Many of Google’s popular apps have been updated with new features and improvements lately. It’s now Google Chat’s turn to be in the spotlight, as the search giant has just announced a small, yet important update is now rolling out to everyone using its messaging app.
Although this isn’t a large update, it does bring a rather useful feature: hyperlinks support. With the latest version of Google Chat, you’ll be able to hyperlink text on web and Android when creating or editing a message, Google confirmed earlier today.
In addition to this new functionality, the update adds the ability to copy over hyperlinks from other Google apps like Gmail, Docs, Sheets, and Slides. Unsurprisingly, this was tagged by Google as a “highly requested” feature, so it’s safe to say that it will help many users make their message look cleaner and easier to read.
In order to hyperlink a piece of text, you’ll have to click on the link icon in the rich text formatting toolbar and enter the URL. If you’re on the web, the whole process of adding hyperlinks is much easier because you can make use of keyboard shortcuts (Ctrl+K on ChromeOS and Windows).
As far as availability goes, Google says that Chat users in the Rapid Release domains should get the new features today, but the rollout should take up to 15 days. Everyone else should start seeing the new functionality on August 1, with a full rollout taking up to 3 days.
Finally, the update being deployed to all Google Workspace customers and users with personal Google Accounts. You don’t have to do anything to hyperlink the text in your messages. Once you receive the update, you can start using the new features.
Wireshark, One of the world’s most popular network packet analyzers, released Wireshark 4.0.7 with the fixes of several bugs, updated protocol support, and a few enhancements.
Wireshark is an application that captures packets from a network link, like the one between your computer and your home office or the internet.
In a standard Ethernet network, a packet is a data unit that can be sent and received independently. The most widely used packet sniffer in the world is Wireshark.
Wireshark is one of the most popular network security tools to analyze network protocols, including IP, TCP, UDP, HTTP, SSL/TLS, FTP, DNS, DHCP, and many more.
The packet analyzer Wireshark is a crucial tool for organizations of all sizes and types since network administrators and security professionals use it to investigate network traffic and detect vulnerabilities.
Wireshark 4.0.7 Updates
Bugs Patched:
Crash when (re)loading a capture file after renaming a dfilter macro. Issue 13753.
Moving a column deselects selected packet and moves to beginning of packet list. Issue 16251.
If you set the default interface in the preferences, it doesn’t work with TShark. Issue 16593.
Severe performance issues in Follow → Save As raw workflow. Issue 17313.
TShark doesn’t support the tab character as an aggregator character in \”-T fields\” Issue 18002.
On Windows clicking on a link in the ‘Software Update’ window launches, now unsupported, MS Internet Explorer. Issue 18488.
Wireshark 4.x.x on Win10-x64 crashes after saving a file with a name already in use. Issue 18679.
NAS-5GS Operator-defined Access Category: Multiple Criteria values not displayed in dissected packet display. Issue 18941.
Server Hello Packet Invisible – during 802.1x Authentication- from Wireshark App Version 4.0.3 (v4.0.3-0-gc552f74cdc23) & above. Issue 19071.
TShark reassembled data is incomplete/truncated. Issue 19107.
CQL protocol parsing issues with Result frames from open source Cassandra. Issue 19119.
TLS 1.3 second Key Update doesn’t work. Issue 19120.
HTTP2 dissector reports an assertion error on large data frames. Issue 19121.
epan: Single letter hostnames aren’t displayed correctly. Issue 19137.
BLF: CAN-FD-Message format is missing a field. Issue 19146.
BLF: last parameter of LIN-Message is not mandatory (BUGFIX) Issue 19147.
For more information on the release, visit the Wireshark 4.0.7 release notes page.
If you’re running Wireshark on macOS and upgraded to macOS 13 from an earlier version, you might have to open and run the “Uninstall ChmodBPF” package, then open and run “Install ChmodBPF” in order to reset the ChmodBPF Launch Daemon. Issue 18734. Wireshark team said.
Twitter has now published a new post in which it explains how it is approaching moderation on its platform, reports Engadget. The post is dubbed “Freedom of Speech Not Reach”, and it focuses on the fact that tweets that violate its hateful conduct policy are getting a limited reach, a practice that the company started back in April.
Twitter explains its moderation for posts that violate its policies
In April, Twitter started enforcing a limited reach to posts that were violating its hateful conduct policy under the banner “Freedom of Speech Not Reach”. The social media platform also applies a label to such posts indicating: “Visibility limited: this tweet may violate Twitter’s rules against hateful conduct.” According to Twitter’s latest blog post detailing the progress on the initiative, the social media platform says it has applied this label to more than 700,000 posts since April and has also prevented ads from appearing next to such content.
All in all, the label reduces the visibility of a post by 81%. Twitter also stated that actually, one-third of the users that get this label on a tweet decide to delete it instead of appealing it (four percent of users have decided to appeal the label).
We remain committed to maintaining free speech on Twitter, while equally maintaining the health of our platform. Today, more than 99.99% of Tweet impressions are from healthy content, or content that does not violate our rules.
The company is also planning on expanding its labels to include more types of policy violations. Like, for example now tweets that violate the company’s Abusive Behavior or Violent Speech policies will get labeled and with a limited reach. Examples of such content include tweets targeting individuals, tweets encouraging others to harass somebody or a group, and threatening posts with threats of violence or harm.
We take a look at reports of an exploit being deployed via booby trapped Word documents.
An unpatched zero-day vulnerability is currently being abused in the wild, targeting those with an interest in Ukraine. Microsoft reports that CVE-2023-36884 is tied to reports of:
…a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.
While the CVE is being updated with new information and links to appropriate security information, the Microsoft Security Blog is currently exploring the issue in detail.
This all ties back to a phishing campaign operated by a group being tracked as “Storm-0978” which targets defence and government entities in both Europe and North America. The campaign itself makes use of bait related to the Ukrainian World Congress, a non-profit organisation of “all Ukrainian public organisations in diaspora”.
These infections originate from remote code execution via Word documents exploiting the above Ukraine-themed bait, as well as an “abuse of vulnerabilities contributing to a security feature bypass”. A fake OneDrive loader delivers a backdoor with similarities to RomCom, their primary backdoor tool. It’s unusual to observe websites involved in this kind of attack still be online hours after a reveal, but here are some shots we took of both site and downloads (thanks to Jerome):
Some of the other attacks launched by this group involve distribution of trojanized versions of popular software. Once the backdoor has taken hold, the group “may steal credentials to be used in targeted operations”.
Popular tools used for these installations include trojanized versions of Solarwinds Network Performance Monitor, KeePass, Signal, and Adobe products. Bogus domains imitating the real thing are registered and used as convincing fronts for the infected software.
Microsoft notes that this group also has a hand in ransomware attacks, though it is less targeted in nature and unrelated to any espionage-themed operations. Attacks which have been identified as belonging to Storm-0978 in this realm have impacted finance and telecommunications industries.
A variety of attacks on several fronts, then.
Microsoft gives the following advice for organisations concerned with the potential threat of compromise from the most recent attacks:
CVE-2023-36884 specific recommendations
Customers who use Microsoft Defender for Office 365 are protected from attachments that attempt to exploit CVE-2023-36884.
In current attack chains, the use of the Block all Office applications from creating child processes attack surface reduction rule prevents the vulnerability from being exploited
Organizations who cannot take advantage of these protections can set the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key to avoid exploitation. Please note that while these registry settings would mitigate exploitation of this issue, it could affect regular functionality for certain use cases related to these applications.
You could also consider blocking outbound SMB traffic.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Following a three-month lull of activity, Cl0p returned with a vengeance in June and beat out LockBit as the month’s most active ransomware gang.
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.
Following a three-month lull of activity, Cl0p returned with a vengeance in June and beat out LockBit as the month’s most active ransomware gang. The group’s 91 attacks come not long after their extensive GoAnywhere campaign in March, when they hit over 100 organizations using a nasty zero-day.
June also witnessed a staggering increase in attacks from relatively new gangs such as Akira (26) and 8Base (41), enough to propel both of them into the top five—a designation usually reserved for more familiar names like ALPHV, who was conspicuously silent in June.
Other big stories in June include a suspected LockBit affiliate arrest, the Royal ransomware gang toying with a new encryptor, and a notable increase in attacks on the Manufacturing sector.
Known ransomware attacks by gang, June 2023
Comparing June to the earlier months of the year, we notice several shifts in ransomware activity. There was a massive decrease in the activity from Royal, for example, which normally dominates the monthly rankings—often cracking into the top five—with an average of roughly 30 attacks a month in that period. But last month, they posted just two victims.
