By Deeba Ahmed
The victim company, Gellyberry Studios, an independent game studio, developed Ethyrial: Echoes of Yore.
This is a post from HackRead.com Read the original post: Ethyrial: Echoes of Yore Hit by Ransomware, Player Accounts Deleted

As of now, no known ransomware gang has claimed responsibility for the cyberattack on Ethyrial: Echoes of Yore developers.

A devastating ransomware attack has wiped out a whopping 17,000 player accounts in the famous indie online MMORPG game Ethyrial: Echoes of Yore. The attack occurred on Friday in which all in-game items and progress got erased. 

Ethyrial: Echoes of Yore is developed by Gellyberry Studios, an independent game studio. It is a free-to-play old-school MMORPG in its early access phase on Steam. The game currently relies on monthly subscriptions and community support.

As per the official announcement from Gellyberry Studios, the attackers targeted the game’s Discord server and encrypted all data stored in the system and the local backup drive. 

“Last Friday morning, our server succumbed to a cryptographic ransomware attack. The attack systematically encrypted all data on the system/local backup drive and demanded a bitcoin ransom in exchange for decryption,” the statement read.

Attackers left a ransom demand, asking for payment in Bitcoin in exchange for data decryption. The developers have refused to pay the ransom, claiming that hackers usually deceive victims after receiving the payment.

Since the attackers compromised the backups as well, the developers had to rebuild the server and create new account and character databases. This will be a painstaking process as they had to reconstruct all the 17,000 impacted accounts manually.

The company stated they are “committed to restoring every item, level, pet, and other lost progress” as soon as the servers are restored. Furthermore, they want to compensate affected players for the issue by gifting them a complimentary premium pet.

The developers have also outlined a thorough security plan to prevent similar attacks in the future. This includes implementing decentralized backups, establishing VPN connections to their server, and introducing a whitelist for authorized IP addresses to access their server.

It is unclear who is responsible for the attack, as no specific group has come forward to claim responsibility. However, given the kind of items stolen, including character progression and virtual items, it seems unlikely that the attacker would sell the data on the Dark Web.

This isn’t the first time a game developer has suffered a ransomware attack. For example, in February 2021, game developer CD PROJEKT RED, the creator of Witcher 3, became a target of HelloKitty ransomware.

Then, in January 2023, League of Legends and Valorant creator Riot Games was threatened to pay a ransom of $10,000,000 to prevent hackers from leaking stolen source code. But unlike other instances, this time it’s the players who have been impacted instead of the company.

****_RELATED ARTICLES_****

1.  **Fake Cyberpunk 2077 Android App Delivering Ransomware**
2.  **How gamers should secure their accounts from cyber attacks**
3.  **Game giant Electronic Arts is the latest victim of massive data breach**
4.  **Android game developer EskyFun exposed 1 million gamers to hackers**
5.  **New BloodyStealer malware steals data from gamers on EA, Epic, Steam**

Ethyrial: Echoes of Yore Hit by Ransomware, Player Accounts Deleted

A WIRED analysis of more than 100 restricted channels shows these communities remain active, and content shared within them often spreads to channels accessible to the public.

In the wake of the October 7 Hamas attacks on Israel, people concerned about online extremism turned their attention to the encrypted messaging app Telegram, where a Hamas-aligned group posted graphic images of the group’s attacks to a channel that now has 1.9 million followers. That content was then shared widely across social media. Following public pressure on Apple and Google several weeks into the Israel-Hamas war, Telegram “restricted” two of the major channels used by Hamas. But it did not, as it may appear to some users, ban them.

A WIRED investigation reveals that rather than ban or delete Hamas channels or those run by right-wing extremist groups, Telegram is hiding them from the users of the two major app stores, but they are still there. Some of the content from restricted channels is being shared broadly in unrestricted ones—despite Telegram’s mechanisms for stopping the sharing of such content. The findings show that while Telegram makes some of its most violative communities difficult to find, the people in restricted channels are still able to spread their messages, experts say, and the channels continue to function as spaces of radicalization.

WIRED and Jeff Allen, cofounder of the tech policy think tank the Integrity Institute, analyzed over 100 restricted channels and thousands of posts over more than two months. Most of these channels include content related to right-wing extremism and other forms of radicalized hate. WIRED’s analysis found that most of these channels remained active even when restricted.

“What they’re doing is making \[channels\] not show up in your search and discoverability, but they’re keeping them on the back end,” says Nicole Stewart, assistant professor of digital media at Texas State University.

Founded by Pavel Durov in 2013, Telegram has long been a favorite platform for extremists. Its channels have no limit on the number of subscribers who can join (groups have a 200,000-person limit), and its approach to content moderation has meant that groups and content that might violate the terms of service on platforms like Facebook, Instagram, and X (formerly Twitter) remain accessible.

