iPhone 15 & iPhone 15 Plus may feature frosted back glass

andreasc
-
0
iPhone 15 & iPhone 15 Plus may feature frosted back glass
[ad_1]

According to a new rumor, the vanilla iPhone 15 models may feature frosted back glass. That goes for the iPhone 15 and iPhone 15 Plus, of course. This “feature” may trickle down from the ‘Pro’ models.

The iPhone 15 & iPhone 15 Plus may get frosted back glass, just like the ‘Pro’ models

This information comes from the same source that accurately leaked that iPhone 14 models will arrive in a yellow color, reports MacRumors. The thing is, the Weibo post has been deleted since, so take that as you will.

The vast majority of people prefer frosted glass over the glossy finish, mostly due to fingerprints. It simply looks cleaner if you don’t have the tendency to wipe down your phone all the time.

If this ends up happening, the iPhone 15 and iPhone 15 Plus will look more similar to the ‘Pro’ models than ever before. Not only will they have frosted backplates, but also the Dynamic Island cutout.

The thing is, the ‘Pro’ models will still have more cameras on the back, thinner bezels, and on top of everything, a titanium frame, if rumors are to be believed. So you’ll still be able to figure out which is which with ease.

New colors are also tipped

Now, in addition to the frosted backplate, we may also see some new colors, based on this report. The iPhone 15 and 15 Plus are said to arrive in a new cyan and green blend, that will allegedly resemble the Mint Green variant of the iPhone 12.

The iPhone 15 Pro models, as some of you already know, are said to launch in a new Dark Red variant. So, chances are we won’t see the Deep Purple color anymore, as that one was exclusive to the iPhone 14 Pro models.

All iPhone 15 devices are expected to arrive in September, which is when Apple usually announces its smartphones. It’s also worth noting that all four phones will include Type-C ports this time around, which is a first for iPhones. The Lightning port is becoming a thing of the past.


[ad_2]
Source link

Used Routers Fully Loaded With Corporate Secrets for Just $100

andreasc
-
0
Used Routers Fully Loaded With Corporate Secrets for Just $100
[ad_1]

Researchers at ESET found that hardware on resale in the market consisted of highly confidential information such as IPsec or VPN credentials, hashed root passwords, and much more.

Second-Hand sales of computing equipment have been in place ever since the introduction of computers and their hardware parts.

Every company relies on its managed service providers or e-waste contractors for the decommissioning procedures.

Unfortunately, this equipment, like corporate routers or any other network managing devices, did not have great decommissioning and wiping procedures, which led to the disclosure of confidential information.

EHA

Researchers also mentioned that this highly classified corporate information equipment was resale for just $100 – $150.

Threat actors who plan to attack the infrastructure can get this information for just $100, which they can use for planning an attack.

Another overwhelming fact is that this equipment was sometimes owned by organizations that include cloud computing businesses or data centers, who must be aware of how to wipe this information during decommissioning of the equipment.

According to the report, the information that was revealed during the analysis included,

  • Customer data – 22%
  • Data of Third-party connections to the network – 33%
  • Credentials for connecting to other networks as a trusted party – 44
  • Connection details for specific applications – 89%
  • Router-to-router authentication keys – 89%
  • IPsec or VPN credentials, or hashed root passwords – 100%
  • Data to identify the former owner/operator – 100%

The report also mentioned that it was hard for the researchers to contact the companies whose data had been exposed in the analysis.

Most of this data exposure is due to human error, which could lead to a potential data breach.

Equally concerning was the difficulty the team experienced during the disclosure process when attempting to contact the companies concerned, to disclose that our researchers were in possession of a device with the company’s sensitive network configuration data.” reads the report published by ESET.

ESET used 18 routers for testing and analytic purposes. The list of routers used for analysis by ESET researchers is given below

In these routers, accessible were several network configuration data were extracted by the ESET research team. The data is given in proportion to the data extracted.

