Apple Removed Numerous Apps From China App Store

andreasc
-
0
Apple Removed Numerous Apps From China App Store
[ad_1]

Apple users in China may no longer find various popular apps, such as WhatsApp and Telegram, on the App Store. Apple seemingly removed these apps from the App Store following the Chinese government orders that bar most foreign apps in China.

Apple App Store China No Longer Includes WhatsApp, Signal, And Two Other Apps

According to Reuters, Apple has removed some popular messaging from its App Store version for China, citing security concerns. This move seemingly implements a government order banning foreign applications.

Specifically, the apps removed from the Chinese App Store version include two Meta apps – WhatsApp and Threads, and two other messaging applications – Signal and Telegram.

Apple confirmed via a statement to Reuters that it had to remove the four apps from its App Store version in China to comply with the government orders.

The Cyberspace Administration of China ordered the removal of these apps from the China storefront based on their national security concerns. We are obligated to follow the laws in the countries where we operate, even when we disagree.

Interestingly, while these apps are no longer available for Chinese users, some related apps remain accessible there. These include the other Meta apps (Facebook, Messenger, Instagram), and apps like YouTube and X (formerly Twitter). Thus, it somewhat conflicts with the Chinese decision to ban unregistered foreign applications. Instead, this move, which emerged as a result out national security concerns for China, looks more of a way to increase surveillance over Chinese users’ communications.

Considering that all four apps facilitate secured chats, particularly, WhatsApp and Signal, which are long known for their default end-to-end encryption, it seems they attracted the Chinese government’s ban due to their data protection measures.

With these apps, the Chinese authorities would face problems accessing their citizen’s chats. Hence, the country seemingly banned the use of such applications within its territory to continue with its citizen control practices.

This isn’t the first time Chinese authorities have banned certain applications. Previously, the government even banned numerous VPN apps that failed to comply with its registration policy. The country justified this move as a national security measure. Consequently, Apple also removed multiple VPN apps from its App Store for China.

Let us know your thoughts in the comments.


[ad_2]
Source link

Samsung will fix your display green line issue for free… in one country

andreasc
-
0
Samsung will fix your display green line issue for free… in one country
[ad_1]

Samsung has offered free screen replacements for Galaxy S22 and Galaxy S21 phones affected by the green line issue in India. Affected users can get the screen replaced for free even if their devices are out of warranty. They have until April 30, 2024, to claim a free replacement via a Samsung Service Center.

Galaxy S22 & S21 phones with green line issues get free screen replacement

Samsung has been dealing with these kinds of screen issues on its Galaxy phones for some time now. Devices suddenly develop green or pink lines running vertically across the screen. The issues mostly affect devices with Super AMOLED displays and crop up after a software update. The lines do not have a fixed pattern—they may appear anywhere and in any number.

Last year, Samsung India offered free screen replacements for the Galaxy S20 and Galaxy Note 20 phones with this issue. Just when we thought the company had addressed the problem for once and all, similar vertical lines started to appear on the Galaxy S22 and Galaxy S21 devices. The Korean firm is once again replacing the screens for free, at least in India.

If you are using any of the aforementioned Samsung phones in India and are experiencing a green or pink line issue, you can visit a Samsung Service Center to replace the screen for free. The company will also replace the battery and the kit for no additional cost. You are essentially getting your entire out-of-warranty device refurbished for free. This is a great deal for an aging phone.

You have to keep a few things in mind, though. Firstly, this policy only applies to phones purchased in the last three years. Since the Galaxy S20, Galaxy Note 20, and Galaxy S21 lineups are more than three years old, people who purchased them early (before April 2021) are out of luck. You also must book an appointment at a Samsung Service Center before the end of this month.

Samsung could extend the deadline if the issue continues to affect more devices

Samsung India’s deadline of April 30 for booking an appointment to get a free screen replacement applies to devices already affected by the green line issue. If the problem continues to crop up on more devices in the coming weeks, the company may extend the deadline. This issue doesn’t appear to be widespread outside of India. However, if you are having a similar issue in other regions, reach out to Samsung’s customer service.


[ad_2]
Source link

Over 10 million devices were infected with data-stealing malware in 2023

andreasc
-
0
Over 10 million devices were infected with data-stealing malware in 2023
[ad_1]

One of the biggest threats to smart devices is they can get infected with malware that can steal data. While many experts continuously warn tech users of the dangers, devices infected with malware are becoming more common. Sure, it may be due to inexperienced users. However, the tools hackers use are becoming more sophisticated as the defenses used against them improve.

