Plus: Iran’s secret torture black sites, hacking a bank account with AI-generated voice, and Lance Bass’ unhinged encounter in Russia.

Late last week, Twitter announced that it would no longer allow users to secure their accounts using SMS-based two-factor authentication (2FA) unless users paid for its Twitter Blue subscription—a move that’s baffled security experts. It’s especially confusing because SMS 2FA is widely considered to be one of the less secure multi-factor authentication options. Fortunately, Twitter will still allow anyone to use other 2FA options, including authentication apps and physical security keys. Here’s how to switch away from SMS 2FA.

Physical security keys are one of the most secure methods of multi-factor authentication. But they’re not just for logging in to Twitter. You can also unlock your iPhone using a physical key in just a few steps. Unlocking a device isn’t the only security issue iPhone users need to worry about. Research published this week details a new class of bugs that affected Apple’s iOS and macOS that could have potentially allowed an attacker to access a target’s message, photos, and call histories. So if you haven’t updated to the latest version of those operating systems, now is the time.

If anyone knows what it’s like to be targeted by hackers, it’s Ukraine. Over the past year, the country’s systems have faced an unprecedented Russian bombardment of data-destroying “wiper” malware, according to multiple cybersecurity firms. Researchers say Russia unleashed more wipers on Ukraine than at any point in its long-running cyberwar against its neighbor. The only upside—if you can call it that—is that the newly discovered wipers are less destructive than earlier Russian wipers, especially compared to NotPetya, which Russia unleashed on Ukraine in 2017. The malware spread around the world, causing a still-unmatched $10 billion in damage.

In addition to cyberattacks, Russia’s war has also severely impacted Ukraine’s electric grid, which has caused blackouts and internet outages. To keep themselves online and connected to each other and the world, Ukrainians have increasingly turned toward high-capacity lithium-ion batteries to keep cell phone towers online when Russia attacks Ukraine’s electric grid. 

Elsewhere in the world, China hawks in the US Congress continue to gather support for a nationwide ban on TikTok, which is owned by China-based ByteDance. The intense focus on a single app, which TikTok critics claim is a national security threat, has some wondering why lawmakers care so much about Americans’ privacy when it comes to TikTok but not US-based tech firms. The answer? Silicon Valley is our friend, China isn’t.

That notion doesn’t always ring true, however. Mozilla researchers this week say they found rampant inaccuracies in the privacy claims app developers make on Google Play’s Data Safety labels. Facebook received a “poor” grade from Mozilla, while Google’s YouTube, Gmail, and Google Maps apps ranked as “needs improvement.” 

But that’s not all. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.

On Tuesday, TechCrunch reported that the US Department of Defense had secured an unprotected server that had been leaking internal US military emails to anyone who knew where to look. The server was hosted on Microsoft’s Azure and was part of an internal government mailbox system that stored terabytes of internal military emails. According to TechCrunch, a simple misconfiguration allowed anyone who knew the server’s IP address access the sensitive data using only a web browser—no password needed.

The exposed server was discovered by security researcher Anurag Sen, who provided the details to TechCrunch. The data had been exposed for two weeks, but it’s unclear if anyone other than Sen accessed it while it was available.

US Special Operations Command’s spokesperson Ken McGraw told TechCrunch that an investigation is underway. “We can confirm at this point \[that\] no one hacked US Special Operations Command’s information systems,” said McGraw.

In an investigation published Tuesday, CNN pinpointed the locations of more than three dozen black sites across Iran where protesters were brutally tortured. According to the report, many are undeclared prisons inside government facilities or makeshift jails in warehouses. Some are even in the basements of mosques. Survivors of torture at these sites told CNN that the brutality they faced was unprecedented: electrocutions, removal of nails, lashings, beatings, and sexual violence.

Iran was rocked by protests last year during the Mahsa Amini uprising, which prompted a spread of black sites around Iran’s capital city, Tehran. According to the investigation, these unofficial detention centers were instrumental in making torture systematic and laid the groundwork for scores of death sentences against protesters. More than 100 protesters have been charged with crimes that carry the death sentence.

CNN reached out to the Iranian government for comment on the allegations of torture in their secret prisons but has not received a response.

On Thursday, Vice reporter Joseph Cox detailed how he was able to break into his bank account using an AI-generated voice. Banks across the US and Europe have implemented so-called “voice verification” technology that lets customers log in to their bank accounts over the phone. While advertised as a safe and convenient form of authentication, Cox’s experiment demonstrates a very real, albeit rare, attack that fraudsters could exploit to access bank accounts.  

Using a free voice creation service to spoof his own voice, Cox gained entry into his account at Lloyds Bank. To do this, all he had to do was record about five minutes of speech and upload it to the service. Within minutes, the service spit out a synthetic voice capable of fooling his bank’s voice verification software. Lloyds Bank told Vice that it is aware of the threat of synthetic voices and is deploying countermeasures. 

In an interview with Ars Technica, Lance Bass, a former member of NSYNC, recalled how he was held at gunpoint by Russian officials after failing to secure funding for a trip to space. In 2002, the singer was scheduled to spend 10 days aboard the International Space Station alongside two cosmonauts. When the singer and his production team couldn’t come up with $20 million to finance the trip, he says that Russian officials threatened him at gunpoint. 

“There were a lot of problems with Russia and Hollywood in trying to make this happen,” Bass told Ars. “There were even a couple of weekends that I would get kicked off the base in Russia. They would put a gun to my head and be like, ‘Where’s the money? Where’s the money?’”

Bass never ended up going to space.

Security News This Week: Sensitive US Military Emails Exposed

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

CVE-2023-26545

In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.

Hello,  
I found the following issue using syzkaller on:  
HEAD commit : e60276b8c11ab4a8be23807bc67b048cfb937dfa (v6.0.8)  
git tree: stable

C Reproducer : https://gist.github.com/oswalpalash/76ca8fcd92332c75a0a7efaa26269c42  
Kernel .config :  
https://gist.github.com/oswalpalash/0962c70d774e5ec736a047bba917cecb

Console log :  
loop0: detected capacity change from 0 to 4096  
ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512)  
\==================================================================  
BUG: KASAN: use-after-free in run\_unpack+0x89a/0x940  
Read of size 1 at addr ffff888024b21900 by task syz-executor.0/16961

CPU: 0 PID: 16961 Comm: syz-executor.0 Not tainted 6.0.8-pasta #2  
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS  
1.13.0-1ubuntu1.1 04/01/2014  
Call Trace:  
<TASK>  
dump\_stack\_lvl+0xcd/0x134  
print\_report.cold+0xe5/0x63a  
kasan\_report+0x8a/0x1b0  
run\_unpack+0x89a/0x940  
run\_unpack\_ex+0xb8/0x620  
ntfs\_iget5+0xc18/0x3270  
ntfs\_fill\_super+0x27de/0x3d30  
get\_tree\_bdev+0x440/0x760  
vfs\_get\_tree+0x89/0x2f0  
path\_mount+0x121b/0x1cb0  
do\_mount+0xf3/0x110  
\_\_x64\_sys\_mount+0x18f/0x230  
do\_syscall\_64+0x35/0xb0  
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd  
RIP: 0033:0x7fcf8309146e  
Code: 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f  
84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d  
01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48  
RSP: 002b:00007fcf83dc4a08 EFLAGS: 00000206 ORIG\_RAX: 00000000000000a5  
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fcf8309146e  
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fcf83dc4a60  
RBP: 00007fcf83dc4aa0 R08: 00007fcf83dc4aa0 R09: 0000000020000000  
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000  
R13: 0000000020000100 R14: 00007fcf83dc4a60 R15: 0000000020002a00  
</TASK>

Allocated by task 6460:  
kasan\_save\_stack+0x1e/0x40  
\_\_kasan\_kmalloc+0xa6/0xd0  
kmalloc\_reserve+0x32/0xd0  
\_\_alloc\_skb+0x11a/0x320  
tcp\_stream\_alloc\_skb+0x38/0x550  
tcp\_sendmsg\_locked+0xc44/0x2fd0  
tcp\_sendmsg+0x2b/0x40  
inet\_sendmsg+0x99/0xe0  
sock\_sendmsg+0xc3/0x120  
sock\_write\_iter+0x291/0x3d0  
vfs\_write+0x9ca/0xd90  
ksys\_write+0x1e8/0x250  
do\_syscall\_64+0x35/0xb0  
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd

Freed by task 6460:  
kasan\_save\_stack+0x1e/0x40  
kasan\_set\_track+0x21/0x30  
kasan\_set\_free\_info+0x20/0x30  
\_\_kasan\_slab\_free+0xf5/0x180  
kfree+0x15e/0x540  
skb\_free\_head+0xac/0x110  
skb\_release\_data+0x56f/0x850  
skb\_release\_all+0x46/0x60  
\_\_kfree\_skb+0x11/0x20  
tcp\_ack+0x1e54/0x5af0  
tcp\_rcv\_established+0x14b5/0x2130  
tcp\_v4\_do\_rcv+0x701/0xd00  
\_\_release\_sock+0x12f/0x3a0  
release\_sock+0x54/0x1b0  
tcp\_sendmsg+0x36/0x40  
inet\_sendmsg+0x99/0xe0  
sock\_sendmsg+0xc3/0x120  
sock\_write\_iter+0x291/0x3d0  
vfs\_write+0x9ca/0xd90  
ksys\_write+0x1e8/0x250  
do\_syscall\_64+0x35/0xb0  
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd

Last potentially related work creation:  
kasan\_save\_stack+0x1e/0x40  
\_\_kasan\_record\_aux\_stack+0x7e/0x90  
call\_rcu+0x99/0x740  
xfrm\_policy\_kill+0x120/0x250  
xfrm\_policy\_delete+0x65/0x90  
sk\_common\_release+0x24e/0x330  
inet\_release+0x12e/0x270  
\_\_sock\_release+0xcd/0x280  
sock\_close+0x18/0x20  
\_\_fput+0x27c/0xa90  
task\_work\_run+0xe0/0x1a0  
exit\_to\_user\_mode\_prepare+0x25d/0x270  
syscall\_exit\_to\_user\_mode+0x19/0x50  
do\_syscall\_64+0x42/0xb0  
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd

The buggy address belongs to the object at ffff888024b21800  
which belongs to the cache kmalloc-1k of size 1024  
The buggy address is located 256 bytes inside of  
1024-byte region \[ffff888024b21800, ffff888024b21c00)

The buggy address belongs to the physical page:  
page:ffffea000092c840 refcount:1 mapcount:0 mapping:0000000000000000  
index:0x0 pfn:0x24b21  
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)  
raw: 00fff00000000200 ffffea0000a00188 ffffea000077b9c8 ffff888011840700  
raw: 0000000000000000 ffff888024b21000 0000000100000002 0000000000000000  
page dumped because: kasan: bad access detected  
page\_owner tracks the page as allocated  
page last allocated via order 0, migratetype Unmovable, gfp\_mask  
0x2c2220(\_\_GFP\_HIGH|\_\_GFP\_ATOMIC|\_\_GFP\_NOWARN|\_\_GFP\_COMP|\_\_GFP\_NOMEMALLOC|\_\_GFP\_THISNODE),  
pid 16, tgid 16 (ksoftirqd/0), ts 86734280820, free\_ts 86664849571  
prep\_new\_page+0x2c6/0x350  
get\_page\_from\_freelist+0xae9/0x3a80  
\_\_alloc\_pages+0x321/0x710  
cache\_grow\_begin+0x75/0x360  
kmem\_cache\_alloc\_node\_trace+0xbe2/0xd40  
\_\_kmalloc\_node\_track\_caller+0x38/0x60  
kmalloc\_reserve+0x32/0xd0  
\_\_alloc\_skb+0x11a/0x320  
tcp\_stream\_alloc\_skb+0x38/0x550  
tcp\_write\_xmit+0x1c72/0x6170  
\_\_tcp\_push\_pending\_frames+0xaa/0x380  
tcp\_rcv\_established+0x9d5/0x2130  
tcp\_v4\_do\_rcv+0x701/0xd00  
tcp\_v4\_rcv+0x3cf0/0x3f70  
ip\_protocol\_deliver\_rcu+0x9b/0x7c0  
ip\_local\_deliver\_finish+0x2fb/0x4e0  
page last free stack trace:  
free\_pcp\_prepare+0x5ab/0xd00  
free\_unref\_page+0x19/0x410  
slab\_destroy+0x14/0x50  
drain\_freelist+0x9c/0xe0  
cache\_reap+0x1b9/0x2f0  
process\_one\_work+0x9c7/0x1650  
worker\_thread+0x623/0x1070  
kthread+0x2e9/0x3a0  
ret\_from\_fork+0x1f/0x30

