use cybersecurity understanding or departments as categories. Start by segmenting your workforce into groups. Then, develop adaptive training based on each group's needs - and even based on individual behavior. That's critical to adequately address the challenges of given scenarios of future attack campaigns.

These can include data or password requests, messages from legitimate sources, or realistic content tailored to an organization's specific role or department.

You strengthen employees' defenses by adapting your content to individual responses and specific attack vectors. Doing so turns the human element from a security gap to a security advantage.

****Localize Your Cybersecurity Training****

English might be your corporate language, but it might not be every employee's mother tongue, and cultural contexts might be perceived differently in some branches.

Using employees' mother tongue within a location's cultural context will dramatically enhance their learning retention. By citing local references (such as national holidays, significant news sources, popular social media platforms, and more), you make your simulations more believable and relatable. Your employees will likely pay better attention during training and will be less susceptible to attacks.

Lastly, there could be different implications regarding email compliance standards in different places. Ensure your team is aware of that and incorporate the necessary precautions in these locations' training.

****Back Your Cyber Training with Data Science****

In our experience, one in every five employees is a "serial clicker." Serial clickers click, open, and download attachments that often place them and your organization in danger. They might be a new or existing employee. We've seen it all, from entry-level positions to company stakeholders.

They're not trained or equipt to reliably identify phishing attacks, nor understand how dangerous and their destructive impact. So they keep clicking links in emails that they shouldn't have opened.

**The good news:** We believe serial clickers can be cured because we've seen it repeatedly happen with employee training and education.

We know that serial clickers are just some of the ones to worry about. Employees respond differently to a variety of attack vectors. It's recommended to use data science to understand how employee groups within your organization - from new hires, executive leadership, and veteran employees - respond to potential threats.

Once you analyze the data to understand these groups' behavior, you can develop programs that shift them toward a more discerning approach to email management based on their specific needs and their current place in their cybersecurity awareness journey.

These programs must include expert knowledge, adjusted frequency, timely reminders, custom simulations, and training content designed for highly susceptible groups while respecting employees' privacy.

****Automate Your Cybersecurity Education****

Regardless of the size of your organization, the complexity required to run a training program like the one described above can be challenging. Whether you're looking at it from the perspective of time, resources, or economics, it's almost impossible without a truly automated solution that has expert knowledge baked into the software.

CybeReady provides a fully-automated platform powered by machine learning technology. It mitigates the risks of human error through an educational approach that continuously provides frequent, adaptive, engaging training. Get in touch today to foster a culture that cares, retains information to keep your organization safe, and feels accountable. Make your organization cyber-ready. Learn how you can upgrade your security awareness program with a short, perosanilized demo.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

**SUMMARY**

A null pointer dereference vulnerability exists in the handle\_ioctl\_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

**CONFIRMED VULNERABLE VERSIONS**

The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.

Callback technologies CBFS Filter 20.0.8317

**PRODUCT URLS**

CBFS Filter - https://www.callback.com/cbfsfilter/

**CVSSv3 SCORE**

6.2 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

**CWE**

CWE-476 - NULL Pointer Dereference

**DETAILS**

A windows device driver is almost like a kernel DLL that, once loaded, provides additional features. In order to communicate with these device drivers, Windows has a major component named Windows I/O Manager. The Windows IO Manager is responsible for the interface between user applications and device drivers. It implements I/O Request Packets (IRP) to enable the communication with the devices drivers, answering to all I/O requests. For more information see the Microsoft website.

The driver is responsible for creating a device interface with different functions to answer to specific codes, named major code function. If the designer wants to implement customized functions into a driver, there is one major function code named IRP_MJ_DEVICE_CONTROL. By handling such major code function, device drivers will support specific I/O Control Code (IOCTL) through a dispatch routine.

The Windows I/O Manager provides three different methods to enable the shared memory: Buffered I/O, Direct I/O, Neither I/O.  
Without getting into the details of the IO Manager mechanisms, the method Buffered I/O is often the easiest one for handling memory user buffers from a device perspective.  
The I/O Manager is providing all features to enable device drivers sharing buffers between userspace and kernelspace. It will be responsible for copying data back and forth.

Let’s see some examples of routines (which you should not copy as is) that explain how things work.  
When creating a driver, you’ll have several functions to implement, and you’ll find some dispatcher routines to handle different IRP as follows:

    extern "C"
    NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT pDriverObject, _In_ PUNICODE_STRING RegistryPath)
    {
     [...]
            pDriverObject->DriverUnload = DriverUnload;
            pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DriverIOctl;
            pDriverObject->MajorFunction[IRP_MJ_CREATE] = DriverCreate;
            pDriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverClose;
    [...]
    }
    

The DriverEntry is the function main for a driver. This is the place where initializations start.

We can see for example the pDriverObject which is a PDRIVER_OBJECT object given by the system to associate different routines, to be called against specific codes, into the Majorfunction table IRP_MJ_DEVICE_CONTROL for DriverIOctl etc.

Then later inside the driver you’ll see the implementation of the DriverIOctl routine responsible for handling the IOCTL code. It can be something like below:

    NTSTATUS DriverIOctl(PDEVICE_OBJECT pDevObject, PIRP pIrp)
    {
       [...]
        auto pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
        switch (pIrpSp->Parameters.DeviceIoControl.IoControlCode)
        {
    
        case IO_CREATE_EXAMPLE:
                ioctl_inbuffer_data = (ioctl_inbuffer*)pIrp->AssociatedIrp.SystemBuffer;
                auto InputBufferLength = pIrpSp->Parameters.DeviceIoControl.InputBufferLength;
                auto OutputBufferLength = pIrpSp->Parameters.DeviceIoControl.OutputBufferLength;
         [...] some code
    
            pIrp->IoStatus.Information = 0;
            pIrp->IoStatus.Status = status;
    
            break;
         }
         
         pIrp->IoStatus.Information = some value;
         pIrp->IoStatus.Status = status;
         return status;
    }
    

First we can see the pIrp pointer to an IRP structure (the description would be out of the scope of this document). Keep in mind this pointer will be useful for accessing data.  
So here for example we can observe some switch-case implementation depending on the IoControlCode IOCTL. When the device driver gets an IRP with code value IO_CREATE_EXAMPLE, it performs the operations below the case. To get into the buffer data exchanged between userspace and kernelspace and vice-versa, we’ll look into SystemBuffer passed as an argument through the pIrp pointer.

