WhatsApp is developing a Notes feature for contacts

andreasc
-
0
WhatsApp is developing a Notes feature for contacts
[ad_1]

WhatsApp is always working on some new feature to help enhance the experience, and this is why it’s one of the most popular messaging platforms on the web. According to a new report, WhatsApp is working on a new Notes feature for contacts. As it stands, it appears that this feature will be available on the web initially.

As with any feature currently in development, you will want to take this news with a grain of salt. This feature was discovered in the latest beta version of WhatsApp for the web. However, neither WhatsApp nor Meta officially announced it. So, there’s a chance that it could be changed or canceled at any moment.

WhatsApp is working on a new Notes feature for contacts

Sometimes, when you are contacting a person via WhatsApp, there’s additional information about them or your interactions that you want to keep track of. Well, according to a new report, WhatsApp is working on a way of doing so easily. Simply named Notes, this feature is currently being tested for the WhatsApp web version.

Looking at the screenshot below, we see a new text field in the contact info screen. One thing to note is that the account being used is a WhatsApp Business account. At this point, there’s no telling if this feature will be exclusive to business accounts or if it will be free for all.

WhatsApp contact notes

In any case, you will be able to write down specific information about the contact. It could be the contact’s schedule, preferences, country of origin, language, Etc. You’re able to add notes about anything on the contact, and this could make it much easier to keep track of certain things to remember. If you are an avid WhatsApp user, and you have to keep track of a large number of contacts, then the Notes feature will be a notable lifestyle improvement.

At this point, there’s no word on whether or not this feature will make it to Android and iOS. However, it doesn’t seem likely that WhatsApp would keep this from the mobile market. It’s currently in development, so we should hopefully be hearing more about it soon.


[ad_2]
Source link

Windows MagicDot Path Vulnerability : Rootkit-Like Abilities

andreasc
-
0
Windows MagicDot Path Vulnerability : Rootkit-Like Abilities
[ad_1]

A new vulnerability has been unearthed, allowing attackers to gain rootkit-like abilities on Windows systems without requiring administrative privileges.

Dubbed “MagicDot,” this vulnerability exploits the DOS-to-NT path conversion process within the Windows operating system.

Here, we delve into the technical details of the vulnerability, the attack methods, the rootkit-like abilities it confers, and the mitigation strategies to protect against such exploits.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

Vulnerability Description

The MagicDot vulnerability is rooted in the way Windows handles file paths. Specifically, it is a known issue within the DOS-to-NT path conversion process that attackers can manipulate.

The vulnerability allows for the concealment of files, directories, and processes, effectively granting the attacker the ability to operate undetected on the system.

DOS PathNT Path (MagicDot)
C:\example\example.\??\C:\example\example
C:\example\example\??\C:\example\example
C:\example\example<space>\??\C:\example\example
C:\example\example<space><space>\??\C:\example\example
C:\example.\example\??\C:\example\example
C:\example<space>\example\??\C:\example<space>\example

The issue arises from the handling of file paths that include dots and spaces in a manner that is not anticipated by the system or the software operating on it.

This can lead to a variety of unexpected behaviors, including the misrepresentation of files and processes to the user and the system’s own management tools.

Attackers can exploit the MagicDot vulnerability through several methods:

  1. Hiding Malicious Files and Processes: By using specially crafted file paths with dots and spaces, attackers can hide malicious files and processes from the user and system monitoring tools, such as Task Manager and Process Explorer.
  2. Archive File Manipulation: Attackers can manipulate archive files to hide their contents. When a victim extracts the archive, the extraction logic is tricked into creating symbolic links instead of the actual files, leading to the execution of the attacker’s payload.
  3. Misrepresentation of Files: The vulnerability can be used to make malware files appear as verified executables published by Microsoft, deceiving users and potentially bypassing security measures.
  4. Denial of Service (DoS): Attackers can disable Process Explorer by exploiting a DoS vulnerability, hindering the victim’s ability to analyze and detect malicious activity.

Rootkit-like Abilities

The MagicDot vulnerability grants attackers abilities akin to a rootkit, which is a type of malware designed to gain unauthorized root or administrative access to a computer while remaining hidden:

Stealth: The ability to hide files, directories, and processes from both users and system monitoring tools.

