LinkedIn is indeed one of the most popular social media platforms, albeit for mostly professionals. It’s different in its way. It may be a social media site at the end of the day. But it does more than that, like connecting with industry leaders, finding relevant jobs, requesting jobs from connections, and more. Quite obscure, LinkedIn is now filling its shoes with a TikTok-style short video feed.
LinkedIn might soon have a TikTok-style short video feed
According to Austin Null, who saw the upcoming feature in the app, the upcoming short video feed is hidden within the app’s bottom bar under a fresh Video tab. We can also expect this as a shortcut to the short video feed once the feature rolls out to more.
As per the user report, once you select the Video tab, LinkedIn turns into a TikTok-style video feed. However, LinkedIn mightn’t completely immerse itself into yet another short-video app and compete with TikTok, YouTube Shorts, and Instagram Reels on all the grounds.
Instead, LinkedIn has realized the potential of TikTok-style short-video formats. What’s surprising is it comes at a time when TikTok is struggling blue and black to continue the momentum. It’s no lie that TikTok has largely created the inspiration behind most of the short-video apps we see today. If LinkedIn wants to hop on the trend, this proves the bandwagon is real.
Coming back to the interface, it includes reactions such as giving a thumbs up to a video (which might help the platform show more content like that), commenting on it, and sharing it with others. There are also talks in the town that LinkedIn might lure content creators to join the platform’s new short-video hub. And there’s a chance of monetization as well. There are no hints about the final release, but we expect it in stages. For instance, it might first come to one region and follow thereafter.
This could be the launch date of the Huawei P70 series
You can check out that screenshot below. As you can see, it’s in Chinese, as this press event will take place in China. The Huawei P70 series is expected to arrive to global markets too, but only after the China launch.
Having said that, the launch date highlighted here is April 2, and the time is 2:30 PM. That translates to 7:30 AM CET, 6:30 AM BST, 1:30 AM EST, in case you were wondering.
We’re expecting to see three variants of the phone, the Huawei P70, Huawei P70 Pro, and the Huawei P70 Art. Well, there is a chance that the Huawei P70 Pro+ will also launch, even though that did not happen last year (with the P60 series). The model you can see in the image above is likely the ‘Art’ variant, at least based on its backplate.
The Kirin 9000s will fuel these devices
If you take a closer look at the provided screenshot, you’ll notice that the Kirin 9000s is also mentioned here. That is Huawei’s very own SoC, which was made in collaboration with SMIC. It does support 5G connectivity.
Now, the specs of the Huawei P70 series did surface, but we’re not sure how accurate they are. All three/four smartphones are expected to utilize the Kirin 9000s chip. The Huawei P70 is said to include a 6.58-inch display, while the other models will have a 6.76-inch panel. All of them will be LTPO OLED displays.
The ‘Pro+’ and ‘Art’ models are said to include a better main camera sensor
The Huawei P70 is expected to have a slightly smaller battery, and the same selfie camera as the other models (a 13-megapixel unit). The Huawei P70 Pro+ and P70 Art are said to have a more powerful main camera sensor (Sony’s IMX989 sensor), compared to the OmniVision OV50H (1/1.3-inch sensor) that will be included in the other two models. We’re talking about the main cameras here.
All devices are tipped to support 88W wired charging, and all models except the base one will support 80W wireless charging, allegedly. The base model is also said to offer wireless charging, but a 50W wireless charging.
The demand for skilled technology professionals is currently skyrocketing. As industries continue to undergo rapid changes, the gap between the skills possessed by the workforce and those required by employers is widening. A report by the World Economic Forum predicts that by 2025, 85 million jobs may be displaced by a shift in the division of labor between humans and machines, while 97 million new roles may emerge that are more adapted to the new division of labor between humans, machines, and algorithms. This dynamic shift underscores a critical challenge: the urgent need for scalable, effective solutions to bridge the tech skill gap.
The presence of e-learning platforms directly addresses this pressing issue to become a pivotal force in democratizing education, making learning more accessible, flexible, and tailored to individual needs. An expert coding tutor can now easily connect with learners, offering a plethora of up-to-date courses, and a primary conduit for cultivating the tech talent of tomorrow.