While a sudden dip in attacks isn’t too unusual for top ransomware gangs, it’s worth mentioning that in last month’s review we speculated that Royal might be going through a rebrand. That’s because a new ransomware called BlackSuit had appeared which shared 98 percent of its code with the infamous Royal ransomware.
Considering that both Royal and BlackSuit were active last month, however, a rebrand probably isn’t happening any time soon. Instead, it’s likely that Royal is simply testing a new encryptor—especially considering that BlackSuit was used in just two attacks last month—and that this lull can be explained as more or less of a research period for them.
Other interesting anomalies in June include 47 attacks on the Manufacturing industry (which usually averages around 20 attacks a month) and notable increases in attacks on Switzerland (14) and Brazil (13), both of which are normally attacked only two or three times a month. Part of this can be explained by the fact that 8BASE disproportionately attacked Brazil with 11 attacks last month, while PLAY focused on Switzerland (5).
Known ransomware attacks by country, June 2023
Known ransomware attacks by industry sector, June 2023
Cl0p’s precipitous rise to the top of the charts this month, on the other hand, can be explained by their exploitation of a zero-day in MOVEit Transfer, a widely used file transfer software.
The vulnerability, which could allow attackers to gain escalated privileges and unauthorized access to an environment, was first disclosed on May 31st in a security bulletin released by Progress. But while it was clear earlier on that attackers were actively exploiting CVE-2023-34362, it was only a few days later that it became clear that Cl0p was behind the attacks. A Cl0p representative confirmed that they had been testing the vulnerability since July 2021 and that they had decided to deploy it over the Memorial Day weekend. What’s more, two other vulnerabilities in MOVEit were found while new victims were still coming forward.
In terms of the fallout, it’s tough to overstate the havoc Cl0p was able to wreck thanks to the zero-day.
The MOVEit data breaches had widespread impacts, affecting everything from the Oregon DMV and Louisiana OMV (Office of Motor Vehicles)—including the leak of nearly 10 million drivers’ licenses—to the University of Rochester and multiple corporations. PBI Research Services also reported a data breach that exposed information for 4.75 million people. The government even offered a reward of up to $10 million for information on Cl0p after several federal agencies in the US fell victim to the gang.
As for who was hit the hardest, around 16 percent of ransomware incidents affecting State, Local, Tribal, and Tribunal (SLTT) governments were from LockBit, says the MS-ISAC.
In other news, a suspected LockBit affiliate named Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, was arrested in Arizona last month. The US Justice Department thinks he’s been deploying LockBit ransomware on victim networks both in the States and overseas, with the investigation having run from August 2020 through March 2023.
Astamirov is now facing charges of wire fraud and of intentionally damaging protected computers, plus he’s accused of making ransom demands through deploying ransomware. The arrest makes him the third LockBit affiliate charged in the US since November.
Newcomers
NoEscape
NoEscape is a new ransomware which been doing the rounds in underground forums since May 2023. Developed in-house using C++, the NoEscape ransomware uses a hybrid approach to encryption, combining ChaCha20 and RSA encryption algorithms for file encryption and key protection.
Last month, NoEscape posted 7 victims on their leak site.
Darkrace
DarkRace is a new ransomware group first discovered by researcher S!Ri. Darkrace specifically targets Windows operating systems and has several similarities to LockBit.
The gang attacked 10 victims last month, the majority of them being from the Information and Communications Technology (ICT) sectors. Geographically, most victims are located in Europe, specifically Italy.
Rhysida
Rhysida, a new ransomware gang claiming to be a “cybersecurity team,” has been in operation since May 17, 2023, making headlines for their high-profile attack against the Chilean Army.
The gang published a whopping eighteen victims on their leak site in June, making it one of the most prolific newcomers in our month reviews to-date.
We’re now following rumors about the next Galaxy S phones. While these phones are more than half a year away, get ready for bits and pieces of news to pop up over time. Case and point, a report points to the Galaxy S24 phones using stacked battery technology. It could also bring another notable improvement we’ve all been waiting for.
