Hackers Using Facebook Ads to Attack Critical Infrastructure

andreasc
-
0
Hackers Using Facebook Ads to Attack Critical Infrastructure
[ad_1]
Hackers Using Facebook Ads

A new information stealer has been recently found by cybersecurity researchers at Morphisec which is called “SYS01stealer.” This stealer primarily targets entities from the following critical infrastructures:-

  • Infrastructure employees
  • Manufacturing companies
  • Other critical sectors

The Morphisec intelligence team has been tracking this advanced information stealer since November 2022. As part of this campaign, the threat actors are using Google ads and bogus Facebook profiles to target Facebook business accounts and advertise things such as:-

  • Games
  • Adult content
  • Cracked software
  • Movies/Series

In this way, they lure the victim and make them download malicious files. In the attack, sensitive information is intended to be stolen, including the following:- 

  • Login data
  • Cookies
  • Facebook ad account information
  • Facebook business account information

It was initially believed that the campaign was linked to the Ducktail cybercrime operation, which was financially motivated. 

EHA

Hackers Using Facebook Ads

In order to begin the attack, a fake Facebook profile or advertisement is used as a lure to lure victims into clicking on a URL. By clicking on this URL, the attackers make the victim download a ZIP file that is supposed to have the following items:-

  • Application
  • Game
  • Movie/Series

There are two parts under which the complete infection chain is divided, and they are as follows:-

  • The loader
  • The Inno-Setup installer

Loaders are normally legitimate C# applications that might be vulnerable to a side-loading vulnerability due to their side-loading behavior. A malicious DLL file is hidden within the application, which is eventually side-loaded for infection. 

It was found that Western Digital’s WDSyncService.exe and Garmin’s ElevatedInstaller.exe were some of the applications that were exploited to side-load the malicious DLL file.

While apart from this, the Python and Rust-based intermediate executables are sometimes deployed through side-loaded DLL. 

It is important to remember that no matter what approach is taken to reach the delivery of an installer, all roads lead there. Here the SYS01stealer is a PHP-based malware that is dropped and executed by this installer.

Browsers Affected

The stealer stealthily harvests the Facebook cookies from the web browsers that run on Chromium, which is the most popular browser. And here below we have mentioned the names of web browsers that are based on Chromium:-

  • Google Chrome
  • Microsoft Edge
  • Brave
  • Opera
  • Vivaldi

As a result, all of the victim’s Facebook information is transferred to a remote server, as well as arbitrary files are downloaded and executed.

  • In addition to this, it has the following capabilities: 
  • Connect the C2 server to the infected host and upload the files.
  • Follow the commands and instructions provided by the server.
  • As soon as a new version is released, it will update itself.

Recommendation

In order to trick Windows systems into loading malicious code, DLL side-loading is an extremely effective technique. During the loading process of an application in memory, if the order of search isn’t adhered to, the malicious file will be loaded in preference to the legitimate file.

This allows threat actors to execute malicious payloads even when legitimate, trusted applications are hijacked.

It is important to implement a zero-trust policy and limit the user’s rights when it comes to downloading and installing programs in order to help prevent the SYS01 stealer.

Network Security Checklist – Download Free E-Book


[ad_2]
Source link

Ring introduces the new Battery Doorbell Plus

andreasc
-
0
Ring introduces the new Battery Doorbell Plus
[ad_1]

It’s been a little while since Ring introduced a new video doorbell, and now we finally have a new one. The Ring Battery Doorbell Plus. So as you can tell, this is not a wired-only doorbell, so this one’s going to cost a bit more. It does launch at $179. Similar to its other battery doorbells.

This is the next-generation video doorbell for Ring. Which is also the first to include a 150-degree by 150-degree field-of-view. That’s going to allow you to have a head-to-toe view of all of your visitors. That includes pets and kids, all the way up to adults. The expanded view does also help with Package Alerts, and makes them more useful. Keep in mind that Package Alerts is included in the Ring Protect plan only.

The resolution here has been upgraded as well, now sitting at 1536p. The weird resolution is due to the camera’s view basically being a square. But this is the highest resolution of any Ring Video Doorbell to date.

