TIDAL is making it much easier to share music with your friends. The streaming service sneakily pushed out an update that makes it possible to share universal links with people who use different music streaming services.
A new update released on March 26 introduces this specific feature that’s been confirmed to work with multiple music streaming services, including Apple Music and Spotify (via Reddit). Here is an excerpt from the changelog:
Now, with just a couple of taps, your friends can play any TIDAL track, artist, or album that you share on their preferred streaming service – no fuss or feeling left out because they’re not on the same platform.
Unfortunately, TIDAL doesn’t mention what streaming services are compatible with its universal links, but it does promise to add more in the coming weeks. This is specifically the case for music streaming platforms that aren’t that popular, so if you’re using Apple Music, Spotify or YouTube Music, you shouldn’t have any issues.
As one of the Redditors points out, you might have to restart the app after updating to the latest version in order for the ability to share universal links to show up. TIDAL is the first and only major streaming service to offer this customer-oriented feature, so let’s hope that the others will follow soon.
Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature.
However, it has a big attack surface with over 2.5 billion active Android devices all over the world.
It also poses challenges when it comes to prompt vulnerability patching due to its fragmented ecosystem that consists of different hardware vendors and delayed software updates.
Malware distribution, surveillance, and unauthorized financial gain, or any other malicious purpose are some examples of how cybercriminals take advantage of these loopholes in security.
Recently, Google unveiled the Kernel Address Sanitizer (KASan) to strengthen the Android firmware and beyond.
Android Firmware And Beyond
KASan (Kernel Address Sanitizer) has broad applicability across firmware targets. Incorporating KASan-enabled builds into testing and fuzzing can proactively identify memory corruption vulnerabilities and stability issues before deployment on user devices.
Document
Download Free CISO’s Guide to Avoiding the Next Breach
Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.
Understand the importance of a zero trust strategy
Complete Network security Checklist
See why relying on a legacy VPN is no longer a viable security strategy
Get suggestions on how to present the move to a cloud-based network security solution
Explore the advantages of converged network security over legacy approaches
Discover the tools and technologies that maximize network security
Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.
Google has already leveraged KASan on firmware targets, leading to the discovery and remediation of over 40 memory safety bugs, some critically severe, through proactive vulnerability detection.
Address Sanitizer (ASan) is a compiler instrumentation tool that identifies invalid memory access bugs like out-of-bounds, use-after-free, and double-free errors during runtime.
For user-space targets, enabling ASan is straightforward with the -fsanitize=address option. However, for bare-metal code built with none system targets like arm-none-eabi, there’s no default runtime support.
The -fsanitize=kernel-address option exposes an interface to provide custom KASan runtime implementations, like the Linux kernel’s routines.
KASan’s core idea is to instrument memory access operations like loads, stores, and memory copy functions to verify the validity of destination/source regions.
It only allows access to valid regions tracked in a shadow memory area, where each byte represents the state (allocated, freed, accessible bytes) of a fixed-size memory region.
Upon detecting an invalid access, KASan reports the violation.
Enabling KASan for bare-metal targets requires implementing instrumentation routines to check region validity during memory operations, report violations, and manage shadow memory to track the state of covered regions.
Here below we have mentioned all the sequential steps:-
KASan shadow memory
Implement a KASan runtime
Memory access check
Shadow memory management
Covering global variables
Memory copy functions
Avoiding false positives for noreturn functions
Hook heap memory allocation routines
For the usage of KASan on bare-metal code, one should employ -fsanitize=kernel-address option of the compiler and -asan-mapping-offset to indicate the location of shadow memory, -asan-stack/globals=1 to cover stack/global variables and -asan-instrumentation-with-call-threshold=0 for outlining checks against code bloat.
In addition, strategies such as leveraging Rust (a memory-safe language) are being advanced in order to proactively guard against memory vulnerabilities in the Android system.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
WhatsApp Beta users can now experience a new view of the Call Screen
According to a report by WABetaInfo, the Meta-owned platform has introduced an enhanced call screen interface in WhatsApp beta for Android update 2.24.7.19. The new look is sleeker and more icon-driven compared to its previous counterpart, which was more basic but functional.
The Minimize button replaces the back button, located at the top left corner. This allows the call to be easily minimized and resumed by simply clicking it. Earlier, the lack of clear contrasts confused users who mistook the back button for the end call button. Additionally, the rebuilt interface enhances the user interaction process by enabling the addition of new members through the add participant button at the top right corner.
Some of the UI navigation elements have been updated
Another WhatsApp feature reporting publication, TheSpAndroid, has highlighted the new look of the bottom bars.
Following the images, it is evident that the new interface likely utilizes a constraint layout to achieve flexible positioning of the buttons. The new format buttons feature boasts consistent background colors for easy distinguishing from their surroundings. For instance, the buttons from the old version had a common background of grey color.
As depicted, there are three-dot menu settings that replace the arrow. The menu will likely serve the same purpose of expanding functionalities. TheSpAndroid reports that the three-dot menu is currently non-functional, indicating that the setting is still in development.
The given interface appears when a user initiates the switch between audio and video calls. Presently, this tweaked screen is undergoing testing on the latest WhatsApp beta version. The exact timeline for its official release remains unknown.
If you are eager to test these new features and provide feedback, you can join the beta program through the Google Play Store. Unfortunately, the beta program is currently at full capacity. You may need to wait a bit longer to gain early access to the latest WhatsApp updates.
Google’s making our lives a little easier in the password management game. If you’re like me, juggling dozens of logins gets messy, and if you have opted to use Google’s own password manager (the one you find in Chrome) in favor of third party ones, you’ll find that it is not as feature-rich as one would hope.
There are several reasons why I prefer to use Google Password Manager. For one, it is free, which is always a plus. Secondly, I find that it works well when you stay within Google’s ecosystem. For example, password autofill on my desktop Chrome browser and apps on my Google Pixel device is pretty much seamless. However, things can get a little dicey if you want to go a little more in-depth and import passwords from a CSV file. While this works very well on desktop, it hasn’t really been an option on mobile…until now.
Google Password Manager on Android devices is part of Google Play Services. As spotted by AssembleDebug back in February, a change was already taking shape there of a half-working option that had been added to import a CSV file from your phone’s storage.
Now, with Play Services v24.12, which is still in beta, this option is now there without the need to enable any experimental flags. We’ve always had the option to export our credentials as a CSV file, but it was just not possible to do it the other way around, unless you used the Chrome desktop browser.
Image Credit: AssembleDebug
The process looks super straightforward, as you can see in the screenshots above. One thing that’s a bit of a mystery is what exactly gets imported, although it appears that duplicates do get skipped. Since this is still in beta, there’s of course a chance that this will be further tweaked and streamlined as we get closer to a widespread release, which is likely around the corner.
The notorious WarzoneRAT malware has made a comeback, despite the FBI’s recent efforts to dismantle its operations.
Initially detected in 2018, WarzoneRAT was disrupted by the FBI in mid-February when they seized the malware’s infrastructure and arrested two individuals linked to the cybercrime scheme.
However, ThreatMon’s recent advertisement for WarZoneRAT v3, with its enhanced features, indicates that the threat actors are far from giving up.
Cybersecurity experts at Cyble Research & Intelligence Labs (CRIL) have uncovered a new campaign that leverages tax-themed spam emails to spread the WarzoneRAT (Avemaria) malware, a Remote Administration Tool (RAT) known for its remote control capabilities and ability to execute malicious actions under the command of a remote server.
Infection Tactics: The LNK and HTA Files
The infection begins when unsuspecting users open an email with the subject “taxorganizer2023” and execute an attached archive file.
Document
Download Free CISO’s Guide to Avoiding the Next Breach
Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.
Understand the importance of a zero trust strategy
Complete Network security Checklist
See why relying on a legacy VPN is no longer a viable security strategy
Get suggestions on how to present the move to a cloud-based network security solution
Explore the advantages of converged network security over legacy approaches
Discover the tools and technologies that maximize network security
Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.
This file contains a deceptive shortcut file, “taxorganizer2023.png.lnk,” which appears to be an image but is, in fact, a malicious LNK file.
