Google has suspended Chinese agricultural e-commerce app Pinduoduo from Google Play after versions of the app found outside the Google store were flagged as having malware issues.
A Google spokesperson told Reuters that the app had been suspended over “security concerns”, adding that “Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect”, in other words, software that prevents the installation of malicious or harmful apps by scanning Android devices with Google Play Services.
A Pinoduoduo spokesperson told Reuters that Google had not shared details on why the app was “temporarily suspended” from Google Play beyond saying that the current version of the app “is not compliant with Google’s Policy”. The spokesperson noted that there are multiple reasons why an app may be temporarily suspended from Google Play.
Trojan malware, or malware disguised as a trusted file or source, can have devastating affects when unknowingly downloaded by a victim. Research by cyber security software company G Data has found that as of 2019, there were more than 4.18 million malicious Andriod apps available to download, with an average of 11,500 apps being uploaded every day.
Cyber security expert and Cyber Security Hub contributor Alex Vakulov notes that the nature of this threat vectors means it is difficult to remove once a device has been infected, with some extreme cases requiring the infected device to be returned to factory settings.
Vakulov says that it is not uncommon for users to download malware from official sources such as Google Play, due to the app-checking technology not being completely foolproof.
“While mobile security solutions can detect unauthorized app activity, it is the personal decision of each user to install a particular software on their phone,” he adds.
To prevent trojan malware infections, users should remain vigilant by checking the validity of app publishers before downloading any apps.
HMD Global has announced yet another Android Go smartphone, the Nokia C12 Pro. This handset follows the Nokia C12 which arrived back in January, and the Nokia C02 which launched in February. It’s as if Nokia has a new Android Go device for each month of the year.
The Nokia C12 Pro is official as a new Android Go smartphone
Considering this is an Android Go device, it has entry-level specs. Before we get down to that, let’s talk about its design first, shall we? The Nokia C12 Pro has a single camera on the back, inside a small camera island that sits in the top-left corner.
In the bottom-left corner, you’ll notice a rear-facing speaker. That is the only speaker on the phone. Nokia’s logo is also included on the back, and it’s vertically oriented.
On the front, you’ll spot a waterdrop display notch, a flat display, and rather thin bezels… well, all of them except the bottom one. This phone has a “chin” like many other entry-level devices.
Now, when it comes to specs, the device is fueled by the Unisoc 9863A1 SoC. It includes 2GB or 3GB of RAM, both of which arrive with 64GB of internal storage. Android 12 Go Edition comes pre-installed on the phone. HMD Global promises two years of quarterly security updates.
It has a larger battery pack than its non-Pro sibling
A single 8-megapixel camera can be found on the back, while a 5-megapixel unit sits on the front. A 4,000mAh battery is included in the package, but fast charging is not.
If this phone seems familiar, there’s a good reason for that. It looks basically the same as the Nokia C12. So, what’s the difference? Well, this device includes a larger battery. The Nokia C12 has a 3,000mAh battery. Both battery packs are removable, though.
The Nokia C12 Pro comes in Charcoal, Dark Cyan, and Light Mint colors, all of which are shown below. The phone launched in India only, for now. We’ll see if HMD Global plans to push it to other markets.
Multiple Samsung smartphones are receiving the March 2023 Android security patch today. The Korean firm has released the latest security update for the Galaxy S21 FE, Galaxy A52s, Galaxy A52 5G, and Galaxy A13. The new SMR (Security Maintenance Release) has already reached dozens of other Galaxy devices.
This month’s security update for the Galaxy S21 FE is currently rolling out in a handful of Asian countries. Users in India and surrounding regions are getting this update with the firmware build number G990EXXS4EWC2 (via). Samsung will gradually roll out this software release in more markets, including the US. Don’t expect anything apart from the latest security patch, though. This update comes right on the heel of One UI 5.1, so that isn’t surprising.
That’s true for the Galaxy A52 5G as well. Samsung recently pushed the One UI 5.1 update to the 2021 premium mid-range model. The latest release now brings this month’s vulnerability fixes. The update is rolling out widely in Asia and Europe as we speak. The new firmware version for this model is A526BXXU2EWB5. A wider rollout of the March SMR for the Galaxy A52 5G should be right around the corner.
The March SMR for the Galaxy A52s, meanwhile, is initially rolling out in Latin America. The update is live for users in a host of countries in the region. SamMobile confirms the availability in Paraguay, Colombia, Uruguay, Argentina, Guatemala, Bolivia, Mexico, and Peru. The updated firmware build number for the device is A528BXXS2EWB7. Samsung didn’t release the Galaxy A52s in the US but users in other markets should get this update soon.
The Galaxy A13 is another Samsung phone that is making the jump to the latest security patch today. This budget handset is also initially picking up the new SMR in Latin America, though the rollout seems to be currently limited to Colombia. The Korean firm should push the update more widely in the coming days. The Galaxy A13 isn’t eligible for One UI 5.1 but it will get Android 14.
The March update patches more than 60 vulnerabilities in Galaxy devices
This month’s security update contains more than 60 vulnerability patches for Galaxy devices. At least five of those were critical flaws, according to Google. If you’re using any of these Samsung smartphones, or any other for that matter, go to Settings > Software update and tap on Download and install to check for new updates. We will keep you posted as the company pushes updates to more Galaxy devices.
WhatsApp has just announced a brand-new update that mostly focuses on Communities, a feature that’s been introduced last year. Starting today, WhatsApp users should see couple of changes that will make groups easier to manage and navigate.
One of the important additions included in the update is a new tool that will give admins enhanced control over their group privacy. It’s meant to provide admins with the ability to decided who is able to join a group. The update further empowers admins’ control over who can join when they share their group’s invite link or make their group joinable in a community.
Another improvement introduced in the latest update will allow WhatsApp users to easily see groups in common. Since its launch last year, Communities in their groups have grown exponentially, so it’s hard to navigate and find those the you’re interested in.
Thanks to the latest update, WhatsApp users can now search a contact’s name to see their groups in common. It’s much easier than trying to remember the name of the group you already know you share with a friend.
If you can’t wait to start using these new features, you’ll have to be patient. WhatsApp announced that these new features will start rolling out globally over the coming week, so it might take a while to reach everyone. On the bright side, the social app hinted to even more tools that will further improve the groups experience for both admins and members.
In related news, WhatsApp is expected to push out yet another update meant to reduce spam. A new feature that will allow users to mute calls from unknown callers is now being tested and it’s available in the beta program. All muted calls will appear in the Call List, but you won’t be bothered by anyone you don’t know if that’s what you want.
A vulnerability in the Markup tool that comes pre-installed on Pixel phones allows anyone with access to the edited image to view parts of the original.
Most of us have a camera on us at all times, and so photo taking and image sharing has become almost ubiquitous. But when sharing an image, you want to have control over what you share. And that might lead you to crop images, or redact parts of them.
Maybe you cropped out a person that didn’t want their photo online, maybe you put a black mark across your address, or credit card number, or other personal information. You edited it out for a reason, but now it seems as though the original image might still be available for others to view.
Researchers have published a proof-of-concept (PoC) for a vulnerability in Google Pixel’s in-built editing tool Markup. The vulnerability allows anyone with access to the edited image to recover parts of the original, unedited, file.
Testing has shown that Microsoft’s image-snipping tools in both Windows 10 and 11 have a very similar vulnerability.
Markup is a built-in tool which was released with Android 9 Pie in 2018. It can be found on Pixel phones and its main purpose is to edit (crop, add text, draw, and highlight) screenshots.
Due to the vulnerability, known as aCropalypse (CVE-2023-21036), it is possible to, partially, retrieve the original image data of a cropped and/or edited image.
Not every image at direct risk of exposing sensitive information, but many of them will be. The problem is that the Markup tool passes the wrong argument to the parseMode() function. The consequence is that the “old” image does not get truncated and lives on in the redacted image. Simply put, if the altered image has a smaller file size than the original, the information about the original can be retrieved from the last part of the data which did not get overwritten.
So, cropped images are very likely to reveal information about the original file, because the main reason to crop them is often to decrease the image size. But also images where you redacted a part of the image with a marker may be recoverable. In the example below you will see an uploaded image of a credit card with the number masked, next is the image after downloading, and last is the image after going through the recovery tool. The 16 digit number is now visible again.
