A new version of a known Android banking trojan is making rounds on the internet, stealing sensitive data, and possibly even money, from its victims.
Cybersecurity researchers from NCC Group’s Fox-IT sounded the alarm of a new, upgraded version of the Vultur banking trojan, first spotted in early 2021 but having received a number of important changes and upgrades since then.
While previous versions were being distributed via dropper apps that were smuggled onto the Play Store, this new version uses a combination of smishing and legitimate app abuse. The researchers said that the attackers would first send an SMS message to their victims, warning them of an unauthorized payment transaction and sharing a phone number for the victim to call.
Full takeover
If the victim takes the bait and calls the number, the attacker then persuades them to download a compromised version of the McAfee Security app. While on the surface the app works as intended, in the background it delivers the Brunhilda malware dropper. This dropper drops three payloads, including two APKs and a DEX file which, after obtaining Accessibility Services, establish a connection with the command and control (C2) server, and grant the attackers remote control over the Android device.
For a trojan, Vultur is quite competent. It can record the screen, log keystrokes, and grant the attackers remote access via AlphaVNC and ngrok. Furthermore, it allows the attackers to download and upload files, install apps, delete files, click, scroll, and swipe through the device, and block different apps from running. It can also display custom notifications and disable Keyguard to bypass the lock screen.
Finally, Vultur encrypts its C2 communications to further evade detection.
As usual, the best way to defend against these threats is to use common sense, and only download apps from legitimate, proven repositories.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
With email being the biggest business productivity tool out there, it’s no surprise that it’s also the main vehicle for cybercrime. Email phishing is the most common type of online exploitation, which grew by 173% in Q3 of 2023 compared to the previous quarter of the same year!
Google blocks about 100 million phishing emails every single day. That’s a huge number for just one platform. Most of us suffer from email overload, but it’s also the medium which feels safe and secure. There’s something about email that feels personal, it’s addressed to us and is now in our virtual – and physical – space. Which is probably why it’s such a successful tool for phishing.
Often we’re responding or taking action on an email in a rush. A quick email reply before lunch break, or rushing to a meeting. It’s those that catch us unawares. Various recent studies have looked into what causes the bulk of data breaches, and unfortunately, it’s us, users. Some say it’s about 88%, whereas others put the number closer to 95% of data breaches are caused by human error.
Niall Mackey
Commercial Director, Topsec.
Here are five tactics and tools to help strengthen your organization’s IT security on the email front:
1. Employee education
Most of us are generally overwhelmed with emails. And often we respond in a rush, trusting that the email is from a reliable source, bearing honest information. Taking that for granted is exactly what cyber-criminals rely on. This is why an employee education and awareness program is absolutely crucial when it comes to internet security. Even the most savvy technology users get caught out, because criminals have one job, and that’s to catch us in a brief moment of unawareness or to make victims of the ignorant.
While it seems insignificant, it’s things like checking sender email addresses, opening attachments with caution, or checking links before, that could halt a data breach. Seemingly obvious, it’s those things that are at the heart of email phishing scams.
2. The wolf in CEO’s clothing
More and more, the Chief Executive of a company is targeted by hackers. Often, the CEO’s IT profile has access to all data systems, so it’s the most valuable access point. When executives are used for phishing, it’s known as ‘whaling’. Impersonating the CEO or top brass is also a brilliantly simple method to trick employees into providing information and access. Who’s going to say no to the CEO? Hackers will create a fake email account and request information from appropriate staff members.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Making employees aware of this sort of thing should form part of an education program, but it’s also a good idea to grant limited access to key systems. Creating silos of users who use a particular system is recommended, or allowing system access for a limited period. Allowing one profile (or more) complete access to all systems all the time is creating a massive platform for risk. Limited access protects the user and the organization.
3. Cyber threat intelligence in cybersecurity
In cybersecurity, the evolution of algorithmic approaches and the integration of cyber threat intelligence have become essential in combating sophisticated hacker tactics. Modern algorithms now focus on core characteristics rather than just content, employing AI to identify impersonations in writing style and language. This is combined with pattern analysis to block malicious emails. Concurrently, cyber threat intelligence, which analyses the motives, targets, and methods of attackers, has become a crucial defense layer.
