Bitcoin Forum

macOS Gatekeeper Bypass Vulnerability

GateKeeper is a security feature built into Apple macOS that enforces code signing and verifies downloaded applications before allowing them to run, helping users protect their systems from malware and other malicious software.

That means, if you download an application from the Internet, GateKeeper will only allow it to execute without any warnings if it has been signed with a valid Apple-issued certificate, otherwise will prompt you to allow or deny the execution.
However, Gatekeeper has been designed to treat both external drives (USB or HDD) and network shares as "safe locations" from where users can run any application without involving GateKeeper's checks and prompts.

Until Apple patches this issue, researcher advised network administrators to block NFS communications with external IP addresses, and for home users, it is always important to not open email attachments from an unknown, suspicious, or untrustworthy source.

Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018.
Dubbed "ViceLeaker" by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle eastern countries with a powerful surveillance malware designed to steal almost all accessible information, including call recordings, text messages, photos, videos, and location data—all without users' knowledge.

According to the researchers, the ViceLeaker attack campaign is still ongoing, and attackers could potentially distribute malicious repackaged versions of legitimate apps through third-party app stores, instant messengers, or attacker-controlled online webpages.
Since such apps masquerade as legitimate or popular apps, Android users are highly recommended to always download apps from trusted sources, like Google Play Store, to prevent themselves from becoming a victim to this attack.
However, you should also not trust every app available on the Play Store. So, always stick to only verified developers to avoid installing malicious apps.

Is the solution on these flaws by updating it?. Anyway, I don't have any of those mention right now. I used VLC before but seems like they have problems that you'll encounter. Is there any other programs that can affect your cyber security as of now?. Does apple mobile devices can be affected too?.

- Use 2FA and password and never forget it at any cost.

Maybe you can add this thread to your OP too https://bitcointalk.org/index.php?topic=4601535.0 (https://bitcointalk.org/index.php?topic=4601535.0)  guess a lot of new users dont know that this can be happen.

And it should be a warning for those that download things and that they should check it a few times before they download and install Software.

Also simple Browser extensions can also have some Malware in it .

With all the ado going about these vulnerabilities where we are talking mostly about malwares, can someone throw some light on ransomware too which was on everyone's lips as it used to hack the PCs and hackers asking for BTC as extortion money to give back your data? That is one major thing that puts crypto under red light.

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.

Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.

The attack takes advantage of the way Firefox implements Same Origin Policy (SOP) for the "file://" scheme URI (Uniform Resource Identifiers), which allows any file in a folder on a system to get access to files in the same folder and subfolders.

"Apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels," the researchers wrote.
"These channels occur when there is an alternate means to access the protected resource that is not audited by the security mechanism, thus leaving the resource unprotected."

Video conferencing app Zoom has a major security flaw in its Mac client, letting any website turn on your Mac's camera without a warning, security researcher Jonathan Leitschuh claims.

In a blog post Monday, Leitschuh detailed the vulnerability, which he says he'd disclosed to Zoom more than 90 days ago, and the company still hasn't fixed it

A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News.
Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet, which allow users to store and share their data and backups with multiple computers.

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices (https://thehackernews.com/2019/07/ransomware-nas-devices.html)


Not using it, but for those who have installed it in their home and small business, just be careful and your system might be compromise, specially if you have like a wallet backup or some personal data in it.

You should be extra careful about what document files you open using the LibreOffice software over the next few days.
That's because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file.

The Robinhood stock trading site is alerting users that passwords were stored in their system in human readable format, otherwise known as clear text. While no foul play was detected, this could have allowed employees or unauthorized users to view an account's password.

Any site that stores passwords should only do so in an encrypted manner and not store them in a clear text format. If stored in clear text, the passwords are insecure as employees could potentially see an account's passwords and attackers could access them in the event of a breach.

In an email shared with BleepingComputer, Robinhood is alerting affected users that "an issue" caused their passwords to be stored in a clear text. This issue was discovered Monday night and has since been resolved, but Robinhood is suggesting users reset their passwords to be safe.

If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you're probably screwed.
A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware in a way that remains undetected over time, sometimes for years.

All the vulnerable drivers, as listed below, uncovered by the researchers, have been certified by Microsoft.
American Megatrends International (AMI)
ASRock
ASUSTeK Computer
ATI Technologies (AMD)
Biostar
EVGA
Getac
GIGABYTE
Huawei
Insyde
Intel
Micro-Star International (MSI)
NVIDIA
Phoenix Technologies
Realtek Semiconductor
SuperMicro
Toshiba

"Some vulnerable drivers interact with graphics cards, network adapters, hard drives, and other devices," researchers explain. "Persistent malware inside these devices could read, write, or redirect data stored, displayed, or sent over the network. Likewise, any of the components could be disabled as part of a DoS or ransomware attack."

Device driver flaws can be more dangerous than other application vulnerabilities because it allows an attacker access to the "negative" firmware rings that lie beneath the operating system and maintain persistence on the device, even if the operating system is completely reinstalled, just like in case of LoJax malware.

