Following the announcement of its launch during the June 2024 Pixel Feature Drop, Google has now begun to roll out a helpful new feature for its Phone app on Pixel devices: a “Lookup” button that makes it much simpler to do a reverse number search.
Previously, if you wanted to search for an unknown number on Google, you had to go through a multi-step process. First, you’d have to copy the number from your call history, then open the Google app or your web browser, paste the number into the search bar, and finally hit enter.
With the new Lookup button, the process is much faster and more convenient. When you tap on an unknown number in your recent call history, you’ll now see the Lookup button alongside the Add contact, Messages, and History options. Tapping Lookup will instantly open a Google search for the number, including the country code, so you can quickly see if there’s any information available about the caller.
Google Phone app lookup tool in action | Image credit: PhoneArena
It’s worth noting that the Lookup feature simply opens a Google search for the number, so the quality of the results will depend on what information is available online. However, it’s still a handy tool to have at your disposal.
While the Lookup feature might seem like a small addition, it’s definitely a welcome quality-of-life improvement. It can be a real time saver, especially if you frequently receive calls from unknown numbers. With just a tap of a button, you can now quickly identify who’s calling and decide whether to answer or not.
This new functionality is being rolled out as a server-side update, meaning you won’t need to update your Google Phone app to get it. It’s currently available in version 132 of the app (the current beta version) and has been spotted on many Pixel devices.
In a major victory against ransomware operators, Ukrainian police have apprehended a Ukrainian national suspected of aiding the notorious ransomware groups, Conti and LockBit for monetary gains.
The arrest, which took place on April 18, 2024, is part of a wider operation dubbed “Operation Endgame,” and was made possible with the collaboration of Team High Tech Crime (THTC) of Unity National Operations and Interventions, the Netherlands. However, the announcement about the suspect was only revealed earlier today by Ukrainian authorities in a press release.
The 28-year-old man from Kyiv was identified after an investigation from the National Public Prosecutor’s Public Prosecutor’s Office was launched. Reportedly, the unauthorized Ukrainian hacker penetrated a Dutch company’s computer network and the company reported the incident in 2021. The company has been notified of the arrest and the course of action.
The suspect specialized in developing cryptors. Russian Conti group used Kyivan’s services for a reward in cryptocurrency to disguise the “Conti-malware” encryption virus to infiltrate the Dutch company’s computer networks. By the end of 2021, the group infected the company’s computer networks in the Netherlands and Belgium with hidden malware, rendering them unusable, and demanded a ransom for decrypting the data.
The significance of this arrest lies in the suspect’s expertise. He allegedly specialized in crafting custom crypters – tools used to disguise malicious ransomware payloads as legitimate files. These crypters effectively bypassed traditional antivirus software, allowing the ransomware to operate undetected within compromised networks. Evidence suggests he sold his crypting services to both Conti and LockBit, significantly enhancing their ability to launch successful attacks.
Police and the special unit “TacTeam” of the TOR DPP battalion conducted a pre-trial investigation in Kyiv and the suspect’s native Kharkiv region, seized computer equipment, mobile phones, and draft records.
The investigation is ongoing, with the suspect being declared under part 5 of Art. 361 of the Criminal Code of Ukraine, which provides up to 15 years of imprisonment. Additional legal qualifications may be possible.
This is a promising development as the arrest sends a strong message to cybercriminals that their activities will not go unpunished. The information collected from the investigation could lead to further arrests and the dismantling of additional elements of these groups.
The apprehended individual’s expertise may provide valuable insights into the technical workings of these cybercriminal organizations, aiding in the development of more powerful security solutions.
SSH and RDP provide remote access to server machines (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if solid passwords and access controls are not implemented.
Exposed SSH ports (default 22) are scanned by attackers who attempt unauthorized logins to gain control of the server.
Once in, they can deploy malware or steal data, while attackers can also use SSH to move laterally within a compromised network.
The ID and password list used in a past Tsunami DDoS bot attack campaign
Attackers scan for open port 22 (SSH) and use dictionary attacks to gain access to Linux systems by first identifying potential targets with port scanners and banner grabbers, then leveraging SSH dictionary attack tools to try username and password combinations from a wordlist.
Analyze any MaliciousURL, Files & Emails & Configuration With ANY RUN : Start your Analysis
Successful logins allow them to steal configuration data and potentially install malware to find more vulnerable systems, as researchers identify these attacks by detecting multiple login failures.
