Santri anonymous

26/10/2020

22/06/2020

[update] Pembobolan data akun Tokopedia.

91 Juta data pengguna Tokopedia dijual di darkweb senilai USD 5000.

22/06/2020

22/06/2020

Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected

South Korean smartphone vendor Samsung released this week a security update to fix a critical vulnerability impacting all smartphones sold since 2014.

This critical security vulnerability can enable arbitrary remote code ex*****on (RCE) if exploited.

The security flaw resides in how the Android OS flavor running on Samsung devices handles the custom Qmage image format (.qmg), which Samsung smartphones started supporting on all devices released since late 2014.

Mateusz Jurczyk, a security researcher with Google's Project Zero bug-hunting team, discovered a way to exploit how Skia (the Android graphics library) handles Qmage images sent to a device.

BUG CAN BE EXPLOITED WITHOUT USER INTERACTION
Jurczyk says the Qmage bug can be exploited in a zero-click scenario, without any user interaction. This happens because Android redirects all images sent to a device to the Skia library for processing -- such as generating thumbnail previews -- without a user's knowledge.

The researcher developed a proof-of-concept demo exploiting the bug against the Samsung Messages app, included on all Samsung devices and responsible for handling SMS and MMS messages.

Jurczyk said he exploited the bug by sending repeated MMS (multimedia SMS) messages to a Samsung device. Each message attempted to guess the position of the Skia library in the Android phone's memory, a necessary operation to bypass Android's ASLR (Address Space Layout Randomization) protection.

Jurczyk says that once the Skia library was located in memory, a last MMS delivers the actual Qmage payload, which then executed the attacker's code on a device.

The Google researcher says the attack usually needs between 50 and 300 MMS messages to probe and bypass the ASLR, which usually takes around 100 minutes, on average.

Furthermore, Jurczyk says that while the attack might look noisy, it can also be modified to execute without alerting the user.

"I have found ways to get MMS messages fully processed without triggering a notification sound on Android, so fully stealth attacks might be possible," the Google researcher says.

In addition, Jurczyk says that while he did not test exploiting the Qmage bug through other methods outside MMS and the Samsung Messages app, exploitation is theoretically possible against any app running on a Samsung phone that can receive Qmage images from a remote attacker.

What do you need to do now to mitigate the Samsung vulnerability attack risk?

The good news is that, by the Google researchers working with Samsung and disclosing this critical vulnerability, it has now been patched. Well, a patch is included in the May 2020 security update that started circulating last week. The patch "adds the proper validation to prevent memory overwrite," according to the update notes. You are advised to apply this update as a matter of urgency now that the existence of this vulnerability is known by potential threat actors.

The bad news, if your Galaxy smartphone is old enough to be on quarterly security updates now, then will your device get this critical update? What about smartphones that have dropped off of the update cycle altogether, will they get any protection against this zero-click attack?

22/06/2020

A hacker group is selling more than 73 million user records on the dark web

A hacker group going by the name of ShinyHunters claims to have breached ten companies and is currently selling their respective user databases on a dark web marketplace for illegal products.

The hackers are the same group who breached last week Tokopedia, Indonesia's largest online store. Hackers initially leaked 15 million user records online, for free, but later put the company's entire database of 91 million user records on sale for $5,000.

Encouraged and emboldened by the profits from the Tokopedia sale, the same group has, over the course of the current week, listed the databases of 10 more companies.

This includes user databases allegedly stolen from organizations such as:

- Online dating app Zoosk (30 million user records)
- Printing service Chatbooks (15 million user records)
- South Korean fashion platform SocialShare (6 million user records)
- Food delivery service Home Chef (8 million user records)
- Online marketplace Minted (5 million user records)
- Online newspaper Chronicle of Higher Education (3 million user records)
- South Korean furniture magazine GGuMim (2 million user records)
- Health magazine Mindful (2 million user records)
- Indonesia online store Bhinneka (1.2 million user records)
- US newspaper StarTribune (1 million user records)

The listed databases total for 73.2 million user records, which the hacker is selling for around $18,000, with each database sold separately.

The hacker group has shared samples from some of the stolen databases, which ZDNet has verified to include legitimate user records -- for the samples where user details were provided.

The authenticity of some of the listed databases cannot be verified at the moment; however, sources in the threat intel community such as Cyble, Nightlion Security, Under the Breach, and ZeroFOX believe ShinyHunters is a legitimate threat actor.

Some believe the ShinyHunters group has ties to Gnosticplayers, a hacker group that was active last year, and who sold more than one billion user credentials on dark web marketplaces, as it operates on a nearly identical pattern.

Source: zdnet

01/06/2020

Di saat bangsa kita tengah mengarungi masa-masa sulit karena pandemi global ini, kita patut bersyukur bahwa Indonesia memiliki dasar negara Pancasila yang menguatkan dan mempersatukan.

Dengan berpegang teguh pada Pancasila, kita bergotong-royong untuk bersama keluar dari berbagai tantangan dan kesulitan.