On the device side, the pointer inside an IRP represents the user buffer, usually a field named Irp->AssociatedIrp.SystemBuffer, when the buffered I/O mechanism is chosen. The specification of the method is indicated by the code itself.  
On the userspace side, an application would need to gain access to the device driver symbolic link if it exists, then send some ioctl requests as follows:

    success  = ::DeviceIoControl(
        ghDevice,
        IO_CREATE_EXAMPLE,                  // control code
        &gpIoctl,                           // input buffer
        sizeof(struct ioctl_inbuffer),      // input buffer length
        &gpIoctl,                           // output buffer
        sizeof(struct ioctl_inbuffer),      // output buffer length
        &returned,
        nullptr
    );
    

Such a call will result in an IRP with a major code IRP_MJ_DEVICE_CONTROL and a control code to IO_CREATE_EXAMPLE. The buffer passed from userspace here as input gpIoctl, and output will be accessible from the device driver in the kernelspace via pIrp->AssociatedIrp.SystemBuffer. The lengths specified on the DeviceIoControl parameters will be used to build the IRP, and the device would be able to get them into the InputBufferLength and the OutputBufferLength respectively.

Now below we’ll see one example of sending a correct output buffer length directly without providing the driver some previous context which can lead to different behaviors and more frequently a local denial of service and blue screen of death through the usage of the device driver cbfilter20.

After the system has normally booted and the driver is running, sending an IOCTL 0x83150 with a valid buffer input size and some specific data length leads to the following situation

      CONTEXT:  ffff9c0ee2b66560 -- (.cxr 0xffff9c0ee2b66560)
        rax=0000000000001000 rbx=0000000000000000 rcx=0000000000000000
        rdx=ffffc408362e0a10 rsi=ffffc4083492a570 rdi=0000000000000000
        rip=fffff80258bc4eb4 rsp=ffff9c0ee2b66f60 rbp=ffff9c0ee2b67150
         r8=ffffc40839fe1a30  r9=0000000000083150 r10=fffff80258ba5780
        r11=0000000000000000 r12=ffffc4083a7740c0 r13=ffffc408362e0940
        r14=ffffc40839fe1a01 r15=0000000000000000
        iopl=0         nv up ei pl nz na pe nc
        cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050302
        cbfilter20!handle_ioctl_83150+0xd0:
        fffff802`58bc4eb4 488b4308        mov     rax,qword ptr [rbx+8] ds:002b:00000000`00000008=????????????????
        Resetting default scope
    
        PROCESS_NAME:  python.exe
    

When looking at pseudo code corresponding to the culprit function we can see the following:

    LINE1   __int64 __fastcall handle_ioctl_83150(_DEVICE_OBJECT *a1, PIRP a2)
    LINE2   {
            [...]
    LINE71    v3 = 0i64;
    LINE72    Object = 0i64;
    LINE73    v4 = 0;
    LINE74    SectionHandle = 0i64;
    LINE75    Handle = 0i64;
    LINE76    v48 = 0i64;
    LINE77    buffer_0x10000 = 0i64;
    LINE78    v50 = 0i64;
    LINE79    CurrentStackLocation = a2->Tail.Overlay.CurrentStackLocation;
    LINE80    SystemBuffer = (struct_SystemBuffer *)a2->AssociatedIrp.SystemBuffer;
    LINE81    if ( CurrentStackLocation->Parameters.DeviceIoControl.InputBufferLength != SystemBuffer->size_len + 0x20i64 )
    LINE82    {
    LINE83      l_FileObject = 0i64;
    LINE84  invalid_param:
    LINE85      v14 = STATUS_INVALID_PARAMETER;
    LINE86      goto LABEL_68;
    LINE87    }
    LINE88    FileObject = CurrentStackLocation->FileObject;
    LINE89    must_be_1 = SystemBuffer->must_be_1;
    LINE90    if ( (must_be_1 & 1) != 0 )
    LINE91    {
    LINE92      v4 = 1;
    LINE93      v11 = 0i64;
    LINE94      v12 = 4096i64;
    LINE95    }
    LINE96    else
    LINE97    {
    LINE98      if ( (must_be_1 & 2) == 0 )
    LINE99      {
    LINE100       l_FileObject = (__int64)CurrentStackLocation->FileObject;
    LINE101       goto invalid_param;
    LINE102     }
    LINE103     v11 = 4096i64;
    LINE104     v12 = 0i64;
    LINE105   }
    LINE106   v53 = v12;
    LINE107   MaxCount.QuadPart = v11;
    LINE108   v59 = v12;
    LINE109   v52 = v11;
    LINE110   FsContext2 = (__int64)FileObject->FsContext2;
    LINE111   v58 = FsContext2;
    LINE112   v39 = *(_QWORD *)(FsContext2 + 8);
    LINE113   v54 = v39;
    LINE114   v14 = ObReferenceObjectByHandle(SystemBuffer->handle, 0, 0i64, 0, &Object, 0i64);
    LINE115   v38 = v14;
    LINE116   if ( v14 < 0 )
    LINE117   {
    LINE118     Object = 0i64;
    LINE119     v3 = 0i64;
    LINE120 LABEL_9:
    LINE121     l_FileObject = v39;
    LINE122     goto free_buffer;
    LINE123   }
    LINE124   v15 = *((_QWORD *)Object + 4);
    LINE125   v40 = v15;
    LINE126   v55 = v15;
    LINE127   a2->IoStatus.Information = 0i64;
            [...]
    LINE380   a2->IoStatus.Status = v14;
    LINE381   return (unsigned int)v14;
    LINE382 }
    

The crash is happening at LINE110, while dereferencing FileObject->FsContext2. The issue is happening as there is no null check done against FileObject and is assumed to be always valid, which is not the case if the IRP packet is sent directly. The FileObject is derived directly from CurrentStackLocation at LINE88, which is derived itself from the IRP packet at LINE79. A specially-crafted I/O request packet bypassing the checks done at LINE80 & LINE90 will lead to denial of service immediately.

