Zimbra email platform vulnerability exploited to steal European govt emails

andreasc
-
0
Zimbra email platform vulnerability exploited to steal European govt emails
[ad_1]

The cybersecurity researchers at Proofpoint have disclosed a new phishing campaign from the Russian APT group known as Winter Vivern, TA473, and UAC-0114. The group has been exploiting a vulnerability in Zimbra Collaboration software to hack the emails of government agencies in different European countries.

Although it is yet unproven which nation-state supports this APT group, security researchers believe that its activities are in alliance with the interests of Belarus and Russia.

For your information, Zimbra Collaboration is a business collaboration and email platform that allows users to send and receive emails, and manage contacts, calendars, and tasks. It can be used on-premise or in the cloud and is used by governments, educational institutions, service providers, and businesses.

How Does the Group Target Victims?

Winter Vivern’s modus operandi entails sending out phishing emails impersonating the target organizations or their parent organizations’ employees with political affiliation to the government.

These emails are sent from email IDs having compromised domains or hosted on vulnerable WordPress websites. The email message includes a link to a resource of the target organization’s official website.

Zimbra email platform vulnerability exploited to steal European govt emails
The phishing email (Credit: Proofpoint)

However, this is a spoofed link as it redirects the recipient to a payload hosted on the attacker’s domain or a credential-stealing web page. This technique’s efficacy is now enhanced with a cross-site scripting vulnerability found in Zimbra.

APT Group Exploiting Zimbra Vulnerability

Zimbra is an open-source, on-premise and Cloud enabled business collaboration and email platform used by “hundreds of millions of mailboxes across 140 countries,” as per its website. The service is used by governments, educational institutions, service providers, and small to medium-sized businesses.

Proofpoint researchers noted that Winter Vivern is targeting the medium severity Zimbra vulnerability tracked as CVE-2022-27926, which Zimbra already patched in version 9.0.0 Patch 24, one year ago. The XSS flaws can allow threat actors to create links with appended code, which execute malware inside the browser when opened.

Modus Operandi and Possible Dangers

In the current campaign, the hackers target government agencies through vulnerable Zimbra installations/web interfaces and send phishing emails with links that exploit the XSS flaw and execute encoded JavaScript. When it is executed by the browser, a larger JavaScript payload is fetched from the attackers’ server and executed on the website in what’s called a cross-site request forgery attack. 

Attackers can now steal the victims’ usernames, passwords, and active CSRF tokens obtained from a cookie and transfer the information to their server. After obtaining login credentials and tokens, the malicious JavaScript uses hardcoded URLs to hijack the email portal.

“In some instances, researchers observed TA473 specifically targeting RoundCube webmail request tokens as well. This detailed focus on which webmail portal is being run by targeted European government entities indicates the level of reconnaissance that TA473 conducts before delivering phishing emails to organizations,” Proofpoint’s report read.

“These labour-intensive customized payloads allow actors to steal usernames, passwords, and store active session and CSRF tokens from cookies facilitating the login to publicly facing webmail portals belonging to NATO-aligned organizations,” Proofpoint noted.

Who Are Vulnerable?

Organizations that haven’t patched their Zimbra products in the past year are vulnerable to TA473 attacks. To prevent such attacks, it is important to restrict resources on publicly available webmail portals. This would prevent APT groups from engineering customized scripts that can steal credentials and log into the victim’s webmail accounts.

Winter Vivern’s Past Victims

The group’s past victims were located in India, Vietnam, Lithuania, Slovakia, and the Vatican. Sentinel Labs reported earlier in March that the group’s recent targets include Italian and Ukrainian Foreign Affairs ministries, Polish government agencies, Indian government officials, and telecommunication firms that support Ukraine in the war.

According to Proofpoint’s previous research, this group targeted elected government representatives in the US and their staffers.

