Microsoft Patch Tuesday For August ’23 Addresses 84 Flaws

0
[ad_1]

Microsoft has rolled out the scheduled Patch Tuesday updates for August 2023, ensuring automatic updates for all devices. Yet, users should still check for system updates manually to ensure receiving all security fixes timely. This month’s update bundle is important because it addresses two critical zero-day vulnerabilities alongside other security flaws.

Important Security Fixes With Microsoft Patch Tuesday August

This month’s update bundle addresses two severe zero-day vulnerabilities that allowed remote code execution attacks.

The first includes CVE-2023-36884 – a high-severity zero-day flaw that became publicly disclosed before receiving a patch. Also, the researchers found it under active attack, particularly for cyberespionage purposes. The latest exploitation of this flaw appeared in the RomCom Threat Group attacks targeting the NATO Summit.

Microsoft admitted detecting the flaw’s exploitation and even released a fix with July 2023 updates. However, with August updates, the tech giant has released another update as a “defense in depth” measure to “break the chain” of exploitation.

The next significant security fix this month addresses an important severity denial of service vulnerability in .NET and Visual Studio. Exploiting this flaw (CVE-2023-38180). While Microsoft stated no public disclosure of this vulnerability, it did admit detecting its active exploitation before the fix could arrive.

Alongside these fixes, Microsoft has also addressed six critical severity vulnerabilities, all of which could allow remote code execution attacks when exploited. These vulnerabilities affect Microsoft Office (CVE-2023-36895), Microsoft Teams (CVE-2023-29328 and CVE-2023-29330), and Microsoft Message Queuing (CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911).

Besides, this month’s update bundle addressed 79 other important and low-severity vulnerabilities that include 17 RCE flaws, 18 privilege escalation vulnerabilities, 12 spoofing vulnerabilities, 10 information disclosure issues, 7 vulnerabilities triggering denial-of-service, and 3 security feature bypass flaws.

While the tech giant has rolled out all the updates automatically for all devices, users should ensure to enable auto-updates on their systems to receive the patches in time. Whereas, for devices where automatic updates aren’t feasible, users should manually install the updates at the earliest to avoid potential threats.

Let us know your thoughts in the comments.


[ad_2]
Source link

Xiaomi MIX Fold 3 design officially confirmed: Gallery

0
[ad_1]

The Xiaomi MIX Fold 3 design has been officially confirmed by the company’s CEO. Lei Jun decided to share a bunch of images of the device ahead of launch. This came following yesterday’s launch date announcement, and video teaser.

Before we get down to the images, do note that the Xiaomi MIX Fold 3 will launch on August 14. This will become the third-gen book-style foldable from the company, and the company says that this will be a no-compromise device.

The Xiaomi MIX Fold 3 design gets officially confirmed by the company’s CEO

In the gallery at the bottom of the article, you can check out the device itself. You can clearly see it will be quite thin, in both its folded and unfolded states. That is not surprising, as the MIX Fold 2 was as well.

The question remains, however, whether will it be able to trump the HONOR Magic V2 in that regard. Its sides will be flat, but with chamfered edges, for comfort. A display camera hole will sit on the cover display, while we’re not sure about the main panel.

Four cameras will be included on the back of this phone. Those cameras will be backed by Leica, as the two companies are partnered up still. By the shape of one of the sensors on the back, we can see that we’ll get a periscope telephoto camera here

The phone is also expected to offer a truly compelling set of cameras

In addition to that, the Xiaomi MIX Fold 3 will likely deliver a wide-angle (main) camera, an ultrawide unit, and a telephoto camera. Based on rumors, we’re getting a telephoto camera with 3.2x optical zoom, and a periscope telephoto unit with a 5x optical zoom.

You can see that at least this black-colored model of the MIX Fold 3 has an eco-leather backplate. I much appreciate that, especially on foldables, as it helps with the grip quite a bit.

The phone is also tipped to include the Snapdragon 8 Gen 2 SoC, LPDDR5X RAM, UFS 4.0 flash storage, and two 120Hz OLED display. Those two panels are said to measure 8.02 and 6.5 inches. 67W wired, and 50W wireless charging was also mentioned in rumors. We’re still not sure if this phone will make it to markets outside of China, its predecessors did not.