**Crash Information**

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff80258bc4eb4, Address of the instruction which caused the bugcheck
    Arg3: ffff9c0ee2b66560, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    
    Debugging Details:
    ------------------
    
    
    KEY_VALUES_STRING: 1
    
        Key  : Analysis.CPU.mSec
        Value: 2608
    
        Key  : Analysis.DebugAnalysisManager
        Value: Create
    
        Key  : Analysis.Elapsed.mSec
        Value: 3502
    
        Key  : Analysis.Init.CPU.mSec
        Value: 32186
    
        Key  : Analysis.Init.Elapsed.mSec
        Value: 670833
    
        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 96
    
        Key  : WER.OS.Branch
        Value: vb_release
    
        Key  : WER.OS.Timestamp
        Value: 2019-12-06T14:06:00Z
    
        Key  : WER.OS.Version
        Value: 10.0.19041.1
    
    
    BUGCHECK_CODE:  3b
    
    BUGCHECK_P1: c0000005
    
    BUGCHECK_P2: fffff80258bc4eb4
    
    BUGCHECK_P3: ffff9c0ee2b66560
    
    BUGCHECK_P4: 0
    
    CONTEXT:  ffff9c0ee2b66560 -- (.cxr 0xffff9c0ee2b66560)
    rax=0000000000001000 rbx=0000000000000000 rcx=0000000000000000
    rdx=ffffc408362e0a10 rsi=ffffc4083492a570 rdi=0000000000000000
    rip=fffff80258bc4eb4 rsp=ffff9c0ee2b66f60 rbp=ffff9c0ee2b67150
     r8=ffffc40839fe1a30  r9=0000000000083150 r10=fffff80258ba5780
    r11=0000000000000000 r12=ffffc4083a7740c0 r13=ffffc408362e0940
    r14=ffffc40839fe1a01 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050302
    cbfilter20!handle_ioctl_83150+0xd0:
    fffff802`58bc4eb4 488b4308        mov     rax,qword ptr [rbx+8] ds:002b:00000000`00000008=????????????????
    Resetting default scope
    
    PROCESS_NAME:  python.exe
    
    STACK_TEXT:  
    ffff9c0e`e2b66f60 fffff802`58bbc878     : ffffc408`3492a570 ffffc408`362e0940 ffffeb80`01414701 00000000`00000000 : cbfilter20!handle_ioctl_83150+0xd0
    ffff9c0e`e2b67130 fffff802`58ba57f3     : c40839fe`00000000 ffffc408`362e0940 00000000`00000001 ffffc408`3492a570 : cbfilter20!DispatchDeviceControl+0x2d4
    ffff9c0e`e2b67160 fffff802`5509b7d5     : 00000000`0000000e 00000000`00000000 ffffc408`362e0940 00000000`00000001 : cbfilter20!fn_IRP_MJ_DEVICE_CONTROL+0x73
    ffff9c0e`e2b671c0 fffff802`55481a08     : ffff9c0e`e2b67540 ffffc408`362e0940 00000000`00000001 ffffc408`3ad7e0c0 : nt!IofCallDriver+0x55
    ffff9c0e`e2b67200 fffff802`554812d5     : 00000000`00083150 ffff9c0e`e2b67540 00000000`00000005 ffff9c0e`e2b67540 : nt!IopSynchronousServiceTail+0x1a8
    ffff9c0e`e2b672a0 fffff802`55480cd6     : 00007ff8`86a68e80 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x5e5
    ffff9c0e`e2b673e0 fffff802`55214ab5     : 00000000`00000000 00000000`00000000 00000000`00000000 000000e2`7d7ecb18 : nt!NtDeviceIoControlFile+0x56
    ffff9c0e`e2b67450 00007ff8`c726ce54     : 00007ff8`c4aab04b ffffffff`ff9c9830 00000000`00000000 000000e2`7d7eeb48 : nt!KiSystemServiceCopyEnd+0x25
    000000e2`7d7eea78 00007ff8`c4aab04b     : ffffffff`ff9c9830 00000000`00000000 000000e2`7d7eeb48 000000e2`7d7eec40 : ntdll!NtDeviceIoControlFile+0x14
    000000e2`7d7eea80 00007ff8`c6a05611     : 00000000`00083150 000000e2`7d7eec40 00000236`fb968d00 00007ff8`86b0694d : KERNELBASE!DeviceIoControl+0x6b
    000000e2`7d7eeaf0 00007ff8`86a4648c     : 00000000`00000022 000000e2`7d7eec40 000000e2`7d7eec40 00000000`00000001 : KERNEL32!DeviceIoControlImplementation+0x81
    000000e2`7d7eeb40 00000000`00000022     : 000000e2`7d7eec40 000000e2`7d7eec40 00000000`00000001 00000000`00000000 : win32file!PyInit_win32file+0xf98c
    000000e2`7d7eeb48 000000e2`7d7eec40     : 000000e2`7d7eec40 00000000`00000001 00000000`00000000 000000e2`00000000 : 0x22
    000000e2`7d7eeb50 000000e2`7d7eec40     : 00000000`00000001 00000000`00000000 000000e2`00000000 000000e2`7d7eeba0 : 0x000000e2`7d7eec40
    000000e2`7d7eeb58 00000000`00000001     : 00000000`00000000 000000e2`00000000 000000e2`7d7eeba0 00000000`00000000 : 0x000000e2`7d7eec40
    000000e2`7d7eeb60 00000000`00000000     : 000000e2`00000000 000000e2`7d7eeba0 00000000`00000000 000000e2`7d7eeba8 : 0x1
    
    
    SYMBOL_NAME:  cbfilter20!handle_ioctl_83150+d0
    
    MODULE_NAME: cbfilter20
    
    IMAGE_NAME:  cbfilter20.sys
    
    STACK_COMMAND:  .cxr 0xffff9c0ee2b66560 ; kb
    
    BUCKET_ID_FUNC_OFFSET:  d0
    
    FAILURE_BUCKET_ID:  0x3B_c0000005_cbfilter20!handle_ioctl_83150
    
    OS_VERSION:  10.0.19041.1
    
    BUILDLAB_STR:  vb_release
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    FAILURE_ID_HASH:  {2a1744df-b799-38ae-0bd4-b13f23c537e7}
    
    Followup:     MachineOwner
    ---------
    

**TIMELINE**

2022-11-04 - Vendor Disclosure  
2022-11-04 - Initial Vendor Contact  
2022-11-22 - Public Release

Discovered by Emmanuel Tacheau of Cisco Talos.

CVE-2022-43588: TALOS-2022-1647 || Cisco Talos Intelligence Group

A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

CVE-2022-43590: TALOS-2022-1649 || Cisco Talos Intelligence Group

A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

CVE-2022-43589: TALOS-2022-1648 || Cisco Talos Intelligence Group

Plus: WikiLeaks’ website is falling apart, tax websites are sending your data to Facebook, and cops take down a big phone-number-spoofing operation.

Cybersecurity startup Corellium offered or sold its software to spyware and hacking-tool creators in multiple repressive countries, a WIRED investigation revealed this week. A previously unreported 507-page document, believed to have been prepared by Apple, details how Corellium offered a trial of its products to the controversial spyware firm NSO Group, to a cybersecurity company with ties to the UAE government, and to a firm in China that also has government links. In response, Corellium, which makes phone-virtualization software that can help find security bugs in iOS and Android, published a blog post detailing how it now vets potential customers.