Network Configuration DataNumberPercentage
Complete Configuration Data available956.25
Wiped Properly531.25
Hardened212.5
Dead (no recoverable data1N/A
Second Device in Mirror pair1N/A

Source: ESET

Companies that were identified during the analysis and details of their type of business and revenue are listed below.

VerticalReachEmployeesRevenue (US$, M)
Light Manufacturing/supplierDirect data services, as well as managed MSP services for the region5-505-25
LegalNationwide (US) law firm50-1005-25
CreativeProducts/subassemblies integrated into larger companies’ products100-50025-100
Services multiple tiers one, household brand companiesMultinational Technology Company100-50025-100
MSPManages fintech companies100-50025-100
Open-source softwareHas over 100 million users, worldwide100-500500-1000
EventsOperates trade shows and equipment rentals1000-500025-100
Multinational Technology companyGlobal data company10000+1000+
TelecomsThis was CPE (Customer Premises Equipment) for a transportation company10000+1000+

Every organization needs to decommission any computing equipment and have a clean wiping procedure before making the computing equipment available to the resale market.

Network Security Checklist – Download Free E-Book

Also, Read

HiatusRAT Malware Attack Routers to Gain Remote Access & Download Files

Multiple Flaws in Cisco Small Business Routers Allow Remote Attackers to Execute Arbitrary Code

Russia Based Cyclops Blink Malware Targeting ASUS Routers Models

FritzFrog Botnet Targeting SSH server, Data Center Servers, and Routers


[ad_2]
Source link

Malware authors join forces and target organisations with Domino Backdoor

andreasc
-
0
Malware authors join forces and target organisations with Domino Backdoor
[ad_1]

We take a look at a malware collective pushing a set of Domino malware files.

There’s a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called “Domino”, is the brainchild of FIN7 and ex-Conti ransomware members.

Domino has been seen in attacks since at least February 2023 according to researchers at IBM Security Intelligence. Domino is being used to further the spread of backdoors like Cobalt Strike and information stealers such as Project nemesis.

This specific group has previously been seen making use of a malware loader called “Dave Loader”, serving up a variety of well known files like IcedID (a modular banking trojan) and the infamous Emotet. The latter, another banking trojan which branched out into delivering additional malware files, was most recently seen in an IRS themed spam campaign. As the IBM researchers note, both of these are often used as a starting point for ransomware attacks.

Recently, the Dave Loader attacks have been observed including what has now come to be known as Domino files, and the Domino Backdoor in particular. Along with gathering “basic system information”, it receives an encrypted payload once the initial system data has been sent to the command and control center.

The file placed on the target PC was found to be similar enough to the original Domino Backdoor that it’s been named the Domino Loader. This Loader drops a payload called Nemesis Project, a .NET infostealer.

This “project” stealer has been around for a couple of years now, and tries to grab data from numerous browsers and applications including gaming platforms, VPNs, and cryptocurrency wallets. The researchers note that the stealer in question was originally advertised on forums with a sale price of $1,300 and in terms of data theft, the author of the file has this to say:

  • Collection of data from Chromium browsers (passwords, cookies, bookmarks, history)
  • Collection of data from Gecko browsers (cookies, passwords, history)
  • Grabbing links from the desktop
  • Collection of system information in HTML format
  • Telegram sessions
  • Collection of Discord tokens

It can also be set to block startup inside of a virtual machine (often used to test malware files), lock the startup if found to be running in a CIS country, and self-delete after sending the stolen data. Alongside all of this, Nemesis comes with a control panel, operated online, where the data can be accessed. All in all, it’s not something you’d want lurking on your network.

Bleeping Computer highlights that many ransomware groups and malware authors often work together, as it’s frequently an easier way to get a head start on compromising a network. The constant mashing up of files and intrusion tactics makes it harder for organisations to get to grips with the latest wave of attacks and also keeps security researchers on their toes. This current campaign is, sadly, no different.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Twitter now label tweets that violate its hateful conduct policy

andreasc
-
0
Twitter now label tweets that violate its hateful conduct policy
[ad_1]

Twitter announced it would label and limit the visibility of tweets that violate the platform’s Hateful Conduct policy, Engadget reports.