WIRED examined 108 restricted channels, including the Hamas-aligned channels Telegram restricted in late October, and 365 unrestricted channels over more than two months. Fifty-four of the public, unrestricted channels included content forwarded from the restricted channels, suggesting that they share overlapping membership. While some restricted channels have only a handful of messages per week, others, like the right-wing channel rlwolf\_9999, have upwards of 1,000.

Most of the channels were restricted during the months WIRED monitored them. However, in examining the Hamas channels that were restricted after the October 7 attacks, WIRED found that while content views dropped significantly—by about 70 percent—they still remained active, with the Hamas military-affiliated channel @qassambrigades continuing to share more than 20 pieces of content per day. Although views on the restricted channel often dipped, WIRED found that content from @qassambrigades was copied and pasted into the unrestricted channel @hpress, a popular news-focused channel that has over half a million subscribers.

“It’s not surprising that in a restricted environment that you’ll start to see that same network-sharing pattern,” says Stewart. “It’s what they do to share their own ideological beliefs and spread the message.”

Experts who study extremist groups on Telegram tell WIRED that the platform typically moderates these groups’ content in response to pressure from governments, law enforcement, or entities like Google and Apple that have the ability to restrict the app’s availability.

“What we seem to know from experience is that when Google and Apple say, ‘Hey, remove this,’ that’s when Telegram comes in and starts removing things,” claims Aleksandra Urman, a researcher at the University of Zurich who has studied Telegram and the far right in Europe. That also speaks about the “power of Google and Apple,” Urman says, because both companies are able to exert influence over Telegram’s moderation decisions.

While Telegram is available for download on Google Play and the Apple App Store, both Google and Apple disallow apps that promote hate speech, terrorism, and violent content. For example, Google’s terms of service say it doesn’t “allow apps with content related to planning, preparing, or glorifying violence against civilians” or “apps that promote violence, or incite hatred against individuals.” Apps that violate these standards can be removed from Google Play or the App Store, significantly limiting their availability. That both app stores offer Telegram for download suggests the app is complying with the companies’ terms of service.

Apple did not respond to a request for comment. Google spokesperson Danielle Cohen tells WIRED, “Play apps that contain or feature UGC \[user-generated content\], including apps which are specialized browsers or clients to direct users to a UGC platform, must implement robust, effective, and ongoing UGC moderation. This includes providing an in-app system for reporting objectionable UGC and users and taking action against that UGC and/or user where appropriate.”

Telegram did not respond to WIRED’s request for comment.

In 2021, Telegram released a version of the app that could be downloaded directly onto Android, which the company billed as having “fewer restrictions.” Downloading the app directly puts it outside the scope of Google Play’s terms of service. Users who have this “sideloaded” version of Telegram can continue to see and post in restricted channels that regular users can’t access.

Cohen, the Google spokesperson, tells WIRED that “Google does not control app distribution on Android,” noting that Android’s open operating system means apps can be downloaded from other Android app stores or directly to users via an app’s website.

Telegram’s terms of service state that users may not “promote violence on publicly viewable Telegram channels, bots, etc.,” but it says nothing about how the platform responds to users who violate these rules. Telegram did not respond to questions about how it assesses whether a channel should be restricted or banned entirely, as it has done to Islamic State-affiliated channels in the past.

In a post on his public Telegram channel on October 13, Durov addressed the pressure to remove Hamas channels and content, saying, “Every day, Telegram’s moderators and AI tools remove millions of obviously harmful content from our public platform.” He also asserted that because Telegram doesn’t algorithmically amplify content, “it’s unlikely that Telegram channels can be used to significantly amplify propaganda.”

While Telegram may not be algorithmically promoting content, it is used to spread hateful ideologies, experts say. “Hate groups and designated terrorist groups who are using the platform as a way to mobilize the troops, basically, they’re functioning as influencers,” says Stewart of Texas State University. Part of that work is sharing and promoting the posts and ideas of other aligned groups and influencers, pushing users deeper into the extremist ecosystem.

When a Telegram user from a restricted channel forwards content to a nonrestricted channel, that content won’t be visible to anyone in the channel who has downloaded the app from Apple’s App Store or Google Play. But a simple copy and paste easily circumvents this feature for text-based messages. WIRED and Allen found over 400 instances where text-based content was copied word for word into both restricted and nonrestricted channels, with users often tagging the restricted channels in the unrestricted ones. The analysis did not include images and videos, which also comprise a considerable amount of the content.

For instance, messages sent to an unrestricted channel called OfficialTheCollective, with more than 4,000 members, included tags to restricted channels like SpecialQForces, a QAnon conspiracy channel, and often encouraged users to join.

One message posted to OfficialTheCollective even instructs users how to get around Google and Apple’s restrictions, saying, “Google and Apple \[are\] censoring the Telegram app downloaded via Google Play and Apple App Store. Use the web browser.” The message includes instructions about how to sideload Telegram, including a link to an instructional video on the video platform Rumble, which is popular with right-wing influencers.

