Want to try out Meta’s new social media app? Here’s more context on what personal data is collected by Threads and similar social media apps.

Meta's long-awaited Twitter alternative is here, and it's called Threads. The new social media app launches at a time when alternatives, like Bluesky, Mastodon, and Spill, are vying for users who are dissatisfied with Elon Musk's handling of Twitter's user experience, with its newly introduced rate limits and an uptick in hate speech.

Meta owns Facebook, Instagram, and WhatsApp, so the company’s attempt to recreate an online experience similar to Twitter is likely to attract plenty of normies, lurkers, and nomadic shitposters. Threads uses the AT Protocol developed by Bluesky, and Meta is working to incorporate Threads as part of the online Fediverse, a group of shared servers where users can interact across multiple platforms.

If you’re hesitant to share your personal data with a company on the receiving end of a billion dollar fine, that’s understandable. For those who are curious, however, here’s what we know about the service’s privacy policy, what data you hand over when you sign up, and how it compares to the data collected by other options.

Threads

Threads (Android, Apple) potentially collects a wide assortment of personal data that remains connected to you, based on the information available in Apple’s App Store, from your purchase history and physical address to your browsing history and health information. “Sensitive information” is also listed as a type of data collected by the Threads app. Some information this could include is your race, sexual orientation, pregnancy status, and religion as well as your biometric data.

Threads falls under the larger privacy policy covering Meta’s other social media platforms. Want to see the whole thing? You can read it for yourself here. There’s one caveat, though. The app has a supplemental privacy policy that’s also worth reading. A noteworthy detail from this document is that while you’re able to deactivate your Threads account whenever, you must delete your Instagram if you fully want to delete your Threads account.

Below is all the data collected by Threads that’s mentioned in the App Store. Do you have the Facebook or Instagram app on your phone? Keep in mind that this data collection by Meta is comparable to the data those apps collect about you.

For Android users, the Google Play Store doesn’t require you to hand over the same amount of extensive data to try out Threads. You have more control than Apple users, since you can granularly toggle what personal data is shared with apps.

Data Linked to You

**Third-Party Advertising:**

*   _Purchases_ (Purchase History)
*   _Financial Info_ (Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   _Contacts_
*   _User Content_ (Photos or Videos, Gameplay Content, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**Developer's Advertising or Marketing:**

*   _Purchases_ (Purchase History)
*   _Financial Info_ (Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   _Contacts_
*   _User Content_ ( Photos or Videos, Gameplay Content, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**Analytics:**

*   _Health & Fitness_ (Health, Fitness)
*   _Purchases_ (Purchase History, Financial Info, Payment Info, Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   Contacts
*   _User Content_ (Photos or Videos, Audio Data, Gameplay Content, Customer Support, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Sensitive Info_
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**Product Personalization:**

*   _Purchases_ (Purchase History)
*   _Financial Info_ (Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   Contacts
*   _User Content_ (Photos or Videos, Gameplay Content, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Sensitive Info_
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**App Functionality:**

*   _Health & Fitness_ (Health, Fitness)
*   _Purchases_ (Purchase History)
*   _Financial Info_ (Payment Info, Credit Info, Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   _Contacts_
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data, Gameplay Content, Customer Support, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Sensitive Info_
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

**Other Purposes:**

*   _Purchases_ (Purchase History)
*   _Financial Info_ (Other Financial Info)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Physical Address, Email Address, Name, Phone Number, Other User Contact Info)
*   _Contacts_
*   _User Content_ (Photos or Videos, Gameplay Content, Customer Support, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)
*   _Other Data_

Bluesky

Looking for an app that collects less personal data? Bluesky (Android, Apple) is a buzzy Twitter alternative started by Twitter founder Jack Dorsey and managed by CEO Jay Graber. Bluesky uses the AT Protocol that it created. Like Mastodon already does and Threads soon will, Bluesky incorporates the Fediverse servers as its backbone. The app is currently invite-only, but it does not currently collect anywhere near as much information as Threads or Twitter.

For Bluesky, the data that’s linked to you is focused on app functionality, like remembering your email and user ID, or access to photos and videos on your device so you can post memes. Here’s where you can find more info about Bluesky’s privacy policy. Keep in mind the service is still new and adding features, so there will likely be changes as it evolves.