There are several types of malware, and the bad actors aren’t only interested in your banking details or cryptocurrency logins. Some just want the common WhatsApp or other social media details. Hackers usually sell the data so what they go after depends on what their client requires. Data can also be stolen and leaked to sabotage a business or company.

Over 600% rise in devices infected with malware in the last year years

According to a study by a cybersecurity firm called Kaspersky, over 10,000,000 devices were infected with malware in 2023 with a 643% rise in the last 3 years. On average, 50.9 login credentials are stolen by hackers per infected device. The stolen credentials can then be sold by the perpetrator on the dark web or used for their benefit. As mentioned above, the credentials targeted aren’t always highly sensitive bank or other money-related logins.

Many inexperienced users only worry about and take precautions for their banking apps, and consider other data on their devices safe. However, that is not the case as all data on a device is useful for someone. This can be emails, pictures, or random files that we consider useless.

Websites aren’t safe from this either

The threat of malware doesn’t only extend to devices. Kaspersky’s data further elaborated that in the last 5 years, 443,000 websites globally have been compromised. A whopping 326 million of these websites had the .com domain. In second place was the Brazil (.br) domain with 29 million compromised accounts, and third place was the India (.in) domain with 8 million compromised accounts. Fourth and Fifth places went to Columbia (.co) and Vietnam (.vn) with 6 and 5.5 million compromised accounts respectively.

With the number of data-stealing infections estimated to reach 16 million, it’s more important than ever to take every step required to safeguard your data and devices. The best way to do this is to use a comprehensive security solution like anti-virus software. This solution will protect your device from malware infections and notify you of any dangers. For instance, if you open any shady site or phishing email the security solution can be your first line of defense.

Companies can also use this method on the devices they give out to their employees to protect any sensitive material from leaking out. Moreover, companies can be more proactive, and as soon as they spot a leak, they can change the password to contain the leak. With tools like Android Safe Browsing popping up, the best precautions should be taken for data safety.


[ad_2]
Source link

Google Meet now lets users make annotations during presentations

andreasc
-
0
Google Meet now lets users make annotations during presentations
[ad_1]

Google recently updated its Meet app with the ability to make annotations during presentations. The new feature will be enabled by default when users start presenting.

A new annotations menu where users can access various tools such as a pen, disappearing ink, sticker, text box, and more is now available in the Meet app. In addition to bringing this feature to Meet, Google also made it possible to assign a co-annotator.

To add a co-annotator, simply head to the people panel or hover over a user’s video tile, select more options (three-dot icon) and choose the “add as co-annotator” option.

According to Google, both annotating and co-annotating features are available for the following Google Workspace editions:

  • Business Starter, Standard, and Plus
  • Enterprise Starter, Standard, and Plus
  • Frontline Starter and Standard
  • Essentials, Enterprise Essentials, and Enterprise Essentials Plus
  • Education Standard, Plus, the Teaching & Learning Upgrade
  • Workspace Individual subscribers

It’s important to mention that at the time of launch, Android users can use annotations when they present their screen and select the Entire Screen option. Unfortunately, the co-annotation feature is not available for Android users, but it will be added in a future update.On the other hand, iOS users can’t use annotations when presenting. However, they can use annotations if they are appointed a co-annotator by a web user.

As far as availability goes, Rapid Release domains should get the new feature in the next two weeks, while Scheduled Release domains will have to wait until April 25 for the rollout to begin, which should take up to 15 days.


[ad_2]
Source link

Fake Popular Software Ads Deliver New MadMxShell Backdoor

andreasc
-
0
Fake Popular Software Ads Deliver New MadMxShell Backdoor
[ad_1]

In a recent wave of cyberattacks, IT professionals have become the target of a cunning malvertising campaign uncovered by Zscaler ThreatLabz researchers Roy Tay and Sudeep Singh.

According to the company’s research, this campaign leverages deceptive online advertisements to distribute a previously unseen backdoor named “MadMxShell.” It all started in March 2024, when Zscaler ThreatLabz discovered a threat actor using look-alike domains to distribute MadMxShell, utilizing DLL sideloading, DNS protocol abuse, and memory forensics security solutions.