Memory state around the buggy address:  
ffff888024b21800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb  
ffff888024b21880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb  
\>ffff888024b21900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb  
^  
ffff888024b21980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb  
ffff888024b21a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb  
\==================================================================

CVE-2023-26544: LKML: Palash Oswal: KASAN: use-after-free Read in run_unpack

By Owais Sultan
The AI software market has rapidly grown over the past few years. And, based on expert forecasts, it’s…
This is a post from HackRead.com Read the original post: 3 Ways Artificial Intelligence Is Transforming the Stock Market Landscape (and Making It More Secure)

The AI software market has rapidly grown over the past few years. And, based on expert forecasts, it’s not slowing down. According to Statista, the size of the AI software market is predicted to reach a whopping $126 billion by 2025, which is more than 12x what it was in 2018.

And while (at least right now) the majority of the world’s population sees AI as a fun way to generate images they can show off on social media, for investors, artificial intelligence comes with much more impactful benefits.

If you’ve ever wondered whether AI could genuinely transform the stock market landscape or make it more secure, the following are the changes that are already happening.

**Building More Profitable Stock Portfolios**

One of the most prominent advantages of using AI for trading is speed. An artificial intelligence piece of software can scrape the internet in search of information in a matter of minutes. But even more impressively, it can process all that information in the blink of an eye — something that would take humans hours to do equally thoroughly.

For this reason, AI has the potential to aid traders in making quicker investing decisions. And, considering how time-sensitive successful trading can be, this is a huge benefit.

But is AI, in itself, enough to aid traders in building more profitable stock portfolios? Well, as of right now, it’s not. 

These days, making sound investing choices still requires extensive insights, experience, and a bit of human touch. That’s why the best way of utilizing AI is to combine it with other trustworthy stock market investing tools. Nonetheless, the future is guaranteed to see an advancement in artificial intelligence software. In a few years, AI solutions _might_ be enough to inform solid, risk-proof investment decisions.

**Fraud Detection**

Another highly-impactful effect of employing AI solutions in finance is that this tech could allow organizations to protect themselves from an ever-growing rate of cyber threats. In fact, AI can be so competent at detecting and flagging irregular and malicious trading activity that Nasdaq started applying it to the U.S. stock market in 2019.

Of course, considering that the development of effective security-oriented AI solutions _is_ still expensive, it’s safe to expect the trend to be slow on the uptake. But it is safe to say that, in the future, more and more financial organizations will be starting to implement AI solutions in their fraud detection and security systems to minimize risk and maximize their security.

**Improved Customer Service**

One unexpected way AI is transforming the stock market landscape is by making communication between financial service providers and their customers vastly less complicated and more straightforward.

In the past, clients who had any account queries or required technical data had to get in touch with a customer service representative, who would then have to collect and send that data. But now, these requests can be dealt with almost momentarily, mainly thanks to the speed with which AI can conduct similar tasks.

With artificial intelligence software, a simple request can be met in minutes without relying on excessive employee involvement. And best of all, the results are immediately felt, as operational costs are vastly reduced. The speed with which matters are taken care of also results in a significant improvement in customer satisfaction rates. 

Considering that both of these factors play parts in securing the future of any financial institution, it’s safe to say that the role of AI in improving customer service is tremendous.

**Final Thoughts**

Artificial intelligence solutions that have the potential of transforming (and securing) the stock market landscape are not yet at their peak level. Realistically speaking, we still have a decade or so to go before we can say that we’ve successfully changed the world of finance.

However, we can say with absolute certainty that the change _is_ coming. And we can rest assured that it’s going to be positive.

What remains to be seen is how small and mid-size organizations will cope with developing and implementing AI in their workflows — whether they’ll go the custom route or pull the trigger and share solutions for the sake of mutual prosperity. 

