New Malware “BunnyLoader 3.0” Steals Credentials and Crypto

andreasc
-
0
New Malware “BunnyLoader 3.0” Steals Credentials and Crypto
[ad_1]
New Malware "BunnyLoader 3.0" Steals Credentials and Crypto

New high-performance malware “BunnyLoader 3.0” steals logins, crypto & lurks undetected. Palo Alto Unit 42 reveals its tricks to help businesses & individuals fight back. Learn how to protect yourself from this evolving cyber threat.

In the scenario where cybersecurity threats are peeking, staying one step ahead of malicious actors is crucial to protecting your online business and identity. Recently, Palo Alto’s Unit 42 released a report shedding light on a dangerous new malware called BunnyLoader, and its latest version, BunnyLoader 3.0. Here’s what you need to know:

The BunnyLoader Menace:

BunnyLoader is not your average malware. It’s a sophisticated tool developed by cybercriminals to steal sensitive information, credentials, and even cryptocurrency from unsuspecting victims. What’s more, it’s constantly evolving, making it a challenging threat for the cybersecurity community.

A Constantly Evolving Threat:

Since its discovery in September 2023 on Breach Forums, BunnyLoader has undergone multiple updates and enhancements, each aimed at outsmarting security measures and staying under the radar of cybersecurity researchers. From bug fixes to advanced keylogging capabilities, the creators of BunnyLoader are constantly tweaking their creation to maximize its effectiveness.

The Release of BunnyLoader 3.0:

On February 11, 2024, the threat actors behind BunnyLoader unveiled their latest version, BunnyLoader 3.0, boasting a 90% improvement in performance. This new iteration comes with a reduced payload size and enhanced keylogging capabilities, making it even more dangerous than before.

Behind the Scenes of BunnyLoader:

Unit 42’s technical write-up provides a glimpse into the inner workings of BunnyLoader, revealing the tactics and techniques used by its creators to evade detection. From changing file names to mimicking legitimate applications, BunnyLoader employs various strategies to stay hidden from cybersecurity experts.

Protecting Yourself Against BunnyLoader:

With the threat of BunnyLoader looming large, it’s more important than ever to stay vigilant and take proactive measures to protect yourself and your online assets. By staying informed about the latest cyber threats and implementing robust security measures, you can minimize the risk of falling victim to malicious actors.

  1. 95.6% of New Malware in 2022 Targeted Windows
  2. SpyNote Android Spyware Poses as Legit Crypto Wallets
  3. Malware Turns Windows, macOS Devices into Proxy Nodes
  4. Mispadu Stealer’s New Variant Targets Browser Data of Mexicans
  5. Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain

[ad_2]
Source link

March update available for Galaxy S21, A54 & A53 in the US

andreasc
-
0
March update available for Galaxy S21, A54 & A53 in the US
[ad_1]

Another day, another batch of Samsung devices to get the March 2024 update in the US. The company has released the new security patch for the Galaxy S21 series, Galaxy A54, and Galaxy A53. It has already pushed the update to newer flagships and foldables.

Galaxy S21 series grabs Samsung’s March 2024 update in the US

The March update for the Galaxy S21 series currently appears to be exclusive to carrier-locked units on Verizon’s network. The new SMR (Security Maintenance Release) comes with the firmware build number G991USQSAFXBC and only brings the latest security fixes. “The current software update provides the most up-to-date Android security patches on your device,” the official release notes read.

Samsung will soon roll out the new SMR to carrier-locked and unlocked variants of the Galaxy S21, Galaxy S21+, and Galaxy S21 Ultra on other networks. The changelog will remain the same. These phones aren’t getting new features this month. One UI 6.1 is on the way for them but may not arrive before April or May. It brings new AI features, camera improvements, editing tools, and more.

This month’s SMR, meanwhile, patches 46 security vulnerabilities in the devices. The figure counts all Android OS and Galaxy vulnerabilities across the Samsung ecosystem, not just the Galaxy S21 trio. At least two of these are critical issues in Android OS, patched by Google. These flaws can lead to remote code execution and open up a way for a devastating attack if someone exploits them.