Since Elon Musk’s takeover, Twitter has been in a dilemma about whether it should allow every form of content or remove the materials considered hateful. After months of trying different methods, the platform is now adding a label to tweets violating hateful speech policies.

The restricted tweets aren’t removed from the platform, but their visibility is limited. Users also have the chance to learn why the tweet is limited by tapping on “Learn More” and reading the company’s policies.

Additionally, if a tweet is restricted by mistake, users can appeal. They would have to wait for a revision by Twitter though, which might take some time. Twitter clearly states that sending feedback doesn’t guarantee a response or tweet restoration.

 

Hateful tweets on Twitter now get a label with limited visibility

According to the company’s announcement, the tweets with these labels will be less discoverable on the platform, and no ads will be placed adjacent to them. Also, Twitter believes these labels can bring a “new level of transparency to enforcement actions.”

Imposing labels on so-called hateful content allows Twitter to keep its freedom of speech promises while preventing hateful materials from spreading across the app. The labels could also shed more light on Twitter’s content moderation policies. Letting users know why their content is restricted.

The Advocacy groups, however, objected to the decision, arguing that the offenders could remain on the platform. Of course, Twitter already said users could be banned if identified as “bad actors.” The new policy could also affect advertisers’ decisions to run ads on the platform.

Twitter was recently renamed X Corp to be a part of Elon Musk X-branded companies like SpaceX and X.AI. Yet, the billionaire’s plans for the platform remain to be seen. But Musk has recently ventilated the idea of an “everything app” called “X,” which might affect Twitter’s future.


[ad_2]
Source link

Bing AI and Google Bard aren’t proper ChatGPT alternatives

andreasc
-
0
Bing AI and Google Bard aren’t proper ChatGPT alternatives
[ad_1]

Of all the alternatives to ChatGPT, Google Bard and Bing AI are some of the most powerful chatbots out there. Having tested both of them, I can say that they walk the line between impressive and downright scary in their capabilities. They seem like proper stand-ins for ChatGPT… except they’re not. [Disclaimer: We know that Bing AI is based on ChatGPT. However, Microsoft made considerable alterations to it. It’s basically a different chatbot entirely. You can learn more if you click here.]

On the surface, that wouldn’t really seem like the case. All three of them can perform some insane AI wizardry that makes us fear Skynet. If you’re looking for simple encyclopedia information, tips/advice, or bits of code, any one of them will suit you just fine. They’re basically indistinguishable from one another in that respect.

Once you start digging beneath the surface, you begin to see certain differences between, not only the capabilities, but the underlying mentalities between ChatGPT and the other two chatbots. These differences are such that you won’t find yourself deleting ChatGPT from your bookmarks in lieu of the others.

Why Bard and Bing AI aren’t proper ChatGPT alternatives

So, regardless of what chatbot you use, you’ll have a ton of power at your fingertips. As stated before, you can type in a query to get pretty much anything. Google Bard and Bing AI excel at digging up information from the web- obviously, they’re tied to massive search engines.

You can also generate short stories, bits of code, scripts, and so on. So, what’s the big deal? Well, it has a lot to do with the core mentality behind these chatbots. OpenAI crafted ChatGPT for the purpose of pushing AI forward. It’s a ship charting the open seas.

With that comes the incentive to make ChatGPT the best and most-featured chatbot on the face of the planet. I could get a sense of that while testing it out. This goes beyond serving up information. It’s able to generate a wide range of content, and it’s meant to do so in a conversational manner.

Google Bard and Bing AI are soldiers at birth

So, that’s what ChatGPT is, but what is Bing AI? It’s Microsoft’s attempt to battle Google in the search engine market. What is Bard? It’s Google’s attempt to keep Google Search from going under. The mentality behind these two chatbots is more competitive and urgent.