Researchers believe the attackers have displayed a calculated approach. Between November 2023 and March 2024, attackers registered multiple domain names closely resembling those of popular IP scanner and network administration software, including Advanced IP Scanner, Angry IP Scanner, PRTG IP Scanner by Paessler, Manage Engine, and network admin tasks related to VLANs.

This tactic is known as typosquatting. It creates a high chance that the domains will appear on top searches and IT professionals might click on the malicious advertisement by mistake. 

Once clicked, the ad redirects the user to a landing page designed to look like the genuine software vendor’s website. Here, they’re presented with a downloadable file that, unbeknownst to them, harbours the MadMxShell backdoor.

Fake Popular Software Ads Deliver New MadMxShell Backdoor

New Backdoor with Evasive Techniques

As per Zscaler’s blog post, the MadMxShell backdoor employs a multi-stage deployment process designed to evade detection by traditional security solutions. The initial payload leverages DLL sideloading, a technique where a legitimate program is tricked into loading a malicious library file. This malicious library then downloads additional components that establish communication with the attacker’s command-and-control (C2) server.

One of the most concerning aspects of MadMxShell is its use of DNS MX record queries for C2 communication. This technique leverages the standard Domain Name System (DNS) protocol in an unconventional way to mask communication with the attacker’s infrastructure. Additionally, MadMxShell employs anti-dumping techniques to prevent memory analysis, making it difficult for security researchers to understand its inner workings.

Protecting Your Systems:

To mitigate risks, be cautious of unsolicited ads, enable pop-up blockers, maintain robust security software, and educate employees about the dangers of malvertising and social engineering tactics.

Jason Soroko, Senior Vice President of Products at Sectigo commented on the new campaign. Defenders don’t usually look for malicious control communications (C2) in email exchange DNS traffic, so the attackers in this case found a place to hide. The attackers also employ a technique that blocks the ‘dumping’ of memory for analysis by endpoint security solutions,” Jason explained.

Malvertising isn’t new, however, the malware techniques being used here demonstrate that the technology pipeline of the attackers is deep and a great deal of thought has been put into hiding in the dark corners of networking and operating systems, he wanted.

  1. Provocative Facebook Ads Deliver NodeStealer Malware
  2. New VPN Malvertising Attack Drops OpcJacker Crypto Stealer
  3. Malvertising attack drops malicious Chrome extensions, backdoors
  4. Millions of PornHub users affected by a year-long malvertising attack
  5. Big Head Ransomware Found in Malvertising, Fake Windows Updates

[ad_2]
Source link

VMware ESXi Shell Service Exploit on Hacking Forums: Patch Now

andreasc
-
0
VMware ESXi Shell Service Exploit on Hacking Forums: Patch Now
[ad_1]

A new exploit targeting VMware ESXi Shell Service has been discovered and is circulating on various hacking forums.

This vulnerability poses a significant risk to organizations using VMware for their virtual environments, potentially allowing unauthorized access and control over virtual machines.

The exploit, which explicitly targets the VMware ESXi Shell Service, was reported in a tweet from a Dark Web Intelligence account on Twitter.

The ESXi Shell, an essential component for managing VMware ESXi hosts, provides a command-line interface for direct interaction with the host.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

If exploited, this vulnerability could enable attackers to execute arbitrary commands on the host machine, leading to data theft, system disruption, or worse.

Potential Impact

The implications of such an exploit are far-reaching. VMware ESXi is widely used in enterprise environments to manage virtual server infrastructures.

An exploit that compromises the ESXi Shell could allow attackers to gain control over all virtual machines hosted on the server, leading to a massive breach of internal and customer data.

The disruption could also extend to critical operational systems, causing significant downtime and financial loss.

In response to this exploit’s discovery, VMware has issued an urgent advisory to all its users, urging them to apply the latest patches immediately.

The company has released a security patch addressing this specific vulnerability and several other potential security issues.

Steps to Secure Your Systems

  1. Verify Current System Version: Administrators should first verify the current version of their VMware ESXi installations to determine if they are potentially vulnerable.
  2. Apply Patches Immediately: If systems are found to be vulnerable, it is crucial to apply the VMware-provided patches without delay. These updates are designed to close the security loophole and prevent potential exploits.
  3. Monitor Network Activity: Continuous monitoring of network activity for unusual behavior is recommended. This can help detect and mitigate any exploitation attempts early.
  4. Regular Security Audits: Regularly scheduled security audits and compliance checks should be conducted to ensure that no vulnerabilities are left unaddressed.