When executed, it triggers a PowerShell command to download and extract a ZIP file, leading to the execution of an HTA file.
This HTA file then retrieves a PowerShell script in memory, which downloads a VBScript file from a remote server, ultimately deploying the WarzoneRAT malware.
Overall infection chain
Another infection method involves a ZIP archive named “MY TAX ORGANIZER.zip,” which contains a legitimate EXE file, a malicious DLL, and a PDF file.
Running the EXE file triggers the DLL sideloading technique, loading the malicious DLL identified as WarzoneRAT.
DLL sideloading method
Technical Analysis: Unpacking the Malware
The technical analysis of the campaign reveals a complex infection chain.
The LNK file downloads a PNG file, which is a ZIP file, and extracts its contents.
The subsequent execution of the HTA file leads to a series of scripts that perform various actions, including generating random equations for stealth, checking for antivirus processes, and creating directories and files for persistence.
Content of HTA file before & after removing Junk codes
Final Payload: The Dangers of WarzoneRAT
The final payload, WarzoneRAT (Avemaria), is a highly capable RAT that allows remote access and control over the victim’s computer.
It can exfiltrate data, escalate privileges, manipulate the desktop remotely, harvest credentials, and perform keylogging, among other intrusive activities.
Hardcoded strings of Avemaria
The recent campaign highlights the persistent threat posed by cybercriminals who exploit the trust of users with themed spam emails.
The sophisticated techniques used in this campaign, such as reflective loading and DLL sideloading, underscore the importance of vigilance and robust cybersecurity measures.
As the WarzoneRAT malware continues to evolve and resurface, it is a stark reminder of the ongoing battle between cybercriminals and cybersecurity defenders.
Users are urged to exercise caution when opening email attachments, even those that appear to be related to timely and relevant topics like tax organization.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Modern advancements have tilted the world into a tightly-knit web. Accessing localized content and resources can be hard due to geographic restrictions or censorship. However, the utilization of ISP proxies offers a promising solution. ISPs deploy these proxies. They sit between users and the internet, enabling access to region-locked content and resources.
This article explores high-quality ISP proxy packages with IPs from various countries. It explains their transformative power and shows how they bypass barriers to information and enhance user experiences. ISP proxies can unlock streaming services and allow access to educational materials. They have huge potential. They can make online content access fairer. Join us as we delve into ISP proxies and their impact on internet access.
The Limitations of Traditional Proxies
Think of a proxy server as a go-between your device and the internet. It allows you to browse anonymously and shields your identity. With it, you can also access restricted content. It works by primarily masking your IP address, providing privacy, and bypassing censorship or access restrictions.
However, traditional datacenter proxies pose significant limitations since websites are good at spotting and blocking them. This is because they have recognizable patterns and often seem suspicious. So, if you rely on such proxies, you may be unable to access some content or resources. This limitation comes from the widespread use of datacenter IPs by many users, which makes them easy to identify and prone to blocking.
Also, datacenter proxies lack the geographical diversity of residential proxies. They are also less reliable. This further limits their effectiveness in accessing region-restricted content or evading detection. Also, their static nature makes them easy to blacklist. This reduces their usefulness for bypassing restrictions or staying anonymous online.
Therefore, traditional proxies offer some benefits in comparison. But, their limits show the need for more advanced solutions. In a more connected and monitored online world, there is a need for these.
Introducing ISP Proxies: A Unique Solution
Introducing ISP proxies provides a unique solution. They solve the limits of traditional proxies and are different from datacenter proxies. Individual Internet Service Providers (ISPs) provide them, linking them to real residential IP addresses. This difference is fundamental. It allows ISP proxies to offer a hybrid solution. It combines the anonymity of home proxies with the speed and reliability of datacenter proxies.
ISP proxies use residential IP addresses from ISPs. They offer users the authenticity and legitimacy that traditional proxies often lack. Websites are less likely to detect and block ISP proxies since they come from real residential locations and mimic real user behaviour.
Also, ISP proxies offer users faster connections and more reliability. They’re better than residential proxies because they use the infrastructure of established ISPs. This mix makes ISP proxies attractive. They are for users who want to access region-restricted content and avoid detection. They are also for users who want to stay anonymous online while having the benefits of reliable, high-speed internet access.
