Supreme Court ruling allows Apple to continue blocking links to third-party app-payment services

0
[ad_1]
The Supreme Court today ruled in favor of Apple and against Fortnite developer Epic Games by preventing an injunction ordered by a federal judge from taking effect. Back in September 2021, Judge Yvonne Rogers Gonzalez issued her decision on a court case that was heard after Apple tossed Fortnite out of the App Store for trying to offer iPhone owners an alternate method of paying for in-app purchases including currency used within the game. This would deny Apple from taking its 15% to 30% cut of such transactions.
The judge ordered Apple to allow developers to include in-app links to third-party payment platforms to get around the so-called “Apple Tax.” Earlier this year, the 9th Circuit Court of Appeals ruled that Apple had violated California’s Unfair Competition Law by denying developers the opportunity to inform consumers about alternative payment platforms which included transactions made via the Epic Games Store. But the court put its ruling on hold to give Apple time to file with the Supreme Court for its case to be heard.
But today, Justice Elena Kagan ruled against Epic by saying that she would not allow the decision by the 9th Circuit Court of Appeals to immediately take effect. According to Bloomberg, Kagan is the justice who handles emergency matters coming from the 9th Circuit Court of Appeals which is based in San Francisco. If the Supreme Court decides not to hear the case, the reprieve Apple received today would be temporary and the previous ruling by the 9th Circuit Court of Appeals, which would force Apple to allow developers to promote alternative payment methods, would take effect.
The so-called Apple Tax generates billions of dollars for Apple each year and because Apple does not allow the use of third-party app stores with its devices, lawmakers and app developers in the U.S. and overseas have called Apple a monopolist.

[ad_2]
Source link

INTERPOL Dismantles Infamous ’16shop’ Phishing-as-a-Service Platform

0
[ad_1]
  • INTERPOL Dismantles ’16shop’: Global effort leads to arrests in Indonesia and Japan, targeting notorious phishing platform.
  • Successful Intelligence Sharing: Cooperation between INTERPOL, law enforcement, and private partners demonstrates effective global cybercrime fighting.
  • Wide-reaching Phishing Impact: ’16shop’ exploited victims worldwide with phishing kits, showcasing the pervasive threat of such attacks.
  • Phishing Dominance: Phishing responsible for up to 90% of data breaches, necessitating urgent countermeasures.
  • Collective Defense: Collaboration among law enforcement and industry remains crucial in battling evolving cyber threats.

In a remarkable feat of international collaboration, INTERPOL has successfully dismantled the nefarious ’16shop’ phishing-as-a-service (PaaS) platform, culminating in the arrest of its operator and two facilitators.

The joint effort between law enforcement agencies and private sector partners demonstrates the power of shared intelligence in combating cybercrime on a global scale. This comes days after INTERPOL managed to shut down a decade-old child abuse network during Operation Narsil.

Targeting the Heart of Phishing Operations

The ’16shop’ platform offered so-called ‘phishing kits’ to hackers eager to exploit unsuspecting Internet users through email scams. Victims were tricked into sharing sensitive information, including credit card details, by clicking on malicious pdf files or links. These ill-gotten gains were then used to defraud victims of their hard-earned money.

Phishing attacks remain the most prevalent cyber threat worldwide, responsible for up to 90 percent of data breaches. The success of such attacks highlights the urgency of tackling this pervasive issue.

C2 server of 16shop and an Amazon phishing page available on the site

International Partnerships at Work

According to INTERPOL’s press release, the successful takedown of ’16shop’ was the result of a comprehensive operation involving INTERPOL, Indonesian authorities, and counterparts in Japan and the United States. Private sector entities such as Cyber Defense Institute, Group-IB, Palo Alto Networks Unit 42, Trend Micro, and Cybertoolbelt also played instrumental roles.

“Borderless Cyber Impact”

Bernardo Pillot, Assistant Director of Cybercrime Operations at INTERPOL, emphasized the tangible impact of cyberattacks on victims. He stated, “Cyberattacks such as phishing may be borderless and virtual in nature, but their impact on victims is real and devastating.”

