{WARNING} Cybersecurity vulnerabilities/flaws: Ledger exploit (10.08.20).

[TheBeardedBaby]

There are so many threats out there that are not only in the crypto world, but can be used to steal your coins, so lets put all the warning posts here (and keep the forum tidy).
I'll try to keep the OP updated regularly.


Ledger exploit makes you spend Bitcoin instead of altcoins.^new
Added> 10.08.20

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
Added> 04.02.20

New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now!
Added> 01.11.19

iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny
Added> 27.09.19

NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs
Added> 11.09.19

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs
Added> 12.08.19

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices
Added> 12.07.19

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices
Added> 11.07.19

Zoom has a flaw that lets a website turn on your Mac's camera without permission
Added> 10.07.19

Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions
Added> 10.07.19

"17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device"
Added> 05.07.19
Already created topics:
Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses

WARNING to all DELL users. Security Flaw in Pre-Installed Dell Support Software.

WARNING! to all VLC player users! Stop using VLC and update it now!!

WARNING! Cryptomining Malware Launches Linux VMs On Windows and macOS

PSA: Firefox zero-day exploit used to attack Coinbase. Update Firefox

Malware infected wallets in Github, doublecheck before download, examples here.
Added> 26.06.19
"New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched"

macOS Gatekeeper Bypass Vulnerability

GateKeeper is a security feature built into Apple macOS that enforces code signing and verifies downloaded applications before allowing them to run, helping users protect their systems from malware and other malicious software.

That means, if you download an application from the Internet, GateKeeper will only allow it to execute without any warnings if it has been signed with a valid Apple-issued certificate, otherwise will prompt you to allow or deny the execution.
However, Gatekeeper has been designed to treat both external drives (USB or HDD) and network shares as "safe locations" from where users can run any application without involving GateKeeper's checks and prompts.

Until Apple patches this issue, researcher advised network administrators to block NFS communications with external IP addresses, and for home users, it is always important to not open email attachments from an unknown, suspicious, or untrustworthy source.

Source.


Added> 27.06.19
"Legit Apps Turned into Spyware' Targeting Android Users in Middle East"

Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018.
Dubbed "ViceLeaker" by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle eastern countries with a powerful surveillance malware designed to steal almost all accessible information, including call recordings, text messages, photos, videos, and location data—all without users' knowledge.

According to the researchers, the ViceLeaker attack campaign is still ongoing, and attackers could potentially distribute malicious repackaged versions of legitimate apps through third-party app stores, instant messengers, or attacker-controlled online webpages.
Since such apps masquerade as legitimate or popular apps, Android users are highly recommended to always download apps from trusted sources, like Google Play Store, to prevent themselves from becoming a victim to this attack.
However, you should also not trust every app available on the Play Store. So, always stick to only verified developers to avoid installing malicious apps.

Source
Stay safe!

[1714325465]

1714325465

[1714325465]

1714325465

[1714325465]

1714325465

[1714325465]

1714325465

[nakamura12]

Is the solution on these flaws by updating it?. Anyway, I don't have any of those mention right now. I used VLC before but seems like they have problems that you'll encounter. Is there any other programs that can affect your cyber security as of now?. Does apple mobile devices can be affected too?.

[Stedsm]

Is the solution on these flaws by updating it?. Anyway, I don't have any of those mention right now. I used VLC before but seems like they have problems that you'll encounter. Is there any other programs that can affect your cyber security as of now?. Does apple mobile devices can be affected too?.

I believe that any device that is connected to the internet and most importantly, gets filled with a lot of apps every now and then (even if it passes the Security measures of Siri), I believe it is still vulnerable to getting hacked and your data stolen.

For you to save your coins in your phone:

- Don't save your keys in it at all.
- Use 2FA and password and never forget it at any cost.
- If you've got email and phone verification to login, I'd still suggest you 2FA over these as emails can be hacked as well as SMSes can also be watched.
- Guard your wallet with a password different than the one you'll use to get into it (like when you tap on that wallet, it should ask for a pattern/password for extra security).

[Lafu]

Maybe you can add this thread to your OP too https://bitcointalk.org/index.php?topic=4601535.0  guess a lot of new users dont know that this can be happen.

And it should be a warning for those that download things and that they should check it a few times before they download and install Software.

Also simple Browser extensions can also have some Malware in it .

[Upgrade00]

- Use 2FA and password and never forget it at any cost.

It's also advisable to back up your 2FA account, if you use Google authenticator, or more preferably use authy which automatically creates a back up which can be assesses using your email and password

[TheBeardedBaby]

Maybe you can add this thread to your OP too https://bitcointalk.org/index.php?topic=4601535.0  guess a lot of new users dont know that this can be happen.

And it should be a warning for those that download things and that they should check it a few times before they download and install Software.

Also simple Browser extensions can also have some Malware in it .

Done man, good work. I haven't seen your thread before very useful information BTW if you see any threads that fall under this warning thread, please post them here

[Lafu]

I will be try to get me some list and i will post it here because lately the theme Malware and some kind of things getting bigger .
I saw a few topics and threads about that but i have to look where they are and i will post it here for sure .

