ThreatDown EDR update: Streamlined Suspicious Activity investigation  

0
[ad_1]

Navigating the complex world of alerts just got easier, thanks to our latest enhancements to the ThreatDown Endpoint Detection and Response (EDR) platform. 

The detailed technical information in EDR alerts—replete with complicated diagrams and references to advanced cybersecurity tactics—can overwhelm even seasoned professionals, let alone those with less experience. With our latest update, however, we’ve tackled this challenge head on. 

Let’s dive further into how our new Incident Summary and Timeline updates make the investigation process more straightforward and accessible. 

Incident Summary and Timeline updates

ThreatDown EDR’s enhancements include two key features: an incident summary that cuts through the jargon and an interactive timeline for a clearer understanding of each alert.  

The incident summary translates the complex strategies and objectives of cyber threats in straightforward terms. For example, it may indicate the threat actor was “disabling security software” or “collecting credentials”— instead of using technical MITRE ATT&CK terminology that requires extra research. 

With this new, high-level narrative, analysts and customers have a framework to understand what potentially sensitive behaviors triggered an alert without delving into specific process names or registry keys. It can help quickly differentiate suspected malicious incidents from false positives and focus resources appropriately. 

The interactive timeline adds another layer of clarity, presenting a chronological sequence of events related to the alert, each marked with a timestamp and color-coded based on severity. Additional details, such as the processes involved and user accounts, are available with a simple click. 

Users can also scroll through to spot patterns and grasp the incident’s narrative in a unified view, avoiding the complexity of connecting disparate alerts.  

While technical details remain available below for more in-depth information, the new summary and timeline features can help users quickly kick off an investigation or close benign alerts.  

The best of both worlds for ThreatDown users 

By merging simplified language with user-friendly features, ThreatDown EDR’s latest updates reduce the time analysts and customers need to understand alerts—ultimately accelerating the detection and resolution of real threats.  

Not a current user but want to learn more?  Get a free trial of ThreatDown Bundles today.


[ad_2]
Source link

Android might make Google Keep accessible from the lock screen

0
[ad_1]

In the version of Android, you’re able to assign lock screen shortcuts. Swiping on your shortcuts will allow you to quickly open an app right from the lock screen. Well, it appears that Android will allow you to assign a note-taking app shortcut to the lock screen. Also, it appears that Google Keep may be an early option.

It seems pretty odd that Android is taking so long to flesh out its lock screen shortcuts. Back before One UI, Samsung’s TouchWiz allowed users to set multiple apps as shortcuts on the lock screen. The same thing goes for LG phones which allowed you to assign up to five apps to be assigned as shortcuts.

Now, at least on stock Android, it seems that Google is slowly introducing the ability to assign lock screen shortcuts. It’s just very odd to see.

Google’s working on a note-taking app shortcut for the lock screen

This functionality was hinted at back in December. 9To5Google reported that Google wanted to allow apps to be designated as the system note-taking app. This will be a default function, and allow users to automatically open a new note from the designated app by simply swiping on the lock screen. The beauty of this is that when you swipe on the shortcut, it will automatically open a new note rather than just opening the app itself. So, you’ll be able to get typing quicker.

In version 5.23 of Google Keep, people were able to enable a lock screen feature via the developer options. However, in the latest version of the app, version 5.24.042.07.90, users don’t see the same option. When trying to enable the lock screen function, users are met with a screen telling them that the feature is coming soon.

How this feature will work

According to reports, when selecting a new shortcut for the lock screen, you’ll have the option to designate a system note-taking app. When you choose Google Keep, and you swipe on the lock screen shortcut, you’ll see the new note pop up in a floating window. Then, you’ll be able to start typing your note right away.

In Google Keep version 5.23, we saw some of the settings for this feature. One setting will allow the system to retain the last note you’ve written for a certain amount of time. So, if you use the shortcut within that amount of time, you will see the last note that you’ve written. This is a quick way for you to access that note without having to go through the app itself.

Hopefully, more developers will come on board with this feature and format their apps so that they can start a new note when the shortcut is swiped. Google Keep is a great note-taking platform, but it’s not the only one. There are other great note-taking apps like Bundled Notes.


[ad_2]
Source link

Galaxy Ring to launch alongside new foldables, come in 8 sizes

0
[ad_1]

Samsung is gearing up to launch its first smart ring later this year. The Galaxy Ring might debut alongside the new foldables in July. The company reportedly plans to release it in eight different sizes. It wants to make early inroads into this new category of smart wearables, a market projected to grow exponentially over the next few years. Apple is also working on similar products.

Samsung’s Galaxy Ring may be available in eight sizes

After countless leaks and rumors, Samsung officially announced the Galaxy Ring during the Galaxy S24 launch last month. However, it didn’t reveal many details. The company showed its design and said the device was on the way. A Samsung executive subsequently confirmed that the first-gen smart ring would go official in the second half of 2024 but shed no light on its specs, release date, and pricing.

In the meantime, a tech analyst revealed that the Galaxy Ring will come in three colors and many sizes (up to size 13). It will also be extremely lightweight, though the weight might vary depending on the size. Korean news outlet ET News now reports that Samsung will release the smart ring in eight sizes. If both reports are accurate, we might be looking at sizes from 6 to 13.

The publication further states that the Galaxy Ring has entered the prototype production stage. Samsung will begin full-scale mass production of the device in the second quarter. The company plans to launch it “at an Unpacked event in the second half of July.” That is when the Korean firm is expected to host the second Unpacked of the year for the Galaxy Z Fold 6 and Galaxy Z Flip 6.

Samsung is projecting the Galaxy Ring as a comprehensive fitness tracker and health monitoring solution for people who don’t like wearing a smartwatch all the time, like during bedtime. “We decided to launch the ring because we believe it is essential to complete digital health in a form factor that can be conveniently worn for a long time,” its chief of mobile business TM Roh said last month.

Apple is also working on a smart ring

Smart rings have been around for a few years now. Oura debuted its first-gen model in 2016. However, the market has yet to pick up traction, likely because no big player has entered the scene. The arrival of Samsung’s Galaxy Ring later this year might give the smart ring industry a much-needed push. Along with health features, these devices can serve as remote controllers for other connected devices and offer contactless payment services via NFC.

Samsung may not be the only major tech firm interested in smart rings, though. Its arch-rival Apple also has a similar product in the pipeline. The iPhone maker has filed numerous patents related to smart ring technologies in recent years. Industry experts believe the company will launch its first-gen model in a few years. Google is also showing interest in smart rings. The market is projected to grow at a CAGR (compound annual growth rate) of 25.4% between 2022 and 2032.


[ad_2]
Source link

YouTube crowned as top streaming service in America for the past year

0
[ad_1]
YouTube has solidified its position as the leading streaming service in America. According to Nielsen, the global powerhouse in audience measurement, YouTube has held the #1 spot in watch time for a full year. This translates to 12 months of users regularly turning to the platform for content from YouTubers, artists, and other media sources.YouTube shared the news today on its blog, and attributes this honor to the platform’s unique strengths that keep viewers continuously engaged and returning. Now that traditional boundaries between professional and user-generated content are blurring, audiences are more driven than ever to the platform. In a recent letter to the community, YouTube CEO Neal Mohan stated: “When I started at YouTube, people thought about content from major studios and content from creators as entirely different. But today that stark divide is gone.”
Video Thumbnail

Furthermore, YouTube also gave credit to the power of its creators and immersive experiences. It recognized that viewers appreciate the authenticity and connection they experience with the broad and diverse spectrum of creators currently on the platform. The definition and perception of what a content creator represents is always evolving, and right now the fact that the creators on the platform are not exactly as polished as Hollywood celebrities, but rather have that personal and real quality, is what resonates with the audiences.


YouTube’s rise in television viewership also signals a shift in viewing habits. According to Nielsen, the platform boasts a remarkable average of over 1 billion hours of daily TV content consumption. The number of creators receiving the bulk of their views on TVs has also seen a dramatic 400% increase, and the popularity of YouTube Shorts on connected TVs has surged by over 100% between January and September 2023.

YouTube’s recent updates to its content experience on mobile, desktop, and the living room, show a commitment by the platform to remain in the number one spot. It remains to be seen if YouTube will continue to hang on to the crown and if more changes are on the way to make this a longer reign.

[ad_2]
Source link

13,000 Users Saw Footage from Others’ Homes

0
[ad_1]

The privacy breach, as per Wyze, occurred when it was restoring cameras, causing customers to see mysterious images/video footage in their Events tab.

On Friday, Wyze cameras reportedly allowed a whopping 13,000 customers to access unauthorized images and video from cameras installed in other homes. Reports began surfacing among Wyze Discord users as early as 4 AM ET, spreading rapidly by 6 AM ET. By 1 PM ET, some Wyze owners reported their devices were back online.

