An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.

**CVE-2021–43512:**

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.

The issue was discovered by **Janmejaya Swain**(https://www.linkedin.com/in/janmejayaswainofficial) which is me 😅 by the way. Now the issue has been fixed properly by application team.

I don't have permission to disclose that vulnerability. As that issue was very sensitive for that organization. So I’m not disclosing about that vulnerability.

CVE-2021-43512: Advisory of CVE-2021–43512 - Janmejaya Swain - Medium

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

International law enforcement has taken down the infrastructure behind Flubot, a nasty piece of malware which had been spreading with unprecedented speed across Android devices globally since December 2020.

Europol revealed Wednesday that a collaboration between law enforcement in 11 countries led to the disruption of the Flubot network in early May by Dutch Police, or Politie, “rendering this strain of malware inactive,” according to the agency.

Law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, coordinated by Europol’s European Cybercrime Centre (EC3), participated in the effort.

Specifically, EC3 teamed with national investigators in affected countries to establish a joint strategy and provided digital forensic support, as well as facilitated the exchange of operational information across various national entities, the agency said.

The international law-enforcement team will continue to seek the individuals behind the campaign, who are still at large, according to Europol.

****Spreading Like Wildfire****

Flubot spread via text messages that baited Android users into clicking on a link and installing an application to track to a package delivery or listen to a fake voicemail message. These malicious links installed the FluBot trojan, which then asked for permissions on the device that led to a variety of nefarious and fraudulent behavior.

While FluBot acted like a typical trojan—stealing various credentials to banking apps or cryptocurrency accounts and disabling built-in security–its operators used unique methods to ensure the malware spread like wildfire.

Once installed on a device, Flubot would access a user’s contact list and begin sending new messages to everyone on the list, creating a dynamic, viral effect that transcended time zones or regions, researchers from BitDefender observed in January.

“These threats survive because they come in waves with different messages and in different time zones,” they wrote in a report published at the time. “While the malware itself remains pretty static, the message used to carry it, the domains that host the droppers, and everything else is constantly changing.”

This feature is what allowed Flubot’s operators to quickly change targets and other malware features on the fly, which broadened their attack surface from geographical regions as disparate as New Zealand and Finland in a flash, researchers noted.

****Changing Tactics and Sharing Networks****

In addition to using targets’ own contact lists to propagate the malware, Flubot operators employed some unique and creative tactics to try to dupe Android users into downloading the trojan and even teamed up with another mobile threat during its global campaign.

Last October, Flubot used a fake security warning trying to trick users into thinking they’d already been infected with Flubot to get them to click on a fake security update spread via SMS. The unique tactic was used in a campaign against Android users in New Zealand.

Several months later in February of this year, Flubot hitched its infrastructure wagon up to another mobile threat known as Medusa, a mobile banking trojan that can gain near-complete control over a user’s device, researchers from ThreatFabric discovered. The partnership resulted in high-volume, side-by-side global malware campaigns.

Indeed, even with Flubot out of the picture, there are still a number of threats of which Android users need to be wary. An IoT malware that can exploit existing vulnerabilities dubbed “EnemyBot” recently emerged that’s targeting Android devices as well as content management systems and web servers.

Other pervasive threats such as the Joker fleeceware and malware that can conduct fraudulent transactions on an infected device such as Octo and Ermac also continue to pose a significant risk for Android users, according to a recent report on current mobile threats by ThreatFabric.

International Authorities Take Down Flubot Malware Network

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet.
"Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet.

"Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The Hacker News. "The vulnerability is in the modem firmware, not in the Android OS itself."

UNISOC, a semiconductor company based in Shanghai, is the world's fourth-largest mobile processor manufacturer after Mediatek, Qualcomm, and Apple, accounting for 10% of all SoC shipments in Q3 2021, according to Counterpoint Research.

The now-patched issue has been assigned the identifier CVE-2022-20210 and is rated 9.4 out of 10 for severity on the CVSS vulnerability scoring system.