It has all the usual Ring doorbell features you’d expect

In addition to the wider field-of-view and higher resolution, the new Battery Doorbell Plus does have all of the features you’d expect from Ring. Like Advanced Motion Detection, Privacy Zones, Quick Replies, Live View and Two-Way Talk among other things. So if you’re already a Ring Video Doorbell user, you’re going to love this one.

With the Ring Protect plan, you’ll be able to get even more out of this doorbell. Including video recordings being stored for up to 30 days. Which is a really nice feature to have.

The Ring Battery Doorbell Plus is going to go up for pre-orders starting today. They will start shipping on April 5, 2023. The price is set at $179 and it’s available on Ring and Amazon’s websites. The price might sound steep, but it is the same price as its previous non-Pro doorbells started out at.


[ad_2]
Source link

What ChatGPT can’t do

andreasc
-
0
What ChatGPT can’t do
[ad_1]

ChatGPT is redefining what AI can do, bringing us closer to what we see in the movies. It’s certainly shaken up the tech industry, and we all feel that it’s yet to tap its full potential. However, as powerful as it is, there are things that ChatGPT can’t do.

It has its limitations, and they include things that it’s not powerful enough to do. They also include things that OpenAI intentionally restricts it from doing. If you’re wondering what types of queries you want to avoid putting into ChatGPT, then here’s a useful rundown.

This will showcase things that ChatGPT will tell you that it can’t do as per its programming. Also, it will include things that, while it technically can do, you’ll want to avoid because the technology just isn’t there yet.

What is ChatGPT?

So, let’s start off with what we’re all talking about. ChatGPT was developed by the company called OpenAI. This is the company that brought us DALL-E, the powerful AI image generator.

ChatGPT is a powerful AI chatbot. Think of it as a human being that you can ask questions and get answers at will. Just type in an inquiry like “How do I wash my dog?” or “How long is the Great Wall of China?”, and you’ll get clear and concise answers.

ChatGPT doesn’t stop there, as it can also produce written content. This is where a lot of controversy surrounding this chatbot comes from. You can ask it to write content like stories, essays, articles, poems, scripts, speeches, eulogies, computer code, etc. It has even authored full novels. Of course, we don’t recommend doing that for several ethical reasons, but ChatGPT has the power to do it.

Also, if you want to use this chatbot to just chat, you can do that. ChatGPT can actually emulate a one-on-one human conversation. It will respond to your messages as though there’s another person on the other side. So, if you’re feeling down and there’s no one around to talk to, you can spark up a conversation.

We have a lot of information about ChatGPT that you can check out if you’re curious about it. If you want a general rundown of what it’s all about, you can check out ChatGPT: Everything you Need To Know. We also tell you How To Use ChatGPT and How To Summarize Articles With ChatGPT.

What ChatGPT can’t do

So, ChatGPT is a powerful chatbot. The sky’s the limit, indeed; however, there’s still a limit. It’s important to know what these limitations are before you start your journey.

Sensitive content

There are certain topics that ChatGPT just can’t tackle. This isn’t for a lack of AI prowess. Rather, there are just things that OpenAI stops ChatGPT from answering. Let’s start off with the most obvious ones. If your inquiry has anything to do with sex, you’ll get an error message. ChatGPT cant do 1

So, you’ll want to be careful about what type of questions you ask. You want to avoid having the characters do any sort of explicit action involving sex. One thing to note: if you want your characters to be romantic, you can use the words “romantic encounter”. I didn’t get an error message using those words.

The same thing goes for violence. You’ll want to avoid generating content that deals with murder, fighting, war, etc.

Offensive content

Next on the list, since OpenAI wants to create a chatbot that’s wholesome for everyone, offensive content is prohibited. The chatbot will block generating anything that deals with topics such as racism, homophobia, or anything else you’d get banned on social media for.

Information after 2021

At the time of writing this, ChatGPT’s knowledge is limited to events up until 2021. This means that if you ask for information about anything after that, you’ll get inaccurate information. You most likely won’t get a message stating so.