For a few years, we’ve been hearing about stacked battery technology. This new way of manufacturing batteries will bring some notable benefits. For example, this will allow batteries to be more densely packed. Batteries will be able to store more power without needing to be physically larger. There are other benefits like better charging, etc.
The Galaxy S24 phone could use this stacked battery technology… well, not all of them
This stacked battery technology is still in the works, so we’re not 100% sure if the company will implement it. However, Samsung is gunning for it to happen, according to RGcloudS (via SamMobile).
If the Korean tech giant is able to make it happen, it predicts that it won’t be able to distribute these new batteries across the entire S24 series. It looks like this privilege will be reserved for the Galaxy S24 Ultra. That’s a bummer for people planning on picking up one of the cheaper phones.
Other reports state that the production is set to take place at the Cheonan plant located in Seoul. There are conflicting reports stating that the production hasn’t begun yet, as the proper manufacturing equipment hasn’t arrived at the plant yet.
There’s another improvement rumored
While this stacked battery technology could make the battery last longer, Samsung could be planning on having the battery charge faster. Rumors say that Samsung will bring faster 65W charging to its next Ultra flagship.
The Galaxy S-series phones are capped at 45W charging. That’s a safe charging speed, but people have been craving faster charging. While 65W is behind some of the competition, this is still a welcomed boost.
Adored by some but disliked by others, shopping is a part of our everyday lives we simply can’t avoid no matter which of the two categories you may fall into. Luckily, with the birth of modern technology, we can nowadays avoid the tedious activity of going shopping and we simply take care of it from the comfort of our own homes by using the internet, various shopping apps and delivery services.
What’s more, when shopping online, you can easily find numerous special deals and promotions, as well as discounts like the ones offered here. That said, let’s explore the top reasons why online shopping has become so popular.
It is more convenient
Simply put, online shopping is more convenient than shopping in person. For starters, you can shop online whenever and wherever you may be. There’s no need to plan out your routes and prepare for the trip; Instead, you can simply reach for your Android or iPhone and get to it.
What’s more, the majority of online stores nowadays offer the option to save a list of the items you purchase frequently, so that you don’t have to go looking for them every time you wish to make a purchase.
It offers more options
Next, shopping online simply offers more options than in-person shopping. Be it the variety of items you can find, delivery options or even discounts, promotions and coupons, you’ll have plenty of options to choose from. For instance, Bravodeal.com is a coupon site specializing in discount codes for users who want to save money on online purchases. Founded in 2018, it offers a wide selection of coupon codes, deals and promos that can be used across major online retailers.
So, when shopping online, make sure you check all of the available options and deals until you find the one that’s perfect for you.
You can shop wherever you are
As mentioned previously, being able to shop online means that you don’t need to set virtually any time aside specifically for this activity. Instead, you can do it at home, on your morning or afternoon commute, while walking your dog, or even before heading to bed.
Being able to make a purchase the moment you see or remember that you’re running low on a particular household item, for instance, will greatly reduce the stress of trying to remember if you’ve forgotten to grab something you need while at the grocery store.
What’s more, if your friend or colleague has, let’s say, a really cool shirt, you can simply ask them where they’ve bought it from and instantly look up – and purchase – the item, provided that it’s still available for sale.
It’s great for the introverts
Another reason people prefer to shop online is the people factor. Simply put, some people hate shopping precisely due to the fact that they will need to interact with other people while doing so.
Therefore, instead of having to deal with store clerks or, God forbid, make small talk with other shoppers while waiting in the line at the registry, you can simply avoid all of that and still get your items with only a few taps of your finger or clicks of a button.
There are some downsides, however
While there’s really no debate whether or not online shopping is great, it’s still important to shine some light on some drawbacks that come with it.
The first one being, obviously, the inability to touch, feel and try out the products you’re interested in prior to purchasing them. And while product photos and videos can tell you a lot about the item, they can’t really be enough to determine that you’ll end up liking the item, or that it will end up suiting you entirely. This is mostly the case with clothes, shoes, makeup and hygiene products.
Another potential drawback of online shopping is precisely the fact that it is so convenient. Which means some people can easily fall into a trap of buying the items they don’t really want – or need – just because they can do it so easily. Needless to say, this could potentially lead to some more serious issues, such as overconsumption or even debt.
Get the low-down on our recent webinar From Malvertising to Ransomware.
