The ultimate SEO guide for small businesses in 2024: Boost your online presence

andreasc
-
0
The ultimate SEO guide for small businesses in 2024: Boost your online presence
[ad_1]

Small businesses more than anyone need to be online if they hope to stay competitive in a digital world – they need good search engine optimisation (SEO) practices, like yesterday. In fact, since most customers today are using search engines like Google to discover and buy things on the web, a powerful SEO or web advertising strategy is regularly significant. SEO boosts rankings, keywords, organic traffic, and user experience for better online visibility. So, yes, small businesses need SEO for improving page-rank, organic traffic, and providing a unique user experience.

Year 2024: SEO is on the upward climb with novel trends and technologies. These notable trends include the surge of artificial intelligence (AI) and machine learning in search algorithms, amplified focus on user experience (UX) and core web vitals, the increasing importance of mobile-first indexing, and the incorporation of voice search optimization. If you used to focus on keywords, it is also time you have to focus more on video content, how to solve the user’s problem, and also on structured data.

SEO Basics – Knowing SEO is Search Engine Optimization is optimising a website to get better rankings in SERPs. And a lot of focus is given on keyword research, content optimization, technical SEO, and link building to drive organic search engine traffic.

How Search Engines Work

Google and other search engines use an algorithmic process to crawl the vast information on the web to index key indicators of quality and relevance. Crawlers – These are bots which reads sites for confine, association and metadata. That raw data is indexed, and an algorithm factors in hundreds of other elements, like keyword usage, user experience, and backlinks, to determine what pages rank where on SERPs.

Key SEO Terminology

Keywords: The words or phrases users type in search engines to find related information.

Backlinks: A link from another website to your own, indicating to Google that your site is about a topic (keyword) or two, and is trustworthy.

SERP: The page displayed by search engines, including text content, paid results, ads, images, and more, in response to a query.

Meta Tags: HTML tags within the content that communicate details regarding your webpage, such as title tags and meta descriptions.

Bounce Rate: % of Visitors Who Enter Your Website and Leave After Only Viewing One Page.

Organic Traffic: This is a visitor who will come to your landscape without any payment.

Keyword Research

Keywords are the cornerstone of SEO because they give search engines insights into what the content on your website is about and then potentially match it up with query intent. Keyword research helps you understand popular search terms and phrases that your target audience uses, so that you can optimize your content and maximize the likelihood of your content appearing high in search engine results pages.

Tools for Keyword Research

1. Google Keyword Planner

Google Keyword Planner: It is a free tool that helps to show keyword ideas and traffic estimations. It aids businesses with certain keywords and establishes the number of search volumes and competition too.

2. SEMrush

FULL SEARCH ENGINE OPTIMIZATION AND AUDIT TOOL BOX BY SEMrush- SEMrush is a complete SEO platform with various tools for work like keyword research, competitor research, etc. The tool also gives a lot of keyword data, such as search volume, keyword difficulty, and other related keywords.

3. Ahrefs

Ahrefs is an integrated marketing analysis toolset having features like URL Rating, Site Explorer, and Keyword Explorer. Their basic keyword tool gives you lots of keyword data, search volume, K.D., CTR.

Long-tail vs. Short-tail Keywords

Short-tail Keywords: This type of keywords are broad keywords with a single term or 2 terms (e.g., Shoes). They have high search volume but have very high competition.

Long-tail Keywords: Words that are more targeted and often three words or longer (e.g., best running shoes for women). While these are less competitive, they are also less searched, so may not generate lots of traffic, but it is higher quality.

Analyzing Keyword Competition

To assess keyword competition, you need to consider how hard it would be to rank for certain keywords. SEMrush and Ahrefs, both tools give keyword difficulty scores showing how competitive a keyword is. Targeting low to medium competition keywords can help you to rank higher and get more organic traffic.

On-Page SEO

Optimizing Title Tags and Meta Descriptions

Title and meta description are important to cover in on-page SEO work. A unique, keyword-focused, and brief title tag for the landing page. The description under a snippet that shows up in SERPs is the meta description; its purpose is to highlight who we are and what we do, so it should encourage people to click. These two are a must for all pages.

Content Optimization

1. Quality and Relevance

Good, quality, most directly-related content is remarkable for SEO. Content needs to be useful, informative, fresh, to the point, readable, give them what they are looking for, and needs to be backed by research. Do not repeat – quality, targeted copywriting aimed for information-filled, natural, original content.

2. Keyword Density and Placement

Incorporate keywords into your content in a natural way, in your headings, subheadings, and in the first 100 words. Do not over-optimize a keyword density of 1-2%.

3. Use of Headings (H1, H2, H3)

Help organize your content and also help search engines better understand your article. Use H1 for your main title, H2 for subheadings, and further subdivisions as H3. Headings should include keywords where appropriate.

Image Optimization

1. Alt Text

Alt text for image content allows search engines to index them. ALT text on the other hand should be simple, descriptive, and include a few relevant keywords.

2. File Names and Sizes

These descriptive file names will load small size images quickly on pages. Optimize images to improve performance while retaining quality.

URL Structure

Clean URLs separate words with hyphens, make your URLs short, and include keywords relevant to certain pages. Don’t include special characters and strip unnecessary parameters.

E. Internal Linking Strategies

Internal links work by linking different pages reasonably accomplished in your site, thus providing search engines with an understanding of hierarchy and structure. Link to the relevant pages with descriptive anchor text to make the user experience better and your SEO better.

Technical SEO

Website Speed and Performance

Website speed is very important in SEO. Websites that take forever to load can alienate visitors and lower your rankings. Identify how your Shopify website is performing and fix it using tools like Google PageSpeed Insights. So, speed up images of your site and use browser cache or minimize JS and CSS.

Mobile-Friendliness

Since most searches occur on mobile devices, you need a responsive website. Responsive – Make your site react to any screen size. In the SEO space, we have another tool like: Google Mobile-Friendly Test – to see if your website is smartphone ready. SSL (Secure Sockets Layer) SSL certificates makes the connection https between the user’s browser and your website, and data encryption. SSL certificate is also important factor in the ranking of Google, and it allow the user to ensure trust. Your site must be on HTTPS, not HTTP.

XML Sitemaps and Robots.txt

It makes search engine bots quickly index your site. Get Google and more search engines to see your XML sitemap. Use the robots. Add a txt file to assist the search engines on what to crawl and what not to. Schema. org Structured Data Markup By using structured data markup you are able to wrap your content in a way that will allow search engines to have a better understanding about what your page is and enhance the visibility of your organic results in SERPs. Use Schema. on org tags to enable search engines to understand that your page contains such things as product and review info, ratings, event info, etc.

Local SEO

Importance of Local SEO for Small Businesses

Local SEO is especially important for Small Business SEO because there are many businesses that only serve certain local geographic areas. Localizing your strategy means that your business will rank higher in local search results, which can help drive customers to your brick-and-mortar location.

Google My Business Optimization

Claim Your Google My Business Listing & Optimize. Keep your business details current. This means your address, phone number, hours of operation, and URL. Upload photos, reply to reviews, post GMB!

Local Citations and Directories

Have your business listed in local directories and citation sites similar to Yelp, Yellow Pages, and industry-specific directories. Consistent NAP (Name, Address, Phone number) information makes a huge change in local SEO.

Online Reviews and Ratings

Customer critiques would be an excellent choice, especially on sites like Google, Yelp, and in industry-specific sites. Reply immediately and professionally to reviews for developing trust with clients and for improving your online reputation.

Local Content Creation

Design content that is location specific. This may involve writing blog posts about what is going on in town, the news, and the type of community events that the business is involved in. Look for local content to share to connect with your audience and improve local search rankings.

Off-Page SEO

Backlink Building

High-quality Backlinks from an authority site are worth more than dozens of low-quality links. Get very serious about building relationships with high-powered sites in your industry.

Social Media Integration

Helps in increasing website traffic and branding being the benefit. For a website, using social media boosts SEO and more. Post your content on social media and interact with your viewers on those platforms too, to help take it that extra step further and get people to want to share your content and boost your online reputation.

Content Strategy

Content Calendar and Planning

A content calendar is a way for you to arrange your content creation. It helps you to keep a regular posting schedule and aligns your efforts according to your content goals. Create content based on big dates, events, or seasonal trends that your audience will be interested in.

Blogging Best Practices

This is why blogging is so great for traffic generation and SEO. Use methods like wrenching compelling headlines, streamlining your keywords organically, as well as interspersing both electronic and exterior backlinks.

Analytics and Monitoring

Setting Up Google Analytics

Leverage this data to find areas where you can improve and gauge your SEO effectiveness.

Key Metrics to Track

1. Organic Traffic

Organic traffic includes the visitors who reach your site by clicking search results that require no payment. Organic Traffic – This helps to measure if your SEO efforts are working or not.

2. Bounce Rate

Bounce rates are the indicators of user experience and relevant content.

SEO Audit Tools

1. Screaming Frog

Screaming Frog is a web crawler tool to discover technical SEO problems. It shows precise information about broken links, duplicate content, and such on-page SEO factors.

2. Moz Pro

Moz Pro comes with various SEO tools, such as site audits, keyword research, backlink analysis, etc.

Staying Updated with SEO Changes

Following Industry Blogs and News

SEO is always evolving, so staying updated with changes and current trends is important. Additional tip: read industry blogs (e.g., Moz, Search Engine Land, Google Webmaster Blog) regularly.

Participating in SEO Communities

Part of your SEO work as a professional also extends to the community. Reddit SEO Community, Moz Q&A, and SEO Facebook Groups are certainly good places to learn and network.

Attending SEO Conferences and Webinars

SEO conferences and webinars are effective at learning from the experts in the industry and keeping up with new trends. SMX, MozCon, Pubcon: All deliver awesome information and networking opportunities. SEO Is A Process Of Reinvention SEO is not a set-and-forget activity. Experiment and don’t be scared to pivot in response to data and feedback. SEO: Learn Faster Than Your Competitors By Investing In Knowledge.

To Wrap Up

From SEO Basics, Keyword Research, On-Page search engine optimization & Technical SEO, Link Building, Local SEO, Content Strategy, Analytics, Reporting & Monitoring – we spoke greater about key SEO problems for small businesses in 2024. You can improve your business presence and grow online business as per the following SEO Strategies.   Follow the suggestions and techniques in this guide to get started and continue to refine your efforts for long-term success. SEO is not a fast or easy process; you need to be dedicated and continually learn. Keep up with new industry techniques, try new strategies, and aim for high-performance audiences. This can help maintain a reputable online profile for your small business.


[ad_2]
Source link

23andMe data breach under joint investigation in two countries

andreasc
-
0
23andMe data breach under joint investigation in two countries
[ad_1]

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023.

On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals had “obtained information from certain accounts, including information about users’ DNA Relatives profiles.”

Later, an investigation by 23andMe showed that an attacker was able to directly access the accounts of roughly 0.1% of 23andMe’s users, which is about 14,000 of its 14 million customers. The attacker accessed the accounts using credential stuffing which is where someone tries existing username and password combinations to see if they can log in to a service. These combinations are usually stolen from another breach and then put up for sale on the dark web. Because people often reuse passwords across accounts, cybercriminals buy those combinations and then use them to login on other services and platforms.

For a subset of these accounts, the stolen data contained health-related information based on the user’s genetics.

The finding that most data was accessed through credential stuffing led to 23andMe sending a letter to legal representatives of victims blaming the victims themselves.

Privacy Commissioner of Canada Philippe Dufresne and UK Information Commissioner John Edwards say they will investigate the 23andMe breach jointly, leveraging the combined resources and expertise of their two offices.

The privacy watchdogs are going to investigate:

  • the scope of information that was exposed by the breach and potential harms to affected individuals;
  • whether 23andMe had adequate safeguards to protect the highly sensitive information within its control; and
  • whether the company provided adequate notification about the breach to the two regulators and affected individuals as required under Canadian and UK privacy and data protection laws.               

The joint investigation will be conducted in accordance with the Memorandum of Understanding between the ICO and OPC.

Scan for your exposed personal data

You can check what personal information of yours has been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report. If your data was part of the 23andMe breach, we’ll let you know.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.


[ad_2]
Source link

Galaxy Z Fold 6 to introduce sketch-to-drawing AI feature

andreasc
-
0
Galaxy Z Fold 6 to introduce sketch-to-drawing AI feature
[ad_1]

Samsung will add more AI features to its Galaxy AI suite next month. The features will be part of One UI 6.1.1 for the Galaxy Z Fold 6 and Galaxy Z Flip 6, though the company will roll out most of them to older models. While it hasn’t named anything yet, a reliable tipster has now revealed one of the new features in the pipeline. The new Fold can develop a rough sketch into a proper drawing with the help of text prompts.

