Google, in an effort to rival Apple’s AirDrop, brought Nearby Share. This is the technology that lets you easily share files between Android phones and Chromebooks. Well, according to Google, Nearby Share is now available for Windows.
Nearby Share has come a long way since it was introduced in Android 9 Pie. At first, it was only available for phones. Also, when you send a file to another phone, you’d have to accept that file on the other device. That’s a nice security feature so that just anyone can’t send you a file. However, that made it inconvenient for people who are just trying to share files between their devices.
Over the years, Google added Nearby Share capabilities to Chromebooks. Also, if you’re logged into two devices with the same Google account, you can send files without needing to accept them on the receiving device.
Now, Nearby Share is available for Windows
We know that the company was working on making this happen for a few months. People were able to test this out by joining the early access program. Now, this feature is available to the public. You can download the .exe file here.
While this is available, it’s still in the beta stage. This means that it might not be completely stable. Just expect some jankiness while using it.
When you start up the application, you’ll be able to choose who can send files to your computer. The options are the same as the ones on your phone. You can choose to receive files from everyone, no one, your contacts, and devices that you’re signed into. Just like using it with your phone, you’ll want to sign into your Google account in order to automatically send and receive files.
After you choose the setting, then you’ll want to name your device. This is the name you’ll see when you open Nearby Share on another device. Be sure to pick a name that’s short and sweet. Longer names will be cut off in the selection screen.
After that, it’s as easy as sending and receiving files from your Windows computer.
Months after releasing the patch, hackers are still exploiting the security flaw in WooCommerce Payments WordPress plugin. The researchers have found the vulnerability under active attack, urging WordPress admins to update their websites with the latest plugin version immediately.
In March, the WordPress security firm Wordfence elaborated on a severe security flaw in the WooCommerce Payments plugin.
The vulnerability first caught the attention of GoldNetwork’s researcher Michael Mazzolini, whose report made the developers fix the flaw with plugin release 5.6.2.
However, it seems WordPress admins’ ignorance towards updating their websites is seemingly ruining the developers’ efforts, as Wordfence now reports detecting active exploitation of the flaw.
As explained, they detected active vulnerability exploitation starting July 14, 2023, to target different websites. What’s peculiar in this campaign is that the attackers abuse this flaw against a specific set of websites instead of targeting random websites massively.
Besides, the Wordfence team also observed a spike in the plugin enumeration requests searching for a readme.txt file in the wp-content/plugins/woocommerce-payments/ directory of websites. They explained that not all such requests were malicious. Yet, this behavior raised the alarm, making Wordfence discover the exploitation attempts.
The researchers found these requests generated from thousands of IPs, making IP blocking unsuitable for defenders. However, all malicious requests carried the header X-Wcpay-Platform-Checkout-User: 1, which prompts the site to consider incoming requests as admin requests. The attackers generating these requests then attempted to install the WP Console plugin to achieve remote code execution on target websites.
In addition to Wordfence, RCE Security shared a PoC exploit for this flaw in a separate post.
As evident from the plugin’s official WordPress page, the plugin boasts over 600,000 active installations. From these, only 40.5% of websites use the latest plugin versions. In comparison, the changelog lists the plugin version 6.2.0 as the latest release.
Given the severity of the flaw and the active exploitation, admins must update their WordPress websites with the latest plugin version immediately.
Google finally added Windows computers to its list of devices that can use Nearby Share. This is good news for people who want to share files between their phone and computer. If you don’t know how to use it, don’t worry. Here’s a handy how-to guide to help you get started. After this, you’ll be able to send files like a pro.
First off, what is Nearby Share?
There’s no point in learning how to use this if you don’t know what it is. Apple has AirDrop, and this technology gives iOS, macOS, and iPadOS users the ability to seamlessly share files between their devices. Google developed Nearby Share as an answer to AirDrop.
When you’re using it, you’re able to share all types of files between your devices. The function comes standard in all Android devices starting with Android 9 Pie. When you tap on the Share option for a file, you’ll see it as one of the options. It might occupy the list of places to share or it might sit above the list as its own button.