  1. NATO Data Stolen in Cyberattack on Portugal
  2. Smartphones of NATO soldiers hacked by Russia
  3. Vulnerability found in NATO, EU-approved firewall
  4. NATO Probes Top Missile Firm MBDA Data Breach
  5. Russians hide Graphite malware in PowerPoint files

[ad_2]
Source link

Meizu unveils new phones after 1.5 years; Meizu 20 flagships are official

andreasc
-
0
Meizu unveils new phones after 1.5 years; Meizu 20 flagships are official
[ad_1]

Meizu has a rather interesting story. It grew immensely fast years ago, and the expectations were high. The company lost its way at one point, and stagnated. Then it got acquired by Geely, and is now trying to revive its previous status. Meizu has just announced its first phones after 1.5 years, the Meizu 20 flagships are official.

The last smartphones the company announced before these three are the Meizu 18x, 18s, and 18s Pro back in September 2021. Since then it has been radio silence from the company in terms of products.

The Meizu 20 flagships are now official, the company’s first phones in 1.5 years

Well, Meizu is now back with the Meizu 20, Meizu 20 Pro, and Meizu 20 Infinity. Alongside those three devices, the company also announced a new version of its Android-based UI, Flyme 10. Flyme Auto was also shown off.

The three phones do look quite similar. All three are made out of metal and glass, and have flat sides. The Meizu 20 Pro and Infinity have three cameras on the back, while the Meizu 20 has two. The ‘Infinity’ model has the thinnest bezels, but all three have rather thin bezels, and a centered display camera hole.

The Snapdragon 8 Gen 2 fuels all three devices

There are some differences spec-wise, but let’s see what they have in common first. The Snapdragon 8 Gen 2 SoC fuels all three phones. Qualcomm’s most powerful processor.

The devices also offer IP54 certification for water resistance, and UFS 4.0 flash storage. Well, other than the Meizu 20’s 128GB model, which comes with UFS 3.1 flash storage. We’ll talk about specific RAM + storage combos later on.

Stereo speakers are included on all three phones, and all three devices include a 32-megapixel selfie camera. You’ll also find an in-display fingerprint scanner on all three devices, but only the Meizu 20 and 20 Pro have an ultrasonic fingerprint scanner.

Flyme 10 is included on top of Android

All three phones include two SIM card slots, and Bluetooth 5.3. We’re not sure about the Android version that comes pre-installed, but Flyme 10 is included on top of it.

Let’s now talk about the differences, shall we? The vanilla model includes a 6.55-inch fullHD+ OLED display with a 144Hz refresh rate. The Meizu 20 Pro has a 6.81-inch QHD+ (3200 x 1440) LTPO OLED display with a 120Hz refresh rate. The Meizu 20 Infinity includes a 6.79-inch QHD+ LTPO OLED display with a 120Hz refresh rate.

The smallest model has the dimmest display out of the three

The Meizu 20’s display has an 800 nits peak brightness, while the other two models go all the way up to 1,800 nits. All three displays are flat, by the way, while the ‘Infinity’ model has the thinnest bezels, 2.48mm on all sides.

All devices include 12GB of RAM, but their storage options are different. The Meizu 20 and 20 Pro come in 128GB, 256GB, and 512GB flavors. The ‘Infinity’ model is on offer with 256GB and 512GB of storage only.

A 50-megapixel main camera sits inside all three phones, but the specs seem to be a bit different. The Meizu 20 and 20 Pro have the same unit, with an f/1.9 aperture. The ‘Infinity’ model’s main camera has an f/1.8 aperture.

The Meizu 20 has a 16-megapixel ultrawide camera (122-degree FoV), and a 2-megapixel tertiary camera. The ‘Pro’ model includes a 50-megapixel ultrawide camera (129-degree FoV), and a 50-megapixel telephoto unit. The Meizu 20 Infinity has a 12-megapixel ultrawide camera (122-degree FoV), and a 12-megapixel telephoto unit.

The charging speeds go up to 80W

The smallest model has a 4,700mAh battery and supports 67W wired charging (PD3 PPS, QC4+). The ‘Pro’ model includes a 5,000mAh battery, and supports 80W wired charging (PD3 PPS, QC4+), in addition to 50W wireless charging. The Meizu 20 Infinity includes a 4,800mAh unit, 65W wired, and 50W wireless charging (PD PPS, QC4).