Unravelling the Web of Cybercrime

The investigation began with the identification of ’16shop’ by INTERPOL’s cybercrime analysts during a project focusing on cyber threats in the ASEAN region. Collaboration with private sector partners allowed the team to pinpoint the platform’s administrator based in Indonesia.

Leveraging connections with the United States, INTERPOL coordinated with US law enforcement agencies to provide crucial information to Indonesian investigators. This joint effort led to the arrest of the platform’s 21-year-old administrator and the confiscation of electronic devices and luxury vehicles.

Unmasking Facilitators and Future Prevention

The successful capture of the administrator in Indonesia catalyzed further cooperation between Japanese and Indonesian authorities, leading to the arrest of two facilitators. This meticulous unravelling of the criminal network highlights the collective determination to curtail cybercrime.

Brigadier General Adi Vivid Agustiadi Bachtiar, Director of the Indonesian National Police’s Cyber Crime Investigation, underscored the significance of the operation. “This operation is only successful as we work closely with various stakeholders… to stop the crime-ware being offered as a service and also stopping more people from falling victim to phishing attacks,” he stated.

Coherent Intelligence for a Safer Cyberspace

INTERPOL’s cybercrime directorate serves as a critical hub for experts from law enforcement and industry to analyze and disseminate actionable intelligence on cyber threats. This united approach underscores the need for ongoing collaboration to combat the ever-evolving landscape of cybercrime.

  1. SSNDOB Cybercrime Marketplace Seized in Intl. Operation
  2. Researcher Exposes Crypto Scam Network of 300 Domains
  3. Ukraine Busts Gang for Massive $4.3 Million Phishing Scams
  4. Microsoft seizes 99 sites used by Iranians for phishing attacks
  5. Domain, server of DoubleVPN used by ransomware gangs seized

[ad_2]
Source link

This Acoustic Attack Analyzes Keystrokes To Steal Data

0
[ad_1]

Researchers have devised a new attack strategy that steals data by recording keyboard stroke sounds. Using a trained deep learning model, the acoustic side-channel attack risks most existing laptops, keyboards, and other devices that involve data typing, as it deciphers keystrokes with over 90% accuracy.

Acoustic Attack Logging Keystrokes Risks Most Devices

A team of researchers has demonstrated a new way to steal data from target computers simply by logging keystrokes. Using a trained deep-learning model, the researchers analyzed the recorded keystrokes to determine the actual data.

Specifically, executing the “fully-automated acoustic side-channel attack (ASCA)” requires recording the target device’s keystrokes with a nearby microphone. For this, an attacker may infect a nearby smartphone with malware and control its microphone for recording the target device’s keystrokes. Or, the attack may even execute via a Zoom video call.

Next, using trained deep-learning models, an adversary can

The researchers demonstrated both attack scenarios in their study. They trained the DL model by pressing 36 keys of a MacBook Pro, 25 times each, with varying pressures, recording all the sounds. Next, they produced waveforms and mel-spectrograms for the sounds to visualize the differences. They then used the spectrograms to train the CoAtNet image classifier model for data prediction.

After completing the DL training, the researchers then performed the attack on a MacBook Pro 16-inch (2021), first recording its keystrokes via an iPhone 13 mini placed 17cm away from the device and then, with a Zoom video call using the target device’s microphone.

They achieved a 95% accuracy in the information deciphered from the keystrokes data when recorded with a smartphone’s microphone and a 93% accuracy with Zoom call recordings. The team has shared the details about this attack strategy in its research paper.

Attack Limitations And Mitigations

Since this acoustic side-channel attack solely relies on sounds produced from the keystrokes, the researchers suggest that changing typing styles can sufficiently prevent the attack. Likewise, switching to the touch-typing mode can also help avoid such attacks.

Besides, to avoid or disrupt keystroke recordings via the device’s microphone over VoIP calls, playing sounds near the broadcasting microphone or adding white noise can reduce the keystroke logging accuracy.