Detection logs upon multiple login failures
Attackers exploit weak SSH configurations to gain access to systems, and after compromising an initial server, some malware like Kinsing can self-propagate by using the stolen credentials to launch scans and dictionary attacks on other vulnerable machines.
Kinsing’s propagation commands
This process allows attackers to expand their reach and potentially build a network of infected devices for further malicious activities.
Security solutions can monitor suspicious commands issued through SSH connections to help administrators identify and stop such attacks before they spread.
The script responsible for SSH propagation
Kinsing malware leverages SSH key-based authentication for lateral movement. The malware’s “spre.sh” script extracts hostnames, ports, usernames, and key file locations from SSH configuration files and credential caches on infected systems.
It then iterates through this data, attempting SSH logins with each key-user combination, and upon successful login, the script utilizes curl or wget to download and execute a malicious downloader script, further propagating Kinsing across the network.
Detection logs of the behavior of reading a history file to obtain the user input record
ASEC outlines a data collection strategy for identifying potential SSH propagation points, which focuses on system files and processes that might contain usernames, SSH hostnames, and public key locations.
The collector will search for SSH configuration files (*/.ssh/config), bash history (*/.bash_history), system hosts file (*/etc/hosts), known SSH hosts (*/.ssh/known_hosts), and processes connected to port 22.
To identify users, it will look for private keys (*/id_rsa and */.bash_history) and public keys (*/.ssh/config, */.bash_history, and *.pem), which aims to gather evidence of established SSH connections and credentials that could be leveraged to spread access across a network.
They identify malicious lateral movement attempts by monitoring file access behavior. Specifically, it detects instances where a file attempts to read both a system log file and an SSH key file.
The combination suggests the file might be malware trying to gather user login credentials from logs and then leverage SSH keys to spread to other machines on the network.
Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo
Back in February, billionaire meme machine Elon Musk filed a lawsuit against OpenAI. He alleged that the company betrayed its original vision and has basically become a profit machine for Microsoft. News about that case has slowed down as time went on, but it looks like Musk has had a change of heart. Elon Musk just dropped the case against OpenAI.
Elon Musk previously had ties to OpenAI; he was one of the company’s co-founders. Musk was involved with the company until he eventually left. Now that xAI is up and going, he has his own AI-focused company.
Be that as it may, he wasn’t done with OpenAI. He filed a lawsuit against the company complaining that it’s basically become a closed-off for-profit company rather than the non-profit firm providing AI for all. He also complained that the company keeps the source code for ChatGPT locked behind closed doors. There are other LLMs with their source code available to the public, so he shined a bad light on OpenAI.
Adding to the complaints, Musk also talked about the company’s close partnership with Microsoft. Rather than being an independent AI company, it’s basically become a subsidiary in his eyes. He feels that the company’s become a profit machine for Microsoft.
In his lawsuit, he wanted to force OpenAI to make its source code free for the public.
But, OpenAI struck back
Elon isn’t the only cat in this fight to bear claws. As a response, OpenAI released some emails basically revealing damning information. They reveal that Elon originally wanted OpenAI to do much of the same thing he’s reprimanding the company for.
There were emails sent back and forth between Musk and other staff that showed that Musk wanted OpenAI to be a sub-brand of Tesla. He wanted OpenAI to benefit from the money that Tesla was generating. This is no different from how OpenAI is benefiting from the money that Microsoft is giving it. Also, Musk agreed that the source code should be kept within the company.
Elon Musk dropped the case against OpenAI
In a surprising turn of events, Musk just dropped the case against OpenAI. According to a new report, he dropped the case just one day before the hearing where the judge would review OpenAI’s request to dismiss the case. So, it’s weird that he timed it like this.
The case was thrown out, but there’s the chance that he could bring the case back. While it would seem unlikely that he would do that, Elon Musk is hard to predict. So, it’s anyone’s guess.
New York has become the latest state to jump on the digital identification bandwagon, joining a handful of others that have already made this technology available to their residents. Governor Kathy Hochul recently unveiled the New York Mobile ID app, which is now available for download on both the Play Store and the App Store, and stated:
We’re thrilled to give New Yorkers access to this cutting-edge technology, which provides convenience and added security for Mobile ID users and those who accept it. Not only will New Yorkers be able to quickly display their IDs, but they will have control over the personal information they share.
