If you’ve been using Windows recently, then you’ve probably had Copilot shoved down your throat at some point. Microsoft went all-in on AI recently, and Copilot is the company’s AI platform. Well, according to Microsoft, Copilot is making it to more Windows 11 and Windows 10 computers soon.
Microsoft has been putting a lot of work into tightly integrating Copilot into the Windows operating system. It’s looking to have the same sort of integration that Google Assistant has with Android. Well, some people using Windows 11 have been able to access Copilot and see what it’s all about, and many more users are still waiting for that chance.
Copilot is rolling out to more Windows 11 and Windows 10 computers
In order to enable Copilot on your computer, you need to be running the latest version of Windows 11. This is version 23H2. When enabled, you will see the Copilot logo at the bottom right of the screen. This will bring out a side panel that you can use to interact with Copilot.
If you don’t have the latest version of Windows 11, then your wait will soon come to an end. The company just announced that it’s beginning an extended rollout of Copilot. So, it’s going to make it to more Windows 11 devices over the coming weeks. Copilot will enable itself on Windows 11 version 23H2, however, it will not if you’re running Windows 11 version 22H2.
If you are using Windows 10, then you’re going to have to wait just a bit longer. According to the report, “Eligible devices running Home and Pro editions of Windows 10 version 22H2, and are not managed by an organization, will start to receive Copilot in Windows later this month.” The company plans on finishing up this latest rollout by the end of May. So, at the latest, you will have two months to wait to receive Copilot.
TikTok, the beloved (and sometimes controversial) short-form video app, is caught in a political crossfire. Facing a potential US ban due to Chinese ownership concerns, TikTok is scrambling to defend its place in the hearts of its most loyal users – teens.
One of TikTok’s latest moves is the creation of a “Youth Council”. This group of 15 teens from around the world will advise TikTok on how to make the platform safer for young people. It’s a smart play as concerns swirl around issues like child protection, misinformation, and the app’s impact on mental health.
The council seems like a well-intentioned way for TikTok to demonstrate its commitment to the safety of its younger users. The teens even collaborate with Praesidio Safeguarding, a UK-based organization focused on online safety. But is this enough to sway regulators?
TikTok’s influence on teens is undeniable. The app has even encouraged its teen audience to take political action against a potential ban. Some worry that these efforts, while focused on the app’s survival, might draw even more attention to TikTok’s reach among young people.
Can TikTok’s Youth Council make a difference?
The success of this initiative will likely hinge on a few factors:
Real Impact: How much actual power will the Youth Council have to influence changes on the app?
Teen Trust: Will teens see the council as a genuine attempt at improvement or a public relations ploy?
Policy Sway: Will US policymakers see this council and its efforts as an honest commitment to user safety?
TikTok is playing a high-stakes game here. Appealing to its teen users makes sense strategically, but whether it can save TikTok from political pressures remains to be seen. Ultimately, the effectiveness of the Youth Council will depend on how much influence they are given within the company and how they are perceived by both teens and policymakers.
Over 170,000 users have fallen victim to a meticulously orchestrated scheme exploiting the Python software supply chain.
The Checkmarx Research team has uncovered a multi-faceted attack campaign that leverages fake Python infrastructure to distribute malware, compromising the security of countless developers and organizations.
This article delves into the attack campaign, its impact on victims, the tactics, techniques, and procedures (TTPs) employed by the threat actors, and the critical findings from Checkmarx’s investigation.
Attack Campaign Description
The core of this malicious campaign revolves around an attacker’s ability to combine several TTPs to launch a silent attack on the software supply chain, specifically targeting the Python ecosystem.
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, which helps you to quantify risk accurately:
By creating multiple malicious open-source tools with enticing descriptions, the attackers lured victims into their trap, primarily through search engines.
Python mirror -files.pythonhosted.org
The campaign’s sophistication is evident in distributing a malicious dependency hosted on a fake Python infrastructure, which was then linked to popular projects on GitHuband legitimate Python packages.
A chilling account from Mohammed Dief, a Python developer and one of the campaign’s victims, highlights the stealth and impact of the attack.
Dief encountered a suspicious error message while working on his laptop, the first sign of the compromise, leading to the realization that his system had been hacked.
Victims and Impact
Among the notable victims of this campaign is the Top.gg GitHub organization, a community boasting over 170,000 members.
The attackers managed to hijack GitHub accounts with high reputations, including that of “editor-syntax,” a maintainer with write permissions to Top.gg’s repositories.
The Top.gg community (which boasts over 170K members) was also a victim of this attack
This allowed them to commit malicious acts and increase the visibility and credibility of their malicious repositories.
The attack’s impact is far-reaching, affecting individual developers and larger communities alike.
Social engineering schemes, account takeovers, and malicious packages published on the PyPi registry have underscored the software supply chain’s vulnerability to such sophisticated attacks.
The Checkmarx Research team has uncovered an attack campaign aimed at the software supply chain.
The campaign appears to have successfully exploited multiple victims.
Threat Actors and TTPs
The threat actors behind this campaign demonstrated high sophistication and planning.
They employed a range of TTPs, including:
Account Takeover via Stolen Cookies: The attackers gained access to high-reputation GitHub accounts by stealing session cookies, bypassing the need for passwords.
Publishing Malicious Packages: By setting up a custom Python mirror and publishing malicious packages to the PyPi registry, they could distribute malware under the guise of legitimate software.
Social Engineering: The attackers used social engineering to trick users into downloading malicious dependencies, further spreading the malware.
By deploying a fake Python package mirror and utilizing typosquatting techniques, the attackers could deceive users and systems into downloading poisoned versions of popular packages like “Colorama.
“The malicious payload delivered through these packages is designed to harvest sensitive information, including passwords, credentials, and data from various software applications.
Malicious Package
The malware targets web browsers, Discord, cryptocurrency wallets, and Telegram, and even includes a keylogging component to capture victims’ keystrokes.
The final stage of the malware reveals its data-stealing capabilities, targeting not only personal and financial information but also attempting to gain unauthorized access to victims’ social media and communication platforms.
This attack campaign highlights the critical vulnerabilities within the software supply chain, particularly in open-source ecosystems like Python’s.
The sophistication and success of the attackers in exploiting these vulnerabilities underscore the need for heightened vigilance and robust security practices among developers and organizations.
Through continuous monitoring, collaboration, and information sharing, the cybersecurity community can mitigate risks and protect the integrity of open-source software.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Amazon has an incredible deal on the Motorola Razr Plus (2023), and it is now on sale for just $699. That’s going to save you $300 off of the regular price, making this pretty impressive. For $699, it’s definitely worth buying the Motorola Razr Plus.
The Razr+ is one of the better flip-style foldables to launch in 2023. It has a 6.7-inch FHD+ 165Hz display and Snapdragon 8+ Gen 1, 8GB of RAM, and 256GB of storage. It also has a 3.6-inch front display on which you can run full apps—making it so you don’t have to open your phone as often.
The front display is perhaps the best feature of this phone. Why? Because it can run full apps. I used this phone to get around New York City on a work trip earlier this year, and using Google Maps without opening my phone was simply incredible. You can also use Spotify on the front display and any other Android app. Additionally, Gamesnacks are available on the front display, and I can’t tell you how much time I spent playing different games on this front display while I was reviewing it.
As far as battery life goes, it’s also pretty good. I was getting around 8+ hours of screen time, which is pretty good for a flip-style foldable. So here you have a phone that will get you through a full day and not take up a lot of space in your pocket. That’s a win/win.
This is probably the best flip-style foldable you can buy in the US. It beats the Galaxy Z Flip 5 in many areas, including the lack of a crease, the size and weight, and especially the apps available on the front display.
You can pick up the Motorola Razr+ from Amazon by hitting the link below.
The M3 MacBook Air has finally launched, and there are already rumors that Apple might release the M4 chip as early as Q1 2025. Apple’s switch to its own proprietary chipsets saw a massive improvement over its Intel-based Macs and MacBooks. Since then, the company has been improving on its M-series of chipsets approximately each year. Each subsequent chipset is slightly better than the last, and doesn’t always warrant an upgrade. However, there are rumors that the M4 lineup will also come with AI.
A roadmap for the Apple M4 chip
Canalys, a global tech analysis firm, just announced a roadmap for Apple. According to this roadmap, Apple will likely release the M4 chip in the first quarter of the next year. This isn’t guaranteed of course. A multitude of factors play into when a company announces and launches a product. Hence, the Apple M4 chip launch could be delayed.
It also seems like the Apple M4 might be the first M-series chip to ship with AI capabilities. This, of course, would be huge. Much like the shift from Intel chips to M chips, this will mark a shift in how MacBooks are viewed. AI-powered chipsets have the potential of delivering many amazing and futuristic features. These include AI-powered virtual assistants, extremely powerful image and video editing, and help with drafting documents.
The shift from Intel
When Apple shifted its Macs and MacBooks to its own M chips, it catapulted the performance gains. Understandably, the older MacBooks were very much like PCs. They had to be designed to work with Intel chipsets that were also used in other computers. As such, there was no impressive synergy between the hardware and software.
This all changed when Apple announced the M1 chip. Apple Silicon, the name for Apple’s in-house SOC company, designed the M-series chips with Apple’s own software in mind. The result was devices with much better battery life and much faster and more stable performance. This jump was huge, and nowadays nobody will ever suggest buying an old Intel-based MacBook if it can be helped.
The M2 and M3 chips were impressive improvements over the M1. However, for the average user, they didn’t represent performance upgrades worth considering. If the Apple M4 chip does ship with AI, it will be the first M chip since the M1 that will definitely warrant an upgrade. Once mocked for their relatively paltry specs, the M chips have breathed new life into Apple’s Macs and MacBooks.
For many users who have sought out alternatives to using iMessage on iPhone, or Meta-owned applications such as WhatsApp, Telegram has always been a privacy-minded alternative that often spearheads fresh messaging features. However, there is a new feature that the platform has launched that is raising major concerns.Telegram recently rolled out a “Peer-to-Peer Login Program” (P2PL). Basically, this program is designed to help users in locations where SMS is not very reliable receive OTPs (One-Time Pin) codes through other Telegram users. In other words, program participants’ phone numbers become a relay for pins to be sent via SMS to help other Telegram users log in.
As helpful and innovative as this might sound, there is a catch. As outlined in the terms of the program, should you enroll, Telegram will tap into your number up to 150 times a month for these SMS messages to be sent out. This makes you solely responsible for any carrier fees that may be incurred, which may not be a big deal if these are being sent within your own location but may become costly if the recipients are international.
Furthermore, there is the issue of privacy. Participation in this program means that both you and the recipient of the OTP message can see each other’s phone numbers. This can open you up to receiving unwanted messages and possibly harassment from someone whose number you unknowingly assisted with. Telegram’s terms clearly state that they’re not liable, leaving program participants vulnerable to potential privacy breaches.
The reward for this program is a free Telegram Premium subscription, which normally costs $4.99 a month and unlocks extras like larger file uploads and faster downloads. While it is great that Telegram is exploring ways to make their premium tier more accessible, are the risks worth it? I am inclined to say no, but I’m curious what you think.
Strelastealer malware has been found to be distributed in large-scale campaigns that have currently impacted over 100 organizations across the U.S. and EU.
The malware was first discovered in 2022 and is capable of stealing a victim’s email login information and exfiltrating it to the threat actor’s C2 server.
However, the current campaigns were conducted in the form of spam emails with attachments for launching the StrelaStealer’s DLL payload.
As a means of evading detection at email gateways, threat actors have been changing the file format which prevents the matching of signatures and patterns.
Moreover, the last campaign conducted by the threat actors dates back to November 2023.
StrelaStealer Malware
According to the reports shared by Unit 42 researchers, the malware authors have been updating the DLL payload with better obfuscations and anti-analysis methods for making it extremely hard for analysts and security products to analyze the samples.
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, which helps you to quantify risk accurately:
Though several tactics have been used, the malware can still be detected due to the identifiable “strela” string in the DLL payload.
Nevertheless, the new variant of the malware is delivered as a zipped JScript, which employs an updated obfuscation technique in the DLL payload.
The spam emails usually had the subject line with patterns of Factura (Bill – Spanish)/Rechnung (The invoice – German) /invoice###.
Moreover, it has also been discovered that the threat actors have been heavily targeting high-tech industries with this malware.
Example spam email from campaign (Source: Unit 42)
Malware Analysis
StrelaStealer’s previous variants involve the use of ISO files that contain an LNK file and an HTML file.
Additionally, the malware also used polyglot files that vary based on the applications being executed.
Infection chain (Source: Unit 42)
When a victim clicks on the LNK file inside the ISO file, the HTML file is executed, which invokes the execution of the embedded StrelaStealer payload via rundll32.exe.
The initial DLL payload is encrypted which is decrypted during execution with the help of a constant XOR key, Unit 42 researchers said.
As of the current variant of the malware, the threat actors have been using spear-phishing emails with ZIP file attachments, which, when downloaded and opened, drop a JScript file on the system.
Comparison between old and new version of StrelaStealer (Source: Unit 42)
Following this, the JScript file drops another base64-encrypted file and a batch file.
The base64-encrypted file is embedded with certutil -f decode command which will create a Portable Executable DLL file which is dropped into either %appdata%\temp or c:\temp based on the user’s privilege.
This DLL file is then executed using the exported hello function that uses the rundll32.exe process.
Moreover, the packer of the new variant also uses a control flow obfuscation technique which has a long code block containing numerous arithmetic functions for the purpose of preventing analysis of the malware by analysts and security products.
The payload size and the decryption key depends on the configuration of the payload.
Though the file attachments for every spam email differs, the presence of strings like strela, server.php, key4.db and login.json indicates their association with StrelaStealer malware.
Furthermore, the configuration of the payload also includes the communication with the C2 server for exfiltrating the email login data from the victims.
C2 server name mentioned in the StrelaStealer malware string (Source: Unit 42)
Cybercriminals now repurpose devices like Raspberry Pi into ‘plug-and-play’ weapons for digital fraud. With GEOBOX on the Dark Web, their capabilities are even more sophisticated, enabling manipulation of GPS, network simulation, Wi-Fi mimicry, and anti-fraud filter evasion.
Cybercriminals are targeting IoT devices for illicit activities through OPSEC techniques and customizable settings, allowing these devices to operate without logs and ensure anonymity for perpetrators, reveals research from the US-based cybersecurity solutions and services provider, Resecurity.
According to Resecurity’s Cyber Threat Intelligence team, a significant discovery has been made on the Dark Web: a malicious tool known as GEOBOX. This tool can turn ordinary IoT hardware into powerful weapons for cybercriminals. GEOBOX represents a “paradigm shift in cybercriminal tactics,” highlighting the evolving nature of threats in the digital landscape.
GEOBOX is being sold on Telegram (Screenshot credit: Resecurity)
GEOBOX is a powerful, deceptive tool specifically designed for the Raspberry Pi 4 Model B devices to facilitate cybercriminals in anonymization and fraud. It was first discovered while investigating an online banking theft involving a high-net-worth (HNW) client of a Fortune 100 financial company, prompting researchers to dig deeper into its workings.
The emergence of GEOBOX is not unexpected, appearing shortly after the discovery of another dark web tool known as TMChecker. TMChecker has been arming ransomware gangs, specifically targeting the e-commerce and aviation industries with precision cyberattacks.
The research blog, shared by Resecurity with Hackread.com, ahead of publication on Monday revealed that threat actors have already used multiple internet-connected GEOBOX devices as proxies, each placed at a strategic remote location, enhancing their anonymity.
This complicated the investigation and tracking process, as GEOBOX devices do not store logs by default. Resecurity observed a bad actor using GEOBOX with two LTE-based wireless modems for enhanced anonymization, particularly in remote connections.
The package can be rented for a lifetime fee of $700 or a monthly rate of $80, payable in cryptocurrency and advertised on major underground forums and Telegram. The user manual provides clear instructions on the download and installation of the Raspberry Pi OS using Raspberry Pi Imager, how to obtain the GEOBOX Software Image and work with the GEOBOX software.
It is a feature-rich tool, including WebRTC IP for discreet online communication, GPS spoofing for geolocation manipulation, and the ability to mask Wi-Fi MAC addresses. The device requires at least 4 GB of RAM, but an 8 GB version is also available offering superior performance.
