On Surface Pro 3 with the SHA1 and SHA256 PCRs enabled on the TPM, BIOS version 3.11.2550 and earlier, only the SHA1 PCRs are extended by the firmware. This means that an adversary can boot into an unmeasured OS and extend the PCRs with false measurements to obtain false attestations. This is a proof of concept exploit from Google.

Surface Pro 3 BIOS False Health Attestation / TPM Carte Blanche

The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals

Artificial Intelligence / Network Security

**The Immersive Experience Happening This September in Las Vegas!**

In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals with groundbreaking skills, knowledge and insights. Taking place from September 4-9, 2024, at Caesars Palace in Las Vegas and online, this event promises to deliver unparalleled learning experiences and networking opportunities. ensuring accessibility for attendees across the globe.

A transformative highlight of this year's event includes AI-focused keynote led by Daniel Miessler, Founder of Unsupervised Learning and Creator of Fabric AI. In his keynote, "How to Run Your Security Program Using AI Before Someone Else Does," Daniel will explore how AI can be seamlessly integrated into security programs to optimize efficiency, readiness, and reveal actionable strategies to stay ahead in the evolving cybersecurity landscape.

For cybersecurity professionals eager to advance their careers, Network Security 2024 offers a unique opportunity to immerse in a rich learning environment. With 45+ specialized courses and 40+ GIAC certifications, all taught by world-renowned experts, attendees will dive into practical skills and insights that can be applied immediately, ensuring a real impact upon returning to the workplace.

The AI Cybersecurity Summit, scheduled for September 8-9, is yet another cornerstone of Network Security 2024. This summit delves into the latest advancements in AI in cybersecurity and features sessions on social engineering, deep fake development, and much more.

For the first time, SANS Institute will introduce three immersive cyber villages. These dynamic environments are designed for interactive, hands-on learning and collaboration, allowing participants to engage in practical exercises and simulations that mirror real-world scenarios. Attendees will test their skills in dynamic simulations and challenges such as Capture-the-Flag competitions and the Core NetWars Tournament. These events provide a thrilling platform for cybersecurity professionals to demonstrate their expertise and problem-solving abilities in a competitive setting.

In celebration of SANS Institute's 35th anniversary, all in-person attendees will receive an exclusive, complimentary Cyber Bundle. This includes a unique, 3-part add on to your experience: extended OnDemand course, labs, and content access following the event from the course Author, AIS247: AI Security Essentials for Business Leaders course, plus admission to the AI Cybersecurity Summit @Night event, further enriching the on-site learning experience.

Experience options are available both in-person at Caesars Palace, Las Vegas, NV, and live online. Secure your spot at Network Security 2024 today and take the next step in your cybersecurity career.

For more information about the event and to register, visit \[SANS Network Security 2024 Event Page\].

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024

Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA ways it could unleash insecure chatbots.

Source: Brain Light via Alamy Stock Photo

BLACK HAT USA – Las Vegas – Wednesday, Aug. 7 – Enterprise usage of Copilot Studio, Microsoft's automated chatbot creation tool, has grown considerably since its release less than nine months ago. But despite opening the floodgates for anyone to create so-called "copilots," all bots created or modified with the service aren't secure by default.

So says security researcher Michael Bargury, a former senior security architect in Microsoft's Azure Security CTO office, now a project leader for the OWASP Low-Code/No-Code Top 10 Security Risks project and CTO at Zenity.

On Wednesday at Black Hat USA in Las Vegas, Bargury demonstrated how developers could unwittingly build copilots that inadvertently exfiltrate data or bypass policies and data loss prevention controls.

"It's very, very easy to make a mistake with this no-code tool and introduce a serious security vulnerability into a copilot," Bargury tells Dark Reading. "Actually, it's very difficult to get everything right because there are so many ways to get it wrong."

**Rapid Adoption of Copilot Studio**

The drag-and-drop, wizard-based Copilot Creation tool is available to all users of the Microsoft 365 productivity suite and has quickly introduced an easy way for power users in lines of business to create copilots, or AI assistants, that are designed to automate workflows and enable more efficient meetings, among other capabilities.

The addition of Copilot Studio to the mix further allows customers to extend the capability of these bots and build custom copilots.