Microsoft jumped on ChatGPT to push Bing to new heights, not artificial intelligence. As for Google, the company brought Bard to the public as a response to ChatGPT. Both Bard and Bing AI are soldiers at birth to battle some assault on their respective companies. That’s very different from ChatGPT.

This is evident in how these chatbots present their responses. Bard and Bing AI primarily exist to serve you search results, pull facts, and keep you on the search engines.

At this point, Bing AI is the biggest example of this. When you type in certain responses, it will actually perform a Bing search to deliver results. There were times in my testing when it would pull up search results that I could click on. For example, I asked it for advice on how to swaddle a baby, and it gave me search results for baby blankets. That sling-shots you over to using the Bing search engine.

Right now, Google Bard isn’t heavily tied to Google search, but there is a Google It button at the end of each of the responses. At the time of this writing, Bard is still in the testing stage, so it still remains to be known how Google’s going to further advance it.

Falling short

So, Bard and Bing AI are champions when it comes to pulling information from the ether, but that’s not the only reason why AI chatbots are such a hot topic. It’s about what they can produce. While morally shaky, people can produce all sorts of content with these three chatbots.

While you can generate written content with Bard and Bing AI, ChatGPT beats them by a long shot. I asked Bard to write a review of the Pixel 7 Pro, and it gave me a rundown of the specs with a little bit of filler text.

ChatGPT, however, attempted to make it an actual review with a proper introduction, conclusion, and opinions. Also, it also added some humanizing text like “The Pixel 7 Pro’s camera is where the device truly shines” and “the Google Pixel 7 Pro is an excellent device that checks all the boxes for a flagship smartphone.” Bing AI didn’t even write a review.

This is the main theme that pervades most of the other tests that I performed. I asked all three chatbots to write a script about a couple who goes through a tornado warning. ChatGPT’s was the longest and it had the most developed lines. It’s also the only chatbot that could actually write a eulogy.

I even sparked up a casual conversation with all three, and ChatGPT is the one that stayed on topic the best. If I type something like “I had a great day today”, ChatGPT would ask why it was great. BingAI and Bard would say something along the lines of “That’s great to hear… ok next topic.”

Basically, all of these chatbots use artificial intelligence, but ChatGPT’s is more, well, intelligent.

Each chatbot has its purpose

So, Google Bard and Bing AI are two powerful chatbots with a lot to offer, but their purposes were written even before the first bits of code were being put together. They’re meant to help their companies fight for dominance in the tech industry and not much more. Thus, they’re heavily optimized to be search engine counterparts, not digital Swiss army knives.

As time passes, Google Bard and Bing AI will, indeed, become more advanced, but the core mentality driving the and them developers will always be market dominance. Because of this, they just aren’t proper replacements for ChatGPT.


[ad_2]
Source link

Endpoint security at your fingertips

andreasc
-
0
Endpoint security at your fingertips
[ad_1]

IT security on the go.

If you’re on the beach sipping piña coladas, the last thing you probably want to do is rush to your desktop and address a critical security issue.

And yet, this is the reality for many IT security professionals today. Regardless of the time or current location, security pros are expected to drop everything at a moment’s notice and swoop in to save the day.

But being tethered to a desktop workstation can blur the boundaries between work and personal life. This inflexibility not only leads to additional stress and pressure on IT professionals, but also can delay response times as they scramble back to their workstation to put out fires. Even just taking a break is hard without the fear of leaving the system unattended.

Enter the Malwarebytes Admin app.

Designed as a companion to the Nebula console, the mobile app now allows administrators to manage alerts and perform essential tasks right from their iOS devices. No more being tied to a computer–you can now handle incidents and execute administrative functions wherever you are.

So sit back, relax, and enjoy an interrupted piña colada as we will delve into the key features of the Malwarebytes Admin App.

Getting started: Setting up the Malwarebytes Admin app

  1. Download the Malwarebytes Admin app from the App Store. It is available for free for all Nebula users.
  2. Log in with your Nebula console credentials. The app is accessible to users with admin or read-only privileges on the Nebula console.