Below is all the data collected by Bluesky that’s mentioned in the App Store. (Remember that this is only for iPhone owners. If you use an Android smartphone, you have more control over what data is shared.)

Data Linked to You

**App Functionality:**

*   _Contact Info_ (Email Address)
*   _User Content_ (Photos or Videos, Customer Support, Other User Content)
*   _Identifiers_ (User ID)

Data Not Linked to You

**Analytics:**

*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

**App Functionality:**

*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

Mastodon

What if you want a social media app that doesn’t suck up all your personal data? **Mastodon** (Android, Apple) might be a good option for you. Originally launched in 2016 by Eugen Rochko, Mastodon uses a decentralized protocol that’s different from Threads and Bluesky, called ActivityPub. It’s part of the Fediverse of shared servers. Mastodon is not exactly a new pick; it has positioned itself for years as an alternative to Twitter. (Remember, 2023 isn’t the first time users have considered ditching Twitter for something new and exciting.)

Are you trying it out for the first time? Here’s a great guide to getting started on Mastodon. There’s a bit of a learning curve with this one.

Below is all the data collected by Mastodon that’s mentioned in the App Store.

_\*In the style of Taylor Swift.\*_

\[Blank Space\]

That's right, the Mastodon app for iOS won't collect any data from your device. For Android owners, the app may share your name and email address with other companies.

If you don't like the official Mastodon apps for any reason, you can always try alternative apps with unique interfaces and features. Just be on the lookout for the privacy policies and data collection for those apps, since they don't have to commit to zero-data collection the way the official ones do.

Spill

Are you part of (or a fan of) Black Twitter and on the search for a new posting platform, preferably one that’s inclusive and voicey? Spill (Apple) is a Black-owned social media app that’s made with diverse communities in mind, specifically people of color. It was founded by Alphonzo “Phonz” Terrell and Devaris Brown, who both used to work at Twitter, and it launched earlier this year. Spill is not part of the Fediverse of shared servers.

Spill is currently invite-only, but you can sign up for the waiting list. While Spill does gather sensitive info, the other aspects of its data collection are not as extensive as Threads. Here’s the full privacy policy you can read over.

Below is all the data collected by Spill that’s mentioned in the App Store. It’s worth noting that Spill’s dev team is working on an Android app, but it’s not yet available to use.

Data Linked to You

**Developer's Advertising or Marketing:**

*   _Location_ (Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data)
*   _Sensitive Info_

**Analytics:**

*   _Location_ (Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data)
*   _Sensitive Info_

**Product Personalization:**

*   _Location_ (Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _Contacts_
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data)
*   _Sensitive Info_

**App Functionality:**

*   _Location_ (Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _Contacts_
*   _User Content_ (Emails or Text Messages, Photos or Videos, Audio Data)
*   _Sensitive Info_

**Other Purposes:**

*   _Contact Info_ (Email Address, Phone Number)

Hive Social

It’s a bit smaller than other platforms, but Hive Social (Android, Apple) is another contender for your attention span that’s particularly popular with gamers. This app is not part of the Fediverse. Nostalgic for the days when curated music would automatically play when a person visited your profile? This feature is one way Hive differentiates itself from Twitter, along with a built-in Q&A feature that lets your followers ask you questions (sometimes anonymously) that you can answer in posts to your feed. Want to give Hive a try? Check out our guide with tips for getting started.

The app collects information about you for functionality and analytics, but it’s not connected specifically to you. Learn more about what data the app uses by taking a look at its privacy policy.

Below is all the data collected by Hive Social that’s mentioned in the App Store for iPhone owners. (Have a Google Pixel or other Android device in your pocket? You can go into your privacy settings for more control over what data Hive collects.)

Data Not Linked to You

**Analytics:**

*   _Contact Info_ (Email Address, Name, Phone Number)
*   _User Content_ (Photos or Videos, Customer Support, Other User Content)
*   _Identifiers_ (User ID)
*   _Usage Data_ (Product Interaction, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

**App Functionality:**

*   _Contact Info_ (Email Address, Name, Phone Number)
*   _User Content_ (Photos or Videos, Customer Support, Other User Content)
*   _Identifiers_ (User ID)
*   _Usage Data_ (Product Interaction, Other Usage Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

What About Twitter?