During Microsoft's fourth quarter, 2024 fiscal year earnings call on July 30, chairman and CEO Satya Nadella touted that the usage of Copilots grew 60% in the last quarter. And the number of organizations that have used Copilot Studio grew by 70% last quarter, reaching 50,000 shops, including Carnival, Cognizant, Eaton, KPMG, Majesco, and McKinsey.

**Initial Release Was "Way Overpermissioned"**

Among some of the initial problems Bargury spotted were in the default settings in the copilot bots created by Copilot Creator. Specifically, many of the bots were publicly accessible without requiring authentication. Also, they could impersonate a user with ease.

"You could create a copilot that bakes your identity into it," he explains. "Now, I talk to that copilot over the Internet without logging in, and I'm using your identity. It was way overpermissioned."

Bargury says he discovered a variety of other security faults following the release of Copilot Studio. For example, someone trying to create a copilot designed to call on public SharePoint sites could also tap a private SharePoint site on the same network. Because the copilots could easily be discovered outside of an organization, they could become conduits for remote attacks.

"I could search the Web for open Copilot Studio bots, and we found tens of thousands of them," Bargury says. "And then I could fuzz those copilots with AI and find out which copilots I could talk to, and find out whether it's willing to talk to me and what kinds of information and operations it could perform. And then I could grab information from them."

He says that Microsoft has fixed the issues and has introduced new admin controls designed to strip away the ability to inadvertently create insecure actions, such as allowing an administrator to disallow users from creating bots that can be shared publicly. Admins should update their implementations to protect their organizations.

**Low Code & Chatbots: Balancing Productivity & Security**

The appeal of Microsoft Copilot and similar bots is that they enable users to be more productive, and they automate many routine tasks. But as this research shows, they can also be a weak link inside an organization. Bargury says he believes Microsoft is committed to ensuring Copilot Studio has better security from here on out.

"I think they are going to continue investing in giving admins more control," he says. "But they are in a tough spot because they need to balance productivity with security. And we know where the balance ends."

In his Black Hat session, Bargury also demonstrated CopilotHunter, a new module for the Power Pwn security tool set for Microsoft's low-code/no-code Power Platform that scans for open Copilot Studio bots and fuzzes them to access the data behind them. It is available on GitHub.

**15 Ways to Break Copilot Studio**

In his conclusion, Bargury broke down the 15 security issues he discovered with Copilot Security.

1.  Unreliable and untrusted input
    
2.  Multiple data leakage scenarios
    
3.  Oversharing sensitive data
    
4.  Unexpected execution path
    
5.  Unexpected execution path and operations
    
6.  Data flowing outside org's compliance and geo boundaries
    
7.  Sensitive data oversharing and leakage
    
8.  Destructive, unpredictable copilot actions
    

10.  Gain unintended data access
    
11.  Hardcoded credentials might be supplied as part of a copilot answer
    
12.  Oversharing copilot access through channels
    

14.  Oversharing copilot ownership with members
    
15.  Oversharing copilot ownership (and more) with guests
    

**About the Author**

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Creating Insecure AI Assistants With Microsoft Copilot Studio Is Easy

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

Posted Aug 7, 2024

Authored by indoushka

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 8c38f4e680e6513d62d4303a51a4d7e3eaa5a7bb80e3e87ce8e510bba268a0b9

Download | Favorite | View

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,289)
*   Arbitrary (16,852)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,792)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,386)
*   DoS (25,050)
*   Encryption (2,389)
*   Exploit (53,137)
*   File Inclusion (4,259)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,889)
*   Intrusion Detection (915)
*   Java (3,143)
*   JavaScript (896)
*   Kernel (7,191)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,167)
*   Perl (1,435)
*   PHP (5,222)
*   Proof of Concept (2,382)
*   Protocol (3,724)
*   Python (1,635)
*   Remote (31,646)
*   Root (3,635)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,605)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,941)
*   Web (9,960)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,090)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,547)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,646)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,459)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,729)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,670)
*   Other

Covid-19 Directory On Vaccination System 1.0 Insecure Settings

PRESS RELEASE

NEW YORK – Today, Verizon Business released its 2024 Mobile Security Index (MSI) report outlining the top threats to mobile and IoT device security. This year’s report, in its seventh iteration, goes beyond employee-level mobile usage and extends into the usage of IoT devices and sensors and the security concerns the growth of these devices can present especially as remote work continues to be a trend. This expanded view of mobile security concerns for organizations showcases the evolving threat landscape that CIOs and other IT decision makers must contend with.

