Category: Cybersecurity

• Microsoft has uncovered a critical security vulnerability named “Dirty Stream” that poses a threat to billions of Android devices by allowing attackers to take control of apps and steal user information.
• The vulnerability stems from the misuse of Android’s content provider system, which, if not implemented correctly, can be exploited by malicious apps to overwrite critical files and gain unauthorized access to sensitive data.
• Popular Android apps like Xiaomi’s File Manager and WPS Office have been identified as vulnerable, putting over four billion installations at risk.
• Microsoft has alerted developers of potentially vulnerable apps and collaborated with them to deploy fixes, while Google has updated its app security guidelines to prevent similar vulnerabilities in the future.
• To protect themselves, Android users should ensure they regularly update their apps, download only from the official Google Play Store, and exercise caution with unofficial sources to avoid malicious apps.

https://www.androidauthority.com/dirty-stream-vulnerability-3439879/…

• Microsoft plans to lock down Windows DNS with a comprehensive framework called ZTDNS, focusing on encrypted connections and domain restriction.
• DNS security risks stem from lack of encryption, allowing malicious domain resolutions; ZTDNS aims to address this.
• ZTDNS integrates Windows DNS with Windows Firewall to enable per-domain updates and domain control on client devices.
• The new approach involves a “protective DNS server” that only resolves specified domains, enhancing network security.
• Networking experts praise ZTDNS as a bidirectional API for firewall actions, offering scalability and enhanced control over DNS resolutions.

https://arstechnica.com/security/2024/05/microsoft-plans-to-lock-down-windows-dns-like-never-before-heres-how/…

• Microsoft and Google are celebrating the use of passkeys for authentication, allowing users to sign into accounts and apps using face, fingerprint, or device PIN.
• Passkeys are part of a move towards a password-free world, with Microsoft enabling support for consumer accounts across Windows, Google, and Apple platforms.
• Google also reached a milestone with passkey authentication, surpassing 1 billion uses across 400 million accounts.
• Passkeys are based on a FIDO alliance standard and function as secure password replacements, requiring a unique key pair for each account.
• The use of passkeys aims to simplify security for users by eliminating the need to remember complex passwords, offering a more secure and convenient authentication method.

https://www.theregister.com/2024/05/02/microsoft_google_passkeys/…

• Microsoft’s latest Windows security updates may cause VPN connection failures, affecting Windows 11, Windows 10, and Windows Server 2008 and later.
• Some users report VPNs still work after the update, while others experience encrypted connection issues.
• Microsoft is working on a fix and advises uninstalling security updates as a temporary workaround.
• Uninstalling and reinstalling VPN apps may resolve the problem for some users.
• Microsoft aims to prioritize security but faces challenges with the current VPN issue.

https://www.engadget.com/microsofts-latest-windows-security-updates-might-break-your-vpn-202050679.html…

• Maximum-severity GitLab flaw allowing account hijacking under active exploitation
• Vulnerability allows hackers to hijack GitLab accounts without user interaction
• Exploits target accounts without multifactor authentication
• US government warns of active exploitation and urges immediate patching
• Over 2,100 vulnerable GitLab instances identified globally

https://arstechnica.com/security/2024/05/0-click-gitlab-hijacking-flaw-under-active-exploit-with-thousands-still-unpatched/…

• Microsoft has introduced passkeys for signing into Microsoft accounts, offering a more secure and convenient authentication method.
• Passkeys use a cryptographic key pair stored locally on the device and on the app or website, enhancing security against password leaks and phishing attacks.
• Passkey support is available on Microsoft’s desktop apps and websites, with mobile app support coming soon.
• Other companies like Apple, Google, Amazon, and PayPal are also adopting passkeys for enhanced security.
• In other news, companies like Peloton and Huawei are facing challenges, while tech developments include noise-canceling earbuds and new subscription offerings from Audible and T-Mobile.

https://www.engadget.com/you-can-finally-use-passkeys-to-sign-into-your-microsoft-account-155431241.html…

