You are not alone, Facebook, Instagram, Messenger and Threads are down worldwide.
Users of Meta Platforms’ services, including Facebook, Instagram, Messenger, and Threads, are currently experiencing difficulties accessing their accounts. Reports indicate a widespread outage impacting individuals globally.
Starting around 4:30 PM GMT, a surge in user reports on Downdetector, a platform tracking online outages, signaled login issues across all four platforms. Users attempting to log in have encountered error messages, with some being logged out unexpectedly. The problem appears to be affecting users on both desktop and mobile applications.
Instagram error (screenshot: Hackread.com)
Meta Platforms has yet to acknowledge the outage on its official communication channels officially, but it’s expected that the company is actively investigating the cause of the issue.
The full extent of the outage remains unclear, but it’s evident that it’s not limited to just Facebook. Downdetector is currently swamped with user reports for all four affected platforms, suggesting a significant disruption to Meta’s services.
Here’s what we know so far:
The outage began around 4:30 PM GMT.
Both desktop and mobile platforms seem to be affected.
Meta Platforms has not yet officially acknowledged the issue.
Users across the globe are facing problems accessing Facebook, Instagram, Messenger, and Threads.
This is a developing story, and we will update this article as more information becomes available. We advise users to monitor Meta’s official channels for further updates and avoid attempting repeated logins to prevent potential account security issues.
American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.”
In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered the breach.
The account information of some card holders may have fallen into the wrong hands. The accessed information includes account numbers, names, and card expiration dates.
Further details about which merchant processor was involved and how, are not available at the time of writing.
American Express said it notified the required regulatory authorities and is alerting impacted customers. The company also told BleepingComputer that if a card member’s credit card is used to make fraudulent purchases, customers won’t be responsible for the charges.
American Express is advising customers to carefully review their account for fraudulent activity. Below are some steps you can take to protect your account.
Login to your account at americanexpress.com/MYCA to review your account statements carefully and remain vigilant in doing so, especially over the next 12 to 24 months.
If your card is active, sign up to receive instant notifications of potential suspicious activity by enabling Notifications in the American Express Mobile app, or signing up for email or text messaging at americanexpress.com/accountalerts.
Make sure American Express has your correct mobile phone number and email address so the company can contact you if needed.
If you receive an email relating to American Express that you believe could be fraudulent, immediately forward it to UKemailfraud@americanexpress.com. Do not include your account number in the email.
Beware of scammers
Scammers are always on the lookout for data breaches as it presents an opportunity for phishing. There are a few tips to keep in mind.
American Express will never ask for sensitive account details by email or phone.
Do not install software when asked out of the blue, especially if it reaches you as an email attachment.
Scammers will always invoke a feeling of urgency. Don’t let scammers rush you into making wrong decisions.
Keep your anti-malware software and security patches up-to-date to prevent fraudsters accessing your details via your computer.
If you’re an Android user, be wary of screen overlays on your devices that could capture entered information while you think you are in the actual app. Screen overlays are hard to recognize but on Android you can check Settings > Apps & notifications > Special access > Draw over other apps. (Note that the path may be slightly different depending on your Android version and the phone vendor.) Once there you can review all apps that have the option to “draw over” other apps and see whether or not they have the permission to do so.
Data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Set up identity monitoring.Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
If you want to find out how much of your own data is currently exposed online, you can try our free Digital Footprint scan. Fill in your email address (it’s best to submit the one you most frequently use) and we’ll send you a report.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.
Samsung‘s March update is widely rolling out to the Galaxy S24 series in the US. The update is available nationwide for carrier-locked and unlocked units across all major networks. It brings over 40 security fixes, including patches for at least two critical Android OS vulnerabilities.
Galaxy S24 widely getting the March update in the US
Samsung released the March 2024 security update for the GalaxyS 24 series on the first day of the month. The rollout began in Europe and soon expanded to other regions. While it isn’t yet available globally, users in the US can now download the latest release regardless of their device variant or network provider.
This update for the carrier-locked Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra bears the firmware build number S928USQS1AXBG in the US. It is S928U1UES1AXBG for unlocked units. International versions of the phones also received the same build (AXBG). Like in other regions, Samsung’s official release notes in the US also only mention the latest security fixes.