In addition, adding random keystrokes in the middle of typing important stuff, such as passwords, can prevent an adversary from predicting the data. Whereas, implementing keystrokes acoustics suppression or removal from VoIP apps can also help prevent such attacks in the long run.

Let us know your thoughts in the comments.


[ad_2]
Source link

How to use Shortwave email

0
[ad_1]

There are a ton of different email clients out there, but there’s a new one on the scene that has an interesting (and familiar) hook to it. It’s called Shortwave, and it’s a platform that could transform how you think about emails. Here’s a useful guide on how to use Shortwave and what it’s all about.

What is Shortwave?

Back in 2014, Google brought an app called Inbox, and this app had an interesting take on email. Inbox took emails and bundled them into groups, which created a much cleaner interface. It was a popular platform, but this is a Google product we’re talking about. It was bound to be discontinued prematurely, and that’s what happened. About five years after it came, the company brought down the ax.

Well, an ex-Google employee started working on the platform’s spiritual successor. Shortwave is an application that takes the core functionality brought by Inbox and brings it back. Just like Inbox, emails from the same source are automatically grouped into bundles.

Say, if you get several emails from Reddit about posts and comments. Normally, you’ll see these emails scattered throughout your inbox. With Shortwave, all of those emails will be grouped into a bundle. The bundle takes up as much space as a single email. When you tap on the bundle, it’ll expand so that you can access each of the emails individually.

Getting the program

So, if you’re tired of the chronological email feed, then you should give this app a try. It’s been in beta testing for a year and a half, but it’s out to be used by the public.

Get the app

Ok, so Shortwave is now available on the Google Play Store, iOS App Store, and on your computer. Choose the link below to download the app on your preferred platform.

Getting it on Desktop

There’s no official desktop application for Shortwave. So, if you want to use it on the computer, you’ll have to use the website. However, if you want to install it on your desktop, it’s easy to do so. Just know that this is only supported on Chromium-based browsers. These include Google Chrome, Microsoft Edge, Opera, and more.

So, you will not be able to install it if you use Firefox or Apple’s Safari. First, follow the link below:

This will take you to the desktop website. Sign in with your Gmail account. When you do that, you’ll be taken to your inbox. Look up at the address bar near the right side of the browser. you’ll see the option to install the app onto your desktop. On Chrome, it will look like a little computer monitor with a downward-pointing arrow. In Edge, it will look like a square with a “+” symbol.

When you click on it, the browser will ask you to confirm this information. After that, you’ll see the Shortwave icon on your desktop. Clicking on it will open a mini browser that will display only the Shortwave website.

How to use Shortwave

When you open the app, you’ll be greeted with your main inbox. By default, all emails from the same source will be grouped into bundles. You’ll see how many emails are in a bundle right next to the sender’s name. Tapping on the bundle will open a new page with all of the emails displayed.

Using bundles

The bundles are a pretty big part of the whole experience. They help make the interface less cluttered and easier to navigate. As stated before, the emails come bundled automatically.

The name of the bundle will be set to the name of the source. If you want to rename the bundle, it’s easy to do. Unfortunately, you’re not able to change the name using the mobile app. You’ll need to use the desktop version.

Shortwave how to 8

Tap on the bundle and tap on the three-dot menu on the top of the screen. In the resulting menu, tap on the Add Note button. When you look at the Bundle’s name, it will be replaced with the text “Add Note”. Go back to your inbox and click on that text. It will be a text field that will allow you to type in your own name.

If Shortwave bundled emails that you don’t want to be bundled, you can unbundle them. Go back to the three-dot menu and tap on the Unbundle button. This will ungroup these emails and each one will go to their chronological spot in your feed.

If you change your mind, or you unbundle the emails by accident, you can re-bundle them by tapping on the Undo button in the popup that appears at the bottom of the screen.

Pinning emails/bundles

If there’s a bundle or conversation that you want to display above the rest, you can simply pin it. Tap on the email conversation or bundle you want to pin. At the top right of the UI, you’ll see different actions that you can do for the email. You’ll see a thumbtack icon; tap on it.