‎NOTE: Malwarebytes Admin is an enterprise solution intended for IT admins. Malwarebytes Admin will not operate on your device without the required license for Nebula.

Navigating the app: Dashboard and features

Once logged in, the first screen you will see is the Dashboard.

Here, you can quickly assess the protection status of all endpoints, view detections by type, and view your license usage.

Managing endpoints: Endpoint list and actions

The Endpoint List displays all the endpoints you are managing.

The badges let you know which endpoints need immediate attention. The list can be filtered by status, OS, OS version, group, or policy, and you can search for specific endpoint names.

Selecting the “Actions” button lets you take various actions on the chosen endpoints, such as scanning, isolating, updating agents, checking for updates, and remediating endpoints.

Viewing endpoint information

Tapping on a specific endpoint allows you to view its general information, such as host, location, operating system, and network interfaces.

Adding users

With the Malwarebytes Admin app, you can add new users to the console by sending email invitations. You can assign roles (Super Admin, Admin, Read-only), add users to existing groups, delete users, resend invites, and edit user roles or group membership.

Future developments

While the Malwarebytes Admin app currently offers a wide range of features, there are some functionalities reserved for future updates. For example, while the app is only available for iOS right now, an Android app will be coming out soon. Additional features include detailed information on detections, push notifications on alerts, and more.

A game changer for IT security professionals

There’s no question that having to be attached to a desktop when managing threats and challenges faced by IT security professionals can exacerbate the stress they experience daily. That’s why we released the Malwarebytes Admin app, a game-changer for endpoint security management.

No more having to make a beeline out of the bathtub to resolve critical alerts. Receive instant notifications on your phone and quickly review, investigate, and resolve issues in just a few taps.

Download the app today and experience the convenience of having the power of Nebula right in your pocket!

GET THE MALWAREBYTES ADMIN APP 


[ad_2]
Source link

Galaxy Z Fold 4 & Flip 4 widely getting April update in the US

andreasc
-
0
Galaxy Z Fold 4 & Flip 4 widely getting April update in the US
[ad_1]

Samsung has released the April 2023 Android security patch for the carrier-locked versions of the Galaxy Z Fold 4 and Galaxy Z Flip 4 in the US. The update started rolling out recently and should reach all eligible units of the 2022 foldable duo within the next few days.

The Galaxy Z Fold 4 and Galaxy Z Flip 4 were the first Samsung phones to receive the April SMR (Security Maintenance Release) in the US. The company pushed the latest security update to the factory-unlocked versions of the two foldables about a couple of weeks ago. The update arrived with the firmware build numbers F936U1UES2CWC9 and F721U1UES2CWC9, respectively.

Since then, the Korean firm has updated dozens of other Galaxy devices to the April SMR in the US. However, users with a carrier-locked Galaxy Z Fold 4 or Flip 4 have been waiting for it all this while. Samsung has finally released the new security patch for those units. The updated firmware version for the Fold model is F936USQU2CWCC, while that for the Flip model is F721USQU2CWCC.

The wait has turned out to be worth it for carrier-locked Galaxy Z Fold 4 and Flip 4 users, though. Along with the latest security fixes (more on that later), Samsung is also pushing some functional improvements for the camera and gallery with this update. Unlocked units didn’t receive anything apart from the April SMR. They will probably pick up these goodies with the May update.

While Samsung’s changelog doesn’t go into detail about the improvements the Galaxy Z Fold 4 or Galaxy Z Flip 4 are getting, it appears the company is pushing some new camera and gallery features that it introduced with the Galaxy S23 series earlier this year. The company recently announced that several of those features will reach its older Galaxy devices over the next few weeks. Image Clipper is among them.