It may seem like Threads collects a ton of personal data. (Because it does!) For more context, let’s go over what Twitter asks for as well. Twitter (Android, Apple) keeps plenty of data that’s linked to users and used to track you, like your purchase history and browsing history. With that in mind, the app does not list “sensitive information” as one of the disclosed categories of data collection. Check out its full privacy policy for an in-depth breakdown.

Below is all the data collected by Twitter that’s mentioned in the App Store. (Escaped from Apple’s walled garden? The Android app for Twitter still collects some personal data, like your precise location and web browsing history, unless you adjust your privacy settings.)

Data Used to Track You

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address)
*   _User Content_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)

Data Linked to You

**Third-Party Advertising:**

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address)
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)
*   _Diagnostics_ (Performance Data)

**Developer's Advertising or Marketing:**

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address)
*   _User Content_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)

**Analytics:**

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contacts_
*   _User Content_ (Photos or Videos, Audio Data, Other User Content)
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)
*   _Diagnostics_ (Crash Data, Performance Data)

**Product Personalization:**

*   _Purchases_ (Purchase History)
*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address, Phone Number)
*   _Contacts_
*   _User Content_
*   _Search History_
*   _Browsing History_
*   _Identifiers_ (User ID, Device ID)
*   _Usage Data_ (Product Interaction, Advertising Data)
*   _Diagnostics_ (Crash Data, Performance Data, Other Diagnostic Data)

**Other Purposes:**

*   _Location_ (Precise Location, Coarse Location)
*   _Contact Info_ (Email Address, Name, Phone Number)
*   _Contacts_
*   _User Content_ (Photos or Videos)
*   Search History
*   _Identifiers_ (User ID)

Data Not Linked to You

**Third-Party Advertising:**

*   _Other Data_

**Developer's Advertising or Marketing:**

*   _Other Data_

**Analytics:**

*   _User Content_ (Emails or Text Messages)
*   _Other Data_

**App Functionality:**

*   _Contact Info_ (Physical Address)
*   _User Content_ (Emails or Text Messages)
*   _Other Data_

How Threads' Privacy Policy Compares to Twitter's (and Its Rivals')

By Waqas
Mobile security solutions provider Pradeo’s security researchers have shared details of the spyware they discovered hiding on the…
This is a post from HackRead.com Read the original post: China-Linked Spyware Found in Google Play Store Apps, 2m Downloads

According to the report authored by Roxane Suau and published on July 6th, 2023, Pradeo’s behavior analysis engine recently detected two apps (File Recovery and Data Recovery, with 1 million installations, and File Manager, with 500,000 installations) containing hidden spyware, which may have impacted up to 1.5 million users.

Interestingly, both were created by the same developer. The malicious apps appeared to be harmless file management software, but in reality, they showcased malicious behaviour. These apps can self-launch without user interaction and secretly exfiltrate sensitive user data to several malicious servers in China.

Malicious apps (Pradeo)

**What Data Did These Apps Collect?**

The app profiles on the Google Play Store state that they don’t collect any data from the device, but according to Pradeo’s blog post, these are false claims. Research revealed that the apps collected highly personal data from their targets and transferred it to over one hundred different destinations, all of which were in China and were malicious.

The spyware apps collected the following data:

*   OS version number
*   Device brand/model
*   Real-time user location
*   Network provider’s name
*   SIM provider’s network code
*   Mobile phone’s country code
*   Pictures, video, and audio content
*   Device’s contact lists (all linked accounts, email and social networks)

**How Do the Apps Trap Users?**

The hacker has used various techniques to make these apps appear legitimate. For instance, spyware shows a large user base but doesn’t feature any reviews. Researchers believe that the hacker must have used mobile device emulators or installed farms to show huge numbers and improve the apps’ ranking on the store.

Another tactic is minimal user interaction since the apps can launch automatically when the system starts. So, they can continue their malicious operations even if the app isn’t in use. Also, these apps aren’t visible on the home screen, and their icon remains hidden to prevent uninstallation.