Galaxy Z Fold 6 will introduce new AI features

Samsung’s One UI 6.1 for the Galaxy S24 series set a new trend in the smartphone industry. Based on Android 14, the new One UI version introduced Galaxy AI, a suite of on-device and cloud-based AI features for Galaxy devices. The company baked AI features into the camera, image editor, notes, messages, calls, and various other apps and services. It has since rolled out Galaxy AI to many older flagships, including foldables.

In the meantime, AI features have quickly become a norm in smartphones. Apple recently jumped on the bandwagon, announcing Apple Intelligence at WWDC 2024. The iPhone maker demoed many new features at the ongoing developers’ conference, including an impressive tool called Image Wand. It uses text prompts, sketches, or both to create a suitable image for your work presentation or architectural project.

Samsung is seemingly working on a similar tool, and it may debut before Apple rolls out Image Wand to iPads (scheduled to come with iPadOS 18 later this year). Noted tipster Ice Universe, who uncovered this upcoming Galaxy AI tool, is confident that Samsung will beat Apple to the party. The source said it will be available on the Galaxy Z Fold 6, but the new AI feature should make its way into more Galaxy flagships with One UI 6.1.1.

This feature may not reach all older flagships

Not all devices getting the new One UI update will get this feature though. Samsung will probably limit it to recent Fold-series foldables, flagship tablets, and Galaxy S Ultra models that support S Pen input. One UI 6.1.1 may not reach mid-range devices. even if it does, don’t expect any AI features to be part of the update. We should get a clearer picture closer to the Galaxy Unpacked event next month. The upcoming Unpacked will reportedly take place on July 10 in Paris, France. It will also bring new smartwatches, TWS earbuds, and the Galaxy Ring.


[ad_2]
Source link

YouTube starts testing AI summarizer on Shorts (mobile only)

andreasc
-
0
YouTube starts testing AI summarizer on Shorts (mobile only)
[ad_1]

YouTube announced it is now testing the AI summarizer launched last year on long-form video with Shorts. The feature uses AI to organize large comment sections on English-language Shorts into more palatable themes.

The AI summarizer is available on mobile, so if you’re in the experiment group, you’ll soon see a new option to sort by “Topics” on some Shorts when reading comments on your phone.

The new feature should help creators use comment summaries to jump into comment discussions on their video or create new content based on what their audiences are discussing.

Creators also have the ability to remove individual comments that show up under the specific topic. According to YouTube, the AI-generated “Topics” are pulled from published comments only and can’t be created from comments that are held for review, contain blocked words, or are from blocked users.

Announced over the weekend, the feature is rolling out on the YouTube mobile app to a small number of viewers on a small number of Shorts with large comment section. This means that even if you have access to AI summarizer, you might not see the feature available on all Shorts.

[ad_2]
Source link

Chinese Hackers using New Noodle RAT to Attack Linux Servers

andreasc
-
0
Chinese Hackers using New Noodle RAT to Attack Linux Servers
[ad_1]

Cybersecurity experts have identified a new type of malware called “Noodle RAT,” which Chinese-speaking hacker groups use to target Linux servers.

Although this malware has been active since 2016, it has only recently been properly classified, shedding light on its extensive use in both espionage and cybercrime.

The Emergence of Noodle RAT

Noodle RAT, also known as ANGRYREBEL or Nood RAT, is a backdoor malware with versions for both Windows (Win.NOODLERAT) and Linux (Linux.NOODLERAT).

According to the TrendMicro blog, Despite its long history, it was often misclassified as variants of other malware such as Gh0st RAT or Rekoobe.

However, recent investigations have confirmed that Noodle RAT is a distinct malware family.

Noodle RAT Timeline
Noodle RAT Timeline

The timeline of Noodle RAT’s development and deployment is as follows:

  • July 2016: v1.0.0 for Win.NOODLERAT compiled.
  • December 2016: v1.0.1 for Linux.NOODLERAT compiled.
  • April 2017: v1.0.1 for Linux.NOODLERAT updated.

Multiple reports have documented attacks involving Noodle RAT since 2018, but it was often misidentified as other malware families.

Analyze any MaliciousURL, Files & Emails & Configuration With ANY RUN Start your Analysis

Notably, espionage campaigns using Noodle RAT have targeted countries such as Thailand, India, Japan, Malaysia, and Taiwan since 2020.

