Google Chrome users could soon digitally sign PDFs without leaving browser

andreasc
-
0
Google Chrome users could soon digitally sign PDFs without leaving browser
[ad_1]

Google Chrome’s latest beta version includes the ability to digitally sign PDF files. This feature could soon make its way to the stable version of the web browser. It would allow users to insert their digital signature into a PDF document.

The latest Google Chrome Canary version has a “PDF Ink Signature” feature

Google Chrome includes a robust, reliable, and fast PDF document viewer. It allows users to quickly open a PDF document without leaving the browser or opening another application.

The latest stable version of Google Chrome has multiple tools to view PDF files. Users can zoom in on a document, fit it to a page, enable a two-page view, rotate the pages, and access the table of contents. Google Files can also save scanned documents as PDFs, which can be accessed in Chrome.

PDF documents could accept and carry digital signatures for a long time. The digital code offered proof of authentication and authorization. Needless to say, to date, only a few dedicated platforms such as Adobe’s Acrobat suite offered this feature

Hidden inside the latest Canary version of Google Chrome is the ability to include a digital signature in a PDF document. The Chrome Canary version 126 has an experimental flag that, when activated, enables the “PDF Ink Signatures” feature.

When will Google Chrome allow users to digitally sign a PDF document?

Google hasn’t activated the PDF Ink Signature Annotations feature in the stable version of Chrome web browser yet. However, the presence of the flag inside the Canary version of the web browser is a strong indicator of the possibility.

The Chrome Canary flag reportedly confirms the digital signature tool will be available in an upcoming stable version of the Chrome web browser. Even the Chromium documentation seems to suggest so.

Google Chrome works on Mac, Windows, Linux, Chrome OS, Fuschia, and Lacros. Hence Chrome web browsers for these Operating Systems (OS) could get the feature. There’s, however, no confirmed timeline for the deployment.

Chrome’s rival Microsoft Edge is considerably ahead in PDF document modification. Edge currently packs a full suite of annotation tools such as Draw, Eraser, Highlighter, etc. Google might be jumping straight to digital signature support.

To test the PDF Ink Signatures features, users need to download Google Chrome Canary. Then type “chrome://flags/#pdf-ink2” in the address bar, and toggle the setting to “Enabled”

It is important to note that the Google Chrome Canary version isn’t meant for everyday usage or the general public. It is an unstable experimental version intended for beta testers.

Hence, it would be wise to wait for an update for the stable version of the web browser for the PDF Ink Signatures feature to be activated by default. Google might be developing this feature for the recently introduced Chrome Enterprise Premium.


[ad_2]
Source link

Google Wallet frustrates Wear OS users with PIN requirement on watch

andreasc
-
0
Google Wallet frustrates Wear OS users with PIN requirement on watch
[ad_1]

Google Wallet users on Wear OS smartwatches are feeling frustrated by a recent change that now requires them to enter their PIN on the watch before every contactless tap-to-pay transaction. This disrupts the previously seamless experience. And it has gotten some users questioning the convenience of using Google Wallet on their watches.

Previously, Wear OS users could simply open the Google Wallet app on their watch and tap to pay. Now, a PIN prompt appears, adding an extra step and defeating the purpose of the wearable’s quick payment capabilities. Google likely implemented this for enhanced security. However, users see it as a significant inconvenience that could potentially discourage the use of Google Wallet on their watches.

Security vs. convenience

The reason behind the change is security-focused, although Android Police speculates it could be a bug. But with Google Wallet on Wear OS already verifying a user’s PIN if the watch is removed from the wrist, this new measure may seem redundant. Some speculate whether Google doesn’t fully trust Wear OS’s existing security protocols.

The uncertainty surrounding the change is a further point of annoyance. Google has yet to officially confirm whether this is a permanent feature, a test in progress, or an app bug. The company’s updated support page mentions stricter verification but primarily focuses on phones, leaving smartwatch users in the dark.

Comparison to the Apple Watch

For those already annoyed by Google Wallet’s recent PIN requirement on phones, this Wear OS change adds insult to injury. Apple Watch’s streamlined double-tap of the side button now seems far more attractive, underscoring Google’s move as a step backward in user experience. It’s worth noting that entering a PIN on a watch’s small screen is inherently less convenient than phone-based fingerprint authentication. While people in the US may already be familiar with verification for every contactless payment, small transactions often go unverified in Europe. Limits vary by country – the UK allows up to £100, Germany €50, and Belgium only €25 before verification becomes necessary. With Google Wallet now requiring users to input a PIN with every transaction on their watch, the process will become a little annoying.