As we stand on the brink of a new era in tech employment, the role of e-learning platforms in bridging the skill gap is more critical than ever. By leveraging the power of digital education, we can not only prepare individuals for the jobs of the future but also ensure that the tech industry remains competitive, while maintaining continuous innovation and growth.
The Growing Tech Skill Gap
According to a report by the U.S. Bureau of Labor Statistics, employment in computer and information technology occupations is projected to grow 11 percent from 2019 to 2029, much faster than the average for all occupations. This growth is expected to result in the creation of more than 500,000 new jobs. However, this rapid expansion has also highlighted a critical challenge: a widening skill gap that threatens to slow innovation and growth within the industry.
The skill gap refers to the disparity between the skills that employers need and the skills that the workforce currently possesses. In the tech industry, this gap is particularly pronounced due to the fast pace of technological advancements. New programming languages, development frameworks, and technological paradigms are emerging at a speed that traditional educational institutions struggle to match. As a result, many graduates find themselves ill-equipped for the demands of the modern tech job market, while employers struggle to find suitable candidates with the necessary skills.
This gap is not just a challenge for individuals and companies; it represents a broader economic issue. A study by the global consulting firm Korn Ferry predicts that by 2030, there could be a global talent shortage of more than 85 million people, resulting in about $8.5 trillion in unrealized annual revenues. This shortage within the tech sector is particularly acute in areas such as cybersecurity, data analytics, and artificial intelligence (AI), where the demand for skilled professionals far outstrips the supply.
To address these challenges, tutoring platforms are offering courses and resources that are not only aligned with current industry needs but are also accessible and flexible for learners. These platforms provide individuals with the opportunity to acquire the latest tech skills, from basic programming to advanced AI and machine learning techniques, all under the guidance of expert coding tutors, tasked with preparing a new generation of tech professionals for the job market and infusing innovation and growth in the tech sector.
The Role of E-Learning Platforms in Tech Education
E-learning platforms have emerged to provide a dynamic and responsive educational environment that traditional institutions struggle to match. These platforms are not just repositories of information; they are vibrant learning communities that connect eager learners with expert tutors in their specialized fields, and a wealth of resources tailored to the tech industry’s evolving needs.
Access to Diverse Courses and Expert Tutors
– Wide Range of Learning Materials: From foundational programming languages like Python and Java to cutting-edge technologies such as blockchain and quantum computing, tutoring platforms offer an expansive catalog of courses designed to meet the diverse needs of the tech industry. – Expert Guidance: These platforms connect learners with experienced coding tutors, providing personalized instruction and mentorship. This direct access to experts helps learners navigate complex topics and stay motivated throughout their educational journey.
Personalized Learning Experiences
– Customizable Learning Paths: Learners can tailor their education to their specific career goals and interests, choosing courses that align with their desired skill set. – Pace and Style Adaptability: E-learning accommodates various learning paces and styles, enabling students to progress through courses as quickly or slowly as they need, revisiting material as often as necessary to ensure mastery.
Real-Time Curriculum Updates
– Industry-Relevant Skills: Course content on e-learning platforms is continuously updated to reflect the latest industry trends and technologies, ensuring learners acquire relevant and in-demand skills. – Immediate Application: The ability to learn and immediately apply new skills in real-world scenarios enhances the learning experience and prepares students for the challenges of the tech industry.
Advantages of Personalized Learning Paths
One of the most significant benefits of e-learning platforms is their ability to offer personalized learning experiences, which are crucial in effectively bridging the tech skill gap. This personalization manifests in several key areas, making the learning process more adaptable, accessible, and aligned with individual learner needs and goals.
Flexibility in Learning
– Self-Paced Learning: Learners have the freedom to set their own pace, allowing them to balance their studies with work, family, and other responsibilities. This flexibility ensures that individuals can continue their education without having to put their lives on hold. – On-Demand Accessibility: Courses are largely accommodating and resources are typically accessible 24/7, providing learners the convenience to study anytime and anywhere, removing the barriers of time zones and geographical locations.
Accessibility to All
– Global Reach: E-learning platforms break down geographical barriers, making high-quality tech education accessible to a global audience. This inclusion fosters a diverse learning community, enriching the educational experience for all. – Reduced Costs: Without the need for physical classrooms, commuting, or expensive textbooks, e-learning platforms offer a more affordable alternative to traditional education, opening up opportunities for a wider range of individuals.
