The rise of online dating has created a fertile ground for manipulation and in today’s digital world, it’s easy to trust someone that you’ve never met in person, sharing personal details or intimate images before you truly understand who they are. In fact, our recent study reveals that 39% of people aged 25-34 have shared intimate images with someone they’ve never met in real life.

Unfortunately, this openness is often exploited. Whether it’s through intimate image abuse, stalkerware, or deepfakes, online daters are increasingly vulnerable to dangers that weren’t as common just a few years ago. With that in mind, here’s a breakdown of the top three threats to watch out for.

1. Private photos, public nightmares: the growing threat of image abuse

Intimate image abuse (IIA), or “revenge porn” is a harmful form of digital abuse. As sharing intimate images becomes more normalized, many feel secure when trusting partners or online matches with personal photos. In our “Naked Truth” survey of 9,000 people, nearly half reported experiencing or knowing someone who had been affected by Intimate Image Abuse. The issue is particularly severe among younger generations, with 69% of 16-24-year-olds admitting that they’ve been exposed to it. Despite the risks, victim-blaming remains common, with 50% of respondents believing that those who share intimate images are responsible if they’re leaked, reflecting a widespread misunderstanding of consent and privacy.

How to protect yourself:

Think twice before sharing: сonsider the potential consequences of sharing private images and gauge the level of trust with the recipient.
Stay informed: many social media platforms have systems in place to detect and remove non-consensual intimate images. Learn how to report such content.
Manage your passwords wisely: always use a reliable password manager, like Kaspersky Password Manager, to create and store strong, unique passwords for each account. Avoid reusing passwords across multiple platforms, as this can make you more vulnerable to breaches.

2. When your apps spy on you: the threat of stalkerware

Stalkerware is software that secretly tracks a person’s location, messages, and daily activities, often disguised as anti-theft or parental control tools but used for malicious purposes. In 2023, over 31,000 cases of stalkerware were identified globally, a 6% rise from the previous year. Countries most affected include Germany, France, and the UK. Many victims are unaware they’re being monitored due to the hidden nature of these apps. Beyond stalkerware, tools like GPS tracking and social media are also being misused, with 34% of people admitting to checking their date’s profiles as “due diligence.”

How to protect yourself:

Be vigilant: look for signs of stalkerware on your device, such as unusual battery drain, apps you don’t recognize, or sudden permission changes.
Avoid tampering with stalkerware: if you believe stalkerware is on your device, do not attempt to erase or disable it on your own. This could tip off the perpetrator or delete important evidence that could be used in legal action. Instead, contact a local support organization or consult the Coalition Against Stalkerware for expert help.
Update your privacy settings: regularly review app permissions and adjust privacy settings to minimize the risk of being monitored.

3. Deepfake threats: when what you see isn’t real

Deepfakes use artificial intelligence (AI) to create hyper-realistic fake images, videos and even audio recordings. Once dismissed as low-quality, easy-to-spot tricks, deepfakes have now evolved to become incredibly convincing. Open-source tools have made it easy for anyone with basic tech skills to create deepfakes, making this technology a growing concern in online relationships.

While celebrity deepfakes were the first to capture the public’s attention, ordinary individuals are now victims of this technology. In romantic contexts, deepfakes can be used to create fake compromising images or videos. These materials are then used for blackmail, with perpetrators threatening to release the content unless their demands are met.

How to protect yourself:

Know the warning signs: be cautious if someone makes threats involving compromising media. They could be using deepfake technology.
Report deepfakes: many platforms now use AI detection tools to flag and remove deepfake content. If you are targeted, report the content to the platform.
Stay informed: awareness is key. Educate yourself about deepfake technology and its potential misuse in online dating.