Anti-Analysis: Techniques to disable or mislead analysis tools like Process Explorer, making it difficult for users or administrators to detect the presence of malware.

Persistence: By hiding malicious processes and files, attackers can maintain a persistent presence on the system without detection.

Researchers disclosed findings to Microsoft, as noted above. Microsoft did address the vulnerabilities, but has decided to leave the DOS-to-NT path conversion known issue unfixed.

  • Remote Code Execution (CVE-2023-36396, CVSS: 7.8): The vulnerability was confirmed, reproduced, and fixed by Microsoft. It was assessed as an RCE with an “Important” severity. 
  • Elevation of Privilege (Write) (CVE-2023-32054, CVSS: 7.3): The vulnerability was confirmed, reproduced, and fixed by Microsoft. It was assessed as a privilege elevation (PE) with an “Important” severity. 
  • Elevation of Privilege (Deletion): The vulnerability was reproduced and confirmed by Microsoft. However, they did not issue a CVE or a fix, but instead provided the following response: “Thank you again for submitting this issue to Microsoft. We determined that this issue does not require immediate security service but did reveal unexpected behavior. A fix for this issue will be considered in a future version of this product or service.” 
  • Process Explorer Unprivileged DOS for Anti-Analysis (CVE-2023-42757): The vulnerability was reproduced, confirmed, and fixed by the engineering team of Process Explorer in version 17.04. CVE-2023-42757 was reserved for this vulnerability by MITRE. MITRE confirmed the vulnerability with Microsoft and will publish the CVE once online publication of the details is available. 

[ad_2]
Source link

Nokia 225 4G 2024 Leak

andreasc
-
0
Nokia 225 4G 2024 Leak
[ad_1]

While HMD is working on phasing out the “Nokia” brand in favor of its own brand, the company is still releasing some Nokia-branded phones, including the Nokia 225 4G 2024, which is set to be announced any day now.

Thanks to Onleaks, we can now provide a detailed look at the Nokia 225 4G 2024. It’ll be available in two colors: pink and a sort of dark greenish-blue color.

Similar to the Nokia 225 that was released last year, this is also a “dumb” phone. So, it does not run Android. Instead, it runs HMD Global’s own OS called S30+. On the front here, we’re looking at a 2.4-inch display with a number pad. It’ll also sport a single camera on the back; we expect that to be a VGA camera or perhaps a 3-megapixel camera. Either way, don’t expect anything crazy from this phone when it comes to pictures.

Internally, the Nokia 225 will sport 128MB of storage and 64MB of RAM. And this is powered by a 1,450mAh capacity battery.

Nokia 225 4G 2024 is going to be perfect for teenagers or grandparents

With the Nokia 225 4G 2024, you’re getting a phone that has zero smartphone features. The only feature that this phone has, which a Samsung Galaxy S24 Ultra has, is a USB-C port. Surprisingly, this has a 3.5mm headphone jack. That makes this perfect for teenagers, or even pre-teens, who do need a phone but don’t need access to Instagram or TikTok while they’re in school. It’s also great for grandparents who still want that flip phone and don’t want to learn how to use a smartphone.

We expect that the Nokia 225 4G 2024 will be priced around €100. We also don’t expect it to launch in the US. Typically, these phones will launch in Europe and Africa, regions where dumb phones still have a pretty good market share. And finally, the Nokia 225 4G 2024 is likely to be announced later this month.


[ad_2]
Source link

Microsoft taps four Korean tech giants for a large AI partnership

andreasc
-
0
Microsoft taps four Korean tech giants for a large AI partnership
[ad_1]

Microsoft’s Founder Bill Gates and CEO Satya Nadella will reportedly meet with leaders of South Korea’s four technology companies on May 14 at the MS CEO Summit 2024. The goal is to strengthen their partnerships regarding the AI products and tools that make the development possible.

The leaders Microsoft is planning to get into a discussion with are – Kyung Kye-Hyun, the head of Samsung Electronics Device Solutions Division, Kwak Noh-Jung, chief executive of SK Hynix, Cho Joo-wan, CEO of LG Electronics, and Ryu Young-sang, CEO of SK Telecom. It will be a closed-door meeting between the CEOs. This is unusual for Microsoft to invite four Korean beg tech CEOs and find opportunities for partnerships. It shows how serious the company is when it comes to strengthening its AI capabilities.