Technical Details of Noodle RAT

Win.NOODLERAT

Win.NOODLERAT is a shellcode-formed in-memory modular backdoor. Groups like Iron Tiger and Calypso APT have used it. Its capabilities include:

  • Downloading and uploading files
  • Running additional in-memory modules
  • Working as a TCP proxy
Relations of Win.NOODLERAT with threat groups
Relations of Win.NOODLERAT with threat groups

The malware uses loaders like MULTIDROP and MICROLOAD for installation and employs complex encryption algorithms for C&C communication.

Linux.NOODLERAT

Linux.NOODLERAT, an ELF version of Noodle RAT, has been used by groups such as Rocke (Iron Cybercrime Group) and the Cloud Snooper Campaign. Its capabilities include:

  • Reverse shell
  • Downloading and uploading files
  • Scheduling execution
  • SOCKS tunnelling
Observed execution flow of Linux.NOODLERAT
Observed execution flow of Linux.NOODLERAT

The malware is typically deployed as an additional payload of an exploit against public-facing applications and uses sophisticated encryption algorithms for C&C communication.

Backdoor Commands

Both Win.NOODLERAT and Linux.NOODLERAT implements various backdoor commands. The following table summarizes some of these commands:

ActionsType 0x03A2 (Win)Type 0x132A (Win)Type 0x03A2 (Linux)Type 0x23F8 (Linux)
Successfully authorized0x03A20x132A0x03A20x23F8
Upload a file to C&C server0x390A0x590A0x30x3
List directories recursively0x390A0x590A0x30x3
Download a file from C&C server0x390A0x590A0x30x3
Initiate reverse shell sessionN/AN/A0x10x1

Similarities with Other Malware

Noodle RAT shares some similarities with Gh0st RAT and Rekoobe, but it is distinct enough to be classified as a new malware family.

Algorithm comparison between Gh0st RAT variants and Noodle RAT
Algorithm comparison between Gh0st RAT variants and Noodle RAT

For instance, while it uses some plugins from Gh0st RAT, the core backdoor code is different. Similarly, Linux.NOODLERAT shares some code with Rekoobe v2018, but the rest of its code is unique.

Recent findings have revealed control panels and builders for Noodle RAT, indicating a sophisticated malware ecosystem.

The control panel for Linux.NOODLERAT, named “NoodLinux v1.0.1,” supports TCP and HTTP for C&C protocol and requires a password to open.

Builders for Linux.NOODLERAT, versions v1.0.1 and v1.0.2, help create custom configurations for the malware.

Control panel of Linux.NOODLERAT v1.0.1
Control panel of Linux.NOODLERAT v1.0.1

Noodle RAT has been misclassified and underrated for years.

This new understanding of its capabilities and usage highlights the need for vigilance in cybersecurity, especially for Linux/Unix systems.

As exploitation against public-facing applications increases, Noodle RAT remains a potent tool for threat actors, making it essential for cybersecurity professionals to stay informed and prepared.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo


[ad_2]
Source link

Galaxy Z Fold 6 & Flip 6 colors confirmed by reliable tipster

andreasc
-
0
Galaxy Z Fold 6 & Flip 6 colors confirmed by reliable tipster
[ad_1]

Back in March, Ross Young, a well-known display analyst, revealed the Galaxy Z Fold 6 and Galaxy Z Flip 6 colors that will be on offer. Well, Evan Blass has just reconfirmed those color options via X. He also added some additional info.

The Galaxy Z Fold 6 & Flip 6 colors have been confirmed yet again, by another reliable tipster

When it comes to the Galaxy Z Fold 6, the phone is coming in Navy, Pink, and Silver Shadow colors. The Galaxy Z Flip 6 will launch in Blue, Mint, Silver Shadow, and Yellow colors.

The tipster also mentioned that both models will be offered online in “white and crafted black” colors. The Galaxy Z Flip 6 will also be on offer in a ‘peach’ color online, by the way.

Now, we don’t know if all of these will be official names for the color options. Ross Young did mention the ‘light blue’ color, while Evan Blass simply says ‘blue’ for the Galaxy Z Flip 6. We’re not sure which one is accurate.

The colors with special names such as ‘Silver Shadow’ and ‘Navy’, are probably set in stone, though. Chances are that Evan Blass is entirely accurate here, just keep in mind some color options could have different official names.