Building a Safer Digital Space: A Call for Education

Education is key to reducing online dating risks. Consent in the digital world must be ongoing, not a one-time agreement. 30% of men believe receiving an intimate image means they own it, highlighting a serious issue around digital privacy. Targeted education for boys and men is crucial to address intimate image abuse, stalking, and harassment. As technology reshapes relationships, we must stay informed and vigilant to protect against growing threats like image abuse, stalkerware, and deepfakes.

By understanding these risks and taking steps to protect ourselves, by Installing a comprehensive security solution such as Kaspersky Premium, you can help protect your devices from threats like stalkerware and other malware.

For more details, read our report and safe dating guide.

Kaspersky official blog – ​Read More

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a vulnerability in Versa Networks’ Versa Director, a centralized management platform for Secure SD-WAN and SASE solutions. This vulnerability, identified as CVE-2024-45229, stems from improper input validation and affects various versions of the software. Organizations using vulnerable versions of Versa Director are urged to take immediate action to protect their network security.

Versa Director plays an important role in orchestrating and managing network and security policies across diverse locations. Its REST APIs facilitate automation and streamline operations through a unified interface, allowing IT teams to configure and monitor their network systems efficiently. However, the recent vulnerability exposes critical weaknesses that could compromise its effectiveness and, more importantly, the security of the organizations utilizing it.

The identified flaw involves improper input validation in certain APIs that do not require authentication by design. For Versa Directors connected directly to the Internet, attackers could potentially exploit this vulnerability by injecting invalid arguments into a GET request. This could expose authentication tokens of currently logged-in users, which can then be used to access additional APIs on port 9183. Importantly, this exploit does not reveal usernames or passwords, but the implications of token exposure could lead to broader security breaches.

Affected Versions and Severity Assessment

The vulnerability identified in Versa Director, tracked as CVE-2024-45229, highlights critical security risks that organizations must address promptly. This flaw arises from improper input validation in certain REST APIs, which are integral to the platform’s operation. As a centralized management solution for Secure SD-WAN and SASE, Versa Director plays a vital role in orchestrating and managing network and security policies across various locations. The implications of this vulnerability can impact the security and functionality of network operations for affected organizations.

The vulnerability affects multiple versions of Versa Director, specifically those released prior to September 9, 2024, including 22.1.4, 22.1.3, and 22.1.2, along with all versions of 22.1.1, 21.2.3, and 21.2.2. The CVSS score assigned to this vulnerability is 6.6, indicating a high severity level. The flaw primarily stems from certain APIs that, by design, do not require authentication. These include interfaces for logging in, displaying banners, and registering devices.

When Versa Directors are directly connected to the Internet, attackers can exploit this vulnerability by injecting invalid arguments into a GET request. This exploitation can lead to the unauthorized exposure of authentication tokens belonging to currently logged-in users. While this flaw does not compromise usernames or passwords, the exposure of these tokens can allow attackers to access additional APIs. Such unauthorized access could facilitate broader security breaches, potentially impacting sensitive data and operational integrity.

Conclusion

The vulnerability discovered in Versa Director represents a serious security risk, particularly for the instances exposed to the Internet. As the management platform plays a crucial role in network operations, organizations need to prioritize patching and security enhancements. The CISA advisory highlights the importance of being proactive in addressing vulnerabilities, as failure to do so could lead to severe consequences, including data breaches and operational disruptions.

Mitigation and Recommendations

Implement the latest patches provided by Versa Networks immediately.

Upgrade from version 22.1.1 to 22.1.3 and from 21.2.2 to 21.2.3 for comprehensive protection.

Critical systems are isolated through network segmentation to limit potential attack surfaces.

Using Web Application Firewalls (WAF) or API gateways to block access to vulnerable URLs.

Utilizing advanced Security Information and Event Management (SIEM) systems to detect unusual activities.

Regularly reviewing logs and alerts for real-time threat identification.

Uncover weaknesses in the network infrastructure.

Remediate vulnerabilities before malicious actors can exploit them.

The post Critical Vulnerability Discovered in Versa Director: What Organizations Need to Know appeared first on Cyble.

Blog – Cyble – ​Read More

Here at Kaspersky Daily we’re forever urging readers of our blog to be real careful when downloading content to their devices. After all, even Google Play isn’t immune to malware — let alone unofficial sources with mods and hacked versions. For as long as the digital world keeps turning, Trojans will continue to worm their way onto devices that don’t have reliable protection.

Today we tell the story of how 11 million Android users worldwide fell victim to the Necro Trojan. Read on to learn which apps we found it in — and how to protect yourself.

What is Necro

Our regular readers may recall reading about Necro when we first wrote about it back in 2019. Back then, our experts discovered a Trojan in CamScanner, a text recognition app, which had clocked up over 100 million downloads on Google Play. Now the “necromancers” have injected new blood into the old Trojan: we found a version richer in features both in popular apps on Google Play and in various app mods on unofficial sites. Most likely, the developers of these apps used an unverified ad integration tool through which Necro infiltrated the code.

Today’s Necro is a loader obfuscated to avoid detection (but that didn’t stop us from finding it). It downloads the malicious payload in no less a crafty way using steganography to hide its code in a seemingly harmless image.

And downloaded malicious modules are able to load and run any DEX files (compiled code written for Android), install downloaded apps, tunnel through the victim’s device, and even — potentially — take out paid subscriptions. In addition, they can display and interact with ads in invisible windows, as well as open arbitrary links and run any JavaScript code.

Read more about how Necro is designed and how it operates on our Securelist blog.

Where Necro hides

We found traces of the malware in a user-modded version of Spotify, in the photo editing app Wuta Camera, in Max Browser, and in mods for both WhatsApp and popular games (including Minecraft).

In modded Spotify

At the very start of our investigation, our eye was caught by an unusual modification of the Spotify Plus app. Users were invited to download a new version of their favorite app from an unofficial source — for free and with an unlocked subscription offering unlimited listening, both online and off. The nice green Download Spotify MOD APK button looks so tempting, right? Stop! It’s malware. Never mind the Security Verified and Official Certification guarantees; this app will wreak havoc.

When this app was launched, the Trojan sent information about the infected device to the attackers’ C2 server, and in response got a link to download a PNG image. The malicious payload was hidden in this image by means of steganography.

In apps on Google Play

While the Spotify mod was distributed through unofficial channels, the Necro-infected Wuta Camera found its way onto Google Play, from where the app was downloaded more than 10 million times. According to our data, the Necro loader penetrated version 6.3.2.148 of Wuta Camera, with clean versions starting from 6.3.7.138. So, if your version is lower than that, you need to update immediately.

Max Browser’s audience is much smaller — just one million users. Necro infiltrated its app code in version 1.2.0. The app was removed from Google Play following our notification, but it’s still available on third-party resources. These, of course, should be trusted even less, since trojanized versions of the browser may still live there.

In mods for WhatsApp, Minecraft, and other popular apps

Alternative messenger clients usually boast more features than their official cousins. But you should treat all mods, be they on Google Play or a third-party site, as suspicious, for they often come bundled with Trojans.

For instance, we found mods for WhatsApp with the Necro loader being distributed from unofficial sources, as well as mods for Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. And this selection sure isn’t random — attackers always target the most popular games and apps.

How to guard against Necro

First of all, we strongly advise against downloading apps from unofficial sources because the risk of device infection is extremely high. Secondly, apps on Google Play and other official platforms should also be treated with a healthy dose of skepticism. Even a popular app like Wuta Camera, with 10 million downloads, proved powerless in the face of Necro.

Make sure to protect your devices so as not to be caught off guard by a Trojan. Kaspersky for Android detects Necro and other similar malware.
Check the app page in the store before downloading. We particularly recommend looking at reviews with low ratings, as these generally give heads-up about potential pitfalls. Rave reviews could be fake, while a high overall score is easy to inflate.
Don’t look for mods or hacked versions. Such apps are almost always stuffed with all kinds of Trojans: from the most harmless to mobile spyware like CanesSpy.