While patch details weren’t available on March 1, the company has now published the content of its latest SMR (Security Maintenance Release) for Galaxy devices. It patches two critical and more than 30 high-severity Android OS vulnerabilities. Additionally, the new security release contains patches for nine Samsung Vulnerabilities and Exposures (SVE) items.
SVEs are security issues exclusively affecting Samsung’s Android products. The Korean firm patched issues with AppLock, bootloader, CustomFrequencyManagerService, and other system services. If you have yet to receive this update on your Galaxy S24, you should soon. You can check for new updates from the Software update menu in the Settings app that comes preloaded on the phone.
Don’t expect anything more than the latest security patches, though. The first update, which rolled out just a few weeks ago, brought camera improvements and other fixes to the Galaxy S24 lineup. Samsung may be working on a new feature update but this one is all about security enhancements. It will keep your Galaxy S24 safe from the latest Android OS and Galaxy vulnerabilities.
Other Galaxy devices will soon get this update
The Galaxy S24 series is the first to receive Samsung’s March security update. The company has yet to expand the release to other models. However, it is just a matter of time now. The new SMR will soon roll out to the likes of the Galaxy S23, Galaxy Z Fold 5, Galaxy Z Flip 5, Galaxy A54, and more. You can check for software updates anytime from the Settings app.
Right now, the New York Times is at war with OpenAI, and Microsoft, not too long ago, the company filed a lawsuit against OpenAI and Microsoft alleging that the companies’ LLMs use the New York Times’ copyrighted works and reproduces sections of them verbatim when prompted. This could constitute copyright infringement and may impact the publication’s revenue. Well, Microsoft is fighting back against the New York Times.
The New York Times shares the same concerns that many people and publications share on the matter of artificial intelligence. Right now, the legality of using copyrighted material to train LLMs is still up in the air. The legal system is still trying to figure out how to go about this topic. So, until then, more lawsuits like these are sure to pop up.
Microsoft fights back against the claims presented by the New York Times
We’re not sure how long this case is going to drag on. Both sides presented strong cases. Now, according to the report, Microsoft wants the court to dismiss certain parts of the New York Times’ case against it and OpenAI. The company officially filed a motion to dismiss them.
In total, Microsoft wants the court to dismiss three parts of the claim. Firstly, Microsoft wants the court to dismiss the accusation that both companies misappropriated time-sensitive breaking news. Next, it wants the court to dismiss the New York Times’ accusation that the companies committed end-user copyright infringement through ChatGPT and other chatbots. At this point, we don’t know the third part that Microsoft wants the court to dismiss.
Microsoft is accusing the New York Times of pushing “doomsday futurology,” by saying that their technology poses a threat to independent journalism. While this sentiment has a ton of ground to it, Microsoft is unmoved. The company then echoed the accusation that The New York Times used unrealistic prompts to coax ChatGPT into reproducing sections of the New York Times’ work.
Also, Microsoft referred to the entertainment industry’s fight against the VCR back when it was a new technology. The company said that it helped the entertainment industry flourish. Microsoft is saying that AI technology could help the independent journalism industry flourish in much the same way.
However, it’s extremely hard to see how that’s possible with AI creating a fast track to generate articles and bypass actual news outlets.
ChatGPT app can now read its responses aloud in various voices and languages
Improves accessibility for visually impaired users and potentially makes interactions more engaging for everyone
This is part of a larger trend of AI assistants becoming more sophisticated and integrated into smartphones
Last year, OpenAI dropped the ChatGPT app, making chatting with the AI-powered bot on smartphones a breeze. It’s been getting cool updates since, and we even hinted at a possible ChatGPT widget for Android. Well, now there’s more. OpenAI just released a Read Aloud feature for the ChatGPT app on both iOS and Android devices.
ChatGPT can now read responses to you.
On iOS or Android, tap and hold the message and then tap “Read Aloud”. We’ve also started rolling on web – click the “Read Aloud” button below the message. pic.twitter.com/KevIkgAFbG
Now, you can have the chatbot read out responses in one of five voice options. To use it, tap and hold the chat bot’s text response, then hit “Read Aloud.” Play, pause, or rewind as needed. This feature is also available on the web version of ChatGPT. It levels up voice-based interaction, adding to the Voice Chat feature introduced last year, letting you talk to the bot instead of typing.According to MacRumors, Read Aloud supports 37 languages and can automatically detect the language it is reading. OpenAI’s aim? Boost accessibility for users with visual impairments or reading challenges and amp up engagement by personalizing interactions and aiding language learning.