Samsung is allegedly planning its second ‘Unpacked’ event of the year for July 10

As many of you already know, both of these smartphones are expected to arrive next month. Samsung is rumored to host an event on July 10 in Paris, even though nothing has been confirmed just yet.

These two foldables are not the only devices that will launch during that press event, though. The Galaxy Ring is also expected, the company’s very first smart ring. Two new smartwatches are coming, and possibly even a set of earbuds.

It will be a packed event either way you slice it. The Galaxy Ring could even take the spotlight, as the Galaxy Z Fold 6 and Flip 6 won’t be much different compared to current-gen models.


[ad_2]
Source link

Galaxy S23 gets June update in the US, May patch in Europe

andreasc
-
0
Galaxy S23 gets June update in the US, May patch in Europe
[ad_1]

Yesterday, Samsung released the June security patch for the Galaxy S24 series in the US and South Korea. The same update is now available for the Galaxy S23 series. The update is currently rolling out to the carrier-locked units in the US but should go global soon. The European Galaxy S23 Ultra, meanwhile, is picking up the new firmware build with the May security patch.

The new Galaxy S23 update doesn’t bring the June security patch everywhere

Last month, Samsung rolled out two updates to the Galaxy S24 Ultra and Galaxy S23 Ultra in some markets. The first update was a regular May security patch while the second brought fixes for a video rattling issue and battery optimizations. The company didn’t push the second build globally. We expected it to bundle those fixes with the June patch in other markets.

The June update for the Galaxy S24 series did come with the same build version as the second May release. However, the US models don’t seem to have picked up anything more than the latest security patch. The Korean models, meanwhile, received additional fixes. It is unclear why Samsung didn’t push the same changes globally. Perhaps the issues don’t exist in the US units.

Now, Samsung is rolling out the June security update to the Galaxy S23 series in the US, and—you guessed it right—it’s the same build version. The new update is available for carrier-locked units with the build number S91*USQS3CXE3. The official changelog confirms that the update is all about this month’s security fixes. There aren’t any additional changes in tow.

Surprisingly, the Galaxy S23 Ultra is picking up this firmware build (S918BXXU5CXE3) with the May security patch. It is essentially the second May update we discussed above. Since the June SMR (Security Maintenance Release) is already available, it’s unclear why Samsung didn’t bundle it. The device should pick up another update with the June patch in the coming days.

This month’s security patch for Galaxy devices addresses 59 vulnerabilities

Samsung’s June SMR for Galaxy devices contains fixes for 59 security issues. These include 37 Android OS vulnerabilities and 22 Galaxy-specific security flaws. At least one of these is confirmed to be a critical flaw. The Korean firm will soon push the new SMR to more eligible Galaxy models, including foldables. You can check for updates from the Settings > Software update > Download and install menu on your Galaxy device.


[ad_2]
Source link

Google Drive introduces automatic digest emails so you stay on top of files and activity

andreasc
-
0
Google Drive introduces automatic digest emails so you stay on top of files and activity
[ad_1]
Google Drive is a great place to store your files, and it’s now getting a useful new feature that will make sure you’re not missing anything important. Google has now announced a drive digest feature, an option that will send you emails about activity in the app.

Google Drive will be emailing you digests of activity on the app to help you stay on track. Unfortunately, it will email you only if you’ve been inactive on the service for seven days, and also if you have shared files that haven’t been viewed yet. So you can’t benefit from it to get weekly or daily digests if you’re active on the app. The email will contain a small report that will show the unviewed files, and will also have a link that will allow you to “see more activity”.

You can, of course, disable this feature if you happen to find it annoying. You can disable it from Google Drive’s Settings. Tap on Notifications and then deselect the “Get summaries about recent files shared with you via Drive digest” option. The feature has already started rolling out, but Google mentions it will be a slow roll-out, so don’t be concerned if you haven’t gotten it yet. The feature will be available to all Google Workspace customers.

Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master’s degree holder, enjoys reading, painting, and learning languages. She’s also a personal growth advocate, believing in the power of experience and gratitude. Whether it’s walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.


[ad_2]
Source link

Arm Warns Of Mali GPU Kernel Driver Flaws Exploited In The Wild

andreasc
-
0
Arm Warns Of Mali GPU Kernel Driver Flaws Exploited In The Wild
[ad_1]

The Mali GPU driver is a widely used Graphical Processing Unit for multiple devices, including Android and Linux.

