Google Boosts Android Security with Clang Sanitizers! ๐Ÿš€

Dec 14 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that hates cybercriminals as much as #AlexJones hates โ€˜the globalistsโ€™ ๐Ÿ™ˆ๐Ÿ˜‚๐Ÿ˜‚ Heโ€™s back ๐Ÿ’€

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ“ฑ Android users: Googleโ€™s got your back w/ โ€˜clang sanitisersโ€™ ๐Ÿงผ

  • ๐Ÿ‘จโ€๐Ÿ’ป Ukraine is struck by a cybercriminals: hackers target Kyivstar ๐Ÿ“ก

  • ๐Ÿœ Chinese hackers drown US infrastructure with โ€˜Typhoonโ€™ attack ๐ŸŒŠ

Clang, clang, clang with the sanniesย ๐ŸŽถ๐Ÿ›’๐Ÿ™ƒ

๐Ÿ”’ Google Boosts Android Security with Clang Sanitizers! ๐Ÿš€

In a recent update, Google shines a spotlight on Clang sanitizers, bolstering the security of Android's cellular baseband. ๐Ÿ“ฑ This includes IntSan and BoundSan, part of the powerful UndefinedBehaviorSanitizer (UBSan) tool, designed to catch various undefined behaviours during program execution.

โ€˜Architecture-agnosticโ€™ ๐Ÿคท

Ivan Lozano and Roger Piqueras Jover reveal these sanitizers are architecture-agnostic, perfect for bare-metal deployment. ๐Ÿ›ก๏ธ Enabling them in C/C++ code bases helps mitigate unknown vulnerabilities, ensuring a more secure Android experience.

It was Bound to Sappen ๐Ÿ˜ฌ

Months after announcing collaboration for firmware security, Google strategically implements IntSan and BoundSan as compiler-based exploit mitigation measures. ๐Ÿšง Though they carry a performance overhead, they're active in security-critical areas like message parsing, encoding/decoding libraries, IMS, TCP/IP stacks, and messaging functions.

โ€˜2G toggleโ€™ ๐Ÿ’ƒ

While 2G security relies on the "2G toggle," Google hints at Rust as a solution for broader vulnerability classes. ๐Ÿฆ€ Notably, they've rewritten Android Virtualization Framework's firmware in Rust for a memory-safe foundation.

Stay safe ๐Ÿ›ก๏ธ

"As the OS becomes a harder target, the baseband will attract more attention. Modern tools and exploit mitigation raise the bar for baseband attacks," conclude the researchers. ๐ŸŒ๐Ÿ’ป

Stay tuned for a safer Android future! ๐Ÿš€๐Ÿ”

Geez, Ukraine it in lads ๐Ÿ’€๐Ÿ’€๐Ÿ’€

๐Ÿšจ Kyivstar Faces Powerful Hacker Attack! ๐ŸŒ

Ukraine's major telecom player, Kyivstar, is grappling with a severe cyberattack, impacting mobile and internet services nationwide. ๐Ÿ“ก Owned by VEON, it serves over 25 million mobile subscribers and 1 million home internet users.

Kyivstar of the show ๐Ÿคฉ

Attributing the attack to the war with Russia, Kyivstar is working tirelessly to restore services amid disruptions in air raid alerts and the banking sector. The company assures subscribers affected by the hack will receive compensation after network stabilisation.

While details about the attack remain undisclosed, Kyivstar emphasises no evidence of subscriber data compromise. ๐Ÿ‘ค The pro-Russia hacktivist group, KillNet, claims responsibility on Telegram, but without supporting evidence.

In a twist, KillNet's leader, KillMilk, has retired, passing leadership to "Deanon Club," who vows widespread recruitment for attacks on government facilities, encryption firms, and the gambling sector. ๐Ÿ’ผ๐Ÿ•ต๏ธ

GRRR ๐Ÿ˜ก oh sorry: โ€˜GURโ€™ ๐Ÿ˜‚

Meanwhile, Ukraine's Defence Intelligence (GUR) reveals hacking into Russia's Federal Taxation Service servers, wiping data and affecting a related IT company. This follows GUR's cyber assault on Russia's Federal Air Transport Agency last month.

Russian politician Anton Gorelkin disputes the FNS attack, alleging it's Ukrainian propaganda. Stay vigilant against scams, and Kyivstar promises updates on compensation and network restoration via official channels. ๐Ÿ›ก๏ธ๐Ÿ’ป

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Hackers: You only get an oo with Typhoon ๐Ÿ™ˆ๐Ÿ™ˆ๐Ÿ™ˆ

๐ŸŒ Chinese Hacking Groups Target U.S. Infrastructure in Volt Typhoon Campaign! ๐Ÿ›ก๏ธ

Hacking groups linked to China have launched cyberattacks on crucial U.S. infrastructure, focusing on utilities, communications, and transport. ๐Ÿ’ป๐Ÿšจ The ongoing Volt Typhoon campaign by the Chinese People's Liberation Army has infiltrated U.S. government systems, impacting water and power utilities, oil and gas pipelines, transportation, and communication entities.

What happened, Pacifically? ๐Ÿ˜

The alleged attacks aim at logistics targets, potentially tied to U.S.-China conflicts in the Pacific. ๐Ÿค– Both nations have a history of blaming each other for cyberattacks, with the Volt Typhoon campaign marking the latest episode. Key targets include a West Coast port, Hawaii's water utilities, an oil and gas pipeline, and a Texas power grid operator.

While no disruptions have occurred, the Hawaii system attack raises concerns about potential Pacific fleet operations. ๐Ÿ‘พ The hackers use stolen credentials and home/work routers to conceal their actions, with the Volt Typhoon attacks spanning sectors like manufacturing, education, and IT since 2021.

USA! USA! ๐Ÿ—ฝ

Collaborating with tech firms, the U.S. government employs mitigation strategies, emphasising stricter monitoring, enhanced authentication, and widespread password resets. ๐Ÿค๐Ÿ”’ The rise of cyber warfare underscores the need for international mechanisms to navigate this complex landscape.

Stay tuned for updates on cybersecurity developments! ๐Ÿš€

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles