Security News

Researchers at mobile security firm Lookout have published information on two recently discovered Android spyware families employed by an advanced persistent threat group named Confucius. For the past several years it also switched to mobile malware, with the first Android surveillanceware ChatSpy being observed in 2018.

Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online. This week, while searching for a means to obtain COVID-19 test results online, I accidentally came across what looked like exposed COVID-19 test results for thousands of patients.

An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. The first-ever large-scale, multi-jurisdictional investigation targeting the India call center scam industry saw the US Department of Homeland Security and Treasury Inspector General for Tax Administration charging Patel and 60 co-conspirators for orchestrating a "Complex scheme" that involved employees based out of call centers in Ahmedabad masquerading as officials from the IRS and US Citizenship and Immigration Services.

The campaign's starting point is an email with an embedded malicious attachment - either in the form of a ZIP file containing an LNK file or a Microsoft Word document - that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw, a 20-year old memory corruption issue in Microsoft Office, which, when exploited successfully, let attackers execute remote code on a vulnerable machine even without user interaction. What's more, the LNK files have a double extension and come with document icons, thereby tricking an unsuspecting victim into opening the file.

Any Chingari User Account Can Be Hijacked in Seconds The Chingari app for iOS and Android asks users to register an account by granting basic profile access to their Google accounts, which is a standard part of OAuth-based authentication. Chingari Patch Update To Be Released Today Kumar responsibly disclosed the issue to the makers of Chingari earlier this week, and the company in response acknowledged the vulnerability.

Any Chingari User Account Can Be Hijacked in Seconds The Chingari app for iOS and Android asks users to register an account by granting basic profile access to their Google accounts, which is a standard part of OAuth-based authentication. Chingari Patch Update To Be Released Today Kumar responsibly disclosed the issue to the makers of Chingari earlier this week, and the company in response acknowledged the vulnerability.

TikTok denied Tuesday sharing Indian users' data with the Chinese government, after New Delhi banned the wildly popular app in a sharp deterioration of relations with Beijing two weeks after a deadly border clash. "TikTok continues to comply with all data privacy and security requirements under Indian law and have not shared any information of our users in India with any foreign government, including the Chinese government," TikTok India chief Nikhil Gandhi said in a statement.

Canada's Citizen Lab laboratory has uncovered a hacks-for-hire phishing operation targeting anyone from political activists and oligarchs to lawyers and CEOs that hit more than 10,000 email inboxes over seven years. The North American outfit claims to have traced the so-called Dark Basin campaign to an Indian firm called BellTroX InfoTech Services - which denies all wrongdoing.

Citizen Lab started its investigation into the 'Dark Basin' group in 2017 after it was contacted by a journalist targeted with phishing pages that were served via the self-hosted open-source Phurl URL shortener. "Dark Basin left copies of their phishing kit source code available openly online, as well as log files" that "Recorded every interaction with the credential phishing website, including testing activity carried out by Dark Basin operators," Citizen Lab said.

According to Mohan, all an attacker needs to know is either victim's Aadhaar ID or linked mobile number or username to unauthorizedly access a targeted Digilocker account, prompting the service to send an OTP and subsequently exploiting the flaw to bypass the sign-in process. It's worth noting that the mobile app version of Digilocker also comes with a 4-digit PIN for an added layer of security.