As dependency on mobile devices grows, so too do the risks, especially in critical infrastructure sectors where the consequences of security breaches can be catastrophic. The 2024 MSI, which surveyed 600 people responsible for security strategy, policy and management, underscores this point.

**Employees are using more mobile and IoT devices, leading to increased cyber risks**

The survey finds that 80% of respondents consider mobile devices critical to their operations, while 95% are actively using IoT devices. However, this heavy reliance comes with significant security concerns. In critical infrastructure sectors, where 96% of respondents report using IoT devices, more than half state that they have experienced severe security incidents that led to data loss or system downtime.

“These findings highlight the continued friction that employers face as more and more work is done on personal mobile devices,” said Phil Hochmuth Research VP, enterprise mobility at IDC. “This is why we are seeing more and more employers move from a pure bring-your-own-device model to employer provided devices where CIO’s can have greater governance to protect critical infrastructure from cyber attacks."

Additionally, Hochmuth says, organizations should adopt robust frameworks such as Zero Trust and the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) 2.0, and comply with mandates like the European Union’s NIS2 Directive.

**Emerging AI cyberthreats meet new AI defenses**

Emerging artificial intelligence (AI) technologies are expected to exacerbate the mobile threat landscape, but it also presents opportunities for defense. A striking 77% of respondents anticipate that AI-assisted attacks, such as deepfakes and SMS phishing, are likely to succeed. At the same time, 88% of critical infrastructure respondents acknowledge the growing importance of AI-assisted cybersecurity solutions.

**Accounting for IoT growth in cybersecurity planning**

With companies increasingly deploying IoT devices, their digital landscapes are evolving, creating a need for cybersecurity strategies to evolve in kind.

“The Industrial Internet of Things (IIoT) is giving rise to a massive expansion in mobile device technology that goes well beyond phones, tablets and laptops. Enterprise networks now include all sorts of sensors and purpose-built devices that monitor, measure, manage and control commercial tasks and data flow,” said TJ Fox, SVP of Industrial IoT and Automotive, Verizon Business. “That IIoT growth brings with it a proportionate need for more knowledge, awareness and IT solutioning to ensure the security of those increasingly sophisticated networks. The growing importance that IoT plays in our customer’s technology ecosystem underscores why it should be a component in any sound cybersecurity program.”

**What business leaders should know**

The 2024 MSI helps inform cybersecurity decisions for leaders of businesses of all sizes and in key sectors. As mobile and IoT threats rise, the need for robust security measures has never been greater. In response to these growing threats, 84% of respondents have increased their mobile device security spending over the past year, with 89% of critical infrastructure respondents planning further increases.

This year’s MSI includes contributions from Verizon’s partners including Ivanti, Lookout, Jamf among others.  Help your organization lower cyber risks by deploying comprehensive security protections, continuous employee education and advanced threat detection capabilities. Read the Verizon Business 2024 Mobile Security Index to learn more about suggested best practices your organization can implement.

Verizon Business 2024 Mobile Security Index Reveals Escalating Risks in Mobile and IoT Security

PRESS RELEASE

ROCKVILLE, Md., Aug. 1, 2024 /PRNewswire/ -\- Dataprise, a distinguished provider of managed services (MSP) and managed security services (MSSP), today announced the acquisition of Phoenix IT, a cybersecurity incident response and managed service provider in Arizona. The acquisition broadens Dataprise's Cybersecurity platform with new Incident Response & Remediation Services and expands the company's managed services regional footprint to Arizona.

Dataprise's mission is to combine powerful, enterprise-grade solutions with local, personalized service delivery for outstanding client experiences. Phoenix IT uniquely adds to both commitments by enabling Dataprise to offer comprehensive incident response and remediation services, and to expand its reach to clients in Phoenix, AZ.