You can try the exploit for Markup yourself by uploading your own images to this online demonstration provided by the aCropalypse researchers. The demonstration tool only works for images edited with Markup, since the exploit script that works for images edited with Microsoft’s snipping tools is slightly different, according to one of the researchers.
What to do
Unfortunately, there is no way to change the way in which previously redacted images will behave. So if you know of some images that you have posted that could reveal anything you’d rather keep a secret, then you’ll have to find them and delete them. This is a daunting task, since there may be more backups of that image than you would care to imagine. For example, internet archives, backups, all types of caches, and downloads.
Before you go on a wild goose chase, it may be handy to know that you don’t have to worry about some images:
Most social media platforms recompress uploaded files, so anyone downloading your screenshots from Twitter will not get the exact same file you uploaded. So those can be left alone. But Discord, as shown in the example, and other messaging apps will give back the exact same file that was uploaded.
If the redacted information is in the upper section of the image (roughly the top fifth of the image) the original part has probably been overwritten and can’t be recovered.
The vulnerability the researchers found only affected the screenshot editor Markup. But as it turns out, other tools may have similar flaws.
The exploit only works for PNG files, but a similar vulnerability may exist in JPG files. Basically, if you crop an image and the file size of the saved result is the same as the original, your tool of choice might not be deleting the old image data.
For future images, you can install the March 2023 Google Pixel Update. We encourage you to check your Android version to make sure you are on the latest software. The vulnerability in Microsoft’s tools has not been fully worked out yet, and so for the moment all we know is that somehow the original data can be retrieved. A patch will be forthcoming in the probably not so distant future.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
When you’re the admin of a WhatsApp group chat, you’ll want to be sure that it’s only full of people you want involved. This can be an issue with bigger group chats. However, WhatsApp now lets you control who can join your group chat.
WhatsApp is one of the most popular messaging platforms right now, and it has a host of useful features. You’re able to set up large group chats to bring people together and collaborate. However, there’s always the threat of unsavory people entering the chat and causing trouble.
So, WhatsApp now lets people control who can join the chat
This is a very welcome update, especially if you’re a frustrated admin who periodically deals with troublesome members. People were able to just pop into a group chat. However, thanks to a blog post from WhatsApp, that’s no longer the case.
When you share a group, people, instead of joining right away, will send a request to join the group. The admin will see a Pending Participants page. There, they will see the accounts of the people who want to join. On that page, you’ll have the ability to either approve or decline them.
This gives you the opportunity to check out the user before they have access to the information in the chat. This is perfect for companies that chat about sensitive information on a group chat.
The new update also brings another feature to help you filter who can join your group. This doesn’t only apply to people asking to join groups. When you search a user’s name, the app will show you all of the groups that you have in common. This is useful because it lets you know if the person you’re searching shares the same interests as you.
The company launched this feature, so chances are that it’s available for you. However, since it’s still a new update and roll-outs vary depending on region, there’s a chance that you won’t see it yet. Keep an eye out for the update.
In the advanced technology world we are living in today, everything is becoming more digitized and technology itself has become an essential part of our daily lives. From smartphones and computers to smart homes, we are surrounded by various digitalized gadgets and devices that increase the efficiency of our life. However, as technology continues to evolve, some things are becoming more and more complex to understand, especially for those who are not tech-savvy.
This is also one of the reasons why many people are looking for a user-friendly AI platform that can help them. Recently, we found two platforms that are very innovative that can help us in any aspect of our life, starting from information seeking to entertainment. These platforms are called Aichatting and ArtGuru AI Art Generator.
Learn more about it in this post.
Aichatting, Your Digital Friend
We named this platform ‘your digital friend’ as it can answer any of your inquiries in seconds. You can use it to ask for information you’re seeking, for instance, “how many continents are there?”, or simply because you’re bored and want a companion, then you can type ‘Hi, I’m bored”, then it will reply to you as if you’re chatting with a friend.