Cost-Effectiveness
– Targeted Learning: Instead of investing in a broad and expensive degree program, learners can focus their resources on specific courses that match their career goals and ambitions ensuring a more efficient use of time and money. – Return on Investment: Acquiring tech skills through e-learning platforms can lead to significant career advancements and opportunities, offering a high return on investment through increased earning potential and job security.
Empowering Future Tech Talent
The role of tutoring platforms in continuous education and skill development will only grow in importance. The ability to quickly adapt to new technologies and industry demands will be a key determinant of success for both individuals and companies alike. In this dynamic environment, the reciprocal commitment to lifelong learning and the pursuit of knowledge will be the most valuable investments both learners and corporations can make.
More than just an educational resource; e-learning platforms are a bridge to the future of tech employment, offering a solution to the skill gap challenge that faces the global economy to the skill gap challenge that the global economy faces or is facing. By embracing these platforms, we can ensure that the workforce of tomorrow is equipped with the skills necessary to drive innovation, growth, and prosperity in today’s changing market space.
A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed light on the growing concerns within the cybersecurity community.
The survey, which gathered insights from over 800 IT and security executives globally, reveals a stark reality: 92% of respondents have observed a surge in cyber-attacks compared to the previous year.
The complexity and frequency of these attacks are putting unprecedented pressure on organizations, with a significant 73% having suffered monetary losses due to cyber incidents.
Vulnerable Sectors Under Siege
Cybercriminals are not indiscriminate in their targets. The survey identifies IT services, financial operations, and supply chain management as the most frequently attacked sectors within organizations.
The hospitality/travel, manufacturing, and financial services industries are also facing weekly and monthly attacks, with ransomware and phishing topping the list of concerns.
Industries at Risk
The New Wave of Sophisticated Attacks
The findings from Keeper Security’s survey highlight the urgent need for organizations to adapt their cybersecurity strategies to counter both existing and emerging threats.
A staggering 95% of IT leaders acknowledge that cyber-attacks are increasing in frequency and sophistication.
The most serious emerging threats include AI-powered attacks, deepfake technology, supply chain attacks, cloud jacking, IoT attacks, 5G network exploits, and fileless attacks.
AI-powered attacks are particularly concerning, as they enable cybercriminals to automate and scale traditional attack techniques like phishing and password cracking.
This has led to a call for a proactive cybersecurity approach that combines advanced defense mechanisms with fundamental best practices.
To combat these threats, IT leaders are planning to increase their AI security measures through data encryption (51%), employee training and awareness (45%), and advanced threat detection systems.
In North America, the focus is equally split between threat detection systems and data encryption, each at 50%.AI Security Measures
Phishing remains a significant challenge, with 67% of companies struggling to combat these attacks.
The rise of AI tools has made phishing scams more believable and harder to detect, with 84% of respondents finding them more difficult to identify.
Insider Threats and the Importance of PAM
Not all threats come from the outside; 40% of respondents have faced attacks from within their organization.
Privileged Access Management (PAM) solutions are crucial for managing and securing privileged credentials and enforcing the principle of least privilege to minimize damage from potential insider threats.
Despite the evolving threat landscape, fundamental cybersecurity practices remain crucial. Organizations are encouraged to adopt password and PAM solutions to prevent prevalent attacks.
A password manager can enforce strong password practices, while PAM solutions control and monitor high-level access.
These measures create a layered security approach that enhances overall cybersecurity resilience.
As cybercriminals continue to refine their tactics, IT and security leaders must remain vigilant and proactive in their defense measures to protect their organizations’ digital landscapes.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware.
The write-up outlines the importance of sandbox analysis in preparing for reverse engineering by highlighting what to expect and focus on, given that malware creators use various tactics to confuse analysts.
It also mentions that the walkthrough will cover modifying malware to simplify analysis.
The initial understanding gained fromsandbox analysis allows analysts to prioritize areas for investigation during the deconstruction phase. This is particularly useful as malware often employs obfuscation techniques to impede analysis.
