Weekly Cybersecurity Review - Android Backdoor Created by Third Party Applications

Share This Post:

Weekly Cybersecurity Review - Android Backdoor Created by Third Party Applications

Misconfigured ElasticSearch Database Leaks 8.4TB of Data

cyware.com - Author: Ryan Stewart - Date: June 10th, 2019 

An exposed Elasticsearch database had leaked 8.4TB of email metadata in a new data breach incident. The leaky database belonged to Shanghai Jiao Tong University. The server running unprotected database was discovered on May 22, 2019, by Justin Paine, Director of Trust & Safety at Cloudflare. Paine found the database through a Shodan(a computer search engine) search. The open database contained 9.5 billion rows of data which amounts to 8.4 TB of data. As described on Rainbowtabl.es security blog, the information appeared to email metadata from a popular self-hosted email platform named Zimbra.

READ MORE


New Extortion Campaign Threatens Website Owners with Spam

cyware.com - Author: Ryan Stewart - Date: June 10th, 2019 

A new extortion campaign is underway, wherein scammers threaten website owners that their website will be blocked for a lifetime if they do not pay 0.3 BTC.This extortion scam campaign targets website owners stating that the scammers will ruin their website’s reputation and get them blocked for spam. The email goes on to say that they will do this by sending hundreds of spam messages and abusive messages to thousands of websites from their domain.If you receive such an email threatening to ruin your site’s reputation and get it blocked forever, then remember it is just spam, so simply mark it as spam and delete it.

READ MORE


Google Set on Limiting Referrer Size for Chrome

bleepingcomputer.com - Author: Lawrence Abrams - Date: June 7th, 2019 

In order to prevent attacks such as cache probing, Google Chrome will begin to limit the HTTP Referer header to 4KiB in size. Other browsers such as Microsoft Edge and Mozilla Firefox have indicated that they will adopt this change as well. So you may be wondering what this has to do with an HTTP Referer header and finding out if a visitor has visited a web page or resource? As explained in this article, when a browser sends a very long Referer to the header, the browser will return an HTTP error code. Knowing this, a site or attacker can use JavaScript to open a resource with your browser using a very long Referer header and if an error is returned, it means that the page has never been visited and that the resource was retrieved from the site. By limiting the HTTP Referer header to 4KiB, the web browser hampers the ability for attackers to use that header to generate errors and thus probe the browser's cache.

READ MORE


Android Backdoor Installed by Hackers on Third-Party Software

cyberscoop.com - Author: Jeff Stone - Date: June 7th, 2019 

Hackers in 2017 surreptitiously installed malicious software on Android phones by inserting code in apps and programs built by third-party vendors, Google said in a blog post Thursday. The novel hacking technique was designed to load a customers’ phone with spam and unauthorized advertisements all before it even arrived in customers’ hands. When phone manufacturers wanted to include features not approved by the Android Open Source Project, like a face unlock program, Google said, those companies may hire unauthorized third-party companies to build the features for them. In this case, a malware group, known as Triada, devised a way to exploit those third parties to pre-install backdoors onto the Android devices.

READ MORE


Developer Uses Python to Disrupt Scammer’s Spam Campaign

youtube.com - Date: July 29th, 2018 

A YouTuber by the username of “Engineer Man” used his software development skills to screw up the data collected from a craigslist scammer’s campaign. He essentially determines what type of information the bad link is looking for and creates a python script to send a bunch of fake information to the scammer’s server in order to make it more difficult for the scammer to determine if the information is legitimate.

Check out how he did it in detail by watching the video link below!

Watch the video here

Posted by Alan Hernandez

Comments
Top