**How to Stay Safe?**

Although Google has removed these apps, if you have downloaded and installed them from a third-party store, delete them immediately and never download apps without any reviews, despite having a large user base. Also, don’t forget to go through their reviews, if there are any, to detect foul play.

Organizations should automate mobile detection and response by vetting apps and determining if they comply with their security policies.

1.  SmugX: Chinese Hackers Targeting Embassies in Europe
2.  New Vishing Attack Spreading FakeCalls Android Malware
3.  Chinese Malware Hits European Healthcare via USB Drives
4.  Goldoson Android Malware in 60 Apps with 100M Downloads
5.  Chinese Sharp Panda Group Unleashes SoulSearcher Malware

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

China-Linked Spyware Found in Google Play Store Apps, 2m Downloads

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

CVE-2023-29382: Security Center - Zimbra :: Tech Center

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware.

Thursday, July 6, 2023 08:07

Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat initially came to light with the leaks of HackingTeam back in 2015, but gained new notoriety with public reporting on the NSO Group, and, in the years that have followed, the landscape has exploded.

There are now numerous companies with similar offerings, like Intellexa, DSIRF, Variston IT, and the newly disclosed Quadream representing just a small subset — there are likely more that are operating covertly today.

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware. A recent report from the United Kingdom’s National CyberSecurity Center (NCSC) highlights the accessibility of these tools “lowers the barrier to entry to state and non-state actors in obtaining capability and intelligence.” As recently as June 2023, the European Parliament’s plenary session voted on an ongoing investigation concerning the illicit usage of NSO’s Pegasus and equivalent surveillance spyware by EU member states (PEGA report). In this session, European Parliament members argued that the illicit usage of spyware has put “democracy itself at stake” and called for legislative changes and stricter regulation of the use of commercial spyware. The full press release and report can be found here.

**Commercial spyware companies don't care who is targeted by their products**

Commercial spyware companies advertise their products simply as a means of obtaining access and deny having any knowledge of who their customers’ targets are. This tactic is possibly a means of plausible deniability in the event that illegal targeting of individuals is traced back to their spyware. To avoid legal repercussions, these companies have headquarters in countries that do not have laws governing the export of their products or which classify the entities as IT service providers, effectively removing them from any product liability. These companies can therefore ultimately sell to whomever can pay without regard for who the intended targets are or what the impacts on the victims might be.

Although advertised as “tools” for law enforcement and government agencies strictly intended for legal use, report after report has shown commercial spyware has consistently been used against ethically questionable targets that don't fit the profile of criminals or terrorists. Such targets have repeatedly been journalists, politicians and activists who the host government perceives as competitors or existential threats. While these technologies may exist to fight terrorism and organized crime, their sale and usage must be regulated and subject to scrutiny by judicial authorities at an international level to prevent their misuse and abuse.  

One such example of limited repercussions within a host state is the case where a journalist in Greece was targeted with Predator Spyware, eventually leading to the resignation of Greece’s National Intelligence Service’s director in 2022 and the subsequent ban on the use of commercial spyware in Greece. Earlier in 2022, we also saw the departure of the NSO group’s CEO from the company amid widespread public outrage over the use of their spyware by Israeli Police forces.

**The untethered future of commercial spyware**

Mobile platform developers such as Google and Apple have repeatedly introduced and implemented protections and mitigations in their operating systems. However, commercial spyware providers often use zero-day, zero-click exploits to compromise victims’ mobile devices and are so confident in their ability to repeatedly compromise phones _without getting caught_ that, in some cases, they don't even deploy persistence mechanisms — a simple device reboot is enough to remove the implant from the device. However, a device reboot simply results in the commercial spyware outfit reinfecting the device using the zero-day, zero-click combination they had used during the initial compromise indicating the aggressive nature of these campaigns.

We see no indications that these commercial spyware offerings are slowing down. If anything, they are growing along with the constant availability of exploitable, unpatched/unknown vulnerabilities. Until the international community acts to regulate the technology, very little is going to change. When exposed by researchers, some of these companies just cease to exist. But in reality, they do not shut down, they just rebrand under a different name or merge with others sharing the technology they have produced. A typical example of such a case is the commercial spyware firm Cytrox, which was on the verge of disappearing, but was subsequently “rescued” and is now part of the Intellexa conglomerate.