A new vulnerability has been discovered in the Mali GPU Kernel driver. It allows an authenticated, low-privileged user to gain access to freed memory. 

The CVE for this vulnerability has been assigned to CVE-2024-4610, and the severity has yet to be categorized.

However, Arm has patched this vulnerability, but there are reports that threat actors are exploiting it in the wild. Arm advises its users to upgrade their Mali GPU drivers to the latest versions.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

CVE-2024-4610: Use After Free vulnerability

According to the advisory, this vulnerability is associated with the Use-After-Free condition, which allows an authenticated low-privileged attacker to make improper GPU memory processing operations and thereby gain access to already freed memory. 

This vulnerability is reported to affect the Bifrost GPU Kernel Driver from r34p0 through r40p0 and the Valhall GPU Kernel Driver from r34p0 through r40p0.

Arm has released a security advisory and patch versions to fix this vulnerability on affected versions.

Nevertheless, no additional information about this vulnerability nor the information on who reported this vulnerability was disclosed. 

Users of Mali GPU Kernel Driver such as Bifrost, all versions from r34p0 to r40p0, and Valhall, all versions from r34p0 to r40p0, are advised to upgrade their GPU drivers to the latest version, r49p0, to fix this vulnerability.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 


[ad_2]
Source link

Hackers Weaponizing MSC Files In Targeted Attack Campaign

andreasc
-
0
Hackers Weaponizing MSC Files In Targeted Attack Campaign
[ad_1]

Hackers utilize MSC or Microsoft Management Console files in themed attack campaigns as these files contain commands and scripts that enable them to perform different administrative tasks on the target system. 

By mimicking legitimate files, MSC files can evade various security properties and access overview and control of the vulnerable system with privileges, consequently resulting in unauthorized access to its data and other malicious deeds.

Cybersecurity researchers at NTT recently identified that hackers are weaponizing the MSC files in targeted attack campaigns.

Hackers Weaponizing MSC Files

In late May 2024, DarkPeony took over the MSC file exploitation already reported on by Kimsuky through Operation Control Plug.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

These attacks could have been against military and government organizations in Myanmar, the Philippines, Mongolia as well as Serbia.

By taking advantage of the fact that MSC file abuse is not easily detected and is obscurely carried out, the attackers devised several stages for infection, in which deserves to be looked at

Attack flow (Source – NTT)

Operation Control Plug initiates its attack chain through malicious MSC files that, when opened, display a screen prompting users to click a link executing a PowerShell script. 

This script fetches and runs an MSI package containing a legitimate executable capable of DLL side-loading.

The side-loaded DLL decodes and loads a malicious DAT payload, ultimately deploying the PlugX malware. 

Threat actors abuse the innocuous-looking MSC (Microsoft Common Console Document) format by leveraging its “Console Taskpad” feature to camouflage malicious PowerShell commands as seemingly harmless links, tricking users into enabling the infection sequence.

Websites distributing MSI files with Operation Control Plug may use Cloudflare to control access, presumably to block researchers and analysis engines from accessing the MSI files while distributing them to targeted organizations. 

This article introduced DarkPeony’s Operation Control Plug, which uses MSC files as the starting point of attacks and infects computers with PlugX to carry out intrusions. 

Although there are few attacks using MSC files, they are used by multiple targeted attack groups and may become more active in the future.

Researchers recommend that you verify whether your organization can detect attacks.

IoCs

MSC File

  • 1cbf860e99dcd2594a9de3c616ee86c894d85145bc42e55f4fed3a31ef7c2292
  • 54549745868b27f5e533a99b3c10f29bc5504d01bd0792568f2ad1569625b1fd
  • f0aa5a27ea01362dce9ced3685961d599e1c9203eef171b76c855a3db41f1ec6
  • 8c9e1f17e82369d857e5bf3c41f0609b1e75fd5a4080634bc8ae7291ebe2186c
  • e81982e40ee5aaed85817343464d621179a311855ca7bcc514d70f47ed5a2c67

MSI File Download Site

  • versaillesinfo[.]com
  • lifeyomi[.]com
  • profilepimpz[.]com
  • lebohdc[.]com

PlugX C2 Server

  • shreyaninfotech[.]com
  • buyinginfo[.]org
  • gulfesolutions[.]com

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 


[ad_2]
Source link
1...142143144...1,471Page 143 of 1,471