• The iOS 18 update will feature AI security enhancements processed on the device, providing game-changing security and privacy for iPhone users.
• Apple is developing its own large language model for on-device generative AI features in the iPhone 16 series, aiming for quicker response times and enhanced privacy.
• Apple introduced OpenELM AI language models for on-device processing, aligning with its AI strategy focused on privacy and security.
• The iPhone 16 will feature a more powerful A18 Pro chip for enhanced AI performance, potentially limiting advanced AI features to specific iPhone models.
• Apple is in talks with OpenAI and Google for chatbot features in iOS 18, while maintaining its in-house AI capabilities to prioritize security and privacy.

https://www.forbes.com/sites/kateoflahertyuk/2024/04/28/new-ios-18-ai-security-move-changes-the-game-for-all-iphone-users/…

• Apple account lockout issue reported by users, experiencing unexpected logouts and difficulty logging back in
• Apple has not publicly addressed the problem, with no mention on the System Status page
• Unclear number of affected users, but reports on social media indicate widespread issue
• Similar incidents have occurred in the past, with some of 9to5Mac’s own team encountering the problem
• Various other tech news stories include updates on Google, Amazon, and new product releases

https://www.engadget.com/some-apple-users-say-theyve-been-mysteriously-locked-out-of-their-accounts-162739339.html…

• Many people reported Apple ID reset issue overnight, requiring password reset
• Social media users logged out of Apple IDs, prompted to reset passwords
• Some users had to enter iPhone passcode to reconnect to iCloud
• Apple’s System Status webpage showed no service issues
• Some users had to reset app-specific passwords for third-party apps

https://www.theverge.com/2024/4/27/24142509/apple-id-logged-out-reset-stolen-device-protection…

• Apple sends out threat notifications in 92 countries warning about spyware
• Apple detects targeted mercenary spyware attacks on iPhones in 92 countries
• Apple’s threat notifications are based on proprietary intelligence and investigative processes
• Genuine Apple threat notifications do not solicit actions like clicking links or sharing Apple ID credentials
• Users should update devices, secure with passcodes, enable two-factor authentication, use official app stores, and create strong passwords to protect against cyber threats

https://www.foxnews.com/tech/apple-sends-out-threat-notifications-in-92-countries-warning-about-spyware…

• Apple users experiencing widespread issues with sudden Apple ID sign-out, requiring password reset for access
• Reports suggest the problem is happening across multiple devices, affecting users with Stolen Device Protection and app-specific passwords
• User complaints surfaced on social media around 8 p.m. Eastern Time and continued into the early morning hours
• Apple has been contacted for comment on the issue
• Stay updated with MacRumors for the latest news on Apple ID problems and other tech updates

https://www.macrumors.com/2024/04/27/apple-id-accounts-logging-out-users/…

• Apple ID lockout solutions: Apple users experiencing widespread lockouts across devices
• Social media reports widespread Apple ID lockouts, forcing password resets
• No explanation provided by Apple for the lockout issue
• Apple ID lockouts causing inconvenience, especially for those with Stolen Device Protection
• Resetting Apple ID password leads to reset of app-specific passwords

https://9to5mac.com/2024/04/26/signed-out-of-apple-id-account-problem-password/…

• Google TV and Android TV had a security loophole allowing unauthorized access to a TV owner’s Gmail inbox.
• Android TV OS, like Android on phones, signs into a Google account at the system level for app access.
• Malicious actors could sideload Google Chrome onto Android TV to access the TV owner’s Google account.
• Google rolled out a fix for most Google TV devices to prevent unauthorized account access.
• The fix prevents sideloaded Google Chrome from automatically using login tokens for Gmail or Google Drive access, enhancing security.

https://9to5google.com/2024/04/26/google-android-tv-account-security-loophole-fix/…

• WordPress plugin vulnerability exploit sees millions of hacking attempts
• Researchers discover high-severity vulnerability in WP Automatic plugin
• Patch released by ValvePress to address the vulnerability in versions 3.92.1 and above
• Attackers can exploit the vulnerability to gain admin privileges and control websites
• Users urged to patch the plugin immediately to prevent exploitation

https://arstechnica.com/security/2024/04/hackers-make-millions-of-attempts-to-exploit-wordpress-plugin-vulnerability/…

• Steam closes Early Access playtime loophole for refunds after 100 hours
• Early Access games on Steam allowed for pre-alpha playtesting and feedback
• Valve updates refund policy to include playtime from Advanced Access period
• Players could previously exploit loophole by playing games for free and then requesting refunds
• Steam’s refund policy becomes more unified and clear, addressing loopholes

https://arstechnica.com/gaming/2024/04/no-more-refunds-after-100-hours-steam-closes-early-access-playtime-loophole/…