Private and government organizations have taken steps to legally curb the use of commercial spyware, including attempts to hold them responsible for their actions in the past. Meta, formerly Facebook, is one of the first to move against commercial spyware companies by opening a lawsuit against the NSO Group for leveraging Meta-owned WhatsApp in their infection chain. The Biden administration has also taken an important step in fighting these companies with the Executive Order putting limitations on the U.S. government's ability to use commercial spyware to “discourage the improper use of commercial spyware; and encourage the development and implementation of responsible norms regarding the use of commercial spyware that are consistent with respect for the rule of law, human rights, and democratic norms and values.”

However, limited legal and legislative actions are yet to have an _immediate_ positive effect on curbing the use of commercial spyware. Despite these steps toward limiting the operations of these spyware companies, they are likely to keep operating in any region as long as it's financially and legally feasible. Increasing scrutiny with export regulations, criminal liability and fines may be a way forward towards ensuring that their activity does not go beyond the legitimate purposes they advertise.

**Risk profile**

For almost everyone on the planet, your Apple or Android phone’s built-in security features are more than sufficient to keep you protected. However, the commercial spyware industry has proven that it is easy to compromise targets if you have access to these products and the means to use them. We've seen numerous deeply concerning reports of people being compromised and are commonly met with the news that it was a journalist or dissident. The ability of these companies to repeatedly compromise devices, regardless of patch level, makes protection difficult.

For those that believe they are being or could be targeted by commercial spyware, rebooting the device before contacting a source or switching to lockdown mode might be the only options for the foreseeable future.

If you feel that you have been targeted by commercial spyware, there are also more generic habits that should be part of your daily routine:

*   Reboot your device regularly.
*   Use lockdown mode if your device is an iPhone.
*   Don’t click on links from dubious sources.
*   Don’t accept private messages from unknown persons.
*   If you have to keep a public contact, use an empty device to receive such contacts and reset it frequently.
*   Keep your devices up-to-date.

_If readers suspect their system(s) may have been compromised by commercial spyware or hack-for-hire groups, please consider notifying Talos’ research team at talos-mercenary-spyware-help@external.cisco.com to assist in furthering the community’s knowledge of these threats._

The growth of commercial spyware based intelligence providers without legal or ethical supervision

Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer  
Samsung Electronics (UK) Limited  
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

**Cookies**

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

**Essential Cookies**: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie

Domain

Purpose

JSESSIONID

security.samsungmobile.com

to keep login session

lastActivityTime

security.samsungmobile.com

to save the user's last activity time to automatically logout after 30 minutes of inactivity

**Managing Cookies and Other Technologies**

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

CVE-2023-30678: Samsung Mobile Security

An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.

**ramihub.github.io**

Vulnerability ID: CVE-2023-29656

Title: Authorization Issue associated with Darktrace Mobile App

Abstract: An authorization issue associated with the Darktrace Mobile App has been identified. If running affected Darktrace Threat Visualiser versions, this vulnerability could prevent users disabled during that time from having their Mobile App session automatically ended, allowing them to retain access to the app. Successful exploitation of the vulnerability could lead to unauthorized actions and information disclosure. The vendor, Darktrace, was notified of this issue, which was resolved in a subsequent release.

Details:

*   Vulnerability Type: Improper Authorization
*   Vendor: Darktrace
*   Product: Darktrace Threat Visualiser
*   Affected Component: Threat Visualiser
*   Version: Affected versions between 6.0.0 and 6.0.15
*   Impact: Potential unauthorized actions and information disclosure

Description: The Darktrace Mobile App is designed to provide users with mobile access to their Darktrace deployment. With the correct permissions, Mobile App allows users to view and action Darktrace alerts. However, an authorization issue in affected Darktrace Threat Visualiser versions has been identified, allowing disabled users to continue accessing the Darktrace Mobile App. This issue arises when a previously authorized user is disabled in Darktrace Threat Visualiser, but continues to use the Mobile App. The impact is that these disabled users can log in and access sensitive information, perform actions, and view data within the app.