The preparation for reverse engineering Snake Keylogger, a.NET infostealer with anti-analysis techniques, where the author plans to use static and dynamic analysis with decompilers and debuggers in an isolated environment built with VirtualBox, Windows 11, Flare-VM, dnSpy, and.NET Reactor Slayer.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
To ensure safety, the network adapters will be disabled, and resource sharing between the guest and host machine will be minimized. The modded Snake Keylogger
Stages of the Malware Analysis:
The analysis identified “pago 4094.exe” as a .NET keylogger disguised as an airplane simulator. Static analysis revealed suspicious decryption code in the InitializeComponent function, and disabling the code confirmed its role in malicious activity.
The entry point that contains the Main function
Dynamic analysis showed the code fetching data from a resource named “Grab” and decrypting it, which contained a valid DOS header, DOS stub, and PE header, indicating it was a new executable payload.
The payload, loaded as an in-memory assembly using Assembly.Load, was identified as “Aads.dll” and determined to be stage 2 of the malware.
The “Airplane Traveling” application on the ANY.RUN Sandbox
The analyst at ANY.RUNinvestigated “Aads.dll,” a.NET assembly DLL, using static and dynamic analysis, where static analysis in dnSpy revealed sorting/searching functions but no malicious code.
“Aads.dll” on DIE shows the Library and Linker
Dynamic analysis with breakpoints showed “Aads.dll” using image data from resource “ivmsL” containing a potentially steganographic image.
The image data was processed through sorting algorithms and examined in memory, revealing a DOS header (“MZ”) and PE header, indicating a packed executable, while the extracted executable, named “Tyrone.dll,” was identified as stage 3 of the malware.
The module “Tyrone.dll” can be observed under the Modules Tab
“Tyrone.dll” was found as a.NET DLL with VB.NET code that had been hidden by.NET Reactor. Static analysis of the deobfuscated code showed functions related to a “pandemic simulation” that were deemed unnecessary, but the presence of GetObject() suggested a next step.
Deobfuscating the “Tyrone.dll”
Dynamic analysis confirmed this suspicion by setting breakpoints and examining memory, while retrieved data from resource “wHzyWQnRZ” was identified as a new executable containing a DOS header, DOS stub, and PE header – stage 4 of the malware.
DocumentAre you from SOC and DFIR Teams?
Sign up and start using the interactive malware sandbox for free.
.
Analysts investigated “lfwhUWZlmFnGhDYPudAJ.exe,” a.NET assembly flagged as a keylogger, where the file had obfuscated code with non-descriptive names and after identifying it as a VB.NET compiled PE32 executable, they detonated it in a sandbox environment, confirming its keylogging functionality.
The overview of “lfwhUWZlmFnGhDYPudAJ.exe” in an ANY.RUN sandbox
At last, the deobfuscation with renaming functions (e.g., “lena_”) improved code readability for further analysis.
The malware configuration, encrypted with a hardcoded key, reveals SMTP information for exfiltration and the code steals login data from browsers (Chrome, Edge, etc.) and applications (Discord) by accessing their SQLite databases or LevelDB files.
Snake Keylogger Config Decryption Python Code
It exfiltrates data via FTP, SMTP, or Telegram, as the analyzed sample uses SMTP with hardcoded credentials and sends data as an email attachment.
It describes modifying the Snake Keylogger malware for easier analysis by disabling internet connection checking, self-deletion, and self-movement functionalities.
The encrypted SMTP information obtained from the Python code
A Python script has been written to encrypt SMTP credentials with a key derived from an MD5 hash and store them in the malware configuration to bypass email encryption.
DocumentAre you from SOC and DFIR Teams?
Integrate ANY.RUN Malware Sandbox in your workplace.
.
The malware was customized by changing the icon and adding functionalities to change the wallpaper and save stolen credentials to text files on the desktop. The effectiveness of the modifications was verified by running the modded malware in a sandbox environment.
Boosting Security with ANY.RUN Threat Intelligence
The solution offers a threat intelligence (TI) feed and a lookup portal, providing access to a constantly updated database of malware information that leverages data from over 1.5 million investigations by community and in-house analysts, allowing you to
Access the latest community-reported and analyst-discovered malware data.
