The most interesting security related news of the week from May 8 till 14.
Last week on Malwarebytes Labs:
Stay safe!
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Spotify is now available in more regional languages. The company announced on Monday that it has added support for 11 new languages to its app. These include Arabic (Egypt), Arabic (Morocco), Arabic (Saudi Arabia), Basque, Bosnian, English (UK), Galician, Macedonian, Spanish (Argentina), Spanish (Mexico), and Traditional Chinese (Hong Kong). The latest additions take the total number of supported languages to 74.
Spotify is one of the most popular music streaming platforms around the world. In fact, it is the largest music streaming service globally by market share. The company offers a vast library of music and is rapidly expanding its podcast collection. But the music library may not be the only factor driving its popularity. Spotify’s wide availability and support for regional languages is something that not many others match currently.
The app was available in 27 languages at launch. In March 2021, the company added support for 36 new languages, including a host of languages spoken in various parts of India. This expansion came around the same time Spotify announced plans to launch the app in more than 80 new markets across Asia, Africa, the Caribbean, Europe, and Latin America. As Spotify arrives in more markets, the company is now also adding support for more regional languages.
“This expansion will unlock an even more personal experience for our users, giving them the ability to access Spotify in their native or local tongue,” the company said in a press release announcing the rollout of new languages. “And the more people who can use Spotify, the more connections we can foster between creators and their audiences”. You can find the full list of Spotify’s supported languages here.
Coinciding with the latest language expansion, Spotify is testing a new UI on the web. It is replacing the plain sidebar with a richer and expandable sidebar that lets you quickly access your playlists, podcasts, and more. The main section also gets a redesign with cards featuring rounded corners (via).
As of this writing, Spotify hasn’t officially announced this redesign of its web client. The new UI also appears limited to select users. The company is probably testing this update among a small group of users and may roll it out to everyone in the coming weeks. Meanwhile, if you want to use the Spotify app in one of the newly-added regional languages, check for an update for the app. You can click the button below to download the latest version of Spotify from the Google Play Store.
The Snapdragon 8 Gen 3 is expected to arrive later this year, and it will allegedly be an “excellent SoC”. This information comes from Ice Universe, one of the most prominent tipsters out there.
He went to Twitter to say that, and also share some details about the processor itself. The Snapdragon 8 Gen 3 will allegedly use a 1+5+2 setup, so it will be an octa-core CPU. The Adreno 750 GPU will be in charge of graphics processing.
The tipster also says that the performance “has been greatly improved”. In other words, it will be a better performer than its predecessor. Ice Universe also mentioned that you’ll get 10MB of L3 cache here.
To wrap things up, the tipster said the following: “This generation will maintain the overall energy efficiency of 8Gen2”. That is great, as the Snapdragon 8 Gen 2 is a very efficient processor.
The Snapdragon 8+ Gen 1 and Snapdragon 8 Gen 2 turned out to be outstanding. If what Ice Universe says is true, the Snapdragon 8 Gen 3 will be as well. It’s nice to see that Qualcomm found its footing, following the not-so-great Snapdragon 8 Gen 1.
This processor, needless to say, will be utilized by a ton of companies. The Snapdragon 8 Gen 2 is included in the vast majority of proper streamlined flagship smartphones this year. The same will likely be the case with the Snapdragon 8 Gen 3, but next year.
The Snapdragon 8 Gen 3 could actually arrive sooner than expected. The Snapdragon 8 Gen 2 launched on November 16, while the Snapdragon 8 Gen 3 is tipped to arrive in late October. That would be rather early considering what happened in previous years, but there you go.
Qualcomm is also rumored to skip the Snapdragon 8+ Gen 2 entirely. The company usually launches two flagship processors a year, but the Snapdragon 8 Gen 2 is so great that the Snapdragon 8+ Gen 2 is completely unnecessary, it would seem.
Meta is introducing a new “Chat Lock” feature for WhatsApp to assist customers in securing their conversations.
“We’re excited to bring to you a new feature we’re calling Chat Lock, which lets you protect your most intimate conversations behind one more layer of security,” WhatsApp stated in a blog post.
Over two billion people around the world now use the WhatsApp video calling and instant messaging network, according to Meta.
When someone writes you when a chat is locked, the sender’s name and the message’s content will also be concealed. The new functionality lets you password-protect your most private conversations and keep them in a separate folder.
“Locking a chat takes that thread out of your inbox and puts it behind its own folder that can only be accessed with your device’s password or biometric, like a fingerprint. It also automatically hides the contents of that chat in notifications, too”, the company said.
Features to note:
By tapping the name of a one-on-one or group conversation and selecting the lock option, you can lock it. Pull down your inbox gently and input your password or biometric to reveal these chats.
“We believe this feature will be great for people who share their phones from time to time with a family member or in moments where someone else is holding your phone at the exact moment an extra-special chat arrives,” the company added.
