LG Smart TVs Vulnerable to Security Risks

Apr 10 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that surfs the treacherous waves of cybercrime and weathers the wipeouts so you don’t have to πŸ˜ŽπŸ„πŸ€™

Β Today’s hottest cybersecurity news stories:

  • πŸ“Ί LG Smart TVs have vulnerabilities that allows root access πŸšͺ

  • ✊ Human rights activists targeted in Morocco, Western Sahara πŸͺ

  • 🐟 Romanian RUBYCARP botnet returns after 10-year absence πŸ“…

Not so Smart TVs, eh? 😏

🚨 Breaking News: LG Smart TVs Vulnerable to Security Risks! πŸ”“

Romanian cybersecurity firm Bitdefender uncovered multiple security vulnerabilities in LG webOS, found in its smart TVs. These flaws, reported in November 2023, could bypass authorization, granting unauthorised access to the devices.

LG swiftly responded, addressing the issues in updates rolled out on March 22, 2024.

Affected Models and Versions πŸ“Ί

The vulnerabilities, tracked from CVE-2023-6317 to CVE-2023-6320, impact various webOS versions, including those on popular LG TV models like LG43UM7000PLA and OLED55CXPUA.

Description of Vulnerabilities πŸ”’

The flaws range from bypassing PIN verification to injecting authenticated commands, potentially leading to unauthorised root access and control of the device.

Global Impact 🌍

Bitdefender revealed that despite the service being intended for LAN access, over 91,000 devices, mostly in South Korea, Hong Kong, the U.S., Sweden, Finland, and Latvia, expose the vulnerability to the internet, according to Shodan.

Stay Safe! πŸ›‘οΈ

Ensure your LG Smart TV is updated to the latest firmware to protect against these vulnerabilities. Always prioritise security to safeguard your devices and personal data.

Learn how to make AI work for you.

How do you stay up-to-date with the insane pace of AI? Join The Rundown – the world’s fastest-growing AI newsletter with over 500,000+ readers learning how to become more productive using AI every morning.

1. Our team spends all day researching and talking with industry experts.

2. We send you updates on the latest AI news and how to apply it in 5 minutes a day.

3. You learn how to become 2x more productive by leveraging AI.

Subscribe with one click.

Oh, the humanity! 😭

🚨 Alert: New Threat Targeting Human Rights Activists! πŸ”

Human rights activists in Morocco and the Western Sahara face a new threat known as Starry Addax. Cisco Talos reveals that this malicious actor uses phishing tactics to lure victims into installing fake Android apps and harvests credentials from Windows users.

Targeted Victims 🎯

Primarily focusing on activists associated with the Sahrawi Arab Democratic Republic (SADR), Starry Addax poses a significant risk to those fighting for human rights in the region.

How It Works πŸ“²πŸ’»

Utilising infrastructure like ondroid[.]site and ondroid[.]store, the attacker sends spear-phishing emails containing decoy apps related to the Sahara Press Service. Depending on the operating system, victims are either tricked into installing a malicious Android app or directed to counterfeit social media login pages to steal credentials.

Meet FlexStarling: The Malware 🦠

FlexStarling, the novel Android malware employed by Starry Addax, is highly adaptable and capable of deploying additional malicious components. Once installed, it gains extensive permissions to execute nefarious actions, communicating with a Firebase-based command-and-control (C2) to operate discreetly.

Stay Vigilant! πŸ›‘οΈ

Campaigns like Starry Addax's aim to remain undetected, emphasising stealth and long-term infiltration on devices. Amidst this threat, a new commercial Android remote access trojan (RAT) named Oxycorat is also on the rise, offering diverse information gathering capabilities.

Protect Yourself! 🚫

Remain cautious of suspicious emails and apps, ensure regular software updates, and deploy reliable security measures to safeguard against such threats. Stay informed to stay safe!

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can't get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)

🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

RUBYCARP resurfaces πŸ‘€πŸŸπŸ’€

🚨 Alert: Romanian Hacker Group Unleashes RUBYCARP Threat! πŸ‘€

A notorious threat group named RUBYCARP, suspected to originate from Romania, has been detected orchestrating a persistent botnet operation for over a decade. Sysdig, a cloud security firm, reveals that this group engages in crypto mining, DDoS, and phishing attacks for financial gain.

Botnet Tactics πŸ€–

RUBYCARP relies on a diverse range of public exploits and brute-force techniques to deploy their botnet, communicating via public and private IRC networks for coordination.

The Outlaw Connection βš”οΈ

Evidence suggests a potential link between RUBYCARP and the Outlaw threat cluster, indicating a history of crypto mining, brute-force, and phishing campaigns.

Meet the Malware: ShellBot 🦠

RUBYCARP employs ShellBot, alongside exploiting vulnerabilities like CVE-2021-3129 in the Laravel Framework, to infiltrate target systems and expand their botnet.

Expanding Arsenal πŸ›‘οΈ

The group broadened its attack methods by compromising WordPress sites and installing backdoors, connecting victim servers to IRC-based command-and-control servers.

Botnet Scale and Coordination πŸ“ˆ

With over 600 hosts estimated in their botnet, RUBYCARP heavily relies on IRC for communication, management, and coordination of crypto mining operations.

The Threat Actors Behind the Curtain 🎭

Key members of the group, known by aliases like juice_, Eugen, Catalin, MUIE, and Smecher, communicate via IRC channels like #cristi and utilize mass scanning tools to identify new targets.

Illicit Income Streams πŸ’°

RUBYCARP's operations span from crypto mining to phishing, utilising stolen credit card data for attack infrastructure or potentially selling it on the cybercrime black market.

Unprecedented Sophistication 🌐

Sysdig highlights RUBYCARP's involvement in developing and selling cyber weapons, showcasing a vast arsenal of tools accumulated over the years, granting them unparalleled flexibility in their operations.

Stay Alert! πŸ›‘οΈ

Remain vigilant against phishing attempts, ensure robust security measures, and stay informed to protect against evolving cyber threats like RUBYCARP.

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles