Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security flaw. Show all posts
Security flaw
Data Privacy Indian Government iPhone Users Mobile Security Security flaw

Beware iPhone Users: Indian Government Issues Urgent Advisory Over Data Theft Risk

 

The Indian government has issued an urgent security warning to iPhone and iPad users, citing major flaws in Apple's iOS and iPadOS software. If not addressed, these vulnerabilities could allow cybercriminals to access sensitive user data or make devices inoperable. The advisory was issued by the Indian Computer Emergency Response Team (CERT-In), which is part of the Ministry of Electronics and Information Technology, and urged users to act immediately.

Apple devices running older versions of iOS (before to 18.3) and iPadOS (prior to 17.7.3 or 18.3) are particularly vulnerable to the security flaws. The iPad Pro (2nd generation and up), iPad 6th generation and later, iPad Air (3rd generation and up), and iPad mini (5th generation and later) are among the popular models that fall within this category, as are the iPhone XS and newer. 

A key aspect of Apple's message system, the Darwin notification system, is one of the major flaws. The vulnerability enables unauthorised apps to send system-level notifications without requiring additional permissions. The device could freeze or crash if it is exploited, necessitating user intervention to restore functionality.

These flaws present serious threats. Hackers could gain access to sensitive information such as personal details, financial information, and so on. In other cases, they could circumvent the device's built-in security protections, running malicious code that jeopardises the system's integrity. In the worst-case situation, a hacker could crash the device, rendering it completely unusable. CERT-In has also confirmed that some of these flaws are actively abused by hackers, emphasising the need for users to act quickly. 

Apple has responded by releasing security upgrades to fix these vulnerabilities. It is highly recommended that impacted users update to the most latest version of iOS or iPadOS on their devices as soon as feasible. To defend against any threats, this update is critical. Additionally, users are cautioned against downloading suspicious or unverified apps as they could act as entry points for malware. It's also critical to monitor any unusual device behaviour as it may be related to a security risk. 

As Apple's footprint in India grows, it is more critical than ever that people remain informed and cautious. Regular software upgrades and sensible, cautious usage patterns are critical for guarding against the growing threat of cyber assaults. iPhone and iPad users can improve the security of their devices and sensitive data by taking proactive measures.
Read more »
WinRAR
Mark of the Web Security flaw Symlink Vulnerabilities and Exploits WinRAR

WinRAR Bug Circumvents Windows Mark of Web Security Notifications.

 

A security flaw in the WinRAR file archiver solution might be used to circumvent the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows computer. The vulnerability is known as CVE-2025-31334 and impacts all WinRAR versions except the most recent release, 7.11. 

Mark of the Web is a security mechanism in Windows that uses a metadata value (an additional data stream called 'zone-identifier') to identify potentially dangerous files downloaded from the internet. When you launch an executable with the MotW tag, Windows informs you that it was obtained from the internet and can be risky, and you can choose whether to continue or terminate it.

Symlink to executable

The CVE-2025-31334 flaw allows an attacker to circumvent the MotW security warning when opening a symbolic link (symlink) to an executable file in any WinRAR version prior to 7.11. Using a specially designed symbolic link, an attacker can execute arbitrary code. It should be noted that on Windows, symlinks can only be generated with administrator privileges. 

The security flaw received a medium severity score of 6.8 and was fixed in the latest version of WinRAR, according to the applications change log: “If symlink pointing at an executable was started from WinRAR shell, the executable Mark of the Web data was ignored” - WinRaR. 

Shimamine Taihei of Mitsui Bussan Secure Directions reported the vulnerability to the Information Technology Promotion Agency (IPA) in Japan. The responsible disclosure was organised by Japan's Computer Security Incident Response Team with the developer of WinRAR.

Starting with version 7.10, WinRAR allows you to remove information from the MotW alternative data stream (such as location and IP address) that could be deemed a privacy issue. Cybercriminals, including state-sponsored ones, have previously used MotW bypasses to transmit malware without triggering the security warning. 

Recently, Russian attackers exploited a vulnerability in the 7-Zip archiver that did not propagate the MotW when double archiving (archiving one file within another) to launch the Smokeloader malware dropper.
Read more »
Security flaw
Cyber Attacks email servers Exim Security flaw

Serious Security Flaw in Exim Email Servers Could Let Hackers Steal Data

 



A dangerous security flaw has been discovered in Exim, a widely used email server software. The vulnerability, officially tracked as CVE-2025-26794, allows hackers to inject harmful commands into the system, potentially leading to data theft or even complete control over the email server. This issue affects Exim version 4.98 when used with a specific database system called SQLite. Experts warn that this is one of the biggest email security threats of 2025.  