The privacy breach, as per Wyze, occurred when it was restoring cameras, causing customers to see mysterious images/video footage in their Events tab. The company disabled access to this tab and initiated an investigation. 

According to co-founder David Crosby, the issue initially impacted 14 customers and escalated to 13,000 customers. Wyze blamed the outage on a technical glitch due to an Amazon Web Service partner issue but has not provided details. The company sent an email titled “An Important Security Message from Wyze” to customers to apologize and share details.

“The outage originated from our partner AWS and took down Wyze devices for several hours early Friday morning. If you tried to view live cameras or Events during that time, you likely weren’t able to. We’re very sorry for the frustration and confusion this caused,” Wyze’s email read.

Wyze claims the incident involved a third-party caching client library, which was impacted by high load conditions and devices’ simultaneous online activity. The library mixed up device ID and user ID mapping, connecting data to incorrect accounts. Wyze blocked the Events tab and added a verification layer for the app’s Event Video section. Despite that Wyze noted that 99.75 percent of accounts remained unaffected, however, users have reported seeing thumbnails and Event Videos from other cameras.

It is worth noting that this is the second incident involving Wyze customers seeing feeds from un-owned cameras through its online viewer. In September, 2,300 people were able to see 10 strangers’ feeds for 40 minutes.

Wyze blamed a “web caching issue” for the issue and implemented technical measures to prevent recurrence. Bitdefender also disclosed security vulnerabilities with Wyze cameras in 2022, which allowed hackers to access feeds from un-owned cameras and strangers’ SD cards.

However, Wyze isn’t the only company experiencing data leaks or breaches. Security cameras frequently become targets of hacking and are prone to vulnerabilities leading to private data exposure. In September 2023, a Vietnam-based group was discovered selling private footage from hacked cameras, advertised as “dark corners” and “hot scenes.” The breach was attributed to poor password hygiene.

To protect your security camera, ensure regularly updating firmware, using strong and unique passwords, securing your home network with Wi-Fi passwords and WPA3 encryption, and avoiding using a device with default credentials.

  1. ThroughTek Flaw Exposed Millions of IoT Cameras to Spying
  2. Whitehat hacker shows how to detect hidden cameras in hotels
  3. 3TB of clips from exposed home security cameras posted online
  4. This creepy site shows live footage from 73K Private Security Cameras
  5. Israeli Rabbi arrested for hacking CCTV cam at women’ bathing suit shop

[ad_2]
Source link

Reddit Signed $60,000,000 Content Licensing Deal

0
[ad_1]

Reddit, the popular social media platform known as the “front page of the internet,” has reportedly signed a significant content licensing agreement with an undisclosed AI company.

This $60 million deal is poised to impact AI research substantially, Reddit’s impending initial public offering (IPO), and the AI company involved.

Document
Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

Impact on AI Research

The licensing agreement allows the AI company to use Reddit’s vast repository of user-generated content to train its AI models.

This could significantly advance the development of more sophisticated AI algorithms. Reddit’s content is diverse and extensive, with a built-in user engagement system through upvotes and downvotes.

The deal underscores the growing importance of high-quality, human-moderated data in the evolution of AI technologies.

As Reddit prepares for a $5 billion IPO debut in March, this deal could be a strategic move to demonstrate to investors the platform’s untapped potential for revenue generation, reads the Bloomberg report.

By capitalizing on the current AI boom, Reddit is a valuable partner for tech companies seeking to enhance their AI capabilities. This partnership may also serve as a model for future contracts, potentially opening new revenue streams for Reddit.

While the AI company remains unnamed, the partnership indicates the tech industry’s increasing reliance on legitimate data sources to train AI models. 

The deal could set a precedent for how social media platforms and AI companies collaborate, ensuring that AI development is fueled by legally obtained and ethically sourced data.

User Reaction and Ethical Considerations

The decision to license user content has sparked debate over the ethics of using public data to train AI. 

Reddit’s community has previously expressed concerns about the platform’s business decisions, and this latest move could generate further discussion about user privacy and the ownership of digital content.

Reddit’s content licensing deal marks a pivotal moment in the intersection of social media and AI technology. It highlights the platform’s strategic initiatives ahead of its IPO and underscores the importance of ethical considerations in AI development.

