Weekly Cybersecurity News

This week, we bring you the latest cybersecurity news to help you stay aware of the cyber threats looming over your personal life. Researchers have discovered 1.3 million Android TV Boxes infected by malware, known as Android.Vo1d, in 200 countries, which mostly affects models running outdated versions of Android. The US Government has expanded sanctions against Intellexa, the creator of the infamous Predator Spyware, to safeguard the personal data of its officials and journalists. However, the decentralized, secretive and dynamic nature of the commercial spyware industry means such countermeasures bear limited results, and the commercial spyware industry is never completely subdued. To know about these developments and other news, keep reading!

1.3 million Android-based TV boxes backdoored; researchers still don’t know how:

Researchers have uncovered a malware infection affecting approximately 1.3 million Android-based TV boxes across nearly 200 countries, known as Android.Vo1d. This malware has backdoored these devices by embedding malicious components into their system storage, allowing remote updates from an attacker-controlled server. The specific method of infection remains unclear, but possibilities include exploitation of operating system vulnerabilities or the use of unofficial firmware. The infected models vary but predominantly run outdated versions of Android, increasing their susceptibility to attacks.

Source: arsTechnica

US government expands sanctions against spyware maker Intellexa:

The U.S. government has expanded its sanctions against Intellexa, a spyware maker, by targeting five individuals and a corporate entity linked to the consortium, which allegedly sells its phone spyware, Predator, to authoritarian regimes. This follows prior sanctions against Intellexa's founder, Tal Dilian, and aims to curtail the commercial spyware industry, with allegations that Predator can infiltrate secure devices to access personal data and location of targets, including U.S. officials and journalists. The sanctions make it illegal for U.S. entities to conduct transactions with those involved, as the government focuses on monitoring compliance and financial flows in the industry.

Source: Tech Crunch

Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets:

Apple has abandoned its legal case against the NSO Group, the creator of the Pegasus spyware, due to concerns that sharing sensitive threat intelligence could compromise its security efforts. The decision reflects the growing complexity of the spyware market and the realization that fighting commercial spyware in court poses significant risks to Apple’s threat intelligence program. Despite ongoing U.S. sanctions aimed at curbing spyware operations, the effectiveness of these measures is in question, as the market remains active and decentralized, allowing for continued misuse of digital espionage against various targets, including journalists and diplomats. Instead of pursuing legal action, Apple has chosen to enhance its defensive capabilities against spyware through technical means.

Source: Dark Reading

iPhone Users Warned As New Email Password-Stealing Attacks Reported:

The U.K.'s Action Fraud agency has issued a warning about a phishing campaign targeting iPhone users, with over 1,800 reports of fraudulent emails designed to steal Apple ID passwords. These emails, which falsely claim to be from Apple, alert users that their iCloud storage is nearly full and include enticing offers such as additional storage for clicking links. Recipients are advised not to engage with these links and to verify their iCloud status directly through official channels on their devices. Action Fraud stresses the importance of reporting suspicious emails and urges users to remain cautious about online communications.

Source: Fobes

Phony AppleCare+ Pages Hosted on GitHub Promoted via Google Ads:

A recent report reveals a scam targeting Mac and iPhone users by promoting fake AppleCare+ support pages through Google ads, which redirect victims to counterfeit websites hosted on GitHub. These fraudulent pages closely mimic Apple's branding, tricking users into calling fake support numbers where scammers extract sensitive personal information and money. Despite GitHub's efforts to remove the fraudulent accounts, scammers continuously create new ones to perpetuate the scheme, exploiting users' trust. To protect against such scams, experts advise avoiding clicking on sponsored ads, verifying official URLs, and accessing support directly through Apple’s official website.

Source: Cyber Insider

Advanced Phishing Attacks Put X Accounts at Risk:

Advanced phishing attacks are threatening users of the social media platform X (formerly Twitter), as research from eSentire's Threat Research Unit reveals that account takeovers can occur even with two-factor authentication (2FA) measures, including security keys and passkeys. Hackers are utilizing methods such as adversary-in-the-middle (AiTM) attacks and SIM-swapping to bypass these security features. High-profile accounts, including those belonging to Sydney Sweeney and the Trump family, have fallen victim to these breaches, often leading to the promotion of cryptocurrency scams. eSentire recommends enhancing security by adopting stronger authentication methods, as current practices expose vulnerabilities that sophisticated phishing techniques can exploit.

Source: InfoSecurity Magazine

Instagram to bolster privacy and safety features for millions of teen users:

Instagram has announced a new privacy and safety measures for its teen users in response to mounting criticism from lawmakers and parents regarding the platform's impact on youth mental health. The changes will result in automatic private accounts for users under 16, enhanced content controls to limit exposure to sensitive material, and notifications encouraging breaks from the app after an hour of use. Critics have labeled these measures as insufficient, arguing they should have been implemented earlier, while some privacy advocates acknowledge them as a necessary step forward. This announcement follows legislative efforts, including the Kids Online Safety Act, aimed at enhancing protections for minors on social media platforms, with further changes set to roll out in the U.S., U.K., Canada, Australia, and the E.U. in the coming months.

Source: The Record

Discord rolls out end-to-end encryption for audio, video calls:

Discord has launched the DAVE protocol, a custom end-to-end encryption (E2EE) system aimed at safeguarding audio and video calls on its platform. DAVE will secure one-on-one and group calls, as well as streaming, ensuring that only the intended participants can access the communication. The protocol utilizes the WebRTC encoded transform API for media encryption and the Messaging Layer Security (MLS) protocol for key management, with additional features to enhance user verification and privacy. Discord is rolling out DAVE gradually across its desktop and mobile apps, with a promise of transparency through open-source code and a technical whitepaper. Users need only to update their app to benefit from this enhanced security, as previous versions will not support the new E2EE features.

Source: Bleeping Computer

WhatsApp still working on making View Once chats actually disappear for all:

WhatsApp's "View Once" feature, introduced to allow messages that self-destruct after being viewed, is facing significant security flaws as researchers at Zengo have demonstrated that users can still access the content after viewing it. Although WhatsApp implemented a temporary fix, white-hat hackers quickly found ways to circumvent this measure, revealing that the core issue remains unresolved. Zengo reported the vulnerability to Meta through its bug bounty program but received no response, leading to a public disclosure of the exploit. Despite WhatsApp's assurance that it is working on a comprehensive solution, privacy concerns persist as the feature continues to be susceptible to exploitation through unofficial apps and browser extensions.

Source: The Register

National Security Agency is urging Americans to reboot our phones once a week:

The National Security Agency (NSA) recommends that Americans reboot their smartphones weekly to prevent cyberattacks and enhance mobile security. According to experts regular reboots help disrupt attackers who exploit vulnerabilities in a sequence, effectively forcing them to restart their efforts. In addition to improving security, restarting a phone can enhance its performance by clearing background apps and addressing memory issues. The NSA also offers further mobile security practices, such as disabling Bluetooth when not in use, updating software regularly, avoiding public Wi-Fi connections, and employing strong passwords and two-factor authentication for added protection.

Source: Fox News