As attackers use advanced methods like legitimate domain emails and clean IP addresses, it’s vital to have robust security systems that blend advanced algorithmic analysis with continuous threat intelligence, and human experts still play a huge role here, to effectively detect and counter hacker activities.
4. View email as just one piece of the security puzzle
While email is a useful tool to access an organization’s assets, it’s not the only one. But it’s important to ensure that all avenues are coordinated to block threats, from cloud applications, to websites accessed by employees. And technology systems are also only one aspect of cybersecurity. Much of an organization’s protection lies in ensuring staff is vigilant and educated. Email security should not be a silo, but rather it should be integrated into the bigger picture of the entire technology environment, which should be integrated into the company culture.
5. A multi-layered approach with emphasis on attachment scanning
In enhancing email security, a multi-layered approach is paramount, with a significant emphasis on the vigilant scanning of attachments. These attachments are often the carriers of malware and other cyber threats. Advanced scanning techniques are crucial, utilizing not only traditional malware signature detection but also heuristic analysis to identify new, unknown threats. This involves examining attachments in a controlled environment, or ‘sandboxing’, to detect any malicious behavior.
Additionally, this multi-layered strategy should integrate robust phishing detection, continuous cyber threat intelligence updates, and stringent access controls, ensuring a comprehensive defense against the diverse and evolving nature of email-based threats.
Attackers excel in presenting an innocent front in a phishing email, and it requires not only smart systems in place, but human smarts at every level to keep a company’s data assets secure. Cybersecurity walks the fine line between maintaining efficiency and avoiding user frustration, while also keeping an organisation’s key assets safe.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Samsung has started rolling out the April 2024 security update to the Galaxy S24 series. The update is currently rolling out in South Korea and could be released in other countries within a matter of days. It is surprising to see the April 2024 update arrive even before March has ended.
April 2024 security update for Galaxy S24 fixes remaining camera issues
The new software update for the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra is available in South Korea with firmware version S92xNKSU1AXCA. The update has a download size of around 797.83MB, which is decently big, and you should consider downloading it via a Wi-Fi network. It includes the April 2024 security patch, but Samsung hasn’t revealed which security vulnerabilities it has fixed with the new patch.
If you have a Galaxy S24 series phone and live in South Korea, you can now check for the new update on your phone. You can do that by navigating to Settings » Software update and tapping Download and install. The new firmware files will be available in our firmware database shortly.
In a support document, Apple said the updates patch an image-related security vulnerability that “may lead to arbitrary code execution.”
The full details:
CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero
WebRTC
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero
To update your iPhone or iPad, open the Settings app and tap General → Software Update.
iOS 18 will give iPhone users greater control over Home Screen app icon arrangement, according to sources familiar with the matter. While app icons will likely remain locked to an invisible grid system on the Home Screen, to ensure there is some uniformity, our sources say that users will be able to arrange icons more freely on iOS 18. For example, we expect that the update will introduce…
Apple’s iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models concurrently, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different, and already we have some idea of what to expect from Apple’s 2025 smartphone lineup. If you plan to skip…
Apple today released iOS 17.4.1 and iPadOS 17.4.1, minor updates to the iOS 17 and iPadOS 17 operating systems. The new software comes a couple of weeks after Apple released iOS 17.4 and iPadOS 17.4 with app changes in the European Union, new emoji, and more. iOS 17.4.1 and iPadOS 17.4.1 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software…
On this week’s episode of The MacRumors Show, we discuss Apple’s rumored plan to refresh the entire AirPods lineup with a series of new models. Subscribe to The MacRumors Show YouTube channel for more videos The fourth-generation AirPods will reportedly feature a new design with a better fit, improved sound quality, and an updated charging case with a USB-C port. For the first time ever,…
An unpatchable vulnerability has been discovered in Apple’s M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica). Named “GoFetch,” the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will…
The latest 13-inch and 15-inch MacBook Air models have been available for two weeks now, and MacRumors videographer Dan Barbera has been using the 15-inch version since it launched. Over on our YouTube channel, Dan shared a review now that he’s been able to spend some quality time with the machine. Subscribe to the MacRumors YouTube channel for more videos. The M3 MacBook Air is a perfect…
We’re getting closer to the launch of new iPad Pro and iPad Air models, while rumors about iOS 18 are continuing to ramp up with this week’s surprise revelation that Apple has been talking to Google and others about potentially helping power the generative AI features expected to be a major part of this year’s update. Other news this week saw the release of iOS 17.4.1 and iPadOS 17.4.1…
Regardless of what you need, there is an app for that. In fact, there are 1.81 million apps on Apple’s App Store in 2024, according to Business of Apps. This growing trend has spread from our pockets to our businesses with more adoption of Software as a Service (SaaS) and cloud computing. The average company has 371 SaaS applications, while IDC found companies spent $315.5 billion on public cloud services during the first half of 2023.