How This Vulnerability Works

The problem occurs because of the way Exim handles database queries under certain settings. It mainly affects systems that:  

1. Use SQLite for storing email-related data – This happens when Exim is set up with a special feature called `USE_SQLITE`.  

2. Enable the ETRN command – This is a function that allows users to request email deliveries, but it can be misused if not properly restricted.  

3. Have weak protections against command execution – Some default settings make it easier for attackers to sneak in harmful database commands.  

If all these conditions are met, a hacker can send specially designed emails to the server, tricking it into running unauthorized commands. This could allow them to access sensitive information, modify system settings, or even take control of the entire email system.  


How Attackers Can Use This Flaw

For this security risk to be exploited, three things need to be true:  

1. The system must be running Exim 4.98 with SQLite enabled.  

2. The ETRN command must be set to "accept" instead of the safer "deny" mode.  

3. A specific security setting, smtp_etrn_serialize, must be left at its default value, which can create a loophole for hackers.  

Even though Exim’s default settings provide some level of security, many organizations adjust them to work with older systems, unknowingly making their servers more vulnerable.  


Steps to Stay Safe

To protect email systems from this issue, cybersecurity experts recommend taking the following steps immediately:  

1. Check which version of Exim is installed using the command `exim -bV`.  

2. Disable SQLite integration if it’s not necessary.  

3. Modify ETRN settings to prevent unauthorized use.  

4. Update to the latest Exim version (4.98.1), which includes a fix for this problem.  

For organizations that must continue using SQLite, additional security measures should be in place, such as filtering out risky commands and monitoring unusual activity in the database.  


How Exim Developers Responded

The Exim development team acted quickly by releasing a patched version within 72 hours after confirming the issue. The flaw was originally reported by cybersecurity researcher Oscar Bataille, who followed responsible disclosure guidelines. This allowed Exim’s developers to fix the problem before it became public, reducing the chances of widespread attacks.  


Why This Matters

Exim is used by over 60% of email servers on the internet, meaning this flaw could have affected millions of systems worldwide. This incident is a reminder that even well-established software can have hidden weaknesses, especially when newer features interact with older components.  

To stay safe, organizations must regularly update their email software, follow security best practices, and stay informed about new threats. The faster vulnerabilities like this are addressed, the lower the risk of cyberattacks.

Read more »
Starlink
Automakers Cyber Attacks data security internet-connected cars PII Security flaw Smart Cars Starlink

Subaru Starlink Security Flaw Exposes Risks of Connected Cars

 

As vehicles become increasingly connected to the internet, cybersecurity threats pose growing risks to drivers. A recent security flaw in Subaru’s Starlink system highlights the potential dangers, allowing hackers to remotely control vehicles and access sensitive data. This incident is part of a broader trend affecting the automotive industry, where weaknesses in connected car systems expose users to financial loss, privacy breaches, and safety concerns. 

Researchers found that with just a license plate number and basic owner details, attackers could exploit Subaru’s Starlink system to start or stop the car, lock or unlock doors, and track real-time locations. More alarmingly, hackers could extract personally identifiable information (PII), including billing details, emergency contacts, and historical location data accurate within five meters. The vulnerability stemmed from weak security in the Starlink admin portal, including an insecure password reset API and insufficient protection against two-factor authentication (2FA) bypass. 

Subaru quickly patched the issue within 24 hours of its discovery, but the incident underscores the risks associated with connected vehicles. This is not an isolated case. Other automakers have faced similar security lapses, such as a flaw in Kia’s dealer portal that allowed hackers to track and steal vehicles. Common security issues in connected car systems include weak authentication, improper encryption, centralized storage of sensitive data, and vulnerabilities in third-party integrations. Delayed responses from automakers further exacerbate these risks, leaving vehicles exposed for extended periods. 

Beyond direct system hacks, connected cars face a range of cybersecurity threats. Attackers could remotely hijack vehicle controls, steal onboard financial and personal data, or even deploy ransomware to disable vehicles. GPS spoofing could mislead drivers or facilitate vehicle theft, while compromised infotainment systems may leak personal details or spread malware. While automakers must strengthen security measures, consumers can take steps to protect themselves. Regularly updating vehicle firmware and connected apps can help prevent exploits. 

Using multi-factor authentication (MFA) for connected car accounts and avoiding weak passwords add an extra layer of security. Limiting the amount of personal data linked to vehicle systems reduces exposure. Disabling unnecessary connectivity features, such as remote start or location tracking, also minimizes risk. Additional precautions include avoiding public Wi-Fi for accessing connected car systems, using a virtual private network (VPN) when necessary, and carefully vetting third-party apps before granting permissions. Traditional security tools like steering wheel locks and GPS trackers remain valuable backup measures against cyber threats. 