The entire series launched in China only, at least for now. The Meizu 20 pricing starts at CNY2,999 ($436). The Meizu 20 Pro’s pricing starts at CNY3,999 ($582). The ‘Infinity’ model can be bought from CNY6,299 ($916). All three devices come in various different colors, as shown below.


[ad_2]
Source link

OnePlus Nord 3 is gathering certifications on its way to launch

andreasc
-
0
OnePlus Nord 3 is gathering certifications on its way to launch
[ad_1]

The OnePlus Nord 3 seems to be gathering certifications, as OnePlus prepares to launch the device. It actually popped up on several certifications lately, so we’ll group them together in this article.

The OnePlus Nord 3 gathered several certifications lately

The phone surfaced on Singapore’s IMDA (Infocomm Media Development Authority), with the model number CPH2493. That website didn’t really share any specific info about the device.

The second certification body that certified the device is the Chinse CQC (China Quality Certification Center). That listing did confirm that the phone will charge at the max power of 80W.

OnePlus’ upcoming mid-ranger also surfaced on the TUV certification site in Germany, and also India’s BIS. Those two listings didn’t really share any specific info about the Nord 3.

Now, luckily, we know basically everything we need to know about the phone. The device will seemingly be a rebranded OnePlus Ace 2V. The OnePlus Ace 2V did launch already so… there you have it. You can check out its design in the image below.

OnePlus Ace 2V image 1

It will likely offer the same design and specs as the OnePlus Ace 2V

Having said that, thanks to the fact this phone launched, we also know what specs to expect for the Nord 3. The phone will include a 6.74-inch fullHD+ AMOLED display with a 120Hz refresh rate.

MediaTek’s Dimensity 9000 SoC will fuel the device, while it will have a battery somewhere in the 4,500mAh-5,000mAh range. You can also expect it to offer up to 16GB of RAM, and possibly up to 512GB of internal storage.

Android 13 will come pre-installed, along with OxygenOS 13.1. The phone will also feature an alert slider on the right, and flat sides, as you can see in the provided image. Chances are it will feature a 64-megapixel main camera, an 8-megapixel ultrawide unit, and a 2-megapixel macro camera.


[ad_2]
Source link

Amazon’s World Backup Day offers big discounts on SanDisk & WD Storage

andreasc
-
0
Amazon’s World Backup Day offers big discounts on SanDisk & WD Storage
[ad_1]

March 31, 2023 is also known as World Backup Day. It’s a day about awareness for backing up your data, because you never know when something could go wrong. And to celebrate World Backup Day, Amazon is discounting storage products from SanDisk and Western Digital, by up to 67%.

Shop Amazon’s World Backup Day Sale

What’s part of this World Backup Day sale?

As part of this sale today, Amazon is discounting a ton of different backup products. Like the WD Elements Desktop External Hard Drive, this is the 20TB model which is now on sale for $279. That’s good for nearly 45% off of its regular price, and a good hard drive to pick up for storing your digital life.

But that’s not all, the SanDisk Extreme PRO Portable SSD is on sale. This is the 2TB model which is currently listed at $174.99, down from $229.99. This is a really useful tool since it is a portable SSD. Meaning that it does not need external power. Making it easy to take it with you anywhere.

The SanDisk Professional G-DRIVE PRO STUDIO SSD is also on sale. This is the 7.68TB model which is now discounted to $999, from $1,749. Which is perhaps the largest discount available today. At least dollars wise, percentage-wise, it’s only about 43% off.

If you’re looking for some micro SD cards, those are also on sale for World Backup Day. That includes the SanDisk 1TB Extreme microSD card which is now just $99. If you don’t quite need that much space, then the PNY 512GB Pro Elite Class micro SD card is on sale for $56. Or you can pick up the SanDisk Ultra 400GB MicroSD card for just $29. It’s pretty wild how cheap these micro SD cards have gotten over the years.

These are just some of the very many products that are on sale today for World Backup Day, and you can check it all out by hitting the link below.

