* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, September 28, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

    Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

    ‘Today’: Sheinelle Jones Thanks Katie Couric for Support After Husband’s Death – CBS 19 News

    Sheinelle Jones Expresses Heartfelt Thanks to Katie Couric for Support After Husband’s Passing

    Sate your hunger at DBA’s Taste of Downtown – Bakersfield.com

    Indulge Your Cravings at DBA’s Taste of Downtown!

    Caesars Entertainment (CZR): Assessing Valuation After Times Square Casino Setback and Mounting Investor Concerns – simplywall.st

    Caesars Entertainment Faces Times Square Casino Hurdles as Investor Concerns Mount

    Why Hilaria Baldwin Has Found the ‘DWTS’ Process ‘Embarrassing’ At Times – WFXG

    Hilaria Baldwin Opens Up About the Embarrassing Moments on Her ‘DWTS’ Journey

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    From shale to steam: Fossil fuel technology boosts clean geothermal energy – Washington Examiner

    From Shale to Steam: How Fossil Fuel Technology is Powering a Clean Geothermal Energy Revolution

    How Sustainable Technology is Shaping a Greener Future – Technology Magazine

    How Sustainable Technology is Driving the Revolution Toward a Greener Future

    Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

    Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

    Autonomous Solutions shows off cutting-edge technology for the public – Cache Valley Daily

    Autonomous Solutions Unveils Cutting-Edge Technology for the Public

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    What are we really gaining from technology? – Fast Company

    What Are We Really Gaining from Technology?

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

    Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

    ‘Today’: Sheinelle Jones Thanks Katie Couric for Support After Husband’s Death – CBS 19 News

    Sheinelle Jones Expresses Heartfelt Thanks to Katie Couric for Support After Husband’s Passing

    Sate your hunger at DBA’s Taste of Downtown – Bakersfield.com

    Indulge Your Cravings at DBA’s Taste of Downtown!

    Caesars Entertainment (CZR): Assessing Valuation After Times Square Casino Setback and Mounting Investor Concerns – simplywall.st

    Caesars Entertainment Faces Times Square Casino Hurdles as Investor Concerns Mount

    Why Hilaria Baldwin Has Found the ‘DWTS’ Process ‘Embarrassing’ At Times – WFXG

    Hilaria Baldwin Opens Up About the Embarrassing Moments on Her ‘DWTS’ Journey

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    From shale to steam: Fossil fuel technology boosts clean geothermal energy – Washington Examiner

    From Shale to Steam: How Fossil Fuel Technology is Powering a Clean Geothermal Energy Revolution

    How Sustainable Technology is Shaping a Greener Future – Technology Magazine

    How Sustainable Technology is Driving the Revolution Toward a Greener Future

    Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

    Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

    Autonomous Solutions shows off cutting-edge technology for the public – Cache Valley Daily

    Autonomous Solutions Unveils Cutting-Edge Technology for the Public

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    What are we really gaining from technology? – Fast Company

    What Are We Really Gaining from Technology?

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign

October 9, 2023
in Technology
Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign
Share on FacebookShare on Twitter

Infosec in brief Bot defense software vendor Human Security last week detailed an attack that “sold off-brand mobile and Connected TV (CTV) devices on popular online retailers and resale sites … preloaded with a known malware called Triada.”

Human named the campaign to infect and distribute the Android devices BADBOX. The infected devices were sold for under $50. Human’s researchers found over 200 models with pre-installed malware, and when it went shopping for seven particular devices found that 80 percent of units were infected with BADBOX.

Analysis of infected devices yielded intel on an ad fraud module Human’s researchers named PEACHPIT. At its peak, PEACHPIT ran on a botnet spanning 121,000 devices a day on Android. The attackers also created malicious iOS apps, which ran on 159,000 Apple devices a day at the peak of the PEACHPIT campaign.

Those infected devices delivered over four billion ads a day – all invisible to users.

Human Security’s technical report [PDF] on BADBOX and PEACHPIT describes the campaign: “A Chinese manufacturer (possibly many manufacturers) builds a wide variety of Android-based devices, including phones, tablets, and CTV boxes.

“At some point between the manufacturing of these products and their delivery to resellers, physical retail stores and e-commerce warehouses, a firmware backdoor … gets installed and the product boxes are sealed in plastic, priming these devices for fraud on arrival at their destination.”

Human Security worked with Apple and Google to disrupt PEACHPIT, but warned BADBOX devices remain plentiful.

“Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plug it in, and unknowingly open this backdoor malware,” wrote Human Security’s Rosemary Cipriano. “This malware can be used to steal PII, run hidden bots, create residential proxy exit peers, steal cookies and one-time passwords, and more unique fraud schemes.”

– Simon Sharwood

It’s been four months since mass exploitation of vulnerabilities in Progress Software’s MOVEit file transfer software was publicly announced, and only a little more recent that the Clop ransomware gang added Sony to its list of victims.

In early October Sony admitted it was a victim. In a breach notification filed with the US state of Maine, Sony admitted that 6,791 of its US employees had their data exposed due to the MOVEit vulnerability, which was vulnerable to an SQL injection attack allowing hackers to elevate their privileges and gain unauthorized access to target environments.

As of late July, more than 400 organizations and 20 million individuals had fallen prey to the MOVEit vulnerability – including high-profile customers like Sony, energy provider Shell and the US Department of Energy.

According to the breach letter sent to Sony employees and their family members, Sony Interactive Entertainment – the subsidiary dealing with video games and consoles like the PlayStation – had its MOVEit environment compromised as early as May 28, just a few days before Progress announced the vulnerability. It took Sony until June 2 to discover it had been affected, at which time it immediately took its MOVEit system offline in response.

Sony redacted the exposed information in its sample form letter filed with the state of Maine, so it’s not immediately clear what personal information was exposed. Maine’s website only says that names “or other personal identifier[s]” were stolen in combination with social security numbers.

Why Sony waited so long to publicly acknowledge the breach is unclear, though it’s worth noting this isn’t the only breach that Sony is dealing with right now.

Ransomed.vc, which has been targeting Japanese companies of late, claimed it hacked Sony and stole 3.14GB of data from its servers – though that claim has been contested by other hackers. Sony has since confirmed the Ransomed.vc breach, meaning that Sony’s security perimeter has been busted twice in the last four months.

As we also reported this week, mass exploitation of a vulnerability in another piece of Progress software, WS_FTP, has reportedly begun, so expect more high-profile breaches to come.

Critical vulnerabilities: CURL up and die edition

CURL – the command line URL fetching tool used by billions of devices to fetch web content – contains a vulnerability so serious that its developer Daniel Stenberg has seen fit to cut the release cycle short to release a critical patch on October 11.

Stenberg didn’t go into details, saying that if he did it “would help identify the problem area with a very high accuracy.” Stenberg only said that the last several years of releases are affected. Two CVEs are included – both affecting libcurl, and only the higher-severity one affecting the CURL tool itself.

In other vulnerability news:

CVSS 10.0 – CVE-2023-2306: Qognify NiceVision IP surveillance camera software version 3.1 and earlier contain hard-coded credentials.

CVE 9.8 – multiple CVEs: Various models of Hitachi Energy switches, firewalls and routers contain a bundle of vulnerabilities that can be exploited to have “a high impact” on availability, integrity and confidentiality of devices.

Multiple CVEs: X.org has patched five vulnerabilities in the libX11 and libXpm libraries addressing an out-of-bounds memory access bug and other vulnerabilities – be sure to patch.

2020 Blackbaud ransomware attack still paying dividends for regulators

Cast your mind back to 2020, and you may recall hearing about software firm Blackbaud being caught covering up a ransomware attack by paying off the perps and trying to brush the incident under the rug.

As you can guess from the fact that we’re talking about it, that didn’t work. Blackbaud, which builds software for nonprofits and donor management, forked over $3 million to the SEC in March 2023 for not admitting the incident and, once admitting it, not acknowledging that a whole bundle of PII was stolen from 13,000 clients as a result.

Now, attorneys general from all 50 US states have secured another settlement over Blackbaud’s “deficient data security practices and inadequate response” to the incident. The total? Forty-nine and a half million dollars, split between the states.

“Firms that sell software as a service have an obligation to safeguard it at the highest level and must be immediately forthcoming and proactive if a cyber theft does occur,” New Jersey attorney general Matthew Platkin said of the settlement.

Qakbot is back from the dead – sort of

The venerable Qakbot malware operation appears to be alive and well despite an international takedown of the botnet and malware loader in late August.

Qakbot was first detected in 2007, and since then its operators – believed to be Russian – have proven to be very good at adapting to circumstances.

Case in point: a discovery by security researchers from Talos, who have assessed “with moderate confidence” that a Cyclops/Ransom Knight ransomware campaign that began shortly before the August Qakbot takedown is being run by the same people.