Benefits of ISP Proxies
ISP proxies offer several notable benefits that distinguish them from traditional proxies. Let’s go over some of them.
Enhanced Anonymity and Security
ISP proxies have a few key advantages. One of them is that they can provide better anonymity and security. ISP proxies use actual residential IP addresses. They are like real user connections. This stealthy approach makes it hard for websites to identify and block them. As a result, users get more privacy. They also get more security when browsing the internet. This makes it less likely that bad actors will track or target them.
Increased Trust With Websites
Websites tend to trust traffic from ISP proxies more than traditional ones. This is because ISP proxies mimic the behaviour of real users. They are less likely to get flagged as suspicious. As a result, users can do tasks like social media management or web scraping with more confidence. Websites blocking their traffic or implementing tight security measures against them is less likely.
Access to Truly Local Content
Many websites restrict access to content based on the user’s location. ISP proxies solve this by letting users select an IP address from several places around the world. This lets users access truly local content, which they couldn’t otherwise access.
These proxies help users with streaming region-locked content. They also help with accessing geo-restricted services and browsing localized websites. They let users overcome geographical barriers and have a more tailored online experience.
Conclusion
ISP proxies offer enhanced anonymity, increased trust in websites, access to local content, reliable performance, and compatibility with various applications. With their ability to provide real residential IP addresses, ISP proxies present a valuable solution for users seeking improved online privacy and access to region-restricted content.
A tipster just shared more information about Xiaomi’s first flip phone
That being said, the details we’ll talk about here have been shared by Digital Chat Station. He says that the phone’s main display will have very narrow bezels around it. The cover display, on the other hand, will be rather spacey and will have two cutouts for the two cameras.
The tipster added that the prototype model of the device has a battery capacity of 4,800mAh/4,900mAh. 67W wired charging is expected, and the charger will be included in the box.
What’s interesting is that Xiaomi seemingly plans to use the Snapdragon 8 Gen 3 chip inside this phone. That is also something that the tipster mentioned. We were expecting the Snapdragon 8 Gen 2, or a MediaTek chip, but Xiaomi is going all out.
The device will be very powerful, and include the Snapdragon 8 Gen 3 SoC
It seems like the company wants to position its first flip phone rather high on the food chain. It will stand right beside the upcoming book-style foldable from the company, the Xiaomi MIX Fold 4.
Speaking of names, the company’s very first flip phone could be called the Xiaomi MIX Flip. It would make sense, as the book-style foldable is the Xiaomi MIX Fold. The company could, of course, mix things up, we’ll have to wait and see.
Now, the Xiaomi MIX Fold 3 launched back in August last year. The Xiaomi MIX Flip could arrive alongside the fourth-gen model this year, around August. Alternatively, it could launch sooner than that, in the first half of the year, as some rumors suggested. We can only guess at this point.
EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed “Operation FlightNight” targeting Indian government entities and energy companies.
The attackers, likely state-sponsored, leveraged a modified version of the open-source information stealer HackBrowserData to steal sensitive data.
EclecticIQ identified that the attackers used Slack channels, a popular communication platform, as exfiltration points.
These channels were named “FlightNight,” giving the operation its name.
Data Breach:
The attackers successfully infiltrated multiple government agencies responsible for communication, IT, and national defense.
Document
Download Free CISO’s Guide to Avoiding the Next Breach
Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.
Understand the importance of a zero trust strategy
Complete Network security Checklist
See why relying on a legacy VPN is no longer a viable security strategy
Get suggestions on how to present the move to a cloud-based network security solution
Explore the advantages of converged network security over legacy approaches
Discover the tools and technologies that maximize network security
Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.
Additionally, private energy companies were compromised, with details about financial documents, employee information, and even oil and gas drilling activities stolen.
A staggering 8.81 GB of data was exfiltrated, potentially aiding future intrusions.
The attackers used a trick to get victims to install malware.
They sent emails disguised as invitations from the Indian Air Force.
These emails contained an ISO file, which appeared to be a harmless archive.
