Weekly Cybersecurity News

Welcome to this week’s Cybersecurity News Article. Phishing attacks, including fraudulent texts, emails, and calls, are the top security concern for smartphone users, according to a new survey by Omdia. The survey, which polled 1,572 consumers globally, revealed that 24% of respondents have fallen victim to these scams. While leading smartphone brands like Google and Samsung have implemented security measures, anti-phishing protection remains a weakness across all devices.

For the first time, the United Nations Security Council convened to address the threat of commercial spyware, a global issue impacting international peace, security, and human rights. While many countries, including the United States, France, South Korea, and the United Kingdom, called for government regulation to curb the proliferation and misuse of this technology, Russia and China downplayed the concerns.

Our app, Malloc for iOS and Android, has advanced security features to detect the presence of spyware and other malicious apps on phones, alert users, block trackers, insecure HTTP traffic and phishing links, and provide a VPN to help users stay safe and private online and protect them against scams and other threats.

To learn more about these developments and other news, read the article below.

Omdia Finds Phishing Attacks Top Smartphone Security Concern for Consumers

A recent survey by Omdia highlights that phishing scams are the foremost security threat for smartphone users, with 24% of participants indicating they have been victims of such attacks. The research underscores that cybercriminals continue to exploit consumers through various fraudulent communications, including texts, emails, and calls. The survey, covering 1,572 consumers globally, also identified malware, viruses, and physical theft as notable concerns. Despite advancements in security features among devices like Google's Pixel 9 Pro and Samsung's Galaxy S24, none of the tested smartphones fully intercepted phishing attempts, leading to a significant erosion of consumer trust in brands. Experts emphasize the urgent need for better phishing protection and consumer awareness efforts to counteract this escalating threat.

Source: Dark Reading

TikTok Alternative ‘RedNote’ Is Leaking User Data in Plaintext

A recent security investigation has uncovered that RedNote, a TikTok alternative, is transmitting user data in plaintext, exposing sensitive viewing and search histories. This vulnerability, identified by Corrata, reveals that while video streaming is encrypted, HTTP GET requests for image resources are sent unencrypted, allowing potential eavesdropping on user activity. The issue stems from a misconfigured Android network security policy, which improperly permits cleartext traffic, violating best practices. As American users search for alternatives to TikTok amidst regulatory uncertainty, they may unwittingly compromise their privacy by joining platforms like RedNote. Security experts advise immediate implementation of TLS encryption for user data protection and caution users against using the app until these measures are in place.

Source: Cyber Insider

Indian APT Group 'DONOT' Misuses App for Intelligence Gathering

The Indian APT group DONOT has been linked to a malicious Android application designed for intelligence gathering, disguised as a chat platform called "Tanzeem." Research by Cyfirma reveals that the app targets specific individuals, including those associated with terrorist organizations, and seeks dangerous permissions to access sensitive data, such as call logs and location tracking. This malware employs OneSignal to deliver phishing links and sends harvested data to command-and-control (C2) servers. Despite its appearance of functioning normally, the app is ineffective and manipulates users into granting broad data access, highlighting the evolving techniques of the DONOT group in cyber espionage across South Asia.

Source: Infosecurity Magazine

Warning: Crypto Apps Are Harvesting Your Private Data

A recent study highlights serious privacy risks associated with popular cryptocurrency apps, revealing that many are guilty of excessive tracking, improper management of sensitive permissions, and hardcoded secrets that could be exploited by hackers. Out of 51 of the most downloaded apps, excessive trackers averaged at 4.6 per application, with some like Crypto.com and DANA incorporating over 10 trackers. The research also pointed out alarming practices like asking for up to 45 permissions, putting user data and assets at risk. Moreover, North Korean hackers have increasingly targeted the crypto sector, stealing $1.34 billion in 2024 alone. Users are urged to adopt stronger security measures, including using cold wallets, complex passwords, and enabling multi-factor authentication to mitigate these rising threats.

Source: Android Headlines

Google Starts Tracking All Your Devices In 6 Weeks

In a shift towards more extensive tracking, Google is set to implement digital fingerprinting across a wider range of devices, moving beyond its typical platforms like Android and Chrome, which is expected to launch in just six weeks. This controversial method collects detailed information about users' devices, raising significant privacy concerns, as it could potentially substitute traditional third-party cookies while evading user control over personal data collection. This development coincides with a legal challenge facing Google regarding data collection practices, notably even after users have attempted to opt-out. The implications of digital fingerprinting are further underscored by a recent data leak involving popular apps that covertly harvest sensitive user location data, highlighting a troubling trend of user surveillance and diminishing choice in digital environments.