[ad_2]
Source link

WhatsApp might introduce passkeys soon: one less password to remember

0
[ad_1]
Creating a secure password by following the rules (uppercase, numbers, special characters, etc.) isn’t a cakewalk, and let’s be real, it’s not exactly fun. Maybe it’s a tad amusing if you’re into playing the online trend, the Password game, but other than that, it’s not exactly a favorite pastime for most of us. And the whole memory struggle? Don’t even get me started – it’s a whole new level of annoyance. So, if you’re feeling the same way, passkeys could be right up your alley.Passkeys are becoming more common in different services, and it looks like WhatsApp is jumping on the trend. WABetaInfo reports that WhatsApp might soon let users use passkeys to log into their accounts. These passkeys will be stored in Google Password Manager, based on the latest WhatsApp beta for Android 2.23.17.5 update.

Opting for passkeys offers a heightened level of security compared to traditional passwords, which can be susceptible to hacking and used for unauthorized access to your profile and data. Passkeys are like unique codes, phrases, or elements functioning as digital keys to unlock secure systems. For example, you can use your fingerprint or face, which are difficult to replicate. With this WhatsApp update, security is getting a solid boost.

Moreover, passkeys aren’t just more secure, they’re also significantly more user-friendly compared to traditional passwords. These passkeys will be securely stored in Google Password Manager, eliminating the need for memorization. Switching to a passkey for logging into your WhatsApp account offers exceptional convenience, especially when managing various accounts or using multiple devices.

Passkeys were introduced on iOS 16 in 2022, and soon after, Google also embraced them. Since then, various services such as Best Buy, eBay, and PayPal have started employing passkeys as an authentication method. Even social media platforms are hopping on board – TikTok recently rolled out passkey login for iOS users, while Facebook offers the option to use a passkey alongside the traditional password for logging in.

The precise launch date for WhatsApp’s official passkey support remains uncertain, but given its current beta status, the rollout may be pretty soon. The messaging app under Meta’s umbrella has recently introduced various updates, such as screen-sharing during video calls. With the upcoming passkey support, the app is likely to enhance the satisfaction – or at the very least, reduce stress – for its 2.7 billion users, alleviating the need to remember yet another password.


[ad_2]
Source link

Apple’s A17 chip will run up to 3.7GHz in iPhone 15

0
[ad_1]

The chipset that Apple will use inside the iPhone 15 (likely just the Pro models), has just leaked out. And it’s looking like a pretty big upgrade for the iPhone 15 this year.

The A17 CPU will be made using the 3nm manufacturing process. It will also have a 6-core CPU and a 6-core GPU. Those CPU cores will run at up to 3.7GHz. Making it a pretty fast processor, and keeping Apple’s lead over Qualcomm, MediaTek and Samsung. Finally, it’ll support up to 6GB of RAM. So it looks like the hopes for 8GB of RAM in the iPhone 15 Pro, is not happening.

This will be the first chipset for iPhone made using the 3nm process, which is going to bring about a 10-15 percent boost in performance and power consumption should drop by about 30 percent. That should bring us more performance and with the larger batteries in the iPhone 15, some pretty substantial gains in battery life. Definitely good on both fronts.

iPhone 15 is expected to be announced on September 12

September 12 is rumored to be the announcement date for the iPhone 15 series, with the Pro models being delayed a couple of weeks and thus shipping in October. Which means the launch is right around the corner.

While it sounded like the iPhone 15 would be a pretty small update this year, it is turning out to be a much larger update than any of us had anticipated. Of course, the big thing is going to be USB-C, finally. And we can thank the EU for that. Additionally, the iPhone 15 and 15 Plus are going to get dynamic island, which means no more notches on new iPhones – at least until a new SE comes out.

Now as for the A17 chipset here, if Apple continues to do what they did with the iPhone 14 series, it looks like it will only be available on the Pro models. So that’s iPhone 15 Pro and iPhone 15 Pro Max. We’ll have to wait for September 12 to find out for sure.