Shop Amazon’s World Backup Day Sale


[ad_2]
Source link

Motorola’s best-selling phone is heavily discounted today

andreasc
-
0
Motorola’s best-selling phone is heavily discounted today
[ad_1]

One of Motorola’s best-selling phones of the past year, the Moto G Stylus (2022) is back on sale. And it’s got a pretty heavy discount today. Best Buy is selling the Moto G Stylus (2022) for $249.99. That’s 50% off of its regular price.

Now, typically with Best Buy, the “gotcha” is that you have to activate the phone today on AT&T or Verizon to get this discount. But whether you activate today or not, the price is $249.

Moto G Stylus – Best Buy

Why should you buy the Moto G Stylus (2022)?

Despite carrying the “Moto G” name, this is actually a pretty capable phone. With some pretty beefy specs. Since the beginning, “Moto G” has meant mid-range, and it still kind of does here. But not like you’d think.

The Moto G Stylus (2022) sports a 6.8-inch FHD+  display, powered by Qualcomm’s Snapdragon 695 chipset, with 8GB of RAM and 256GB of storage. There are some phones that cost $1,000 that don’t even have that much RAM and storage – looking at you, iPhone 14 Pro.  Additionally, it has a pretty large 5,000mAh capacity battery inside, that should keep you going all day long. In reviews, many have claimed that it lasts multiple days on a charge, which is great to hear.

Then there’s the cameras. The Moto G Stylus (2022) sports a 50-megapixel main sensor, along with a 8-megapixel ultrawide and a 2-megapixel depth sensor. So it’s really a dual-camera setup here, as you won’t be able to use that depth sensor. The cameras here are decent, but let’s face it, you likely aren’t looking to buy this phone for a spectacular camera.

This smartphone from Motorola is, pretty easy to see why it’s a best-seller. It’s far cheaper than the flagships, with a lot of the flagship specs included. And let’s not forget that it also comes with a stylus. Which kind of makes it a competitor to the Galaxy S23 Ultra, at a fraction of the price.

Moto G Stylus – Best Buy


[ad_2]
Source link

How to unlock any phone password without losing data 2023

andreasc
-
0
How to unlock any phone password without losing data 2023
[ad_1]

Mobile phone security is a wonderful thing—until you find yourself on the wrong side of it because you’ve forgotten your password or broken your screen.

Fortunately, there’s an easy fix. PassFab is a brilliant tool that lets you bypass any phone password, whether it’s on a second-hand handset with a mystery PIN or a tablet that’s taken a tumble down some stairs.

It lets you bypass every kind of lock screen, too, including numeric, alphanumeric, gesture-based, and biometric.

Plus, you can use it to access your Google account, wipe all data and settings with a single click, and remove Factory Reset Protection (FRP) restrictions on a Samsung device.

But PassFab Android Unlock isn’t just for Samsung phones. Every conceivable manufacturer and Android version is covered, from Google to Oppo, and from Android 2.0 to Android 12.

Best of all, you don’t even need to be a technical wiz to use it. PassFab Android Unlock is simple, intuitive, and fast.

You can read all about how to bypass the FRP lock on a Samsung phone (or any phone, for that matter) right here.

The PassFab website contains an extensive guide, walking you through the universal unlock PIN process using PassFab Android Unlock, which boasts an impressive 100% unlock rate on even current models with the latest security, like the Samsung Galaxy S21 Ultra 5G.

We recommend you read the whole guide for yourself, but in a nutshell the process involves downloading and installing a small piece of software, connecting your Android phone to your PC via USB, and following a few onscreen prompts.

PassFab Android Unlock gives you the option of removing the screen lock or removing the Google lock (FRP). If you pick the former, you’ll then get the choice to remove the lock without data loss, though this is only available for Samsung phones.

The FRP removal process is a little more involved, though the guide on the PassFab site breaks it down brilliantly, and the app itself makes it a breeze.

So whether you are wondering how to unlock any phone password. how to bypass FRP lock on Samsung or simply looking for a universal unlock pin for android PassFab is the answer. Head over to the PassFab website now to get started.