Kathy Hochul, New York State Governor
Who is eligible for Mobile ID
Any New Yorker with a valid driver’s license, learner’s permit, or state ID can take advantage of this new digital identification option. While the app’s current functionality is primarily focused on air travel through select airports, including JFK and La Guardia, the state’s Department of Motor Vehicles (DMV) has outlined a process for businesses to start accepting the digital ID. This suggests broader applications for the technology in the future.
How to acquire a New York Mobile ID
Getting your digital ID is a straightforward process, but there are a few things to keep in mind:
Smartphone and Phone Number Required: You’ll need a smartphone with a registered phone number. This number will be linked to your digital ID, and you won’t be able to use the ID on multiple phones simultaneously.
Photos Needed: You’ll need to take pictures of the front and back of your physical ID, as well as a selfie. Don’t worry if your selfie isn’t perfect; the app will use your existing DMV photo.
Verification Process: After submitting your information, you’ll need to wait a few minutes for the DMV to verify your identity. Once this is done, your digital ID will be active and ready to use.
Images credit: Apple App Store
Security and privacy with NY Mobile ID
New York’s digital ID system is designed with security in mind. When a business scans your digital ID, they won’t have direct access to your phone. Instead, you’ll present a QR code or use NFC to establish a secure connection, and you’ll need to authorize any data requests. This gives you control over what information you share, enhancing your privacy.
The future of digital IDs in New York
While the New York Mobile ID is currently limited in its applications, the state has created an open system for businesses to adopt the technology. This could pave the way for wider acceptance in the future. Though the list of participating airports is still small, and there’s no information yet on law enforcement adoption, the free and user-friendly nature of the app could encourage its use in various settings beyond bars and airports.The introduction of New York Mobile ID represents a significant step in the growing trend towards digital identification. As the technology continues to evolve and gain acceptance, it has the potential to streamline various processes and offer a more convenient and secure way to verify identity.
This week marked the release of the monthly Patch Tuesday updates for Microsoft users, rolling out as the June updates. This one is a rather modest bundle with some 50 vulnerability fixes and a few third-party updates. Users must ensure updating their systems with the latest security fixes to avoid potential threats.
Microsoft Patch Tuesday For June 2024 Rolled Out
The Redmond giant addressed 49 vulnerabilities (to be precise) across different Microsoft products with the June 2024 Patch Tuesday updates.
The most important is a critical remote code execution vulnerability, CVE-2024-30080 (CVSS 9.8), affecting the Microsoft Message Queuing (MSMQ) service. Microsoft’s advisory described it as a use-after-free vulnerability, which an adversary could exploit by sending maliciously crafted MSMQ packets to the target MSMQ server to gain code execution privileges.
Alongside patching the vulnerability, Microsoft advised the users to check their systems for it, as it only affects systems with the messaging queuing service enabled.
You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.
Besides this single critical severity issue, all the remaining 48 vulnerabilities have received an important severity rating. These include 4 denial of service vulnerabilities, 24 privilege escalation issues, 3 information disclosure vulnerabilities, and 17 remote code execution flaws.
Some noteworthy vulnerabilities include,
CVE-2024-30064 (CVSS 8.8): A privilege escalation vulnerability that could allow a logged-in adversary to run a maliciously crafted application and take control of the target system.
CVE-2024-30068 (CVSS 8.8): Another privilege escalation flaw allowing a logged-in adversary to gain SYSTEM privileges by running a maliciously crafted application.
CVE-2024-30103 (CVSS 8.8): A remote code execution vulnerability affecting Microsoft Outlook that an authenticated adversary could exploit via the Preview Pane to bypass Outlook registry blocklists and create malicious DLLs.
CVE-2024-30078 (CVSS 8.8): A remote code execution flaw affecting the Windows WiFi driver. An unauthenticated near the target device, with the capability to send/receive radio transmissions, could exploit the flaw by sending a maliciously crafted networking packet.
This month’s updates address no low-severity issues, highlighting the importance of this Patch Tuesday. Hence, users must rush to patch their systems accordingly at the earliest.
Today, HONOR has announced its new 200 series in Europe, which consists of the HONOR 200, HONOR 200 Lite and HONOR 200 Pro. The entire lineup focuses on AI-powered portrait photography, with the partnership that HONOR has started with Studio Harcourt.
The HONOR 200 Pro is the star of this new lineup, with a price of £699, while the HONOR 200 is priced at £499. Pre-sales will start immediately for both models. The HONOR 200 Lite will debut a bit later this Summer.