It’s come a long way since Google brought it along. At first, you could only send files to other Android devices. Now, you can share files with your Chromebook and Windows computers.
Also, the phone receiving the file will need to approve the file before downloading. This is a good security feature, as it means that you won’t randomly get a file from any stranger.
However, Google made a useful change. If the phone sending the file and the phone receiving the file are signed into the same Google account, the file will be sent automatically. You’ll need to choose that setting, however.
How to use Nearby Share on Windows
Using Nearby Share on your Windows computer is pretty easy to do.
Downloading and installing
First, you’ll want to download the .exe file to your computer. You can download the file here. Once you do that, go to the file and open it. The installation process is super quick, and the installer will handle all of that. After the process, you’ll see the application open up.
You won’t have the option to pin the app to the taskbar or the home screen from the installer. In order to do this, search for the app (just type in “Nearby Share”). When the search result pops up, right-click on it and click on the Open file location button.
A folder will open with a list of app shortcuts. Nearby Share will be highlighted. Drag that icon to your home screen to access it more quickly.
Setting up
When you open the app, you’ll see some initial settings. Firstly, you’ll see the option to sign in to your Google account. When you click that button, you’ll see a browser tab open up. You’ll log in on the browser. After you do that, you’ll see the Nearby Share app change a bit.
Next, after logging in, you’ll see your visibility options- who can send and receive files from you. There are four options and, if they seem familiar, they’re the same options you’ll see on your phone.
Using Nearby Share: Sending files
After you choose the desired setting, you’ll then see the screen change again. The next screen will show the previous setting you choose on the left of the screen along with the option to change it. Under it, you’ll see a little description of the setting in case you need a refresher. It also confirms the setting you chose. So, if you picked the wrong one by accident, you can get a heads-up.
The right side of the screen is where the magic happens. Up top, you’ll see the “Ready to share” text with a little animation underneath. At the bottom of the screen, there’s a rounded rectangle with the option to send files. If you can easily access the file you want to send, simply drag and drop it into the field.
There’s also the option to browse for the file. Click on the Select files button to open the File Explorer. There’s also the option to send entire folders right next to the aforementioned button. When you send a folder, it will send the actual folder and not just the files separately.
After you choose the file that you want to send, you’ll see the screen change yet again. On the left, you’ll see a list of the items that you are sharing. On the right, you’ll see it populate with a list of the available devices you can send to.
Once you click on the device you want to send it to, it will attempt to send the file(s). If you opted to only share with devices with the same Google account, it will immediately start sending. If you don’t, then that receiving device will get the approval screen. Once you tap Accept on that device, it will start sending.
Using Nearby Share: Receiving files
Receiving files is as easy as sending them. On your device, all you have to do is open the Sharing menu, tap on Nearby Share, and select the PC. Once you do that, the file will automatically start sending. You’ll see the file in your Downloads folder.
Important settings
There are some settings you can choose that will tailor the experience to your liking.
First, you’ll want to edit your visibility settings.
You can choose to receive files from everyone. This makes the process of receiving files easier. However, just know that it leaves you open to receiving files from any stranger, and that can pose a security risk. Also, if you choose this option, you will need to approve the file.
You have the option to enable this for only a few minutes or permanently. Google doesn’t tell you how long it’ll be enabled if you choose to have it on temporarily. Just expect it to last less than 10 minutes.
The next option will let you receive files from your contacts. You’ll only be able to send and receive files from people who are in your contacts. You can check out your contacts by going to contacts.google.com. You won’t need to approve files from these folks. Also, if you’re sending a file to a device signed in to your Google account, you won’t need to approve it.
Next, you can choose to only receive files from your devices. This means that the receiving device needs to be logged in to the same Google account as the device sending the file. Otherwise, it won’t show up. With this option, there is no approval step.
Lastly, there’s the option to be visible to no one. That defeats the purpose of installing the application, but it’s useful if you want to temporarily make your device invisible for any reason.
Next, edit your device name
When using Nearby Share, you’ll want to be able to identify the device you’re sending to quickly. Thus, you’ll want to choose a name for the PC that will let you easily identify that you’re sending to it.