1.  How to use AI in cybersecurity?
2.  Incorporating machine learning in data mapping
3.  Using Machine Learning for content moderation?
4.  Cybersecurity trends affecting cybersecurity stocks
5.  Google Vertex AI Vision: Revolutionizing E-Commerce?

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

3 Ways Artificial Intelligence Is Transforming the Stock Market Landscape (and Making It More Secure)

The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain.

As more organizations shift to cloud-native application development to support new business features and digital transformation initiatives, software supply chain issues have become more visible. Because cloud-native development relies so heavily on open source software, organizations have to start thinking about the components that go into these applications.

To build these cloud-native applications, developers have adopted agile application development practices and rapid release cycles, and they rely heavily on open source code and microservices from a widely distributed and often vast community to compose their containers and serverless functions. While the source code may primarily come from an established ecosystem, it is common for some to originate from unknown sources or obsolete projects.

Traditional security approaches aren't designed to handle this new approach to application development, especially for modern cloud compute and serverless architectures. This is the area cloud-native application protection platforms evolved to address. Gartner describes CNAPP as "an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production."

According to a recent Frost & Sullivan report, sales of CNAPP topped $1.7 billion in 2021, nearly 49% higher than 2020. Frost & Sullivan projects that CNAPP revenues will grow at a compound annual growth rate of almost 26% from 2021 to 2026. The report's author, industry principal for global cybersecurity Anh Tien Vu, forecasts that by 2026, revenues will exceed $5.4 billion "because of the increasing demand for a unified cloud security platform that strengthens cloud infrastructure security and protects applications and data throughout their life cycle."

**Prevent Problems During Development**

Attackers are increasingly homing in on cloud-native targets to exploit vulnerabilities that enter the software supply chain. Last year, the Log4Shell vulnerability in the widely deployed Log4j Java runtime library illustrated the broad impact such a vulnerability can have on the application ecosystem. Given the widespread distributed deployment of Java applications, organizations had to scramble to find and patch them after Apache Foundation's public disclosure.

"With Log4j, people didn't know whether those libraries were in use or not," says Enterprise Strategy Group senior analyst Melinda Marks. Experts frequently cite Log4j as a wake-up call to CISOs and CIOs that software development lifecycles need to collaborate more closely and shift left.

Marks says CNAPP enables organizations to establish DevSecOps processes in which software developers take the lead in discovering potential flaws in code before deploying application runtimes into production, but it also goes further. "This is important for preventing security issues before you deploy your applications to the cloud, because once you deploy them, they're available for the hackers," Marks says.

**Monitor Runtime to Identify Priorities**

CNAPPs consolidate siloed capabilities, including the scanning of development artifacts such as containers and infrastructure as code (IaC), cloud security posture management (CSPM), cloud infrastructure management (CIEM), and runtime cloud workload protection platforms. Besides providing a more unified approach and better visibility of the risk of cloud-native computing environments, CNAPP provides common controls to mitigate vulnerabilities.

Notably, CNAPP also facilitates collaboration among application development, cybersecurity, and IT infrastructure teams, paving the way for detecting and mitigating vulnerabilities before applications are deployed into production. Security vendors such as Check Point and Palo Alto Networks are adding CNAPP capabilities to their security platforms.

Marks warns that there's a misconception about shifting security left: that it's all about moving security up front in the software development and build cycles. "There's also the need to tie in the runtime monitoring and have that context for developer workflows, so they're not wasting time on fixing things that have no impact on how the application is actually going to run in the cloud," she says.

Tackling Software Supply Chain Issues With CNAPP

Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5359-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 23, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930                  CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 110.0.5481.177-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmP34kwACgkQEMKTtsN8TjZFwhAAk2JqYKeasa9sMSwiBcpaz+HBtIimsS/ue/TIddRuwcUwpif2qSF+QyL6ac1Wc/jIwW4F7OY9d5Ww8AkvGnxcdzt9dI+g3lPUDByqYJutWahICxm6ZBxrY2ms0NbTYK4hzFBVyobfnQF/EzOGLpyarauFTjBW1sbtCSFnXYeMHd5+rpw5bYTx5JZPoG2fGHuAcXE2CoKGm41tqzegYdKrv33eID3EB91ne/oMqTp4/q1QEVeZiQ0JdRPHq8fJG+FOdPdU3K/eROkkxvakd+QCTcGetKONQ0HFkr43BLP8EAMBAbg4Ds+zaJ+xgenHusSrN+Q7MQraYgqZ6DInzrJXBeeXSu9zm+iwEpJXuerQv3iYDn0o75gzL+qtoh31mePFB6jihIgHo0adqu6upNedFGe+YY1RuJuYWlw2cvjagdaSgotuGbNirXXDYUlQMA82eu+d3yv1hexkbCNQGykGOmuF7J2O+Vwb34Hf6MlDAxrdOuaEcxw8siOsa/MhXKYT1nmxASizffo2mmk/HJatqoTQXtxOWaVIv2Q/ySCc9WsESCRzh1J1gjf8+RH3T/O6T1EfM5oKi4bEZMhcxPhM+ue2DpBxVIB1qPDlOOsqQeLfaBwdcqmeXIl+pZhQBsB9A6okzNfoktEKUysQkKRlTPSl9QCQpd/cdVCwFMfXWA0==4fPc-----END PGP SIGNATURE-----

Debian Security Advisory 5359-1

With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.

A new class of bugs in Apple's iOS, iPadOS, and macOS has been uncovered, researchers say, that could allow an attacker to escalate privileges and make off with everything on a targeted device.

This new class could "allow bypassing code signing to execute arbitrary code in the context of several platform applications," Trellix researcher Austin Emmitt wrote in a blog post on Feb. 21, "leading to escalation of privileges and sandbox escape on both macOS and iOS."

Were an attacker to exploit these vulnerabilities, they could potentially gain access to a victim's photos, messages, call history, location data, and all kinds of other sensitive data, even the device's microphone and camera. They could also use their access to wipe a device altogether.

The vulnerabilities in this class range from medium to high severity, with CVSS ratings between 5.1 and 7.1. Apple grouped them into two CVEs: CVE-2023-23530 and CVE-2023-23531. There's no indication that they've been exploited in the wild.

**NSPredicate: A Fresh Cyberattack Vector**

The cyber failure in this case arises from NSPredicate, a class that enables app developers to filter lists of objects on a device. This "innocent-looking class," as Emmitt put it, is much deeper than it may appear at first glance. "In reality, the syntax of NSPredicate is a full scripting language."

In other words, through NSPredicate, "the ability to dynamically generate and run code on iOS had been an official feature this whole time," he explained.

In one proof-of-concept, Trellix found that an attacker could use NSPredicate to execute code in "coreduetd" or "contextstored," root-level processes that allows entryway into parts of the machine such as the calendar, address book, and photos.

In another case, the researchers found an NSPredicate vulnerability in the UIKitCore framework on the iPad. Here, a malicious app would be able to execute code inside SpringBoard, the app that manages the device's home screen. Getting into SpringBoard could cause any number of compromises to just about any kind of data a user stores on the phone, or allow an attacker to simply erase the device altogether.

The silver lining for this new class of vulnerabilities is that they require an attacker already to have access to a target device. Gaining access is typically the easy part, with methods like phishing and other social engineering being so widely effective, but it also means there are steps anybody can take to harden their defenses.

"Individuals should continue to stay vigilant against social engineering and phishing attacks," McKee says, "while also ensuring they only install applications from a known trusted source. Businesses are encouraged to ensure they are doing the proper product security testing on any third-party applications they use in their infrastructure and are monitoring device logs for any suspicious or unusual activity."

**Patching Might Not Be the End of the Story**

If they haven't already, Apple users should update their system software, as the newest versions include fixes for the vulnerabilities so described. That doesn't mean, however, that vulnerabilities of this kind won't pop up again.

Emmitt highlighted in the blog post how NSPredicate had already been exposed by a security researcher back in 2019, then exploited by NSO Group in 2021, in an espionage attack targeting a Saudi activist. Apple attempted to close the hole but evidently didn't finish the job, paving the way for the new discoveries.