Kaspersky official blog – ​Read More

Key Takeaways

This week, the U.S. Cyber Security and Infrastructure Agency (CISA) incorporated seven vulnerabilities to its Known Exploited Vulnerability (KEV) catalog based on evidence of active exploitation.  

The team at Cyble Research and Intelligence Labs analyzed multiple high- and critical-severity CVEs impacting products and software used worldwide. One such vulnerability is CVE-2024-38812, which impacts the VMware vCenter Server and can be remotely exploited without any user interaction. 

CRIL also assessed a high probability of certain vulnerabilities that attackers can use in malicious campaigns, including data breaches and supply chain attacks. Namely, CVE-2024-29847, which impacts Ivanti Endpoint Manager, CVE-2024-45694, an arbitrary code exaction vulnerability impacting D-Link wireless routers, and CVE-2024-45409, which impacts GitLab CE/EE instance.

CRIL’s dark web monitoring sensors observed 15 instances on underground forums and Telegram channels, where vulnerability and Proof of Concepts (POC) discussions were taking place. Some of the notable ones are: CVE-2024-8504, CVE-2024-8503, CVE-2024-29847, CVE-2024-38014, VMware Workstation client, TOTOLINK routers and TP Link Archer C6U/C6 routers.

Overview

This Weekly Vulnerability Intelligence Report explores vulnerability updates between September 11 and September 17. The Cyble Research and Intelligence Labs team investigated 24 vulnerabilities this week, among other disclosed vulnerabilities, to present critical, high, and medium degree insights.

The Week’s Top Vulnerabilities

CVE-2024-45409: Improper Verification of Cryptographic Signature in GitLab Community Edition (CE) and Enterprise Edition (EE)

The critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). Security Assertion Markup Language (SAML) is a single sign-on (SSO) authentication protocol that allows users to log in across different services using the same credentials. An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as an arbitrary user within the vulnerable system. 

CVSS Score: 10

Internet Exposure: No 

Patch Available: Yes 

CVE-2024-38812: Heap-based Buffer Overflow in VMware vCenter Server

The critical heap-overflow vulnerability impacts the VMware vCenter Server, a centralized management platform for VMware vSphere environments that provides a single interface to manage and monitor multiple ESXi hosts and the virtual machines running on them. A malicious actor with network access to the vCenter Server may trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution. 

CVSS Score: 9.8

Internet Exposure: Yes

Patch Available: Yes 

CVE-2024-29847: Deserialization of Untrusted Data in Ivanti Endpoint Manager

The critical vulnerability impacts Ivanti Endpoint Manager is a comprehensive solution designed for managing and securing endpoints across various operating systems and devices. It integrates Unified Endpoint Management (UEM) capabilities, allowing IT teams to oversee a diverse range of devices from a single platform. Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6 or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. 

CVSS Score: 9.8

Internet Exposure: Yes 

Patch Available: Yes 

CVE-2024-6671, CVE-2024-6670: SQL Injection in Progress WhatsUp Gold

The criticalSQL Injection vulnerabilities impact Progress WhatsUp Gold, a comprehensive network monitoring software designed to provide visibility and control over network devices, servers, applications, and virtual environments. It allows IT teams to monitor performance metrics and ensure the health of their infrastructure, whether deployed on-premises or in the cloud. The exploitation of the vulnerabilities allows an unauthenticated attacker to retrieve the user’s encrypted password. 

Recently, researchers disclosed that attackers are leveraging publicly available exploit code to exploit critical vulnerabilities.  

CVSS Score: 9.8 respectively

Internet Exposure: Yes 

Patch Available: Yes 

CVE-2024-45694: Stack-based Buffer Overflow in D-Link Routers

Impact Analysis: The critical stack-based buffer overflow vulnerability impacts the web service of certain models of D-Link wireless routers. Unauthenticated, remote attackers can exploit this vulnerability to execute arbitrary code on the device. 

