According to Forbes, Google was forced to turn over to government investigators the phone numbers, addresses, telephone numbers, and user activity of certain YouTube accounts. Also turned over was the IP addresses of some YouTube users who watched certain videos. The demand for information is the result of a criminal investigation that federal investigators are handling. The videos were sent by undercover police to a suspect accused of laundering cryptocurrency.
The suspect, who has the username “elonmuskwhm,” received links to publicly available YouTube tutorials that showed viewers how to do mapping via drones, and videos that discussed AR software. While these videos were viewed over 30,000 times, most of those views were unrelated to the case. Google was asked for the list of those who viewed these videos between January 1st and January 8th, 2023 although Forbes was not sure that Google had complied with the demand.
The demand for this information has set off some alarms although Google spokesperson Matt Bryant told Forbes, “With all law enforcement demands, we have a rigorous process designed to protect the privacy and constitutional rights of our users while supporting the important work of law enforcement. We examine each demand for legal validity, consistent with developing case law, and we routinely push back against over broad or otherwise inappropriate demands for user data, including objecting to some demands entirely.”
Those who concern themselves with privacy matters are unhappy to hear about the government requesting this information from Google. Albert Fox-Cahn, executive director of the Surveillance Technology Oversight Project said to Forbes, “It’s unconstitutional, it’s terrifying, and it’s happening every day.”
Federal investigators say that the request for information was legally justified since the data demanded, “would be relevant and material to an ongoing criminal investigation, including by providing identification information about the perpetrators.” The government also noted that such requests were made by police in other states. In one case in New Hampshire, investigators were digging into bomb threats streamed live over YouTube. Police requested information about those who were viewing the live streams at certain times.
Commenting about the suit, Ives told clients in a note, “We do not expect any business model changes for now, but Apple clearly is going to have to find a way to eventually settle this case, pay a hefty fine, and ultimately find some compromise with developers on the App Store structure down the road.” The analyst has an “Outperform rating” on Apple’s stock with a price target of $250. The shares closed Friday at $172.28.
The lawsuit, filed Wednesday morning by the Justice Department along with 16 state and district attorneys general, accused Apple of committing several antitrust violations including one that claims Apple blocked the development of a “super app” that would have made it easier for consumers to switch mobile platforms. Apple also was accused of causing the failure of the Amazon Fire Phone in 2014 and of making it difficult for manufacturers like HTC and LG to compete in the industry.
The DOJ blames Apple’s monopolistic ways for forcing LG to stop producing Android phones
As Ives points out in his note to Wedbush clients, Apple has angered app developers by not allowing them to add a link to third-party payment processors for in-app purchases. Instead, outside of the EU, Apple collects 15%-30% of in-app purchases as it runs these transactions through its own in-app payment platform. As a result of the epic Epic v. Apple lawsuit, Apple does allow developers to include one link to a third-party payment processor but still takes a cut of 12% to 27%.
Meta Platforms, Microsoft, X, and Match Group have filed an amicus brief with the court hearing Epic’s claims that Apple has not followed the decision handed down by Judge Yvonne Gonzalez Rogers back in September 2021. While Apple’s cut of in-app payments has helped the company’s Services unit become Apple’s second-largest business segment after the iPhone (Services generated $85.20 billion in revenue during the last fiscal year, 2023), some changes to the App Store might be the end result of the DOJ’s lawsuit. That would be in addition to the massive fine that Apple will probably be forced to pay.
It probably is in the best interest of Apple not to get bogged down in a long and morale-draining lawsuit. A settlement would help the tech giant put this behind it without spending too much time and money on defending the firm. Besides wondering what constitutes a massive fine, it will be interesting to see what changes Apple is prepared to make to the App Store.
WhatsApp is reportedly working on introducing some new features that leverage artificial intelligence to edit images. These tools were first hinted at in September and have now been discovered within the platform’s latest beta version for Android.
The tools were discovered during a code deep dive by @AssembleDebug of TheSPAndroid in version 2.24.7.13 of the WhatsApp Android beta app, revealing a variety of advanced editing options for users to enhance their photos with ease. These are not yet available to users but were enabled with some code tweaking. Among them are:
Backdrop: AI will generate your ideal background based on what you describe and replace it for you.
Restyle: Adds a splash of artistic flair to your images by applying AI-generated filters and styles.
Expand: This feature is believed to seamlessly extend your image’s background, intelligently filling in the gaps.
Source: TheSPAndroid
These tools will reportedly coexist with well-known features like cropping and stickers in WhatsApp’s current image editor under the “sparkle” icon. This news follows Meta’s (WhatsApp’s parent company) announcements of similar AI editing features for Instagram and Facebook. WhatsApp following those footsteps signals the company’s intention to bring these advanced tools to all of its user base across the apps currently under the Meta umbrella.
It’s worth noting that similar AI-driven features, like background expansion, already exist in established tools like Adobe Photoshop. However, while these existing competing products offer these tools, they are definitely far from perfect, although they have been getting better and better as time progresses and the technology becomes more advanced. This puts pressure on WhatsApp to deliver an intuitive and impressive user experience in order to stand out.
It seems these features are still in the early development phase and might not show up for some time in the stable version of the app. This means we will have to wait a bit longer to see exactly how AI will play a part in how users edit and share photos on WhatsApp.
Google is steadily infusing its AI capabilities across its various products, and the latest recipient of this is Google Keep. The note-taking app now has a new feature that allows users to quickly create task lists and reminders using Gemini, Google’s AI-powered assistant.
Following the introduction of Gemini Workspace features for personal accounts, Google Keep is the latest app to receive an AI boost. Spotted by 9to5Google and Android expert Mishaal Rahman, a new experimental feature, “Help me create a list,” is now being tested with some Android users.
How does it work?
This generative AI tool simplifies list making. When creating a new Google Keep note, you’ll spot a wide “Help me create a list” button. Tap it, enter your list topic, and the AI generates a starting point for your list. The more detail you provide, the better the results, and you can also give feedback with a thumbs up or down to refine the AI’s suggestions over time.
“Help me create a list” joins the “Help me write” feature in Gmail as a mobile-focused use of Google’s Gemini AI. Other Gemini Workspace features currently focus on web apps like Docs, Sheets, Slides, and Meet.
A new look for Google Keep
In addition to the AI addition, Google Keep is also testing a new floating bottom toolbar similar to the one that was recently rolled out to the Google Chat app. The separate buttons for audio and photo notes will disappear in favor of this more manageable bar, with these options available within a note.
Old vs. New Google Keep bottom toolbar
This new look was spotted by @AssembleDebug of TheSPAndroid in version 5.24.102 of the app and enabled via a flag, meaning it is not yet available to the public. However, once enabled, it was found to include options to quickly create a list or a drawing on either side and housing a central “new note” button. Notably, it uses Google’s Dynamic Color customization, and its smaller footprint allows for more note content to be visible at a glance.
A new elevation of privilege vulnerability has been discovered in the Xbox Gaming services that allow a threat actor to elevate their privileges to that of a SYSTEM.
This particular vulnerability has been assigned CVE-2024-28916, and its severity has been given as 8.8 (High).
When this was reported to Microsoft, the researcher got a response stating “no security boundary is being broken here”.
However, Microsoft has patched this vulnerability after it has been clarified that the vulnerability allows a non-admin user to gain SYSTEM privileges.
According to the reports shared with Cyber Security News, the GamingService is not a default service but if it is installed on any system, it can be utilized by a low privileged user to escalate their privileges to SYSTEM.
When the Gaming Services service’s directory change occurs, it will attempt to open the C:\XboxGames\GameSave\Content\MicrosoftGame.Config file by using the attempting user’s privilege.
If the file is present, the Gaming Service will move the whole C:\XboxGames\GameSave folder via MoveFileW API call.
However, if this attempt is failed due to access denied error, the Gaming Service will elevate its permission to that of SYSTEM and perform the move operation.
To add an interesting note, the C:\XboxGames folder can be modified by any authenticated users group.
Suppose any user does not have the privilege to modify this folder. In that case, they can still exploit this by changing the directory location to any user controlled directory and perform this operation by the following actions:
Deleting the C:\XboxGames folder,
Creating a new folder under the same name,
Drop arbitrary DLL files inside the C:\XboxGames\GameSave folder
Add “deny delete” ACL to the folder that will result in operation being failed attempting to escalate the privilege.
Patch And Bypass
After reviewing this vulnerability, Microsoft patched it by adding a few mitigations and checks before moving the folder. The checks involve
checking the destination folder in reparse point and
lockdown implementation on both source and destination directory by creating a temporary file (.tmp_ + digit) with FILE_FLAG_DELETE_ON_CLOSE flag which is also prevented from deletion.
The researcher stated that this patch was flawed as the check for junction was being done before locking the directory.
I get that MSRC often flip-flops on what is and what is not a security boundary for some things (e.g. admin to kernel). But when a non-admin user can reproducibly get SYSTEM privileges and MSRC says that “no security boundary is being broken here”, it really makes you wonder. 🤔 pic.twitter.com/QoJ5cXdnE2
This could allow a user to trick the service that the new installation directory is safe and attempt to redirect it to the C:\Windows\System32\Spool\Drivers\x64 directory.
The time window can be extended by creating multiple temporary files as the service specifies CREATE_ALWAYS, and the creation will fail to create the file if it exists.
This will continue to increase the temporary file digits until a file is successfully created.
A proof of concept for this vulnerability has been published which abuses the spooler service to load arbitrary DLL as SYSTEM.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
A new phishing campaign targets users with emails containing a button to “verify payment information.” Clicking the button triggers the download of a malicious JAR file (disguised as an invoice) that leverages a PowerShell command to download two additional JARs.
The JARs deploy the STRRAT and VCURMS RATs, granting attackers remote access and keylogging capabilities and credential theft from browsers, applications, Discord, Steam, etc. In contrast, VCURMS can also download further modules to expand its information-stealing functionality.
The attackers use AWS or Github to store the malware, obfuscate the initial JAR file, and employ commercial protection to bypass detection.
Finding the attack in ANY.RUN’s Threat Intelligence Lookup
By crafting a query that combines specific rule names and domain names (e.g., “RuleName:”strrat” AND DomainName:”github.com””), analysts can identify relevant sandbox sessions where the suspicious behavior (STRRAT) was observed interacting with a particular domain (github.com).
A query to find IOCs and events connected to STRRAT malware
The lookup presents two key results: a table with interactive analysis sessions (left side) that can be used to examine malware behavior in a safe environment and a list of malicious executables (right side) downloadable for further analysis or to check logs for potential compromises.
DocumentAre you from SOC and DFIR Teams?
Get a demo of Threat Intelligence Lookup for your security team.
.
To learn more about the sample’s habits and extract more IOCs, let’s play back a recording of an online research session. To keep up with this research session, you may just browse to it.
Analyzing the attack in ANY.RUN’s Sandbox
ANY.RUN is a cloud-based sandbox environment for analyzing suspicious files. It utilizes YARA and Suricata rules to detect malware within 40 seconds of uploading.
Main view in the ANY.RUN interactive sandbox. Note the tags in the upper-right corner.
Analysts can then directly interact with the sandboxed environment to observe malware behavior and collect indicators of compromise (IOCs), empowering security teams to collaboratively investigate threats and efficiently respond to emerging and persistent attacks.
The analysis begins by examining the tags in theANY.RUN sandbox, which revealed the presence of STRRAT malware.
The Connections tab is used to identify a connection from javaw.exe to GitHub, potentially linking the sample to a more extensive campaign.
Indicator of Compromise
To collect IOCs, the user utilizes the dedicated IOC button within ANY.RUN, providing valuable information for security teams to update their systems and continue their investigation.
The session highlights ANY.RUN’s capability to extract malware configuration, automatically decrypt embedded strings, and reveal details like persistence mechanisms and Command & Control (C2) server locations saves analysts significant time and effort compared to manual reverse engineering.
Get a personalized demo of ANY.RUN for your team to see how it can benefit and contribute to your organization’s security – Schedule a call today.
Researchers have unveiled a new class of microarchitectural side-channel attacks that pose a severe threat to the security of Apple CPUs.
The attack, GoFetch, exploits the Data Memory-dependent Prefetchers (DMPs) in modern processors to extract secret cryptographic keys from constant-time cryptographic implementations.
Understanding the GoFetch Attack
The GoFetch attack is based on a new understanding of how DMPs behave.
Researchers have found that DMPs can be activated by any program and attempt to dereference any data brought into the cache that resembles a pointer.
This behavior places a significant amount of program data at risk and challenges the previously believed restrictions reported by prior work.
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, which helps you to quantify risk accurately:
The cornerstone defense against side-channel attacks has been to ensure that security-critical programs do not use secret-dependent data as addresses.
However, the GoFetch attack demonstrates that attackers can bypass these defenses by exploiting the DMP to perform end-to-end key extraction on popular constant-time implementations of classical and post-quantum cryptography.
Reverse Engineering Apple and Intel DMPs
Researchers have reverse-engineered the DMP found on Apple CPUs and discovered new activation criteria.
They have also confirmed the existence of a similar DMP on Intel’s latest 13th generation (Raptor Lake) architecture, albeit with more restrictive activation criteria.
The researchers developed a new type of victim-agnostic chosen-input attack and associated attack primitives that do not require the attacker and victim to share memory.
They used these techniques to mount a proof-of-concept attack on constant-time swap operations.
Binni Shah recently tweeted about a new side-channel attack that exploits data memory-dependent prefetchers.
This attack leverages the timing behavior of memory access patterns to leak sensitive information from a victim process.
Disclosure and Industry Response
The findings were disclosed to Apple, OpenSSL, Go Crypto, and the CRYSTALS team.
Apple is investigating the proof of concept, while OpenSSL reported that local side-channel attacks fall outside their threat model.
The Go Crypto team considers the attack low severity, and the CRYSTALS team suggested pinning to the Icestorm cores without DMP as a short-term solution, with hardware fixes needed in the long term.
Implications for Processor Design
The GoFetch attack has shaken the foundations of modern processor design, calling into question the security of data memory-dependent prefetchers.
The discovery highlights the need to reevaluate current defenses and develop new strategies to protect against such microarchitectural side-channel attacks.
Memory access patterns and subsequent prefetches
The above figure compares memory access patterns and subsequent prefetches, illustrating the activation pattern reported by Augury and the new findings that show DMP activations even when the training array contains non-pointer values.
The GoFetch attack is a stark reminder of the evolving landscape of cybersecurity threats and the continuous arms race between attackers and defenders.
As processors become more complex, the potential for such vulnerabilities increases, necessitating vigilant research and proactive defense mechanisms to secure our digital infrastructure.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Pixel Tablet and Pixel Fold users get a new Android 15 developer preview upgrade that lets them return to the old taskbar, introduced with Android 12L. Google implemented this feature for users who preferred a stable taskbar over the recent transient one.
Android 15 DP2 introduces an option to bring back the old taskbar from Android 12L
The persistent taskbar initially released with Android 12L was noteworthy for its ability to increase productivity on large-screen devices such as tablets. However, once Pixel Tablet and Pixel Fold debuted, the company revamped this feature by placing lesser emphasis on it thus opting for a transient design that came into view just for a short time after swiping up.
The transient nature of the taskbar did make sense to an average user. However, those used to multitasking could only feel limited by it. Each time people wanted to open another application they had to swipe back down from their current app to access their favorite apps, obstructing seamless multi-tasking processes.
This feature addition aims at satisfying the different tastes of users by giving them options from both taskbar styles. Following their workflow needs, users can now move back and forth between perpetual or momentary taskbars. Android 15 will upgrade the UX/UI in Pixel Tablet and Pixel Fold.
Here’s how to revive the old taskbar in Android 15 developer preview
In Android 15 DP2, Google has introduced a toggle that allows users to choose between the new transient taskbar and the old persistent one, in response to user feedback. AndroidAuthority observed a pop-up menu with an option reading “always show taskbar,” if a user long-presses on a space after swiping upwards from the bar. Turning it on means changing the look of your Android 15’s taskbar and you won’t have to rely on gestures all the time.
All in all, this demonstrates Google’s commitment to integrating this change into Android 15 DP2 for people to feel more confident in customizing their platform and such consistent effort enables each individual to achieve ultimate success while working with any Android device including this Toggle Task Bar.
The latest ChromeOS update lets users have more control over their privacy by managing permissions and app-level location control. Users can expect enhanced transparency and control over their data with the updated privacy controls. This feature is part of a larger security update announced by the tech giant on Thursday.
ChromeOS’ new update empowers users with enhanced privacy and location controls
Privacy controls get a boost with this week’s update, and the ability to adjust app-level permissions for the camera, microphone, and other geolocation services is now available. However, some features will be exclusive to enterprise users while some privacy and location settings have implications for all users.
Google unveiled the latest enhancements following the recently updated camera and microphone toggle at the system level. With this release, it is now possible to determine separately which apps or services should utilize the geo-location details of an individual user thus granting finer control over information.
Users can apply the feature through the Security & Privacy settings, where they can disable Google Location Services or customize app permissions according to their choice. For example, one may allow or disallow camera or microphone access depending on the use case for specific applications.
Control exactly what information the apps can access
The company’s blog post talked about Instagram as an example case and described how you could manage app-level permissions for this tool. For instance, turning on camera permission means that it allows the application to do so whenever needed. This kind of authority extends to other applications and features thereby enabling people to decide how much of their information is getting out.
This latest update aims at improving productivity and transparency by giving users more control over their privacy settings. It ensures users’ safety as they reserve the power to choose whichever app can access personal data. ChromeOS’ new version brings us closer than before to securing our information while establishing limits on third-party apps’ behavior towards our private stuff.
Google Wallet is gradually asking users to unlock their Android devices for every transaction. Previously, micropayments could be executed without needing a fingerprint scan or passcode entry for authorization.
Several users have realized that the tap-to-pay feature of Google Wallet doesn’t allow them to make a quick payment. Instead, it is now forcing users for a pattern or fingerprint to unlock their smartphones and authorize the payment.
Smaller payments are no longer convenient on Android smartphones with Google Wallet
Credit cards with a tap-to-pay feature allow users to merely place their cards on a PoS (Point of Sale) device to execute a payment. However, such transactions never exceed a particular threshold. Higher denomination transactions require users to authorize payments using a PIN.
Google Wallet has mimicked this behavior since its launch. The monetary value that is defined as “smaller payments” isn’t the same everywhere. It’s €25 in Belgium, €30 in France, 100 PLN in Poland, or €50 in Germany. Other countries, and even banks, have their limits. Moreover, buyers can make a limited number of purchases using a “locked” device or card before they are asked to authorize payments.
A few major banks in America allowed Google Wallet users to make payments below $50 without unlocking their smartphones. However, this is no longer the case. Late last month, Google updated a support page for the app.
“Coming soon, your credit and debit card won’t be charged for retail payments unless you’ve recently used a verification method, like your fingerprint or PIN. Some users may already need to verify to make a payment. If you’re asked to verify it’s you, complete verification steps on your device to make a payment.”
Device unlock is now mandatory for all payments with Google Wallet
Moving forward, every transaction, irrespective of the amount, will need users to unlock their Android smartphones. In other words, even a 1$ transaction for a can of Coke will demand a PIN or fingerprint before it allows the payment to go through.
Incidentally, Apple has always been way more cautious with tap-to-pay transactions. On an iPhone, users have to authenticate every payment session, irrespective of the amount.
Google appears to have adopted the same strategy. The company has essentially added a layer of security for every tap-to-pay transaction.
Several users have welcomed the change after realizing how it boosts security and protects them from fraud or theft. However, this has invariably caused some inconvenience. Needless to mention, credit cards with tap-to-pay are now faster than Google Wallet in some cases involving micro-payments. To address this, Google could have allowed users to set custom limits for micropayments without authorization.
Google Wallet users can speed up the transaction by keeping their Android smartphones unlocked. This is because the app does not ask users to re-authenticate at the time of payment. This also allows users to quickly scan a QR code if it is presented at checkout or billing.
.webp)