Instead, the chatbot will use the information in the inquiry and cross-check it with the information that it already knows. We asked it to summarize an article about a speaker from the London-based tech company Nothing. The article had mentions of the, Nothing Ear (1), Nothing Phone (1), and the Nothing Ear (Stick). The thing is that the latter two didn’t exist until sometime in 2022.

So, ChatGPT erroneously made the Nothing Ear (1) the focus of the summary rather than the speaker. Just be certain that whatever you’re asking doesn’t have to do with anything after 2021.

Summarize articles properly

This next thing isn’t something that the company restricts ChatGPT from doing. This is something that it can’t do properly just yet. Of all the things that we tested ChatGPT on, summarizing articles yielded some of the most error-ridden responses.

You have the ability to paste the link to an article and say “Summarize this”. Then, it will give you a short and sweet summary of it. The thing is that you’ll see all sorts of mistakes in the response.

For example, we fed it a review of an article about a 720p projector, but in the response, it said that it was 1080p. I fed it an article about a phone with a 5.7-inch display, and it said that it was 6 inches. There were tons of little inaccurate facts added to the summaries.

What’s interesting about this is the fact that ChatGPT actually adds information not present in the actual article. Circling back to the article about the Nothing Speaker, it said that Nothing was a company started by Carl Pei. However, the article itself didn’t have any mention of Carl Pei. This means that ChatGPT pulled from its database of information.

This could mean that the company is still working on ChatGPT’s ability to do this.

Write a full app

This is something that definitely needs clearing up. When ChatGPT first started gaining notoriety, people discovered that it could actually write code. That’s true; you can ask it something like “Write me code for an app that tells time”.

However, you can not use it to write an entire app. You’ll get an example of code in python that you can insert into your app. Sorry folks, ChatGPT is not going to design your next great app.

Give advice on prescription medication

It seems weird that a person would want to do this, but we need to cover all of our bases. You can get some basic medical advice from ChatGPT like over-the-counter medication recommendations. However, you won’t be able to ask it for suggestions for prescription medication. It will tell you that it can’t do that, and suggest that you talk to a professional.

Hopefully, this didn’t discourage you from using ChatGPT. If you want to try it out, check the link below.

Try out ChatGPT


[ad_2]
Source link

TikTok may get banned (again) through a clever RESTRICT act

andreasc
-
0
TikTok may get banned (again) through a clever RESTRICT act
[ad_1]
Ah, TikTok. The billion-user platform is constantly stirring up drama, but not only on a social media level, but on a political scale as well. Numerous politicians from all around the globe are convinced that the app is dangerous, and as such there are many movements to get the application banned completely. Despite TikTok’s attempts to provide the required transparency or its continuous stance of innocence, the US is still on its trail. This time in the form of a new bill, cleverly titled RESTRICT. As all cool operations or bills, this one is an anagram too. It stands for:

Restricting the Emergence of Security Threats that Risk Information and Communications Technology

The bill has bipartisan support and aims to empower the Commerce Department, instead of the President, to basically ban foreign applications. The clever twist? The bill doesn’t even mention TikTok specifically.


The bill is about to be put into consideration to become a valid US law. If that were to become true, it would effectively create a brand new federal network. Its sole purpose would be to evaluate and — if necessary — punish foreign companies, which have been determined as “high risk”.Or, to simplify: this bill won’t target a specific app, but a given type of apps. It would offer not only instant results, but also aims to be future-proof in the form of continuous protection. And that would happen through a bestowed authority to compel Google and Apple to remove the app from their respective app stores.

While TikTok hasn’t commented on this specific occurrence, the company’s stance hasn’t really changed throughout the numerous challenges it has had to face. The platform is trying to stay afloat through compliance and transparency, which deserves merit, so it will be interesting to see how all things will play out in the end.


[ad_2]
Source link

Snapchat Vulnerability Allowed Deleting Users’ Spotlight Content

andreasc
-
0
Snapchat Vulnerability Allowed Deleting Users’ Spotlight Content
[ad_1]

A researcher highlighted a vulnerability in Snapchat that could allow a remote attacker to delete a target user’s Spotlight content. Snapchat patched the flaw following the bug report, rewarding the researcher with a hefty bounty.