Microsoft could source related chips and also offer its services to the companies

According to analysts, a partnership between the companies could be mutually beneficial. Speaking of Samsung, they are already working with companies like Nvidia on the next generation of AI chips.

According to sources, the partnership with Samsung and SK Hynix will likely focus on supplying high bandwidth memory chips, high-performance solid-state drives for servers, and compute express link devices to Microsoft. These are among some of the key equipment in the development of AI products. For those unfamiliar, Samsung and SK Hynix are the world’s two largest memory chipmakers.

Aside from sourcing chips related to the development of AI, Microsoft may also engage in discussions with Samsung and LG to integrate its AI services into their products. For reference, Samsung’s Galaxy AI, which has reached millions of devices at this point, is backed by Google’s Gemini Model. For it may result in new features in the future. Notably, Microsoft has been a customer of Samsung and LG regarding their smartphones and TVs respectively.

Samsung is already known for working on two AI chips

Kyung, chief executive of Samsung DS division confirmed last month that the company is working on two AI chips named Mach-1 and Mach-2. KED Global notes that the mass production of a prototype is scheduled for the end of this year. The company has already engaged in a $752 million deal with Naver Corp regarding the Mack-1 chip.


[ad_2]
Source link

TikTok says its parent company is not an agent of China, warns about free speech

andreasc
-
0
TikTok says its parent company is not an agent of China, warns about free speech
[ad_1]

US lawmakers recently approved a divest-or-ban bill that would force ByteDance to sell TikTok to non-Chinese owners in six months, with the option to extend the timeframe with another three months if sale negotiations are ongoing.

Over the weekend, the US House of Representatives went even further and voted to ban the social app if ByteDance, its parent company, doesn’t cut ties with China.

If the Senate’s vote on the bill scheduled for this week ends up with the same result, then TikTok might be forfeit in the US if ByteDance doesn’t comply and sell it, especially since President Joe Biden has already confirmed it will sign the legislation.

In response to the Saturday voting, a TikTok spokesman said that if the Senate votes for the ban, it “would trample the free speech rights of 170 million Americans, devastate seven million businesses, and shutter a platform that contributes $24 billion to the US economy annually.” (via BBC)

Furthermore, ByteDance claims it “is not an agent of China or any other country,” and that about 60 percent of the company is owned by a range of global investment firms.

However, it’s worth noting that even though its Chinese founders own just 20 percent of ByteDance, it’s the controlling stake in the company. As mentioned earlier, 60 percent of ByteDance is owned by various global investment firms, while 20 percent is owned by employees.


[ad_2]
Source link

Citrix UberAgent Flaw Let Attackers Elevate Privileges

andreasc
-
0
Citrix UberAgent Flaw Let Attackers Elevate Privileges
[ad_1]

A significant vulnerability has been identified in Citrix’s monitoring tool, uberAgent.

If exploited, this flaw could allow attackers to escalate their privileges within the system, posing a serious risk to organizations using affected software versions.

CVE-2024-3902 – Privilege escalation vulnerability in Citrix uberAgent

The vulnerability, tracked under CVE-2024-3902, specifically impacts specific versions of Citrix uberAgent.

It has been classified with a Common Vulnerability Scoring System (CVSS) score 7.3, indicating a high severity level.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

The issue arises due to improper configuration settings in the uberAgent software, which can be manipulated to elevate user privileges.

The flaw affects the following versions of Citrix uberAgent:

  • Citrix uberAgent versions before 7.1.2

Preconditions for Exploitation

For the vulnerability to be exploited, specific conditions must be met:

  • At least one configured [CitrixADC_Config] entry
  • One or more of the following metrics are configured.
  • CitrixADCPerformance
  • CitrixADCvServer
  • CitrixADCGateways
  • CitrixADCInventory

Additionally, for versions 7.0 through 7.1.1:

  • WmiProvider set to PowerShell
  • At least one CitrixSession metric is configured.

To mitigate the risk posed by this vulnerability, Citrix has provided specific instructions for users of affected versions.

  • Disable all CitrixADC metrics by removing the specified timer properties.
  • Remove all [CitrixADC_Config] entries.
  • For versions 7.0 to 7.1.1, ensure that WmiProvider is not configured or set to WMIC.

Citrix urges all affected customers to upgrade to uberAgent version 7.1.2 or later, which addresses the vulnerability and provides enhanced security features.