Proof of Concept: To demonstrate this vulnerability, follow the steps below on an affected version:

1.  Log in to the Darktrace web console.
2.  Install the Darktrace Mobile App on the mobile phone.
3.  Authorize the Mobile App using a valid Threat Visualiser user account.
4.  Request the Threat Visualiser user account to be disabled by a user with higher privileges.
5.  After the account has been disabled, log on to the Mobile App, where it can be observed that previous Mobile App privileges are still operational.

Impact: The impact of this authorization issue is significant as it allows unauthorized individuals to access the Darktrace Mobile App. This can lead to unauthorized actions and potential exposure of sensitive information. Users who previously had access to the Darktrace deployment but had their access disabled should not have access to the Mobile App’s full functionality. • Information Disclosure: Successful exploitation of this vulnerability could expose sensitive information due to improper authorization controls. • Denial of Service: The vulnerability can lead to an unauthorized user being able to activate pending RESPOND Actions. In cases where those have been configured to be far-reaching by an authorized user, this could lead to the blocking of all ingress or egress traffic in the infrastructure where Darktrace agents are deployed.

Attack Vectors: • A user who is disabled from the central Darktrace Threat Visualiser Web Console can still fully use the Mobile App and its functionalities.

Vendor Response: Darktrace has acknowledged and confirmed the vulnerability. Darktrace has confirmed the affected versions to be between 6.0.0 and 6.0.15. Users are advised to update to the latest version of Darktrace Threat Visualiser.

Discoverer: The vulnerability was discovered and reported by Marius “Rami” Petrea.

Timeline :

*   Reported to “vulnerability-disclosure@darktrace.com“ on Feb 24, at 14:26 GMT +3
*   Got the first ack answer on Feb 24, at 19:09 GMT +3
*   On Feb 28, 18:20 GMT +3, got another follow-up email from Darktrace informing me that they’re working on a fix.
*   On Mar 2, Darktrace confirmed that a patch was in place.
*   On May 16, 18:27 GMT +3, communication between Darktrace and Marius Petrea to collaborate on the detail required to submit CVE detail.

Note: This disclosure paper is intended to raise awareness about the identified vulnerability and encourage the vendor to take appropriate actions to address the issue. It is important to adhere to responsible disclosure practices and work collaboratively with the vendor to ensure timely mitigation.

Please note that this is a sample disclosure paper and should be adapted as per your requirements and the specific guidelines provided by the vulnerability disclosure program or platform you intend to use for public disclosure.

CVE-2023-29656: [Disclosure for CVE-2023-29656]

An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.

**Affected Product**

NIO Aspen

**Affected version**

Aspen <= 3.2.5

**CVE-ID**

CVE-2023-24256

**Description**

Aspen, the infotainment system of NIO EC6, had a debug built of a system app and a path traversal issue with the system settings script that allowed an attacker to escalate from the shell to persistent root.

I have mentioned these two issues in my presentation at MOSEC 2022, "Feat(My First EV)!: Add Support for App Store".

Now that NIO fix them in the lastest version of Aspen, details will be disclosed.

**Vulnerability Type**

Misconfigurations

**Exploit****Escalation from shell to system**

**com.nextev.datastatistic** is compiled with android:debuggable = "true" as well as android:sharedUserId = "android.uid.system". By communicating with com.nextev.datastatistic over the JDWP protocol, I managed to execute arbitratry code in the context of **u:r:system\_app:s0** context and **uid = 1000**.

**Escalation from system to persistent root**

Aspen does not enable kernel module signing by default, so privileged processes can insmod their own ko files into the kernel. According to **/system/bin/setup\_touch.sh**, **platform\_app** or **system\_app** can setprop "persist.sys.touchscreen" to something like "cyttsp6\_i2c.ko/../../../../data/system/exploit". In this way, /data/system/exploit.ko will be inserted into the kernel and provides an attacker with persistent root privilege across reboots.

**Original Bug Report Emailed to NIO**

CVE-2023-24256: JailBreakEC6/BugReport.md at main · hhj4ck/JailBreakEC6

Categories: Exploits and vulnerabilities
Categories: News
Tags: Google

Tags:  Android

Tags:  2023-07-05

Tags:  CVE2021-29256

Tags:  CVE-2023-26083

Tags:  CVE-2023-2136

Tags:  CVE-2023-21250

Tags:  ARM

Tags:  Skia

Google has patched 43 vulnerabilities in Android, three of which are actively exploited zero-day vulnerabilities. 