[ad_2]
Source link

Winnti APT Hackers Attack Linux Servers

andreasc
-
0
Winnti APT Hackers Attack Linux Servers
[ad_1]
Winnti APT Hackers

The discovery of a novel malware piece targeting Linux servers has been attributed to an unknown Chinese state-sponsored hacking group.

ExaTrack, a French security firm, recently reported that the malware in question was named Mélofée. There is a strong link between this malware and the notorious Winnti APT group, as proven by security analysts with high certainty.

A state-sponsored APT group called Earth Berberoka (GamblingPuppet) has also been linked to this malware. While this group has been active since 2020 and primarily targets Chinese gambling websites.

There are a number of malware programs used by the group that are multi-platform, including:- 

EHA

Technical Analysis

One of the malware’s features is a kernel-mode rootkit that utilizes Reptile, an open-source project. It is mainly used to conceal itself since the rootkit includes a hook to ensure the machine doesn’t detect it.

This package has been compiled for kernel version 5.10.112-108.499.amzn2.x86_64, according to the vermagic metadata.

An installer and a custom binary package are downloaded from a remote server for the implant and the rootkit to be deployed using shell commands.

The binary package is passed as an argument to the installer during the installation process. In the next step, the rootkit is extracted along with a server implant module currently being developed.

While there are three socket types implemented, and here below we have mentioned them:-

  • TCPSocket (type 0x0)
  • TLSSocket (type 0x1)
  • UDPSocket (type 0x2)

And here below, we have mentioned the three types of servers that are available:-

  • TCPServer (type 0x00)
  • TLServer (type 0x1)
  • UDPServer (type 0x2)

A second Linux implant named AlienReverse, which researchers are currently analyzing, has been discovered. There are several critical differences between the code architecture of this code and that of Mélofée, such as:-

  • Reptile’s pel_decrypt and pel_encrypt were used to encrypt the communication protocol data.
  • There was a difference in the IDs of the commands.
  • Other tools that the public can access are included within the tool.

Common points between Mélofée & AlienReverse

Although Mélofée did not share all the characteristics of Alien Reverse, still some points were similar.

Here below, we have mentioned those common points between Mélofée and AlienReverse:-

  • C++ has been used for the development of both implants.
  • To ensure that only one implant runs at a time, both implants use a file with a fixed ID in /var/tmp/%s.lock.
  • A similar mechanism implemented by this implant limits the time spent working.

In the arsenal of state-sponsored attackers, the Mélofée implant family is another tool that proves that China is continuously innovating and developing with this weapon.

Mélofée may seem to be simple malware; however, it can provide adversaries with some ways to conceal their attack through its abilities.

Searching to secure your APIs? – Try Free API Penetration Testing

Related Read:


[ad_2]
Source link

The new photo and movie editor lands on Chromebooks

andreasc
-
0
The new photo and movie editor lands on Chromebooks
[ad_1]

ChromeOS is becoming more of a power-focused platform, as Google has been adding more functionality over the years. The company recently announced that a new and pretty capable movie editor was coming to Chromebooks. Well, according to 9To5Google, it’s finally making its way to the public.

This is a long time coming, as the company announced better photo and video editing capabilities coming to ChromeOS. This included adding compatibility for the ever-popular LumaFusion. This is a powerful video editing program that we’ve seen on iPads and Android tablets.

How does this movie editor for Chromebooks work?

This movie editor won’t be as feature-rich as LumaFusion, but it’d be a free addition to the Google Photos app in ChromeOS. To access it, you can simply type “movie” into the search bar. You can either do that or just go to the Google Photos app.

While in the app, click/tap the Creations button on the left side of the UI. Then, select Add new and then Movie.

Now, this movie editor is definitely AI-driven. When you start creating your movie, you’ll see a grid of preset templates that you can choose from. There are presets titled things like “They grow up so fast”, “Year of smiles”, “Pet movie”, and so on. This means that the program will use AI to identify what’s in your images, and it’ll add appropriate photos and videos.

