The most interesting security related news from the week of March 13 to 19.
Last week on Malwarebytes Labs:
Stay safe!
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Samsung‘s One UI 5.1 update is available for the Galaxy A51 5G in the US. The rollout began recently for the carrier-locked variants. Factory-unlocked units should get it soon. The new One UI version has yet to reach the 4G model of the Galaxy A51.
The One UI 5.1 update for the carrier-locked Galaxy A51 5G comes with the firmware build number A516USQUBGWC1 in the US (via). As of this writing, the big update is available to users on T-Mobile’s prepaid virtual network Metro. Samsung should soon expand the release to other networks. A wider rollout covering unlocked units and the 4G model should follow in the coming days.
The Galaxy A51 5G is getting a host of new features and improvements with this update. One UI 5.1 brings enhanced image remastering with the ability to remaster downloaded GIFs for better resolution and clarity. A shared family album in Gallery gives 5GB of storage for up to six people to quickly share photos and videos. New gestures enhance your multitasking experience. Resizing windows and entering split-screen mode is now easier.
Improved Modes & Routines let you choose multiple wallpapers that automatically change based on your activity. The weather widget is now richer while you’re getting a battery widget that lets you check the battery level of your connected devices. Last but not least, Samsung Internet adds continuous browsing across compatible connected devices. Long story short, One UI 5.1 has plenty of new features to be excited about.
This update brings the February 2023 Android security patch to the Galaxy A51 5G in the US. It isn’t the latest monthly SMR (Security Maintenance Release) available for Galaxy devices. Samsung has already pushed the March SMR to dozens of models. But last month’s patch is a fairly recent one. The device will get a newer security release in the coming months. It is eligible for biannual security updates at least until April of next year.
The Galaxy A51 5G will not get feature updates anymore, though. One UI 5.1 is the last such software release for this 2020 mid-range smartphone, It debuted with Android 10 and received updates until Android 13. The device isn’t eligible for Android 14. Nonetheless, if you’re using this phone in the US, the latest update has plenty of goodies for you. Go to Settings > Software update and tap on Download and install to check for updates manually. If you don’t see any updates today, wait a few days and check again.
Two individuals have been charged with being members of ViLE, a group of doxxers that even impersonated police officers to obtain persoanl information about their victims
In a press release the U.S. Attorney’s Office, Eastern District of New York revealed details about the complaint against two individuals that are charged with wire fraud and conspiracy to commit computer intrusions.
More specifically, the defendants are suspected of extortion with the threat of doxxing. Doxxing, also known as doxing, is the act of publishing personal information about an individual without their consent. This information can include addresses, phone numbers, email addresses, and even financial details.
Allegedly, the defendants threatened to publish or otherwise use personal information about the victims unless they paid to have their information removed from or kept off the website.
The defendants, of which one is still at large, belonged to a group called Vile. Members of ViLE sought to collect victims’ personal information, such as names, physical addresses, telephone numbers, social security numbers, and email addresses. ViLE runs its own website which they use to post that information unless the victim complied with their demands.
As stated by United States Attorney Peace.
“As alleged, the defendants shamed, intimidated and extorted others online. This Office will not tolerate those who impersonate law enforcement officers and misuse the public safety infrastructure that exists to protect our citizens.”
The second sentence of that statement indicates how the defendants were able to get their hands on the personal information. What the defendants are charged with is that they unlawfully used a police officer’s stolen password to access a restricted database maintained by a federal law enforcement agency. They used the police officer’s credentials to access without authorization a nonpublic, password-protected web portal maintained by a U.S. federal law enforcement agency, whose purpose is to share intelligence from government databases with state and local law enforcement agencies. Said database contains (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.
The two suspects are also charged with accessing without authorization the email account of a foreign law enforcement officer. They abused this access to defraud social media companies by making purported emergency requests for information about the companies’ users. For example, one of the defendants used an official email account to pose as a Bangladeshi police officer in communication with US-based social media platforms.
The same Bangladeshi police account was used to request data about the user of an online gaming platform. When caught they threatened to sell the platform’s information on the Dark Web. An associate posed as a US local police officer and sent a forged subpoena to one of the platform’s vendors, seeking registration details about their administrators. The vendor did not provide the information.