[Stedsm]

With all the ado going about these vulnerabilities where we are talking mostly about malwares, can someone throw some light on ransomware too which was on everyone's lips as it used to hack the PCs and hackers asking for BTC as extortion money to give back your data? That is one major thing that puts crypto under red light.

[TheBeardedBaby]

With all the ado going about these vulnerabilities where we are talking mostly about malwares, can someone throw some light on ransomware too which was on everyone's lips as it used to hack the PCs and hackers asking for BTC as extortion money to give back your data? That is one major thing that puts crypto under red light.

Well, you can live even without antivirus if you follow certain rules, you need to keep good digital hygiene, that includes to be careful which sites you are visiting, how you handle your mail and just the typical common sense kind of things. If you don't open a file you are not sure they are OK, and enable the shadow volume copy, you're going to be fine even with the randsomware.

[Lafu]

@iasenko

Maybe that is something too for this thread !

Lately a lot of Fake Anns was created with malware downloads on the Wallet download links.
We or some Users know that but as a new Users or Newbies dont know that.

How it works is that they create an Ann for some Coin and it Looks like as a normal download link but in the background is a link hided there are not pointing to github.
It looks like when you see the Link that it is from github but it dosnt take you to there.
It gets you instant an download from a other site and the Wallet is infected with Malware.


I have done an example here how it looks https://bitcointalk.org/index.php?topic=4720640.msg51528662#msg51528662

[TheBeardedBaby]

"17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device"

Yet another weakness found in the Firefox. Read and beware.

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.

Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.

The attack takes advantage of the way Firefox implements Same Origin Policy (SOP) for the "file://" scheme URI (Uniform Resource Identifiers), which allows any file in a folder on a system to get access to files in the same folder and subfolders.

Here is a video of how it's done > https://www.youtube.com/watch?v=XU223hfXUVY

Source

[hatshepsut93]

"17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device"

Sometimes crypto sites, usually wallets, tell their users to download the html page and run it locally - MyEtherWallet does this, if I remember correctly. With this bug now revealed, users should no longer rely on the fact that browsers are sandboxed and can't harm their machine. Like with any other software, people should verify that they get HTML files from the real developers, and that developers have some established reputation and not just nonames that popped up yesterday.

[Lafu]

With the software Sandboxie you can run your browser also in sandboxed mode and if there is some program or other software that would be try to doing something it cant !
You also have an log file there where you can look when something happend .

With the wallets i has got that some years ago , i guess it was the dinar wallet , installed and 3 Minutes all my accounts and things was hacked even some BTC stolen !
And that was changed my mind and looking before i install or use some software !

[Baofeng]

Maybe you can add this as well to the list,

Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions

"Apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels," the researchers wrote.
"These channels occur when there is an alternate means to access the protected resource that is not audited by the security mechanism, thus leaving the resource unprotected."

I recently posted this personal experience in relation to the above article: Smishing and how not to fall for it

[TheBeardedBaby]

@Baofeng, I added your one today.

Warning to all Mac users using Zoom. Zoom has a flaw that lets a website turn on your Mac's camera without permission

Video conferencing app Zoom has a major security flaw in its Mac client, letting any website turn on your Mac's camera without a warning, security researcher Jonathan Leitschuh claims.

In a blog post Monday, Leitschuh detailed the vulnerability, which he says he'd disclosed to Zoom more than 90 days ago, and the company still hasn't fixed it

source

[Baofeng]

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices

A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News.
Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet, which allow users to store and share their data and backups with multiple computers.

Not using it, but for those who have installed it in their home and small business, just be careful and your system might be compromise, specially if you have like a wallet backup or some personal data in it.

[TheBeardedBaby]

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices

A new ransomware family has been found targeting Linux-based Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News.
Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet, which allow users to store and share their data and backups with multiple computers.

Not using it, but for those who have installed it in their home and small business, just be careful and your system might be compromise, specially if you have like a wallet backup or some personal data in it.

Good, I've updated the OP. No need to be only crypto related threat, I'm not sure if anyone would keep their private keys or backups on device with access to internet or the local network.

[TheBeardedBaby]

If you are using Libre Office you should be very careful about what files you are opening.
Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)

You should be extra careful about what document files you open using the LibreOffice software over the next few days.
That's because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file.

There is no fix yet but in the next few days the LibreOffice team will come out with an patch. Until then stay away from any suspicious files.

[OasisDre]

Damn its like the internet is not safe anymore,how can a data leaking bug lives in a browser for years and just get detected now??unbelievable

[Baofeng]

Robinhood Brokerage Firm Alerts of Passwords Stored in Clear Text

The Robinhood stock trading site is alerting users that passwords were stored in their system in human readable format, otherwise known as clear text. While no foul play was detected, this could have allowed employees or unauthorized users to view an account's password.

Any site that stores passwords should only do so in an encrypted manner and not store them in a clear text format. If stored in clear text, the passwords are insecure as employees could potentially see an account's passwords and attackers could access them in the event of a breach.

In an email shared with BleepingComputer, Robinhood is alerting affected users that "an issue" caused their passwords to be stored in a clear text. This issue was discovered Monday night and has since been resolved, but Robinhood is suggesting users reset their passwords to be safe.

I'm sure some of you are famiiar with Robinhood since they've just open up their crypto trading. So for those who have an account on that platform, you need to update your password as not to risk your account.