As millions of people across the US celebrated Thanksgiving and attended parades, we looked at the US shortage of bomb-sniffing dogs. Experts say the pandemic has led to a drop in the supply of dogs in the country—85 to 90 percent of them come from overseas—and that the lack of trainer animals is fueling national security concerns.

In other national security news, US lawmakers are calling for stricter rules on autonomous vehicles (AVs), which are able to gather reams of real-time data about their environment. China is a chief concern. In a letter shared exclusively with WIRED, Republican congressman August Pfluger said, “AV technology has opened the door for a foreign nation to spy on American soil, as Chinese companies potentially transfer critical data to the People’s Republic of China.”

We also looked at how hidden data stored in PDF files helped researchers reveal names that had been redacted. Court filings, national security files, and responses to Freedom of Information Act requests have all exposed such information in this way. And we heard the cautionary tale of how one person lost $17,000 in crypto—and how you can avoid the same fate. 

Finally, we published part five of the series “The Hunt for the Dark Web’s Biggest Kingpin,” which chronicles the downfall of AlphaBay, the world’s largest dark-web marketplace. In this installment, investigators in Thailand swoop in on AlphaBay’s mastermind, Alexandre Cazes, and discover he had a fortune topping $20 million. 

But wait, there’s more! Each week, we highlight news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

Apple’s privacy policy for analytics services on its devices, which gather data about how you use its products, claims the information collected isn’t used to identify you. However, a new analysis of the tools, reported by Gizmodo, claims a permanent ID number within the service is “tied to your full name, phone number, birth date, email address and more.” This ID number is sent to Apple alongside the analytics data about how you use your device, researchers from the software company Mysk told the publication. 

The findings appear to contradict the company’s privacy promises. Apple did not answer Gizmodo’_s_ questions on the report. In recent years, Apple has pushed a pro-privacy stance, using it as an advantage over competitors, and it has run ads saying the data on people’s iPhones stays on their devices. However, experts have increasingly questioned some of Apple’s practices. (At the same time, Apple has been growing its advertising business.) In separate research published earlier in November, Mysk researchers claimed that Apple collects detailed information on people using its products through its own apps, even when they turn tracking off.

In June, the UK government approved the extradition of WikiLeaks founder Julian Assange to the United States. While Assange waits on an appeal in the case, the website he created is falling apart. At one point, WikiLeaks hosted more than 10 million leaked documents. However, according to an analysis by the Daily Dot, fewer than 3,000 of the files are now available. Aside from the drop-in documents, the website also has technical issues: It is frequently inaccessible, people have problems searching its content, and parts of its navigation have vanished. 

Meta’s Pixel, formerly known as the Facebook Pixel, is a snippet of code that websites can install to track their visitors. The tool is useful for advertisers. Millions of websites use the tracking tool, and the data is sent back to Meta. This week, The Markup revealed that major US tax websites are using the Pixel and sending financial information to Meta. Some of the data transferred includes names, email addresses, income information, and tax filing status. Some tax websites stopped using Meta’s Pixel following the report. A spokesperson for Meta, Dale Hogan, said that advertisers “should not send sensitive information” about people through its tools. 

And finally, in a major blow to scammers, an international police operation took down the iSpoof website, which let people disguise their phone numbers and show fake caller IDs when making phone calls. It’s estimated that people using iSpoof were contacting up to 20 people every minute of the day as they used false identities to try and trick people into handing over their money. One person was tricked out of £3 million ($3.6 million), reports say. The website now shows a notice saying it has been seized by the FBI and United States Secret Service. In total, 142 people were arrested in the operation, including the alleged administrator of the website, who was arrested in the UK. Police from the UK, US, Ukraine, France, Germany, and five other countries were involved.

Apple Tracks You More Than You Think

By Owais Sultan
A parental control app is an effective software that can help parents stay on guard, prevent, and react timely to online and offline dangers.
This is a post from HackRead.com Read the original post: Top 6 Cell Phone Tracker Apps for Parental Control

Do you have difficulty knowing what your kids are up to when you’re not around? Do you want to ensure they’re not getting into trouble or spending excess time on their phones?

If so, then you need a cell phone tracker app. We have your back covered and have handpicked the 6 best free and paid tools for Android and iOS devices to quench your concerns. Forewarned is forearmed.

**Why Would You Need to Resort to a Cell Phone Tracker App?**

Whether a paid or free parental control app, effective software can help parents stay on guard, prevent, and timely react to the following online and offline dangers:

1.  Sexual predators that target kids online or in the real world
2.  Involvement in cyberbullying, either as victims or perpetrators
3.  Exchanging inappropriate photos or videos with others
4.  Communicating with strangers that try to lure children into meeting in person
5.  Risk of kidnap or trafficking if they spend excess time alone or unsupervised
6.  Access to inappropriate websites
7.  Kids spend excess time on phones and inadequate time doing homework or interacting with the family

The market is riddled with cell phone tracking apps, making picking the right one challenging. This article lists the most prominent and handy solutions for parents.

Did you know around 2100 children go missing in the US daily? Kids are usually easy to find when parents provide relevant information about them. Resorting to the right prevention measures can help parents ensure their kids’ safety. 

**6 Advanced Cell Phone Tracker Apps for Parental Control**

A family tracking app enables parents and guardians to monitor their children when they are not around. Therefore, if you are unsure whether your kids are where they claim to be or are lying, the app can help you know the truth. Here are some of the top-notch tracker apps to help monitor their whereabouts and not only.

**Keep Your Kids Safe with the uMobix Parental Control App**

uMobix is the best parental control app today. It allows real-time tracking of daily progress on their mobile phone or tablet. With this phone monitoring app, users are enabled to capture browser history, see screengrabs, and supervise over 30 apps, including Facebook, WhatsApp, Instagram, TikTok, Telegram, and Snapchat.

This phone tracking app has advanced monitoring features, including a GPS tracker, outgoing, incoming, and missed call records, mic and camera access, text message history, deleted call history, message, and contacts. Also, this monitoring app can capture keystrokes to see what your loved ones are up to.

Additionally, uMobix allows you to remotely pull videos and photos from the target phone and store them on your device. Its advanced GPS tracking feature lets you know the real-time location of the required gadget. Thus, your kid can’t lie about their location anymore if you use this app to track them without knowing.

**How to Use uMobix to Track Your Kid’s Location**

Since uMobix has a demo version, it is possible to use it as a free app to view your child’s phone. The 1-day trial offer allows users to start monitoring for $1. For the extended version, follow these steps to watch your kids with uMobix.