As the AI landscape evolves, partnerships like this could become increasingly common, shaping the future of AI research and social media companies’ business models.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Leaked images show a Vivo X Fold 3 controlling macOS

0
[ad_1]

There’s a pretty well-defined line between Apple products and other products. iOS, iPadOS, and macOS exist only on Apple’s devices, but that’s not stopping some companies from blurring the line. According to a new leak, it appears that the Vivo X Fold 3 will be able to clone and remote control macOS.

This honestly sounds more like a clever engineer experimenting with adding absurd software to phones rather than a legitimate feature. We’ve seen this many times before with people loading full Windows 11 until a Pixel 6 or porting Wordle into a Game Boy. However, this is not the case this time.

Vivo X Fold 3 users might be able to remote control their macOS devices

This information comes to us from a leak, so you’ll definitely want to take it with a grain of salt. We’re talking about information that has not been officially confirmed by the company. At any point, something could change before the official launch.

Ice Universe made a post on the Chinese social media site Weibo, and it shows us some interesting pictures. We see an image of a foldable phone, which is the Vivo X Fold 3. However, looking at the interface, we see something pretty odd. On it, we actually see it running a full macOS interface.

Now, this isn’t a case of a person hacking or modding the phone and loading macOS onto it. The phone is merely mirroring the macOS from a Mac computer. Also, the phone is actually able to remote control it. So, technically, the phone isn’t running macOS. However, it may as well be.

According to reports, this is all because of a few features within the Vivo X Fold 3’s software. We are unaware of what these features are, but they facilitate this functionality.

Right now, we’re still following leaks and rumors surrounding this upcoming phone, and we’re really excited about it. It appears that this phone will be an absolute beast when it launches. It’s a phone, just like the OnePlus Open (Review), that will really give Samsung a run for its money. We expect Vivo to launch this phone around the end of the first quarter of 2024, so there’s not much more time to wait


[ad_2]
Source link

Apple warns against drying your iPhone in rice

0
[ad_1]

In an attempt to prevent water damage, a lot of iPhone users resort to the time-tested method of placing their damp phone inside a bag of rice. Apple is now cautioning against this common do-it-yourself technique, claiming it can cause more harm than benefit.

The risks of drying your wet iPhone in rice

Many people’s first response when their iPhone gets wet is to go for a bag of rice, whether from dumping it in the sink or getting caught in a downpour. Using rice to absorb moisture from the phone and aid in its drying out is the theory behind this approach. Rice fragments may easily become lodged in the ports of the device and cause more harm, thus Apple has released a statement warning against this behavior.

Grains of rice have the potential to damage your iPhone’s internal components as well as obstruct the charging port and headphone socket. This might eventually cause your iPhone to become irreparably damaged due to rust and more water damage.

 

What you should do instead?

So what should you do if your iPhone gets wet? Apple recommends following these steps:

Disconnect the iPhone’s cable and the other end of the cable from the accessory or power adapter. Make sure, until both your iPhone and the cord are entirely dry, avoid plugging them in again.

First, if there is more liquid on your iPhone, gently press it on your palm with the connector side down. Your iPhone should be left somewhere dry and open to the air. Second, try attaching an accessory or using a Lightning or USB-C connection to charge after at least thirty minutes.

Third, liquid may still be present in the connection or beneath the cable’s pins if you notice the warning once more. For up to a day, keep your iPhone somewhere dry and open to air circulation. For the duration of this time, you can attempt charging or connecting an item once again. The entire drying process might take up to 24 hours. Finally, connect the adapter and cable back together once they have dried out if your phone is still not charging. If this isn’t feasible, disconnect the adapter from the wall as well as the cord.

What you should prevent

Apple also asks users to avoid using pressurized air or an external heat source to dry their iPhones. Moreover, avoid sticking an unfamiliar object, such as a paper towel or cotton swab, into the connection. In conclusion, even while placing your damp iPhone in a bag of rice can seem like a quick repair, it’s advisable to heed Apple’s advice to prevent further harm to the device.


[ad_2]
Source link

Ivanti Patched Another Vulnerability While The Former Went Under Attack

0
[ad_1]

While the patches have been released, Ivanti users must rush to update their systems with the latest versions to avoid trouble. That’s because Ivanti addressed another serious vulnerability in Connect Secure VPN while the previously fixed issues went under attack.