All of this software and all of these applications are made by humans, and people, notoriously, make mistakes. Mistakes in software development increase the likelihood of attacks, which leads to security incidents. Multiply these risks by the size of your tech stack, and keeping your environment secure seems nearly impossible.
Identify problems early
To ease some of the risk and security burden, find the issues earlier in the software development process. This is called a “shift-left” concept as it involves running security scans and reviews earlier in the software development life cycle (SDLC). Scanning software in the continuous integration/continuous deployment (CI/CD) pipeline flags problems that need attention before they become vulnerable to attackers. By finding bugs, misconfigurations, or vulnerabilities earlier, you can also fix them sooner and at a lower cost than when those same issues are running in production applications or are part of software that is deployed to thousands or millions of real-world assets.
Though the concept of shift-left security has been discussed as a best practice for the past few years, it does not appear to be well implemented. Data from the Sysdig 2024 Cloud-Native Security and Usage Report found that scans on production systems failed more often than those in the CI/CD build pipeline. The report identified 91% of production scan policy failures, while CI/CD scans failed at 71%. CI/CD scans take place before production runtime scans, so any failures captured in the CI/CD build pipeline should be corrected before they are scanned in runtime. So why are we seeing such a high failure rate during runtime if the shift-left concept is the best practice?
Crystal Morin
Cybersecurity Strategist, Sysdig.
Making changes to your processes
First and foremost, improving collaboration between teams rather than just addressing security requirements alone will almost always prove to be more effective and sustainable. In the eyes of a developer, shift-left requires added responsibilities for fixes and changes without additional assistance. For them, shifting left may look more like a workload increase than a change in approach that can reduce security risks.
To overcome this hurdle and make shift-left processes work, security personnel must understand how their developer colleagues actually work in practice. Do the applications they build follow traditional design principles, are they cloud-native applications built to be distributed, immutable, and ephemeral (DIE), or is there a combination of builds in transition from traditional to cloud-native?
By better understanding how complex their environments and application builds are at the core, security teams can help developers navigate what risks exist in their applications and how to prioritize and mitigate the biggest threats before they’re realized in production. This should include determining how significant the risk is to your organization and environment, and what steps are required to mitigate the risk. This process ensures that developers can focus on any changes they have to make where they are needed the most, such as exploitable critical vulnerabilities or misconfigurations.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Similarly, security teams and their tools can also flag where wasted components or permissions might be included in standard container images. Developers often use software containers or machine images as standardized templates for deployment. If those templates contain out-of-date components, however, every use of that template will be flagged as an additional security risk. Updating developer workload templates will reduce the number of security alerts and risks and minimize repetitive work efforts.
Improve security before production
Ideally, software containers are meant to be immutable. This means that a workload does not change during runtime. Container drift, or modification and updates made to a container while in production, often triggers security alerts but is common practice for developers. If developers restrain themselves from workload modifications during runtime (drift control), security teams can have more sensitive and higher fidelity detections set for container drift, indicating potentially malicious activity instead of development noise.
Runtime scans are more accurate in highlighting security issues that are active in a production environment. These scans keep the security issues closer to the security team rather than passing off security problems to developers. Problems that exist in production environments have the potential to negatively impact business operations.
Long-term security gains
We all rely on software and applications in our daily lives and our organizations. This software must be kept secure. We can improve its security by shifting left and keeping to the “secure-by-design” mantra. Software and applications that are built securely have less attack risk and will cause fewer policy scan failures, reducing the security burden on both security and developer teams.
In practice, security teams need to work with developers to indicate where those potential risks exist and how they can be removed. At the same time, developers can educate security teams and collaborate with them to stop issues from getting into code or infrastructure components. This teamwork, and sharing common goals, will improve overall software quality and security across entire organizations.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Security researchers have found a relatively easy and cheap way to clone the keycards used on three million Saflok electronic RFID locks in 13,000 hotels and homes all over the world.