1.  Register by selecting a subscription plan and complete the purchase to receive detailed instructions.
2.  Access the target phone to install uMobix by following the instructions provided in the user account. The process differs for Android and iOS but is straightforward in both cases.
3.  Navigate to your account to receive real-time data about the required phone activity. The GPS location tab can identify your child’s whereabouts anytime.
4.  Cocospy – Multifunctional Parental Control App for Android and iOS

Cocospy is also among the best phone tracking apps. It makes it possible to supervise locations, calls, messages, and app usage. Also, this tracking software enables you to take a sneak peek at the saved contacts. Installing software is straightforward, after which it is possible to track all outgoing and incoming calls, received and sent messages, browser activity, and social media interactions, including iMessages. 

Some social media platforms to monitor Cocospy include Facebook Messenger, Snapchat, Instagram, WhatsApp, Snapchat, and Viber. The app can detect a SIM card change and check the device’s IMEI number.

You may want to know how to supervise a kid’s iPhone with Cocospy. Well, the process is also straightforward. Just sign up with an email ID, then verify your iCloud account. Add the target’s iCloud details and disable two-factor authentication. After that, monitor the device’s activity and location by logging into your Cocospy account.

Cocospy runs in stealth mode, meaning they won’t detect that you’re monitoring them. Also, it manages your kid’s screen time to ensure they spend only a little time on their device. Thus, it allows you to safeguard their health and keep them safe.

**Spyic – Top-Rated Parental Control App for Real-Time Monitoring**

Spyic is a surefire phone location tracking app that can spot your loved one’s whereabouts without their knowledge. It’s a widely used tool providing tracking solutions for iPhones and Android phones. Also, this web application is easy to use from a browser, meaning you don’t have to download anything.

The software has numerous features that make it ideal for location tracking. It’s a hidden family tracking app with a feature-packed online dashboard. For instance, Spyic is there for you to locate a phone’s location without installing an additional app. Access this feature by logging in to your Spyic account via a web browser.

Additionally, Spyic uses unique security protocols to ensure that nobody else can view data about the target device. It shares the target phone’s location coordinates directly with you, and its servers don’t store anything.

Using this app to pin down somebody’s location assures you that they won’t know you’re doing it. Thus, you may monitor their movements, the areas they previously visited, and check-ins. 

**Google Family Link Free Phone Tracker**

As the name suggests, Google Family Link is a family locator that enables you to keep loved ones safer online. Families have unique relationships regarding technology. Therefore, this device and location tracking app provide greater flexibility to allow users to select the right balance for their families. Also, this application helps you create healthy online habits for your family members.

**Find My Kids – Child Locator**

Find My Kids is a location tracker for ensuring child’s safety. It helps you keep in touch with children when they are not nearby or fail to respond to your calls. This GPS phone tracker allows parents to pin down their kids on Google Maps and see their movement history.

Another benefit is the opportunity to find out the apps your children use, including social media platforms and their interactions with them. The time tracking capability helps you know the duration your kids use their devices and the apps they use the most. The family chat feature may make this app unique. It lets you chat with the kids and use funny stickers to enhance the fun. 

This parental control app for free use makes it possible to keep track of your loved ones with minimum expenses, though its functionality is somehow limited compared to tracking apps outlined above. The app is available for Android and iOS users.

**Life360**

The last app on our list is Life360. It’s a well-known app in the US, offering only limited functionality outside the country. Here’s what the app can do for you: 

1.  The app allows you to plan routes and schedules with your family members. 
2.  You can request or send real-time locations. 
3.  You can set up smart notifications for when someone reaches a particular destination or leaves it. You also get alerts if someone’s phone battery is running dry. 

You’ll need Life360 installed on the target iPhone to get it to track the device’s location. You’ll also need permission from the target device, which may or may not be possible.

**Is it Legal to Supervise Your Child’s Device?**

It is legal for parents and guardians to supervise their children’s devices as long as they are minors. Provided the child is under 18 (pay attention that every state has a different age of being an adult), a US parent or guardian can monitor how they use their mobile phone or tablet. That means the parent can use a cell phone tracker to observe their whereabouts and interactions with other people.

The Children’s Online Privacy Protection Act gives parents control over the information that children can access online. This rule protects kids under 13 while considering the internet’s dynamic nature. Also, it applies to online service providers and commercial website operators. When it comes to monitoring an adult person, written consent is required.

**What Should I Look for in a Parental Control App?**

The following tips should help you choose an app to track cell phones.

*   Privacy: You don’t want to expose your loved one’s privacy to the wrong people. Therefore, pick an app that allows for secure and safe parental control.
*   Transparency: The top phone tracking apps are transparent in their operations. They ensure that users know what they can do and how they help them enhance their kids’ safety.
*   Network security: A good tracker app keeps a child safe from illicit content, cyberbullying, and other online crimes.
*   Activities: The primary phone tracker work is to check out the activities the target person does on their device. And this entails all the actions an individual can perform on their device. Therefore, go for an app that can track your phone when lost, monitor social media and online activities, and do everything your kid can do on their phone. Also, it should let you monitor websites and app usage.
*   Friendly interface: An ideal parental control application is easy to use and navigate.
*   Compatibility: Choose an app compatible with the phone required, whether iPhone or Android. Some apps require only the phone number only to track a mobile device.

**Keep Your Kids Safe with the Right Monitoring Software**

Although some make use of a free phone tracker to keep track of loved ones, premium applications are better due to extended functionality and glitch-free operation. That’s because they have more practical features and functionalities. Also, consider customer support, price, and user reviews. Ideally, take your time understanding how the phone tracker app you want to use works to pick one that suits your needs.

1.  What is a parental control app and what are your options
2.  Croatian Police arrests minor over A1 Telecom ransom demand
3.  9 risky apps that you need to monitor on your kids’ smartphone
4.  Germany bans kids’ smartwatches, asks parents to destroy them
5.  Medical Software Firm exposes vulnerable children’s sensitive data

Top 6 Cell Phone Tracker Apps for Parental Control

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

**The API & platform builder, build your apps 10x faster, even more.**

It's open source & 100% free !