Specifically, Aichatting is a digital technology that integrates humans and machines into a more natural response. This platform uses natural language processing (NLP) to interpret and analyze the language used in a conversation. Therefore, it can work as a virtual assistant to understand the intent of users and respond to them in a way that feels like a conversation with a human being. Additionally, it is also equipped with a machine learning algorithm to learn from previous conversations and improve them over time.
Hence, whether you’re looking for convenience, personalization, efficiency, or accessibility, Aichatting is the perfect solution for you. It is freely available for anyone who wants to improve their interaction with digital devices.
Here is how to use it:
Open your browser and go to the official website of AI chat and AI writing generator. Once the page loads, type anything in the white box and press enter. In a few seconds, it will generate an answer to your inquiries.
ArtGuru, Your Personalized Image Guru
Next, we have ArtGuru as your personalized image generator. Just like the appellation we have given, this platform can generate various images you’re seeking to the images of your own avatar. The website is actually divided into two sections, namely AI Image and AI Aniself.
The former one, which is AI Image, is a tool to generate any images you’re looking for. For instance, if you’re wondering about a mountain landscape painting, you can simply type these keywords on the box and wait for a few seconds, it will display the most suitable image for you.
Subsequently, AI Aniself is a tool to generate personalized avatar images. You can even upload your own selfies to create an avatar of yourself. Additionally, it has an advanced settings feature that allows you to describe the style for your avatar, for instance, in a traditional way, modern, or others.
With these two features, ArtGuru allows users to explore the world of art in a new and exciting way, finding out hidden insights and learning more about their favorite artists and artworks. So whether you’re a curious newcomer or an art lover, ArtGuru has something to offer you.
For AI Image, here is how to utilize it:
1. Navigate to the website of ArtGuru AI drawing generator. 2. Tap on the ‘Create AI Image’ button.
3. Type any keyword on the “Describe your image” box, then tap on the ‘Create AI Image’ button. Wait for a moment as it loads your image.
For AI Aniself, here is how to utilize it:
1. Similar to the previous one, navigate to Artguru official site. 2. Tap on the ‘Create Aniself’ button. 3. Upload your photos or selfies by tapping on the + button, enter the specific criteria you want (optional), then tap the ‘Create Aniself’ button. Wait for a few seconds as it loads.
Ending
With these two platforms available for free to accompany you in your daily life, we promise you will not get bored easily and at the same time can increase the efficiency of your time. For Your Digital Friend, find Aichatting; as for Your Personalized Image Guru, find ArtGuru.
As per a report from AhnLab Security Emergency Response Center (ASEC), poorly managed Linux SSH servers are becoming the targets of a new campaign in which different variants of ShellBot malware are being deployed.
What is meant by Poorly Managed Servers?
Poorly managed services refer to weak account credentials, which make the server vulnerable to dictionary attacks. Services such as MS-SQL and RDP (remote desktop protocol) are often targeted.
In Linux servers, SSH (secure shell) services are the primary targets. In IoT environments, dictionary attacks are targeted against the Telnet service installed on an embedded Linux OS or an old Linux server.
What is ShellBot?
ShellBot, also known as PerIBot, is an old DDoS bot malware developed in Perl. The malware typically uses Internet Relay Chat/IRC protocol to establish communication with its C2 server.
Currently, the malware is being used to launch attacks against insecure Linux systems, targeting servers with weak credentials. It is deployed on a system after attackers use scanner malware to determine whether the system has SSH port 22 open.
Attack Details
ASEC researchers noted that ShellBot was used in attacks targeting Linux servers that were distributing cryptocurrency miners through a shell script compiler.
“If ShellBot is installed, Linux servers can be used as DDoS Bots for DDoS attacks against specific targets after receiving a command from the threat actor,” ASEC’s report read.
The attack begins by using a list of SSH credentials to launch a dictionary attack and breach the server. Once this is accomplished, the threat actor deploys the payload and leverages the IRC protocol to communicate with the C2 server and receive commands that instruct ShellBot to conduct DDoS attacks and steal data.
Different ShellBot Variants Used in the Campaign
According to ASEC researchers, three variants of ShellBot were identified, including LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. The first two versions feature a wide range of DDoS attack commands with HTTP, UDP, and TCP protocols.
