Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Vulnerablities and Exploits. Show all posts

Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits

 


Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. 

It has now been discovered that there is a new Google Maps bug which poses a serious threat by allowing hackers to access sensitive data, allowing them to access photos, contacts, browsing history, and other sensitive information. When a device is locked, there is still a possibility of unauthorized access to its content due to this vulnerability. 

It has been confirmed that Android users can attempt to access a Google Maps link while their phones are locked, and Rodriguez validated this security loophole by asking them to access it. This was a very interesting discovery for Rodriguez as he tried to open links to Google Maps from the lock screen directly, and this caused the bug to appear. 

The more concerning part is that Rodriguez claims that Google has been aware of the issue for at least six months without doing anything about it. This is the latest security flaw that Rodriguez has found, and he reported it to Google in May, a specialist in discovering mobile security flaws. There is still no security patch available from Google to address the vulnerability despite the latest updates that have been released. In his opinion, the company was aware of this issue in May, but it was only at the end of November that the update that would fix the error was finally released. 

It is believed that the vulnerability allows attackers to access and share recent and favourite locations as well as contacts depending on the way the user configures Google Maps. The first scenario occurs in those who do not enable Drive Mode. It was Rodriguez's first attempt to open Google Maps from the lock screen, and he asked for assistance on several platforms, including Twitter, Reddit, and Telegram. 

Later, he discovered the way around the lock screen bypass, indicating that Google had been aware of this problem for at least six months. Although Google is aware of this vulnerability and has been notified about it, they have not yet addressed it, leaving users vulnerable to exploitation by threat actors with physical access to their devices, regardless of the severity of the vulnerability. 

Google Maps’ vulnerability varies from user to user, with severity increasing if the Driving Mode is activated, which results in a greater impact of the exploits. An attacker can access recent and favourite locations and contacts of a user who does not have the DRIVING MODE, and share location information with their contact in real time. 

As a result of the vulnerability, two main scenarios can be exploited by whether Driving Mode is enabled. In the first scenario, attackers can reveal recent and favourite locations, as well as contacts, by accessing and sharing the more recent locations. In the second scenario, another exploit is chained to gain access to and publish photos of the user, extensively manipulate the Google account, and potentially gain full access to the account as well. 

A user who is using an Android smartphone is encouraged to try the lock screen bypass and report what they find out. By activating DRIVING MODE, the attacker will be able, through additional exploits, to gain access to photos, extensive details and configurations of Google accounts as well as the ability to gain total control of the account from another device, as well as the ability to access the account remotely. 

Rodriguez recommends that Android users test the screen lock bypass on their phones and share feedback about the potential risks and vulnerabilities associated with this issue, including the Android version and device model. A significant security flaw exists in the Google Pixel that can be exploited by swapping the SIM card from a locked device with one that has a known PUK code. 

This is a significant security flaw that can be exploited by an attacker with very little technical experience. The response time from Google to security issues has been very slow, so it raises concerns about the company's commitment to promptly addressing security flaws that can potentially put users at risk. A security update was released in November, following an incident that occurred in July. This pattern raises questions about Google's commitment to addressing security flaws as soon as possible.

Word Document Scam Alert: Windows Users Vulnerable to Cyber Exploits

 


As a result of a recently discovered bug, hackers are able to execute remote code in all versions of Microsoft's proprietary MSHTML browser engine without having to install the application. There is a zero-day vulnerability in Microsoft Word that attackers are taking advantage of by crafting specially crafted documents. 

Microsoft's products such as Skype, Visual Studio, and Microsoft Outlook, as well as several others, also use MSHTML, so the problem really is widespread, since MSHTML is also used by several Microsoft products. A zero-day vulnerability in a Windows tool has been exploited by hackers via malicious Word documents to be able to compromise networks that have been protected by Microsoft's workaround for administrators. 

The Google-owned antivirus service VirusTotal detected a malicious Word document uploaded on 25 May from a Belarusian IP address on its website that was uploaded on the weekend.  As a result of Kevin Beaumont's analysis, he discovered that despite macros being disabled, the malicious document - or "malloc" - was able to generate code through the legitimate Microsoft Support Diagnostic Tool (msdt.exe) despite the fact that macros were enabled. 

MSDT is accessed through the ms-msdt URL protocol in Windows from the malicious Word document in order to execute the malware. There is now a "troubleshooter pack" available for download from the MSDT website.  Using malicious Microsoft Word documents, North Koreans are attempting to steal sensitive information from Russian targets by exploiting the weaknesses in the security software. 

A Fortinet researcher named Cara Lin made the following observation about how a group called Konni (although there are so many similarities between it and Kimsuky aka APT43 that it is also possible that it could be this group) attempted to deliver a malicious Russian-language Microsoft document in the form of an attachment. This malware has the appearance of a macro, which is typical of malware that is downloaded as a file. 

According to the document that is being distributed, there is an article in the Russian language, which apparently describes Western assessments on the progress of the Special Military Operation. It is noted in the piece that The Hacker News commented that Konni is a "notable" application for its anti-Russian values.  

A majority of the time, the group would engage in spear-phishing emails and malicious documents in an attempt to gain access to targets' endpoints, which was done by spear-phishing. It has been reported that earlier attacks taken advantage of a vulnerability in WinRAR (CVE-2023-38831) were spotted by cybersecurity researchers Knowsec and ThreatMon, it has been reported. 

A major objective of Konni is to smuggle data and conduct espionage activities around the world, as reported by ThreatMon. During this process, the group uses a wide array of malware and tools in order to accomplish its objectives, frequently adapting its tactics in order to avoid detection by the authorities. The sabotage of Russian firms by North Korean hackers is not the first instance on which we have seen similar attacks.