The same security fixes are also rolling out to the carrier-locked variants of the Galaxy A54 and Galaxy A53 in the US. These are Samsung’s premium mid-range offerings for 2023 and 2022, respectively. The devices are getting this update with build numbers A546USQS6BXB9 and A536USQS9DXC4, respectively. A wider rollout covering unlocked units and global versions should follow soon.

Galaxy A54 and Galaxy A53 will also get the One UI 6.1 update

Samsung’s One UI 6.1, introduced with the Galaxy S24 series, will also make it into the Galaxy A54 and Galaxy A53. These devices may miss out on the AI features due to hardware limitations but should pick up a few new software tricks and improvements. It may take a while before the update arrives, though. Samsung has yet to begin the rollout. The Galaxy S23 series will get it first, followed by other models. You can always check for new updates from the Settings app on your Galaxy device.


[ad_2]
Source link

Google Gemini redirects from ai.com

andreasc
-
0
Google Gemini redirects from ai.com
[ad_1]

We all know that Gemini is Google’s flagship model. Also, we know that Google pretty much owns the internet. So, it should come as no shock that the company really wants to sell this point. According to a new report, you can access Google Gemini simply by going to ai.com.

Having a very simple and broad term for a URL almost establishes a company’s authority in a way.  The Weather Channel is one of the biggest weather news companies in America, and you can access this website by simply going to weather.com. That’s just one example.  Well, this is Google’s way of asserting its authority over artificial intelligence.

You can access Google Gemini by simply going to ai.com

There are a few ways of accessing Google Gemini, but there aren’t too many when you are using a web browser. The easiest way is by going to gemini.google.com. This is the official site. Also, you can simply type “Gemini” into the Google search field, and the first result will take you right to the site.

Well, if you go to your browser and simply type ai.com, you’ll be redirected to the Gemini page. We’re not quite sure why Google did this. There don’t seem to be a ton of people who blindly type words followed by “.com” into the search bar. People probably did this more often before search engines became popular. So, it doesn’t appear that Google is tackling some large demographic of people.

All in all, it almost seems like a way for Google to establish some sort of authority over artificial intelligence in general. Owning the actual URL almost makes it feel like Google owns AI in general. Well, you may not think that, but Microsoft seems to. Recently, Microsoft pointed to Google’s dominance over the AI market in a report to the EU Regulators.

Accessing Gemini

In any case, if you’ve yet to access Gemini, you can simply go to the official site (or ai.com), and sign up for Gemini. You simply have to sign into your Google account on the page and accept the terms of service. At that point, you will be able to use Google chatbot for all of your AI needs.

However, at the time of writing this article, you may not be able to produce images of human beings. Gemini shelved its ability to create artificial images of human beings after the massive controversy the company is going through.


[ad_2]
Source link

WhatsApp working to add more authentication options for Android users

andreasc
-
0
WhatsApp working to add more authentication options for Android users
[ad_1]
WhatsApp could expand its app lock feature beyond just biometric authentication to offer those who don’t own devices with biometric sensors different options to keep their chats secure.

The latest beta version of WhatsApp introduces a new Unlock with biometric toggle that allows the use of fingerprint, face, or other unique identifiers when enabled.

Currently, WhatsApp users can only use biometric authentication, thus limiting the feature to just certain devices. The addition of unique identifiers allows everyone using WhatsApp to secure their chats by using a device passcode.
WhatsApp working to add more authentication options for Android users

According to WABetaInfo, the new feature is available to select users who installed WhatsApp beta for Android 2.24.6.20. Unfortunately, it appears that many users report that their app is crashing quite often after installing this update, but it’s unclear whether the addition of the new security feature is the real culprit.

Even if the implementation doesn’t seem to be flawless, we’re confident that such a feature is needed considering that large number of phone users don’t own a device that packs biometric sensors.

[ad_2]
Source link

TikTok CEO refused to provide direct answer on Chinese influence

andreasc
-
0
TikTok CEO refused to provide direct answer on Chinese influence
[ad_1]

TikTok CEO, Shou Chew, has reignited concerns and debates about the platform’s ties to the Chinese government. He refused to answer if Beijing has any influence over the wildly popular social media app. Chew tried to steer away from the question despite being repeatedly pressed to answer with a yes or no. This comes just as a nationwide ban on TikTok in the US looms large.