In a nutshell, the vulnerability — discovered following a reverse-engineering of UNISOC's LTE protocol stack implementation — relates to a case of buffer overflow vulnerability in the component that handles Non-Access Stratum (NAS) messages in the modem firmware, resulting in denial-of-service.

To mitigate the risk, it's recommended that users update their Android devices to the latest available software as and when it becomes available as part of Google's Android Security Bulletin for June 2022.

"An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication," Check Point's Slava Makkaveev said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones

The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities.
"Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang," Singapore-headquartered cybersecurity

The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities.

"Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang," Singapore-headquartered cybersecurity company Group-IB said in a Wednesday report.

SideWinder, also tracked under the monikers Hardcore Nationalist, Rattlesnake, Razor Tiger, and T-APT-04, has been active since at least 2012 with a primary focus on Pakistan and other Central Asian countries like Afghanistan, Bangladesh, Nepal, Singapore, and Sri Lanka.

Last month, Kaspersky attributed to this group over 1,000 cyber attacks that took place in the past two years, while calling out its persistence and sophisticated obfuscation techniques.

The threat actor's modus operandi involves the use of spear-phishing emails to distribute malicious ZIP archives containing RTF or LNK files, which download an HTML Application (HTA) payload from a remote server.

This is achieved by embedding fraudulent links that are designed to mimic legitimate notifications and services of government agencies and organizations in Pakistan, with the group also setting up lookalike websites posing as government websites to harvest user credentials.

The custom tool identified by Group-IB, dubbed SideWinder.AntiBot.Script, acts as a traffic direction system diverting Pakistani users clicking on the phishing links to rogue domains.

Should a user whose client's IP address differs from Pakistan's tap on the link, the AntiBot script redirects to an authentic document located on a legitimate server, indicating an attempt to geofence its targets.

"The script checks the client browser environment and, based on several parameters, decides whether to issue a malicious file or redirect to a legitimate resource," the researchers said.

Of special mention is a phishing link that downloads a VPN application called Secure VPN ("com.securedata.vpn") from the official Google Play store in an attempt to impersonate the legitimate Secure VPN app ("com.securevpn.securevpn").

While the exact purpose of the fake VPN app remains unclear, this is not the first time SideWinder has sneaked past Google Play Store protections to publish rogue apps under the pretext of utility software.

In January 2020, Trend Micro detailed three malicious apps that were disguised as photography and file manager tools that leveraged a security flaw in Android (CVE-2019-2215) to gain root privileges as well as abuse accessibility service permissions to harvest sensitive information.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities

By Deeba Ahmed
In this PoC, the ransomware attack dubbed R4IoT uses vulnerable IoT devices (in this case, vulnerable security cameras)…
This is a post from HackRead.com Read the original post: New PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks

In this PoC, the ransomware attack dubbed R4IoT uses vulnerable IoT devices (in this case, vulnerable security cameras) to gain access, IT for traversal, and OT, particularly PLCs for detonation.

Ransomware has become a significant threat in the industrial sector, causing widespread operational disruption. A new proof-of-concept ransomware attack devised by Forescout Technologies has concerned the infosec community even more because of the dire consequences for OT security.

**Proof-of-Concept Research Reveals Next Generation of Ransomware**

Operational Technology (OT) and Industrial Control System (ICS) networks have become the targets of interest among ransomware operators. Vedere Labs of Forescout Technologies claim that their new proof-of-concept attack can have challenging OT and IoT security implications.

In this PoC, the ransomware attack dubbed R4IoT uses vulnerable IoT devices (in this case, vulnerable security cameras) to gain access, IT for traversal, and OT, particularly PLCs for detonation.

The attack involves exploiting a flawed IP camera to compromise the IT infrastructure to gain access and shut down the OT hardware of the organization. It is worth noting that no new exploits were used in the attack, and just pre-existing flaws were enough to compromise such critical systems.