(Read more...)




The post Update Android now! Google patches three actively exploited zero-days appeared first on Malwarebytes Labs.

In July’s update for the Android operating system (OS), Google has patched 43 vulnerabilities, three of which are actively exploited zero-day vulnerabilities.

The security bulletin notes that there are indications that these three vulnerabilities may be under limited, targeted exploitation.

If your Android phone is at patch level 2023-07-05 or later then the issues discussed below have been fixed. The updates have been made available for Android 10, 11, 12, 12L and 13. Android partners are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.

You can find your device's Android version number, security update level, and Google Play system level in your Settings app. You'll get notifications when updates are available for you, but you can also check for updates.

For most phones it works like this: Under **About phone** or **About device** you can tap on **Software updates** to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs listed as actively exploited are:

CVE-2023-26083: a memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

ARM was warned about this vulnerability on March 31, 2023 and stated:

> “There is evidence that this vulnerability may be under limited, targeted exploitation.”

CVE-2021-29256: The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.

Both of the above vulnerabilities are present in the ARM Mali GPU, which is the graphics processor of many Android phones. A patch for both vulnerabilities had been issued by ARM, but Google has decided to include them in this month’s Android update.

CVE-2023-2136: An integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

This vulnerability is affecting the Skia 2D graphics library used in Android systems. Skia is an open source 2D graphics library for drawing Text, Geometries, and Images.

It is likely that attackers would use the vulnerability in Skia as a first stage and then use one of the Mali vulnerabilities to complete a device takeover.

Another vulnerability that caught our eye was CVE-2023-21250: a critical vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed and no user interaction is needed for exploitation. Further details were not revealed to give users a chance to install the patch first.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Update Android now! Google patches three actively exploited zero-days

By Deeba Ahmed
The researchers believe that the SmugX attack is an extension of a previously discovered campaign linked to Mustang Panda.
This is a post from HackRead.com Read the original post: SmugX: Chinese Hackers Targeting Embassies in Europe

**The attack method of the SmugX campaign includes attackers using HTML smuggling to target victims.**

Check Point Research’s (CPR) cyber threat intelligence researchers have discovered a disturbing attack trend. According to CPR’s report published on July 3, 2023, Chinese threat actors have become increasingly interested in targeting European governments, embassies, and foreign local policy-making entities. Eastern Europe is among their preferred targets, with prime targets being Slovakia, the Czech Republic, and Hungary.

This newly discovered campaign is dubbed SmugX. Researchers claim that this campaign has been active since December 2022, but they believe that it is an extension of a previously discovered campaign linked to Mustang Panda and RedDelta. Interestingly, both groups are Chinese.

As far as the attack method is concerned, research revealed that in SmugX, attackers are using HTML smuggling to target European embassies. In this method, the modular PlugX malware implant is smuggled (hidden) inside HTML documents.

Hackers use this technique to trick web security systems and evade antivirus mechanisms or security defences. HTML smuggling exploits HTML features to conceal malicious data documents from automated content filters, including them as JavaScript blobs that reassemble on the targeted device.

It is worth noting that PluxX is a commonly used tool for HTML smuggling. Multiple Chinese threat actors have used this malware previously, such as the group that targeted the Vatican in 2020 or the one that targeted the Indonesian Intelligence Service in 2021. The malware was also used to target users in Mongolia, Ghana, Papua New Guinea, Nigeria, and Zimbabwe in a USB drive-based campaign.

CPR researchers agree that SmugX’s primary objective is to obtain sensitive data on the foreign policies of the targeted countries. This analysis is based on the lure samples posted to the malware repository on VirusTotal. The filenames of these samples were self-explanatory.

Researchers wrote that the names strongly suggested that the attackers wanted to target diplomats and government entities, whereas the content contained mainly diplomatic-related content related to China. The attack utilizes several .docx and .pdf files containing diplomatic content.

CPR researchers obtained a letter from the Serbian embassy in Budapest, a document revealing the Swedish Presidency of the Council of the European Union’s priorities, and an invitation from the Hungarian foreign ministry for a diplomatic conference.

The researchers also discovered an article about the two Chinese human rights lawyers who had received a ten-year sentence. Here are the titles of these documents:

*   202305 Indicative Planning RELEX
*   Draft Prague Process Action Plan\_SOM\_EN
*   2262\_3\_PrepCom\_Proposal\_next\_meeting\_26\_April
*   Comments FRANCE – EU-CELAC Summit – 4th May
*   China jails two human rights lawyers for Subversion

One of the phishing documents (left) – Targeted countries (right)

“While none of the techniques observed in this campaign is new or unique, the combination of the different tactics, and the variety of infection chains resulting in low detection rates, enabled the threat actors to stay under the radar for quite a while,” CPR researchers noted.

CPR is still investigating and monitoring SmugX activities and will share new details soon. Please continue to visit this platform for the latest updates on SmugX.

**RELATED ARTICLES**

1.  Killnet Hits European Parliament Website with DDoS Attack
2.  Research sector hit in new phishing attack using Google Drive
3.  Fake WHO Emails on COVID-19 Drop Nerbian RAT Across Europe
4.  European Spyware Vendor Offering Android & iOS Device Exploits
5.  Zimbra email platform flaw exploited to steal European govt emails

SmugX: Chinese Hackers Targeting Embassies in Europe

By Waqas
The arrests took place in Singapore over complaints from unsuspecting victims.
This is a post from HackRead.com Read the original post: Teen among suspects arrested in Android banking malware scheme

Singapore authorities have conducted a successful operation, resulting in the arrest of 13 individuals suspected of involvement in banking-related malware scams. Among those apprehended were a 16-year-old teenager and a group of 10 men and two women aged between 19 and 35.

Preliminary findings suggest that seven men, two women aged 19 to 27, and a 16-year-old facilitated the scam by providing their bank accounts, Internet banking credentials, and Singpass credentials to perpetrators for monetary gain. Three other men aged 20 and 35 are believed to have withdrawn funds from the accounts of some of the “money mules” and handed the money over to unknown individuals.

The number of victims is yet unknown. For your information, Singpass, which stands for Singapore Personal Access, is a digital identity that enables all Singapore citizens and residents to conveniently access businesses and government agencies and businesses.

Suspects and seized sim cards (Screenshot: SPF)

**Modus Operandi and Scam Techniques**

In a press release, the Singapore Police Force (SPF) revealed that since January 2023, they have received a rising number of reports involving malware used to compromise Android mobile devices, leading to unauthorized transactions from victims’ bank accounts. Remarkably, victims did not share their Internet banking credentials, One-Time Passwords (OTPs), or Singpass credentials with anyone.

The scam unfolded when victims responded to various advertisements on social media platforms for services such as cleaning, pet grooming, and the sale of food items like seafood and groceries. Subsequently, scammers instructed victims to download an Android Package Kit (APK) from unofficial app-store platforms to facilitate their purchases. However, these APKs contained malware that infected the victims’ mobile devices.

Once infected, scammers contacted victims via phone calls or text messages and convinced them to enable accessibility services on their Android phones. Enabling these services weakened the phones’ security and granted full control to the scammers. Keystrokes were logged, banking credentials were stolen, and scammers remotely accessed banking apps to add “money mules” as payees, increase payment limits, and transfer funds to them.

The scammers also deleted text messages and email notifications related to the fraudulent transfers to cover their tracks.

The act of benefiting from criminal conduct carries severe penalties under Section 54(5)(a) of the Corruption, Drug Trafficking, and Other Serious Crimes (Confiscation of Benefits) Act 1992. Offenders face imprisonment of up to 10 years, a fine of up to S$500,000, or both.

1.  Teen Charged in DraftKings Data Breach
2.  UK Teen Arrested Amid Uber and GTA 6 Hacking Saga
3.  Dark Web Hitman Paid with BTC to Murder Teen Victim
4.  Teen “Hackers” on Discord Selling Malware for Quick Cash
5.  Teen arrested for 8 DDoS attacks that disrupted school’s classes
6.  Data breach: SingHealth users affected including Singapore’s PM

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#android