Snapchat Vulnerability Deleting Content Spotlight

According to a bug report from Sahil Saxena, a severe vulnerability risked the security of Snapchat users’ Spotlight content. Saxena noticed that he could delete any target user’s Spotlight video remotely without requiring the user’s account credentials.

Spotlight is an attractive video feature that Snapchat offers for its content creators to maximize viewability. This feature also facilitates the creators in generating money, which means any vulnerabilities affecting it could also indirectly impact their income.

As described, the researcher observed the issue when intercepting Snapchat posts and attempting to delete a post. He noticed the issue with a specific parameter ID in the post delete request, which he could change to delete any other user’s Spotlight content.

Explaining the PoC, he stated,

In delete request there is parameter of id {"operationName":"DeleteStorySnaps","variables":{"ids":["███████"],"storyType":"SPOTLIGHT_STORY"},"query":"mutation DeleteStorySnaps($ids: [String!]!, $storyType: StoryType!) {\n deleteStorySnaps(ids: $ids, storyType: $storyType)\n}\n"}
You just have to change this id parameter. You can easily get the id parameter. Now forward the request after replacing id with someone’s else video id.

Alongside a privacy breach and damage to the victim’s content, such an exploit could also impact the user financially. That’s because deleted Spotlight content becomes ineligible for Snapchat’s crystal awards – the platform’s payment mode.

Snapchat Fixed The Bug

After discovering this vulnerability, the researcher reported the matter to Snapchat via their HackerOne bug bounty program. The platform officials triaged the bug promptly, assuring an internal review.

Then, within less than a week, Snapchat confirmed patching the vulnerability, which the researcher also tested and confirmed. He validated the fix, which returned an error upon trying to change the parameter ID and sending a request.

After holding the vulnerability report for some time to ensure further fixes, Snapchat has recently disclosed the bug report to the public.

Besides patching the vulnerability, Snapchat rewarded the researcher with a hefty $15,000 bounty.

Let us know your thoughts in the comments.


[ad_2]
Source link

Important piece of OnePlus 11 Concept may be used in a future product

andreasc
-
0
Important piece of OnePlus 11 Concept may be used in a future product
[ad_1]

A rather important piece of the OnePlus 11 Concept may be used in a future product. We are talking about the phone’s liquid cooling which was basically the main attraction when it comes to that concept phone.

An important piece of the OnePlus 11 Concept may be used in a future product

Max Jambor, a well-known tipster, kind of suggested OnePlus may implement that cooling into a product you’ll be able to buy. He did not flat-out confirm it, but said the following: “What if I told you OnePlus plans on bringing the liquid cooling from OnePlus 11 Concept into a real purchasable device?”

Needless to say, this kind of points in that direction. That phone includes the so-called ‘Active CryoFlux’ tech. That liquid cooling system can keep the phone cooler during gaming, charging, and so on.

OnePlus also included a semi-transparent back on the OnePlus 11 Concept. That way, you can actually see that cooling liquid and tubes on the back. That made the phone look really nice, and attracted quite a few eyes.

If OnePlus ends up doing it, we do hope it’ll be a similar implementation, with a see-through back

If OnePlus does end up including this cooling in an actual product, it would be nice if it went about it the say way as it did here. In other words, it would be nice to have such a nice visual representation on the back.

Now, don’t get your hopes up. Max may be right, and OnePlus may be planning to do it. That doesn’t mean it’s actually going to happen. Even if it does, the product OnePlus announces probably won’t be as flashy as the OnePlus 11 Concept, but we’ll see.

The company is expected to announce a number of phones this year still. Its first foldable smartphone is coming, and the same goes for the OnePlus Nord 3, and the OnePlus 11T, to name a few.

It remains to be seen if ‘Active CryoFlux’ cooling will be included in one of the phones this year. Or, perhaps that may be a plan for a device down the line.


[ad_2]
Source link

iPhone 15 image with solid-state buttons appears, but it may be fake

andreasc
-
0
iPhone 15 image with solid-state buttons appears, but it may be fake
[ad_1]

As many of you know, the iPhone 15 Pro and iPhone 15 Pro Max are rumored to use solid-state buttons. Well, something interesting just surfaced. An alleged iPhone 15 frame appeared, with solid-state buttons on the side.