In the unrestricted ExpatsPortugalEngChannel, WIRED found a message referencing a riot by Eritrean migrants in Germany. “Where are all the liberals who wanted these invaders in their country with open arms?” the post reads. “WE need you to go talk to them nicely, go first before the NAZIS take charge since YOU going to need them now.” The text is identical to a post shared in the restricted channel @InTheEndGodAlwaysWins.

In some cases, Telegram will restrict channels based on local laws. This includes Germany, which has strict rules against hate speech and neo-Nazism. Heidi Schulze, a researcher at Ludwig-Maximilians-Universität München, says that she was able to access channels restricted in Germany by using VPNs and Dutch SIM cards, which tricked Telegram into treating her as though she weren’t in Germany at all. Channel restrictions “from Telegram’s perspective might be a smart thing because they’re adhering to the local laws, but they’re not deleting channels,” she claims, as it would allow the platform to retain its claim of protecting freedom of speech.

But Urman, of the University of Zurich, says that restricting the channels can also create a space for more radicalization. “People who are likely to follow these groups even after they are restricted, who really want to see that content and are going to seek out the technical possibilities to do that, are more likely to be more radical,” she says.

Having already been “deplatformed” in some capacity can also mean that content is likely to be more extreme because channel operators are no longer factoring in a fear of content moderation, according to Urman. “These groups, even when they are restricted, are probably conducive to radicalization,” she says. “You’re not going to plan, in most cases, a certain attack out in the open. But now you’re not in the open. You are among your club.”

Rita Katz, executive director and founder of SITE Intelligence Group, a consultancy that monitors terrorist groups online, believes the company’s decision whether to ban a channel likely hinges on laws and enforcement. “The European Union has strong-armed Telegram to take action against ISIS and al Qaeda since 2015, and the company acted even more surgically against the groups’ networks in 2019,” claims Katz. “Telegram began deleting whole channels and accounts, not only of administrators or ISIS- and al Qaeda-connected accounts but also of everyone in those chat groups and channels.”

When a user forwards a message from a restricted channel to a nonrestricted one, a notice will appear to anyone who doesn’t have the “sideloaded” version of the app saying that the message can’t be displayed on that user’s device. WIRED’s analysis of thousands of restricted pieces of content found that only 36 of them appeared with the notice that they were restricted for violating Telegram’s terms of service. This means that a majority of restricted channels and content appear to be an effort to comply with the policies of Google and Apple, which can drop the app from their stores.

“Unless Telegram’s operations are going to be threatened somehow,” claims Stewart, “it’s probably not a priority for them.”

Telegram’s Bans on Extremist Channels Aren't Really Bans

By Deeba Ahmed
Amazon and eBay have been declared the highest data-collecting platforms among all the Android shopping apps researchers examined.
This is a post from HackRead.com Read the original post: Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

As per Atlas VPN’s research, besides Amazon, eBay, and Afterpay, other popular apps were also found to be sharing personal details and financial data with third parties.

To shop for Black Friday and Cyber Monday, most users turn to smartphones and tablets to secure the best deals. However, it is essential to be aware of potential risks, such as how various vendors collect your data, to navigate the shopping season safely.

According to the latest research conducted by the Atlas VPN team, numerous leading online shopping platforms collect sensitive user data, with some going as far as sharing this **information with third parties** without the users’ knowledge.

The platforms underwent assessment across various data collection categories, encompassing personal details, financial information, and user geolocation. The evaluated data points included the user’s name, phone number, payment method, and precise location, which were further categorized into extended data types for more in-depth analysis.

In addition, Atlas VPN researchers assessed the Google Play app profiles of the 60 most popular Android apps within the shopping category. The apps were ranked according to the number of user information data points collected.

The researchers chose apps from App Figures’ top Android shopping app charts for 2023 for their analysis. The charts comprised various apps, including shopping, buy now and pay later, and discount offer apps. Researchers have shared their list of the year’s top 15 highest-user data-collecting apps.

According to their **report**, Amazon and eBay have been declared the highest data-collecting platforms among all the Android shopping apps researchers examined. Reportedly, eBay collects 28 user data points, and Amazon collects 25.

The popular buy-now app Afterpay was the third-highest data collecting platform with 22 data points against 7 data types. It was the only identified app that didn’t just collect data but also shared sensitive data such as in-app messages, emails, SMS messages, and credit scores with third parties.

Next were Home Improvement retailer Lowe’s health retail platform iHerb and Vinted, a secondhand products marketplace. Each collected 21 data points. Chinese e-comm website Alibaba and home goods giant Home Depot collected 20 data points across 9 data types. Poshmark, another secondhand goods retailer, collected significant user data with 19 data points in 7 categories.