This will pin the bundle or email conversation to the top of your feed. The emails will stay at the top of the feed even if you get new emails. You can pin multiple emails to the top of your feed, and they’ll occupy their own section above the feed.

Shortwave how to 2

For an even quicker way, simply swipe left on the email or bundle you want to pin. You’ll see a blue pin icon appear. Let go to pin the conversation, just be sure not to pull too far because you’ll eventually, you’ll snooze the email.

To unpin a conversation, just swipe left on it to reverse. If you’re in the conversation, tap on the pin icon on the top right of the UI.

Snoozing conversations

If there’s an email that you want to get to later, but you don’t want to forget about it, you can snooze it. This will hide the email until a designated time and then resend a notification when the time comes.

To snooze a conversation, tap on it. On the top right of the UI, right next to the Pin icon, you’ll see a clock icon. Tapping on that icon will bring up a little popup window with some options for how long to snooze your email. If one of them appeals to you, just tap on it. If not, then tap on the Pick a time option. This option will let you choose the date and time that you want to snooze the email until.

Shortwave how to 5

A quick way to snooze an email is to swipe left on a conversation until your finger reaches the edge of the screen. You’ll see the pin icon first then you’ll see the clock icon.

Sending and replying to emails

Shortwave offers an easy and straightforward interface for sending and replying to emails. On the mobile version, you’ll see the Compose button on the bottom bar right next to the search button. The screen will turn into the composer where you’ll be able to enter the recipient, subject, and the contents of your message.

On the desktop version, you’ll see the Compose button on the top left of the interface. It’s the pencil icon right under your profile picture. You’ll see a message composer open up on the bottom left of the screen.

When it comes to replying to messages, Shortwave almost resembles a messaging app more than an email app. Tap on the email that you want to reply to and, on the bottom of the screen, you’ll see the text field. tap on it and you’ll see a simple reply UI pop up.

Settings

In Shortwave, there are a ton of settings that you can use to customize your experience. To access your settings, tap on your profile picture on the bottom left of the screen. On the resulting screen, you’ll see the Settings button on the bottom. On the resulting page, you’ll see all of the categories that you can search through. We’ll go through the more notable settings. You can look through the settings to see the full list.

You’re able to change the system of the app. This will let you choose between light mode and dark mode.

A setting will let you reverse the inbox swipe gestures. You swipe left to pin emails and snooze them; you swipe right to mark them as done and delete them. This option will reverse this.

Remember the popup you get when you’re trying to snooze a conversation? The popup has preset options for how long you want to snooze your emails. Well, there’s a setting that will let you customize those presets.

If there are people sending you too many emails, you can block different senders. Lastly, you can choose which inboxes you want to be displayed.

With that, you know what you need to know about this new and useful email client.


[ad_2]
Source link

Irish Police Data Breach Rattles Northern Ireland’s Security Landscape

0
[ad_1]
  • PSNI Data Breach: The Police Service of Northern Ireland inadvertently exposed personal details of its workforce, raising security concerns in a historically sensitive region.
  • Accidental FOI Leak: Responding to a FOI request, the PSNI published sensitive information online, potentially endangering over 10,000 personnel.
  • Safety at Risk: The breach, potentially the UK’s worst, puts officers at risk, as roles of intelligence and security are exposed.
  • Tense Climate: Amid ongoing security threats, like the New IRA, the breach ignites fears for officers’ safety in an already delicate environment.
  • Calls for Investigation: The breach prompts demands for investigation, improved data protection, and measures to ensure officer safety.

In a grave breach of security, the Police Service of Northern Ireland (PSNI) accidentally exposed the personal details of its entire workforce, comprising both officers and civilian staff.

The data leak occurred in response to a Freedom of Information (FOI) request and was subsequently published online, leaving more than 10,000 individuals vulnerable to potential physical threats.

The breach, which experts have described as potentially the worst data breach in UK history, has raised serious concerns about the safety of police officers and staff in a region with a history of violence.

The exposed information included names, initials, ranks, work locations, and departments of all PSNI personnel. While private addresses were not compromised, sensitive roles such as members of the organized crime unit, intelligence officers stationed at ports and airports, and officers at MI5’s headquarters were revealed.