There are some actions you can take if you are, or suspect you may have been, the victim oif a data breach.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
TRY NOW
Samsung is rolling out the March 2023 Android security patch to the Galaxy Z Fold 2 and the Galaxy A12 in the US. The latest security update has already been pushed to all other recent foldables and flagship models stateside. The new release contains more than 60 vulnerability patches.
The March SMR (Security Maintenance Release) for the Galaxy Z Fold 2 in the US is currently limited to carrier-locked units. The update comes with the firmware build number F916USQS2JWC1 and is available for users on Sprint and T-Mobile networks. Samsung should expand the release to factory-unlocked units in the coming days. The firmware version may vary slightly but the content will remain the same.
Speaking of content, don’t expect any new features or improvements here. The 2020 foldable model is only getting this month’s vulnerability fixes. It recently picked up the One UI 5.1 update with tons of goodies. Samsung is now improving the security level of the phone. Those with an unlocked Galaxy Z Fold 2 in the US know that their device hasn’t received One UI 5.1 yet. The March SMR for your foldable may arrive bundled big update.
Coming to the Galaxy A12, the story is a little different. It’s an entry-level phone that arrived on the market at the far end of 2020. The device debuted running Android 10 out of the box. It picked up updates until Android 12 and that’s all it will ever get. Samsung will not push Android 13 to it, and that eliminates the possibility of One UI 5.1 as well. Security updates also come a few and far between for this phone.
But as we speak, Samsung is pushing the March SMR to the Galaxy A12 in the US. The update is available for the unlocked variant with firmware version A125U1UES5CWC3. As you can see in the official changelog, the entry-level handset isn’t getting anything apart from the latest security patch. A wider release covering carrier-locked units should follow in the coming days.
The March SMR for Galaxy devices contains fixes for more than 60 vulnerabilities across the Galaxy lineup. About 20 of those issues are Galaxy-specific and were duly patched by Samsung. The rest are issues in Android OS and other partner components that various Android OEMs use. They affect the entire Android ecosystem. Respective vendors of those components patched the issues. If you’re using the Galaxy Z Fold 2 or Galaxy A12 in the US, you can check for a new update with all of these vulnerability patches from the Settings app.
It’s no secret that over the past few years, TikTok has been under a lot of scrutiny regarding its data privacy practices. However, when reports of the company firing employees for using the app to spy on the locations of two journalists emerged last year, it sparked a new wave of controversy. Now, the FBI and the Department of Justice are also looking into the matter and have launched an investigation against TikTok over national security concerns.
The incident was first confirmed in an internal ByteDance investigation, where the company found out that some employees accessed data on American journalists’ TikTok accounts to figure out which employees were leaking information to reporters. While ByteDance says they immediately fired the involved employees, this security lapse has caused US lawmakers to question the company’s privacy practices as they worry that the Chinese government is using TikTok to gather intelligence on US citizens.
The details of the investigation are still unclear, but Forbes says TikTok has already received subpoenas from the Department of Justice, and the FBI has also started conducting interviews related to the matter.
In response to the investigation, ByteDance stated, “We have strongly condemned the actions of the individuals found to have been involved, and they are no longer employed at ByteDance. Our internal investigation is still ongoing, and we will cooperate with any official investigations when brought to us.”
This development also comes at a time when US regulators have been mounting pressure on ByteDance to sell off the US division or face a complete ban. However, TikTok has rejected the demand for divestiture, stating that it won’t address the government’s concerns. Instead, the company proposed “Project Texas,” a $1.5 billion initiative that would store US user data domestically and subject the company to an auditing process conducted by American tech giant Oracle.
A new malware that distributes multiple known malware families, including Agent Tesla, FormBook, Ave Maria, NetWire, LokiBot, Raccoon Stealer, Remcos, RedLine Stealer, Vidar, and Rhadamanthys, has been discovered by Checkpoint researchers.
Dubbed DotRunpeX, the malware is a new injector written in .NET, created using the Process Hollowing technique, and used to infect systems with different malware families.
The researchers noted that DotRunpeX is being actively developed. Its infection chain invades the system as a second-stage malware, usually deployed via a downloader or loader delivered via malicious attachments in phishing emails.
Additionally, it can leverage malicious Google Ads that appear in search results to direct unsuspecting users when they search for commonly used software such as LastPass and AnyDesk and send them to copycat sites delivering trojanized installers.
Though the injector is fairly new, there are several similarities it shares with its previous versions. For example, the injector’s name is derived from its version information, which is the same for both versions across all samples the researchers analyzed. They also noted that it contained ProductName – RunpeX.Stub.Framework.