Try live demo

     

**Why badaso ?**

*   **100% FREE** - No need for extra thinking about finance to adopt badaso
*   **Modern PWA Dashboard** - Fast and SPA based on Vue.js with PWA technology
*   **Native installation** - Lazy to open the browser? Install badaso on Windows, Linux, MacOS, Android & iOS
*   **Working offline** - No more f\*cked with a bad internet connection, badaso can running offline
*   **Headless** - Badaso use JWT authentication & authorization as default
*   **Seamless integration** - Badaso use Rest API & GraphQL, no need to develop API for your mobile & IoT
*   **Modern design** - Keep your system design amazing and up to date
*   **Secure** - Build based on laravel make it secure as laravel
*   **Modular** - Install custom library in seconds like your other laravel projects
*   **Scalable** - Like your other laravel projects
*   **Easy maintenance** - Like your other laravel projects
*   **Long time support** - Great choice for your long-term project, maintain by uasoft

**Badaso features**

*   **Advanced CRUD generator** - Build your application faster and be more productive
*   **API generator** - Integrate your application (mobile, desktop, even IoT) through Rest API & GraphQL
*   **User management** - Manage your application user
*   **Role management** - Your application user can have a different role
*   **Permission management** - Each role has different access permission
*   **Menu management** - Manage your application menu so easy and faster
*   **Database management** - Handle your database migration via application
*   **Activity logging** - Keep your system safe, know who makes the trouble
*   **Log UI viewer** - No need to open your server to check the log, just stay focused on your application
*   **Daily database backup** - Keep your valuable database safety
*   **Media manager** - Manage your local & cloud media via application
*   Many more!

**Live demo**

Click here for live demo (some error may happen because random test by a lot of random people)

The live demo will reset every 1 hour

**Getting started (installation, how to use & more)**

You can see official badaso documentation.

**Support Badaso**

To keep badaso up to date and support this awesome long-term project you also can donate to badaso.

We appreciate it so much and will keep badaso up to update and support your awesome long-term projects!

*   Become a backer/sponsors on OpenCollective
*   Become a sponsor via github
*   One-time donation via Paypal
*   Direct (contact hello@uatech.co.id)

Good financial support will make badaso keep up to date and keep support your awesome long-term projects!

Thanks to all backers & sponsors!

**Sponsors****Contributing**

Thank you for considering contributing to badaso !

Please read our contributing guideline before submitting a Pull Request to the project.

Thanks to all contributors!

For documentation repo contributing click here.

**Community support**

For general help using badaso, please refer to the official badaso documentation.

For additional help, you can use one of these channels to ask a question:

*   Github discussion (Questions and Discussions)
*   Github issues (Bug reports, Contributions)
*   Facebook groups (Discussion for active facebook users)
*   Telegram groups (Discussion for active telegram users)
*   Youtube tutorial (For visual learner)

**Credits**

Thanks to these awesome projects that make badaso awesome :

*   laravel/laravel (Framework)
*   vuejs/vue (Javascript framework)
*   lusaxweb/vuesax (Vue component)
*   spatie/laravel-backup (automation production database & application backup)
*   spatie/laravel-activitylog (logging dashboard activity)
*   spatie/flysystem-dropbox (dropbox cloud storage integration)
*   nao-pon/flysystem-google-drive (google drive cloud storage integration)
*   league/flysystem-aws-s3-v3 (aws S3 cloud storage integration)
*   guzzlehttp/guzzle (advanced http request)
*   webpatser/laravel-uuid (uuid provider)
*   lcobucci/jwt (JWT provider)
*   tymon/jwt-auth (JWT auth provider)
*   arcanedev/log-viewer (application logging GUI)
*   the-control-group/voyager (reference)
*   UniSharp/laravel-filemanager (file manager)
*   Contact us for credit here.

All financial support that badaso gets will also shared to project above to support the ecosystem and make badaso keep up to date and keep your awesome long-term projects running.

**License**

See the LICENSE file for licensing information.

CVE-2022-41705: GitHub - uasoft-indonesia/badaso: Laravel Vue headless CMS / admin panel / dashboard / builder / API CRUD generator, anything !

New users and monetization methods are increasingly profitable for gaming industry, but many companies find they have to stem growth in cheats, hacks, and other fraud to keep customers loyal.

The video game industry has been booming of late — and cybercriminals are drawn to it as an expanding threat surface, seeing players as a potentially less cautious group of victims. As such, cybersecurity has risen in profile as a major business priority and differentiator for many in the industry.

There's been an influx of casual gamers drawn to new mobile platforms during the pandemic, and companies have found increasingly profitable ways of monetizing in-game items and social experiences. Gaming studios and affiliated games companies seek to keep those users playing while maintaining that growth and profitability in the post-pandemic era.

But with so much entertainment competition out there — not just from other games, but also streaming and digital platforms — it's easy enough for players hacked or cheated one too many times to drop one game and pick up another one instead. Gaming industry insiders like Jonathan Shroyer say that if gaming companies are lax in security, "their games will not succeed."

"Players of games depend on trust, credibility, and predictability when leveraging a brand's game," says Shroyer, chief CX innovation officer for Arise Gaming, a consulting firm that helps gaming companies improve customer satisfaction and gamer engagement in their platforms. "If they find out there was a hack, or fraud, or other security issues, you will see a dramatic drop in gameplay and spend."

He says this is especially true in mobile gaming as these are the least sticky and most casual games in the industry. But the impact of cyber trust is felt across console, PC, virtual reality (VR), and streaming customers as well.

**More Gamers, More Attacks & More Customer Expectations**

There's a lot of money at stake for gaming companies planning for the future. According to a recent study by PwC earlier this year, the video gaming industry will earn $235.7 billion in 2022. That's following a massive tear over the last few years, with the combination of PC, console, and casual gaming companies increasing their revenue by an astonishing 32% from 2019 through 2021. PwC says it expects gaming revenue to keep ticking up from now through 2026 by a healthy 8.4% compound annual growth rate.

As the money has been flowing into everything from eSports to hyper-casual gaming, so, too, have the attacks. Akamai reported recently that cyberattacks on player accounts and gaming companies has increased "dramatically" in the past year, with Web application attacks rising by 167%. The firm says gaming is the industry most hit by distributed denial-of-service (DDoS) attacks, making up 37% of all DDoS globally. That's double the volume of attacks lobbed at the financial sector, which is the second-most DDoS-attacked vertical industry.

Account takeovers, cheating hacks, and fraud are all growing problems, and gamers are taking note of which companies are addressing these cybersecurity issues and which aren't. A study of attitudes from 10,000 gamers worldwide that was released last week by Kaspersky showed that 70% of regular gamers think hacking is a big problem in the gaming world. Around 63% of respondents said their accounts aren't safe enough from attacks — with one in three reporting that their accounts have been hacked in the last two years. And 89% of gamers said they want game developers to pay more attention to cybersecurity issues.

These stats point to why cybersecurity is fast becoming a huge engagement pillar for game studios right alongside designing creative gameplay and immersive worlds. It's a tricky proposition for security executives in this world, because gamers also have big expectations when it comes to gameplay and the overall ambiance of a gaming environment, says Julie Tsai, a longtime cybersecurity executive with deep expertise in the gaming world.