The discovery of the VMware ESXi Shell Service exploit is a stark reminder of the importance of maintaining up-to-date security measures in all technological infrastructures.

Organizations using VMware ESXi must take immediate action to patch their systems to protect against this severe security threat.

By staying vigilant and proactive, businesses can safeguard their data and operations against potential cyber-attacks.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP


[ad_2]
Source link

Billions of scraped Discord messages up for sale

andreasc
-
0
Billions of scraped Discord messages up for sale
[ad_1]

Four billions public Discord messages are for sale on an internet scraping service called Spy.pet.

At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard some laws: more on that later.

To get this amount of data the platform gathered information from 14,201 servers about 627,914,396 users.

information gathered from 14,201 servers about 627,914,396 users produced 4,098,054,528 logged messages

The way in which Spy.pet organized the information could turn out to be problematic for certain users. It built a database based on user profiles which contains all known aliases, pronouns, connected accounts (such as Steam and GitHub), Discord servers joined, and public messages.

The buyers don’t need to descend into the dark dungeons of the dark web to buy this information. It’s available for anyone on the regular web.

For a search of information about a specific user, all you need is their Discord User-ID and some cryptocurrency.

A credit costs $0.01 and you’ll have to buy a minimum of 500 credits. A new search for a profile costs 10 credits (7 for a cached profile).

To look up profiles, you’ll first have to buy credits. A credit costs $0.01 and you’ll have to buy a minimum of 500 credits.

A new search for a profile will put you back 10 credits (7 for a cached profile).

Interestingly the platform also offers an enterprise version for which interested parties are invited to contact the administrator.

Interested in training an AI model with Discord messages? Are you a group of federal agents looking for a new source of intel? Or maybe something else? We’ve got you covered. Contact us and let us know how we can help.

Breaking a few laws

Scraping data is a common practice nowadays, but there are a few rules that, when broken, will cost a lot more than a few dollars. Scraping and selling data about minors, especially without consent, is illegal in most parts of the world, including the US.

And when you are gathering data about European Union (EU) citizens, you’ll need to have a method in place for those citizens to have their information removed. Spy.pet does have a “Request Removal” button, but clicking it will show you an annoying snippet of a Spiderman movie where the news editor laughs at Peter Parker.

Discord told the Register it is probing Spy.pet to see if any action needs to be taken against the chat-harvesting service.

“Discord is committed to protecting the privacy and data of our users. We are currently investigating this matter. If we determine that violations of our Terms of Service and Community Guidelines have occurred, we will take appropriate steps to enforce our policies. We cannot provide further comments as this is an ongoing investigation.”

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection


[ad_2]
Source link

Pixel 8a will cost more than the Pixel 7a based on new leak

andreasc
-
0
Pixel 8a will cost more than the Pixel 7a based on new leak
[ad_1]

The Google Pixel 8a will cost more than its predecessor, the Pixel 7a, it seems. A Canadian retailer shared a price tag for the Pixel 8a, and it’s higher than the Pixel 7a’s price was at launch.

The Pixel 8a is expected to cost more than the Pixel 7a

A price of CAD709 is highlighted for the 128GB storage model and CAD793 for the 256GB storage option. That translates to well above $500, which means the Pixel 8a will cost more than its predecessor.

Do take this information with a grain of salt, of course, it could be just a rather odd placeholder or something like that. Chances are that the Pixel 8a will be more expensive, though. That part won’t surprise us.

The Pixel 8a will be coming with a new chip, the Google Tensor G3. Well, a new chip for the Pixel A series, as that chip already fuels Google’s flagship smartphones. It will also include a better display this time around, as Google will bump up its refresh rate to 120Hz.

Now, the same camera setup is expected on the back. That means we’ll get a 64-megapixel main camera and a 13-megapixel ultrawide unit. A 13-megapixel unit will sit on the front side of the phone.

It will arrive in two storage variants, and we know what it will look like

128GB and 256GB storage variants are expected, while a 4,500mAh battery will likely be used. The phone will look very similar to the Pixel 7a. We’ve actually exclusively shared the Pixel 8a renders quite recently.

The phone will have a flat display with a centered display camera hole. A camera visor will still be present on the back, with two cameras inside it. The phone will come in rather interesting colors too.

