Search This Blog

Showing posts with label Adobe Photoshop. Show all posts

Cropping Apps Can Expose Photos Online

As technology advances, the risk of cybersecurity threats continues to grow. In recent weeks, several high-profile incidents have highlighted the importance of staying vigilant when it comes to online security. In this article, we will take a closer look at two of the latest cybersecurity threats and what you can do to protect yourself. 

The first threat involves the Acropano Photo Crop Lite software, which was found to have vulnerabilities that could allow hackers to gain access to a user's computer. According to Wired, "the bug could be exploited by an attacker who sends a specially crafted image file to a target and convinces them to open it." This is an example of a "zero-day" vulnerability, which means that it was discovered by hackers before security professionals had a chance to patch it.

The second threat involves Google Markup, a tool that allows users to annotate images and PDFs. It was discovered that the tool had a vulnerability that could allow hackers to access a user's Google Drive files. Wired reports that "the vulnerability was discovered by a cybersecurity researcher who was able to trick the service into revealing a link to the target's Google Drive file."

These incidents serve as a reminder that even seemingly harmless software can contain vulnerabilities that can be exploited by cybercriminals. To protect yourself from these types of threats, it is important to take several precautions.

First, it's important to keep your software up-to-date. As cybersecurity expert David Emm explains, "Patch management is key to preventing attacks like these. Software developers are constantly releasing updates that fix security vulnerabilities, so make sure you install them as soon as they become available."

Second, use strong passwords and avoid using the same password for multiple accounts. "Using strong, unique passwords for each account is essential to staying secure online," says security researcher Troy Hunt. "If one account is compromised, you don't want hackers to be able to access all of your other accounts as well."

Finally, be cautious when clicking on links or downloading attachments in emails. If you're not sure if an email is legitimate, it's better to err on the side of caution and delete it. Threats to cybersecurity are evolving and multiplying. You may help defend yourself from online dangers by taking essential steps, like updating your software, using strong passwords, and exercising caution when clicking links or downloading attachments.

Mac Coinminer Employs a Novel Approach to Mask Its Traffic


A Mac coinminer has been discovered exploiting customizable open-source software to enhance its malicious activity. This sample incorporates a variety of altered open-source elements which the malicious actor customized to fulfill the agenda. The sample was indeed discovered concealing its network traffic with i2pd (called I2P Daemon). The Invisible Internet Protocol, or I2P client, is constructed in C++ by I2pd. I2P is a worldwide anonymous network layer which enables anonymous end-to-end encrypted communication without revealing the participants' real IP addresses. 

Coinminer is the major malware sample which has been found. MacOS. MALXMR.H is a Mach-O file which was also identified by numerous vendors because it includes XMRig-related strings as sourcing tools like Yara. Its accessibility makes, XMRig to be often utilized by other viruses to execute crypto mining. 

The primary Mach-O sample was discovered to be ad hoc-signed. This indicates the Mach-O binary is difficult to run on Mac systems, and Gatekeeper, a built-in security mechanism for macOS which enforces code signing, may prohibit it. 

The Mach-O sample is suspected to have arrived in a DMG (an Apple image format for compressing installations) of Adobe Photoshop CC 2019 v20.0.6. Apparently, the parent file could not be located. The piece of code was identified in one of its discarded files, which led to the conclusion. The sample attempts to create a non-existent file in the /Volumes path in this code. It's worth noting when double-tapping DMG files on macOS, they get automatically mounted in the /Volumes directory. 

Several embedded Mach-O files were discovered in the core Mach-O sample (detected as Coinminer.MacOS.MALXMR.H). It uses the API to elevate rights by enabling the user for authentication when it is performed. The following files have been deposited into the system by the sample:
  •  /tmp/lauth /usr/local/bin/com.adobe.acc.localhost
  •  /usr/local/bin/
  •  /usr/local/bin/com.adobe.acc.installer.v1 

As per Trend Micro, the sample used the auth file for persistence. The Mach-O file is in charge of creating the persistence files for the malware:

"The file is an XMRig command-line app which has been modified. When launching the app, enter help or version in the variables to see what it's about. The help argument displays a list and overview of the parameters which can be utilized, whereas the version parameter reveals the version of the XMRig binary," according to the experts.

It is suggested to update the products and keep up with the latest patterns. Users should avoid downloading apps from shady websites and exercise excellent digital hygiene.

Cracked Version of few Software Steal Session Cookies and Monero Cryptocurrency


Bitdefender which is a Romania-based cybersecurity organization located in Bucharest has recently cautioned that cracked versions of Microsoft Office and Adobe Photoshop steal the browser session cookies along with Monero cryptocurrency and carry them back from tightwads installing pirated apps. 

While most readers would be familiar, that cracked software is a genuine application that has removed its registration or licensing features. In the days of yore, the cracked software (also known as warez) mainly exchanged through BitTorrent and mostly attracted the freeloaders who enjoyed using a specific suite without paying for the License. 

However, these cracks are priced differently: Bitdefender observed that some versions of both suites have been circulated with malware that captures browser session cookies (or in Firefox, the complete user profile history). It hijacked Monero cryptocurrency deposits and exfiltrated certain information using BitTorrent, after opening the backdoor in the first instance and disabling the machine's firewall. 

"Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a Tor proxy," said Bitdefender's Bogdan Botezatu, director of threat research and reporting, and Eduard Budaca the security researcher. They further added that "The tools work together to create a powerful backdoor that communicates through TOR with its command-and-control center: the ncat binary uses the listening port of the TOR proxy ('--proxy') and uses the standard '--exec' parameter, which allows all input from the client to be sent to the application and responses to be sent back to the client over the socket (reverse shell behavior)." 

Reportedly, operators take a while to analyze and determine that whether they should rob what they have compromised or not – depending upon the estimated value they could gain out of it. 

In the days when business models became feasible as a service in the cloud, vendors were fully dependent on physical media for delivering to end-users that included the whole program; Immediate and common targets for crackers were copying protections which resulted in unlawful copies of otherwise fully functioning software being sold at a much lower cost. 

“Pirated software is never the way to go, however tempting it may be, as the risks tend to always outweigh the benefits,” sources further noted.