As connected cars become more common, cybersecurity will play a crucial role in vehicle safety. Automakers must prioritize security by implementing robust encryption, strong authentication, and rapid vulnerability response. At the same time, consumers should stay informed and take proactive steps to safeguard their vehicles and personal data from evolving digital threats.
Read more »
sophisticated attacks
Business Security Cyber Security IT Flaw Security flaw sophisticated attacks

Public Holidays And Weekends Make Companies More Vulnerable to Cyberattacks

 


 Cyberattacks Surge During Holidays and Weekends: Semperis Report

Companies are particularly susceptible to cyberattacks during public holidays and weekends due to reduced security manpower. A recent report on ransomware assaults, published by Semperis, a provider of identity-based cyber resilience, confirms this vulnerability.

The study revealed that an average of 86% of organizations assessed across the United States, United Kingdom, France, and Germany were targeted during public holidays or weekends. The findings also indicate that 75% of businesses reduced their security workforce by up to 50% during these periods, leaving critical systems exposed.

Targeted Attacks During Key Business Events

Half of the respondents who experienced cyberattacks reported being targeted during major business events such as mergers or acquisitions. For instance, after UnitedHealth acquired Change Healthcare, cybercriminals exploited a security flaw in remote access systems to breach the company’s infrastructure.

The report highlighted that 90% of ransomware attacks compromised a firm’s identity service, such as Microsoft Active Directory (AD) or Entra ID, as these are widely used and vulnerable. Additionally:

  • 35% of businesses reported insufficient funds to safeguard against cyberattacks.
  • 61% of organizations lacked adequate backup solutions for their identity services.

While 81% of respondents stated they possess the knowledge to defend against identity-related threats, 83% admitted to experiencing a successful ransomware assault within the past year. This disconnect underscores the need for better implementation of security measures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has repeatedly emphasized the need for vigilance during weekends and public holidays. Notably, the ransomware group Clop exploited a long weekend to take advantage of a vulnerability in the MOVEit data exchange software. This attack affected over 130 companies in Germany, leading to significant data breaches and blackmail attempts.

Solutions to Mitigate Risks

To address these vulnerabilities, enterprises must take the following measures:

  • Protect critical flaws, such as those in Active Directory (AD) and other identity services.
  • Ensure security operations centers (SOCs) are adequately staffed during off-hours.
  • Integrate cybersecurity into the broader business resiliency strategy, alongside safety, financial, and reputational risk management.

Prioritizing security as an essential component of business resilience can make the difference between surviving and thriving in the face of catastrophic cyber incidents.

Read more »
Windows Security
Bitlocker Security flaw TPM Vulnerabilities and Exploits Windows Security

TPM-Equipped Devices Trigger Warnings Due to a Windows BitLocker Flaw

 

Microsoft is examining a flaw that activates security alerts on systems equipped with a Trusted Platform Module (TPM) processor after enabling BitLocker. 

A Windows security feature called BitLocker encrypts storage discs to guard against data leakage or theft. Redmond claims that when combined with a TPM, it "provides maximum protection" "to ensure that a device hasn't been tampered with while the system is offline.”  

TPMs are specialised security processors that offer hardware-based security features and serve as reliable hardware parts for storing private data, including encryption keys and other security credentials.

The company stated in a notice issued past week that unmanaged devices, or BYOD (bring your own device), are also impacted by this known vulnerability. These are typically privately held devices utilised in business settings that can be secured or onboard using methods provided by the IT or security department of each firm.  

Users of vulnerable Windows 10 and 11 PCs will notice a "For your security, some settings are managed by your administrator" alert "in the BitLocker control panel and other places in Windows.” 

The tech giant noted that it is currently working on a fix and will provide further details regarding the flaw when it has more information. In April 2024, Microsoft resolved another issue that led to faulty BitLocker drive encryption issues in select managed Windows environments. In October 2023, the company classified this as a reporting issue with no impact on drive encryption.  

Microsoft revealed in June 2021 that TPM 2.0 is required for installing or upgrading to Windows 11, claiming that it will make PCs more resistant to manipulation and sophisticated cyberattacks. However, this has not prevented Windows users from developing a variety of tools, programs, and strategies to circumvent it. 

More than three years later, in December 2024, Redmond emphasised that TPM 2.0 compliance is a "non-negotiable" condition, as consumers will be unable to upgrade to Windows 11 without it. According to Statcounter Global data, more than 62% of all Windows computers globally are still using Windows 10, with less than 34% on Windows 11 three years after its October 2021 launch. 
Read more »
Threat Intelligence
Cyber Security FBI Security flaw Tech Firms Threat Intelligence

Hackers Are Sending Fake Police Data Requests To Tech Giants To Steal People's Private Data

 

The FBI has issued a warning that hackers are collecting sensitive user information, such as emails and contact details, from US-based tech firms by hacking government and police email addresses in order to file "emergency" data requests. 