"Users and the community expect things at a high level. They expect things to be intuitive, they expect things to be in the spirit of the gaming — and also sometimes in the spirit of the culture of the particular gamer community they're in," says Tsai, who was head of security for Roblox for the past three years prior to recently venturing on her own as a security consultant. "They're very, very passionate and attached to these things. And also for a security professional, it means that you're going to be dealing with some of the strongest attackers and the adversaries that you can think of because they're very creative and often gamers themselves."

**Today's Biggest Cyberthreats to Gaming**

Like any other vertical industry, games companies are tasked with protecting their organizations from all nature of cybersecurity threats to their business. Many of them are large enterprises with the same concerns for the protection of internal systems, financial platforms, and employee endpoints as any other firm.

"Gaming companies have the same responsibility as any other organization to protect customer privacy and preserve shareholder value. While not specifically regulated like hospitals or critical infrastructure, they must comply with laws like GDPR and CaCPA," explains Craig Burland, CISO for Inversion6, a managed security service provider and fractional CISO firm. "Threats to gaming companies also follow similar trends seen in other segments of the economy — intellectual property (IP) theft, credential theft, and ransomware."

IP issues are heightened for these firms, like many in the broader entertainment category, as content leaks for highly anticipated new games or updates can give a brand a black eye at best, and at worst hit them more directly in the financials. The industry saw this kind of fallout in full effect in September when a hack of Take-Two Interactive and subsequent public leak of Grand Theft Auto 6 resulted in a 2.3% stock drop for the firm.

Layered on top of all of those typical enterprise cybersecurity concerns are unique eccentricities in protecting gaming platforms and player ecosystems. The gaming platforms are their brands — financial and customer service engines all rolled into one. And they're supremely juicy targets for all nature of malfeasance.

Some of the most common concerns gaming companies must contend with are cheaters who seek to take advantage of technical or bugs or design flaws to their advantage, spammers finding ways to blast out links to gamers to everything from snake-oil products to porn, scammers seeking to take advantage of and steal from younger gamers. And then, of course, most common of all are the everyday cyber fraudsters cashing in on account theft.

"What you have to realize is that criminals attack games for one of three reasons: status, ideology, or cash," says Brett Johnson, chief criminal officer for Arkose Labs and a former cybercriminal who before he went straight ran ShadowCrew, the forerunner to today's Dark Web marketplaces. "Most attacks — 98% or more — are cash driven. So criminals are looking for the easiest access that gives the largest return on investment."

The black-hat ROI prospects have especially grown now that gaming companies have monetized in-game assets through means like direct purchase, voluntary advertising views, and recurring subscriptions. This presents endlessly more new ways to commit financial fraud and launder money through gaming platforms. From a gaming cyber defender's perspective, this means that cheating and hacks now not only threaten gameplay experience, but create more financial and legal risks.

"Any time real money value is tied to in game assets, you will see a spike in fraud and other bad actors," Shroyer explains.

Attackers are turning up the heat on game users and platform with credential stuffing attacks and social engineering scams to break into accounts and access in-game currency and unique items. They leverage third-party marketplaces to sell these in-game assets off the platform for real currency to other gamers who want to bolster their characters or speed up their progress. This creates an ideal situation to not only fence stolen in-game assets, but to launder money stolen elsewhere online.

A lot of this criminal activity is powered by bots and click farms to scale up the profitability of their criminal enterprise, Johnson says.

"The problem is, from an attacker point of view, it's not really worth it to me to attack people manually. If you consider most of these accounts, the dollar amounts are not high enough for me to do that," he says. "So I need to find a way to scale that without me having to manually sign on or try to take over to account. And the answer to that is bots."

**The Culture Wildcard**

Many of the criminal ploys targeting games will also play upon the emotional mindset of gamers, who just want to have as much fun as possible. It makes them more likely to maybe fall for a phishing lure in hopes of getting a sneak peek at a new feature, or go to great lengths to buy items from a third-party marketplace that could speed up their progress.

"The gamer almost immediately is not acting out of reason or logic — it's a knee-jerk type of emotional thing. They want to play that game," Johnson says. "It's much easier for me as an attacker to use that to my advantage because they're already going through that door of reacting emotionally."

This highlights the big balancing act that gaming companies generally have to manage when it comes to protecting their platforms and their users. They've got to design better technical controls and more cyber resilience in their systems without damaging player experience or the vibrancy of the gaming culture built up around their brands and their gaming titles.

As Tsai alluded, gamers are passionate and they're also often curious hackers by nature. That includes the creative and benign type, but also the black hats.

The game industry has always been a place where everyone from script kiddies to budding cybercriminals have come to cut their teeth. For the most part, though, the cohort is usually mostly made up of customers who want to be able to develop and share their custom mods and who are willing to spend a lot of engaged time and money on their games, building up a community that buoys up successful games and studio brands.

This means that a lot of the work of security executives is in detangling the malicious elements from that creative and loyal group of gamers. This takes user education and outreach, foresight in design, and engineering work.

**Engineering Good Choices for Gamers**

On the latter front, some of the easiest and most low-hanging fruit can come through layered protection measures that just make it more expensive for attackers to run roughshod over platform with automated bot attacks.

"If a security product can increase the cost of the attack, the chances of the criminal staying on that platform, not very good," Johnson says. "That criminal's going to find someplace else where they can profit easier and not have to have the investment to get the attack to be successful."

According to Shroyer, the industry is in a lot better place now with moderating and managing mods and curbing cheating because there's more technical measures available to developers.

"Gaming brands now have more tools in their toolkit to prevent these activities," he says. "A few examples are unique online accounts that  require the latest software update to play games, new tech and security placed in gaming data centers that make hacking more difficult, and the ability to turn off access via games online if bad behaviors are noticed. These don't eradicate the issues, but similar to how Netflix and Hulu curbed illegal movie downloading, these tools have had a similar effect in the gaming space."  

More fundamentally at the design level, though, Tsai says that security teams and gaming developers also have to work to create player journeys and experiences less hackable. This doesn't mean shutting off the faucet for mods and other beneficial hacking in the platform. Instead, it means doing better threat modeling of platforms, locking down the riskiest areas and providing guardrails for user "developers" almost in the same way that a DevSecOps team would do so for internal developers.

"There's a saying in engineering with regards to user centricity, which is 'Make me make good choices,'" she says. "And so in that respect, you want to create technology that either encourages or only allows users to make good choices."

This kind of effort takes significant effort and a security-first mentality for game development. However, it's an investment that has a definite ROI for gaming firms, she says.