Search across various aspects (fields) of 1.5 million investigations conducted in the past 6 months.
To identify risks, analyze command lines, registry changes, memory dumps, encrypted and unencrypted network traffic, and more.
It offers threat intelligence in two formats:
Threat Intelligence Lookup – Search our portal for relevant events using 30 criteria. Use wildcards (*) or widely to search substrings. With rapid search, you will get results in 5 seconds. The attached IOCs and event fields include links to recorded sandbox research sessions.
Threat Intelligence Feeds – Receive STIX data from our Feeds directly into your TIP and SIEM systems. Set up firewalls for the current threats. New data provides indications and event fields for context every two hours.
TI Lookup examines a massive database of Indicators of Compromise (IOCs) and related events across numerous parameters. Wildcards allow wide or particular searches, and results, including linked research sessions, are supplied in seconds.
SIEM systems can use TI Feeds’ continuous threat data in STIX format and every two hours, IOCs and event details are added for threat analysis.
What is ANY.RUN?
ANY.RUNis a cloud-based malware lab that does most of the work for security teams. 400,000 professionals use ANY.RUN platform every day to look into events and speed up threat research on Linux and Windows cloud VMs.
Advantages of ANY.RUN
Real-time Detection: ANY.RUN can find malware and instantly identify many malware families using YARA and Suricata rules within about 40 seconds of posting a file.
Interactive Malware Analysis: ANY.RUN differs from many automated options because it lets you connect with the virtual machine from your browser. This live feature helps stop zero-day vulnerabilities and advanced malware that can get past signature-based protection.
Value for money: ANY.RUN’s cloud-based nature makes it a cost-effective option for businesses since your DevOps team doesn’t have to do any setup or support work.
Best for onboarding new security team members: ANY. RUN’s easy-to-use interface allows even new SOC researchers to quickly learn to examine malware and identify signs of compromise (IOCs).
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
Aside from showing Chrome users a popup to switch to Microsoft Edge, it turns out that the company is also striving to fix known bugs and security flaws of the browser, and the system associated with it. The tech giant has just fixed a prior glitchy update to its Edge browser, which was causing numerous problems for users. However, it turns out that there’s more and this particular one could be severe.
A recently patched bug in Microsoft Edge allowed potential attackers to install extensions on the user’s system. And it could happen without any interaction from the user. Notably, it could be exploited for financial gain or other purposes.
Tracked as CVE-2024-21388, this vulnerability was at first revealed by Guardio Labs security researcher Oleg Zaytsev, who highlighted its potential for malicious exploitation.
Attackers could have used the Microsoft Edge bug to install an extension by exploiting a private API
Researchers addressed the security flaw in Microsoft Edge stable version 121.0.2277.83 released on January 25, 2024. Bad actors could have exploited the flaw to leverage a private API originally intended for marketing purposes. This API could enable attackers to install browser extensions with broad permissions, which could lead to a browser sandbox escape.
The vulnerability, if successfully exploited, could have allowed attackers to gain the privileges needed to install extensions on users’ systems without their consent. An attacker could make it happen by exploiting a private API in the Chromium-based Edge browser. It reportedly granted privileged access to a list of websites, including Bing and Microsoft.
By running JavaScript on these pages, attackers could install extensions from the Edge Add-ons store. It won’t require any interaction from the user. The bug in Microsoft Edge essentially stemmed from insufficient validation. It could allow attackers to provide any extension identifier from the storefront and stealthily install it.
The potential impact of this vulnerability is significant, as it could have facilitated the installation of additional malicious extensions. In a hypothetical attack scenario, threat actors could not only publish seemingly harmless extensions to the add-on store but also leverage them to inject malicious JavaScript code into legitimate sites. Subsequently, users visiting these sites would unknowingly have the targeted extensions installed on their browsers without their consent.
Thankfully, there’s no record of a successful exploitation
Thankfully, there’s no evidence of a successful exploitation of this security flaw. Browser customizations aim to uplift the user experience. However, they can inadvertently introduce new attack vectors and this recorded security flaw is a perfect example of that. As Guardio Labs’ Oleg Zaytsev emphasized, attackers can easily trick users into installing seemingly harmless extensions, which could serve as the initial step in a more complex attack.
