We have collected the most important news from the world of cybersecurity for the week.
- A Google engineer found a vulnerability in Telegram. Durov denied this.
- The United States accused the Russian of creating ransomware with a damage of $ 200 million.
- Discord has notified users of the data breach.
- Toyota has been disclosing the whereabouts of more than 2 million vehicles for 10 years.
A Google engineer found a vulnerability in Telegram. Durov denied this
An exploit in the Telegram client for macOS potentially allows an attacker to gain access to a computer’s camera and microphone. This was noticed by Google engineer Dan Reva, but the company denied there was a problem.
🚨 A new vulnerability found in Telegram that can grant access to your camera and microphone.
Found by an engineer at Google, reported to Telegram and they haven’t addressed it.
So now we get a detailed public disclosure!
How this works and what it means for your privacy 👇
— Matt Johansen (@mattjay) May 15, 2023
Found back in February vulnerability is that the messenger does not properly use the Apple security mechanisms – Hardened Runtime and Entitlements.
The first protects against manipulation of the application memory and the introduction of malicious code, the second controls the access rights of applications to the microphone, camera, and other device functions.
This allows an attacker to create and inject a third-party Dylib dynamic library, which, on behalf of Telegram and with its rights, will be able to record video from the camera and save it to a file.
Telegram representative, commenting on the situation “Durov’s Code”, reported that the exploit itself does not threaten users. To implement the scenario described by the engineer, malware must already be installed on the system.
“The real problem is that it appears to be possible to bypass Apple’s sandbox restrictions, which are designed specifically to prevent this kind of abuse by third-party apps,” the company said.
The conclusions of a Google specialist were also refuted by the creator of the messenger, Pavel Durov. According to him, in technical aspects, the media “often chase high-profile headlines and mislead users.”
Nevertheless, Telegram has made all possible changes on its part – the update is already available in the App Store.
The United States accused the Russian of creating ransomware with a damage of $ 200 million
16th of May OFAC imposed sanctions against Russian Mikhail Matveev, accused of developing the Babuk virus and distributing several strains of ransomware, including LockBit and Hive.
The agency estimated that the combined damage from these attacks was $200 million.
Matveev carried out his activities under the nicknames Wazawaka, Boriselcin and Uhodiransomwar. OFAC alleges that he acted as an intermediary and sold access to computer networks compromised using the vulnerabilities he identified.
The Babuk Locker group began operations in January 2021 and affected critical infrastructure, including hospitals, school districts and financial firms.
In April of the same year, ransomware operators attacked the US Metropolitan Police Department, stealing 250 GB of files. Subsequently, without receiving a ransom, they published the data of law enforcement officers.
The Ministry of Justice showed Matveev accusations on multiple counts and offered a reward of up to $10 million for information leading to his capture.
Discord notifies users of data breach
An unknown person hacked into the account of a third-party Discord support employee, which led to the leakage of client data. The company announced this in letter injured.
As a result of the attack, the attacker gained access to messages and attachments sent to this support manager, as well as the users’ email address.
After the compromise was discovered, Discord experts disabled the hacked account, however, they warned of a possible scam and phishing attempt against affected customers.
The company assured that they would implement additional security measures to prevent similar incidents in the future.
Toyota disclosed the location of more than 2 million vehicles for 10 years
Cloud service Toyota Connected due to incorrect database configuration from January 2012 to April 2023 disclosed the location of 2.15 million vehicles. This is mentioned on website companies.
The issue affected customers in Japan who subscribed to the T-Connect service. This smart service provides a wide range of services, including voice driving assistance, automatic connection to call centers to drive a vehicle, and emergency support in the event of an accident.
In the incorrectly configured database, one could find the car GPS terminal ID, car body number, as well as information about the location of the vehicle with timestamps.
Toyota Motor Corporation has not yet found evidence of database abuse by third parties. However, she warned that, theoretically, unauthorized users could access the location of 2.15 million cars in real time. They also mentioned the possibility of leakage of recordings from DVRs for the period from November 14, 2016 to April 4, 2023.
The company is investigating the incident and also promises to set up a dedicated call center to handle inquiries from affected customers.
Suspected Pentagon leak previously accused of excessive interest in intelligence
Air National Guard junior officer Jack Teixeira, who is suspected of the recent leak of Pentagon documents, has repeatedly ignored warnings about the mishandling of classified information. This is stated in court recordsprovided by the prosecutor.
According to the agency, in September 2022, Teixeira took notes on classified intelligence and took notes home, which is why he received his first reprimand from his superiors. In October of that year, during a meeting, he asked “very specific questions” regarding such materials.
In February 2023, Teixeira was once again spotted looking at information “that was not related to his main duties and was related to intelligence.”
Now the prosecution is seeking an extension of the defendant’s arrest pending trial. Lawyers petition to transfer him to the care of his father, assuring that their client has no intention of hiding from justice.
Experts named popular ransomware attack vectors
43% of ransomware attacks in 2022 began by exploiting vulnerabilities in public applications, 24% by exploiting previously compromised user accounts, and another 12% by malicious emails. This is evidenced by the data report Kaspersky Lab.
In a number of cases, the attackers did not aim to encrypt, but to gain access to users’ personal information, intellectual property, and other confidential data of organizations.
As a rule, malefactors were in a network of the client some time after penetration. Attackers often used PowerShell for data collection, Mimikatz for privilege escalation and PsExec for remote command execution, or frameworks like Cobalt Strike for all stages of the attack.
Conducted by experts survey showed that more than 40% of companies worldwide experienced at least one ransomware attack in 2022. Small and medium enterprises paid data recovery costs an average of $6,500, and large businesses $98,000.
Also on Cryplogger:
What to read on the weekend?
In the educational section “Cryptorium” we talk about the shortcomings of algorithmic stablecoins.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!