"Phoenix IT has built a prestigious reputation as the go-to for cyber incident response and recovery among clients and partners nationwide while cultivating a strong regional MSP business. This security-minded, client-first culture aligns naturally with Dataprise and will enable accelerated value on both fronts for clients. We look forward to bringing unexpected value to both Dataprise's clients with the new IR capabilities and Phoenix IT's clients with access to an end-to-end portfolio of IT services," said William Flannery, Chief Executive Officer, Dataprise.

"We are experiencing a rapid growth phase at Phoenix IT, driven by the increasing demand for our Incident Response & Recovery Services and the exceptional work of our expert team. Simultaneously, our commitment to supporting local Phoenix businesses enables us to maintain a comprehensive focus on the client experience," said Nathan Phillips, Founder and CEO of Phoenix IT. "Dataprise is a perfectly aligned partner for our business and clients, and we look forward to robust growth together as we continue to ensure our clients' safety and security."

"Phoenix IT has an exceptional leadership team, dedicated cybersecurity professionals, and a significant presence in Phoenix—a region of strong growth and opportunity. This blend makes Phoenix IT an ideal addition as Dataprise advances our strategy to expand our nationwide footprint and deliver the most advanced Cybersecurity portfolio in the market," said Christian Fulmino, SVP of M&A, Dataprise.

Lance Meilech served as the investment banker on the sale of Phoenix IT. 

About Dataprise  
Dataprise is a portfolio company of Trinity Hunt Partners, a growth-oriented private equity firm. Founded in 1995, Dataprise believes that technology should enable our clients to be the absolute best at what they do. This commitment to client success is why Dataprise is recognized as the premier strategic managed service and security partner to strategic CIOs and IT leaders across the United States. Dataprise delivers best-in-class managed cybersecurity, disaster recovery as a service (DRaaS), managed infrastructure, cloud, and managed end-user services that transform business, enhance user experiences, and eliminate risks. Dataprise has offices across the United States, employs 500+ of the industry's best and brightest, and supports more than 2,000 clients.

You May Also Like

Dataprise Acquires Phoenix IT Adding Cyber Incident Response &amp; Remediation Services

Google has issued security updates for 46 vulnerabilities, including a patch for a remote code execution flaw which has been used in limited targeted attacks.

Google has released patches for 46 vulnerabilities in Android, including a remote code execution (RCE) vulnerability that it says has been used in limited, targeted attacks.

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.

If your Android phone is at patch level 2024-08-01 or later then the issues discussed below have been fixed. The updates have been made available for Android 12, 12L, 13, and 14. Android partners, such as Samsung, Sony, etc, are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.

For most Android devices, you can check for new updates like this: Under **About phone** or **About device** you can tap on **Software updates**, although there may be slight differences based on the brand, type, and Android version.

**Technical details**

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited vulnerability is listed as:

CVE-2024-36971 is a use after free (UAF) vulnerability in the Linux kernel. The vulnerability could lead to remote code execution with System execution privileges needed.

This Linux kernel vulnerability affects the Android OS because the Android kernel is based on an upstream Linux Long Term Supported (LTS) kernel. This kernel is like the engine of the operating system, managing the hardware and basic functions.

The Android kernel is based on a version of the Linux kernel, which is a popular core for many operating systems. Specifically, Android uses a version of the Linux kernel that is designated as “Long Term Supported” (LTS). This means it’s a version that gets updates and fixes for a longer period than regular versions, ensuring it stays secure and stable over time.

UAF is a type of vulnerability that happens when a program incorrectly handles its memory. When a program frees up a piece of memory but still tries to use it afterward, an attacker can exploit this mistake. This can cause the program to crash, behave unpredictably, or even run harmful code. In this case it allows the attacker to remotely execute code on the device if they have enough privileges.