Ivanti Vulnerability Fiasco Continues

Recently, Ivanti addressed another serious vulnerability affecting its Connect Secure, Policy Secure, and ZTA gateways.

According to its advisory, the firm detected the vulnerability while performing internal code testing, though, it seemingly caught the attention of another researcher with the alias “watchTowr” as well, who responsibly disclosed the flaw to Ivanti. Specifically, this vulnerability, CVE-2024-22024 (CVSS 8.3), affected the XML external entity (XXE) in the SAML component, allowing the attacker to access restricted resources without authentication.

Ivanti patched this vulnerability with the following product versions, assuring no active exploitation detections for the flaw.

  • Ivanti Connect Secure versions 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3 and 22.6R2.2). The patch is also available for versions 9.1R15.3, 9.1R16.3, 22.1R6.1, 22.2R4.1, 22.3R1.1, and 22.4R1.1.
  • Ivanti Policy Secure versions 9.1R17.3, 9.1R18.4 and 22.5R1.2, as well as 9.1R16.3, 22.4R1.1 and 22.6R1.1.
  • ZTA gateways versions 22.5R1.6, 22.6R1.5 and 22.6R1.7.

Shortly after this vulnerability fix, researchers detected active exploitation of another vulnerability Ivanti patched recently. According to the post from Orange Cyberdefense, they found the vulnerability CVE-2024-21893 under attack soon after the PoC release.

They observed the attacks (with limited targets) going on to deploy a new backdoor. Identified as ‘DSLog’ backdoor, the malware is inserted into the Perl file called ‘DSLog.pm,’ maliciously modifying the logging module. This allows the malware to evade detection while ensuring persistent access for the attacker. Details about this malicious campaign are available in the researchers’ post.

The researchers initially detected 670+ compromised assets in early scans, observing a slight drop in this number in the following days. Given that the threat continues to exist, the researchers urge all users to ensure updating their devices with the latest firmware releases. Moreover, they also advise users to factory reset their devices before applying the fix.

Let us know your thoughts in the comments.


[ad_2]
Source link

Raccoon Infostealer operator extradited to the United States

0
[ad_1]

A Ukrainian national, Mark Sokolovsky, has been indicted for crimes related to fraud, money laundering and aggravated identity theft and extradited to the United States from the Netherlands, the US Attorney’s Office of the Western District of Texas has announced.

In March 2022, around the same time of Sokolovsky’s arrest by Dutch authorities, the FBI and law enforcement partners in Italy and the Netherlands dismantled the digital infrastructure supporting the Raccoon Infostealer, taking its then existing version offline.

On September 13, 2022, the Amsterdam District Court ordered Sokolovsky’s extradition to Texas, where many of his victims were located. After the Sokolovsky’s appeal was dismissed in June of 2023, the extradition could take place.

Sokolovsky is suspected of operating the Raccoon Infostealer as a malware-as-a-service (MaaS). This means criminals intent on stealing information could “hire” the malware and the infrastructure to steal data from victim computers.

For this reason Sokolovsky is charged with one count of conspiracy to commit fraud and related activity in connection with computers; one count of conspiracy to commit wire fraud; one count of conspiracy to commit money laundering; and one count of aggravated identity theft. He made his initial court appearance February 9, and is being held in custody pending trial. If convicted, he will be sentenced to a maximum of 20 years for wire fraud and money laundering, five years for computer fraud charges, and a mandatory two-year term for identity theft offenses.

The Raccoon Infostealer operation is a tightly-run ship, to the extent that customers have digital signatures tied to their executables. If files end up on malware scanning services, the malware authors know exactly where the leak originated.

Raccoon’s two most popular delivery methods are phishing campaigns (the tried and tested malicious Word document/Macro combination) and exploit kits. Once data is located on the target system, it is eventually placed into a .zip file and sent to the malware Command and Control (C&C) server.

The main targets of the stealer are credit card data, autofill entries, browser passwords, and cryptocurrency wallets.

The FBI identified at least 50 million unique credentials stolen by Raccoon Infostealer from victims worldwide. Because of this, the agency has created a dedicated website, raccoon.ic3.gov, where potential victims can check if their data has been stolen. All they need to do is to enter their email address. Note, however, that the website only contains data for US-based victims. 

The FBI also encourages potential victims to fill out a detailed complaint and share the harm the malware caused them at the FBI’s Crime Complaint Center (IC3).

If you want to find out how much of your own data is exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.


[ad_2]
Source link