Their analysis revealed that each malware sample had an embedded payload of a specific malware family to be injected, which becomes possible by abusing the vulnerable procexp.sys process explorer driver incorporated into the malware for obtaining kernel mode execution.
They analyzed publicly shared data by independent researchers regarding DotRunpeX but learned that the malware was misattributed to a well-known malware family. Furthermore, they learned that the first-stage loader and the second-stage loader had no connection.
The most recent activity of DotRunpeX was detected in October 2022. It was noticed that using the KoiVM virtualizing protector adds an extra obfuscation layer. These findings were somewhat similar to a malvertising campaign discovered by SentinelOne in February 2023. In that instance, the loader and injector components were referred to as MalVirt.
Researchers suspect that the malware may be operated by Russian-speaking groups, given the references to the language in its code.
All Google Workspace plans have seen an increase from their previous pricing. The new prices are now being implemented, a few weeks after Google announced them. So, if you use Google Workspace for collaboration with your team, you’d pay a slightly increased plan when your subscription renewal is due.
Regardless of the Business plan you subscribe to, your payment will see an increase. But, the increment varies from one plan to another, with the Business Plus plan seeing the highest increase. Well, if you subscribe to the Enterprise, Education, and annual payment, this price increment won’t affect you.
This price increment comes in light of the AI integrations coming to the Workspace services. For this reason, Google is stepping up the subscription plans on all tiers. Here is everything you need to know about this subscription price increment on Google Workspace.
Google Workspace, previously known as G Suite, has undergone yet another change. This time the change alters the pricing of the Workspace subscription plans. If you aren’t already aware, Workspace is simply a productivity tool from Google for your business team.
Lots of businesses rely on this service for collaboration with their team on various projects. To make use of this feature, business owners need to pay for a subscription plan. This plan gives them access to collaboration tools on various Workspace apps like Google Mail, Meet, and other applications.
There are a total of five Google Workspace plans for prospective users to choose from. These plans are Business Starter, Business Standard, Business Plus, Enterprise, and Education. Users then get to pick what best suits their business and team needs.
All plans have got a subscription price increment, except the Enterprise and Education plans. The Business Starter plan previously priced at $6 is now $7.20 getting a $1.20 price increase. Next is the Business Standard, previously priced at $12, which is now $14.40 raising the plan by $2.40. Lastly, the Business Plus plan, which was $18 per month, is now $21.60 making it the highest increment.
For the businesses currently on the annual subscription, they won’t be affected by this increment. The main reason for this increment is a result of the new Google Generative AI feature that is being introduced to the Workspace platform. This marks a new era for AI and Google Workspace with a ton of tools to make cross-collaboration easier.
It’s no secret that TikTok’s mishandling of user data has put the company in a lot of trouble, including the US government’s push for the app to divest from its parent company, ByteDance, or face a national ban. However, TikTok CEO, Shou Zi Chew, has now claimed that even if they sell off the US division, concerns over data privacy and security would persist. Instead, the company aims to address the issues with the help of Project Texas.
“I do welcome feedback on what other risk we are talking about that is not addressed by this, and so far I haven’t heard anything that cannot actually be solved by this,” said Chew in a statement to The Wall Street Journal.
Chew’s remarks came in response to fears that China could gain access to user data through TikTok. Lawmakers worry that the Chinese government might compel ByteDance to share user data and demand changes to the content that TikTok’s algorithms show to Americans. Furthermore, the FBI’s recent investigation into ByteDance’s alleged access to the data of US journalists has added to the existing concerns and criticisms of the company’s data handling practices.
While the company’s CEO has denied the US government’s request for divestiture, TikTok hopes to address the security concerns with Project Texas. The initiative aims to protect US user data by routing it through domestic Oracle servers and allowing third-party oversight of the app’s algorithms. TikTok claims they have invested billions of dollars in this project and are also looking forward to expanding the project in the EU.
Despite these safeguards, a former employee of TikTok’s trust and safety team has claimed there are significant flaws with Project Texas, as the Chinese government could still access US user data through TikTok. In response to these concerns, Chew argued that the project will prevent China from accessing US user data, regardless of any changes to Chinese law.
“The idea behind Project Texas is it won’t matter what the Chinese law or any law says, because we’re taking U.S. user data and we’re putting it out of their reach. You’re talking about real concerns, I think these are the real solutions,” said Chew.