The one that attracts the most attention is the ‘Mint’ model. Obsidian, Porcelain, and Bay colors will also be on offer. The Pixel 8a will launch during Google I/O 2024 next month. It will take place on May 14 and 15, but the phone will arrive during the keynote on May 14.


[ad_2]
Source link

US House passes new TikTok ban bill with longer divestment period

andreasc
-
0
US House passes new TikTok ban bill with longer divestment period
[ad_1]

The United States House of Representatives has passed another bill to ban TikTok in the country. The new bill has a similar core structure to the original bill passed last month. However, it is part of a larger group of foreign aid bills, making it harder for the Senate to hinder its progress. The previous bill has yet to pass the upper house.

Another TikTok ban bill passes the US House

TikTok is facing a nationwide ban in the US over security concerns. Last month, the House voted 352-65 to pass a bill that could ban the popular video-based social media app across the country. If signed into law, TikTok’s Chinese owner ByteDance would get six months to either divest the US arm of the platform or exit the nation.

However, the bill has made little progress in the Senate. Lawmakers in the upper house have expressed mixed concerns about the proposed ban on TikTok. As noted by The Verge, Senate Commerce Committee Chair Maria Cantwell (D-WA) has remained mysterious about it. This is despite President Joe Biden suggesting he is ready to sign the legislation.

Meanwhile, the House prepared another bill with similar terms—ByteDance has to either sell the US arm of TikTok or face a nationwide ban. The only notable difference is that the Chinese firm will have a year to decide, double what is offered by the original bill. The initial divestment period will be nine months. If the firm makes progress, Biden can extend it by three more months.

The new bill passed the House by a margin of 360 to 58. Interestingly, Cantwell liked the new terms. A few others who voted against the standalone bill last month have also shown support for the new one. They believe six months is too little for a global company to finalize a complex divesture process. A year might be enough for ByteDance to decide.

The Senate may soon vote on the updated bill

The latest bill to ban TikTok in the US is packaged with foreign aid bills “that seek to provide military aid to Ukraine and Israel and humanitarian aid to Gaza.” Since these funds are to be finalized with urgency, the Senate has to move the bills swiftly. This also means that the TikTok bill won’t be stalled in the upper house for long. The Senate doesn’t necessarily have to approve it alongside other bills in the package, though.

However, if they do, President Biden might not take long to pass the bill into law. TikTok, meanwhile, isn’t happy about the House cleverly bundling the bill with foreign aid bills. “It is unfortunate that the House of Representatives is using the cover of important foreign and humanitarian assistance to once again jam through a ban bill that would trample the free speech rights of 170 million Americans,” the firm said in a statement.


[ad_2]
Source link

WhatsApp testing scheduling feature for easier event management in Communities

andreasc
-
0
WhatsApp testing scheduling feature for easier event management in Communities
[ad_1]
A long-awaited WhatsApp feature that was in the headlines from October of last year seems to be finally making its way to beta testers, reports Android Police. We’re talking about a feature that allows you to schedule events within a WhatsApp Community.

WhatsApp is now finally beta testing its event scheduling feature


The feature seems to be available for some beta testers on the Android version of WhatsApp. The folks over at WABetaInfo have uncovered that the feature has finally made its way to testing. Usually, WhatsApp Communities could consist of tens or even hundreds of people, and the event scheduling feature will bring the organization to the next level.

The option is found in WhatsApp’s attachment menu within a Community chat. You will also be able to generate and attach a WhatsApp call link, and you can select whether it will be a video or voice call.


Community members will receive a notification about the event automatically, and, as such features usually work, each person will be able to review and accept the invite. The event creator can modify the event details later, and all invitees will receive a notification about the changes. On top of that, all Community events will be visible from the group info and the community pages. To wrap the feature in a little bow, WhatsApp will be sending you reminders for events, and you can add an event to your calendar with the Add to Calendar button.

WhatsApp seems to also be looking into event scheduling for regular groups as well.

For now, the feature is available for some WhatsApp beta testers with version 2.24.9.20 of the Android app. It seems to be a limited release at this point, and you may not have the feature yet even if you’re a beta tester on the required version. However, we expect it will soon propagate to more people before becoming official.

Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master’s degree holder, enjoys reading, painting, and learning languages. She’s also a personal growth advocate, believing in the power of experience and gratitude. Whether it’s walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.


[ad_2]
Source link
1...153154155...1,452Page 154 of 1,452