C2A Security’s DevSecOps Platform, ‘EVSec’, has been gaining widespread traction as the automotive industry rushes to meet cybersecurity regulations and industry standards, such as UN Regulation No. 155, ISO/SAE 21434, Chinese GB Standards, and others.
2024 is a pivotal year for cybersecurity regulations in the automotive industry, as UN Regulation No. 155 goes into full effect. C2A Security’s EVSec risk-driven product security platform allows developers to focus on creative features and manage software and operations at scale, in an automated manner.
EVSec automates archaic manual processes and enables cross-functional sharing and collaboration between teams, customers, and supply chains while offering full digital twin capabilities. EVSec applies continuous feedback from product operations and vulnerabilities to improve development and design, as part of agile software development.
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such as BMW Group, Daimler Truck AG, Marelli, NTT Data, Siemens, and Valeo, among others.
The collaboration with C2A Security supports the customers on the applicable standards and best practices for regulatory compliance. EVSec maps and automates the relevant standards and regulations, like ISO/SAE 21434 and UN Regulation No. 155, to simplify compliance efforts, which are essential to business success, as companies forge new grounds for their vehicles, develop innovative EV-powered vehicles, and plan for the EV infrastructure that supports them.
“We’re thrilled that EVSec has proven so popular and effective, as companies like Daimler Truck AG choose it as its product security platform. Dealing with current and emerging regulatory demands, software development at scale and overall product security operations can be a limitation on the business continuity of a company if not automated,” noted Roy Fridman, CEO, of C2A Security.
“At the end of 2023, we witnessed the first case of a premium car maker that stopped the sale of their most popular model in the European Union because it failed to comply with the regulation. To stay competitive companies must utilize advanced product security automation in their development and operations and we are excited to support them in achieving this goal.”
C2A Security is the only risk-driven DevSecOps Platform vendor that addresses the specific needs of car makers, Tier 1 suppliers, and mobility companies. Founded in 2016, C2A Security’s customers and technology partners include top-tier global players including Daimler Truck AG, BMW Group, Siemens, Valeo, ThunderSoft, Marelli, NTT Data, and Evvo Labs, among others.
C2A Security transforms cybersecurity from being a company-wide limitation to a business value multiplier through advanced security automation and compliance to shorten software release times and decrease costs.
Our vision is to turn product security into a seamless, automated, and transparent process, reducing time to deployment and costs of managing automotive software products and resources. C2A Security was founded by NDS/Cisco veteran Michael Dick, with its global headquarters in Jerusalem, Israel. c2a-sec.com.
In early 2024, a large K-12 school district partnered with ThreatDown MDR to strengthen its cybersecurity posture. Shortly after onboarding, ThreatDown MDR analysts detected unusual patterns of activity subsequently identified as the work of SolarMarker, a sophisticated backdoor. It became evident that SolarMarker had been present in the district’s system since at least 2021, likely exfiltrating data over several years.
Let’s dive further into the investigation’s findings and the steps taken to mitigate the threat.
SolarMarker infection
Background
The incident began with the detection of an anomalous instance of PowerShell attempting to establish an outbound network connection to a suspicious IP address (188.241.83.61). This connection attempt was thwarted by Malwarebytes Web Protection (MWAC), signaling the first indication of a potential security breach.
Initial challenges
Upon investigation, it was discovered that Endpoint Detection and Response (EDR) settings were disabled in the client’s endpoint policy. This limitation prevented the use of Fast Response Scanning (FRS) to capture and analyze detailed endpoint data, necessitating a manual approach to the investigation utilizing Active Response Scanning (ARS).
Investigation and analysis
The first step involved querying active network connections with netstat, which revealed an instance of PowerShell in operation. To further understand the nature of this PowerShell instance, its command line was examined using Windows Management Instrumentation Command-line (WMIC) with the process ID (PID), which unveiled obfuscated code.
Decoding and understanding SolarMarker
The obfuscated PowerShell code was extracted and refactored for clarity. The analysis revealed the following components of the malware’s operation:
It utilizes a Base64-encoded string as a decryption key.
It targets a specific file path for encoded data.
It reads, decodes, and executes the encrypted payload.