In the upper-righthand corner, right next to your profile picture, tap on the Settings button; it’s the gear-shaped icon. Scroll down to Device name. Click on the Rename button on the right side and pick a name that’s short and sweet.
Choose which folder to save to
When you receive a file, it will automatically head to your computer’s default Downloads folder. You can change that, however. In the settings, the second option will let you designate the folder where the files will go.
With this knowledge, you’ll be able to send and share files with your Windows computer quickly and easily.
Thousands of US military emails were allegedly leaked to Mali, a country in western Africa, due to an unintentional typo error that occurred over a decade. This breach might have put US national security at risk.
According to the Financial Times report, users commonly type .ML, the country’s identifier for Mali, by mistake instead of attaching the military’s .MIL domain to their recipient’s email address.
Johannes Zuurbier, a Dutch businessman hired to look after Mali’s domain, says this issue has been going on for more than ten years despite his repeated attempts to alert the US authorities.
US Military Sensitive Information Disclosed
About 117,000 emails that were misdirected had been intercepted by Zuurbier since the year’s beginning alone. Many of these emails, in particular, included sensitive information about the US military.
Medical data, information about identification documents, names of military base employees, images of military bases, reports of naval inspections, lists of ship crews, and more are frequently included in emails.
Reports mention that military staff, travel brokers dealing with the US military, US intelligence, private contractors, and others have sent misdirected emails.
Even the travel schedule for General James McConville, the chief of staff of the US Army, on his visit to Indonesia, was included in one of these emails written earlier this year.
The email contained a complete list of room numbers, McConville’s schedule, and information on how to pick up McConville’s room key at the Grand Hyatt Jakarta, where he had been upgraded to a grand suite as a VIP.
There have been reports of multiple sources of organized leaking. Military travel agencies have been found to frequently make spelling errors in their emails.
Additionally, the exchange of emails between employees’ accounts has also been identified as a contributing factor.
“The Department of Defense (DoD) is aware of this issue and takes all unauthorized disclosures of Controlled National Security Information or Controlled Unclassified Information seriously,” said Tim Gorman, a spokesman for the Office of the Secretary of Defence.
According to Gorman, emails sent to Mali from.mil domains are “blocked,” and the sender is informed that they need to confirm the email addresses of their intended recipients.
However, Gorman admits that this does not prevent other government organizations or others collaborating with the US government from sending emails to Malian addresses by mistake.
Nevertheless, he states, “the Department continues to direct and train DoD personnel.”
This incident serves as an important reminder that even minor digital security mistakes can have major implications, especially when national security is at risk.
Due to a validation error in Microsoft code, a suspected Chinese attacker was able to access user email from approximately 25 organizations, including government agencies.
Microsoft is getting criticized for the way in which it handled a serious security incident that allowed a suspected Chinese espionage group to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. The attacks were targeted and lasted for about a month before they were first discovered.
The investigation started on Jun 16, 2023, when Microsoft was notified by a customer about an anomalous Exchange Online data access. Investigation learned that the customer’s Exchange Online data was accessed using Outlook Web Access (OWA).
Microsoft analysis attributed the activity to a group called Storm-0558 based on established prior tactics, techniques, and procedures (TTPs). Attribution is based on Microsoft Threat Intelligence assessment that Storm-0558 is a China-based threat actor with activities and methods consistent with espionage objectives.
At first Microsoft assumed that the spies were using legitimate Azure Active Directory (Azure AD) tokens stolen by malware. But further analysis showed that Storm-0558 was forging Azure AD tokens using an acquired Microsoft account (MSA) consumer signing key to access OWA and Outlook.com.
This was only possible because of a validation error in Microsoft code. MSA (consumer) keys and Azure AD (enterprise) keys are issued and managed from separate systems and should only be valid for their respective systems. Microsoft says it still doesn’t know how Storm-0558 stole the inactive MSA signing key.
An authentication token allows internet users to access applications, services, websites, and application programming interfaces (APIs) without having to enter their login credentials each time they visit. Instead, the user logs in once, and a unique token is generated and shared with connected applications or websites to verify their identity.