The alleged iPhone 15 frame shown with solid-state buttons on the side

This image appeared on Twitter (shown below), and was shared by ‘fix Apple’. Having said that, this image could be fake. Why? Well, first and foremost, the frame shown here has a matte finish. That may not seem odd to you at first, but hear me out.

iPhone 15 solid state buttons

Apple tends to use a glossy finish on the ‘Pro’ iPhone series. Those phones usually feature glossy stainless steel. That leads us to believe this is either the regular iPhone 15 frame, or a frame that doesn’t belong to an iPhone at all.

The base iPhone 15 and iPhone 15 Plus models are not expected to utilize solid-state buttons. On the flip side, the rumors may have been wrong, and Apple may go all in after all. There are a lot of possibilities here.

Apple may actually use titanium in the ‘Pro’ iPhone 15 series

One more thing is worth noting. Apple is also rumored to switch from stainless steel to a titanium frame on the ‘Pro’ models. We’re not sure that will be happening, but it’s worth noting. The company may even change the coating to a matte finish on the ‘Pro’ models.

As I said, things are very complicated at the moment, as the company could go either way. There are a lot of rumors circulating around, but one thing does seem certain, at least the ‘Pro’ iPhone models will include solid-state buttons.

All iPhone 15 units, base and ‘Pro’ ones, will feature a Dynamic Island this time around. The same goes for a Type-C port, as they will be the first iPhones to feature such a port. Apple may limit it, however.


[ad_2]
Source link

Musk finds another way to get Twitter users to pay $8 per month for a premium subscription

andreasc
-
0
Musk finds another way to get Twitter users to pay $8 per month for a premium subscription
[ad_1]

Two-factor authentication (2FA) is considered a more secure way to sign into an app or website. It requires that two layers of information be presented. Typically, after punching in a username and password the user receives a code on his phone via Text/SMS that he enters into the app or site to gain entry. Considering that most people carry their phones with them wherever they go, this is probably one of the easiest ways to implement 2FA although it might not be the most secure.

Twitter has released a blog post about 2FA that says “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.”
What this means is that Twitter users who are not Twitter Blue subscribers have until March 20th to subscribe to Twitter Blue, or disable their Text/SMS 2FA. If you don’t sign up to Twitter Blue before that date, your Text/SMS 2FA will be automatically disabled. Twitter warns that disabling 2FA will not disassociate your phone number from your Twitter account.
If you want to keep SMS 2FA on Twitter after March 20th, you'll need to subscribe to Twitter Blue - Musk finds another way to get Twitter users to pay $8 per month for a premium subscription

If you want to keep SMS 2FA on Twitter after March 20th, you’ll need to subscribe to Twitter Blue

Twitter adds that “We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.”

Subscribing to Twitter Blue will cost you $8 per month ($84 for a year) and besides getting to use Text/SMS 2FA, you can enjoy features like Edit Tweet. The latter gives you a 30-minute window to make limited changes to a tweet that you’ve posted. Another feature available to subscribers is an increase in the maximum number of characters allowed in a tweet from 280 to 4,000. Another feature will give prioritization to replies that you send to tweets that you’ve interacted with.

Other perks for Blue members include the Reader feature that makes long tweets look better, and one that allows members to upload longer video content of up to 60 minutes in length (no more than 2GB in size). And with Top Articles, you get to see the most shared articles from Twitter users you follow.

Twitter owner Elon Musk is looking to get more Twitter users to shell out the Twitter Blue subscription fees although charging for Text/SMS 2FA might not generate a rush of users looking to sign up for the premium service.

[ad_2]
Source link

Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary

andreasc
-
0
Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary
[ad_1]

The hacker behind the HDFC Bank subsidiary breach was also behind the Acer Inc. data breach that took place a couple of days ago.

A hacker using the alias Kernelware has leaked 7.5 GB of customer data belonging to HDB Financial Services, a subsidiary of India’s largest private bank, HDFC Bank.

It is worth noting that Kernelware is the same hacker who breached Acer Inc. and leaked 160 GB worth of data on a hacker forum just a few days ago. Acer has now confirmed the breach.