• Major security flaws in Chinese keyboard apps expose keystrokes of over 1 billion users
• Citizen Lab identifies vulnerabilities in cloud-based pinyin keyboard apps from various vendors
• Vulnerabilities could allow passive decryption of users’ keystrokes without additional network traffic
• Most app developers have addressed the issues following responsible disclosure, except for Honor and Tencent
• Recommendations include updating apps, switching to on-device keyboard apps, and using standard encryption protocols

https://thehackernews.com/2024/04/major-security-flaws-expose-keystrokes.html…

• Russia’s APT28 exploited a Windows Print Spooler flaw to deploy the ‘GooseEgg’ malware
• GooseEgg malware leveraged a now-patched flaw allowing privilege escalation (CVE-2022-38028)
• APT28 targeted various sectors in Ukraine, Western Europe, and North America with GooseEgg
• APT28, also known as Fancy Bear, is linked to the Russian military intelligence agency GRU
• APT28 has also exploited vulnerabilities in Microsoft Outlook and WinRAR, aiming to gain elevated access and steal credentials

https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html…

• Kremlin-backed hackers exploit critical Windows vulnerability reported by the NSA, targeting various organizations with a previously undocumented tool.
• Microsoft patched the vulnerability in October 2022, two years after the attacks began, without mentioning ongoing exploitation.
• Forest Blizzard, linked to Russian military intelligence, has been exploiting CVE-2022-38028 since at least June 2020.
• The hacking group uses GooseEgg, a post-exploitation malware, to elevate privileges and install additional malware for various objectives.
• GooseEgg is installed using a batch script after successful exploitation of vulnerabilities like CVE-2023-23397, allowing for persistent access and lateral movement within networks.

https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/…

• Windows Flaws in DOS-to-NT path conversion process grant hackers rootkit-like powers to hide files, directories, and processes
• MagicDot paths allow unprivileged users to carry out malicious actions without admin permissions
• Vulnerabilities include hiding files, affecting prefetch file analysis, and impersonating Microsoft executables
• Four security shortcomings discovered, with three addressed by Microsoft
• Research highlights the significance of exploiting known issues in software development for security risks

https://thehackernews.com/2024/04/researchers-uncover-windows-flaws.html…

• Protect against iPhone password reset attacks by being vigilant and safe
• Malicious parties abuse Apple ID password reset system to inundate users with iOS prompts
• Attackers exploit Apple user’s phone number to bombard devices with MFA prompts
• Apple has pushed a fix for the password reset attack, but cases are still reported
• Recovery Key feature does not prevent reset password prompts

https://9to5mac.com/2024/04/21/protect-against-iphone-password-reset-attacks/…

• Stellar Blade will be “uncensored” in all regions, including Japan, offering the same version in all countries
• The game has generated significant interest with players advised to take it easy on the demo
• Yoko Taro, director of Nier: Automata, praises Stellar Blade as a superior game with next-gen graphics and appealing character design
• Eurogamer welcomes all gamers, discussing various game releases and updates
• Various gaming news such as Fallout 76’s record, EA Sports FC 24’s Team of the Season, and updates on other games are highlighted

https://www.eurogamer.net/stellar-blade-will-be-uncensored-in-all-regions…

• CesiumAstro alleges former exec disclosed **trade secrets** to competitor AnySignal
• CesiumAstro is an Austin-based company specializing in active-phased array and software-defined radio systems for spacecraft, missiles, and drones
• AnySignal, a startup competitor, allegedly edged out Cesium in a sales bid and solicited interest from Cesium’s early investors
• Lawsuit claims former VP of Product Erik Luther misappropriated and disclosed confidential information to AnySignal
• AnySignal, founded in 2022, is developing a software-defined radio platform and is named as a direct competitor in the lawsuit

https://techcrunch.com/2024/04/19/cesiumastro-claims-former-exec-spilled-trade-secrets-to-upstart-competitor-anysignal/…