These tokens are validated with a signing key, so with access to such a key an attacker is able to create valid tokens to access the associated services. Storm-0558 was able to obtain new access tokens by presenting one previously issued from GetAccessTokenForResource Application Programming Interface (API) due to a design flaw. This flaw in this API has since been fixed.
When asked, China denied it was involved and basically said people in glass houses shouldn’t throw stones.
“We noted the reports saying that the spokesman for the White House National Security Council claimed that US officials found hackers linked to China took advantage of a security weakness in Microsoft’s cloud-computing to break into unclassified email accounts of the US, and the US has notified Microsoft about this. I would like to say that in the past, it was usually the world’s No.1 hacking group–the US National Security Agency, which also serves as the US Cyber Force Command, that released such kind of disinformation. This time it was the US National Security Council that made a public statement. Whatever agency spoke, it does not change the fact that the US is the world’s biggest hacking empire and global cyber thief.”
What has been done
Microsoft says it has completed mitigation of this attack for all customers and has not found any evidence of further access. The impacted customers have been contacted so no additional customer action is needed to prevent hackers from using the same tactics to access their Exchange or Outlook accounts.
On June 26, OWA stopped accepting tokens issued from GetAccessTokensForResource for renewal, which stopped Storm-0556 ‘s ability to use tokens issued from the Azure program.
On June 27, Microsoft blocked the usage of tokens signed with the acquired MSA key in OWA, blocking the usage of tokens signed with the key that had been acquired.
On June 29, Microsoft completed replacement of the key to prevent the threat actor from using it to forge new tokens.
Microsoft blocked the use of the stolen private signing key for all impacted customers on July 3, 2023 and says it has “substantially hardened key issuance systems since the acquired MSA key was initially issued.”
Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Samsung is just a week away from its second major Galaxy Unpacked of the year. The big event in Seoul, South Korea on July 26 will see the company unveil new foldables, tablets, and smartwatches. All of these devices have been subject to extensive leaks over the past couple of months or so. And as their official launch draws closer, the volume of leaks has gone up. Recently, someone posted a video of the Galaxy Tab S9 going through a short water resistance test.
The YouTube Shorts uploaded by @bro_99 shows the new Samsung tablet being subjected to a cup of water. The device seemingly works fine after the wash, suggesting that the user is trying to demonstrate that the Galaxy Tab S9 is water-resistant. They even titled the video a “waterproof test” of the tablet. But it’s worth noting that water damage doesn’t happen immediately. It may take a while before water drops reach internal circuits and damage the device.
So, this video doesn’t necessarily confirm that the Galaxy Tab S9 is water resistant. But leaks so far have suggested that the upcoming tablets will be the first flagship tablet offerings from Samsung to boast an official IP rating for dust and water resistance. We might get either an IP67 or IP68 rating on all three models. The makers of this short video, who appear to be employees of a third-party electronics retail store, likely wanted to test the ingress protection of the new Samsung tablet that may have reached their store ahead of its launch next week.
The addition of water resistance may make the Galaxy Tab S9 pricier
An official IP rating on the Galaxy Tab S9 series may come at a cost, though. Leaked prices for the upcoming Samsung tablets have hinted at a substantial hike this year. In Canada, the device may cost up to CAD 200 (roughly $150) more than their predecessors. Likewise, Samsung may charge up to €180 (roughly $200) more for the Galaxy Tab S9 series than the Galaxy Tab S8 in Europe.
While these rumored price hikes haven’t received backing from prominent leakers yet, the Galaxy Tab S9, Galaxy Tab S9+, and Galaxy Tab S9 Ultra will almost certainly cost more than their respective predecessors. Even the Galaxy Z Fold 5 and Galaxy Z Flip 5 foldables may see a price increase. Not a long wait now before we find out. All of these devices will debut on July 26, with the Galaxy Watch 6 series in tow. Stay tuned for the big Samsung launch event next week.
It’s no secret that Disney’s streaming platform Disney+ didn’t have the best start, thanks in part due to the subpar quality of recent Marvel and Star Wars shows. Now, in a recent revelation, Bob Iger, CEO of Disney, has announced that it is shifting its focus away from Marvel and Star Wars, with the ultimate goal of reducing overall costs by $5.5 billion, including a substantial $3 billion from content creation.
