Tech giants Apple and Google have joined forces to develop an interoperable contract-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19.

As part of this new initiative, the companies are expected to release an API that public agencies can integrate into their apps. The next iteration will be a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to allow for contact tracing on an opt-in basis.

The APIs are expected to be available mid-May for Android and iOS, with the broader contact tracing system set to roll out “in the coming months.”

“Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders,” the companies said.

The rare collaboration comes as governments worldwide are increasingly turning to technology such as phone tracking and facial recognition to battle the virus and contain the coronavirus outbreak.

Apple has also launched a new web page announcing the feature, which details the preliminary Bluetooth specifications, cryptography specifications, and the framework API, the contact tracing system will be based on.

images from Hacker News

In our previous stories, you might have already read about various campaigns warning how threat actors are capitalising on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money.

Unfortunately, to some extent, it’s working, and that’s because the attack surface is changing and expanding rapidly as many organisations and business tasks are going digital without much preparation, exposing themselves to more potential threats.

Most of the recent cyberattacks are primarily exploiting the fears around the COVID-19 outbreak—fueled by disinformation and fake news—to distribute malware via Google Play apps, malicious links and attachments, and execute ransomware attacks.

Here, we took a look at some of the wide range of unseen threats rising in the digital space, powered by coronavirus-themed lures that cybercriminals are using for espionage and commercial gain.

The latest development adds to a long list of cyberattacks against hospitals and testing centers, and phishing campaigns that aim to profit off the global health concern.

images from Hacker News

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service‘ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services.

The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing attacks against a variety of devices, such as routers (from Dasan Zhone, Dlink, and ASUS), video recorders, and thermal cameras, to co-opt them into the botnet.

So far, dark_nexus comprises at least 1,372 bots, acting as a reverse proxy, spanning across various locations in China, South Korea, Thailand, Brazil, and Russia.

“While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust,” the researchers said. “For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.”

Evidence gathered by Bitdefender points to greek.Helios as the individual behind the development of dark_nexus, who is a known botnet author infamous for selling DDoS services on social media platforms and using a YouTube channel to advertise its capabilities.

images from Hacker News

Remember xHelper?

A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove.

xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected so many devices in the first place.

In a blog post published today, Igor Golovin, malware analyst at Kaspersky, finally solved the mystery by unveiling technical details on the persistence mechanism used by this malware, and eventually also figured out how to remove xHelper from an infected device completely.

As the initial attack vector and for distribution, the malware app disguises itself as a popular cleaner and speed optimisation app for smartphones — affecting mostly users in Russia (80.56%), India (3.43%), and Algeria (2.43%).

“But in reality, there is nothing useful about it: after installation, the ‘cleaner’ simply disappears and is nowhere to be seen either on the main screen or in the program menu. You can see it only by inspecting the list of installed apps in the system settings,” Golovin said.

Once installed by an unsuspecting user, the malicious app registers itself as a foreground service and then extracts an encrypted payload that collects and sends identity information of the targeted device to an attacker-control remote web server.

images from Hacker News

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal.

The app has skyrocketed to 200 million daily users from an average of 10 million in December — along with a 535 percent increase in daily traffic to its download page in the last month — but it’s also seen a massive uptick in Zoom’s problems, all of which stem from sloppy design practices and security implementations.

Zoom may never have designed its product beyond enterprise chat initially, but with the app now being used in a myriad number of ways and by regular consumers, the company’s full scope of gaffes have come into sharp focus — something it was able to avoid all this time.

But if this public scrutiny can make it a more secure product, it can only be a good thing in the long run.

images from Hacker News