However, this should not come as a surprise, as the United Kingdom has been facing data security issues for a while. Just yesterday, the UK Electoral Commission released information about a year-long data breach, in which an unknown attacker stole the personal data of millions of Brits.

This incident comes at a time when the security situation in Northern Ireland remains tense. Dissident Republican groups, such as the New IRA, continue to pose a threat to officers’ safety. Over 300 police officers lost their lives during the Troubles, and recent attacks on police personnel have heightened concerns about their security.

The accidental data leak has sparked outrage and fear within the PSNI and the wider community. A serving police constable, who spoke anonymously, emphasized the impact on officers and their families, stating, “This breach has highlighted the fear and concern that my family have about me doing this job.”

Northern Ireland’s Alliance Party leader, Naomi Long, called for a thorough investigation into the breach, questioning why such sensitive data was available in unencrypted form and how a junior staff member had access to it. The breach has prompted calls for greater protection for police officers, who often take measures to conceal their identities to safeguard their families.

Liam Kelly, chair of the Police Federation for Northern Ireland, expressed dismay and anger over the breach, stressing the importance of rebuilding trust between the PSNI and its officers. The breach has cast doubts on the PSNI’s security measures and its ability to safeguard its personnel.

Commenting on the breach, Pieter Arntz, a Malware Intelligence Researcher from Malwarebytes, told Hackead.com, “As we sometimes see in data breaches, there was no mal intent, but it was a case of human error. Human errors, however, are always enabled by some oversights in security measures or protocols that are designed to depend on everyone knowing exactly what to do and what not to do.”

“You could compare it to the way many services depend on passwords. We expect people to keep track of hundreds of passwords that need to be so complex that they are impossible to remember. But at the same time, we blame these people if they write it down on a Post-it or re-use the password for several sites,” said Pieter.

“Educating people has its boundaries, sometimes the underlying technology is just not right for the problem we are trying to solve,” Pieter added.

According to Sky News, the Information Commissioner’s Office has been informed of the incident and is assessing the situation. The PSNI has taken steps to rectify the breach and prevent similar errors from occurring in the future. Chief Constable Simon Byrne has interrupted his holiday to address the situation and provide reassurance to the police force.

As Northern Ireland grapples with the aftermath of this significant data breach, concerns persist about the potential consequences for officers’ safety and the region’s security landscape. The incident highlights the urgent need for enhanced data protection measures and renewed efforts to ensure the safety of those who risk their lives to maintain public order and security in a historically sensitive environment.

UK’s Ofcom confirms MOVEit related cyber attack

UK Police mistakenly deleted 150K arrest records in software glitch

Police lose evidence to Ryuk ransomware attack; suspects walk free


[ad_2]
Source link

August 2023 update live for Galaxy S22 series & Galaxy A54

0
[ad_1]

Samsung has released the August 2023 security update for the Galaxy S22 series and Galaxy A54 5G. The rollout began recently and is currently available to users in Latin America. The latest security patch should soon reach these phones in other markets.

The August SMR (Security Maintenance Release) for the Galaxy S22, Galaxy S22+, and Galaxy S22 Ultra comes with two different firmware build numbers in Latin America. In some countries, it’s S90*EXXS6CWG9. In others, it’s S90*EXXS6CWGA. As of this writing, we can confirm the availability of the update in Argentina, Brazil, Chile, Colombia, Guatemala, Mexico, Panama, Paraguay, Peru, Trinidad and Tobago, and Uruguay.

Regardless of the build number, the changelog remains the same. And there’s nothing notable here. Samsung is only pushing the latest security fixes to the phones. It has already been revealed that the August SMR patches more than 80 vulnerabilities, at least three of which are critical issues. Some of those could pave the way for remote code execution with user interaction or additional privileges.

These security fixes are also rolling out to the Galaxy A54 5G. Once again, Samsung has begun the rollout in Latin America, where users are getting the update with firmware version A546EXXS4AWG4. The rollout is widely available in the region, SamMobile confirms. The new premium mid-range smartphone is also only picking up the latest security patches and nothing more with the August update.