This decision comes as a response to the recent disasters of several Marvel TV series, indicating a potential waning audience interest. Despite Marvel generating over $18 billion for Disney, Iger acknowledged that its over-zealousness might have affected the quality and reception of some recent Marvel releases, such as “Ant-Man and the Wasp: Quantumania,” which experienced a sharp decline in ticket sales and garnered mixed to negative reviews.
“Marvel is a great example of that. It had not been in the television business at any significant level, and not only did they increase their movie output, but they ended up making a number of TV series. Frankly, it diluted focus and attention,” said CEO Bob Iger.
While Star Wars has seen better success with TV shows compared to Marvel, including notable Emmy-nominated shows like “Andor,” the absence of a new Star Wars film in theatres since 2019 has raised questions about the company’s approach to the franchise’s cinematic releases.
Disney’s Plan for the Future
In an effort to regain interest, the company will now implement limits on the number of sequels dedicated to each character. This strategic approach aims to keep the audience engaged without overwhelming them with excessive content. Additionally, the company will focus on creating original content and developing a diverse array of fresh narratives.
Furthermore, Bob Iger hinted that the studio could also focus on licensing agreements with other streaming platforms for the distribution of Marvel, Star Wars, and other Disney originals. While this could open up a world of opportunities for new TV shows similar to Daredevil, Disney is yet to make an official confirmation.
We take a look at several scams targeting flyers off on their holidays, and how you can keep yourself safe.
You may be getting ready to jump on a plane and head off for a few days or weeks of rest and relaxation. So the last thing you need before flying is a technology related horror show. Sadly, scammers are aware of families getting ready to hit the skies, and have tailored their threats accordingly. Several trip-related scams are doing the rounds right now, and we’re going to highlight some of the more prevalent ones.
Fake customer support on social media is one current major area of concern. This is often aimed at banking customers looking for assistance. The risk of this has increased since Twitter started charging for blue checkmarks, as many legitimate accounts now sport no visible means of authentication.
With popular airline easyJet cancelling 1,700 flights between July and September due to air traffic control delays, fraudsters have been busy creating fake support accounts. For people stuck in an airport and hearing the flight is off, or getting ready to make the trip, their first reaction may be to hop onto social media for breaking advice and information.
Bogus airline accounts are directing potential victims to fake airline websites and other portals in an effort to steal credentials (and most likely any payment data they can scoop up along the way). There’s currently somewhere in the realm of 100+ Twitter accounts using the easyJet branding. Of those, at least two have a gold verified check mark which are used exclusively for approved business accounts. Here’s the main easyJet account, for example.
The rest are a combination of “temporarily restricted” accounts, accounts set to private (and so not visible to non-followers), private individuals, video game themed(!), and more. Many of the accounts claim to be customer support and ask Twitter users to send them their mobile number for assistance. If you’re not talking to the verified account, or directed somewhere by that account, you may end up running into trouble.
Meanwhile, scammers elsewhere are targeting folks looking to dodge some of the Arizona heat. Phony travel agents lie in wait with fake websites and non-existent plane tickets. These sites appear in search engine results or random emails promising fantastic prices. Once you’ve paid and turned up on the day of the flight, or even just tried to check in online the day before, you’re in for a nasty surprise.
The fraudster has merely reserved a seat, as opposed to booking the desired ticket. Meanwhile, they were off using your payment details to try and buy who knows what. A fraught call to your bank or credit card’s customer service department now beckons.
If you’re looking for good deals, airlines and travel agents will be able to direct you to legitimate ticket sources. If you stumble upon a site you’ve not heard of, look up reviews and keep an eye out for any reference to wrong doing. One word of caution: you may also have to check the legitimacy of the reviews, too.
A final warning: be careful what you post online. We’ve previously talked about how posting up a photograph of your home environment can reveal important information. An envelope with your address on it, a box with your full name, even being geolocated because of traceable landmarks outside of your window. Well, the same warning applies to your airplane tickets too. If you’re getting into the holiday swing of things, keep all the small bits and pieces of data related to your trip out of shot. Using the information on your boarding ticket, or even your passport, people up to no good can get a good handle on who you are and what you’re doing.