The keycard and lock manufacturer, Dormakaba, has been notified, and it is currently working to replace the vulnerable hardware – but it’s a long, tedious process, which is not yet done.
Although first discovered back in 2022, the researchers have disclosed more information on the flaws, dubbed “Unsaflok”, in order to raise awareness.
Cheap card cloning
The flaws were discovered at a private hacking event was set up in Las Vegas, where different research teams competed to find vulnerabilities in a hotel room and all devices inside. A team, consisting of Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, shell, and Will Caruana, focused their attention on the Dormakaba Saflok electronic locks for hotel rooms. Soon enough, they found two flaws which, when chained together, allowed them to open the doors with a custom-built keycard.
First, they needed access to any card from the premises. That could be the card to their own room. Then, they reverse-engineered the Dormakaba front desk software and lock programming device, which allowed them to spoof a working master key which can open any room on the property. Finally, to clone the cards, they needed to break into Dormakaba’s key derivation function.
To forge the keycards, the team used a MIFARE Classic card, a commercial card-writing tool, and an Android phone with NFC capabilities. All of this costs just a few hundred dollars, it was said.
With their custom-built keycard, the team would be able to access more than three million locks, installed in 13,000 hotels and homes all over the world.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Following the publication of the findings, Dormakaba released a statement to the media, saying the vulnerability affects Saflok systems System 6000, Ambiance, and Community. It added that there is no evidence of these flaws ever being exploited in the wild.
Apple today released iOS 17.4.1 and iPadOS 17.4.1, minor updates to the iOS 17 and iPadOS 17 operating systems. The new software comes a couple of weeks after Apple released iOS 17.4 and iPadOS 17.4 with app changes in the European Union, new emoji, and more.
iOS 17.4.1 and iPadOS 17.4.1 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update.
According to Apple’s release notes, the iOS 17.4.1 update includes important security updates and bug fixes.
Apple will likely begin testing iOS 17.5 in the near future, with betas expected to come out in the next two weeks.
Apple’s iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models concurrently, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different, and already we have some idea of what to expect from Apple’s 2025 smartphone lineup. If you plan to skip…
Apple is widely expected to release new iPad Air and OLED iPad Pro models in the next few weeks. According to new rumors coming out of Asia, the company will announce its new iPads on Tuesday, March 26. Chinese leaker Instant Digital on Weibo this morning 日发布%23″>claimed that the date will see some sort of announcement from Apple related to new iPads, but stopped short of calling it an…
The next-generation iPad Air is now reportedly shipping to the United States and other countries in preparation for launch. The rumor comes from the leaker known as “Instant Digital,” who claims that manufacturers in China are now shipping the 2024 iPad Air in two sizes to overseas locations. “Everything is ready” for launch, the Weibo user says. The sixth-generation iPad Air is rumored…
Apple’s new iPad Pro models with OLED displays will likely begin shipping to customers in April, according to information shared today by Ross Young, CEO of display industry research firm Display Supply Chain Consultants. Bloomberg’s Mark Gurman also said the new iPad Pro models might not ship until “deeper” into April in his Power On newsletter on Sunday:I’ve repeatedly said that new…
iOS 17.4.1 and iPadOS 17.4.1 should be released within the next few days, with a build number of 21E235, according to a source with a proven track record. MacRumors previously reported that Apple was internally testing iOS 17.4.1. As a minor update for the iPhone, it will likely address software bugs and/or security vulnerabilities. It is unclear if the update will include any other changes. …
Since Apple unveiled macOS Sonoma 14.4 on March 7, the transition to the latest software update has not been entirely smooth for everyone, and a number of issues have been reported by users that significantly impact their daily workflow. This article lists the most prominent challenges users have faced since updating to macOS Sonoma 14.4, and offers potential solutions where available. USB…
Apple suppliers will begin production of two new fourth-generation AirPods models in May, according to Bloomberg’s Mark Gurman. Based on this production timeframe, he expects the headphones to be released in September or October. Gurman expects both fourth-generation AirPods models to feature a new design with better fit, improved sound quality, and an updated charging case with a USB-C…
Samsung’s new Galaxy A55 is now getting its first firmware update. The phone ships with the February 2024 security patch, but now, Samsung is already releasing the March update for the new mid-range hero phone.