The rest of the apps included Nike, Wayfair, OfferUp, Craigslist, ASOS, and H&M apps, each collecting 18 data points. Among the 60 apps examined by Atlas VPN, Kohl’s app didn’t collect any data. A staggering 75% of the apps share user data with third parties. For instance, 52% and 38% of apps shared app activity, app info, and performance data, typically used to enhance user experience. 

Moreover, 58% of the apps shared personal data like names, home addresses, email IDs, and phone numbers with third parties. A whopping 25% of these apps shared device IDs or other unique identifiers for smartphones and tablets.

Around one-third, or 37%, of the apps disclosed financial data, including purchase history and payment details, whereas 28% shared location data with external sources. The extent of data sharing among Android shopping apps is alarming and a threat to user privacy.

Cybersecurity writer at Atlas VPN, Vilius Kardelis, shared his thoughts on shopping app data collection with Hackread.com, stating that:

“In today’s digital age, your personal information is being extensively collected by apps and shared with countless firms. This holiday season, approach all apps aware your data is being collected. Take the time to carefully read privacy policies, be mindful of the permissions you grant, and prioritize safe shopping practices to safeguard your personal information.”

****Surprised? Don’t be!****

Smartphone apps are designed to collect user data, and the extent and duration of this collection are subjects of debate. Contrarily, data collection and sharing constitute a lucrative business for technology giants.

**In 2021,** researchers claimed that Android sends more data to Google than iOS does to Apple. The research suggested that Android devices collect and transmit twice as much data to Google compared to iOS to Apple. However, Google refuted these findings.

In August of last year, researchers compiled a list of the 10 Android Educational Apps that collect the most user data. The list, **available here**, includes some of the most prominent and widely used Android apps globally.

****Conclusion:****

There isn’t much one can do to prevent apps from collecting data. However, if you are an Android user, consider downloading apps only after reviewing the section on the Play Store that details the data the app collects.

1.  **Fake GitHub Repos Delivering Malware as PoCs**
2.  **Google kicks out 600 malicious apps from Play Store**
3.  **Apple removed all major VPN apps from Chinese App Store**
4.  **Google removes ClearURLs Chrome extension from its store**
5.  **Google Fails To Remove “App Developer” Behind Malware Scam**

Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.

**CVE-2023-25632**

The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.

We would like to thank Mohit Raj (shadow2639).

CVE-2023-25632: NAVER Security Advisory

What you look for online is up to you—just make sure no one else is taking a peek.

When it comes to looking something up on the web, most of us default to “googling” it—Google's search engine has become so dominant that it's now a verb, in the same way that Photoshop is. But using Google for your searches comes with a privacy trade-off.

Google's business is, of course, based on advertising, and every search you make feeds into the profile of you that it uses to target the ads you see around the web. While Google isn't telling marketing firms what searches you're running, it is using those queries to build up a picture of you that ads can be sold against. As such, Google can be a real snoop about collecting all your data and using it to personalize your ads and the search results you get.

There are ways to increase your privacy on Google’s platforms, like using privacy-focused browsers, using privacy-focused alternatives to Google Maps, auto-deleting your web history after a certain time period, or simply limiting the amount of data the company collects in the first place, by opting out of features like web-based email and location awareness. (And you should know that using your browser's incognito mode isn’t as sneaky as you think it is.) If you're serious about getting off the data collection grid, there’s a bevy of other privacy-focused search options at your disposal. So if you want to use a search engine that doesn't keep track of your queries, serve your data to advertisers, or change your search results based on what it thinks you’ll like, you’ve got some options.

DuckDuckGo

DuckDuckGo is simple, secure, and private.

DuckDuckGo via David Nield

The granddaddy of Google alternatives, DuckDuckGo has made private search its raison d'être for more than 15 years. The service is a little harder to recommend these days, after a kerfuffle in 2022 where the company was caught in an apparent partnership with Microsoft that allowed the tech behemoth’s tracking scripts to run unimpeded on the DuckDuckGo browser. After outcry from privacy advocates, DuckDuckGo walked back that stance a few months later, and it now says it does indeed block Microsoft’s trackers.

If you can move past that particular ugly duckling, the service is still far more private than Google. DuckDuckGo says it collates information in search results from over 400 sources. It doesn’t draw from Google, but it does pull from places like Bing and Wikipedia. What it doesn’t do is personalize search results based on data it collects from users. Like Google, DuckDuckGo displays ads, but they’re not tailored to what it thinks you’ll like based on your search history.

DuckDuckGo can be installed into just about any browser via a browser extension. It also has a full browser available on desktop for Mac and Windows. There are also mobile apps on both iOS and Android that work as browsers while incorporating DuckDuckGo’s search engine.