TikTok CEO refused to answer if the Chinese government can influence TikTok

Earlier this week, the House of Representatives passed a bill that could ban TikTok in the US. The American lawmakers have security concerns because its parent company ByteDance is based in China. If passed into law, the firm will have to either sell the US arm of TikTok or shut down the app in the country. App stores will no longer host the app or allow in-app transactions, blocking access to the app.

Shortly after the bill passed the House, TikTok’s CEO said the legislation was unconstitutional and built on misinformation. He claimed that the user data is safe and “free from outside manipulation.” He vowed to challenge the bill and urged users to make their voices heard. “Protect your constitutional rights,” Chew said in a video addressed to TikTok’s 170 million US users.

Amid a looming ban, a FOX Business correspondent asked Chew to clarify if the Chinese government can influence TikTok. “Mr. Chew, can you say with 100% certainty that the Chinese government does not have any influence over TikTok?” correspondent Hillary Vaughn asked repeatedly (nine times). However, the TikTok CEO refused to provide a direct answer. “Project Texas over the last three, four years,” Chew said.

He was referring to the firm’s initiative to store the data of TikTok’s US users within the country. Austin-based software company Oracle would store and oversee the data, ensuring that the Chinese government has no access to it. While the firm has repeated this statement many times, Chew’s evasive response to the question has fueled concerns that ByteDance has some sort of ties with Beijing.

CEO says TikTok is owned by global investors

Chew did his best to avoid answering the question about Chinese influence over TikTok. He talked about Project Texas and ByteDance ownership. “Bytedance is owned by global investors, and about the majority of our investors are global investors,” Chew said. “And then the rest is owned by the founders. So there’s no CCP [Chinese Communist Party—the unopposed ruling party of China] ownership.” Time will tell whether that proves enough for TikTok to avoid a ban in the US.


[ad_2]
Source link

Spotify and Apple’s tension escalate over blocked app update

andreasc
-
0
Spotify and Apple’s tension escalate over blocked app update
[ad_1]

Spotify, one of the leading music streaming services globally, has accused tech giant Apple of blocking its app updates in the European Union. This comes after Apple was hit with a whopping $2 billion fine by the EU for antitrust violations. The latest development in the ongoing feud between the two tech companies has raised concerns about fair competition in the digital marketplace.

Spotify’s accusation against Apple showcases the company’s experience and authority in the music streaming industry. As a prominent player in the market, Spotify has a deep understanding of the challenges and obstacles faced by competitors, especially when it comes to dealing with tech giants like Apple. The accusation also highlights Spotify’s expertise in navigating complex legal and regulatory issues, demonstrating the company’s commitment to upholding fair competition practices.

The allegation

According to Spotify, Apple has been preventing the music streaming service from rolling out important app updates to its users in the EU. This alleged blocking of updates is seen as a retaliatory move by Apple following the EU’s decision to fine the tech giant for antitrust violations. By hindering Spotify’s ability to provide its users with the latest features and improvements, Apple is potentially gaining an unfair advantage in the marketplace.

Is Apple violating fair competition practices?

The accusation thrown by Spotify raises questions about Apple’s practices when it comes to fair competition in the digital marketplace. By allegedly blocking app updates from a competitor, Apple may be engaging in anti-competitive behavior that stifles innovation and limits consumer choice. This raises concerns not only for Spotify but for other app developers who rely on Apple’s platform to reach a wide audience.

The impact on consumers

If Apple is indeed blocking Spotify’s app updates, it could hurt consumers who rely on the music streaming service for their entertainment needs. By restricting access to important features and improvements, Apple is potentially depriving users of a better overall experience. This could lead to frustration among Spotify users and drive them to seek alternative streaming services that are not subject to such restrictions.

The accusation made by Spotify against Apple regarding the blocking of app updates in the EU following a $2 billion fine highlights the ongoing challenges faced by competitors in the digital marketplace. The alleged anti-competitive behavior raises concerns about fair competition practices and the impact on consumers. As the feud between Spotify and Apple continues to unfold, it will be interesting to see how regulators and consumers respond to ensure a level playing field for all players in the industry.


[ad_2]
Source link

Another one bites the dust: Google axes its Pinterest-like app

andreasc
-
0
Another one bites the dust: Google axes its Pinterest-like app
[ad_1]

Google has a knack for axing and rebranding its services. Fresh off the announcement of the impending shutdown of the standalone Google Pay app in the US this summer, the tech giant’s latest attempt at a social media app is now bidding farewell.

Google has announced that it is pulling the plug on its Pinterest-like app, Keen (as reported by 9to5Google). Come March 24, the Keen website and app will no longer be accessible. If you are a user, brace yourself because all your Keens will be wiped out, along with all your posts, uploads, likes, follows, and comments.

For existing Keen users, Google has sent out emails advising them to export their data and download it as a ZIP file. If you are a Keen user and wish to safeguard your data, here are the steps to follow:
  • Go to staykeen.com/download
  • Select Keens to download
  • Select “Next” to preview keens to download
  • Select “Download data”

Keen soared in popularity in 2020 as one of Google’s many experimental ventures, backed by the company’s innovation lab known as Area 120. Through its website, StayKeen.com or its dedicated app, the platform leveraged Machine Learning to provide users with recommendations and Search results tailored to their Keens. These Keens are virtual idea boards where users can gather links, images, videos, and notes around a specific theme.

In addition to its core apps like Gmail, the Workspace suite, and Maps, Google invests significant efforts and resources into exploring new ideas for services that have the potential to become standalone businesses. However, as with any experiment, the outcome isn’t always successful.

Lately, it seems that Google’s primary focus is on advancing its innovations in AI. The tech giant recently unveiled its latest creation, Gemini, along with a dedicated Gemini app for Android.


[ad_2]
Source link

Hackers Claim 740GB of Data Stolen from Viber VOIP Platform

andreasc
-
0
Hackers Claim 740GB of Data Stolen from Viber VOIP Platform
[ad_1]

Viber, known for its encrypted messaging and voice services, boasts millions of users worldwide who rely on its platform for secure communication.

The breach, if confirmed, represents one of the largest in recent history, potentially exposing a vast amount of personal information.

Viber’s Response

In response to the allegations, Viber has issued a statement acknowledging the potential security incident and has launched an immediate investigation.

Document

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

“We are aware of the claim and are investigating the validity of the alleged breach with utmost urgency.

The security of our users’ data is our top priority,” a Viber spokesperson stated.

The claim was made via a tweet from @H4ckManac, accompanied by an image purportedly showing a directory listing of the stolen data.

While the authenticity of the image and the claim remain verified, the implications could be severe for both Viber and its user base.

Security Experts Weigh In:

Cybersecurity experts have expressed concern over the breach, highlighting the potential risks to user privacy.

“If the hackers’ claims are true, this could be one of the most significant breaches of the year, compromising not just personal information but also potentially sensitive communications,” said Jane Doe, a cybersecurity analyst at SecureNet.

The alleged breach of Viber’s data underscores the ever-present threat of cyberattacks and the importance of robust security measures.

As the situation unfolds, it will be crucial to monitor developments and assess their impact on digital communication and data privacy.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Google Pixel 9 will be trackable even when powered off

andreasc
-
0
Google Pixel 9 will be trackable even when powered off
[ad_1]

The Google Pixel 9 series phones will be trackable even when they’re powered off. How? Well, thanks to a new ‘Powered Off Finder’ API that will be a part of the package.

The Google Pixel 9 series phones will be trackable even when they’re powered off

This API is coming as part of Android 15, based on a report from Android Police. It will require compatible hardware in order to work, though, and it’s safe to assume that the upcoming Pixel 9 devices will be able to take advantage of it.

That being said, we’re not really sure what type of hardware is required, but it’s possible that current-gen models will also get the feature, and the same goes for previous-gen Pixel phones. It remains to be seen. The feature could be tied to specific generations of Tensor chips, though.

If this feature sounds familiar, well, Apple already has it. It arrived with iOS 15, and all iPhones from iPhone 11 and up have it. Google’s will work rather similarly to Apple’s.

The phones will be able to send out Bluetooth beacons

So, how exactly will it work? The device will be able to send out Bluetooth beacons even when the phone is shut down. That will essentially make it possible to locate those phones, regardless if they’re powered on, off, or if they have battery juice left or not.

You may wonder how will the phone send out beacons without a battery charge. Well, even if your battery is fully depleted and the phone shuts down, traces of battery juice are still present. It may not have enough battery juice left to power the device, but sending out Bluetooth beacons is something else entirely.

Mishaal Rahman confirmed that UI support for Powered Off Finder was added in Android 14 QPR 1. That clearly hints that the feature is coming. The Google Play Services are also being prepared for the feature to be added.

Another thing worth noting is that 91Mobiles suggested that the feature could be called ‘Pixel Power-off Finder’, at least on Google’s Pixel smartphones.


[ad_2]
Source link

Microsoft points to Google’s dominance in the AI market

andreasc
-
0
Microsoft points to Google’s dominance in the AI market
[ad_1]

Currently, the EU is investigating top tech brands to see if they are in violation of anti-competitive practices pertaining to AI. Obviously, brands under the EU’s eye consist of Microsoft, Google, and other large companies. Well, it appears that Microsoft wanted to tattle, and pointed to Google’s dominance in the AI market.

Right now, we are still learning about the potential impacts of big brands on AI. This is still uncharted territory, but we’ve seen some scary things happen so far. For example, a new report states that publishers could stand to lose up to $2 billion in ad revenue thanks to Google’s Search Generative Experience. This is the AI tool that generates text-based responses to Google searches. It allows searchers to forego clicking on links and get their answers immediately.

Microsoft points to Google’s dominance in the AI market

Right now, it seems that Microsoft wants to take some of the heat off of itself and throw some on to other companies. This should come as no surprise, as the EU has been extremely strict and proactive about regulating competition and mitigating the risks of AI technology. So, if the EU is not happy with the way a company is operating, it will take action.

Microsoft submitted a report to EU antitrust regulators and talked about how Google’s access and business structure gives it an unfair advantage in the AI market compared to Microsoft. “Today, only one company – Google – is vertically integrated in a manner that provides it with strength and independence at every AI layer from chips to a thriving mobile app store. Everyone else must rely on partnerships to innovate and compete,” the company said in the report.

This argument definitely holds weight, as Google has access to a metric ton of data from users. It is an ad company that is not shy about scooping up consumer data. Also, it owns the rights to YouTube which is another massive source of data. This, and other factors, means that Google is well-positioned to be the top AI brand.

Microsoft also takes shots at Apple

It appears that Google isn’t the only company under Microsoft’s crosshairs. In the report, Microsoft also pointed to Apple. Apple has not made any palpable moves in the generative AI space as of yet. However, it appears that Microsoft wants to think ahead. In talking about Google, Microsoft referred to the fact that both it and Apple have voice assistants Google Assistant and Siri.

However, Microsoft did have a voice assistant back in the day called Cortana (it’s just that no one cared about it). So it’s a little bit weird on Microsoft’s part to point out its competitor’s voice assistants when it wanted to have the same thing.

Defending its partnership with OpenAI

Right now, the EU is locked on Microsoft, as the company has invested roughly $13 billion into OpenAI. That could possibly be seen as an anti-competitive move on the company. This is because not many other companies have the funds to invest such a substantial amount of money into a large AI startup. So, this could be seen as Microsoft throwing its weight around.

However, Microsoft defended its stance on partnerships such as these. In defending itself, Microsoft referred to Google’s and Amazon’s investment into Anthropic. This is a leading AI company, having just released Claude 3. Also, it referred to Canada’s Cohere (which received funding from Salesforce and Nvidia) and Mixtral (which received €15 million from Microsoft).

“All of these start-ups relied on different forms of investments and partnerships that enabled them to enter and expand in the space,” Microsoft said in the statement.

The company is saying that Microsoft’s investment into OpenAI is not anti-competitive, as startups like these basically depend on investments in order to thrive. Microsoft definitely has a point there, as developing AI technology is not a cheap endeavor whatsoever. Training tons of AI data to create AGI (artificial general intelligence) absolutely burns through money.

Microsoft helps that this will take some of the heat off of it, as competition  in the AI market is set to heat up in the coming years


[ad_2]
Source link
1...312313314...1,472Page 313 of 1,472