The Meta-owned firm wants to expand Chat Lock’s capabilities, including locks for companion devices and the ability to create a customized password for your chats, allowing you to use a password distinct from the one you use for your phone.
Although WhatsApp provides end-to-end encryption, it is ineffective when someone has unlocked your phone and can read your messages. In these cases, the new functionality adds an extra degree of security.
The new feature arrived just a few weeks after WhatsApp made a few changes to its platform regarding polls and sharing.
As part of these upgrades, you can now build single-vote polls, which means you can run a poll where users can only vote once. You can directly forward media with captions when sharing.
Struggling to Apply The Security Patch in Your System? –
Try All-in-One Patch Manager Plus
Paying the ransom and not saying a word about what happened is what cybercriminals would like us all to do.
The UK’s National Cyber Security Centre (NCSC) has published an article that reflects on why it’s so concerning when cyberattacks go unreported, saying:
…we are increasingly concerned about what happens behind the scenes of the attacks we don’t hear about, particularly the ransomware ones.
One of the main reasons is that with visibility, it is easier to get a good picture of what is going on, what methods the criminals are using, and maybe even who they are. Another argument is that paying the ransom and keeping quiet about the fact that you have been attacked has a few negative consequences:
Depending on the country an organization is based in, whether they handle data under GDPR regulations, whether they are a government contractor, what sector they are active in, or whatever other reasons, some organizations have a legal obligation to notify one or more authorities about a cyberattack.
This has led to some misconceptions in the past. For example, for some time researchers were under the impression that SamSam ransomware, one of the earliest “big game” ransomware gangs, specifically targeted healthcare providers. Later it turned out that most of its victims were in the private sector, but because a lot of the healthcare victims were obliged by law to report the attacks and none of the private sector victims were, the reported incidents painted a skewed picture of what was actually happening.
There are some obvious reasons why organizations would want to keep attacks under wraps. One of them is the fear of the fines involved in a data breach. Some ransomware gangs actually use these fines as an argument to persuade victims to pay a ransom. The NCSC provided an example of a ransomware message that stated:
The ransom demand is £50 million. If you pay, you’ll avoid a regulator fine of £600 million which is 0.5% of your annual profit.
The NCSC goes on to say that a data leak isn’t the only reason for a fine, and you won’t always be fined if data is leaked. From what we have seen, trying to cover a data leak up and then getting exposed later on, will drive the penalty to the max.
The stats in our monthly ransomware reports are based on known ransomware attacks, published by ransomware gangs on their Dark Web sites and Telegram channels. This means we only have visibility on successful attacks where the victim refused to pay. Estimates by experts like Allan Liska are that this is just the tip of the iceberg. We might be seeing only 10% of what is really going on. While there are no reasons to believe that this could change the proportions, in some cases it might.
Basically, the NCSC is asking victims to do the right thing and allow us to learn from successful attacks, which can help others to avoid falling victim to the same methods. We do understand that some organizations feel they have no other choice but to pay. But even then, investigate the incident and share your findings so others may learn.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Samsung has released the May 2023 update for a couple of premium mid-range smartphones from 2021. The Galaxy A52s 5G and Galaxy A72 follow the Galaxy A52 to the latest security update party. The new SMR (Security Maintenance Release) has been already rolled out to dozens of other Galaxy devices.
The May SMR for the Galaxy A52s 5G is currently available in a handful of countries in Latin America. Users in Mexico are getting this update with the firmware build number A528BXXS3EWD5. That for users in Bolivia, Peru, Brazil, Uruguay, Colombia, and Paraguay is A528BXXS3EWD4. The update doesn’t seem to bring any new features or improvements. Samsung is only pushing the latest security fixes to the device. A global rollout should follow in the coming days. The Galaxy A52s 5G wasn’t released in the US.
The latest security update is also available to the Galaxy A72 in Latin America. The rollout began recently with the firmware build number A725MUBU5DWE1 in Argentina. The build number suggests the update contains more than just the latest security fixes. Maybe it brings One UI 5.1. Unfortunately, Samsung hasn’t yet added this release to its update tracker. So we can’t confirm anything. We expect the update to reach more markets in the coming days. Like the Galaxy A52s 5G, this phone also didn’t arrive in the US.
As usual, you will receive a notification once this update becomes available for your Galaxy A52s 5G or Galaxy A72. You can also manually check for updates from the Settings app. Go to the Software update menu and tap on Download and install. If an update is available, you will be prompted to download it. But if you don’t see any pending OTA (over the air) update today, wait a few days and check again. The May SMR contains fixes for more than 70 security flaws, including at least six critical issues across the Galaxy family.
Samsung released the Galaxy A52s and Galaxy A72 in September and March of 2021, respectively. Both devices came running Android 11 out of the box. They have since picked up updates to Android 12 and Android 13. Based on Samsung’s update policy, they should get one more major Android OS release. So the Android 14 will probably reach the two premium mid-range models. The rollout is expected to begin later this year but the Galaxy A52s and Galaxy A72 may not receive it until next year.
Most people got introduced to Androids when they were watching Dragon Ball Z and knew them as robots that looked like humans. Even though that’s the main definition of the word, times have changed, and it now stands for phones that use an Android operating system.
Always battling for the top spot with iPhones in all aspects, there’s been a general debate that Android security pales in comparison. Most of the world uses Android, so let’s look at the future and how tomorrow’s threats can be defeated today.
Based on the most recent data, there are 3.6 billion people using Android devices, and there are more than 24000 different devices. It’s the Windows of mobile. This operating system is straightforward to code, open-source, and extremely widespread. Thus, making it the prime target for cyber attackers and hackers. Phishing attacks, data breaches, viruses, and malware are much more prevalent than the iPhone.
However, there’s a reason for that. There are only 14 models of the iPhone, but Android devices come in all shapes and sizes. Different manufacturers can play with the hardware and the software, making patching nearly impossible. Even when an update is released, most people ignore it, leading to even more security breaches.
Of course, this doesn’t mean they aren’t safe to use. Two-factor authentication, encrypted data, antiviruses, VPNs, and biometric authenticators added multiple layers of protection, which raised the level of security and decreased malicious content and apps by a large margin.
The most significant part of Android is that it evolves rapidly. For example, artificial intelligence and machine learning can bulletproof this operating system’s security level. Most people are familiar with ChatGPT, but that’s only one piece of the technology. Machine learning algorithms can be trained on attacks that happened in the past and churn out new models that have much better protection. Not only that, AI can identify the patterns of user behavior and analyze them.
Now, here’s where it gets really interesting. Your phone could become a companion that recognizes when someone else is using the device. It will be trained on your typing speed to know whether it’s you using messaging applications. Your finger movement is unique, which can be tracked and used to see whether the phone is being used by someone else. These subtle cues are much stronger than a regular password.
Apart from artificial intelligence and machine learning, there’s blockchain technology. Hackers won’t be able to steal data or tamper with it because new storage systems could be added to keep everything in a decentralized manner. Medical records, transactions, and other sensitive data will be kept securely, meaning that even if a hacker gets a hold of a device, they won’t be able to find what they’re looking for.
The diversity of Android models and devices is both a blessing and a curse. Billions of people have an easy and affordable way to use the internet. But not all of them have the necessary knowledge to protect themselves from threats. A consistent security solution is nearly impossible because some devices are outdated, and users would need to replace them with newer models.
Next on the list is the number of existing applications that get deployed daily. Cybercriminals are always trying to attach malware to applications in the Play Store, which can exploit the data of those who download them. Of course, Google is well aware of the problem, and they’ve deployed Play Protect, App Signing, and stricter requirements for apps. But, there are still cracks where malware can pass through.
Rule number one is to always download applications from the Play Store. Don’t root your phone and install APKs that can compromise your device. When you drop the shields and firewalls, it’s easy for an unsuspecting app to spy on you.
Most people bring their phones when traveling and connect to every possible internet source. Unless you’ve got a VPN, don’t use public Wi-Fi. Hackers can make fake hotspots to breach your device and steal your data.
The same thing’s true at home. Your smart TV is probably unprotected while connected to your router. Use a VPN for Android TV and any other IoT device to ensure no prying eyes start spying on you.
Furthermore, whenever you see a software update, download and install it immediately. The five minutes it takes to reboot your device also enhances the operating system and ensures you’re protected against the newest attacks. You might hit snooze on your alarm, but don’t hit the snooze on an update!
Finally, don’t use your social media accounts to log into apps. The good, old-fashioned way of entering an email is much better than a one-click login with your Facebook. There’s one reason for that. If your device gets hacked, all your friends and family will likely be too. Launching a phishing attack when someone has your account will be incredibly easy because no one will doubt whether it’s you.
Even though it’s tempting to ditch your Android because of security reasons, the main culprit behind a breach is user behavior. If you follow all the cybersecurity norms and tips, you’ll be completely safe from prying eyes, hacks, and malware. Take care of your devices so that they can care for you!
WhatsApp, the popular instant messaging app, has released a new beta version for Android – version 2.23.10.13. This latest update brings several new features and improvements to the app, including the ability to edit sent messages for some select users.
The key feature rolling out with this update would allow users to edit messages they have already sent. This feature has been highly requested by WhatsApp users for some time, as it would give them the ability to correct mistakes or clarify unclear messages that were perhaps sent accidentally.
Image Source – WABetaInfo
Not all users enrolled in the WhatsApp Beta Program are currently able to test this feature, as it appears to be rolling out to only a certain amount of users, suggesting a staged rollout. Hopefully this won’t take long to roll out to the stable version of WhatsApp, as I anticipate it would likely be welcomed by many users. However, it remains to be seen if and when the feature will become widely available to all.
There has been a shift in threat actor behavior in recent years. Observations by threat researchers showed a peak in their change of activities.
Ever since, Microsoft disabled macros by default, which was extensively exploited by threat actors and paved the initial way for ransomware attacks.
In October 2021, Microsoft announced they would block XL4 and VBA macros by default for MS Office users, which was rolled out in 2022. Proofpoint analysis and report showed how threat actors experimented with payload delivery, old file types, and unpredictable attack chains.
As per the reports from Proofpoint research conducted between January 2021 and March 2023,
There has been a downslope in campaigns using macros. Compared to 2021, macros-based campaigns have reduced by up to 66% in 2022. There has been minimal usage of macros-based campaigns in 2023.
Alternatively, ISO attachment-based campaigns were adopted initially, which bypasses the macros restriction, which works around the mark-of-the-web (MOTW) attribute restriction. However, it was fixed by Microsoft in November 2022.
In addition, HTML smuggling, PDF-based campaigns, and OneNote explosions were several other methods that threat actors adopted.
According to February 2023 campaigns, nine different attack chains are followed by threat actors currently.
A Complete detailed analysis of the report has been published by Proofpoint, which shows various techniques and methods used by threat actors.
Users must be aware when downloading or opening any malicious attachments and be vigilant about these threat actors.
Struggling to Apply The Security Patch in Your System? –
Try All-in-One Patch Manager Plus
We take a look at the slow introduction of programming language Rust into the Windows 11 kernel in an effort to make it more memory safe.
Some important changes are heading to Windows which should make the operating system quite a bit more secure than it is now. At the end of April, Microsoft’s VP of OS Security and Enterprise referenced upcoming changes to Windows involving the programming language Rust.
Rust matches the performance of languages like C and C++ while being easier to debug and maintain, and—most importantly—memory safe. It is highly desired by some programmers—you can see his excitement in the below talk from Blue Hat IL 2023:
At the time, he cautioned that “rewriting Windows in Rust isn’t going to happen anytime soon”. However, he also mentioned that Rust would be making an appearance in the operating system’s Kernel “in the next several weeks or months”.
That moment has now arrived for folks on the Windows 11 Insider program:
If you’re on the Win11 Insider ring, you’re getting the first taste of Rust in the Windows kernel! pic.twitter.com/uyZkK2vRLY
— Mark Russinovich (@markrussinovich) May 10, 2023
Why is this such good news? Well, the kernel is the core component of a computer operating system and is crucial to how it functions. It’s one of the first things to fire up when a computer is switched on, and then it sits in memory permanently, mediating between the computer’s applications and hardware.
If an attacker successfully compromises a kernel, they can expect to have full control over the device it’s running on, which is of course very bad indeed. These issues aren’t just Windows specific—you can end up with a kernel disaster on a Mac, or over in Linux land, too.
A big part of kernel exploitation is focused on memory management. Traditionally, the most popular coding languages for kernels have been C and C++, which provide excellent performance and lots of flexibility, and a lot of rope to hang yourself with when it comes to security. When people with bad intentions stroll into town, one of the key places they prod around is in the realm of memory. Bugs and errors in this area can lead to exploitation, and making the memory unstable can cause malfunctions or allow for malicious code.
A huge part of this is the dreaded buffer overflow attack, which has been around since the 1970s. This is when data written to a buffer spills out and overwrites nearby memory. When the system’s memory is tampered with in this way it can lead to all manner of exploitation.
Despite endless attempts to get programmers to write more secure code, improvements to the underlying languages, and mitigations like Windows Address Space Layout Randomization (ASLR), buffer overflows continue to be a huge problem. The only way to root them out completely is to switch away from C and C++ to a memory safe language like Rust that can manage memory automatically.
This approach has already proven to be more reliable than hoping programmers will do the right thing: The adoption of memory safe languages in Android, which predates Windows by several years, has lead to signficiant decline in memory safety vulnerabilities on that platform.
According to Google, in situations where Rust has been used on low-level Android components instead of C++, there have been “zero memory safety vulnerabilities discovered.”
The work of switching out C++ for Rust in Windows 11 has already begun. As per The Register, the Microsoft Windows graphics interface device is currently being ported to Rust to the tune of 36,000 lines of Rust code, and there’s a system call (SysCall) in the Windows kernel right now which is implemented in Rust.
While the “wouldn’t it be nice” dream of replacing all pieces of C and C++ in Windows with safer, better alternatives is likely impossible, big and important strides in memory safety are finally being made. What we have here is yet another good reason to finally make the leap from Windows 10 to 11.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.