ChatGPT, created by OpenAI, has been a major player in the AI space, directly competing with Google’s Gemini. Speaking of which, Google just launched its standalone Gemini app, exclusive to Android for now.
AI is making waves in the mobile industry, with many smartphone makers jumping on the bandwagon. Google was the trailblazer, bringing AI into its latest Pixel 8 series. Samsung quickly followed suit, introducing Galaxy AI with its latest flagship Galaxy S24 series. Rumors are swirling that Apple is gearing up to integrate AI into its upcoming iPhone 16 series.
Threat actors use hacked domain control to host malicious content by leveraging legitimate domains to evade detection by security measures.
Anti-AV tactics are employed to bypass the antivirus software and tools that enable the execution of malicious code without detection.
Together, all these tactics enhance the stealth and effectiveness of cyber attacks, allowing threat actors to compromise systems and steal sensitive information more easily.
Recently, cybersecurity researchers at Trend Micro discovered that RA World (previously the RA Group) ransomware has been attacking Windows using hacked domains and Anti-AV tactics.
RA World Ransomware Attack
The RA World ransomware, once known as the RA Group, broke into global organizations in April 2023.
Researchers identified that this ransomware group mainly targeted US firms, but besides the US firms, it also struck in-
This ransomware group mainly targets healthcare, insurance, and financial businesses.
RA World operators’ breach through compromised domain controllers allowed the components in SYSVOL to be dropped for GPO.
The deployment of Stage1.exe via PowerShell indicated altered Group Policy settings enabling script execution.
The malware may have infiltrated Group Policy, allowing it to run on multiple machines within the domain.
Attack chain (Source – Trend Micro)
Here, Stage1.exe scans for the domain controllers by halting if conditions are met, like the matching host names.
It also checks for Finish.exe and Exclude.exe in %WINDIR%\Help, which indicates the past compromise or exclusion.
Stage1.exe (Source – Trend Micro)
Ransomware checks for Stage2.exe in %WINDIR%\Help.
If absent then it copies pay.txt and Stage2.exe from a hardcoded SYSVOL Path which indicates a targeted attack with a company domain name.
This strategy involves initial payload presence on one machine, then execution on others via Group Policies which helps in revealing a multi-stage approach to compromise the network targeted.
T1543.003 – The program checks for safe mode, then creates MSOfficeRunOncelsls service with Stage2.exe, configuring it for Safe Mode with Networking.
T1562.009 – It configures BCD for Safe Mode, starts the machine. If already in Safe Mode, Stage2.exe decrypts pay.txt to Stage3.exe, the ransomware payload.
T1070.004 – After execution, cleanup deletes remnants and creates registry keys.
In stage 3 the RA World ransomware (Stage3.exe) deploys and drops the Finish.exe which creates the mutex.
The ransom note includes a list of recent victims of extortion tactics.
Ransom note (Source – Trend Micro)
T1485 – RA World deploys SD.bat to wipe the Trend Micro folder by using WMIC for disk info and leaving a log.
Besides this, T1070 – After deletion, the ransomware removes Safe Mode with the Networking option. T1529 – It forcibly reboots the computer.
Babuk ‘retired’ in 2021, but leaked source code fuels new threats like RA World. Combined with Ransomware-as-a-Service, this lowers the entry barrier for less skilled cyber criminals.
Recommendations
Here below we have mentioned all the recommendations:-
Limit administrative rights to employees.
Keep security products updated.
Back up essential data routinely.
Exercise caution with emails, attachments, URLs, and program execution.
Encourage users to report suspicious emails and files promptly.
Regularly educate users on social engineering risks.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter
Watch out for the new CHAVECLOAK banking Trojan as it spreads its infection through SMS phishing (SMishing), phishing emails, and compromised websites.
Cybersecurity researchers at FortiGuard Labs have discovered a high-severity Trojan, dubbed CHAVECLOAK, targeting Brazilian banking users. The malware targets Windows devices and accesses online banking platforms, stealing their banking credentials and financial information.
The CHAVECLOAK infection method is under investigation, but researchers suspect potential distribution channels include phishing emails, SMS phishing, and compromised websites.