The April update patches more than 70 vulnerabilities in Galaxy devices

Along with the new features, this update is an important one from the security aspect as well. The April SMR contains more than 70 vulnerabilities, including over 20 Galaxy-specific ones. At least five of those security flaws are identified as critical by Google and Samsung. The vast majority of the remaining ones are also labeled “high-severity” issues. These security enhancements will soon reach all Galaxy Z Fold 4 and Galaxy Z Flip 4 in the US. As usual, you can go to Settings > Software update and tap on Download and install to check for updates manually.


[ad_2]
Source link

Reddit will start charging companies for its API access

andreasc
-
0
Reddit will start charging companies for its API access
[ad_1]

Ever since the start of the AI revolution late last year, many AI companies have looked to Reddit to train their models as the platform is host to vast amounts of human interaction. Now, in an effort to stop these AI companies and using Reddit’s data for free, the platform has announced a new policy change, which will require companies to pay for using its API.

Although the company claims that its API access would remain free for developers who want to create apps and bots that help people use Reddit, the pricing for the API access for companies is still unclear. But reports suggest that Reddit could split the pricing into different tiers, depending on the requirements.

However, to help ensure that the platform’s moderators can still access the API, Reddit is also developing dedicated moderation apps for Android and iOS, which will feature mod logs, rule management tools, mod queue information, and more.

Why is Reddit’s data important?

Reddit’s co-founder and CEO Steve Huffman believes the platform is a unique place on the internet that allows for genuine conversations, and there is a lot of valuable information which is not available elsewhere. He further explained that because of these unique propositions, Reddit would not give its value to companies like Google and OpenAI for free and that it is a good time for them to tighten things up.

Moreover, the platform also aims to incorporate AI into its services, such as detecting and labeling AI-generated content to help notify users that a bot might have written a comment.

Reddit’s move to monetize its API is not surprising, considering AI is rapidly gaining popularity, and other platforms like Twitter have taken a similar stance. Furthermore, with rumors of Reddit going public this year, adding a new revenue stream would be a wise decision. By charging for API access, Reddit can monetize its data and ensure that it’s being used by companies that genuinely value it.


[ad_2]
Source link

Facebook might owe you a slice of its $725 million class-action settlement

andreasc
-
0
Facebook might owe you a slice of its $725 million class-action settlement
[ad_1]
Back in 2018, it was revealed that 87 million Facebook subscribers had their personal data used without permission by now-defunct political consultancy firm Cambridge Analytica. Over 70 million of those subscribers were Americans and late last year a federal judge ordered Facebook parent Meta to pay $725 million to settle a class action lawsuit related to the use of this personal data. So now, those who used Facebook between May 24th, 2007, and December 22nd, 2022, and lived in the U.S. during that time, can submit a claim for a share of this money.
No don’t start buying a new car or call real estate brokers to find a ritzy new place. This is not the same as signing a contract in the NBA. Typically the lawyers make out great while members of the class get a few coins taped to a postcard. Still, it doesn’t hurt to submit a claim if eligible and if enough people can’t be bothered to do so, the larger the payouts will be. You have until August 25th to submit your claim and this is how you do it.
First, visit the Facebook, Inc., Consumer Privacy User Profile Litigation page by directing your browser to facebookuserprivacysettlement.com or by tapping on this link. There are some important dates listed on the page. For example, you can wait until July 26th to decide if you want to opt out of the settlement and bring your own lawsuit. For the majority of those eligible to submit a claim, filing a lawsuit is not a financially feasible plan.
You might be owed a slice of Facebook's $725 million settlement over its improper use of user's personal data - Facebook might owe you a slice of its $725 million class-action settlement

You might be owed a slice of Facebook’s $725 million settlement over its improper use of user’s personal data

So let’s assume that you are going to submit a claim. The first box under the heading of “Summary of your legal rights and options in this settlement” is titled “Submit a claim.” Tap on the link that says “Submit your claim form online” and you’ll be whisked away to the proper page. Now it’s hard not to get excited when the very first request on the page asks you to decide which platform you want to be paid on. You can choose a prepaid Mastercard, or get paid via Venmo, Zeille, or directly to your bank account.