On the browser and app alike, the service automatically tracks and blocks all the data-scraping efforts from the websites you visit. Press the shield button in the browser bar to see what sites have tried to collect your data or track your travels across the web. Another feature blocks trackers and data requests in other apps on your phone. DuckDuckGo says it can’t block certain scripts and trackers on the websites that run them (like Facebook, for example), but tapping that little button quickly lets you know what’s being blocked and what’s not.

Brave Search

Brave isn't going to keep track of what you're looking for.

Brave via David Nield

The privacy-focused browser extension provider Brave has its own dedicated search engine. The company launched the service in 2021. Like the other services on this list, Brave says its Search product doesn’t track your searches or log your data. It's impressively comprehensive—as much for its security and privacy as for the results you get.

Simply put, no logs of your queries are kept by the search engine. While that might make for a slightly less convenient user experience—Google might automatically know you're more interested in the Miami Dolphins than actual dolphins, for instance—it does mean that you can search without worrying that you're going to see any related advertising.

"It's impossible for us to share, sell, or lose your data, because we don’t collect it in the first place," says Brave. While the service might eventually become ad-supported, those adverts won't know anything about you or what you've been looking for on the web, making it distinctly different from Google's offering.

Brave also has a service in beta called Goggles that lets users customize their own page rankings to make search results more relevant to each person. It can have some issues, such as being a bit complicated and also could lead to people creating their own little filter bubbles—inadvertently or otherwise.

You can download the Brave Browser for desktop, or get its mobile apps on Android and iOS. You can also access the Brave search engine from any web browser and any device. You don't have to use the Brave browser to use it.

Kagi

The prospect of paying for a search engine might seem odd if you’re used to unlimited Googling on a whim. But that’s exactly the service Kagi is offering.

If you’re willing to pay for yet another subscription, Kagi is a premium search experience worth trying. You can customize how search results are displayed and how links are organized and accessed. There’s also a robust array of search operators and keyboard shortcuts to use. Kagi’s privacy policy is similar to the other services on this list, in that it doesn’t track your online movements or collect your data. It also doesn’t show ads, which feels like such a relief in the era of endless pop ups and sponsored posts.

The pricing plan is simple. There is a free tier, which allots you 100 searches per month before cutting you off. From there you can pay $5 per month for 500 searches, or get unlimited searches $10 a month. All plans, even the free ones, require you to make an account.

Kagi is available as a browser extension for Firefox, Google Chrome, and Safari. Kagi’s Orion browser is available on the Mac, and it also has an iOS app.

Startpage

Want Google’s search results but without Google? Startpage may be the answer. The company serves up Google’s search results without you being tracked. “Startpage submits your query to Google anonymously, then returns Google results to you privately,” the company says on its website. It adds that Google “never sees you and does not know who made the request”.

Startpage, which was founded in the Netherlands in 2006, says that it doesn’t store people’s personal data or search history, and your IP address is removed by its servers. The company also says it blocks price trackers and prevents advertisers from showing you ads based on your online history. (It does show ads from Google’s search results). Its search results also let you click to open an anonymous view of them, which it claims works like a VPN.

The experience isn’t exactly the same as Google search, but the results are. For instance, if you search for something in the news—maybe Elon Musk, if you must—Google will show you a carousel of the latest news stories before its search results. Google also includes Musk’s latest tweets, videos of him, and photos. When you’re using Startpage, the clutter is removed and you just get URLs.

Mojeek

Mojeek doesn’t use search results from other search engines. Instead, the British search engine, which launched in 2006, is building its own index of the web. It’s doing this in the same way as Google and Bing. The company’s crawlers, which trawl the web and collect information about pages, have indexed more than six billion web pages.

This crawling isn’t as extensive as Google’s—back in 2013 Google said it was indexing 30 trillion web pages, 100 billion times a month—but Mojeek says its approach means it is fully in control of the search results it shows. The company argues there should be alternative indexes to those controlled by Big Tech. “Making and altering our own algorithm from scratch to display high quality and unbiased results is essential,” the company said in 2018.

But that’s not the only difference to Google. Mojeek also says it doesn’t track people. The search results you see are based entirely on the words that you type in, the company says, and it doesn’t collect IP addresses, search history or the clicks that you make.

Limiting Google

You can break the connection between Google Chrome and your Google account.

Google via David Nield

It's worth bearing in mind that if you're using Google Chrome and you're signed into Google, you may well be syncing your DuckDuckGo or Brave searches back to your Google account. Your Google web history and your Chrome browsing history (if you're signed into Google) will match up most of the time, because Google keeps them in sync by default, partly to make it easier to use Google across multiple devices.

To stop this from happening in Chrome, click the three dots in the top right-hand corner, then choose **Settings**. If you see that you're signed into your Google account at the very top, click **Turn off**—this will break the connection between Google and your browser, and you'll be given the option to delete all the data that's stored locally on your device (including your browsing history, bookmarks, and stored passwords).