"Elimination of a bug class is often extremely difficult to accomplish as it often requires not only code changes but education of developers," explains Doug McKee, director of vulnerability research for Trellix. "Like all bug classes, unless a mitigation is put into place which would eliminate the entire class, it would be expected that more similar vulnerabilities would be found in the future."

**The Myth of Apple’s Superior Security?**

The findings are another puncture wound in the perception that Apple devices are somehow inherently more secure than PCs or Android devices.

"Since the first version of iOS on the original iPhone," Emmitt explained, "Apple has enforced careful restrictions on the software that can run on their mobile devices."

The devices do this with code signing. Functioning somewhat like a bouncer at a club, iPhone only allows an application to run if it has been cryptographically signed by a trusted developer. If any entity — a developer, hacker, etc. — wishes to run code on the machine, but they're not "on the list," they'll be shut out. And "as macOS has continually adopted more features of iOS," Emmitt noted, "it has also come to enforce code signing more strictly."

As a result of its strict policies, Apple has earned a reputation in some corners for being particularly cyber secure. Yet that extra stringency can only extend so far.

"I think that there is a misconception when it comes to Apple devices," says Mike Burch, director of application security for Security Journey. "The assumption by the public is that they are more secure than other systems. It is true that Apple has many security features and is more stringent about what applications it allows on its devices. Still, they are just as susceptible to vulnerabilities being introduced to their devices as any other provider."

'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-0585: Updates.php in all-in-one-seo-pack/tags/4.2.9/app/Common/Main – WordPress Plugin Repository

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-0586: PostSettings.php in all-in-one-seo-pack/tags/4.2.9/app/Common/Admin – WordPress Plugin Repository

Categories: Business
CRN named Malwarebytes one of the “Coolest Endpoint And Managed Security Companies” on the 2023 CRN Security 100.



(Read more...)




The post Malwarebytes wins 2023 CRN 'Coolest Endpoint And Managed Security Companies' award appeared first on Malwarebytes Labs.

CRN, a trusted source for IT channel news and analysis, has named Malwarebytes one of the “Coolest Endpoint And Managed Security Companies” on the 2023 CRN Security 100 list.

The CRN Security 100 highlights channel-friendly cybersecurity vendors across a number of market segments including Endpoint and Managed Security, Identity Management and Data Protection, Network Security, and more. Solutions that leverage cloud-native technologies and provide more comprehensive detection capabilities are featured prominently on the list.

By featuring Malwarebytes on their list of key cybersecurity vendors for 2023, CRN recognizes the strides we’ve made to best serve our channel partners in the past year, including:

*   Expanding our partner network to more than **3,000 global MSP partners and over 250 percent growth YoY**
*   Forming new strategic partnerships with **Addigy, Atera, ConnectWise, GCN Group, Kaseya/Datto, Sherweb, TeamViewer, and Pax8, among others.**
*   Growing the MSP sales and marketing team **175 percent YoY to support partners across geographies and industries.**
*   Continuing to expand the Malwarebytes OneView platform to offer **Vulnerability & Patch Management, Application Block, DNS Filtering and MDR** in combination with award-winning EDR.

And on the Value Added Reseller (VAR) front:

*   Continuing to strengthen key partnerships with distribution and partners, including **TD Synnex, Carahsoft, CDW, SHI, Insight, and Howard Technologies**.
*   **Increasing transactions 100 percent YoY with VARs in the US**.
*   Working to align with key partners and distributors in EMEA and APAC, including **Climb Channel Solutions, Sysob, BlueChip, and ACA Pacific**.
*   Focusing on the K-12 market with VAR partners and distributors and **bringing our brand new mobile solution to schools** to secure the more than 50 million Chromebooks being used in K-12 globally.

Learn more about our partner program here: https://www.malwarebytes.com/partners

**The state of MSP cybersecurity**

As the attack surface gets bigger and bigger for businesses, it’s become clear that Managed Service Providers (MSPs) need a solution that both grows their business and meets the security needs of their customers.

But there’s a problem.

Constrained staff resources, skyrocketing costs, and the complexities of managing multiple solutions all make it difficult for MSPs to adapt to the constantly evolving cybersecurity landscape, leading to lengthy incident response times and business inefficiencies that limit growth.

In fact, Kaseya’s 2022 MSP Benchmark Survey shows that the second and third most common business challenges for MSPs right now are security and hiring, respectively.