• Google has been labeled a “compromised platform” after Elon Musk revealed a trick involving using “before:2023” in Google searches.
• Adding “before:2023” to Google searches yields different and more useful results, according to users, who criticize AI-generated SEO content.
• Musk expressed concern over this issue, prompting discussions about creating a new search engine by users.
• Users expressed distrust in Google’s search engine, accusing it of being influenced by external parties like the FBI and Democrat Party.
• Some users called for a return to a time when information was more reliable and unbiased, suggesting a need for alternative search engines.

https://www.hindustantimes.com/world-news/us-news/google-dubbed-compromised-platform-after-elon-musk-reveals-trick-heres-what-happens-when-you-type-before2023-101713494021844.html…

• A PuTTY SSH client flaw, tracked as CVE-2024-31497, enables the recovery of cryptographic private keys.
• The vulnerability allows attackers with access to 60 cryptographic signatures to potentially recover the private key used for their generation.
• PuTTY is widely used by system administrators and developers for remote server management and file transfers over SSH.
• The flaw in PuTTY’s ECDSA nonce generation process can lead to private key compromise and unauthorized access to SSH servers.
• The issue was addressed in PuTTY version 0.81, which implements a new key-generation method; users are advised to update and replace unsafe keys.

https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/…

• SteganoAmor steganography attack targets 320 organizations globally, delivering malware through images
• TA558 hacking group conceals malicious code in images using steganography to infect systems
• Campaign exploits Microsoft Office Equation Editor vulnerability to download malicious payloads
• Malware families delivered include Firebird RAT and other diverse tools
• Update Microsoft Office to defend against SteganoAmor attacks; IoCs available for identification

https://www.bleepingcomputer.com/news/security/new-steganoamor-attacks-use-steganography-to-target-320-orgs-globally/…

• Smartphone spying privacy concerns arise from the potential misuse of ambient light sensors as cameras.
• MIT researchers demonstrate that ambient light sensors can capture images and user gestures, posing privacy risks.
• Recommendations include tightening sensor permissions, granting user control, and redesigning sensor placement.
• Spyware poses additional threats to smartphone security, with signs such as unusual noises and performance lags.
• Protective measures against spyware include antivirus software, app removal, regular updates, cautious browsing, and monitoring device activity.

https://www.foxnews.com/tech/is-smartphone-spying-on-you-without-you-even-knowing…

• Scammers are using AI to create fake obituary websites targeting the grieving.
• Scammers exploit obituary searches by creating bogus obituaries with AI assistance.
• Victims are redirected to adult sites or prompted to install web push notifications.
• Precautions include verifying the obituary’s authenticity and avoiding suspicious pages.
• Online platforms and social media networks should take responsibility in preventing exploitative scams.

https://www.foxnews.com/tech/how-scammers-have-sunk-to-new-low-with-ai-obituary-scam-targeting-grieving…

• Japanese man arrested for hacking Pokémon game to sell custom monsters
• Man illegally tampered with Pokémon Scarlet and Violet’s save data
• Used online tool to modify game data and sold characters online
• Arrested under suspicion of violating Unfair Competition Prevention Act
• Allegedly made millions of yen selling custom monsters

https://www.theverge.com/2024/4/12/24128720/pokemon-hacking-arrest-japan-scarlet-violet…

• Google One VPN is being discontinued in the coming months, with users being directed to third-party alternatives
• The VPN was originally introduced in October 2020, offering online protection for Android phones
• Google decided to discontinue the VPN feature due to low usage, aiming to refocus on more in-demand features
• The Pixel VPN introduced with the Pixel 7 series in 2022 will remain, with an upgrade coming in June for older Pixel models
• The VPN available with Google Fi will also continue to be available

https://9to5google.com/2024/04/11/google-one-vpn-discontinued/…

• Android 15 introduces privacy upgrades to combat Stingrays, allowing users to hide their device name
• The Wi-Fi Privacy feature now includes a “Send device name” toggle to maintain anonymity
• New privacy-protecting features for cellular networks include Security notifications and Encryption options
• Users can receive notifications for insecure cellular network connections and choose to require encryption for added security
• It is unclear if these privacy enhancements will be available on non-Pixel devices, more details may be revealed at Google I/O conference

https://9to5google.com/2024/04/11/android-15-privacy-stingray-hide-device-name/…

• Apple has been hit with “mercenary spyware attacks” targeting high-profile individuals in at least 92 countries, including India.
• The attacks are highly sophisticated and aim to remotely compromise iPhones of specific individuals such as politicians, diplomats, journalists, and activists.
• Apple warns that these attacks are exceptionally well funded, advanced, and evolving over time.
• The attacks are not focused on average users for financial gain but on a small number of specific individuals based on who they are or what they do.
• Users impacted by the attacks will receive a “Threat Notification” on the Apple website and will be notified via email and iMessage.