If you’re revealing your name, frequent flyer number, and passport information online then you’re a possible meal ticket for scammers. This isn’t even necessarily a case of stealing your banking data. They can potentially social engineer their way into accessing your account under the guise of you having “forgotten” your login details. Maybe they’ll sell your frequent flyer account on, or do something else to cause you a headache. They may even just wait a few months and then send a targeted phish. The sky really is the limit with scams, so keep your personal info private.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Samsung today has announced a few new features that are available for Galaxy Watch owners, including Samsung Wallet. This comes just a week before Samsung is rumored to be launching the Galaxy Watch 6 and Galaxy Watch 6 Classic. The company’s latest upcoming smartwatches, which you’ll be able to reserve using Samsung Reserve to get $50 in Samsung credit when you pre-order.
In total Samsung is bringing three new features to Galaxy Watch devices. These will be available through apps released for the Galaxy Watch series. And one of them can be installed on devices right now. That app is WhatsApp, which was officially announced as being available on Wear OS 3 devices earlier today.
To install WhatsApp, you’ll need a smartwatch running on Wear OS 3. Which could be a TicWatch 5 Pro, a Pixel Watch, or a small number of other devices. For the Galaxy Watch family, you’ll need a Galaxy Watch 4 or Galaxy Watch 5 since these are the only watches from Samsung that run on Wear OS 3. WhatsApp will also be available for Samsung’s new watches that are arriving soon.
Samsung Wallet will arrive first on new Galaxy Watch devices
Samsung Wallet is already available to Galaxy smartphone owners. But it won’t be available for Galaxy Watch owners until a little later this Summer. Samsung confirms that the wallet app will arrive first on the new Galaxy Watch series. Which is rumored to be unveiled at next week’s Unpacked event that Samsung is holding in Seoul. It should also later arrive for older Galaxy Watch devices, though Samsung doesn’t mention any specific ones.
It does state that you will need a compatible Galaxy Watch smartphone though. So if you’re using a device from another brand, then you won’t be able to use the new Samsung Wallet app for Galaxy Watch. The third app coming to Galaxy Watch devices is Thermo Check. This uses the Skin Temperature API to measure the temperature of your surroundings without having requiring any physical contact Samsung says.
Like with Samsung Wallet, this app will drop first for the upcoming Galaxy Watch devices, and then arrive for Galaxy Watch 4 and Galaxy Watch 5 owners later this Summer.
If you’re interested in using Bing AI in the Chrome browser, then you’re out of luck. Microsoft wants its users to use Bing AI in its own Edge browser. We know that the company wants to change that… but, it has a funny way of showing it, according to Windows Central.
As you know, you can only use Bing AI on the Microsoft Edge browser. That alienates the majority of those using a web browser, as Chrome is the most-used browser on the planet. However, Microsoft did say that it plans on making Bing AI available on all platforms one day.
Microsoft invites Chrome users to try Bing AI, but they can’t
When you’re using Google Chrome on a Windows 11 computer, you’ll see a new popup saying “Try the new AI powered Bing in Chrome”. So, naturally, you’d think that you’ll be able to load up the the chatbot page in Chrome and start generating some content.
However, that’s not what happens. In fact, it seems to do everything BUT let you use Bing AI in Chrome. When you click on it, it will prompt you to install the Bing extension. After that, you’ll find that your default search engine was changed to Bing and that your homepage was also changed.
When you try to use Bing AI in the Chrome browser, you’ll see a splash screen letting you know that you can’t use Chat Mode while in that browser. At the bottom of the screen, you’ll see a button that will take you to the Edge browser.
If you think that Microsoft is trying to troll Chrome users, that might not be the case. Windows Central makes the point that this could have been a mistake. Maybe Microsoft accidentally pushed the notification before the integration was complete.
In any case, if you’re a Chrome user and you want to try out Bing AI on the Chrome browser, then you will get your chance. We’re not sure when, but we know that Microsoft is gearing up to make it happen.