According to the company’s blog post, the campaign involves malicious emails disguised as legitimate bank communications that could trick users into downloading malware. It then targets unsuspecting users utilising Portuguese language settings, DLL sideloading, and deceptive pop-ups. It actively monitors victims’ interactions with financial portals.
It is worth motioning that DLL sideloading poses a huge security risk because it allows the malware to exploit legitimate processes without raising suspicion or getting detected.
The malware controls victims’ devices and collects sensitive financial information through a malicious PDF file, claiming to contain contract documents with Portuguese instructions. However, it has a malicious downloader link, which is processed via Goo.su and redirects to a ZIP file, resulting in the MSI file “NotafiscalGFGJKHKHGUURTURTF345.msi.”
When decompressed, the MSI installer revealed multiple TXT files, a legitimate execution file, and a malicious DLL named “Lightshot.dll.” The DLL file’s modified date is more recent than the other files. The installer executes the file “Lightshot.exe” and uses DLL sideloading techniques to execute the malicious DLL. This lets the legitimate executable run the malicious code discreetly, enabling unauthorized activities like data theft.
Additionally, the malware uses the “GetVolumeInformationW” process to gather file system and volume information, generates a log file, and executes the “Lightshot.exe” program upon user login. It sends HTTP requests, logs data, and monitors the foreground window using the APIs “GetForegroundWindow” and “GetWindowTextW.”
The malware then communicates with its C2 server, facilitating actions to steal a victim’s credentials, blocking their screen, logging keystrokes, and displaying deceptive pop-up windows.
Further, it actively monitors access to financial portals, including Mercado Bitcoin, the largest digital currency exchange in Brazil and Latin America, which combines conventional and cryptocurrency platforms and traditional banks.
The emails with a Docu file containing a malicious PDF file (left) – Alert in Portuguese language stating “Verifying that your computer is secure to access your account.” (right) – Screenshots: FortiGuard Labs
The stolen information is uploaded to different paths. The malware configures account information and sends a POST request. The malware actively monitors victims’ interactions with financial portals, highlighting the sophistication of contemporary banking trojans.
To protect yourself from CHAVECLOAK and similar banking trojans, be cautious with emails and SMS, verify website legitimacy, enable two-factor authentication (2FA), use strong passwords, and regularly update your operating system, web browser, and security software to address known vulnerabilities. Avoid clicking on suspicious links or attachments, and double-check website URLs for typos or minor variations.
Earlier today, Samsung announced that the Gaalxy A55 and Galaxy A35 will debut on March 11. While the official launch is still a few days away, two European retailers have jumped the gun. French telecom company Orange and Polish electronics retailer RTV Euro AGD listed the upcoming devices on their websites with detailed specs.
European retailers have prematurely listed the Galaxy A55 & A35
After a series of leaks, Samsung today confirmed that the Gaalxy A55 and Galaxy A35 will go official on Monday, March 11. The launch event will take place in India. The company didn’t reveal the release date for the phones. It usually opens sales in most global markets about a week after the launch. The US release comes a week or two after that.
While we wait for the official unveiling next Monday, some European retailers can’t seem to wait. Orange and RTV Euro AGD have already published product pages for the Galaxy A55 and Galaxy A35 on their official websites. The listings don’t have a release date or price details but contain detailed specs of the duo. Orange has even named the unannounced Exynos 1480 processor powering the A55.
If these listings are accurate, the Galaxy A55 won’t bring a camera upgrade over the Galaxy A54 but will feature a larger display. It is said to come with a 6.6-inch Super AMOLED panel with a 1080×2340 pixels resolution. Earlier leaks said the screen will boast a 120Hz refresh rate and 1,000 nits of peak brightness. The device measures 161.1 x 77.4 x 8.2mm in dimension and is expected to feature a metallic frame.
The Exynos 1480 chipset will be paired with at least 6GB of RAM, with leaks hinting at 8GB and 12GB RAM variants as well. Storage options may include 128GB and 256GB, though we wouldn’t rule out the possibility of a 512GB model. The Galaxy A55 will pack a 5,000mAh battery, likely with 25W fast wired charging. You also get IP67 dust and water resistance and an under-display fingerprint scanner.
Galaxy A35 gets a camera upgrade
These leaks from European retailers confirm a camera upgrade for the Galaxy A35. It features a 50MP primary shooter (Galaxy A34 has a 48MP main camera). Samsung has equipped the device with the Galaxy A54’s Exynos 1380 processor. The rest of the setup is largely unchanged, including the build quality. Unlike the Galaxy A55, it doesn’t have a metallic frame. Stay tuned for the official launch next Monday.
Huawei has previously sued Amazon in Germany over WiFi patent infringement. But Alan Fan, Head of Huawei’s Intellectual Property Rights Department, confirmed that the recent partnership resolved the pending lawsuit.
Amazon & Huawei sign patent licensing deal
“Patent licensing expands the number of companies that can use what otherwise would be proprietary technologies, which, in turn, provides consumers with more innovative products and services.” Fan added.
Huawei’s official also stated the patent deal with Amazon shows American and Chinese companies are collaborating “without limitations in standards and patent licensing.”
Scott Hayden, Vice President of IP for Amazon, also noted the retailer “respects Huawei’s efforts to license its patents to companies like Amazon, which frequently use industry technical standards when inventing new products and services for customers.”
Huawei is yet to disclose the details of its agreement with Amazon. The US government is also expected to react to the deal and request an explanation from Amazon. The giant retailer might have to back off the deal if the corporation violates US trade restrictions against Chinese companies.
Huawei’s patent portfolio is wildly growing
Simultaneously, Huawei announced a cross-licensing patent deal with Vivo, another Chinese OEM. The agreement provides Vivo with communication technologies to deploy 5G connectivity. Huawei has similar patent deals with Xiaomi and Oppo.
When it comes to 5G patents, Huawei holds the rights to some of the most advanced technologies. The firm’s patent portfolio became even richer in 2021 after acquiring over 90 patents from Blackberry.
A new study dubbed ComPromptMized, warns of zero-click worms exploiting generative AI, spreading through systems sans user interaction, and posing data theft risks. Experts stress urgent AI security measures.
Researchers have recently unveiled findings indicating the creation of a computer worm capable of targeting generative AI-powered applications. This revelation comes amidst growing concerns over the security of artificial intelligence systems.
In a collaborative effort led by Stav Cohen from Technion – Israel Institute of Technology, Ron Bitton from Intuit, and Ben Nassi from Cornell Tech, the team developed and tested this novel worm against popular AI models, including Gemini Pro (previously Bard AI), ChatGPT, and LLaVA.
While the study highlights the potential malicious applications of such technology, it also echoes a warning issued last year by Europol regarding prompt engineering and jailbreaking of AI chatbots.
The research suggests that attackers could exploit this worm to manipulate AI models into replicating malicious inputs and engaging in harmful activities. One alarming demonstration involved the worm attacking generative AI email assistants, effectively stealing email data and distributing spam.
The mechanism behind the worm’s operation is intriguing yet concerning. By introducing specific text into an email, attackers could “poison” the databases of certain email application clients. This manipulation could then prompt models like ChatGPT and Gemini to replicate the malicious input and extract sensitive user data from the context.
In their study dubbed ComPromptMized, the researchers explored various scenarios, including both black-box and white-box accesses, and tested the worm’s effectiveness against different types of input data, such as text and images. The findings underscore the potential threats posed by such attacks on the burgeoning GenAI ecosystems.
The implications of this research extend beyond theoretical concerns. As more companies integrate generative AI capabilities into their applications, the risk of exploitation becomes increasingly tangible. The ability of malicious actors to leverage AI technology for nefarious purposes underscores the urgent need for robust security measures in AI development and deployment.
Beth Linker, Senior Director of AI & SAST at the Synopsys Software Integrity Group, emphasized the significance of this research, stating, “This attack highlights the vulnerability of GenAI-powered proactive agents as a potential target for exploitation. With the proliferation of new AI-driven tools promising to streamline our digital interactions, it is crucial for organizations to carefully consider the permissions granted to these tools and implement robust safety measures.”
While the research provides valuable insights into the vulnerabilities of generative AI systems, it also serves as a call to action for stakeholders across various industries. As we continue to embrace the benefits of AI innovation, it is imperative to remain alert against emerging threats and prioritize the development of strong security protocols.
.webp)
.webp)
.webp)