The command line shows signs of the malicious script execution, with parameters indicative of a desire to hide the window (-WindowStyle Hidden), bypass execution policies (-Ep ByPass), and run encoded commands (-ComMand “sa43…).
Further investigation uncovered randomly named folders within the AppData\Roaming\Microsoft directory, each containing encoded payloads. These discoveries suggested a more widespread infection than initially anticipated.
Response and mitigation
The response involved several steps to contain and eliminate the threat:
Terminating the malicious PowerShell instance.
Deleting the identified folders containing encoded payloads.
Conducting a thorough search for persistence mechanisms, which fortunately yielded no findings.
A comprehensive threat scan was executed, and the incident was escalated for visibility with the client. Post-reboot checks confirmed the absence of persistence, no spawn of new PowerShell instances, and blocking of suspicious network connections, indicating successful remediation of the infection.
Conclusion
As we’ve seen in our 2024 State of Ransomware in Education report, the educational sector continues to be a prime target for attackers. In this case, attackers used SolarMarker, a sophisticated backdoor, to lurk within the school district’s network for years, likely stealing data in the process. Its presence went undetected until the district onboarded with ThreatDown MDR. Despite facing initial obstacles, such as disabled EDR settings, the ThreatDown MDR team successfully identified and neutralized the SolarMarker infection through manual intervention.
Android 15 is fast approaching, and we are starting to get an idea of what sort of new features to expect. Well, if you’re a person who likes to keep their location private, then you’re going to like this potential feature discovered within the software. According to a new report, Android 15 may let you block your carrier from knowing your location.
Let’s face it, it’s extremely hard to keep companies from accessing your sensitive information. Your location is one of the worst bits of information that a company can get, and there are several ways of keeping companies from getting access to it. However, there is no way to be 100% certain that your location is preserved.
For example, you can manually disable your location on an app-per-app basis or throughout your entire phone. Unfortunately, that is not to say that your carrier can’t tune into your location. There’s actually a way for your carrier to know your location even if you have everything disabled.
Well, Android 15 could let you block your carrier from knowing your location
It seems that there’s always something that users never learn about when they purchase a device. When your phone restricts an app from accessing your data, it is a software-based solution. However, your carrier can tap the actual signal radio on your phone to get your location. This means that there is no user-facing solution to this problem other than breaking your phone with a bat.
Well, according to code found with an Android, Android 15 may be able to block your carrier from accessing your location. There are situations where you would want your carrier to access your location like emergencies. However, knowing that there’s a method of sharing your information that you cannot control or don’t even know about is unsettling for most users. So, this will be a great feature to look forward to in Android 15.
WhatsApp usually nails all the essential features of a proper messaging app — group chats, broadcasts, communities, voice, video. However, as versatile as popular as the app is, WhatsApp’s user interface can sometimes feel very clunky and outdated. Fortunately, it looks like Meta is listening and doing something about it.
UI changes have been popping up in the beta version of WhatsApp for a while now. However, those changes were exclusive to particular parts of the interface, such as previews, bars, and other smaller elements. The calling screen, though, remained the same throughout all of that. That is, until now.
As noted by WABetaInfo’s AssembleDebug, the latest WhatsApp beta for Android (version 2.24.7.19), shows a revamped calling screen that promises a smoother, more intuitive experience. The biggest change is subtle, but it could fix a major annoyance. That back button in the top left corner? It’s gone. Instead, WhatsApp introduces a proper minimize button. Same function, but way more intuitive.
WhatsApp’s new calling screen UI | Source: WaBetaInfo
This is important because the old back button led to a lot of confusion. Because it was ambiguous, many users thought that by clicking on this back button they were ending the call entirely. Obviously, that was not the case, but with this new minimize option you get a clearer indication that by tapping it you’re just tucking the call screen away, not hanging up.
Additionally, the buttons are very distinctly designed to separate them visually from the rest of the screen. Judging by the screenshot above, I don’t think the new buttons leave any room for misinterpretation. It is a small yet thoughtful design change that can make all the difference.
WhatsApp’s clearly serious about making the calling experience as painless as possible. This isn’t the most earth-shattering update, but it shows they’re listening to how people actually use the app and tweaking things accordingly. Sometimes, the best features are the ones that get out of your way.