If you don’t want to start from a template, you can click on the Start from scratch button on the top right of the screen. In the movie creator, you’ll be able to select the photos and video clips that you want to add to your masterpiece.

The program’s AI influence doesn’t stop at the templates. If you add a longer video, the program will select the most important parts of the video clips to add to the movie. You’ll still have the ability to edit those clips yourself before the video starts rendering.

As you’re editing your video, you’re able to add more or remove clips and pictures. You can also drag and drop them to move them around. Along with that, you can markup the content, add filters, and make adjustments to the colors.

If you’re looking for a simple and capable movie editor, then you’ll want to keep your eyes peeled for this one. It’s rolling out, so there’s a chance that you won’t see it right away.


[ad_2]
Source link

Google denies using ChatGPT to train Bard

andreasc
-
0
Google denies using ChatGPT to train Bard
[ad_1]

It’s no secret that Microsoft’s push towards integrating ChatGPT into its various services prompted industry giants like Google to build its own AI chatbot named Bard. However, Google’s answer to ChatGPT has had a shaky start. According to a report from The Information, a former Google AI researcher named Jacob Devlin claims Google used ShareGPT, a platform where users share their conversations with ChatGPT, to train Bard.

Devlin reportedly left Google after expressing concerns to Alphabet CEO Sundar Pichai and other executives, arguing that using ShareGPT’s data would violate OpenAI’s terms of service and make Bard’s responses too similar to ChatGPT. The report also states that Google later stopped using ChatGPT data following Devlin’s warnings.

Google’s response

Although Google has denied the allegations and stated that they used LaMDA to train Bard, some people are sceptical about its rapid development after the release of ChatGPT. Additionally, Google is also reportedly increasing its efforts to make Bard compete with ChatGPT through the collaborative effort called “Gemini” between Google Brain and DeepMind.

Bard’s rocky start was evident in its first demonstration, where it made a factual error about the discoveries from the James Webb Space Telescope, leading to Google parent Alphabet losing $100 billion as stocks tumbled. But, it is clear that Google is eager to improve its AI chatbot and is willing to collaborate across its divisions to achieve this goal. The battle between Google and Microsoft over AI will probably intensify after the integration of ChatGPT into Microsoft Bing, which already has over 100 million daily active users and is growing quickly.

However, ethical AI development should be a top priority for all companies in the industry. Using scraped data without permission is unethical and illegal, and the development of ethical AI should be a primary objective for all companies in the industry.


[ad_2]
Source link

Steer clear of this EE phish that wants your card details

andreasc
-
0
Steer clear of this EE phish that wants your card details
[ad_1]

We take a look at a phish targeting users of the EE mobile network.

Watch out for this piece of spam lurking in mail boxes and claiming to be from the EE mobile network.

Fake EE mail

The mail, titled “We were unable to renew your monthly plan” with a likely random reference number alongside it, reads as follows:

Due to a problem with your card, we were unable to charge your next monthly payment automatically until you verify your billing details. To renew your contract, please use this link to update your payment information.

Failure to complete the process in a period of 7 business days may result in a disconnection of service.

The clickable link leads to an imitation EE site which asks for the visitor’s email address and password.

Fake EE login

Subsequent pages ask for the kind of details typically covered by any phishing scam, such as name, date of birth, and email address. The final page asks for you card details:

Fake payment request

If you fill those card details in, you are likely to soon become much lighter of pocket, as the criminals will use the details to take money from your card.

If you think you’ve accidentally filled in a form on a phishy site, contact your bank or card provider immediately so they can put it right. And follow the tips below on how to avoid phishing attacks.

How to avoid phishing attacks

  • Don’t take things at face value. Phishing attacks often seem to come from people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Take action. If you receive a phishing attempt at work, report it to your IT or security team. If you fall for a phish, make your data useless: If you entered a password, change it, if you entered credit card details, cancel the card.
  • Use a password manager. Password managers can create, remember, and fill in passwords for you. They protect you against phishing because they won’t enter your credentials into a fake site.
  • Use a FIDO2 2FA device. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link
1...1,3221,3231,324...1,452Page 1,323 of 1,452