Attackers would need to gain the needed privileges to use this vulnerability by combining it with other vulnerabilities.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android vulnerability used in targeted attacks patched by Google 

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

**Computer Laboratory Management System 1.0 Insecure Settings**

Posted Aug 6, 2024

Authored by indoushka

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 903fb54e0bd8fb8efe43fdddb49a0f5abaa23ea96b8495e4f7c47b36636f9f0d

Download | Favorite | View

**Computer Laboratory Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Computer Laboratory Management System v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html#comment-104400      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,255)
*   Arbitrary (16,849)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,786)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,385)
*   DoS (25,039)
*   Encryption (2,389)
*   Exploit (53,128)
*   File Inclusion (4,258)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,888)
*   Intrusion Detection (915)
*   Java (3,142)
*   JavaScript (896)
*   Kernel (7,188)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,166)
*   Perl (1,435)
*   PHP (5,221)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,632)
*   Remote (31,643)
*   Root (3,633)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,604)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,932)
*   Web (9,955)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,087)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,536)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,612)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,441)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,727)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Computer Laboratory Management System 1.0 Insecure Settings

Men face more pressure—and threats—from significant others to grant access to their personal devices, online accounts, and locations.

Men report facing more pressure than women—and more threats of retaliation—to grant access to their locations and online accounts when in a committed relationship, according to a new analysis of data released this summer by Malwarebytes.

The same analysis also revealed that, while men report more regret in sharing their locations, women report less awareness in how their locations can be accessed, particularly through food delivery apps, ride-hailing services, vacation rental platforms, and other location-based tools.

The data from Malwarebytes paints a nuanced portrait of the struggles that men and women face when deciding how much of their digital lives to share with spouses, boyfriends, girlfriends, and partners. Often, the struggles intersect with parts of modern dating that people have little control over, including how companies track, collect, and share their data, and how easy it is for other people to access that data.

In looking more closely at the research released earlier this year in the report, “What’s mine is yours: How couples share an all-access pass to their digital lives,” Malwarebytes hopes to once again spread awareness and education about secure dating practices in the internet age.

Access our full “Modern Love in the Digital Age” guidance hub below.

Men are going through a loneliness epidemic in America right now.

But even for men in romantic relationships, where companionship should be a salve, other problems emerge. In particular, as Malwarebytes found, these problems include disparate feelings of pressure and regret in sharing their devices, account passwords, and locations.

For example, of partners who shared their location with one another, 36% of men said they’d “felt pressure” to do so, compared with 20% of women who said the same. And a shocking 9% of men who share their account access clarified that such access may be imbalanced, as they agreed: “My partner has threatened me over sharing account access,” compared to 4% of women—a more than two-fold increase. The threats included things like being broken up with, being harmed physically or emotionally, or being shut out and ignored.  

Men were also more likely to report a one-sided consent model for how their partners accessed their devices, accounts, and locations (a model that we’re not entirely ready to call “sharing” because of the clearly communicated lack of consent).

When asked about the way in which they “shared” _any_ type of digital and device access, which included smartphones, tablets, computers, online accounts for multiple apps, and location data, 23% of men said “Yes \[my partner\] has access but I wish they didn’t.” That rate was 12% for women.

Similar disparities arose when men and women answered the same way regarding device access (14% of men compared to 7% of women), social media access (9% of men compared to 4% of women), and access to apps that can share your location (16% of men compared to 9% of women).

But not all location apps are the same, and when asked specifically about apps that are designed to share locations between individuals—such as FindMy on iOS, Find My Device for Google, or third-party tools like Life360—the data revealed the largest discrepancy.

A shocking 400% more men said they only share their locations through those apps “because my partner insists” (8% of men compared with 2% of women).

In the research, men openly shared their feelings on all this, as 14% (compared to 8% of women) agreed: “If I could do it all over again, I wouldn’t share as much personal account information with my partner.”  

In safe and consensual arrangements between couples, a shared location can show up as a little blue dot on a devoted smartphone app.

But for apps that rely on location data to function—like ride-hailing apps, food delivery services, and vacation rental platforms—location “sharing” can feel a lot more like location “leaking.” A shared Airbnb account, for example, could reveal a spouse’s active vacation rental address to another partner logged into the same account. A shared Uber account could reveal ride history, and potentially even a new address, to an ex-boyfriend who never logged out after a breakup. And DoorDash orders could expose when a domestic abuse survivor is at home, so long as their abuser is monitoring the app from the same account.

But these examples, research shows, are not common knowledge, with women showing less awareness than men for every type of account.