Researchers have reported these vulnerabilities to the affected vendors, of which some, including Intel and Huawei, have already released patch updates and issued a security advisory.

Besides this, researchers have also promised to soon release a script on GitHub that would help users find wormhole drivers installed on their systems, along with proof-of-concept code, video demonstrations, and links to vulnerable drivers and tools.

Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched 'BlueKeep' RDP vulnerability.

Discovered by Microsoft's security team itself, all four vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226, can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction.

Besides this, Microsoft also says that the company has found "no evidence that these vulnerabilities were known to any third party," or being exploited in the wild.

    "It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these," Microsoft strongly recommended.


If left unpatched, these security vulnerabilities could allow attackers to spread wormable malware in a similar way as the infamous WannaCry and NotPetya malware was spread across the globe in 2017.

If you are using Libre Office you should be very careful about what files you are opening.
Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)
 (https://thehackernews.com/2019/07/libreoffice-vulnerability.html?m=1)


There is no fix yet but in the next few days the LibreOffice team will come out with an patch. Until then stay away from any suspicious files.

Apparently, the patch for this vulnerability was insufficient, as The Hacker News also reported late last month, which allowed two separate security researchers to bypass the patch and re-enable the attack by exploiting two new vulnerabilities, as explained below:

CVE-2019-9850: Discovered by Alex Inführ, the vulnerability in LibreOffice exists due to insufficient URL validation that allows malicious attackers to bypass the protection added to patch CVE-2019-9848 and again trigger calling LibreLogo from script event handlers.

CVE-2019-9851: Discovered by Gabriel Masei, this flaw resides in a separate feature where documents can specify pre-installed scripts, just like LibreLogo, which can be executed on various global script events such as document-open, etc.

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer.
Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff out sensitive data, such as someone's SSH password, from Intel's CPU cache.

In its advisory, Intel has acknowledged the issue and recommended users to either completely disable DDIO or at least RDMA to make such attacks more difficult, or otherwise suggested to limit direct access to the servers from untrusted networks.

Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps.

On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus, are forbidden from storing what you type unless you grant "full access" permissions to enable some additional features through network access.
...
However, in the brief security advisory, Apple says that an unpatched issue in iOS 13 and iPadOS could allow third-party keyboard apps to grant themselves "full access" permission to access what you are typing—even if you deny this permission request in the first place.

It should be noted that the iOS 13 bug doesn't affect Apple's built-in keyboards or third-party keyboards that don't make use of full access.

...
Instead, the bug only impacts users who have third-party keyboard apps—such as popular Gboard, Grammarly, and Swiftkey—installed on their iPhones or iPads, which are designed to request full access from users.

Though having full access allows app developers to capture all keystroke data and everything you type, it's worth noting that likely no reputable third-party keyboard apps would by default abuse this issue.

Even if that doesn't satisfy you, and you want to check if any of the installed third-party keyboards on your iPhone or iPad has enabled full access without your knowledge by exploiting this bug, you can open the Settings → General → Keyboard → Keyboards.

Apple assured its users that the company is already working on a fix to address this issue, which it plans to release in its upcoming software update.

Until Apple comes up with a fix, you can mitigate this issue by temporarily uninstalling all third-party keyboards from your device just to be on the safer side.

Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.
With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting in the wild to hijack computers.
Without revealing technical details of the vulnerability, the Chrome security team only says that both issues are use-after-free vulnerabilities, one affecting Chrome's audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library.

The use-after-free vulnerability is a class of memory corruption issues that allows corruption or modification of data in the memory, enabling an unprivileged user to escalate privileges on an affected system or software.
Thus, both flaws could enable remote attackers to gain privileges on the Chrome web browser just by convincing targeted users into visiting a malicious website, allowing them to escape sandbox protections and run arbitrary malicious code on the targeted systems.

I came across this news and decide to share it with you guys so people should be aware if their funds get locked by ledger and cannot be spent. You guys need to update the hardware wallet to fix it.
I do not own Ledger and I cannot 100% confirm the legitimacy of the source website but seems that the guy who found the vulnerability actually posted it on Twitter.



Source > https://decrypt.co/37651/ledger-exploit-makes-you-spend-bitcoin-instead-of-altcoins
Source, the guy who found the vulnerability > https://monokh.com/posts/ledger-app-isolation-bypass

TheBeardedBaby, Ledger is fix this vulnerability just one day after monokh announced publicly what exactly it was about - I can confirm that Bitcoin app is updated on 2020-08-05 - more info here : https://donjon.ledger.com/lsb/014/

Aveatrex, about 1 million e-mails are stolen, but Ledger say hacker is got users data (e-mail, first+last name, full home address, and phone number) for 9500 Ledger users/buyers. All users received a general warning, with the difference that these 9500 users received further clarification.

Thanks for your clarification, I do not own any Ledger products, so I am not so familiar with the usage.