*   In 2022, **39 percent of all ransomware attacks targeted service providers**, followed by 12 percent for healthcare and 9 percent for the manufacturing industry.
*   Many MSPs must support multiple tools in various environments with limited people. **Multiple licenses and vendors equals higher cost and less visibility.**
*   MSPs need to maintain **multiple compliance requirements** for their customers, including HIPAA, PCI DSS, and GDPR.

**Malwarebytes OneView**

Enter Malwarebytes OneView, a powerful and affordable security management platform that gives MSP security teams maximum control. For Value-added Resellers (VARs), Malwarebytes Nebula is the equivalent platform.

**Precise, thorough remediation**

As threats occur, OneView and Nebula offer intuitive and automated controls for rapid response powered by our award-winning Endpoint Detection and Response (EDR) technology. We offer seven layers of protection, multi-mode isolation, 72-hour ransomware rollback, and more.

**Single multi-tenant console**

OneView’s multi-tenancy enables MSPs to streamline operations with centralized management of customer server and workstation endpoints, license subscriptions, reporting, and global policies.

**Subscription management**

Intuitive design in OneView allows MSPs to easily track and manage customer license subscriptions across sites and provide a higher level of service and attention.

**Integrations**

With native integrations into leading remote monitoring and management (RMM) and professional services automation (PSA) platforms, Malwarebytes OneView enables your MSP team to streamline operations.

_Malwarebytes OneView dashboard view_

**Constantly expanding**

Malwarebytes has only continued to build upon both OneView for MSPs and Nebula for Value-Added Resellers (VARs), adding three new modules that simplify breach prevention within the same cloud interface MSPs already trust for detection and remediation:

**Vulnerability and Patch Management**

Enables MSPs to take control of their full vulnerability assessment and patching process, helping ensure defenses are up to date across their clients’ environments.

**DNS Filtering**

Regulate access to websites and other content on company-managed networks, which in turn reinforces the security of company data.

**Application Block**

Protects endpoints by preventing unauthorized software from executing across your clients’ sites.

For VARs, Malwarebytes Mobile Security is a new offering in Nebula which provides unified protection for Chromebooks, Android, and iOS mobile devices.

We plan to continue expanding OneView and Nebula with further product innovation, including adding more modules and in-platform integrations for OneView with other top remote monitoring and management (RMM) and professional services automation (PSA) platforms.

**Managed Detection And Response (MDR) For MSPs**

Gartner reports that, by 2025, 50 percent of organizations will be using Managed Detection and Response (MDR) services for threat monitoring, detection, and response functions that offer threat containment capabilities.

In other words, MDR is shaping out to be table stakes for any MSP provider in the coming years—but many MSPs lack staff or budget to build MDR programs in-house.

Launched last year, our purpose-built managed detection and response (MDR) offering for MSPs helps alleviate these challenges.

With our elite team of MDR analysts monitoring your customer endpoints 24x7, Malwarebytes MDR simply and effectively closes your security resources gap, reduces the risk of unknown threats to your customers, and increases your ability for new business growth.

**Value-Added Resellers (VARs) bolster their clients' cybersecurity with Nebula**

Our commitment to the channel doesn’t stop at MSPs.

By reselling our powerful solutions, VARs can combat the world’s most harmful threats and solve your customers’ unique security challenges.

Malwarebytes is committed to VAR success and has significantly invested in the channel with offerings that include sales and technical training, tools, and certifications.

**Partner Portal**

Our partner portal app is an easy way to access sales and marketing resources, register deals, and provide your customers with free trials.

**Sales and Technical Training**

Whether on-demand or onsite, Malwarebytes has the training curriculum to provide you with the necessary skillset to sell and support Malwarebytes solutions.

**Marketing Resources**

Malwarebytes will support your marketing initiatives and provide branded marketing and sales materials that can help you win deals.

_Malwarebytes Nebula dashboard view_

**Dedicated to MSP partner growth**

Malwarebytes is honored to receive the 2023 'Coolest Endpoint And Managed Security Companies' award by CRN—and we have no intentions of slowing down.

Apply today or reach out to us for a demo.

Tag

#ios