“We believe the FBI operation didn’t affect Qakbot’s phishing email delivery infrastructure but only its command and control servers,” Talos said of its findings. Despite the Qakbot operators persisting, the Qakbot malware doesn’t appear to have fared as well.

“We have not seen the threat actors distributing Qakbot post-infrastructure takedown,” Talos said. “Given the operators remain active, they may choose to rebuild Qakbot infrastructure to fully resume their pre-takedown activity.”

Well, thanks for trying, FBI and international law enforcement partners.

Customer genetic data stolen in 23andMe attack

Genetics firm 23andMe has admitted it was hit by a credential stuffing attack leading to the theft of PII that includes genetic ancestry results.

The leakers initially released one million lines of information pertaining to people with Ashkenazi heritage, but have since begun offering to sell bulk account data for a few dollars a pop, and they claim to have data on over 13 million 23andMe customers.

The number of accounts on sale doesn’t reflect the actual number of people who had genetic information stolen – many of the compromised accounts had reportedly opted into a DNA comparison feature that let attackers scrape genetic data belonging to people other than the account holder.

This being a credential stuffing attack, those who had their accounts breached were using the same usernames and passwords on other sites that had been breached. That is to say, 23andMe itself wasn’t hacked – its users had their usernames and passwords found out from other sites, and these credentials were then used to access their 23andMe accounts due to the login details being the same. This is why it’s important to use unique passwords per site or account.

23andMe offers two-factor authentication, but those affected by the breach probably weren’t using it. There’s your lesson. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2023/10/09/in_brief_security/

Tags: ‘SmartChinesetechnology
Previous Post

US lawmakers want China export bans to include open source tech like RISC-V

Next Post

India demands social networks ‘swiftly’ remove all CSAM

Featured in Functional Ecology – besjournals

Discover the Latest Breakthroughs in Functional Ecology

September 28, 2025
Scientists Identify Simple and Effective Way To Reduce Calorie Intake Without Trying – SciTechDaily

Scientists Identify Simple and Effective Way To Reduce Calorie Intake Without Trying – SciTechDaily

September 28, 2025
Million-year-old skull rewrites human evolution, say scientists – BBC

Ancient Skull Discovery Upends Our Understanding of Human Evolution

September 28, 2025
Corgi Can’t Stop Slipping & TikTok Can’t Stop Laughing – Yahoo

Corgi’s Hilarious Slips Have Everyone Laughing Out Loud

September 28, 2025
From shale to steam: Fossil fuel technology boosts clean geothermal energy – Washington Examiner

From Shale to Steam: How Fossil Fuel Technology is Powering a Clean Geothermal Energy Revolution

September 28, 2025
Nebraska volleyball sweeps Maryland on its way to 12-0 start – The Daily Nebraskan

Nebraska volleyball sweeps Maryland on its way to 12-0 start – The Daily Nebraskan

September 28, 2025
Real-World Data Support Dual Benefit of Biologic Therapy for Hidradenitis Suppurativa – The American Journal of Managed Care® (AJMC®)

Real-World Data Support Dual Benefit of Biologic Therapy for Hidradenitis Suppurativa – The American Journal of Managed Care® (AJMC®)

September 28, 2025
Recession seems far off — that’s the good news. Yet the economy is also far from trouble-free. – MarketWatch

Recession seems far off — that’s the good news. Yet the economy is also far from trouble-free. – MarketWatch

September 28, 2025
TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

September 28, 2025
Is Clover Health (CLOV) Using AI to Shift Its Healthcare Competitive Position? – simplywall.st

Is Clover Health (CLOV) Revolutionizing Healthcare with Cutting-Edge AI?

September 28, 2025

Categories

Archives

September 2025
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  
« Aug    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (841)
  • Economy (861)
  • Entertainment (21,735)
  • General (17,287)
  • Health (9,904)
  • Lifestyle (874)
  • News (22,149)
  • People (863)
  • Politics (871)
  • Science (16,071)
  • Sports (21,361)
  • Technology (15,844)
  • World (843)

Recent News

Featured in Functional Ecology – besjournals

Discover the Latest Breakthroughs in Functional Ecology

September 28, 2025
Scientists Identify Simple and Effective Way To Reduce Calorie Intake Without Trying – SciTechDaily

Scientists Identify Simple and Effective Way To Reduce Calorie Intake Without Trying – SciTechDaily

September 28, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version