With the HONOR 200 series, the company has partnered with Studio Harcourt, which is a very popular studio in Paris that takes portraits of all of the big celebrities and politicians. During a pre-briefing last month, I was able to take a tour at Studio Harcourt in Paris and really see what the HONOR 200 Pro is capable of, and let me just say this, it’s pretty incredible. While HONOR is using AI to do portrait photography, it’s actually not needed. With AI turned off, I was still able to capture some incredible portrait shots.
HONOR is also announcing a new collaboration with renowned portrait photographer Rankin. Who is famous for his iconic shots of celebrities, including Queen Elizabeth II, David Bowie, and Kate Moss. This partnership will have further details announced in the coming weeks. HONOR is also announcing that the MagicBook 16 Pro – announced in Barcelona back at MWC – will be launching in some European countries later this Summer.
HONOR 200 Pro sports two 50-megapixel cameras
Now for the specs, the HONOR 200 Pro sports two 50-megapixel cameras on the backside, one being a f/1.9 wide camera and the other being a telephoto camera. There is also a 12-megapixel ultrawide camera, but that’s not being used for portraits. The Studio Harcourt mode uses two 50-megapixel cameras. The HONOR 200 Pro is also able to provide better light sensing capabilities, ensuring clear and true captures of distant objects with exceptional details.
Inside the HONOR 200 Pro is the Snapdragon 8s Gen 3, 12GB of RAM, and 512GB of storage. There is also a massive 5,200mAh capacity Silicon-Carbon battery – the same type of battery used in the Magic6 series earlier this year. Finally, this also uses a 6.78-inch curved 120Hz display with a peak brightness of 4,000 nits.
Onto the HONOR 200, the phone is pretty much identical, aside from the processor – which is a Snapdragon 7 Gen 3. It also has a 6.7-inch display at up to 120Hz refresh rate and 4,000 nits of peak brightness. It also has the exact same camera setup, as well as the same size battery – a 5,200mAh Silicon-Carbon battery. However, HONOR is offering 200 additional SKUs. So there will be an 8GB RAM and 256GB storage model, as well as 12GB/256GB and 12GB/512GB. Obviously, the £499 price is for the 8GB/256GB model.
Finally, the HONOR 200 Lite. With the Lite, HONOR is sticking with the same portrait photography features as the 200 and 200 Pro models. But it is using different cameras. On the HONOR 200 Lite, there is a 108-megapixel main camera with a f/1.75 aperture and High-Res mode available. It also includes a 5-megapixel wide and depth camera and a 2-megapixel macro camera. HONOR also includes a 50-megapixel front camera with a selfie light for some pretty artistic lighting effects. Similar to the other models in this lineup, the HONOR 200 Lite also sports a 6.7-inch display, with 3240Hz risk-free PWM dimming and a peak brightness of 2000 nits. There’s also 8GB of RAM and 256GB of storage. The HONOR 200 Lite is available starting today for £279.99.
WWDC 2024 just happened, and Apple just introduced us to its take on AI called Apple Intelligence. The presentation was impressive enough, but the company didn’t hammer home just how incredible it is. So, Apple released a video showing Apple Intelligence in action.
You will be able to try out Apple Intelligence when the features eventually land on iOS 18. It’s limited to phones from the iPhone 15 Pro on, so if you’re using an older iPhone, then you’re out of luck. In any case, if you want to know how to install the iOS 18 developer beta, you can read our useful guide.
Apple shows off Apple Intelligence in a new video
In case you need any more reasons to know that Apple Intelligence is popular, the video is currently sitting at 3.1 million views, and it’s #44 on Trending. Rightfully so, as Apple Intelligence just check-mated both Gemini and Galaxy AI. Both Google’s and Apple’s on-device features don’t go much further than text generation, translation, and summarization.
However, Apple managed to massage AI into the very core of iOS and deliver an experience much more seamless and unified. Apple Intelligence has the typical slew of text generation and summarization tools as well. You can have the AI rewrite text for you like emails, create a TLDR, outline key points of what you write, etc. This is all stuff that we’ve seen before.
Another thing that we’ve seen before is image generation, but Apple took a less traditional approach to it. With Genmoji, the company allows you to artificially generate emojis to use in chat. The Image Playground is the company’s larger-scale image generation platform. You can use it to generate larger and more detailed images.
Apple Intelligence
So, those are things that we’ve seen already, but what’s new? Well, Siri just got a huge makeover. Firstly, you can speak to Siri more naturally. It will also remember the context of the conversation, so you can have a continuous conversation without needing to repeat details. In fact, Siri will learn about you from a plethora of apps on your phone so you won’t have to train it on information about you.
