Select Page
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Two security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.

The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung classified the bugs as moderate risk and released fixes in version 4.5.49.8 shipped earlier this month.

Samsung Galaxy Store, previously known as Samsung Apps and Galaxy Apps, is a dedicated app store used for Android devices manufactured by Samsung. It was launched in September 2009.

The first of the two vulnerabilities is CVE-2023-21433, which could enable an already installed rogue Android app on a Samsung device to install any application available on the Galaxy Store.

images from Hacker News

SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric

SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric

The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access.

The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those pressures are only increasing. Decentralized IT, evolving threats, and zero-trust tools are pushing many IAM tools to their limits.

To maintain their effectiveness, IAM are shifting to operating as an agile, interconnected identity fabric rather than just siloed IAM tools. The demands of today’s IT operating environment are forcing IAM to support decentralized IT environments while still providing centralized management and governance for its users.

Interestingly, many of the identity fabric principles they define are currently found in leading SSPM tools. It’s important to note that identity fabric isn’t composed of a single tool. Rather, a number of different tools, including directories, authentication, and threat detection, come together to form an enforceable IAM perimeter.

See how you can enable advanced IAM governance. Schedule a demo today.

Scope

The scope of identity fabric includes any human, machine, or application that is granted access to your applications and data. Looking at this through an SSPM lens, your platform should be able to track all access to your SaaS applications and alert you whenever dangerous or suspicious entities or malicious applications access your SaaS stack.

This extends beyond humans and covers the devices they use to access their data. As we look ahead into the near future, it also includes connected devices which may require access to perform their tasks.

images from Hacker News

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit.

The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week.

Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation framework that’s designed to be used by security professionals in their red team operations.

Its myriad features for adversary simulation – including dynamic code generation, in-memory payload execution, and process injection – have also made it an appealing tool for threat actors looking to gain elevated access to the target system upon gaining an initial foothold.

Silver C2 Framework

images from Hacker News

Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps

Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps

Researchers have shut down an “expansive” ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices.

“VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views,” fraud prevention firm HUMAN said.

The operation gets its name from the use of a DNS evasion technique called Fast Flux and VAST, a Digital Video Ad Serving Template that’s employed to serve ads to video players.

The sophisticated operation particularly exploited the restricted in-app environments that run ads on iOS to place bids for displaying ad banners. Should the auction be won, the hijacked ad slot is leveraged to inject rogue JavaScript that establishes contact with a remote server to retrieve the list of apps to be targeted.

This includes the bundle IDs that belong to legitimate apps so as to conduct what’s called as an app spoofing attack, in which a fraudulent app passes off as a highly-regarded app in an attempt to trick advertisers into bidding for the ad space.

images from Hacker News