[ad_2]
Source link

Unveiling Bitcoin’s baffling correlation puzzle

0
[ad_1]

Discover the intriguing world of Bitcoin’s correlation with other financial assets in this article. Unravel the mystery behind its unparalleled relationship with traditional markets, cryptocurrencies, and macroeconomic indicators. If you’re searching for a dependable and trustworthy platform to invest in Bitcoin, consider turning to The News Spy trading platform for a smooth and secure experience.

Unraveling the Mystery: Why is Bitcoin’s Correlation Unique

Welcome to an eye-opening exploration of Bitcoin’s correlation mysteries! As the world delves deeper into the realm of digital currencies, Bitcoin has emerged as a standout player, captivating investors and enthusiasts alike. Among its intriguing aspects is its correlation with various financial assets.

Before we delve into the enigma surrounding Bitcoin’s correlation, let’s grasp the essence of correlation in finance. In the world of investments, correlation measures the statistical relationship between two or more assets. It helps investors understand how these assets move in relation to each other. Correlation coefficients can vary between -1 and +1, where -1 indicates a perfect negative correlation, +1 denotes a perfect positive correlation, and 0 signifies no correlation.

Bitcoin’s journey as a digital asset has been intertwined with the traditional financial ecosystem. Over time, researchers and analysts have explored its correlation with major stock market indices like the S&P 500 and the Dow Jones. The results have been intriguing, revealing both periods of positive and negative correlation. Similarly, the relationship between Bitcoin and gold prices has also been a subject of fascination for financial experts.

In the vibrant and ever-changing crypto market, Bitcoin is not alone. There are numerous other cryptocurrencies, each with its unique attributes. Understanding how Bitcoin correlates with these alternative digital assets is crucial for comprehending the broader market dynamics. Factors like market sentiment and technological developments significantly influence these interconnections.

The macroeconomic landscape has a profound impact on financial markets, and Bitcoin is no exception. As an asset that emerged in response to the 2008 financial crisis, Bitcoin’s correlation with macroeconomic indicators like inflation rates and interest rates is worth exploring.

Investing Strategies Amidst Bitcoin’s Correlation Trends

One common investment strategy in the context of Bitcoin’s correlation trends is portfolio diversification. Diversification involves spreading investments across different assets to reduce overall risk. As Bitcoin has shown periods of low correlation with traditional assets like stocks and bonds, some investors view it as an effective diversifier. During times of market turbulence or economic uncertainty, Bitcoin’s performance might deviate from that of traditional assets, potentially offering a hedge against downturns in other markets.

However, it is crucial to recognize that while Bitcoin’s correlation might be low during certain periods, it can change rapidly. The cryptocurrency market is highly volatile, and correlations can shift unexpectedly. Therefore, investors should not solely rely on Bitcoin for diversification but rather maintain a well-balanced and diversified portfolio.

Moreover, investors should consider their risk tolerance and investment goals when incorporating Bitcoin into their strategies. As Bitcoin is still a relatively young asset, it can experience sharp price fluctuations, leading to substantial gains or losses.

Another strategy to consider amidst Bitcoin’s correlation trends is tactical asset allocation. This approach involves actively adjusting the allocation of assets in response to changing market conditions. When Bitcoin’s correlation with traditional assets is low, investors might allocate more funds to it. Conversely, when its correlation rises, they may reduce exposure and reallocate to assets with better diversification potential.

However, implementing tactical asset allocation requires a deep understanding of market trends and the ability to make timely decisions. It is a more active approach to investing and may not be suitable for all investors, especially those with a long-term investment horizon.

Additionally, investors should be vigilant about ongoing research and analysis of Bitcoin’s correlation trends. Monitoring the market sentiment and macroeconomic indicators can provide valuable insights into potential shifts in correlation patterns. Staying informed about regulatory developments and institutional adoption can also offer clues on how Bitcoin’s correlation with traditional markets may evolve.

Lastly, a prudent approach is to avoid making investment decisions based solely on short-term correlation trends. Correlation does not necessarily imply causation, and reacting hastily to temporary correlation changes can lead to costly mistakes. Instead, investors should focus on the underlying fundamentals and long-term prospects of Bitcoin as a digital asset.