https://nypost.com/2024/04/11/lifestyle/apple-hit-with-mercenary-spyware-attacks-iphone-users-warned-worldwide/…

• DuckDuckGo introduces a $10 Privacy Pro plan featuring a no-log VPN, personal information removal, and identity theft restoration services, available in the US for now.
• The Privacy Pro plan includes a VPN, personal information removal, and identity theft restoration services for $10 per month or $100 per year, with no VPN logs kept for user privacy.
• DuckDuckGo utilizes the open-source WireGuard protocol to encrypt traffic and route it through VPN servers across the US, Europe, and Canada, with one subscription covering up to five devices.
• The personal information removal tool removes details from people search sites and data brokers, with DuckDuckGo not storing user details on remote servers, offering a unique service in the market.
• The identity theft restoration service connects users with advisors from Iris to help restore stolen identities, accounts, and finances, without requiring upfront personal information.

https://www.engadget.com/duckduckgo-unveils-a-10-privacy-pro-plan-with-a-no-log-vpn-120007653.html…

• Apple’s updated spyware alert system now warns individual users of potential targeting by mercenary spyware attacks, specifically mentioning companies like NSO Group.
• Mercenary spyware attacks are sophisticated and globally ongoing, targeting a small number of individuals such as journalists, activists, politicians, and diplomats.
• Apple sent threat notifications to iPhone users in 92 countries to warn of potential state-sponsored attacks, without attributing the attacks to any specific threat actor or region.
• Governments worldwide are working to counter the misuse of commercial spyware, with concerns raised about the risks to national security and government personnel.
• Google reports that commercial surveillance vendors exploited a significant number of zero-day vulnerabilities in 2023, targeting web browsers and mobile devices, with threat actors increasingly leveraging zero-days for evasion and persistence.

https://thehackernews.com/2024/04/apple-expands-spyware-alert-system-to.html…

• Update your LG TV firmware immediately to patch four major vulnerabilities that could allow hackers to take control.
• Bitdefender discovered vulnerabilities in over 91,000 LG TV models running webOS versions 4 through 7, allowing attackers to exploit the LG ThinQ smartphone app to control the TV remotely.
• Vulnerabilities include bypassing authorization mechanisms, adding extra users, elevating access to root, and injecting authenticated commands.
• Ensure your LG TV has the latest webOS software update by checking LG’s support site for instructions on how to update.
• BGR provides industry-leading insights on tech and entertainment, offering reviews, news coverage, and opinions since 2006.

https://bgr.com/tech/update-your-lg-tv-right-now-before-hackers-take-control-of-it/…

• Apple alerts users in 92 nations of possible mercenary spyware attacks
• Threat notifications sent to iPhone users globally, warning of targeted spyware attacks
• Apple did not disclose attackers’ identities or specific countries affected
• Notifications sent multiple times a year, with over 150 countries alerted since 2021
• Spyware alerts coincide with preparations for elections in many nations

https://techcrunch.com/2024/04/10/apple-warning-mercenary-spyware-attacks/…

• LG Smart TV Patch: Security bugs in LG smart TVs could allow hackers to hijack devices.
• Bitdefender discovered four software bugs affecting LG WebOS TV operating system, impacting 91,000 devices globally.
• Bugs could enable hackers to gain invasive privileges, potentially taking over the TV completely.
• Vulnerable devices mainly located in the US, South Korea, Hong Kong, and Sweden.
• LG released a patch on March 22; users should update their TV software immediately to ensure security.

https://gizmodo.com/you-need-to-patch-your-lg-smart-tv-right-now-1851400356…

• Microsoft internal passwords were exposed due to an Azure-hosted server being left unprotected.
• The exposed server contained passwords, keys, and credentials of Microsoft employees.
• Security researchers at SOCRadar discovered the vulnerability and alerted Microsoft.
• Microsoft locked down the server on March 5th after being notified on February 6th.
• Microsoft has faced previous cybersecurity incidents and is working on improving its security practices.

https://www.theverge.com/2024/4/10/24126057/microsoft-azure-server-internal-passwords-exposed-cybersecurity…

• Microsoft has released a massive patch in April 2024, fixing a record 149 flaws, including two vulnerabilities already under attack.
• The vulnerabilities include a backdoor in a malicious executable signed by a valid Microsoft certificate and a security feature bypass flaw exploited in the wild.
• Notable flaws in the update include 68 remote code execution, 31 privilege escalation, 26 security feature bypass, and six denial-of-service bugs.
• Microsoft has faced criticism for security practices, with recent reports highlighting vulnerabilities and cyber espionage campaigns.
• Other vendors have also released security updates to address vulnerabilities, emphasizing the importance of protecting data and updating security processes.

https://thehackernews.com/2024/04/microsoft-fixes-149-flaws-in-huge-april.html…

• Tech CEO accused of keeping assistant as ‘sex slave’ claims allegations are part of a shakedown attempt by a Hollywood lawyer for $10 million
• Threatening text messages from attorney Bryan Freedman, including references to media involvement and potential legal action, are detailed in the countersuit
• Lanng countersues Freedman, claiming extortion, defamation, breach of contract, and intentional infliction of emotional distress, seeking $40 million in damages
• Allegations of a fake social media campaign and misuse of a “slave contract” as a sexual prop are included in the legal battle
• Lanng’s ex-girlfriend’s name was allegedly revealed in the lawsuit without consent, highlighting further issues with Freedman’s handling of the case

https://nypost.com/2024/04/09/business/ex-ceo-slapped-with-sex-slave-allegations-accuses-celeb-lawyer-of-10m-shakedown/…

• Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, addressing a proxy driver spoofing vulnerability and a SmartScreen prompt security feature bypass vulnerability.
• The first vulnerability, CVE-2024-26234, involved a malicious driver signed with a valid Microsoft Hardware Publisher Certificate, initially identified by Sophos X-Ops and reported to Microsoft for remediation.
• The second zero-day, CVE-2024-29988, allowed attackers to bypass the SmartScreen prompt security feature, enabling malware deployment on Windows systems.
• These vulnerabilities were actively exploited by the Water Hydra hacking group, targeting forex and stock trading forums with the DarkMe remote access trojan.
• Microsoft released security updates for a total of 150 vulnerabilities in April 2024, with 67 classified as remote code execution bugs.

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/…

• LG releases security patches for 91,000 hackable TVs to fix four critical vulnerabilities
• Vulnerabilities discovered in four LG TV models, affecting over 88,000 units globally
• Majority of affected units in South Korea, followed by Hong Kong, US, Sweden, and Finland
• Patches available through devices’ settings menu to prevent malicious hackers from gaining root access
• Vulnerabilities allow attackers to bypass authentication measures and take control of the TVs

https://arstechnica.com/security/2024/04/patches-released-for-as-many-as-91000-hackable-lg-tvs-exposed-to-the-internet/…

• Microsoft’s April 2024 Patch Tuesday addresses 150 security flaws, including 67 remote code execution bugs
• Three critical vulnerabilities were fixed, with over half of the RCE flaws found in Microsoft SQL drivers
• Fixes for 26 Secure Boot bypasses were released, including two from Lenovo
• No zero-day vulnerabilities disclosed by Microsoft were addressed in this month’s Patch Tuesday
• Other vendors releasing security updates in April 2024 include Windows 10 and Windows 11

https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/…

• Attackers are actively exploiting a critical remote code execution (RCE) vulnerability in over 92,000 D-Link NAS devices.
• The vulnerability involves a backdoor account with a hardcoded username and empty password, allowing unauthorized access and command execution.
• Threat actors are deploying Mirai malware variants to create botnets for large-scale DDoS attacks using the compromised devices.
• D-Link has confirmed that the affected NAS devices are end-of-life and will not receive security updates, advising users to replace them.
• Owners of the vulnerable devices are urged to apply the latest firmware updates and take precautions against ongoing attacks targeting exposed NAS devices.