More Galaxy devices will get the August 2023 update soon

Samsung started rolling out the August security update to Galaxy devices last week. It has already pushed the latest SMR to about a dozen models, including the Galaxy S23 series, Galaxy Z Fold 4, Galaxy Z Flip 4, Galaxy Z Fold 3, Galaxy Z Flip 3, Galaxy Note 20 series, and the Galaxy S20 FE. As usual, the initial rollout only covers the devices in select markets, but the company will soon expand the update globally.

At the same time, Samsung will also push the August SMR to more Galaxy devices. The likes of the Galaxy S21 series, Galaxy S20 series, and a bunch of mid-range models are still awaiting the new security release. If you’re using a Galaxy device, you can check for updates from the Settings app. Go to the the Software update menu and tap on Download and install to see if an OTA (over the air) update is available. If you don’t see any updates, wait a few days and check again.


[ad_2]
Source link

Samsung and TSMC to split Snapdragon 8 Gen 4 production

0
[ad_1]

Qualcomm seems to have finalized deals with TSMC and Samsung for the manufacturing of the Snapdragon 8 Gen 4, which will be its first 3nm chip. Noted TF International analyst Ming-Chi Kuo suggested this in a recent Medium post. Kuo said that the American chip firm has “already cooperated” with the two foundry giants for the production of its 2024 flagship processor.

After having its flagship chips manufactured by Samsung for a few years, Qualcomm switched to TSMC last year because of the former’s poor yield rates. The Taiwanese firm manufactured the Snapdragon 8 Gen 2 and Snapdragon 8+ Gen 1 in 2022. It will also produce this year’s Snapdragon 8 Gen 3. While TSMC is ready with its 3nm process node, Qualcomm is sticking to 4nm to keep manufacturing costs down.

Meanwhile, Samsung has improved its advanced semiconductor yield rates in recent months. It is reportedly now on par with TSMC, if not better. As such, Qualcomm is going back to the Korean firm next year. It isn’t giving Samsung the entire manufacturing contract for the Snapdragon 8 Gen 2, though. If rumors are anything to go by, TSMC will manufacture the standard version while Samsung will manufacture the “for Galaxy” version for its smartphones.

It’s worth noting that dual sourcing requires more resources working on the same chip for two different foundries. In the case of the Snapdragon 8 Gen 2, things get even more difficult. While TSMC is sticking to the old-school FinFET transistor architecture for its 3nm solutions, Samsung is switching to the more advanced GAA architecture. So Qualcomm, which recently laid off over 400 employees, will need to efficiently manage its resources.

The company has freed up some resources by stopping chip development for Intel’s 20A node, which is reportedly equivalent to TSMC’s 3nm node. So that might help. Meanwhile, Qualcomm’s decision has put Intel’s plans for 18A R&D and mass production in jeopardy. The analyst said these plans are now “a higher level of uncertainty and risk.”

The Snapdragon 8 Gen 4 will power Samsung’s Galaxy S25 flagships

The Snapdragon 8 Gen 4 will debut at the end of 2024. It will power flagship Android smartphones in 2025, including Samsung’s Galaxy S25 series. The Korean firm will use the “for Galaxy” version manufactured in-house. It may not ship the phones with the Snapdragon chip globally though. Some markets may get an Exynos processor.

Samsung is rumored to bring back Exynos as early as next year. The Galaxy S24 series will ship with the Exynos 2400 in Europe, select parts of Asia, and a few other regions. Hopefully, the recent improvements may have addressed all the problems Samsung Foundry has had in the past. Otherwise, the company might have a hard time convincing people to buy Exynos-powered Galaxy flagships.