Perhaps an easier option is to simply switch to another browser altogether—as we've already mentioned, Brave, DuckDuckGo, and Kagi all have them. Other good cross-platform alternatives to Chrome are Microsoft Edge, Mozilla Firefox, Opera and Safari from Apple—but whichever one you switch to, be sure to check out the settings for deleting your browsing history as you go. (All of these browsers have simple-to-use options for this.)

Whichever browser you decide to use, opening up a private or incognito window while you're searching will prevent those searches from being logged inside the browser—as soon as you close the window, the search is gone forever. Bear in mind that these modes don't necessarily stop online companies from tracking your queries though. (If you sign into your Google account while in private mode, Google will still be able to track you.)

If you can't bring yourself to be parted from the search results that Google serves up, you can at least make sure that they're not remembered for too long. Open up your Google account settings page on the web, then click **Data & Privacy** and scroll down to **Web & App Activity.** You can choose either **Manage activity** to remove history and searches manually, or select the **Auto-delete** option to have this data wiped automatically once it's been stored for a certain amount of time.

Private and Secure Web Search Engines: DuckDuckGo, Brave, Kagi, Startpage

Gentoo Linux Security Advisory 202311-10 - Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution. Versions greater than or equal to 1.27 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: RenderDoc: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #908031  
       ID: 202311-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in RenderDoc, the worst of  
which leads to remote code execution.

Background  
=========  
RenderDoc is a free MIT licensed stand-alone graphics debugger that  
allows quick and easy single-frame capture and detailed introspection of  
any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across  
Windows, Linux, Android, or Nintendo Switch™.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-gfx/renderdoc  < 1.27        >= 1.27

Description  
==========  
Multiple vulnerabilities have been discovered in GRUB. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All RenderDoc users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/renderdoc-1.27"

References  
=========  
[ 1 ] CVE-2023-33863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33863  
[ 2 ] CVE-2023-33864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33864  
[ 3 ] CVE-2023-33865  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33865

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-10

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-10

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

**Latest stable release****Version: 21.1****Release Date: 3 June 2021****Release Notes**

Stable releases are recommended for new users and for users not having much time for possible error handling.

**Latest testing release****Version: 21.2-r2333****Release Date: 1 October 2021****Release Notes**

Testing releases are recommended for experienced users familiar with NZBGet.

**Windows**

nzbget-21.1-bin-windows-setup.exe

nzbget-21.2-testing-r2333-bin-windows-setup.exe

Windows XP and later, 32 or 64 Bit.

Manual: Installation on Windows.

**MacOS**

nzbget-21.1-bin-macos.zip

nzbget-21.2-testing-r2333-bin-macos.zip

MacOS 10.7 Lion and later, 64 Bit.

Manual: Installation on Mac.

**Linux**

nzbget-21.1-bin-linux.run

nzbget-21.2-testing-r2333-bin-linux.run

Linux kernel 2.6 and later, x86 (32 or 64 Bit), ARM (32 or 64 Bit), MIPS, PowerPC.

Manual: Installation on Linux.

**FreeBSD**

nzbget-21.1-bin-freebsd.run

nzbget-21.2-testing-r2333-bin-freebsd.run

FreeBSD 9.1 and later, x86 (64 Bit).

Manual: Installation on FreeBSD.

**Android****Daemon**

nzbget-21.1-bin-android.run

nzbget-21.2-testing-r2333-bin-android.run

Android 5.0 and later, x86 (32 Bit), ARM (32 or 64 Bit).

Use installer and frontend app to install the daemon automatically. See manual below for details.

**Installer and frontend app**

nzbget-android-2.0-testing-r36-bin.apk

Android 5.0 and later, x86 (32 Bit), ARM (32 or 64 Bit).

Manual: Installation on Android.

**Other POSIX systems**

Check the package repository of your OS. If you can't find NZBGet there or if you want a newer version please install from source code.

Manuals: Installation on POSIX, Cross-compiling.

**Source code**

nzbget-21.1-src.tar.gz

nzbget-21.2-testing-r2333-src.tar.gz

Source code includes configure and make files for POSIX and project files for MS Visual Studio.

**Latest development sources**

The latest development sources are available in GitHub repository.

Development code may contain serious bugs and is therefore not recommended for average users.

Manual: Build the latest development version.

**Old releases**

Older versions can be obtained from the GitHub project releases page.

CVE-2023-49102: NZBGet - Download

Here are the innovations we’ve made in our products recently. Are you making the most of them?

At Malwarebytes, we’re constantly evolving to protect our customers. These days, our products don’t just protect you from malware, we protect your identity, defend you from ads, safeguard your social media, and keep your mobile safe too.

Here are the innovations we’ve made in our products recently. Are you making the most of them?

****Malwarebytes Premium******Windows**

**Tamper** / **Uninstall Protection**. This allows you to password protect your software so that it can’t be removed remotely.

**Trusted Advisor**. This dashboard provides an easy-to-understand assessment of your computer’s security with a single comprehensive protection score, and clear, expert-driven advice.

**Brute Force Protection**. This blocks Remote Desktop Protocol (RDP) attacks, which are attempts by cybercriminals to access a computer remotely. We do this by blocking IP addresses that exceed a threshold of invalid login attempts.

**Smart Scan.** This enables you to schedule scans at a time when you’re not using your computer, which is best for productivity.

**Mac**

The old adage about Macs not getting viruses is simply not true. Macs need protection too and our **Premium for Mac** is now compatible with macOS Sonoma.

**Mobile Security**

Whether you’re on iOS or Android, our Mobile Security app just got an upgrade. Our **Premium Plus** plan now includes a full-featured VPN to help keep your connections private, no matter where you are. Using the latest VPN technology, WireGuard® protocol, you can enjoy better online privacy at a quicker speed than traditional VPNs.

What you get with our apps:

*   **Android:** Scan for viruses and malware, and detect ransomware, android exploits, phishing scams, and even potentially unwanted apps.

*   **iOS:** Detect and stop robocalls and fake texts, phishing links, malicious sites, and annoying ad trackers (while browsing in Safari).

**Browser Guard**

Available for both Windows and Mac, Malwarebytes Browser Guard is our free browser extension for Chrome, Edge, Firefox, and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It’s the world’s first browser extension to do this, while at the same time identifying and stopping tech support scams.

Browser Guard adds an extra layer to your personal security, on top of your antivirus or firewall. Because it’s a browser extension, it can offer protection in the browser that other means of protection do not have access to.

We’ve recently made enhancements to Browser Guard:

*   **Improved protection:** Stops even more threats with enhanced phishing detection. 
*   **New scanning blocks:** Prevents websites from scanning for vulnerable network ports. 
*   **Facebook support:** Blocks ads and sponsored content from appearing on Facebook feeds. 
*   **Monthly overview:** Summary showcases what has been blocked. 

On top of that, Malwarebytes Premium Security users (Windows only) can now take advantage of:

*   **Content control:** Take control of your browsing experience and define what’s appropriate for you and your family. Fully customize the content you want to block while browsing.
*   **Import and export:** Use your preferences and customized rules with all your browsers, even on other devices. This helps you to experience a consistent and clean web experience. Discover on this video how to transfer Malwarebytes Browser Guard settings to another browser.
*   **Historical Detection Statistics:** View past detections and see what we’ve protected you from.  

Want to see Browser Guard in action? Read the 25 most popular websites vs Malwarebytes Browser Guard

****Malwarebytes Identity Theft Protection****

Newly released, Malwarebytes Identity Theft Protection scours the dark web for your personal information, prevents your social media account from being hacked, and even keeps an eye on your credit (US only) — and it’s all backed by an up-to-$2 million identity theft insurance. (Insurance coverage is $1 or $2 million depending on selected package (latter only available in the US plan **Ultimate)**)

Here’s what you get (based on your selected plan):

*   Ongoing monitoring: Peace of mind that we are actively working in the background to keep you safe
*   Real-time alerts: Immediate notifications if we identify suspicious activity
*   Recommendations and best practices: Advice on how to prevent identity theft, and help if it happens
*   Identity restoration helpline and top-notch customer support.

 Malwarebytes consumer product roundup: The latest 

By Owais Sultan
Ranked and described the functionality of the top 5 best Telegram client applications for Android. Telegram messenger is…
This is a post from HackRead.com Read the original post: Top 5 Best Telegram Client Apps for Android

Ranked and described the functionality of the top 5 best Telegram client applications for Android.

Telegram messenger is gaining popularity, and the number of its users is growing every day. While some users are satisfied with the already included features in the main application, others purchase a Premium version of their favourite messenger, and others have long used the application client Telegram and enjoy the new features of their favourite application. 

****Below is the rating of 5 Telegram messenger client apps for Android********Nicegram** **

What is the Nicegram app? It is one of the most popular Telegram client apps. The app is open source, so you can convince yourself that it is safe. With Nicegram you can get unlocking features for chats and channels, translate messages from a foreign language, forward messages anonymously, add tabs and folders, group chats, create multiple accounts, and view chats without a “read” mark. 

****Telegram X****

We would like to note that it is better to install the beta version of the application, to begin with, as the application has not been updated for a long time. In this messenger you can change the settings of the appearance of the application, also Telegram X has a very clear interface. This client app contains the following features: traffic saving when uploading videos and photos, uploading and sending messages is faster than in the official Telegram app.

****iMe Messenger****

This is a popular app among Android platform users. The app includes many features: a cryptocurrency wallet, sorting chats by topic, a section with music, translating messages from a foreign language right in the chat, blocking selected people to not seeing messages from them, and removing text from photos and image descriptions. You can also use iMe Messenger to convert voice messages to text, and quickly search for GIF images to send in chats. 

****Graph Messenger****

A popular application for those who need privacy when using Messenger. In Graph Messenger developers have included the following features: change your voice when sending voice messages, create and login 100 active accounts at a time, hide chats and channels, chronological display of messages from channels on one page, the ability to edit images directly in the chat, auto-replies for certain contacts directly in the chat. 

** **Vidogram****

This is one of the best Telegram client apps for exploring the content of chats and channels you are subscribed to. With Vidogram you can compile a single news feed from all the channels you are subscribed to, the show history can be in chronological order.

The app also has built-in IPTV, which works very well, so you can watch entertainment, sports and other channels without leaving Vidogram. The app also has features for music lovers: you can form a playlist and listen to music in the app. From the external changes: the user can create animated themes and play online games. 

Thus, there are many client applications of the official Telegram app for Android. They differ from each other in terms of functionality, for example, in many you will find the ability to translate messages from another language right in the chat application.

However, there are also applications with exclusive features, for example, the option to change your voice when sending voice messages. In any case, to select the most convenient and functional application, you should try to install several messengers so that you will be delighted with the new icon on your smartphone. 

****_RELATED ARTICLES_****

1.  **Learn How to Enable Encryption on Facebook Messenger**
2.  **Snowden Explains Why Telegram Messenger App is Unsafe**
3.  **How to use Signal Messenger face blur tool on Android & iOS**
4.  **Encrypted Email Service ProtonMail Supports Physical Security Keys**

Top 5 Best Telegram Client Apps for Android

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.
“Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations,

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.

"Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, such as banks, government services, and utilities," Microsoft threat intelligence researchers Abhishek Pustakala, Harshita Tripathi, and Shivang Desai said in a Monday analysis.

The ultimate goal of the operation is to capture banking details, payment card information, account credentials, and other personal data.

The attack chains involve sharing malicious APK files via social media messages sent on WhatsApp and Telegram by falsely presenting them as banking apps and inducing a sense of urgency by claiming that the targets' bank accounts will be blocked unless they update their permanent account number (PAN) issued by the Indian Income Tax Department through the bogus app.

Upon installation, the app urges the victim to enter their bank account information, debit card PIN, PAN card numbers, and online banking credentials, which are subsequently transmitted to an actor-controlled command-and-control (C2) server and a hard-coded phone number.

"Once all the requested details are submitted, a suspicious note appears stating that the details are being verified to update KYC," the researchers said.

"The user is instructed to wait 30 minutes and not to delete or uninstall the app. Additionally, the app has the functionality to hide its icon, causing it to disappear from the user's device home screen while still running in the background."

Another notable aspect of the malware is that it requests the user to grant it permission to read and send SMS messages, thereby enabling it to intercept one-time passwords (OTPs) and send the victims' messages to the threat actor's phone number via SMS.

Variants of the banking trojan discovered by Microsoft have also been found to steal credit card details along with personally identifiable information (PII) and incoming SMS messages, exposing unsuspecting users to financial fraud.

However, it's worth noting that for these attacks to be successful, users will have to enable the option to install apps from unknown sources outside of the Google Play Store.

"Mobile banking trojan infections can pose significant risks to users' personal information, privacy, device integrity, and financial security," the researchers said. "These threats can often disguise themselves as legitimate apps and deploy social engineering tactics to achieve their goals and steal users' sensitive data and financial assets."

The development comes as the Android ecosystem has also come under attack from the SpyNote trojan, which has targeted Roblox users under the guise of a mod to siphon sensitive information.

In another instance, fake adult websites are being used as lures to entice users into downloading an Android malware called Enchant that specifically focuses on pilfering data from cryptocurrency wallets.

"Enchant malware uses the accessibility service feature to target specific cryptocurrency wallets, including imToken, OKX, Bitpie Wallet, and TokenPocket wallet," Cyble said in a recent report.

"Its primary objective is to steal critical information such as wallet addresses, mnemonic phrases, wallet asset details, wallet passwords, and private keys from compromised devices."

Last month, Doctor Web uncovered several malicious apps on the Google Play Store that displayed intrusive ads (HiddenAds), subscribed users to premium services without their knowledge or consent (Joker), and promoted investment scams by masquerading as trading software (FakeApp).

The onslaught of Android malware has prompted Google to announce new security features such as real-time code-level scanning for newly encountered apps. It also launched restricted settings with Android 13 that prohibits apps from obtaining access to critical device settings (e.g., accessibility) unless it's explicitly enabled by the user.

It's not just Google. Samsung, in late October 2023, unveiled a new Auto Blocker option that prevents app installations from sources other than Google Play Store and Galaxy Store, and blocks harmful commands and software installations through the USB port.

To avoid downloading malicious software from Google Play and other trusted sources, users are advised to check the legitimacy of the app developers, scrutinize reviews, and vet the permissions requested by the apps.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#android