While enhancing security is admirable, Google’s latest Google Wallet change may have unintended consequences. Wear OS users value speed and ease, and this added PIN step significantly compromises that. Unless Google clarifies this change or introduces a better workaround, users may opt for traditional payment methods or even switch to competitor platforms with more seamless payment experiences.


[ad_2]
Source link

Google Wallet is requiring PIN verification for every Wear OS watch tap-to-pay transaction

andreasc
-
0
Google Wallet is requiring PIN verification for every Wear OS watch tap-to-pay transaction
[ad_1]

Wear OS users might soon need to jump through an extra hoop before paying with their watches. According to reports from some users, Google Wallet on Wear OS is prompting them to enter a PIN before completing a transaction, whereas this has not been required in the past.

Google has recently begun to require device unlocks for individual tap-to-pay transactions, a behavior that had been previously observed on smartphones. However, on Wear OS smartwatches this had been traditionally bypassed as long as your watch was already unlocked. When this changed and Wallet users using their watches began to be prompted for pin verification, they were reasonably surprised. 

However, while this change could be a slight annoyance for users who were accustomed to the simpler process, it might also indicate that Google is working on improving the security of Wear OS payments. After all, smartphones using Google Wallet already require users to verify their identity with a PIN or fingerprint scan after a period of inactivity. So, it’s possible that Google is planning to implement a similar security measure for Wear OS devices.


Unsurprisingly, Wear OS users aren’t exactly thrilled about the prospect of having to enter a PIN every time they want to pay for something with their watches. The convenience of contactless payments is a major selling point for wearable devices, and adding an extra step to the process could negatively impact the user experience.

As of now, Google hasn’t officially confirmed whether a PIN requirement is being rolled out for Wear OS payments. As a matter of fact, as noted by Android Authority, Google’s support page on this doesn’t specifically call out Wear OS, and instead uses the more generic term “device” in its instructions for making payments with Google Wallet.

Because of this, it’s important to take these reports with a grain of salt, as this could very well end up being a bug. Hopefully, if this change does become official, we will hear more about it directly from Google, either via a blog post or an update to the support documentation.


[ad_2]
Source link

Alert! Zero-day Exploit For WhatsApp On Hacker Forums

andreasc
-
0
Alert! Zero-day Exploit For WhatsApp On Hacker Forums
[ad_1]

A zero-day exploit targeting the popular messaging app WhatsApp has been advertised on underground hacker forums.

The exploit has raised serious concerns regarding the safety of users on Android and iOS platforms.

This exploit is reported to have the potential to significantly compromise user data and privacy, making it a serious threat to millions of users.

The details of the exploit are still being investigated, but it is believed that attackers could gain unauthorized access to user devices and steal sensitive information such as passwords, personal data, and financial information.

It is important for users to remain vigilant and take necessary precautions to protect their devices and personal information.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

Exploit Capabilities

The exploit boasts a range of alarming capabilities that could compromise user security:

Remote Code Execution (RCE): The exploit allows arbitrary code to be executed on the victim’s device without their knowledge.

Attack Type: It is described as a ‘1Click’ attack, suggesting that the victim needs to perform only a single action, such as clicking on a link or an image, for the exploit to be triggered.

Payload Delivery: The malicious payload is reportedly delivered through an image, which could be easily disguised as a harmless photo.

Device Control: Once executed, the attacker can gain control over the device, which could lead to data theft, surveillance, or further distribution of malware.

The Advertisement

The advertisement for this exploit was posted by a user with the handle “Team9Sandman,” who claims to be a broker for the malicious software.

The user’s reputation on the forum is noted to be 30, with this being one of only two posts made by the account.

The existence of such an exploit is a significant concern for all WhatsApp users, as it could lead to unauthorized access and control of their devices.

This could result in the loss of personal and sensitive information, financial loss, and a breach of privacy.

WhatsApp users are urged to stay vigilant and update their apps to the latest version, as updates often include security patches for known vulnerabilities.