Our recent webinar From Malvertising to Ransomware highlight the clear connection between malvertising—the practice of embedding malicious code within legitimate online advertisements—and the epidemic of ransomware attacks affecting businesses globally.
Presented by Mark Stockley, security evangelist at Malwarebytes, and Jerome Segura, Director of Threat Intelligence at Malwarebytes, the webinar explains how malvertising has evolved into an effective entry point in the cyberattack “kill chain.”
By leveraging the broad reach and precision targeting of digital advertising, threat actors can compromise systems, gather valuable credentials, and ultimately lay the groundwork for debilitating ransomware attacks. Speakers mention the Royal ransomware group as just one example of a threat actor using this tactic.
If you missed the live session, it’s not too late to get the low-down on the malvertising-ransomware connection. Watch the full webinar here to ensure you’re informed and prepared to tackle these nasty threats!
It was truly only a matter of time before this was the case, but Elon Musk has started to block Threads links and mentions on Twitter. Musk also did this with Mastodon shortly after he took over the site, when many decided to give alternatives a try. So we all knew this was coming.
However, apparently, if you pay to promote a Tweet that mentions Threads and has a link to Threads, it’s okay.
If you search for URL:threads.net you’ll find that there’s nothing popping up. However, if you search for URL:threads net without the period, the links will show up. So there is a pretty good workaround here, thankfully.
Some might think this is a bug, but this is likely deliberate. Since Threads launched, Musk has been upset about it, and Zuckerberg launching it.
Threads has 100 million users and continues to grow
Threads shattered the record for the fastest app to hit 100 million users, which was set by ChatGPT at around a month. Threads did it in just 5 days. Of course, a big reason for that was indeed the fact that it was tied so closely to Instagram. But that does not sit well with Musk, who is starting to see even more competition to his app, as he tries (whether inadvertently or not) to kill his app.
Musk had challenged Zuckerberg to a cage match, but then after Threads launched, he decided to change that to a different kind of contest. It’s unclear whether either one will happen anytime soon, but it is pretty fun to see the contention between the two.
Threads is missing quite a few features, which is resulting in a lot of people heading back to Twitter, because they can actually search for things. As long as they aren’t links to Threads. The site is also missing, well, a website. As well as DMs, and so much more. Which, Instagram head, Adam Mosseri has said is coming.
Netizens watch as a top Google AR software executive turns in his resignation letter. The reason behind this decision shows how off-course Google might be regarding its AR endeavors. Aside from this top executive, other workers in Google’s AR department have similar complaints about the company’s attitude towards leadership.
Mark Lucovsky, a former top executive working with Google’s AR team, has publicly resigned. The expert in the field of AR software and operating systems took to his Twitter account to announce his retirement. While announcing that he is leaving the company, he was also kind to give details as to his exit.
The reasons he gave might bring questions to the mind of netizens looking forward to Google’s growth in the AR and VR industry. But it seems like the company is still struggling to stand its ground. Mark’s exit from Google is proof that the tech giant is barely standing on one foot in the AR and VR industry.
Here is what the resignation of one of Google’s top AR software executives proves
The exit of Mark Lucovsky raises a new set of concerns about Google’s plans for the AR and VR industry. Currently, the likes of Meta are topping the games in this industry, with Apple working to get its fair share. Over the years, fans have anticipated an AR or VR product launch from Google to no avail, and the company’s stand in this industry seems to be uncertain.
While stating the reason for his resignation, Mark Lucovsky points out recent changes to Google’s AR department. Over the past few months, netizens have seen reports of leadership changes within Google’s AR development ranks. With each change comes a new objective, which might not fall in line with the previous objective under former leadership.
These changes make work quite hard for those working in Google’s AR department. Each new AR and XR tech product the company announces keeps getting met with Google’s unforgiving axe. Now there seems to be a shift from hardware development to a focus on AR software.
These changes are very unhealthy for Mark’s career and his future in the AR industry. Google is also drawing attention to itself for the wrong reasons, as it fails to get its affairs together concerning AR technology. With the influx of companies to the AR industry, Google might find it hard to catch up if they don’t get things in place as soon as possible.
Known ransomware attacks by country, June 2023
If you search for URL:threads.net you’ll find that there’s nothing popping up. However, if you search for URL:threads net without the period, the links will show up. So there is a pretty good workaround here, thankfully.