The latest versions can be downloaded from the official uberAgent website.

This vulnerability highlights the importance of regular software updates and vigilant configuration management.

Organizations using Citrix uberAgent are advised to review their installations and promptly update and make configuration changes to protect their systems from potential threats.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP


[ad_2]
Source link

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

andreasc
-
0
Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
[ad_1]

This week on the Lock and Code podcast…

Our Lock and Code host, David Ruiz, has a bit of an apology to make:

“Sorry for all the depressing episodes.”

When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to lock down their accounts and remove their sensitive information from the internet, but larger problems remained. Content moderation is failing nearly everywhere, and data protection laws are unequal across the world.

When we told the true tale of a virtual kidnapping scam in Utah, though the teenaged victim at the center of the scam was eventually found, his family still lost nearly $80,000.

And when we asked Mozilla’s Privacy Not Included team about what types of information modern cars can collect about their owners, we were entirely blindsided by the policies from Nissan and Kia, which claimed the companies can collect data about their customers’ “sexual activity” and “sex life.”

(Let’s also not forget about that Roomba that took a photo of someone on a toilet and how that photo ended up on Facebook.)

In looking at these stories collectively, it can feel like the everyday consumer is hopelessly outmatched against modern companies. What good does it do to utilize personal cybersecurity best practices, when the companies we rely on can still leak our most sensitive information and suffer few consequences? What’s the point of using a privacy-forward browser to better obscure my online behavior from advertisers when the machinery that powers the internet finds new ways to surveil our every move?

These are entirely relatable, if fatalistic, feelings. But we are here to tell you that nihilism is not the answer.

Today, on the Lock and Code podcast, we speak with Justin Brookman, director of technology policy at Consumer Reports, about some of the most recent, major consumer wins in the tech world, what it took to achieve those wins, and what levers consumers can pull on today to have their voices heard.

Brookman also speaks candidly about the shifting priorities in today’s legislative landscape.

“One thing we did make the decision about is to focus less on Congress because, man, I’ll meet with those folks so we can work on bills, [and] there’ll be a big hearing, but they’ve just failed to do so much.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.


[ad_2]
Source link

Google to pay $62 million settlement for tracking location without consent

andreasc
-
0
Google to pay $62 million settlement for tracking location without consent
[ad_1]

Google will have to pay $62 million as a settlement for tracking and storing users’ location history information without their consent. The sum will be used as a payout for a class-action lawsuit that followed an exposé by the Associated Press in 2018.

Multiple non-profits part of “extremely successful” settlement

U.S. District Judge Edward Davila has approved $62 million as the final settlement in court Thursday. The settlement is the result of an investigation that proved Google didn’t halt capturing and retaining users’ location history even after the latter denied consent.

Back in 2018, Google had assured users their data wouldn’t be tracked if they disabled the location history feature on their devices. However, an Associated Press investigation found otherwise.

Google LLC’s $62 million will go into a non-reversionary cash fund. Up to 21 nonprofit organizations will receive money for providing support and defense of the class members’ privacy rights. Other payouts include $18.6 million in plaintiff attorney fees, unreimbursed expenses of $151,756.23, and awards of $5,000 for each of the three settlement class representatives. This amounts to 30% of the settlement money. The usual benchmark is 25%. No wonder the judge called it “an extremely successful result.”.

The investigation strongly indicated that Google continued to access and store geolocation information of people who turned off their location history. The plaintiffs successfully argued that such actions violate the California Invasion of Privacy Act and California’s Constitutional Right to Privacy. The plaintiffs reportedly added that Google was guilty of “unlawful intrusion upon seclusion.”

Why exactly is Google paying $62 million to settle a lawsuit?

As mentioned in the settlement, Google should have ensured it stopped tracking users’ location the moment they turned off the Location History setting for their Google account. There’s no per-device setting required. In other words, Google should have turned off location tracking on all devices associated with that Google account.

However, the settlement states, “Google’s representation was false.” Turning off “Location History” merely stopped Google from creating a location timeline that the user could view. In other words, users couldn’t see their location being tracked.

Google, on the other hand, continued to track the phone owners and kept a record of their locations, the settlement observes. The settlement further successfully argued that even when users specifically turned off “Location History”, Google stored the user’s location every time they used any Google-controlled features on their phone.

