Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

January 21, 2023

www.hackerzhome.org

Saturday

€5.5 million fine levied on WhatsApp for breaking data protection laws

For breaking data protection regulations when processing users’ personal information, Meta’s WhatsApp was hit with new fines of €5.5 million on Thursday by the Irish Data Protection Commission (DPC).

The General Data Protection Regulation (GDPR) was implemented in May 2018 and the days preceding its implementation included an update to the messaging platform’s Terms of Service that required users to accept the new terms in order to continue using the service or risk losing access.

The messaging service has also been given a six-month deadline to bring its operations into compliance in addition to the penalties. It’s important to note that Dublin serves as Meta’s European headquarters.

On top of that, WhatsApp has previously attracted scrutiny for taking a U-turn on its data-sharing practices with parent company Meta (Facebook) for ad targeting.

In 2017, the E.U. following the acquisition of WhatsApp in 2014, the European Commission penalized the social media giant €110 million for “providing erroneous or misleading material” during its investigation of the merger.

NEWS 1
€5.5 million fine levied on WhatsApp for breaking data protection laws

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Roaming Mantis Disseminates Mobile Malware That Modifies DNS Settings on Wi-Fi Routers

Threat actors linked to the Roaming Mantis attack campaign have been seen distributing an enhanced version of their patented mobile malware called Wroba in order to compromise Wi-Fi routers and perform DNS hijacking.

According to Kaspersky, which examined the malicious artifact, the feature is intended to specifically target South Korean Wi-Fi routers.

The long-running, profit-driven operation known as Roaming Mantis, also known as Shaoye, targets Android smartphone users with malware that can steal bank account credentials and gather other kinds of private data.

While largely focusing on the Asian region since 2018, the hacking group was discovered in early 2022 expanding its victim base to include France and Germany by disguising the malware as the Google Chrome web browser program.

The attacks use smishing messages as their primary intrusion vector to send a booby-trapped URL that, depending on the mobile device’s operating system, either provides a malicious APK or drive the user to phishing URLs.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

January 21, 2023 /

Saturday

Hackerzhome News

2

Have you heard?
A New Android Spyware Called “Hook” Allows Hackers To Remotely Manipulate Your Phone Know more!

Fortinet devices are being compromised with new Boldmove Linux malware.

Fortinet devices are being compromised with new Boldmove Linux malware.

In December, suspected Chinese intruders used a newly discovered FortiOS SSL-VPN vulnerability as a zero-day attack to target a European government and an African MSP with fresh, specifically designed Linux and Windows malware called “BOLDMOVE.”

CVE-2022-42475 is the tracking number for the flaw, which Fortinet silently corrected in November. As threat actors were aggressively exploiting the hole, Fortinet publicly revealed the vulnerability in December and urged customers to repair their devices.

The vulnerability enables remote, unauthenticated attackers to remotely crash affected devices or obtain code execution.

It wasn’t until last month, though, that Fortinet provided further information about how hackers took use of it, stating that threat actors had targeted government institutions with specialized malware made to operate on FortiOS devices.

The FortiOS logging processes were patched by the attackers using custom malware to allow the removal of individual log entries or the complete disabling of the logging process. This was done in order to preserve persistence on vulnerable devices.

NEWS 3

Two Samsung Galaxy App Store vulnerabilities have been exploited

Two Samsung Galaxy App Store vulnerabilities have been exploited
NEWS 4

Two flaws in Samsung’s official app store, the Galaxy App Store, might allow attackers to force users to download any app from the store without their consent or send them to a malicious website.

Between November 23 and December 3, 2022, researchers from the NCC Group identified the problems.

On January 1, 2023, the Korean smartphone manufacturer declared that it had repaired the two issues and released a new version for the Galaxy App Store (4.5.49.8).

The first of the two issues, designated CVE-2023-21433, is flawed access control that enables attackers to download any software from the Galaxy App Store.

The Galaxy App Store was found to not safely handle incoming intents, allowing programs on the device to send arbitrary app installation requests, according to NCC.

Recent blog posts

More than 19,000 outdated Cisco routers are vulnerable to RCE attacks

Attacks aimed at a remote command execution exploit chain could affect over 19,000 Cisco VPN routers that are nearing the end of their useful lives online.

Threat actors can circumvent authentication (CVE-2023-20025) and execute arbitrary instructions (CVE-2023-2002) on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers by connecting two security issues that were made public last week.

Through specially crafted HTTP queries submitted to the susceptible routers’ web-based management interface, unauthenticated attackers can remotely exploit the severe severity auth bypass bug to get root access.

Users can protect their devices from attacks even though they won’t receive security updates and Cisco stated that “there are no workarounds that address these vulnerabilities,” by disabling the To prevent attempts at exploitation, use a web-based administration interface and prohibit access to ports 443 and 60443.

To accomplish this, log in to the web-based administration interface of each susceptible router, navigate to Firewall > General, and deselect the Remote Management check box. Cisco also offers comprehensive guidelines for preventing access to ports 443 and 60443.

After deploying the aforementioned mitigation, the impacted routers will still be reachable and can be configured using the LAN interface.

More than 19,000 outdated Cisco routers are vulnerable to RCE attacks
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.