The FBI's public notice filed last week is an unusual admission by the federal government regarding the threat posed by phoney emergency data requests, a legal process designed to assist police and federal authorities in obtaining information from firms in order to respond to immediate threats to people's safety or properties.

The misuse of emergency data requests is not new, and it has drawn significant attention in recent years. The FBI now warns that it noticed an "uptick" in criminal posts online advertising access to or carrying out false emergency data requests around August and is going public to raise awareness.

“Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” reads the FBI’s advisory. 

Police and law enforcement in the United States often require some form of legal basis to seek and acquire access to private data stored on company laptops. Typically, police must provide sufficient proof of a potential crime before a U.S. court will grant a search warrant authorising them to collect that information from a private corporation. 

Police can issue subpoenas, which do not require a court appearance, requesting that businesses access restricted amounts of information about a user, such as their username, account logins, email addresses, phone numbers, and, in some cases, approximate location. 

There are also emergency requests, which allow police enforcement to gather a person's information from a firm in the event of an immediate threat and there is insufficient time to secure a court order. Federal authorities claim that some cybercriminals abuse these emergency requests.

The FBI stated in its advisory that it had spotted many public posts from known hackers in 2023 and 2024 claiming access to email accounts used by US law enforcement and several foreign governments. According to the FBI, this access was later used to issue fake subpoenas and other legal demands to corporations in the United States in search of private user data kept on their systems. 

The cybercriminals were able to pass for law enforcement by sending emails to businesses asking for user data using hacked police accounts. False threats, such as allegations of human trafficking and, in one instance, the warning that a person would "suffer greatly or die" until the company in issue returned the requested information, were mentioned in some of the requests.

The FBI claimed that because the hackers had gained access to law enforcement accounts, they were able to create subpoenas that appeared authentic and forced companies to divulge user data, including phone numbers, emails, and usernames. However, the FBI noted that not all fraudulent attempts to submit emergency data demands were successful.
Read more »
User Privacy
Chrome Extension Manifest V3 Mobile Security Security flaw SquareX User Privacy

Chrome Extensions Continue to Pose a Threat, Even With Google's Manifest V3

 

Users have always found browser extensions to be a useful tool for increasing productivity and streamlining tasks. They have, however, become a prime target for malicious actors attempting to exploit flaws, impacting both individual users and companies. 

Despite efforts to boost security, several of these extensions have found ways to exploit vulnerabilities in Google's latest extension framework, Manifest V3 (MV3). SquareX's recent research explained how these rogue extensions can continue to evade crucial security protections, exposing millions of users to risks such as data theft, malware, and unauthorised access to sensitive information. 

Google has always had troubles with Chrome addons. In June 2023, the company had to manually remove 32 vulnerable extensions that had been installed 72 million times before being removed. 

Google's previous extension framework, Manifest Version 2 (MV2), was notoriously unstable. It frequently granted excessive rights to extensions and allowed scripts to be introduced without user knowledge, making it less complicated for cybercriminals to steal data, access sensitive information, and install malware.

In response, Google launched Manifest V3, which intended to improve security by limiting permissions and requiring extensions to declare their scripts in advance. While MV3 was supposed to address the vulnerabilities found in MV2, SquareX's study indicates that it falls short in important areas. 

Malicious extensions built on MV3 can still circumvent security measures and grab live video streams from collaboration services such as Google Meet and Zoom Web without requiring specific permission. They can even add unauthorised contributors to private GitHub repositories and send users to phishing pages masquerading as password managers. 

Furthermore, these malicious extensions, like their MV2 counterparts, can access browser history, cookies, bookmarks, and download history by displaying a fake software update pop-up that dupes users into downloading the malware. 

Once the malicious extension is installed, individuals and businesses are unable to notice its activity, leaving them vulnerable. Endpoint protection, Secure Access Service Edge (SASE), and Secure Web Gateways (SWG) are examples of security solutions that cannot dynamically assess potential risks in browser extensions. 

SquareX has created a number of solutions targeted at enhancing browser extension security in order to address these issues. Their strategy includes customised rules that let administrators choose which extensions to accept or ban depending on user ratings, reviews, update history, and extension permissions.

This system can prevent network requests from extensions in real time using policies, machine learning insights, and heuristic analysis. Additionally, SquareX is experimenting with dynamic analysis of Chrome extensions using a customised Chromium browser on its cloud server, which will provide greater insights into the behaviour of potentially malicious extensions.
Read more »
Subscribe to: Posts (Atom)