Source: Forbes

Apple Warns iPhone Users—Do Not Change This Setting

Apple has issued a caution to iPhone users regarding a security feature known as Lockdown Mode, which is meant for a select few individuals who may face sophisticated digital threats. Increasing cybersecurity attacks have prompted concerns, but Apple emphasizes that most users do not need this extreme protection. Enabling Lockdown Mode can significantly alter device functionality, limiting access to certain apps, calls, and web pages. The recommendation for the general public is to adhere to basic security practices, such as keeping iOS up to date and being cautious with app permissions and public WiFi usage. This approach offers adequate safety without resorting to extreme measures like Lockdown Mode, which is intended for those at risk of targeted attacks.

Source: Forbes

New Android Identity Check locks settings outside trusted locations

Google has introduced a new Android security feature called "Identity Check", which requires biometric authentication to access sensitive settings when outside of trusted locations. This feature enhances the security suite aimed at preventing theft by locking critical actions such as factory resets, changing the screen lock, and managing Google accounts, effectively protecting user data. Initially available on Google Pixel devices with Android 15 and certain Samsung Galaxy phones, users can enable this feature through their device settings. Additionally, the Theft Detection Lock, which utilizes AI to safeguard against theft by locking the screen in suspicious situations, is now being rolled out more broadly to devices running Android 10 and later.

Source: Bleeping Computer

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Recent research has revealed security vulnerabilities in various tunneling protocols impacting 4.2 million hosts, including VPN servers and routers. These vulnerabilities allow attackers to perform anonymous attacks by hijacking the tunneling processes due to a lack of sender verification, exposing systems to denial-of-service (DoS) attacks and enabling the misuse of private networks. Key protocols affected include IP6IP6, GRE6, and others, which do not adequately authenticate and encrypt traffic. Recommendations for mitigation emphasize using IPSec or WireGuard for secure tunneling and implementing traffic filtering at the network level to prevent exploitation. The breakdown of vulnerabilities has been detailed with several CVE identifiers assigned for tracking, indicating a significant security concern that could lead to both network congestion and further exploitation efforts.

Source: The Hacker News

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Residents in the United States are facing an increase in SMS phishing attacks, particularly those impersonating toll road operators like E-ZPass and Sunpass, warning of unpaid toll fees. This surge is linked to new features in a Chinese phishing kit, which allows scammers to create convincing text messages that appear legitimate. Recent alerts from agencies like MassDOT have highlighted the dangers of these messages, as recipients are prompted to enter payment card information and one-time passwords. Security experts note that these phishing schemes exploit new technologies like iMessage and RCS to increase their reach and effectiveness, often targeting users indiscriminately and dynamically. Victims are advised to ignore such messages and report them to agencies like the FBI to combat this growing wave of digital fraud.

Source: Kerbs on Security

Governments call for spyware regulations in UN Security Council meeting

During a recent UN Security Council meeting, representatives from 16 countries, including the United States, addressed the rising threat of commercial spyware, emphasizing its implications for international peace and security. This marks the first formal discussion on the matter at the Council, where nations like France, South Korea, and the United Kingdom pushed for regulatory measures, while Russia and China dismissed concerns. John Scott-Railton from Citizen Lab warned that a global ecosystem of spyware developers poses significant threats to human rights and global stability. His testimony highlighted Europe as a major hub for such abuses. Countries like Poland and Greece shared their legislative measures against spyware, while Russia and China contended that the U.S. is a leading source of global surveillance issues.

Source: Tech Crunch

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

Security researchers discovered significant vulnerabilities in Subaru's system that allowed hackers to remotely unlock and start millions of cars while also accessing detailed location histories for at least a year. This included sensitive data revealing the exact locations of the vehicles, raising privacy concerns about how Subaru and its employees handle customer data. After reporting the flaws, Subaru quickly patched the weaknesses, but researchers emphasized that the underlying data access capabilities still exist for certain employees, highlighting a pervasive issue within the automotive industry regarding the collection and use of personal data. The findings expose a critical lack of privacy safeguards despite the growth of internet-connected vehicles, underscoring the need for increased regulation and scrutiny in user data management by car manufacturers.

Source: Wired