According to Vedere Labs, the only attack scenario that combines the IT, IoT, and OT ransomware in a single PoC. Researchers also released a video demonstration of the attack.

**Attack Details**

In the demonstration video, the researchers can be seen compromising mainstream network-connected security cameras, mainly from Hikvision and Axis, as these vendors provide 77% of the IP cameras currently used in enterprise networks. In fact, Forescout revealed in its report that over half a million devices are under threat because of using the default VLAN1 configuration.

Therefore, any vulnerability can be used against these devices to access an inadequately protected enterprise network. The video shows that threat actors first exploit the camera’s flaws and then execute a command to access a Windows device and later execute more commands to locate other devices/machines attached to the same camera.

**PoC Video**

As it can be seen in the video above, a simulated ransomware attack is used against a fictional hospital, and the Forescout team accessed an IP camera to access the hospital’s network and camera and searched for a programmable logic controller that controlled the facility’s heating, ventilation, and air conditioning (HVAC) system, escalated privileges to install ransomware and shut the system down.

The attacker will look for devices having weak credentials to establish an SSH tunnel by opening remote desktop protocol ports. They can now open a remote desktop session, disable network firewalls/antivirus solutions, and install malware. They can also gain privilege escalation, install ransomware and cryptocurrency miners, or launch malicious executables at OT systems.

Nevertheless, the head of security research at Forescout Vedere Lab Daniel dos Santos stated that the primary objective behind the demonstration of this PoC was to indicate how vulnerable organizational security was regarding OT networks and to highlight the evolving dangers and scope of ransomware attacks.

**More IoT Vulnerability News**

*   DNS rebinding attack puts half a billion IoT devices at risk
*   BotenaGo botnet malware targeting millions of IoT devices
*   New malware found targeting IoT devices, Android TV globally
*   Millions of IoT devices, baby monitors open to audio, video snooping
*   IoT botnet of heaters & ovens can cause massive widespread power outages

New PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks

Security researchers have described the malware as among the fastest-spreading mobile threats in recent years.

An international team of law-enforcement officials has successfully disrupted infrastructure associated with FluBot, an especially pernicious malware tool that threat actors have been using since at least December 2020 to steal passwords, bank account details, and other sensitive data from Android users.

Europol announced the takedown Wednesday, noting that FluBot's infrastructure was now under the control of law enforcement.

"An international law enforcement operation involving 11 countries has resulted in the takedown of one of the fastest-spreading mobile malware to date," Europol noted. "The investigation is ongoing to identify the individuals behind this global malware campaign."

Researchers first spotted FluBot (at that time referred to as Cabassous) targeting Android users in Spain in December 2020. Over the course of the next year, the malware spread like wildfire to what Europol described as a "huge number" of Android devices in multiple countries, including Germany, the UK, France, Finland, Australia, and New Zealand.

**A Fast-Spreading Viral Threat**

FluBot spreads via SMS phishing messages (smishing) that use various pretexts to try and get recipients to click on a link for downloading the malware to their smartphones. In the early days of the malware, the SMS messages purported to be from delivery companies such as FedEx and DHL attempting to drop off a package. Users who were tricked into clicking on the link — ostensibly to reschedule delivery — ended up with the malware, disguised as a mobile app from the delivery company, downloaded to their Android devices.

Once installed, the malware seeks specific access privileges on the device that, if granted, it would use to steal payment-card data, bank account information, and other sensitive data. The malware was also designed to intercept and read text messages, open pages, disable Google Play Protect, and uninstall various apps from an infected device.

In addition, FluBot copies the infected device owner's contact list and sent SMS messages with infected links to all the numbers — a factor that likely contributed to its rapid spread, according to security vendor Bitdefender. The authors of the malware likely sold it as a service to different threat actors, too, contributing to its viral spread.