"Security ties to how users in the community think of your integrity and trust you. These are long-term assets," she says. "If you gain credibility over the years, it can absolutely be a business value-add."

For Gaming Companies, Cybersecurity Has Become a Major Value Proposition

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.

BSECV-2022-18Multiple vulnerabilities in BAT-C2 1.0 11.23.2022Security Bulletin BSECV-2022-21Authenticated Command Injection in Hirschmann BAT-C2 1.0 11.23.2022Security Bulletin BSECV-2022-20TinyXML vulnerability in Hirschmann HiLCOS products1.011.23.2022Security Bulletin BSECV-2022-12Multiple Java SE vulnerabilities in Belden/Hirschmann software products 1.0 11.10.2022Security Bulletin BSECV-2021-03Industrial HiVision: Configured external applications may result in execution of arbitrary binaries1.010.17.2022Security Bulletin BSECV-2022-13 Denial of Service Vulnerability in EagleSDV 1.0 08.01.2022Security Bulletin BSECV-2021-16 FragAttacks Hirschmann BAT 1.1 08.01.2022Security Bulletin BSECV-2022-09 FragAttacks ProSoft RadioLinx RLX2 1.0 07.01.2022Security Bulletin BSECV-2022-11 Multiple vulnerabilities in Provize Basic Frontend 1.0 05.03.2022Security Bulletin BSECV-2022-05 Multiple vulnerabilities in Provize Basic Backend 1.0 05.03.2022Security Bulletin BSECV-2022-01 Vulnerability in ‘axios’ HTTP client in Provize Basic 1.0 05.03.2022Security Bulletin BSECV-2021-05 Multiple Vulnerabilities in Tofino 1.101.11.2022Security Bulletin BSECV-2020-03 Potential denial of service vulnerability in PROFINET Devices via DCE-RPC Packets 1.010.21.2021Security Bulletin BSECV-2020-10Password Change Authentication Bypass Vulnerability in HiOS & HiSecOS 1.005.11.2021Security Bulletin BSECV-2019-08Hirschmann RSP, RSPE, and OS2 series HSR denial of service vulnerability 1.0 01.28.2021Security Bulletin BSECV-2021-02ICX35 Local Web Based Configuration Interface Password Set 1.0 01.15.2021Security Bulletin BSECV-2019-09IPsec Firewall Bypass Vulnerability in WLAN (HiLCOS) Products 1.0 01.11.2021Security Bulletin BSECV-2020-08 EtherNet/IP Vulnerability in 2012 release of (3) PLX31s 1.0 12.18.2020Security Bulletin BSECV-2019-14 HiOS EtherNet/IP stack vulnerability 1.0 09.09.2020Security Bulletin BSECV-2020-04Multiple dnsmasq Vulnerabilities in OWL 3G, LTE & LTE M12 1.0 06.15.2020Security Bulletin BSECV-2020-02JAVA SE vulnerability in Industrial HiVision1.0 06.15.2020Security Bulletin BSECV-2020-06pppd vulnerability in Hirschmann OWL Devices1.05.28.2020Security Bulletin BSECV-2020-01Web Server Buffer Overflow in HiOS & HiSecOS products 1.203.25.2020Security Bulletin BSECV-2019-05Multiple IP vulnerabilities in Hirschmann HiOS and Classic Firewall and GarrettCom DX products (URGENT/11) 1.3 11.27.2019Security Bulletin BSECV-2018-06Belden GarrettCom MNS 6K and 10K OpenSSL Vulnerabilities1.008.09.2019Security Bulletin BSECV-2018-08Belden GarrettCom MNS 6K and 10K SNMP Vulnerability1.008.09.2019Security Bulletin BSECV-2018-07Jackson vulnerability in Industrial HiVision1.006.06.2018Security Bulletin BSECV-2017-11strongSwan vulnerability in HiSecOS1.006.06.2018Security Bulletin BSECV-2017-16WPA2 Key Reinstallation Attack (KRACK) vulnerabilities in Hirschmann BAT devices 1.1 06.06.2018Security Bulletin BSECV-2017-15Web Server Authentication Bypass Vulnerability in HiOS & HiSecOS1.005.25.2018Security Bulletin BSECV-2018-02Weaknesses in Hirschmann Classic Platform Switches when using plaintext HTTP for remote management access1.103.09.2018Security Bulletin BSECV-2018-03Weaknesses in Hirschmann Classic Platform Switches in the user authentication module 1.103.09.2018Security Bulletin BSECV-2018-04RADIUS authentication vulnerability1.0 02.26.2018Security Bulletin BSECV-2017-14;  CVE-2017-11400;  CVE-2017-11401;  CVE-2017-11402Potential Tofino Firmware Signing / Protocol Filtering Evasion / Firewall Bypass1.011.06.2017Security Bulletin BSECV-2017-2Unauthenticated remote code execution vulnerability in Industrial HiVision1.0 08.18.2017Security Bulletin BSECV-2017-12Vulnerability in the bundled Java Runtime Environment lets local users execute arbitrary code in Industrial HiVision, HiFusion and HiView1.008.11.2017Security Bulletin BSECV-2017-10ICX35 User Interface Input Validation Issue  1.0 05.08.2017Security Bulletin BSECV-2017-9ICX35 Authentication Vulnerability1.0 05.08.2017Security Bulletin BSECV-2017-8Belden GarrettCom MNS 6K and 10K Device Access and Security Key Vulnerabilities1.0  05.08.2017Security Bulletin BSECV-2017-3Potential false forward of IPv4 multicast/broadcast traffic by HiLCOS Layer-2 Firewall 1.0 05.08.2017Security Bulletin BSECV-2017-7Possible Request Forgery Vulnerabilities for GECKO Devices 1.004.07.2017Security Bulletin BSECV-2017-1Restricted user roles may gain write access to devices managed by Industrial HiVision 1.001.06.2017Security Bulletin BSECV-2016-2Passwords Synchronization with SNMP v1/v2 communities 1.112.19.2016Security Bulletin BSECV-2016-5 Possible Information Disclosure for GECKO Devices1.0 12.19.2016Security Bulletin BSECV-2016-4HiOS TCP Initial Sequence Number Predictability 1.0 06.06.2016Security Bulletin BSECV-2016-1GECKO authentication bypass1.0 03.07.2016Security Bulletin BSECV-2015-5Identical SSH and SSL default keys in HiLCOS Products1.012.11.2015Security Bulletin BSECV-2015-4;CVE-2008-0960SNMPv3 Authentication Bypass 1.0 07.10.2015Security Bulletin

Tag

#ios