Additionally, users should be cautious of any links or images received from unknown sources and should regularly back up their data to mitigate the damage in case of an attack.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link

WhatsApp is developing a Notes feature for contacts

andreasc
-
0
WhatsApp is developing a Notes feature for contacts
[ad_1]

WhatsApp is always working on some new feature to help enhance the experience, and this is why it’s one of the most popular messaging platforms on the web. According to a new report, WhatsApp is working on a new Notes feature for contacts. As it stands, it appears that this feature will be available on the web initially.

As with any feature currently in development, you will want to take this news with a grain of salt. This feature was discovered in the latest beta version of WhatsApp for the web. However, neither WhatsApp nor Meta officially announced it. So, there’s a chance that it could be changed or canceled at any moment.

WhatsApp is working on a new Notes feature for contacts

Sometimes, when you are contacting a person via WhatsApp, there’s additional information about them or your interactions that you want to keep track of. Well, according to a new report, WhatsApp is working on a way of doing so easily. Simply named Notes, this feature is currently being tested for the WhatsApp web version.

Looking at the screenshot below, we see a new text field in the contact info screen. One thing to note is that the account being used is a WhatsApp Business account. At this point, there’s no telling if this feature will be exclusive to business accounts or if it will be free for all.

WhatsApp contact notes

In any case, you will be able to write down specific information about the contact. It could be the contact’s schedule, preferences, country of origin, language, Etc. You’re able to add notes about anything on the contact, and this could make it much easier to keep track of certain things to remember. If you are an avid WhatsApp user, and you have to keep track of a large number of contacts, then the Notes feature will be a notable lifestyle improvement.

At this point, there’s no word on whether or not this feature will make it to Android and iOS. However, it doesn’t seem likely that WhatsApp would keep this from the mobile market. It’s currently in development, so we should hopefully be hearing more about it soon.


[ad_2]
Source link

Windows MagicDot Path Vulnerability : Rootkit-Like Abilities

andreasc
-
0
Windows MagicDot Path Vulnerability : Rootkit-Like Abilities
[ad_1]

A new vulnerability has been unearthed, allowing attackers to gain rootkit-like abilities on Windows systems without requiring administrative privileges.

Dubbed “MagicDot,” this vulnerability exploits the DOS-to-NT path conversion process within the Windows operating system.

Here, we delve into the technical details of the vulnerability, the attack methods, the rootkit-like abilities it confers, and the mitigation strategies to protect against such exploits.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

Vulnerability Description

The MagicDot vulnerability is rooted in the way Windows handles file paths. Specifically, it is a known issue within the DOS-to-NT path conversion process that attackers can manipulate.

The vulnerability allows for the concealment of files, directories, and processes, effectively granting the attacker the ability to operate undetected on the system.

DOS PathNT Path (MagicDot)
C:\example\example.\??\C:\example\example
C:\example\example\??\C:\example\example
C:\example\example<space>\??\C:\example\example
C:\example\example<space><space>\??\C:\example\example
C:\example.\example\??\C:\example\example
C:\example<space>\example\??\C:\example<space>\example

The issue arises from the handling of file paths that include dots and spaces in a manner that is not anticipated by the system or the software operating on it.

This can lead to a variety of unexpected behaviors, including the misrepresentation of files and processes to the user and the system’s own management tools.

Attackers can exploit the MagicDot vulnerability through several methods:

  1. Hiding Malicious Files and Processes: By using specially crafted file paths with dots and spaces, attackers can hide malicious files and processes from the user and system monitoring tools, such as Task Manager and Process Explorer.
  2. Archive File Manipulation: Attackers can manipulate archive files to hide their contents. When a victim extracts the archive, the extraction logic is tricked into creating symbolic links instead of the actual files, leading to the execution of the attacker’s payload.
  3. Misrepresentation of Files: The vulnerability can be used to make malware files appear as verified executables published by Microsoft, deceiving users and potentially bypassing security measures.
  4. Denial of Service (DoS): Attackers can disable Process Explorer by exploiting a DoS vulnerability, hindering the victim’s ability to analyze and detect malicious activity.

Rootkit-like Abilities

The MagicDot vulnerability grants attackers abilities akin to a rootkit, which is a type of malware designed to gain unauthorized root or administrative access to a computer while remaining hidden:

Stealth: The ability to hide files, directories, and processes from both users and system monitoring tools.

Anti-Analysis: Techniques to disable or mislead analysis tools like Process Explorer, making it difficult for users or administrators to detect the presence of malware.

Persistence: By hiding malicious processes and files, attackers can maintain a persistent presence on the system without detection.