Over the course of 2021, threat actors used different SMS messages to try and trick users to click on the malicious link, including one that purported to be from a friend wanting to share a photo and another that tried to get users to listen to a fake voicemail message. Researchers from Bitdefender even observed attackers sending SMS phishing messages that ironically enough warned recipients about their devices being infected with FluBot and to take remedial action by clicking on the message link. In a report this January, Bitdefender identified Australia as the country most hit by FluBot, followed by Germany, Poland, Spain, and Austria.

Researchers from Proofpoint who tracked FluBot last year reported observing FluBot SMS messages in both English and German. The vendor said it had identified more than 700 unique domains that FluBot actors used for the English-language campaign alone.

**Android Threats Continue to Surge**

The FluBot takedown eliminates — temporarily — one of the biggest threats to Android device users in recent years. However, numerous other similar malware tools in the wild continue to present a serious threat. A recent report from ThreatFabric identified a continued increase in Android malware families such as Joker that enable fraudulent transactions being initiated from an infected device. Other examples include Alien, Cerberus, Hydra, and Octo.

The increase in Android malware families has also been accompanied by an increase in the number of malware droppers disguised as legitimate apps on Google's official Play mobile app store, ThreatFabric said. Among them is an app called NanoCleaner, which has been downloaded more than 10,000 times. In actuality, NanoCleaner is a dropper for Hydra.

Similarly, another app called Pocket Screencaster, with more than 10,000 installs, is a dropper for Octo, and another called Fast Cleaner, with more than 50,000 installs, is really a dropper for Alien and Octo.

"Threat actors continue to consider droppers on Google Play as one of the most effective ways to deliver malware to victims," ThreatFabric said.

FluBot Android Malware Operation Disrupted, Infrastructure Seized

EnemyBot DDoS botnet is rapidly weaponizing security bugs disclosed in CMS systems like WordPress plug-ins, Android devices, commercial Web servers, and other enterprise applications.

An Internet of Things (IoT) botnet dubbed “EnemyBot" is expanding its front lines to target security vulnerabilities in enterprise services — potentially leading to it being a much more virulent threat than it has been, researchers say.

EnemyBot, which is controlled by a threat actor known as Keksec, is a Linux botnet that emerged on the malware scene in late March. It shares source code with two other well-known botnets, Gafgyt (aka Bashlite) and the mighty Mirai, according to a prior analysis from Fortinet. Like those threats, EnemyBot is used to carry out distributed denial-of-service (DDoS) attacks. Other aspects of the code include smaller elements from Qbot and other malware, and some custom development.

While it began life focusing on adding IoT devices and routers to its botnet footprint, EnemyBot has now evolved to add remote code execution (RCE) exploits for a host of popular business applications, including VMware Workspace ONE, Adobe ColdFusion, WordPress sites (via vulnerable plug-ins like Video Synchro PDF), PHP Scriptcase, and others, according to researchers at AT&T Labs. 

Researchers discovered that the group is using a mix of recent, so-called "one-day" bugs, as well as older known issues, looking to take advantage in lags in patching.

Keksec is "now targeting IoT devices, web servers, Android devices and content management system (CMS) servers," according to the firm's recent report, which notes that the latest version of EnemyBot adds a webscan function containing a total of 24 exploits to attack vulnerabilities of different devices and Web servers and self-propagate. 

The enterprise-focused exploits that were recently added include:

*   Log4Shell vulns: CVE-2021-44228, CVE-2021-45046
*   F5 BIG IP devices: CVE-2022-1388
*   Spring Cloud Gateway: CVE-2022-22947
*   TOTOLink A3000RU wireless router: CVE-2022-25075
*   Kramer VIAWare: CVE-2021-35064
*   PHP Scriptcase: No CVE yet assigned
*   Adobe ColdFusion 11: No CVE yet assigned

"The nature of devices and systems targeted through EnemyBot is different than vulnerabilities aimed at corporate datacenters," Bud Broomhead, CEO at Viakoo, tells Dark Reading. "WordPress installations, Android devices, IoT devices and other targets for EnemyBot are all widely deployed (therefore might be hard to find), are operated by organizations of all sizes, and are often managed by lines of business that lack cybersecurity skills."