Investing in Bitcoin amidst its correlation trends requires a well-thought-out strategy tailored to individual risk tolerance and investment goals. While Bitcoin’s unique correlation behavior can present opportunities for diversification and potential gains, it also entails higher risks due to its volatility.

Conclusion

As Bitcoin continues to captivate investors worldwide, understanding its correlation with various assets becomes paramount. The evolution from speculation to store of value, along with institutional adoption and regulatory changes, has shaped its unique correlation behavior. Embrace these insights to make informed investment decisions as Bitcoin’s journey unfolds.


[ad_2]
Source link

TargetCompany Ransomware Deploy Fully Undetectable Malware

0
[ad_1]

The TargetCompany ransomware (aka Mallox, Fargo, and Tohnichi) is actively targeting the organizations that are using or running vulnerable SQL servers.

Apart from this, recently, the TargetCompany ransomware unveiled a new variant of malware along with several malicious tools for persistence and covert operations that are gaining traction rapidly.

Cybersecurity researchers at Trend Micro discovered a recent active campaign linking Remcos RAT and TargetCompany ransomware and compared to past samples, the new deployments use fully undetectable packers. 

The telemetry data and the external hunting sources provided the early samples during development. Meanwhile, researchers identified a victim subjected to this targeted technique.

Ransomware Infection chain

Similar to previous cases, the latest TargetCompany ransomware exploits weak SQL servers for initial stage deployment, aiming for persistence via diverse methods, including altering URLs or paths until Remcos RAT execution succeeds.

Infection Chain (Source – Trend Micro)

After initial attempts were stopped, threat actors turned to FUD-packed binaries. Remcos and TargetCompany ransomware’s FUD packer mirrors BatCloak’s style:-

Batch file outer layer, followed by PowerShell for decoding and LOLBins execution.

PowerShell execution of the Remcos RAT (Source – Trend Micro)

Remarkably, this variant incorporates Metasploit (Meterpreter), which is a surprising move for this group. Their usage is quite interesting, serving purposes like:-

  • Query/Add a local account
  • Deploy GMER
  • Deploy IObit Unlocker
  • Deploy PowerTool (or PowTool)

Later, Remcos RAT proceeds to its last phase, downloading and activating TargetCompany ransomware with FUD packing intact.

FUD Packing

An earlier wave exploiting OneNote caught the attention for its new technique involving PowLoad and CMDFile with actual payload. The ‘cmd x PowerShell loader gained popularity and was eventually adopted by TargetCompany ransomware operators in February 2022.

Activity graph (Source – Trend Micro)

The CMDFiles seemed similar initially, used by malware families like:-

  • AsyncRAT
  • Remcos
  • TargetCompany ransomware

Here the differences arise during execution since the AsyncRAT uses decompression and decryption. While the Remcos and TargetCompany loaders solely decompress the payloads.

The examination of PowerShell-related network links reveals a fresh TargetCompany ransomware variant, linked to the second version with ‘/ap.php’ C&C connection.

With the use of FUD, malware threat actors can prevent or evade the security solutions for this new technique, particularly off-the-shelf tech prone to broader threats.

However, it’s been speculated that more packers could emerge. So, early detection aids in preventing FUD packers due to their unusual coding flow.

Recommendations

Here Below we have mentioned all the recommendations:-

  • Enable firewall protection.
  • Ensure limiting access.
  • Make sure to change the default port.
  • Secure Account Management.
  • Always use strong Passwords.
  • Implement account lockout policies.
  • Frequently review and deactivate the unwanted SQL CLR assemblies.
  • Always encrypt data in transit.
  • Make sure to monitor the SQL server activity.
  • Always keep the system and installed software updated with the latest updates and patches.

IoCs

IoCs (Source – Trend Micro)

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

Slack is getting a new look

0
[ad_1]

Slack is one of the most popular communications platforms on the market, especially for those who are running a business. The platform has an intuitive user interface now, but it has some news. Slack is going to get a new look, and the company believes that it will help the whole experience.

Slack will have a new look, and it will bring some new functionality

This redesign is going to bring some notable visual changes. For starters, the interface as a whole will have a rounder aesthetic. You’ll see slightly more rounded corners on UI elements. This could give it a more modern look.