Fill out all of the information requested and if you still have your Facebook account up and running, you will not have to remember exactly when you started using the platform. The whole process will probably take up to 10 minutes of your time. Individual payments will be based on the number of Facebook users that submit a claim and how long each person has been a Facebook subscriber.

The final approval hearing is scheduled for September 7th at 1 pm PDT. Hmm. That might come just in time to order a new iPhone 15 model.


[ad_2]
Source link

Fake Chrome updates spread malware

andreasc
-
0
Fake Chrome updates spread malware
[ad_1]

We take a look at a slew of hacked websites pushing fake Chrome updates which are Monero miner malware in disguise.

Compromised websites are causing big headaches for Chrome users. A campaign running since November 2022 is using hacked sites to push fake web browser updates to potential victims.

Researcher Rintaro Koike says this campaign has now expanded to also target those who speak Korean, Spanish, and Japanese. Additionally, Bleeping Computer notes that some of the affected sites include news, stores, and adult portals. The attackers are likely to be primarily targeting sites based on vulnerability rather than content served. As a result, it’s difficult to predict where these bogus updates will appear next.

How the fake update attack works

Once a website is compromised, malicious JavaScript runs a script when an unsuspecting visitor lands on the page. If you’re deemed to be an “acceptable” target for the attack, then more scripts are downloaded and a fake update lies in your immediate future.

Potential victims are shown what appears to be a genuine web browser error of some sort, from inside the browser window. It says:

UPDATE EXCEPTION

An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update.

ERR_INSTALL_INTERRUPT

A ZIP file is then automatically downloaded under the guise of a supposed Chrome update. If you’re familiar with how Chrome updates, you’d probably decide to delete the file at this point because this isn’t exactly normal. However, a lot of folks out there will probably panic at the sight of the ZIP, assume something has gone horribly wrong with their browser, and open it up.

Sadly, all you’d be doing when launching the file is executing a Monero miner. Monero miners are trojans which hog your computer’s CPU to mine for cryptocurrency. The scammers try to get rich, at the same time as devoting your system resources to activities other than what they should be doing. In a worst case scenario, your device could overheat, experience slow down, or just crash.

Monero miners can be seen doing the rounds in everything from Linux malware to Windows botnets.

According to the researchers, in this case the malware attack also shuts down Windows Update and adds itself as an exclusion to Windows Defender, as well as “disrupting the communication of security products with their servers”. A desktop PC with a miner hiding under the hood, security tools broken, and updates turned off meaning the device is potentially going to become more insecure as time passes? Someone’s hit the Monero moneymaker on this occasion.

How to update Chrome

Updating your web browser, whether Chrome or something else, is incredibly easy to do. Most of the time it’s completely automatic, and potentially done entirely out of your field of view. You may be asked to configure the process just once, at first install, and then never have to think about it again. At best, you may open up your browser, see a message telling you that you’re now running the latest version, and then go back to not having to think about it.

Maybe the very hands off approach has a small part to play in why people download ZIPs like the above. We’re so used to never seeing updates take place that when we’re randomly told about it out of the blue, we assume it’s the real deal.

Either way, your web browser should never ask you to download random ZIP files and install the contents. All of your browser updating is supposed to happen inside of the web browser.

To update your browser manually, or at least get a feel for how this process takes place:

  • Click the 3 vertical dots on the right hand side of your URL bar.
  • Select Help > About Google Chrome

From here, you can see which version of Chrome that you’re running. If an update is waiting in the wings, it should start downloading automatically. Once the update is complete, you’re usually asked to relaunch the browser and complete the update process. The “What’s New” button option will also inform you about major changes to browser functionality.

Again: you should never have to download a file, ZIP, or anything else from a website in order to supposedly update your browser. Avoid these so-called updates, keep genuine updating restricted to the browser itself, and you should be fine.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link
1...1,2811,2821,283...1,452Page 1,282 of 1,452