Telegram CEO Pavel Durov’s Arrest Upends Kremlin Military Communications
“[Durov’s] arrest may have political grounds and be a tool for gaining access to the personal information of Telegram users,” the Deputy Speaker of the Russian Duma Vladislav Davankov said in a Telegram statement. “This cannot be allowed. If the French authorities refuse to release Pavel Durov from custody, I propose making every effort to move him to the UAE or the Russian Federation. With his consent, of course.” Their worry is that Durov may hand over encryption keys to the French authorities, allowing access to the platform and any communications that users thought was encrypted.
French President Emmanuel Macron said Monday that the arrest of Durov was “in no way a political decision.” The Russian embassy has demanded that it get access to Durov, but the Kremlin has so far not issued a statement on the arrest. “Before saying anything, we should wait for the situation to become clearer,” said Kremlin spokesperson Dmitry Peskov. However, officials and law enforcement agencies were instructed to clear all their communication from Telegram, the pro-Kremlin channel Baza reported. “Everyone who is used to using the platform for sensitive conversations/conversations should delete those conversations right now and not do it again,” Kremlin propagandist Margarita Simonyan said in a Telegram post. “Durov has been shut down to get the keys. And he’s going to give them.”
Read more of this story at Slashdot.
Samsung TVs Will Get 7 Years of Free Tizen OS Upgrades
In the first half of this year, Samsung Electronics maintained the top spot in the global TV market with a 28.8% market share by revenue. However, the combined market share of Chinese companies TCL and Hisense has reached 22.1%, indicating fierce competition.
Read more of this story at Slashdot.
Hackers Have Found an Entirely New Way To Backdoor Into Microsoft Windows
The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic… The code for the DNS tunneling tool is based on the publicly available dnscat2 tool. It receives commands by performing name resolution… Msupedge not only receives commands via DNS traffic but also uses the resolved IP address of the C&C server (ctl.msedeapi[.]net) as a command. The third octet of the resolved IP address is a switch case. The behavior of the backdoor will change based on the value of the third octet of the resolved IP address minus seven…
The initial intrusion was likely through the exploit of a recently patched PHP vulnerability (CVE-2024-4577). The vulnerability is a CGI argument injection flaw affecting all versions of PHP installed on the Windows operating system. Successful exploitation of the vulnerability can lead to remote code execution.
Symantec has seen multiple threat actors scanning for vulnerable systems in recent weeks. To date, we have found no evidence allowing us to attribute this threat and the motive behind the attack remains unknown.
More from The Record:
Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools.
Earlier in June, researchers discovered a campaign by suspected Chinese state-sponsored hackers, known as RedJuliett, targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers, and religious organizations. Like many other Chinese threat actors, the group likely targeted vulnerabilities in internet-facing devices such as firewalls and enterprise VPNs for initial access because these devices often have limited visibility and security solutions, researchers said.
Additional coverage at The Hacker News.
Thanks to Slashdot reader joshuark for sharing the article.
Read more of this story at Slashdot.
Major Backdoor In Millions of RFID Cards Allows Instant Cloning
A significant backdoor in millions of contactless cards made by China-based Shanghai Fudan Microelectronics Group allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.
French security services firm Quarkslab has made an eye-popping discovery… Although the backdoor requires just a few minutes of physical proximity to an affected card to conduct an attack, an attacker in a position to carry out a supply chain attack could execute such attacks instantaneously at scale, researcher Philippe Teuwen explained in a paper.
Thanks to Slashdot reader wiredmikey for sharing the article.
Read more of this story at Slashdot.