We take a look at multiple vulnerabilities highlighted by Google’s Project Zero team, and what you can do to ward off the threat of attack.
Google’s Project Zero is warning of multiple significant vulnerabilities found across many models of mobile devices including Samsung Galaxy, Google Pixel, Vivo, and several forms of wearable and vehicles using certain types of components.
Between late 2022 and early 2023, Project Zero reported 18 vulnerabilities in a chip powering those devices. Of those 18, a total of four vulnerabilities are tagged as “top-severity” which could allow for silent compromise over the network.
The list of impacted technology is as follows:
The four most severe vulnerabilities could allow attackers to remotely compromise a device, with no physical interaction required at any stage of the proceedings. The only thing an attacker requires for the compromise to take place is knowledge of the intended victim’s phone number.
The other fourteen, while still bad, are nowhere near as severe, and for them to be successful requires either a malicious mobile network operator or an attacker with local access to the device.
Meanwhile, the Google Security research team believes that the most severe vulnerabilities would allow skilled attackers to create an operational exploit in a short space of time.
While Google mentions that patching will be dependent on manufacturer, PIxel phones (for example) have already been patched against CVE-2023-24033 in the March security update. If a patch isn’t forthcoming for your own device yet, Google has some suggestions to help keep your technology safe from harm. If your device allows you to, switch off two settings called:
This will prevent the risk of exploitation. One potential ramification of disabling VoLTE is that in recent years it has become something of a necessity for some mobile networks. If you’re able to turn it off, then based on the information available you may experience poor call quality and lack of certain features and functionality. On the other hand, VoLTE is “not available everywhere on every network, or on every handset” so it may not matter too much anyway depending on your make and model.
As for scope, depending on where your device is from you may not be running the vulnerable type of chip needed for the exploit to be successful. The Verge notes that phones sold outside of Europe and some African countries” use something else altogether. In those instances, you should be fine.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
If you are trying to purchase any device in the Galaxy S23 series, then you might want to consider the new Samsung trade-in offer. The available offers can earn a buyer up to $700 to assist them with their purchase. But only a few buyers have access to these offers on the Samsung website and official retail stores.
Samsung fans will find these trade-in offers very interesting, as it rewards them for being loyal customers. So if you are a Samsung fan, head over to their official smartphone website and grab yourself a new Galaxy S23 series device. Two devices in the series are available for purchase with this new trade-in offer.
These devices are the S23 and the S23+ both of which are great flagship devices. In this article, we will take a look at the available trade-in offers for Samsung users. Which devices will be accepted, and which ones have the best trade-in value?
The new Samsung Galaxy S23 and S23+ are both impressive devices that pack a ton of features. If you are into smaller yet powerful devices, then the S23 is the perfect choice for you. But, if you want something bigger with a larger battery, then the S23+ will suit your taste.
Both devices make use of the Snapdragon 8 Gen 2 processor for Galaxy devices and pack 8GB memory capacity. They also feature the same rear and front-facing camera setup, bringing similar imagery performance. The smaller S23 retails at $799 and the larger S23+ retails at $999 without the new trade-in offer.
If you already own a Samsung device (smartphone or tablet) purchasing either the Galaxy S23 or S23+ will be more affordable. Samsung’s new trade-in offer is a trade-in offer for these devices that can help you pay just $99 for the S23 and $299 for the S23+ (128GB option). To get this amazing deal, all you need to do is trade your current device back to Samsung while purchasing any of the S23 devices.
All Samsung devices from the Galaxy S7 down to the Z Fold 4 are on a trade-in promotion. With any device within this range, you can get a discount ranging from $110 to $700 on the Galaxy S23 series. This massive discount is courtesy of the new Samsung trade-in offer.
To Apple users, there is no need to feel left out as Samsung is also giving you a similar trade-in offer. From the iPhone 6s to the iPhone 14 Pro Max, this trading offer gives you a $30 to $700 discount. If you are considering switching over to Android, this is the best time for you. Simply trade in your iPhone and get the latest Samsung flagship devices.
Pixel, OnePlus, and LG users also get similar deals, with the Pixel 7 Pro having the highest trade-in offer. It is good to note that the new Samsung trade-in offer is exclusive to certain regions. Head over to the official website in your region to see if you can benefit from this trade-in offer. You also stand a chance to win the Samsung Galaxy S23 Ultra by clicking on this link.