**EnemyBot: A Super Soldier?**

In addition to the DDoS capabilities, EnemyBot can also receive commands to download and execute new code that could add to its functions or update its vulnerability list, according to the analysis. This means that, worryingly, the malware can adopt new vulnerabilities within days of those issues being discovered, researchers warned, as seen when it added a bug tracked as CVE-2022-22954 affecting VMware Workspace ONE, almost immediately after disclosure.

Sean Malone, CISO at Demandbase, says that given its rapid development, EnemyBot and others like it present a new urgency for enterprise defenders.

"The rapid weaponization of newly released vulnerabilities highlights the need to be able to patch almost instantaneously when new vulnerabilities are identified," he tells Dark Reading. "We should assume that every piece of software, every application development framework, and every IoT device will have a critical vulnerability identified at some point. Our architectures should be designed to limit the available attack surface, and mitigate the blast radius of a compromised system through defense-in-depth measures."

That should include adding the ability to profile systems and network traffic to know what normal looks like, and alert when the system activity and network traffic deviates from that baseline, he adds.

"This botnet emphasizes the need for rapid patching of internet facing devices and the risks of running apps in the cloud," says John Bambenek, principal threat hunter at Netenrich. "This traffic is easily spotted on the wire, but in typical cloud deployments, organizations aren’t able to run network intrusion detection. If organizations aren’t running NIDS or rapidly patching, they are both blind and vulnerable."

**Keksec & EnemyBot's Future**

For its part, Keksec is a well-resourced group that has been around since 2016, making a name for itself by creating various botnets-for-hire. It's known for exploiting vulnerabilities to invade multiple architectures with polymorphic tools (these can include Linux and Windows payloads, as well as custom Python malware), in order to accomplish everything from DDoS to cryptomining to espionage.

For instance, last year the operators made headlines with the "Simps" botnet, which was built for DDoS attacks on gaming targets. Another of its creations is the HybridMQ-keksec botnet, a Frankenstein-like effort created by combining and modifying the source code of Mirai and Gafgyt, just like EnemyBot.

Keksec is constantly adding to its arsenal, and "has the ability to update and add new capabilities to its arsenal of malware on a daily basis," the AT&T Labs researchers note. And indeed, with the new ability to compromise enterprise services and devices, EnemyBot could be poised to ramp up the volume of its attacks.

"In addition, the malware base source code can now be found online on GitHub, making it widely accessible," according to AT&T Labs, whose researchers also note that this won't be the only new EnemyBot variant to bubble up from Keksec's laboratory. "The developer of the GitHub page on EnemyBot self-describes as a 'full time malware dev,' that is also available for contract work."

That spells swelling attack volumes, researchers warn.

"Being available through GitHub means that many types of threat actors, from professional cybercriminals to amateurs, will be able to adapt EnemyBot into new and multiple variants," says Broomhead. "Without question, this is a red-lights-flashing warning sign for organizations to improve their discovery, threat assessment, and remediation capabilities."

EnemyBot Puts Enterprises in the Crosshairs With Raft of '1-Day' Bugs

An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot.
"This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement.

The "complex

An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot.

"This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement.

The "complex investigation" included authorities from Australia, Belgium, Finland, Hungary, Ireland, Romania, Spain, Sweden, Switzerland, the Netherlands, and the U.S.

FluBot, also called Cabassous, emerged in the wild in December 2020, masking its insidious intent behind the veneer of seemingly innocuous package tracking applications such as FedEx, DHL, and Correos.

It primarily spreads via smishing (aka SMS-based phishing) messages that trick unsuspecting recipients into clicking on a link to download the malware-laced apps.

