Malware masks its malicious activity by scheduling it to occur on a non-existent calendar day.
Cybersecurity Researchers from Sansec Threat Research discovered a new remote access Trojan for Linux systems that uses a stealth method never seen before. Malware disguises its malicious activity by scheduling it to occur on February 31st, a nonexistent calendar day.
The malware, dubbed CronRAT, can steal data from e-commerce sites on the server side, bypassing browser-based security solutions. Experts found RAT samples in several online retailers, including the largest store in an unspecified country.
A standout feature of CronRAT is its ability to use the Unix cron job-scheduler utility to hide malicious payloads using the names of tasks programmed to run on February 31st. This not only allows malware to evade detection by security solutions, but also allows it to launch a number of attack commands that can compromise e-commerce servers running Linux.
Most online retailers implement browser-only protection, and attackers take advantage of an unsecured internal server. Security professionals should consider the entire attack surface, said Sansec Threat Research.
“CronRAT adds a number of tasks to the crontab with an interesting date specification: 52 23 31 2 3. These lines are syntactically correct, but will generate a runtime error when executed. However, this will never happen, since their launch is scheduled for February 31, experts explained.
Vulnerability in Safari could leak browser history and Google account information
Users of Apple devices have encountered a serious vulnerability in a proprietary browser. It allows attackers to access your browser history and some Google account information. The vulnerability exists in Safari 15 on all supported platforms, and even in third-party browsers running on iOS 15 and iPadOS 15, as it is related to the IndexedDB framework, which is used in many browsers to store data. It breaks the same-origin principle, which prevents documents and scripts from one location (such as a domain or protocol) from interacting with content from another. As a result, websites with the corresponding code have access to the above information.
Attackers only know the names of the records, not the values. However, this is enough to get the Google username, find the profile picture, and learn more about the user. The history can also be used to build a rudimentary profile of the sites he likes. As stated, the vulnerability cannot be hidden even in private browsing mode.
According to the source, he reported the problem to Apple on November 28, but the company has not yet fixed it with security patches.
Android users can now disable 2G for security
2G networks, like 3G networks, have become obsolete after the arrival first of 4G and later of 5G. However, as things have not been done as well as they should have been, we rely on them for mobile calls (operators without VoLTE) or to connect older IoT devices. For this reason, they have even considered switching off 3G before 2G, thus leaving more room for the development of 4G and 5G.
It is not a new concept, since we have been hearing about it for a long time, but everything was blown up about three years ago when the United States Department of Homeland Security (DHS) detected in Washington the presence of Stingrays, also known as “IMSI catcher”. These devices that connect to the mobile network act as fake repeaters and spy on the information that passes through them.
This includes access to calls, text messages or images sent without encryption. Basically, they force the use of older, outdated and less secure 2G technology to easily intercept communications. In fact, work has been done so that this no longer a problem with 5G since these mobiles will have a Subscription Permanent Identifier (SUPI). This will use the encryption key of the network operator and will allow the mobile to know if an antenna is legitimate.
Is the solution to disable 2G?
The EFF (Electronic Frontier Foundation) speaks of victory after learning that Android will allow you to disable 2G connections on your terminals. This is something that Google introduced at the end of last year and that we had not had much news about. They point out that it is a fantastic option to protect the privacy of users and the EFF applauds that the Internet giant has implemented it on mobile phones with its operating system. Now, the ball is in Apple’s court, which must also do so for the safety of its users.
To give us an idea, 2G is a technology created in 1991, so he is over 30 years old. That makes it have many problems because, in its design and conception, the circumstances and requirements were not the same as now. First of all, it has a very weak encryption between the repeater and the mobile, which allows the interception of the traffic. Second, it does not authenticate with the 2G tower in any way, allowing anyone to impersonate it.
To protect ourselves, the EFF invites us to deactivate 2G. To do this, we will go to Settings > Network and Internet > SIM cards > Allow 2G. By default, the option for our mobile to use 2G networks is activated. His thing would be to disable it, although this possibility would only be present in more modern mobiles such as the Pixel.
The big problem could be loss of coverage or problems making calls. If we live in areas dependent on 2G right now or if our operator does not allow us to make calls with the 4G network, it is possible that the remedy is worse than the disease. However, it will always be good to know that we have this possibility.
Chrome will restrict access to private networks for security reasons
The restrictions will be implemented through the implementation of the Private Network Access specification in the browser in the first half of 2022.
Chrome browser coming soon will start block sites from responding to and interacting with devices and servers on local private networks. The reason is security concerns and known cases of abuse.
The changes will be implemented by rolling out a new W3C specification called Private Network Access (PNA) to the browser in the first half of 2022. The new PNA specification adds a mechanism to Chrome through which sites can ask systems on local networks for permission to establish a connection.
Chrome will start sending a CORS pre-request before any private networks request for a subresource, Google explained. This preflight request is an explicit permission request from the target server. The preflight request will contain the new Access-Control-Request-Private-Network: true header, and the response will also need to contain the Access-Control-Allow-Private-Network: true header.
If local devices (servers, routers, etc.) do not respond, sites will not connect to them.
Since the early 2010s, cybercriminals have realized that browsers can be used as proxies to connect to internal corporate networks. For example, a malicious site may contain code that tries to connect to an IP address like 192.168.0.1, which is the address of most router administration panels.
When users visit such a malicious site, their browsers can automatically query the router without the users’ knowledge, sending malicious code capable of bypassing the router’s authentication and modifying its settings. This type of attack is not only theoretical and is periodically used in practice.
Variants of these attacks can also attack other local systems such as internal servers, domain controllers, firewalls, and even locally deployed applications (via a domain http://localhost or other locally defined domains).
By adding the PNA specification to Chrome and its permission negotiation system, Google intends to prevent such automated attacks.
According to Google, PNA is already shipping with Chrome 96, but full support will roll out this year in two phases to Chrome 98 (early March) and Chrome 101 (late May).
This could be the next great Motorola flagship, according to leaks
The new year has only just begun, and previews of what we could bring to see throughout it are already...
This Telegram feature allows you to store unlimited files online
Highly appreciated by Internet users for the transfer of unlimited files, the Telegram application receives a new very practical service....
The Tesla Cybertruck electric pickup truck will have a “little brother” in miniature form
While Elon Musk and Tesla continue to push back the start of production of the Cybertruck electric pickup truck to...
WhatsApp will soon be able to draw with different strokes
The Meta (former Facebook) team of the popular WhatsApp messenger is working on a new interesting feature for users. In...
News4 days ago
19-year-old hacker claims to have taken control of 25 Tesla cars around the world
Phones3 days ago
The first radical change in the iPhone for many years: iPhone 14 Pro and iPhone 14 Pro Max smartphones will receive a camera with a resolution of 48 megapixels
How To4 days ago
How to hide programs in Windows without uninstalling
Cinema6 days ago
Euphoria: who is Chloe Cherry, the Faye from season 2 of the series?