Your profile picture will no longer live on the top right of the interface. Instead, Slack will move it to the bottom left. Right above it is where we see a substantial change. Above your profile button, you’ll see a + button. This will be like a universal create button. Tapping on the button will give you the ability to create a new conversation, send a message, create a channel, collaborate on a document, create a Huddle video, or start an audio chat. It’s a one-stop shop to start communicating with someone.

 

When you’re looking through your direct messages, you’ll be able to get a bit of a preview of what people sent you. There will be a designated space where all of your DMs are held. There, you’ll see short previews of the contents of the messages. This will help you get an idea of what was sent to you before you open the message.

Next, there will be a new Activity hub. This hub will show you all of your mentions and threads across the organization. You’ll see a feed of everything that you can scroll through. This eliminates you having to go through each channel to see all of your mentions.

Lastly, Slack will bring a new search feature that will allow people to search for information quickly and easily. This revamp is going to be rolling out over the next couple of months.


[ad_2]
Source link

Voter data stolen in UK Electoral Commission systems breach

0
[ad_1]

We take a look at reports that the UK’s electoral commission has been breached, and what it means for registered voters in the UK.

The UK’s Electoral Commission has revealed it suffered a compromise which has the potential to expose aspects of registered voters’ data. While much of this data may already be public, there are some privacy and safety concerns to consider.

First of all, let’s take a look at what’s been affected. The UK has something called an Electoral Roll (or Register). This is a list of all eligible registered voters residing in the UK. This list is divided into three types: the full, public register; the edited version; and the “opt-out” version.

From the Information Commissioner’s Office:

The full register is published once a year and is updated every month. It is used by electoral registration officers and returning officers across the country for purposes related to elections and referendums. Political parties, MPs and public libraries may also have the full register.

Regular folks going about their business can’t access the full version. The edited version of the register works as follows:

The open register, also called the edited register, contains the same information as the full register but is not used for elections or referendums. It is updated and published every month and can be sold to any person, organisation or company for a wide range of purposes. It is used by businesses and charities for checking names and address details; users of the register include direct marketing firms and also online directory firms.

This is one way that people end up on marketing lists, or “find a phone number/person” type websites. It’s the kind of data you’d occasionally find up for grabs on CD-ROMs.

The “opt-out” version of the register omits your details from this list. You used to have to manually opt out every time you updated your details, but these days your selection stays the same unless you specifically decide to alter it.

What has been compromised?

The Electoral Commision has this to say regarding the attack:

The Electoral Commission has been the subject of a complex cyber-attack, it has announced today, highlighting that the UK’s democratic process and its institutions remain a target for hostile actors online.

The incident was identified in October 2022 after suspicious activity was detected on the regulator’s systems. It became clear that hostile actors had first accessed the systems in August 2021. The Commission has since worked with external security experts and the National Cyber Security Centre (NCSC) to investigate and secure its systems.

As part of the attack, hostile actors were able to access reference copies of the electoral registers, held by the Commission for research purposes and to enable permissibility checks on political donations. The registers held at the time of the cyber-attack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters. The registers did not include the details of those registered anonymously. The Commission’s email system was also accessible during the attack.

How serious is this breach?

A full FAQ is available, but I would draw attention to this comment from the Electoral Commission:

“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”

People on the opt-out version of the register may be unsure if this actually means their data is included in that which was available to the attackers. From the FAQ:

Please note, the addresses of those on the open register are already publicly available. The addresses of those who opt out of the open register, are not made publicly available, but were accessible during this cyber-attack.

While using the opt-out is by no means a magic solution to the perils of real world unpleasantness, it does help. Many at-risk or vulnerable people use it as a quick and easy way to prevent (for example) abusive ex-partners from tracking them down.

Knowing that their data is included in the pile is likely to be somewhat unsettling.

There is a way to be fully anonymous where voting registration is concerned. However, the process can be complex and off-putting. It requires items like court documents or attestations from authorised individuals to support the application. In other words, you may need to request that police officers come to your home and then explain your situation with evidence to back up your claims.

If the application is granted, you’ll be fully anonymous. The Electoral Commission does point out that anonymised individuals are not impacted by this breach, but this will be scant consolation to those who didn’t receive approval, or did not know the option existed.