Further, it connects to the internet via Ethernet or USB modem and offers various tabs like INTERNETBOX, MIDDLEBOX, Proxy, VPN, and Wi-Fi, each providing specific functionalities. Users can configure various internet connection types, including VPN protocols like L2TP, PPTP, L2TP-IPsec, Wireguard, SSTP, Zerotier, and OpenVPN, and even create a VPN tunnel within another VPN tunnel.
GEOBOX can help threat actors in cyberattack coordination, dark web market operations, sophisticated financial frauds, circumvention of government censorship, anonymous malware distribution, credential stuffing campaigns, disinformation campaigns, surveillance evasion in authoritarian regimes, content piracy and geo-restriction bypassing, and network security testing.
That’s not all. Cybercriminals can also use GEOBOX to fake their geographical location using a GPS-like driver, bypassing location verification checks on websites like Whoer.net and browserleaks.com, and creating customized accounts on popular platforms like Google and Amazon.
The emergence of GEOBOX necessitates robust digital risk monitoring and endpoint protection strategies, making collaboration between law enforcement agencies, deployment of proactive measures, and continuous innovation in cybersecurity strategies fundamental to counter such threats effectively.
Pixel Tablet and Pixel Fold users get a new Android 15 developer preview upgrade that lets them return to the old taskbar, introduced with Android 12L. Google implemented this feature for users who preferred a stable taskbar over the recent transient one.
Android 15 DP2 introduces an option to bring back the old taskbar from Android 12L
The persistent taskbar initially released with Android 12L was noteworthy for its ability to increase productivity on large-screen devices such as tablets. However, once Pixel Tablet and Pixel Fold debuted, the company revamped this feature by placing lesser emphasis on it thus opting for a transient design that came into view just for a short time after swiping up.
The transient nature of the taskbar did make sense to an average user. However, those used to multitasking could only feel limited by it. Each time people wanted to open another application they had to swipe back down from their current app to access their favorite apps, obstructing seamless multi-tasking processes.
This feature addition aims at satisfying the different tastes of users by giving them options from both taskbar styles. Following their workflow needs, users can now move back and forth between perpetual or momentary taskbars. Android 15 will upgrade the UX/UI in Pixel Tablet and Pixel Fold.
Here’s how to revive the old taskbar in Android 15 developer preview
In Android 15 DP2, Google has introduced a toggle that allows users to choose between the new transient taskbar and the old persistent one, in response to user feedback. Android Authority observed a pop-up menu with an option reading “always show taskbar,” if a user long-presses on a space after swiping upwards from the bar. Turning it on means changing the look of your Android 15’s taskbar and you won’t have to rely on gestures all the time.
All in all, this demonstrates Google’s commitment to integrating this change into Android 15 DP2 for people to feel more confident in customizing their platform and such consistent effort enables each individual to achieve ultimate success while working with any Android device including this Toggle Task Bar.
The ‘r’ in ‘rSIM’ stands for ‘resilient’. Therefore, the name of rSIM is officially Resilient SIM. It has been introduced by CSL group, in partnership with the two telecom giants mentioned in the previous paragraph.
This new SIM card is designed to improve network reliability, basically. It integrates two independent communication profiles, which is not the case with a regular SIM card. This basically allows for an automatic switch to an alternative network in the case of a connection failure or something like that.
You’re getting dual SIM capabilities inside a single SIM card
Some of you are probably saying to yourself, but that’s what dual SIM is here for. Well, yes, kind of. The thing is, you’re getting that functionality inside a single SIM card here, which is an advantage. You need only one slot for it.
So, you could, technically, use two of these SIM cards, and have four different telecom providers on your dual SIM smartphone. That’s not a use case for regular folk, but still, it’s pretty interesting.
There are two levels of resilience rSIM offers
The whole point of this is to “reduce the risk of outages by switching to a backup mobile operator profile if an outage is detected”. The company says that the SIM offers two levels of resilience, kind of. It enables seamless roaming outside of your home country, as well as “proactive solution for uninterrupted internet access”.
If you’re wondering when will rSIM become widely available, well, that won’t happen this year. A development of a version compatible with SGP.32 standards is expected next year. We’re not even sure this will see wide availability just yet, but it probably will.
.webp)
.webp)