Women were less likely to be aware of how their locations could be exposed to another user logged into the same account for vacation rental platforms (68% of women were unaware compared to 49% of men), health and fitness tracking apps like FitBit and Strava (57% of women compared to 43% of men), ride-hailing apps (50% of women compared to 37% of men), and food and grocery delivery apps (49% of women compared to 39% of men).

Women were also more likely to say they were unaware of how the companion apps for many modern vehicles—which can be used to find a car in a large parking lot or to help locate a stolen sedan—can also reveal their location on a shared account (60% of women compared to 41% of men).

This relatively new location-tracking method has caused serious problems for spouses being followed by their exes, and the blame cannot fall on users who are tasked with, as usual, managing even more parts of their lives online.

****Shifting perspectives****

Data alone never presents a full story, and data that compares men and women can be vulnerable to misinterpretation.

The varying issues facing men and women should not be interpreted as problems of their own making—men cannot be said to regret sharing account access because they have “something to hide,” and women cannot be said to be poorer users of technology because of lower reported awareness in location sharing mechanisms.

If anything, the overlap in responses shows the work to be done.

When 68% of women _and_ 49% of men are unaware of how their locations can be accessed through shared accounts on vacation rental platforms, perhaps this isn’t a problem of user awareness. Perhaps it is a problem of unclear communication and lacking transparency from the largest and most popular apps today.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Men report more pressure and threats to share location and accounts with partners, research shows 

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021.
Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection.
"This threat is

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called **LianSpy** since at least 2021.

Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection.

"This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists," security researcher Dmitry Kalinin said in a new technical report published Monday.

It's currently not clear how the spyware is distributed, but the Russian cybersecurity vendor is likely deployed through either an unknown security flaw or direct physical access to the target phone. The malware-laced apps are disguised as Alipay or an Android system service.

LianSpy, once activated, determines if it's running as a system app to operate in the background using administrator privileges, or else requests a wide range of permissions that allow it to access contacts, call logs, and notifications, and draw overlays atop the screen.

It also checks if it's executing in a debugging environment to set up a configuration that persists across reboots, followed by hiding its icon from the launcher and trigger activities such as taking screenshots, exfiltrating data, and updating its configuration to specify what kinds of information needs to be captured.

In some variants, this has been found to include options to gather data from instant messaging apps popular in Russia as well as allow or prohibit running the malware only if it's either connected to Wi-Fi or a mobile network, among others.

"To update the spyware configuration, LianSpy searches for a file matching the regular expression "^frame\_.+\\\\.png$" on a threat actor's Yandex Disk every 30 seconds," Kalinin said. "If found, the file is downloaded to the application's internal data directory."

The harvested data is stored in encrypted form in an SQL database table, specifying the type of record and its SHA-256 hash, such that only a threat actor in possession of the corresponding private RSA key can decrypt the stolen information.

Where LianSpy showcases its stealth is in its ability to bypass the privacy indicators feature introduced by Google in Android 12, which requires apps requesting for microphone and camera permissions display a status bar icon.

"LianSpy developers have managed to bypass this protection by appending a cast value to the Android secure setting parameter icon\_blacklist, which prevents notification icons from appearing in the status bar," Kalinin pointed out.

"LianSpy hides notifications from background services it calls by leveraging the NotificationListenerService that processes status bar notifications and is able to suppress them."

Another sophisticated aspect of the malware entails the use of the su binary with a modified name "mu" to gain root access, raising the possibility that it's likely delivered through a previously unknown exploit or physical device access.

LianSpy's emphasis on flying under the radar is also evidenced in the fact that C2 communications are unidirectional, with the malware not receiving any incoming commands. The Yandex Disk service is used for transmitting stolen data and storing configuration commands.

Credentials for Yandex Disk are updated from a hard-coded Pastebin URL, which varies across malware variants. The use of legitimate services adds a layer of obfuscation, effectively clouding attribution.

LianSpy is the latest addition to a growing list of spyware tools, which are often delivered to target mobile devices – be it Android or iOS – by leveraging zero-day flaws.

"Beyond standard espionage tactics like harvesting call logs and app lists, it leverages root privileges for covert screen recording and evasion," Kalinin said. "Its reliance on a renamed su binary strongly suggests secondary infection following an initial compromise."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#ios