https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-92-000-d-link-nas-devices-now-exploited-in-attacks/…

• New Windows driver introduced in February updates prevents software from changing default web browser
• IT consultant Christoph Kolbicz noticed the change when his programs SetUserFTA and SetDefaultBrowser stopped working
• Windows Registry keys associated with default browser settings are now locked down by the User Choice Protection Driver
• Driver can be disabled temporarily via Registry but may be re-enabled automatically by a scheduled task
• Speculation that the driver implementation may be related to compliance with Europe’s Digital Markets Act, but its presence in non-EEA countries raises questions.

https://www.bleepingcomputer.com/news/microsoft/new-windows-driver-blocks-software-from-changing-default-web-browser/…

• iPhone zero-day hacks are valued between $5 and $7 million by companies like Crowdfense.
• Zero-day hacking tools prices are increasing, with Crowdfense offering higher payouts compared to previous years.
• Crowdfense and Zerodium acquire zero-days to resell to government agencies or contractors for tracking criminals.
• Crowdfense’s prices for iPhone and Android zero-days have risen due to improved platform security by Apple and Google.
• Highest publicly known prices for zero-days are offered by Crowdfense outside of Russia, where prices may be inflated due to geopolitical factors.

https://9to5mac.com/2024/04/06/iphone-security-hacks-zero-day-payments/…

• Microsoft will charge Windows 10 users $61 per device for the first year of security updates, with the price doubling every subsequent year.
• Extended Security Updates for Windows 10 will be available to consumers for the first time due to a large number still using the operating system.
• Nearly 70% of Windows users are still on Windows 10, as many older computers cannot support Windows 11’s increased system requirements.
• Users may be forced to buy new devices in the future as it may become more cost-effective than paying for continued security updates for Windows 10.
• The potential release of Windows 12 in 2024 with advanced AI capabilities raises concerns about future support for Windows 11 users.

https://gizmodo.com/microsoft-will-charge-you-windows-10-security-updates-1851385358…

• The XZ Utils supply chain attack was linked to the mysterious persona Jia Tan, suspected to be orchestrated by nation-state hackers.
• Jia Tan spent years infiltrating open source projects, gaining trust, and ultimately inserting a backdoor into XZ Utils.
• Jia Tan’s sophisticated backdoor allowed remote access through SSH and raised suspicions of state-sponsored involvement.
• The persona’s meticulous planning, operational security, and coding changes point towards a well-organized group, possibly from China, Russia, or North Korea.
• Despite the suspension of Jia Tan’s GitHub account, the incident highlights the ongoing threat of malicious actors exploiting open source software for cyberattacks.

https://www.wired.com/story/jia-tan-xz-backdoor/…

• A volunteer stops a Linux backdoor from exposing systems worldwide by detecting suspicious activity during micro-benchmarking.
• Linux narrowly avoids a massive cyber attack due to a backdoor in XZ Utils, a compression tool widely used in Linux distributions.
• The backdoor was inserted into the remote log-in of Linux, potentially compromising numerous systems globally.
• The volunteer, Andres Freund, identified the backdoor in XZ libraries and alerted the security community, prompting emergency alerts from companies like Red Hat and Debian.
• The incident highlights the reliance on unpaid volunteers in open-source projects and the need for sustainable maintenance practices to prevent major vulnerabilities in software infrastructure.

https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempt…

• XZ Utils backdoor almost infected Linux and Unix-like systems
• Malicious code in xz Utils allowed unauthorized access via SSH
• Backdoor was cleverly hidden in the software’s build process
• Attack targeted Debian and Red Hat distributions on amd64 systems
• Little is known about the developer persona Jia Tan

https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/…

• Vermont authorities warn residents to check for AirTags on their vehicles, particularly after traveling to Canada
• AirTags are being used by criminals to track and potentially steal cars, with recent incidents reported in Montreal
• Law enforcement suggests checking common hiding spots like under windshield wipers or in front grilles for the trackers
• Apple has introduced measures to help users detect unknown AirTags and track stolen items, amid concerns over misuse
• A class-action lawsuit has been filed against Apple regarding AirTag misuse, while Washington D.C. has utilized the devices to recover stolen property

https://www.pcmag.com/news/vermont-authorities-warn-residents-to-look-for-airtags-on-their-vehicles…