However, when the victim opened the ISO file, it actually launched a shortcut file (LNK) disguised as a PDF document.
Clicking the LNK file unknowingly activated the malware.
The malware then exfiltrated confidential documents, private emails, and cached web browser data.
Malware infection chain in Operation FlightNight.attacker.
Indian Air Force invitation decoy side with information stealer payload.
The Malware’s Work:
The stolen data included documents, emails, and browsing history.
Instead of sending the stolen data directly to the attackers, the malware uploaded it to channels on a communication platform called Slack.
To make it appear like normal activity on the network and to help the attackers avoid detection.
Overlaps between new and earlier malware campaign.
The attackers modified an existing tool called HackBrowserData to add new features like document theft and communication through Slack.
Analysis of the code confirmed these modifications.
The malware also used a specific naming scheme for temporary files and targeted certain file types like documents and databases to steal data faster.
Finding The Victims:
The malware made a big mistake by storing the keys needed to access and control the Slack channels directly in its code.
EclecticIQ researchers found these keys and used them to access the Slack channels where the stolen data was uploaded.
These channels contained information for the researchers:
A list of victims – who was targeted by the attack.
File paths – exactly where the stolen data came from on the victim’s computer.
Timestamps – when the data was stolen.
Download URLs – unique links that allow anyone with the link to download the stolen data!
Another mistake was testing the connectivity over Slack workspaces.
This helped researchers understand even more about the attacker’s setup, including details about the Slack team and the bots used to communicate.
Recommendation/Mitigation
Disable the “remember me” feature in web browser and turn off automatic username completion.
Two-factor authentication (2FA) adds an extra layer of security by requiring a second verification code in addition to password when logging in.
Be cautious with ISO files
Command-line auditing can help track suspicious activity related to LNK files, which can launch malware.
Watch for unusual amounts of data being sent to unknown Slack channels.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Two OPPO phones are the very first devices in the world to support 5.5G networks. China Mobile announced the commercial launch of 5G-Advanced aka 5.5G aka 5GA network. Following that, OPPO’s Chief Product Officer confirmed something interesting.
The OPPO Find X7 Ultra now has support for 5.5G networks, the vanilla model too
Pete Lau serves as OPPO’s CPO, in case you were wondering. He went to social media and shared an image of the OPPO Find X7 Ultra. The thing is, the device in the picture is running 5GA, as shown above, its signal strength.
The list of devices that will support 5.5G networks is expected to grow towards the end of the year. In fact, over 20 devices are expected to support it in a year’s time. That’s not a lot in a year, true, but it’s progress.
China Mobile plans to roll out 5.5G to cover over 300 cities by the end of 2024
China Mobile said that it plans to roll out the new network to cover over 300 cities by the end of 2024. The first 100 are aimed at the massive metropolitan areas of Beijing, Shanghai, and Guangzhou, as expected.
With that being said, what’s so great about the 5G-Advanced networks? Well, it can be up to 300% faster, and hit speeds of up to 10Gbps down and 1Gbps up. That’s a marketing name for 3GPP Release 18, as GSM Arena reports.
It will take some time for 5.5G to reach other countries, China is the first to get there, it seems. We don’t have any specifics for other regions at the moment.
After gaining voice message support earlier this week, Google Chat is now getting another update that brings a couple of interesting changes. For starters, the purpose of the update is to improve the Files tab in Google Chat spaces to make file management easier for users.
In that regard, Google has added an updated tab called Shared, as well as a refreshed user interface. On top of that, Google Chat is getting new features like a sort drop-down menu, support for shared links and media files.
Thanks to the new sort drop-down menu, users will now be able to narrow down the list of documents displayed based on category (file, link, media) or date shared.
Google Chat users who update to the latest version will see a new arrangement of tabs such as: Chat, Shared and Tasks. Three other sections are hidden behind that Shared tab: Files, Links and Media.
According to Google, the new features for Chat users will be rolled out starting April 17 (March 27 for the Rapid Release domains). Of course, it will take up to 15 days for everything to be visible.
As far as availability goes, all Google Workspace customers, Workspace Individual subscribers, and users with personal Google accounts will benefit from the new features and improvements.