The AI will also surface the most important notifications to you. This still doesn’t fix the issue that people have with iOS’s notifications, but it’s a step in the right direction.
Those are just a few of the things that Apple Intelligence is bringing. We’re certain that other companies are going to up their AI game in order to compete with it.
Hackers go for Apple due to its massive user base along with rich customers, including business people and managers who use those devices with some important information.
Even with these security measures in place, Apple is a likely target since there will always be risks and the opportunity to obtain valuable information that lures the threat actors.
Recently, CertiK’s CertiKSkyfall team, one of the leading security-focused ranking platforms, discovered that a critical flaw (CVE-2024-27801) in Apple ecosystems lets threat actors gain unauthorized access.
Vulnerability Details
The vulnerability, which was tracked as CVE-2024-27801, has been identified in the low-level implementation of NSXPC, which was found to affect all Apple platforms.
This was a potential security flaw, as attackers might have laundered their applications to access limited services and personal and corporate user data.
With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis
The vulnerability revealed a possible avenue of attack on third-party apps similar in architecture and structure to Telegram.
This has to be addressed since, if exploited then, it would enable cyber attackers to compromise crucial security features together with access privileged control on the impacted devices.
As a result, the attackers could have obtained extensive permissions and control over the services.
This empowers them to run code of their choice on the systems, set up undesirable configurations, or obtain the data stored locally within these services.
Moreover, from third-party applications that shared similar architectures to Telegram, the vulnerability presented a risk of data exfiltration.
The consequences of such a vulnerability are immense. It could have weakened the privacy and security assurances provided by impacted applications, which can demoralize users’ trust and result in diverse risks and dangers for users and businesses.
Besides this, the cybersecurity researchers developed a proof-of-concept exploit that demonstrated the severity of the vulnerability.
The @CertiKSkyfall team identified and collaborated with @Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms.
This vulnerability could have potentially allowed malicious apps to gain unauthorized access to… pic.twitter.com/sjgS1SExF9
Specifically, the proof-of-concept attack was designed to surreptitiously exfiltrate sensitive data from Telegram’s local storage on the compromised device and then transfer the stolen data to a remote server.
The successful execution of this proof-of-concept attack underscored the critical nature of the vulnerability.
Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo
Following days of user pushback that included allegations of forcing a “spyware-like” Terms of Service (ToS) update into its products, design software giant Adobe explained itself with several clarifications.
Apparently, the concerns raised by the community, especially among Photoshop and Substance 3D users, caused the company to reflect on the language it used in the ToS. The adjustments that Adobe announced earlier this month suggested that users give the company unlimited access to all their materials—including materials covered by company Non-Disclosure Agreements (NDAs)—for content review and similar purposes.
As Adobe included in its Terms of Service update:
“As a Business User, you may have different agreements with or obligations to a Business, which may affect your Business Profile or your Content. Adobe is not responsible for any violation by you of such agreements or obligations.
This wording immediately sparked the suspicion that the company intends to use user-generated content to train its AI models. In particular, users balked at the following language:
“[.] you grant us a non-exclusive, worldwide, royalty-free sublicensable, license, to use, reproduce, publicly display, distribute, modify, create derivative works based on, publicly perform, and translate the Content.”
To reassure these users, on June 10, Adobe explained:
“We don’t train generative AI on customer content. We are adding this statement to our Terms of Use to reassure people that is a legal obligation on Adobe. Adobe Firefly is only trained on a dataset of licensed content with permission, such as Adobe Stock, and public domain content where copyright has expired.”
Alas, several artists found images that reference their work on Adobe’s stock platform.
As we have explained many times, the length and the use of legalese in the ToS does not do either the user or the company any favors. It seems that Adobe understands this now as well.
“First, we should have modernized our Terms of Use sooner. As technology evolves, we must evolve the legal language that evolves our policies and practices not just in our daily operations, but also in ways that proactively narrow and explain our legal requirements in easy-to-understand language.”
Adobe also said in its blog post that it realized it has to earn the trust of its users and is taking the feedback very seriously and it will be grounds to discuss new changes. Most importantly it wants to stress that you own your content, you have the option to opt out of the product improvement program, and that Adobe does not scan content stored locally on your computer.
Adobe expects to roll out new terms of service on June 18th and aims to better clarify what Adobe is permitted to do with its customers’ work. This is a developing story, and we’ll keep you posted.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.