The update is rolling out in India, at the very least, and carries firmware version A556EXXS1AXC1. It weighs a little under 210MB. And judging by the firmware version, the update consists only of the newer March 2024 security patch.
The changelog does mention “New and/or enhanced features,” and “Further improvements to performance,” but this is just what Samsung’s generic copy-pasted changelog looks like. There’s no guarantee that the generic changelog reflects the real update.
The Galaxy A55 already ships with the latest version of One UI you can get, i.e., One UI 6.1, which means it will take a while before the phone will receive any new and meaningful software features.
One UI 6.1 is the same update that shipped with the Galaxy S24 series, although it doesn’t contain any clever Galaxy AI tools for the mid-range A55 phone. Its chipset likely couldn’t handle Samsung’s Advanced Intelligence suite.
If you happen to own the Galaxy A55, you can keep an eye on our firmware page or try downloading this update manually on your phone by opening the Settings app, accessing “Software update,” and tapping “Download and install.”
Yes, securing your home is worth spending money on, but if you can do it at a discount, that’s the way to go. Right now, there are a bunch Amazon Blink devices discounted as part of the site’s Big Spring Sale. The new Blink Outdoor 4‘s deal is especially of note, with the device’s three camera system down to $150 from $260. The 42 percent discount brings the fourth-generation camera to the lowest price we’ve seen this year (the three pack’s all-time low was $135 on Black Friday). If one camera is all you need, then take advantage of the sale on a single Blink Outdoor 4. It’s currently down to $65 from $100 — a 35 percent discount.
Blink
The Blink Outdoor 4 debuted last August as a significant upgrade to its predecessor. One of the biggest differences is the field of vision, which has increased from 110 to 143 degrees. It also boasts better low-light sensitivity and image quality. Blink claims the devices last two years before needing their AA batteries replaced.
Another new feature of the Blink Outdoor 4 is its person detection. Basically, instead of just alerting you to the fact that there’s some kind of motion, the camera can determine whether the movement is from a human. However, this feature is exclusive to anyone with Blink’s subscription plan. If you’re interested in it, there’s a 30-day free trial, and then you can pay $3 per month or $30 annually to continue it. The plan also offers the ability to save and share videos through the cloud.
The UK National Cyber Security Center (NCSC) has released new guidance on securing supervisory control and data acquisition (SCADA) cloud environments for operational technology (OT).
UK critical national infrastructure (CNI) is highly dependent on SCADA as a means for data collection and control, and due to the importance of their environments they are at a higher risk of cyber attack.
Therefore, the NCSC is seeking to boost the security and resilience of these environments to lower the risk of a critical breach by cyber criminals or state-backed groups.
Tips and tricks for SCADA security
The original basis of SCADA security in legacy systems was designed around the ‘air-gapped’ model, whereby the SCADA infrastructure is separated from both the internet and the organization’s network.
The NCSC says that if an organization is looking to move from the ‘air-gapped’ model to a cloud environment, there needs to be significant controls and constant monitoring on the connectivity and access to the CNI. However, migrations to a cloud environment should be considered on a per-case basis, with specific guidance provided depending on the use-case of the organization.
There are several solutions that the NCSC provides guidance on, from full cloud migration down to using the cloud as a simple standby/recovery solution – each with its own pros, cons, and levels of risk.
One of the most significant advantages of using a cloud environment is the open ended design of cloud, allowing organizations to maintain consistent observability over their environment over time, especially as new and advanced threats emerge and are studied and understood.
The NCSC also highlights the scalability of cloud environments, both in capacity and application usage, with both being available depending on the needs, size and criticality of the infrastructure being operated.
China has increasingly targeted US CNI in a number of cyber attacks, and the crosshairs could soon more to the UK, the NCSC says, stating in its Annual Review 2023 that, “it is highly likely the cyber threat to UK CNI has heightened in the last year,” alongside a statement in a joint advisory with the US Critical Infrastructure & Security Agency (CISA) about the risks posed by China.
Speaking on the NCSC guidance, Chris Doman, CTO and co-founder of Cado Security said, “This report comes off the back of two trends; SCADA systems are increasingly not only connected to the internet, but also hosted in the cloud. This brings easier access to the data but can also increase the attack surface.
“There is a wider concern and awareness of the security of critical national infrastructure, and the potential for cyber attacks to cause physical damage, partly due to world events.”