[ad_2]
Source link

16 Zero-Day Flaws Discovered in CODESYS Industrial Devices

0
[ad_1]

CODESYS, a widely-used integrated environment for controller programming, holds a strong presence in Operational Technology across diverse industries, such as:-

  • Factory automation
  • Energy
  • Mobile
  • Building
  • Embedded
  • Process

Backed by more than 500 manufacturers (including Schnieder Electric, Beckhoff, Wago, Eaton, ABB, Festo, etc.) and spanning various architectures that we have mentioned below, CODESYS powers millions of global devices:-

  • MIPS
  • Renesas
  • ARM
  • PowerPC
  • TriCore

Cybersecurity Researcher at Microsoft, Vladimir Eliezer Tokarev, recently identified several high-severity vulnerabilities and 16 zero-day vulnerabilities in CODESYS (CODESYS V3 SDK).

Besides this, Vladimir Eliezer Tokarev dubbed the 16 zero-day vulnerabilities that he found in CODESYS as “CoDe16,” a code name for this complete set of CODESYS zero-day vulnerabilities.

While the OT infrastructure could be affected severely by successfully exploiting all these high-severity vulnerabilities discovered in CODESYS V3 SDK.

Moreover, the Microsoft Threat Intelligence team also prompted and recommended that users at the BHUSA event (Black Hat USA 2023) attend their official session related to this vulnerability profile on August 10.

BHUSA Event Session

Cybersecurity researchers will detail the following key things during this event session:-

  • Exciting findings
  • Share technical insights into vulnerability discovery
  • Firmware extraction
  • Analysis

Apart from this, all the challenges, like proprietary network protocols and debugger-free analysis, will also be explored.

Security analysts will also unveil the root-cause for key flaws, and demonstrate the remote code execution chain to implant malicious payload, gaining full PLC control and factory floor manipulation.

Closing remarks will include the mitigation strategies, an open-source validation tool for CODESYS devices, and a live demo of successful RCE on an exposed system.


[ad_2]
Source link

Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack

0
[ad_1]
  • Rust Injector Emergence: A novel Rust-based injector has emerged, facilitating the deployment of the XWorm malware and Remcos RAT.
  • Multi-Stage Attack: The attack follows a sophisticated multi-stage process involving phishing emails, redirection to malicious files, and the execution of PowerShell scripts.
  • Innovative Tool Adoption: Cybercriminals leverage the Red Team tool “Freeze.rs” and SYK Crypter to bypass security controls and deliver malicious payloads.
  • Global Impact: The C2 server traffic analysis reveals that the attack primarily targets Europe and North America, showcasing its global reach.
  • Threat Evolution: The findings underscore the evolving nature of cyber threats, highlighting the need for enhanced vigilance against advanced attack techniques.

In a recent cybersecurity revelation, FortiGuard Labs has detected a surge in cyberattacks utilizing a new injector written in Rust, one of the fastest-growing programming languages.

Rust, while uncommon in malware development, has been increasingly adopted by malicious actors since 2019. This discovery sheds light on the evolving tactics of cybercriminals and their ability to innovate with new tools and techniques.

Rust Injector Emergence

The newly discovered Rust injector has been identified as a platform to introduce the XWorm malware into victims’ systems. FortiGuard Labs’ analysis reveals an unprecedented spike in injector activity during May 2023, suggesting a significant shift in cybercriminal strategy. This Rust-based injector is designed to inject shellcode and deploy XWorm, a remote access Trojan (RAT) known for its comprehensive control and monitoring capabilities.

Sophisticated Attack Chain

The attack begins with a phishing email campaign that purports to be an urgent order supplement request sent to various companies. This clever social engineering technique is accompanied by a malicious PDF file that redirects victims to an HTML file, leveraging the “search-ms” protocol to access an LNK file on a remote server.

Once the LNK file is executed, a PowerShell script initiates the deployment of the Rust injector “Freeze.rs” and the SYK Crypter, a tool used to deliver various malware families. The ultimate goal is to load the XWorm RAT and establish communication with a command and control (C2) server.

Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack
The phishing email (FortiGuard Labs)

Freeze.rs and SYK Crypter Nexus

FortiGuard Labs’ detailed analysis traced the origin of the new injector to the Red Team tool “Freeze.rs.” This tool is designed to create payloads capable of bypassing Endpoint Detection and Response (EDR) security controls, highlighting the increasingly sophisticated methods employed by cybercriminals.