Once launched, the app would proceed to request access to Android's Accessibility Service to stealthily siphon bank account credentials and other sensitive information stored in cryptocurrency apps.

To make matters worse, the malware leveraged its access to contacts stored in the infected device to propagate the infection further by sending messages containing links to the FluBot malware.

"This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral," the agency noted, adding that the Dutch Police orchestrated the seizure last month.

According to ThreatFabric's mobile threat landscape report for H1 2022, FluBot was the second most active banking trojan behind Hydra, accounting for 20.9% of the samples observed between January and May.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

FluBot Android Spyware Taken Down by Global Law Enforcement Operation

SAN DIEGO, May 31, 2022 /PRNewswire/ -- ESET, a global leader in cybersecurity, has announced a new suite of products for the Telecommunications and Internet Service Provider (Telco and ISP) industry, with the aim of offering extensive protection to consumers. Cybercrime is a borderless problem and ESET telemetry shows that the volume of cyberattacks is increasing, with a trend toward attacks against smartphones. ESET's newly launched NetProtect suite ensures that service providers and their end users have the tools they need to combat these advanced and evolving mobile threats.

**About the new ESET NetProtect products  
**The new offering includes ESET NetProtect for Mobile and ESET NetProtect for Mobile Advanced, which offer security via mobile networks, and ESET NetProtect for Home Advanced, which helps secure fixed network connections. These solutions protect customer devices connected to Telco and ISP networks (fixed or mobile) against malicious web domains or domain categories such as malware, phishing and potentially unwanted content. With ESET NetProtect Advanced (fixed or mobile), parents also have full control of their children's filters through Web Content Filter. The management portal for end users allows them to manage the ESET NetProtect settings of their connected devices, manage their domain whitelists and blacklists, and generate security reports, giving users an insight into how ESET protects their devices as well as summary information about detected threats, blocked webpages and more.

Thanks to easy integration into Telco and ISP network services and existing activation processes, network-level solutions do not require any software installation on end user devices, and are compatible with both Android and iOS. The solutions are provided as a one-click service activation from the users' trusted internet provider and automatically provide protection to any connected device. Security tailored to customers' needs is ensured by offering robust local customer and partner support coverage along with comprehensive protection that is a step ahead of online threats via ESET's first access to a unique set of malware detected and pooled at a worldwide network of research and development centers.

"We are thrilled to launch this new suite of advanced cybersecurity products designed for service providers and their customers, which represents a critical threat vector for bad actors," said Brent McCarty, President of ESET North America. "At ESET, we always develop products with our customers in mind, and with our ESET NetProtect offering we have created an easy-to-use and elegant solution not only for the industry leaders in the Telco and ISP sector, but for the consumers who are the actual end users of our products."

For more than 30 years, ESET has invested heavily in multiple layers of proprietary technology that prevent breaches of its customers' endpoints and systems, by both known and never-before-seen threats. These products are informed by world-class threat analysis and expertise from the company's global research team. With a presence in over 200 countries worldwide and 13 research and development centers around the world, ESET offers its over 400,000 business customers peace of mind that their interests are protected at all times. ESET also helps protect the Google Play store and is trusted by millions of consumers around the world. To read more about the new offering for Telcos and ISPs or to contact the ESET team for more information, please click here.

**About ESET  
**For more than 30 years, ESET® has been providing enterprises across the globe with industry-leading IT security software and services, including endpoint detection and response, encryption and authentication, and comprehensive security services packages. With high-performing, easy-to-use solutions that cater to businesses of all sizes, ESET protects customers from increasingly sophisticated digital threats in an ever-evolving landscape. ESET delivers to the enterprise market the people, expertise, and cutting-edge technology required to keep businesses safe and running without interruption. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.