Researchers disclosed findings to Microsoft, as noted above. Microsoft did address the vulnerabilities, but has decided to leave the DOS-to-NT path conversion known issue unfixed.

  • Remote Code Execution (CVE-2023-36396, CVSS: 7.8): The vulnerability was confirmed, reproduced, and fixed by Microsoft. It was assessed as an RCE with an “Important” severity. 
  • Elevation of Privilege (Write) (CVE-2023-32054, CVSS: 7.3): The vulnerability was confirmed, reproduced, and fixed by Microsoft. It was assessed as a privilege elevation (PE) with an “Important” severity. 
  • Elevation of Privilege (Deletion): The vulnerability was reproduced and confirmed by Microsoft. However, they did not issue a CVE or a fix, but instead provided the following response: “Thank you again for submitting this issue to Microsoft. We determined that this issue does not require immediate security service but did reveal unexpected behavior. A fix for this issue will be considered in a future version of this product or service.” 
  • Process Explorer Unprivileged DOS for Anti-Analysis (CVE-2023-42757): The vulnerability was reproduced, confirmed, and fixed by the engineering team of Process Explorer in version 17.04. CVE-2023-42757 was reserved for this vulnerability by MITRE. MITRE confirmed the vulnerability with Microsoft and will publish the CVE once online publication of the details is available. 

[ad_2]
Source link

Nokia 225 4G 2024 Leak

andreasc
-
0
Nokia 225 4G 2024 Leak
[ad_1]

While HMD is working on phasing out the “Nokia” brand in favor of its own brand, the company is still releasing some Nokia-branded phones, including the Nokia 225 4G 2024, which is set to be announced any day now.

Thanks to Onleaks, we can now provide a detailed look at the Nokia 225 4G 2024. It’ll be available in two colors: pink and a sort of dark greenish-blue color.

Similar to the Nokia 225 that was released last year, this is also a “dumb” phone. So, it does not run Android. Instead, it runs HMD Global’s own OS called S30+. On the front here, we’re looking at a 2.4-inch display with a number pad. It’ll also sport a single camera on the back; we expect that to be a VGA camera or perhaps a 3-megapixel camera. Either way, don’t expect anything crazy from this phone when it comes to pictures.

Internally, the Nokia 225 will sport 128MB of storage and 64MB of RAM. And this is powered by a 1,450mAh capacity battery.

Nokia 225 4G 2024 is going to be perfect for teenagers or grandparents

With the Nokia 225 4G 2024, you’re getting a phone that has zero smartphone features. The only feature that this phone has, which a Samsung Galaxy S24 Ultra has, is a USB-C port. Surprisingly, this has a 3.5mm headphone jack. That makes this perfect for teenagers, or even pre-teens, who do need a phone but don’t need access to Instagram or TikTok while they’re in school. It’s also great for grandparents who still want that flip phone and don’t want to learn how to use a smartphone.

We expect that the Nokia 225 4G 2024 will be priced around €100. We also don’t expect it to launch in the US. Typically, these phones will launch in Europe and Africa, regions where dumb phones still have a pretty good market share. And finally, the Nokia 225 4G 2024 is likely to be announced later this month.


[ad_2]
Source link

Microsoft taps four Korean tech giants for a large AI partnership

andreasc
-
0
Microsoft taps four Korean tech giants for a large AI partnership
[ad_1]

Microsoft’s Founder Bill Gates and CEO Satya Nadella will reportedly meet with leaders of South Korea’s four technology companies on May 14 at the MS CEO Summit 2024. The goal is to strengthen their partnerships regarding the AI products and tools that make the development possible.

The leaders Microsoft is planning to get into a discussion with are – Kyung Kye-Hyun, the head of Samsung Electronics Device Solutions Division, Kwak Noh-Jung, chief executive of SK Hynix, Cho Joo-wan, CEO of LG Electronics, and Ryu Young-sang, CEO of SK Telecom. It will be a closed-door meeting between the CEOs. This is unusual for Microsoft to invite four Korean beg tech CEOs and find opportunities for partnerships. It shows how serious the company is when it comes to strengthening its AI capabilities.

Microsoft could source related chips and also offer its services to the companies

According to analysts, a partnership between the companies could be mutually beneficial. Speaking of Samsung, they are already working with companies like Nvidia on the next generation of AI chips.