Simply put, a user had to merely use any of the myriad of Google apps and services, for Google to pounce on the location and store the relevant information. Apps and services such as Google Maps app, weather apps, and searches made with the phone’s mobile browser exposed the user’s location, and Google stored it, even with Location History turned off.

The 2018 investigation even indicated that Google was eager to capture and store location history. Actions such as opening Google Maps, and even some searches would trigger relevant algorithms. These apps would “pinpoint your precise latitude and longitude, accurate to the square foot. And save it to your Google account.”

Google has steadily amended its ways. Users can stop Google from tracking their location, access the information, and even delete location history. This settlement could help bolster these procedures and safeguards.


[ad_2]
Source link

Google Drive brings search filters on Android

andreasc
-
0
Google Drive brings search filters on Android
[ad_1]

Over a month after rolling out on iOS, Google Drive users are now receiving a new update that adds support for search filters to the Android app. This update allows users to find exactly what they need in Google Drive with unprecedented speed and accuracy, and it comes a month after Google rolled out dark mode support for the Web version.

The update introduces search filters directly below the Google Drive search bar. You can now sort files by file type, people, and last modified date. Whether you need that project document from a specific colleague or the photo you took last weekend, these filters streamline the search, especially for users with extensive Drive storage.

Going beyond the basic filters, you can combine them with your search terms for even more precise results. Need a PDF presentation modified last month? Drive’s got you covered. The search results page also offers further refinement options, allowing you to pinpoint that elusive file with incredible accuracy. This update is a boon for Google Workspace users and those with personal Google accounts alike. As more people access their files across devices, this feature guarantees a consistent and user-friendly experience.

 

Google Drive search filters on Android
Source: Google

A step toward mobile productivity

Android users have eagerly anticipated this feature for over a month since Google made it available on iOS. Google’s focus on a seamless cross-platform experience is undeniable. While search filters aren’t a groundbreaking innovation, the updated Android implementation stands out. It dynamically adapts to your searches, presenting the most relevant filters instantly. This saves precious time and frustration.

This upgrade holds larger implications. As smartphones become ever more powerful, and devices like foldables increase in popularity, the lines between mobile and desktop productivity continue to blur. Google Drive’s enhanced search capabilities acknowledge this shift. Finding the right information effortlessly, regardless of your device, is increasingly important.

This is a substantial and overdue upgrade. It shows Google’s dedication to simplifying user experiences and reinforces Drive’s position as a leading player in cloud storage. The update reflects a future where finding your files will be a painless process, enabling users to be productive from anywhere.

The new search filters are rolling out to multiple Android devices with the latest Google Drive v2.24.147.0 update on personal and Google Workspace accounts.


[ad_2]
Source link

Gemini to learn a trick from Google Assistant: You might soon control Spotify with your voice

andreasc
-
0
Gemini to learn a trick from Google Assistant: You might soon control Spotify with your voice
[ad_1]
Earlier this year, Google revealed the rebrand of its Bard AI chatbot, now known as “Gemini,” along with the launch of a new Android app. However, it was clear from the outset that Gemini wasn’t a full replacement for Google Assistant on Android phones, at least not yet. It still lacks some basic features like song identification or playback, which Assistant users had grown accustomed to. Nevertheless, this could soon change.

Integration with apps like Spotify might be on the horizon


Google seems to be gearing up to introduce a new music-related feature to its chatbot. As per a tip from the well-known leaker AssembleDebug shared with tech-focused blog PiunikaWeb, Gemini might soon include a “Music” option, enabling users to “select preferred services used to play music.” This discovery was made within the Gemini Settings page.


In the images above, you will notice the feature as the second-to-last option listed. When you tap on Music, it leads you to a page where you can “Choose your default media provider.” But right now, that page is empty – there are no services listed yet.


However, this suggests that users can soon pick their favorite streaming service from a list. Once selected, Gemini is expected to smoothly work with services like Spotify, YouTube Music, or even Apple Music, letting you play music with voice commands.


There’s no info on when the company plans to roll out this feature. But if and when it does, it’s sure to be a win for music lovers. Plus, adding more features like this brings Gemini one step closer to replacing the Assistant, which, to be honest, seems inevitable at some point.


[ad_2]
Source link
1...151152153...1,452Page 152 of 1,452