For now, no additional details are forthcoming. There’s not much anyone can do with regard to the data exposure at this point. We just have to hope that those responsible aren’t in the mood for throwing everything online. So far, there’s no evidence that anyone has made use of the data in this way specifically. As for anything else, we’ll have to wait and see.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

Galaxy Z Fold 3, Fold 2 & Flip 5G get August update in the US

0
[ad_1]

A couple of days back, Samsung released the August 2023 security update for the Galaxy Z Fold 4, Galaxy Z Flip 4, and Galaxy Z Flip 3 in the US. It has now expanded the rollout to cover more foldable smartphones. The Galaxy Z Fold 3, Galaxy Z Fold 2, and Galaxy Z Flip 5G are also now receiving the latest security patch stateside.

Like the previous three models, Samsung is initially only covering factory-unlocked units of these foldables with the August SMR (Security Maintenance Release). The update for the Galaxy Z Fold 3 comes with the firmware build number F926U1UES4FWG7. The official changelog supplied by the company confirms that the latest firmware release doesn’t bring anything more than this month’s security fixes (more on that later).

It’s the same story for the Galaxy Z Fold 2 and Galaxy Z Flip 5G as well. Unlocked variants of these 2020 foldables are receiving the August update with build numbers F916U1UES4JWG6 and F707U1UES6HWG7, respectively. Once again, the official changelog has only one pointer. The devices are picking up the security fixes that are part of this month’s SMR from Samsung.

It’s a fairly big security release, though. The Korean firm’s updated monthly bulletin reveals that Galaxy devices are getting fixes for more than 80 vulnerabilities this month. As usual, the majority (over 50) of those are Android OS patches coming from Google and partner vendors, with Google confirming two critical fixes. The remaining 30-odd patches (at least one critical fix) are Galaxy-specific and come directly from Samsung.

The Galaxy Z Fold 3 is also getting the August update in other markets

With the latest expansion, Samsung has pushed the August SMR to all of its eligible foldables in the US, except for the newly launched Galaxy Z Fold 5 and Galaxy Z Flip 5. However, only one of them has received the update in international markets. The Galaxy Z Fold 3 is picking up the new security patch in Latin America, where the new build number is F926BXXS5EWG7. The changelog remains unchanged, though.

Samsung will gradually push the August SMR to its foldable smartphones in more markets in the coming days. It will also expand the release to cover other phones and tablets. The company has already updated the Galaxy S23, Galaxy S22, Galaxy Note 20, Galaxy A54 5G, and a few others to the August security patch in some regions, but the likes of Galaxy S21 and Galaxy S20 are still waiting for it. We will let you know when the rollout begins for these phones.


[ad_2]
Source link

Spotify enables patron-exclusive podcasts via new Patreon integration

0
[ad_1]

Spotify is the most recent company that is starting to offer financial incentives to content creators. The music streaming service announced this week that it has added Patreon integration to allow creators to monetize their content via exclusive podcasts.

Patreon, a membership platform that offers the business tools for content creators to run a subscription service, was in the middle of a controversy early this month when major technical issues led to paused payouts and canceled subscriptions.

Thankfully for the millions of creators using the platform, these issues have been solved (at least for many of them), so the company can now go live with the announcement.

Starting today, it’s possible to connect Spotify and Patreon accounts to access patron-exclusive podcasts direction from the music streaming service’s app. This is a follow-up of Spotify’s March announcement that it’s teaming up with Patreon to allow creators to publish their subscriber feeds to Spotify via its API.

Many podcasters use Patreon to connect with their fans, and for the first time ever, they can link their accounts so fans can access and listen to these shows on Spotify. This partnership gives podcasters a new opportunity to reach Spotify’s global audience, over 551M users, to increase their income and grow their show,” said Gustav Söderström, Co-President and Chief Product and Technology Officer at Spotify.

Patreon integration has been in testing for months at Spotify, as select creators have been enrolled in a beta program that helped them promote and gain new members to their Patreon through Spotify.

Thanks to the new feature, Spotify users will be able to listen to all their favorite content in one place, while Patreon podcasters tap into new audiences on Spotify. The new partnership feels like a win-win situation, at least on paper.


[ad_2]
Source link