SOURCE ESET

ESET Launches NetProtect Suite of Advanced Cybersecurity Offerings for Telcos and ISPs

New web targets for the discerning hacker

New web targets for the discerning hacker

The US Department of Justice (DoJ) has said it won’t prosecute security researchers acting “in good faith”, as part of changes to the Computer Fraud and Abuse Act (CFAA). While the DoJ says this was always the case in practice, the changes provide more certainty for researchers, pen testers, and bug bounty hunters.

Meanwhile, the UK government remains half-hearted about bug bounty programs, with Dr Ian Levy, technical director of the UK’s National Cyber Security Centre (NCSC), saying there are no plans for a broad rollout any time soon. Speaking at the CyberUK conference, he commented: “The reason for that is that we just don’t seem to need to – people are more than happy to come and tell government we’ve screwed up.”

LinkedIn, meanwhile, has launched a public bug bounty program with rewards of up to $18,000 that replaces its invite-only program. Hosted by HackerOne, LinkedIn invites hackers to probe its main web domain, LinkedIn.com, for security flaws, as well as the LinkedIn API and Android and iOS mobile apps.

Blockchain bridge Wormhole has handed over a record $10 million reward to a bug hunter with the online pseudonym ‘satya0x’. Had it been exploited successfully, the critical vulnerability that attracted the reward could have seen all the funds residing in in the Wormhole core bridge contract on Ethereum lost forever.

In other payout news, Youssef Sammouda netted $44,625 for discovering a series of bugs that could have allowed a malicious actor to take over Facebook accounts. They included a cross-site request forgery (CSRF) bug allowing an attacker to force a victim to log out from their Facebook account in their browser, and a flaw forcing a login to the attacker’s Facebook account inside the victim’s browser.

Pwn2Own Vancouver, the flagship hacking contest, took place last month, handing out more than $1 million for bugs in products from Microsoft, Mozilla, Apple, and others. Participants unearthed 27 qualifying vulnerabilities in total, with a team from Star Labs in Singapore being crowned this year’s Masters of Pwn.

And finally, Vidoc Security Lab has published a security advisory warning of more than 60 instances of a web security flaw in the Swagger-UI library, potentially leading to account takeover. Bug bounty programs operated by PayPal, Shopify, Atlassian, Microsoft, GitLab, and Yahoo were alerted, among others.

**The latest bug bounty programs for June 2022**

The past month saw the arrival of several new bug bounty programs. Here’s a list of the latest entries:

**Aztec Network**

Program provider:  
Immunefi

Program type:  
Public

Max reward:  
$1 million

Outline:  
A privacy-first recursive, zero-knowledge rollup built on Ethereum that purports to being the “only zkRollup built from the ground up to be privacy-preserving”.

Notes:  
Bounties on offer potentially range up to $1 million, with $25,000 for high severity issues, and $5,000 for medium severity bugs.

Check out the Aztec Network bug bounty page at Immunefi for more details

**Balancer**

Program provider:  
Immunefi

Program type:  
Public

Max reward:  
$2.4 million

Outline:  
“Community-driven protocol, liquidity provider, and price sensor that empowers decentralized exchange and the automated portfolio management of tokens on the Ethereum blockchain and other EVM compatible systems.”

Notes:  
Payouts in Ethereum could reach $2.4 million, while high severity vulnerabilities can command rewards of up to $600,000.

Check out the Balancer bug bounty page at Immunefi for more details

**Chain**

Program provider:  
Immunefi

Program type:  
Public

Max reward:  
$5 million

Outline:  
Eye-watering payouts in the millions on offer by Chain, which builds “cryptographic ledgers that underpin breakthrough financial products and services”.

Notes:  
Payouts are issued in USDC, XCN, USDT and ETH, with the ratio at Chain’s discretion.

Check out the Chain bug bounty page at Immunefi for more details

**Cudos Network**

Program provider:  
Bugcrowd

Program type:  
Public

Max reward:  
$4,500

Outline:  
A decentralised platform that runs over multiple p2p nodes and enables developers to build complex smart contract functionality.

Notes:  
Top-tier rewards given for cryptographic exploits allowing for the manipulation of BFT consensus, while certain DDoS exploits qualify as tier two.

Check out the Cudos Network bug bounty page at Bugcrowd for more details

**Doctolib**

Program provider:  
YesWeHack

Program type:  
Public

Max reward:  
€20,000

Outline:  
Doctolib develops appointment booking software used by more than 300,000 healthcare personnel and 60 million patients across Europe.

Notes:  
High severity issues command rewards of up to €4,000 and critical bugs will net hackers up to €20,000, with two web domains and iOS and Android apps in play.

Check out the Doctolib bug bounty page at YesWeHack for more details

**Gojek**

Program provider:  
HackerOne

Program type:  
Public

Max reward:  
$5,000

Outline:  
Gojek is an Indonesian, on-demand, multi-service platform and digital payment technology group.

Notes:  
Maximum bounty of $5,000 on offer for tier-one assets, and $2,000 for tier-two assets.

Check out the Gojek bug bounty page at HackerOne for more details

**LinkedIn**

Program provider:  
HackerOne

Program type:  
Public

Max reward:  
$15,000

Outline:  
LinkedIn has launched a public bug bounty program to replace the invite-only program running since 2014, as previously reported by The Daily Swig.

Notes:  
Critical security vulnerabilities discovered on the business-oriented social media platform will net researchers bounties ranging from $5,000 up to $15,000.

Read our previous coverage to find out more

**Razorpay**

Program provider:  
HackerOne

Program type:  
Public

Max reward:  
$3,000

Outline:  
Razorpay claims to be the only payments solution in India that allows businesses to accept, process, and disburse payments.

Notes:  
Critical flaws will command bounties of between $1,000 and $3,000, with four in-scope targets comprising the dashboard, API, checkout, and invoice domains.

Check out the Razorpay bug bounty page at HackerOne for more details

**Quebec Ministry of Cybersecurity and Digital**

Program provider:  
YesWeHack

Program type:  
Public

Max reward:  
C$1,500

Outline:  
Le ministère de la Cybersécurité et du Numérique has launched its program, with details written in French, on Paris-base bug bounty platform YesWeHack.

Notes:  
The ministry has 12 web assets in scope and is offering a maximum payout of C$1,500.

Check out Le ministère de la Cybersécurité et du Numérique bug bounty page at YesWeHack for more details

**Wealthsimple**

Program provider:  
HackerOne

Program type:  
Public

Max reward:  
$20,000

Outline:  
The Canadian investment management service has financial tools for stock trading, ETFs, managed investing, and crypto.

Notes:  
Critical bugs can attract $20,000 rewards, while high and medium severity vulnerabilities could net bug hunters $5,000 or $1,000 respectively.

Check out the Wealthsimple bug bounty page at HackerOne for more details

**Other bug bounty and VDP news this month**

*   Another nine new programs in a bumper May for Immunefi included programs from the Bancor Protocol (max reward $900,000) plus Orca and Wombat Exchange (both with a maximum payout of $500,000)
*   Cloudflare and security researchers from Assetnote have documented the discovery and remediation of vulnerabilities in Cloudflare Pages
*   YesWeHack is launching an ethical hacking virtual reality game and holding a live bug bounty challenge at the upcoming International Cybersecurity Forum in June
*   The US Cyber Games, a NICE-NIST collaboration, enters its second season in July, starting with Capture the Flag (CTF) competitions and culminating in the top cybersecurity athletes representing the US internationally
*   Some 401 security flaws were remediated during the 12-month pilot of the US Defense Industrial Base\-Vulnerability Disclosure Program (DIB-VDP), which concluded in April

Additional reporting by Emma Woollacott.

PREVIOUS EDITION Bug Bounty Radar // The latest bug bounty programs for May 2022

Tag

#android