Furthermore, the involvement of SYK Crypter, a tool commonly used to deliver malware families via the Discord chat platform, further exemplifies the collaborative and evolving nature of cybercriminal operations.

Multi-Stage Infection Process

The attack’s multi-stage infection process involves a series of intricate manoeuvres to evade detection and establish control. The malicious code employs various encryption algorithms, such as AES, RC4, or LZMA, to obfuscate its intent and evade antivirus detection. This flexibility in encryption methods adds a layer of complexity to the malicious payload.

XWorm and Remcos Collaboration

Once successfully injected, the XWorm RAT, a commodity tool traded on underground forums, collaborates with Remcos RAT, a sophisticated remote access Trojan. Together, they create a formidable threat with capabilities ranging from gathering device information and capturing screenshots to logging keystrokes and gaining comprehensive control over compromised systems.

Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack
The attack chain (FortiGuard Labs)

Global Implications

FortiGuard Labs’ analysis of the C2 server’s traffic reveals Europe and North America as primary targets of this malicious campaign. The attackers’ utilization of sophisticated techniques, such as the “search-ms” feature and the Rust injector “Freeze.rs,” underscores the need for heightened vigilance in handling suspicious emails and files.

In conclusion, the cyber threat landscape continues to evolve, with cyber criminals adopting innovative tactics and tools to infiltrate and compromise systems. FortiGuard Labs’ recent findings shed light on the emergence of Rust-based injectors and their role in deploying sophisticated malware payloads like XWorm and Remcos.

  1. P2PInfect: Self-Replicating Worm Hits Redis Instances
  2. Retired Software Exploited To Target Power Grids, Microsoft
  3. Phishers Exploiting Google Docs to Harvest Crypto Credentials
  4. Hackers Abusing MS Dynamics 365 Customer Voice to Steal Data
  5. Russian Midnight Blizzard Hackers Hit MS Teams in Precision Attack

[ad_2]
Source link

WhatsApp is rolling out screen sharing, landscape video calls

0
[ad_1]

WhatsApp is rolling out its screen sharing feature for video calls to everyone. It lets you share the content of your screen with the other people on the call as you talk with them. You can share documents, photos, videos, and pretty much everything else.

WhatsApp has been working on this feature for a few months now. Some beta users on Android got early access to it in late May. A couple of weeks later, the company rolled out screen sharing to the desktop beta version of the popular messaging app.

Now, Meta CEO Mark Zuckerberg has announced that “the ability to share your screen during a video call on WhatsApp” is rolling out to everyone. WhatsApp separately confirmed to TechCrunch that the rollout has begun on Android, iOS, and the desktop in a phased manner.

You can share your screen by tapping the “Share” icon in the bottom toolbar during an ongoing video call. A confirmation pop-up warns you about the potential risks of sharing your screen. It tells you that the other person can see everything on your screen, including passwords and payment information.

Once you confirm, your screen’s content will be immediately available to the other party. Everything you do on your phone or computer hereafter will be visible to them. Your call screen will feature a big, red “Stop sharing” button at the center to immediately stop sharing your screen.

If all of this sounds familiar to you, it’s because screen sharing works similarly on business communication tools like Google Meet, Microsoft Teams, and Zoom. WhatsApp is seemingly entering this space with these kinds of new additions. It already lets you make large group video calls and offers multi-device support.

To ensure that the new feature serves the desired purpose effectively, WhatsApp has also added landscape mode support for video calls. This can be helpful when sharing documents or videos. You can also make video calls in landscape mode without sharing your screen.

Download the latest WhatsApp update and start sharing your screen

WhatsApp’s screen sharing feature started rolling out recently. As said earlier, the company will push the new tool to users in a phased manner. So if it isn’t available for you today, it will be shortly. Meanwhile, you might want to check if the app has an update available on the Play Store. You can click the button below to install the latest version of WhatsApp on your Android device.

DOWNLOAD WHATSAPP


[ad_2]
Source link