Hacken Token
$ -- --.--

Weekly News Digest #35

Android apps’ cloud authentication failures have led to the large data exposure

The analysis of Android apps has revealed critical cloud misconfigurations that could cause the exposure of data belonging to more than 100 million users. Check Point Research (CPR) cybersecurity firm has identified that over 23 popular mobile apps may contain third party cloud services misconfigurations. 

The popularity of cloud services has dramatically increased since the outbreak of the coronavirus pandemic and companies’ shift to remote work. According to CPR, the Android apps including screen recorder, astrology software, taxi app, logo maker, and others leaked such data as location information, chat messages, email records, user IDs, images, and passwords. The researchers have found that sensitive data is publicly available in unsecured cloud setups in 13 cases.

The CPR researchers suggest that security issues are the result of app developers’ failure to follow best practices at the stage of configuration and integration of third-party cloud services into their apps. 

Read more

Colonial Pipeline CEO confirmed the payment of ransom to DarkSide 

Colonial Pipeline has paid a $4.4 million ransom to cybercriminals and suggests that it was the right option. According to the company, it provides almost half of the East Coast’s fuel including diesel, gasoline, and military supplies. That is why the payment of ransom was the ‘right thing to do for the country’ since due to the attack the company was forced to close down its IT systems and pipeline operations. 

The company decided to pay the ransom since it was not fully aware of the scope of the attack as well as was afraid of the risk of future attacks. Due to the stakes involved, the company’s CEO made this difficult decision. According to the statement made by the FBI, a DarkSide operator was responsible for the attack. These malicious actors have already earned $90 mln in cryptocurrencies in the form of ransom payments from at least 47 victims.

Read more

Google warns that 4 Android flaws are under attack 

Google has released its May 2021 Android patch and has already provided information on some of the vulnerabilities under attack. According to the information provided by the company, CVE-2021-1905, CVE-2021-1906, CVE-2021-28663, and CVE-2021-28664 vulnerabilities are likely to be under limited exploitation although they have been recently patched. These vulnerabilities were previously unknown to the company’s security experts and, thus, are treated as zero-day vulnerabilities. 

The flaws affect Qualcomm’s GPU and the Arm Mali GPU. The Google security team is working hard to provide information on security matters demanded by users but not always the company can provide enough details. 

Read more

Windows proof-of-concept exploit for CVE-2021-31166 released by researcher 

The CVE-2021-31166 bug has a CVSS score of 9.8 making it the worst of the bad in Microsoft’s Patch Tuesday release. The exploitation of the severe vulnerability in the HTTP protocol stack could result in wormable remote code execution. The flaw was internally discovered by Microsoft by @_mxms and @fzzyhd1. 

Microsoft has emphasized the importance of patching the affected servers. McAfee’s specialist Steve Povolny said that the simple exploitation of the vulnerability could lead to remote and unauthenticated denial-of-service for the products affected. The vulnerability is attributable to the latest versions of Windows 10 and Windows server. 

Read more

AXA hit by a massive ransomware attack

Just a few days after Axa officially announced that it would no longer cover damage from ransomware attacks in France, the company has been hit by this type of cybercrime. The attack hit the insurance giant’s IT operations in Malaysia, Thailand, the Philippines, and Hong Kong. The attack is likely to be carried out by Avaddon ransomware group. Cybercriminals claim that they have stolen 3 terabytes of data such as medical records and personal data. 

Under Avaddon’s affiliate model, anyone can utilize the group’s tools in exchange for paying the percentage of the profits received through the conduct of a cyberattack. 

According to Axa, the company will take all necessary steps to notify its corporate clients in case the IPA’s investigation confirms that sensitive information of any individual has been affected. The insurance giant has not disclosed any information on the amount of ransom demanded by cybercriminals. France is one of the most heavily affected countries by ransomware attacks. The decision to stop paying any ransoms was made to prevent further popularization of ransomware attacks among cybercriminals.

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.