According to sources, the partnership with Samsung and SK Hynix will likely focus on supplying high bandwidth memory chips, high-performance solid-state drives for servers, and compute express link devices to Microsoft. These are among some of the key equipment in the development of AI products. For those unfamiliar, Samsung and SK Hynix are the world’s two largest memory chipmakers.

Aside from sourcing chips related to the development of AI, Microsoft may also engage in discussions with Samsung and LG to integrate its AI services into their products. For reference, Samsung’s Galaxy AI, which has reached millions of devices at this point, is backed by Google’s Gemini Model. For it may result in new features in the future. Notably, Microsoft has been a customer of Samsung and LG regarding their smartphones and TVs respectively.

Samsung is already known for working on two AI chips

Kyung, chief executive of Samsung DS division confirmed last month that the company is working on two AI chips named Mach-1 and Mach-2. KED Global notes that the mass production of a prototype is scheduled for the end of this year. The company has already engaged in a $752 million deal with Naver Corp regarding the Mack-1 chip.


[ad_2]
Source link

TikTok says its parent company is not an agent of China, warns about free speech

andreasc
-
0
TikTok says its parent company is not an agent of China, warns about free speech
[ad_1]

US lawmakers recently approved a divest-or-ban bill that would force ByteDance to sell TikTok to non-Chinese owners in six months, with the option to extend the timeframe with another three months if sale negotiations are ongoing.

Over the weekend, the US House of Representatives went even further and voted to ban the social app if ByteDance, its parent company, doesn’t cut ties with China.

If the Senate’s vote on the bill scheduled for this week ends up with the same result, then TikTok might be forfeit in the US if ByteDance doesn’t comply and sell it, especially since President Joe Biden has already confirmed it will sign the legislation.

In response to the Saturday voting, a TikTok spokesman said that if the Senate votes for the ban, it “would trample the free speech rights of 170 million Americans, devastate seven million businesses, and shutter a platform that contributes $24 billion to the US economy annually.” (via BBC)

Furthermore, ByteDance claims it “is not an agent of China or any other country,” and that about 60 percent of the company is owned by a range of global investment firms.

However, it’s worth noting that even though its Chinese founders own just 20 percent of ByteDance, it’s the controlling stake in the company. As mentioned earlier, 60 percent of ByteDance is owned by various global investment firms, while 20 percent is owned by employees.


[ad_2]
Source link

Citrix UberAgent Flaw Let Attackers Elevate Privileges

andreasc
-
0
Citrix UberAgent Flaw Let Attackers Elevate Privileges
[ad_1]

A significant vulnerability has been identified in Citrix’s monitoring tool, uberAgent.

If exploited, this flaw could allow attackers to escalate their privileges within the system, posing a serious risk to organizations using affected software versions.

CVE-2024-3902 – Privilege escalation vulnerability in Citrix uberAgent

The vulnerability, tracked under CVE-2024-3902, specifically impacts specific versions of Citrix uberAgent.

It has been classified with a Common Vulnerability Scoring System (CVSS) score 7.3, indicating a high severity level.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

The issue arises due to improper configuration settings in the uberAgent software, which can be manipulated to elevate user privileges.

The flaw affects the following versions of Citrix uberAgent:

  • Citrix uberAgent versions before 7.1.2

Preconditions for Exploitation

For the vulnerability to be exploited, specific conditions must be met:

  • At least one configured [CitrixADC_Config] entry
  • One or more of the following metrics are configured.
  • CitrixADCPerformance
  • CitrixADCvServer
  • CitrixADCGateways
  • CitrixADCInventory

Additionally, for versions 7.0 through 7.1.1:

  • WmiProvider set to PowerShell
  • At least one CitrixSession metric is configured.

To mitigate the risk posed by this vulnerability, Citrix has provided specific instructions for users of affected versions.

  • Disable all CitrixADC metrics by removing the specified timer properties.
  • Remove all [CitrixADC_Config] entries.
  • For versions 7.0 to 7.1.1, ensure that WmiProvider is not configured or set to WMIC.

Citrix urges all affected customers to upgrade to uberAgent version 7.1.2 or later, which addresses the vulnerability and provides enhanced security features.

The latest versions can be downloaded from the official uberAgent website.

This vulnerability highlights the importance of regular software updates and vigilant configuration management.

Organizations using Citrix uberAgent are advised to review their installations and promptly update and make configuration changes to protect their systems from potential threats.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP


[ad_2]
Source link
1...170171172...1,471Page 171 of 1,471