Security News

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit, which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw in ThroughTek point-to-point products, successful exploitation of which could result in the "Ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality."

Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform.A remote attacker could leverage the bug to gain access to the live audio and video streams, or to take control of the vulnerable device.

A California-based IT consultancy has sued Huawei and its subsidiary in Pakistan alleging the Chinese telecom firm stole its trade secrets and failed to honor a contract to develop technology for Pakistani authorities. The complaint [PDF], filed on Wednesday in the US District Court in Santa Ana, California, describes how Business Efficiency Solutions, LLC, began working with Huawei Technologies in 2016 to overhaul the IT systems available to the Punjab Police Integrated Command, Control and Communication Center of Lahore, capital of the Punjab province of Pakistan.

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz said. The exploitation process hinges on registering a domain on Amazon's Route53 DNS service with the same name as the DNS name server - which provides the translation of domain names and hostnames into their corresponding Internet Protocol addresses - resulting in a scenario that effectively breaks the isolation between tenants, thus allowing valuable information to be accessed.

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz said. The exploitation process hinges on registering a domain on Amazon's Route53 DNS service with the same name as the DNS name server - which provides the translation of domain names and hostnames into their corresponding Internet Protocol addresses - resulting in a scenario that effectively breaks the isolation between tenants, thus allowing valuable information to be accessed.

A previously undocumented Android-based remote access trojan has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News.

Private Israeli firm NSO Group has denied media reports its Pegasus software is linked to the mass surveillance of journalists and rights defenders, and insisted that all sales of its technology are approved by Israel's defence ministry. NSO spokesman Oded Hershkovitz told Israel's Army Radio the list of phone numbers was "Not connected" to NSO, but rather to other companies and open-source software.

Cybersecurity researchers have opened the lid on the continued resurgence of the insidious Trickbot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law enforcement. "The new capabilities discovered are used to monitor and gather intelligence on victims, using a custom communication protocol to hide data transmissions between servers and victims - making attacks difficult to spot," Bitdefender said in a technical write-up published Monday, suggesting an increase in sophistication of the group's tactics.

MI5's UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers. McCallum's view is, "For as long as it's cheap and easy for hostile actors to try to access UK data; or to cultivate initially-unwitting individuals here; or to spread false, divisive information - they are bound to keep doing so." The UK house also needs to be got in order - and in both cases the call is for new and stronger legislation.

Vulnerabilities identified in the STEM Audio Table conference room speakerphone could be exploited by hackers for various purposes, including to eavesdrop on conversations, according to cybersecurity research firm GRIMM. The first identified issue is a stack-based buffer overflow in the function responsible for handling user requests for the device's "Local server" configuration option. GRIMM's researchers discovered a command injection bug in the firmware update mechanism of the device, which is handled by a Python script that accepts user-supplied arguments.