As for the HDFC’s breach, the data was posted on the hacker forum ‘Breached forum’ and contains over 72 million entries. For your information, Breachforums is an infamous forum that surfaced as an alternative to the popular and now-seized Raidforums.

Leaked Data

As analysed by Hackread.com, the leaked data includes personal information such as full names, dates of birth, phone numbers, and email addresses. It also contains employment information, loan details, transaction methods, processing fees, bank names and branches, credit scores, and Experian scores.

Hackers Leak 73M Records from Indian HDFC Bank Subsidiary
Analysis of the leaked records shows personal details of loan seekers have been leaked online (Image credit: Hackread.com)

Other data leaked include dealer names, transaction logs, margin money logs, general asset logs, LOS IDs, loyalty card numbers, employee codes, and other miscellaneous information. The leak has raised concerns about data privacy and the need for stronger security measures to protect sensitive customer information.

While HDFC Bank denies any data leak from their end, analysis reveals that the data belongs to HDB Financial Services, and the leaked data was of HDB’s consumers who had applied for loans between May 2022 and February 2023.

Hackers Leak 73M Records from Indian HDFC Bank Subsidiary
This is what the hacker had to say about the breach (Image credit: Hackread.com)

HDB Financial has confirmed the company experienced a cybersecurity-related incident and investigations are underway. The Indian Computer Emergency Response Team (CERT-IN) is also aware of the issue.

The leak of such a large amount of sensitive customer data has raised concerns about data privacy and cybersecurity. The incident highlights the importance of robust security measures to prevent unauthorized access to customer data. Companies need to take steps to secure their systems and ensure the safety of customer information.

The latest data breach comes just weeks after the RailYatri hack, in which the personal details of over 31 million travellers were leaked online.

  1. Hackers selling 13TB of Domino’s India data
  2. Hackers leak millions of Airtel India user data
  3. Hackers leak 9 million Indian job seekers’ data
  4. Hacker claims to steal 8.2TB of MobiKwik data
  5. India’s COVID-19 surveillance tool leaked user data

[ad_2]
Source link

Vivo X Flip details appear, new clamshell foldable coming

andreasc
-
0
Vivo X Flip details appear, new clamshell foldable coming
[ad_1]

Some Vivo X Flip details have just surfaced. As you have probably noticed from the name itself, this is a clamshell foldable. Once it launches, it will become Vivo’s very first clamshell foldable smartphone, actually.

The Vivo X Flip spec details have just surfaced

The ‘Flip’ branding has kind of become a synonym for clamshell foldable phones. Samsung has been using it for years, and OPPO adopted it with the OPPO Find N2 Flip. Those two companies arguably have the most prominent flip phones on the market at the moment.

In any case, the Vivo X Flip did surface in the past, but we haven’t heard much about it for a while now. Well, a well-known tipster, Digital Chat Station, just shared some details about the device.

The tipster says that the phone will be fueled by the Snapdragon 8+ Gen 1 SoC. That is not Qualcomm’s most powerful offering at the moment, but it’s still an impressive processor with great power consumption. It’s a good choice for sure.

A large main foldable display will be included, and offer a 120Hz refresh rate

The phone will include a 6.8-inch fullHD+ main foldable display, with a centered display camera hole. That panel will offer a 120Hz refresh rate, by the way. The cover panel will be a square, but the tipster did not share the details regarding it.

Vivo X Flip sketch and mockup
Older Vivo X Flip mockup.

Vivo will include 12GB of RAM on the inside, while a 4,400mAh battery will sit on the inside of the phone. 44W wired charging will be supported, while wireless charging probably won’t be on offer.

The phone will feature two cameras on the back

A 50-megapixel main camera (Sony’s IMX866 sensor) will be included on the back, along with a 12-megapixel secondary camera (Sony’s IMX663 sensor). He also mentioned that a side-facing fingerprint scanner will be in use, and that a rear camera island will sit in the top-left corner. It will be circular, by the way.

This phone is expected to launch in China next month, but Vivo didn’t confirm it just yet.


[ad_2]
Source link
1...1,4031,4041,405...1,475Page 1,404 of 1,475