CVSS Score: 9.8

Internet Exposure: No

Patch Available: Yes

CVE-2024-6678: Authentication Bypass by Spoofing in GitLab Community Edition (CE) and Enterprise Edition (EE)

Impact Analysis: The high severity vulnerability impacts GitLab Community Edition (CE) and Enterprise Edition (EE), affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2. The exploitation of the vulnerability allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances, leading to the disruption of automated workflows of targeted organizations. 

CVSS Score: 8.8

Internet Exposure: No 

Patch Available: Yes 

Vulnerabilities and Exploits Discussed in the Underground

CRIL observed multiple instances of vulnerability discussions and the promulgation of proof-of-concepts (POCs) in underground forums and channels.

On a Telegram channel named ‘Proxy Bar,’ the administrator shared POCs for several critical and high-severity vulnerabilities, including CVE-2024-8504 (OS Command Injection), CVE-2024-8503 (SQL injection), CVE-2024-40711 (RCE in Veeam Backup and Replication software) and CVE-2024-38080 (Privilege Escalation in Windows Hyper-V).

On the Telegram channel CyberDilara, the administrator shared a POC for CVE-2024-38014, A high severity vulnerability in the Windows Installer that allows for elevation of privileges.

Hackers Factory also shared a POC for CVE-2024-28000, a critical privilege escalation vulnerability affecting the LiteSpeed Cache plugin for WordPress, which allows unauthorized users to gain Administrator-level access to a WordPress site.

TA tikila claimed to have three a 0-day vulnerabilities affecting VMware Workstation, TOTOLINK routers, and TP-Link Archer C6U/C6 routers.

Cyble’s Recommendations

Stay Up-to-Date with Patches

Make it a priority to update all your systems with the latest vendor patches. Vulnerabilities get exploited quickly, and having a schedule for regular updates ensures you’re not left exposed. Apply critical patches as soon as they’re released—don’t delay.

Streamline Your Patch Management

Building a solid patch management process is key. It starts with knowing what’s in your system, followed by assessing, testing, and deploying patches in an orderly fashion. Automating this process can save time and prevent human error.

Segment Networks for Better Protection

Don’t put all your eggs in one basket. Segregating your network can safeguard your most critical assets by limiting their exposure. Use firewalls, VLANs, and tight access controls to ensure only authorized users have access.

Have a Response Plan Ready

When incidents happen—and they will—having a well-rehearsed incident response plan is a lifesaver. It should clearly define how you’ll detect, react to, and recover from threats. Regularly test and update this plan to ensure it’s aligned with the latest risks.

Monitor and Log Activities 

You can’t fix what you can’t see. Monitoring and logging malicious activity is crucial. Use SIEM solutions to collect and analyze logs in real-time, helping you catch threats before they escalate.

Stay Informed on Security Alerts

Stay ahead of threats by subscribing to security alerts from vendors and authorities. Make sure to evaluate the impact of these alerts on your organization and act swiftly.

Test for Vulnerabilities

Conduct regular Vulnerability Assessments and Penetration Testing (VAPT) to expose weak points in your defenses. Pair these exercises with audits to confirm you’re following security protocols.

Know Your Assets

Keeping a current inventory of internal and external assets, like hardware and software, is essential. Asset management tools can help maintain visibility, so you stay on top of everything in your network.

Strengthen Password Security

Weak passwords are an open door for hackers. Start by changing default passwords immediately and enforcing a strong password policy across your organization. Coupling that with multi-factor authentication (MFA) adds an extra layer of protection, making it harder for unauthorized users to gain access.

The post HED: Weekly IT Vulnerability Report for September 11 – September 17, 2024 appeared first on Cyble.

Blog – Cyble – ​Read More