Conversely, PowerBots are equipped with backdoor-like capabilities that can provide shell access and upload arbitrary files from the infected host. Threat actors can use these backdoor capabilities for the installation of additional malware and launch different types of attacks, abusing the server.
Motorola is readying a couple of new stylus-equipped budget smartphones. The Moto G Stylus 2023 and Moto G Stylus 5G 2023 have been making rounds of the rumor mill for a few months now. While we still don’t have an official launch date for either model, the Lenovo-owned company may not keep the duo under wraps for much longer. A massive leak has already revealed plenty about the Moto G Stylus 2023. We have detailed specs and leaked official renders showing the phone’s design from all angles.
Shared by The Tech Outlook, the renders show the Moto G Stylus 2023 in two colors: blue and copper. The rectangular camera module houses two sensors and an LED flash unit, with “50MP” printed on it. The primary sensor should have an aperture of F/1.8 with 2µm pixels. Specs of the secondary camera are not known but Motorola’s marketing materials reportedly mention features such as portrait shots, close-up shots, and low-light images. We don’t have any information about the selfie camera as well.
The selfie sensor on the Moto G Stylus 2023 resides within a tiny punch-hole on the top of the screen. It’s a 6.5-inch display with an HD+ resolution and a 90Hz refresh rate. Bezels on the sides and the top are fairly minimal but the chin is quite big. The phone has its volume rockers and the power button on the right. The latter is recessed, confirming the presence of a side-mounted fingerprint scanner. The SIM tray can be seen on the left, while we have a 3.5mm headphone jack, USB Type-C port, microphone, speaker, and stylus slot at the bottom.
Helio G88 will power the Moto G Stylus 2023
A Geekbench listing earlier this month revealed that the Moto G Stylus 2023 will be powered by MediaTek’s Helio G88 chipset. It has two ARM Cortex-A75 CPU cores clocked at 2.0GHz and six Cortex-A55 cores clocked at 1.80GHz. Motorola may offer the handset in 4GB and 6GB RAM options. It will run Android 13 out of the box. Fueling the whole package is a 5,000mAh battery. The report doesn’t mention the charging speed, though. Both 4G and 5G models topped out at 10W last year.
With the majority of key specs known already, the Moto G Stylus 2023 should be nearing its launch. Its 5G sibling should accompany it out of Motorola’s doors. The company launched last year’s 4G model in February, with the 5G model coming in April. Both versions may arrive in April this year.
The Chinese video-sharing app TikTok has announced an update to its community guidelines that aim to make the platform safer. The update is coming in days when TikTok is in hot water by US lawmakers, and it might be banned in the country due to national security concerns.
Revamping community guidelines is a part of the company’s efforts to prevent a potential ban in the United States. TikTok has now made it more clear how creators and content will be treated. The app also made specific guidelines for AI-generated content and synthetic media.
The update will take effect on April 21, and the app describes it as the “most comprehensive update to our Community Guidelines to date.”
TikTok community guidelines put a restriction on AI-generated media
According to the new policies, any synthetic or manipulated media showing realistic scenes must be clearly disclosed. Users can use stickers and captions, such as “synthetic,” “fake,” “not real,” or “altered,” to distinguish synthetic content.
Additionally, TikTok bans the use of synthetic media that contains the likeness of any real private figure. TikTok defines synthetic media as “highly realistic” content created or modified by AI. A public figure is someone who is over 18 years old and holds a significant public role, like celebrities and government officials, etc.
“We do not allow synthetic media of public figures if the content is used for endorsements or violates any other policy. This includes prohibitions on hate speech, sexual exploitation, and serious forms of harassment.” TikTok added.
TikTok continues that using synthetic media of public figures is only allowed in certain contexts like educational content. Any use for political or commercial purposes is forbidden.
Besides regulating AI-generated content and synthetic media, TikTok also adds more transparency to existing policies. Each rule now has a brief section that clarifies what the app allows and doesn’t allow. For example, TikTok bans any misinformation on civic and electoral processes like voting, eligibility requirements of candidates, counting the ballots, etc.
TikTok hopes to prevent a potential ban in the United States by greater adherence to the country’s laws and becoming more transparent about its operations. The app CEO will appear before congress on March 23 to address national security concerns and relationships with the Chinese government.
