Remote Monitoring & Management software used in phishing attacks

0
[ad_1]

Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive data.

The modus operandi of these threat actors involves deceiving employees through sophisticated scams and deceptive online advertisements. Unsuspecting employees, misled by these tactics, may inadvertently invite these criminals into their systems. By convincing employees to download and run these seemingly benign RMM applications under the guise of fixing non-existent issues, these fraudsters gain unfettered access to the company’s network.

In this post, we explore a particular phishing scam targeting corporate users via the AnyDesk remote software and how ThreatDown can prevent the misuse of such programs by cybercriminals.

Phishing site hosts remote software

We believe victims are first targeted and then contacted via phishing emails or text messages (smishing) based on their position in the company.

Attackers could trick them by sending them to a typical phishing page or making them download malware, all of which are good options. However, they are instead playing the long game where they can interact with their victims.

Users are directed to newly registered websites that mimic their financial institution. In order to get support, they need to download remote desktop software disguised as a ‘live chat application’.

uk-barclaysliveteam[.]com/corp/AnyDesk.exe
uk-barclaysliveteam[.]com/corp/anydesk.dmg

It’s interesting to note that the downloaded software is not malware. For example, in this instance they are using a legitimate (although outdated) AnyDesk executable which would not be detected as malicious by security products.

Running the program will show a code that you can give to the person trying to assist you. This can allow an attacker to gain control of the machine and perform actions that look like they came directly from the user.

Threat actors have registered phishing domains for different financial institutions, following the same style of the ‘Live chat on Windows’. It’s unclear whether it is all the same group or whether several criminal gangs are operating this scam. However, most of these domains are hosted on AS200593 which has a number of ‘traditional’ phishing sites.

Certain banking sites try to detect if a customer is currently running a remote program, before allowing them to login. However, not all banks have this feature and there are certain cases where threat actors can evade such detection.

There are a number of RMM tools on the market which scammers and criminals will leverage. Ironically, the more popular and simple ones also tend to be the most abused.

AnyDesk recently got in the news for a security breach that allowed the attackers to compromise their production systems. The vendor has since revoked its code signing certificates and is urging customers to update their software.

RMM vendors are aware of the illicit use of their software and regularly remind users about common safety tips. AnyDesk also partnered with fraud fighters such as ScammerPayback to shut down call centers.

Free with every ThreatDown Bundle, Application Block can easily protect organizations against the rising trend of legitimate RMM tools being exploited. Organizations can block RMM tools via Application Block by:

  • Navigating to the ‘Monitor’ section within their Nebula console.
  • Selecting ‘Application Block’
  • Enabling the ‘Block RMM’ toggle switch provided by ThreatDown or customizing the list to fit their specific needs.

Saving the configuration to immediately block these RMM tools network-wide.

Adopt a robust defense stance by blocking all unnecessary applications, and for those you must use, the EDR/MDR layers of our ThreatDown Bundles will provide an additional safety net in the event of an infection.

Indicators of Compromise

Phishing domains

uk-barclaysliveteam[.]com
barclaysbusinesslivechat[.]com
boi-bb-onlineservice[.]com
santanderbusiness-helpcentre[.]com

Try ThreatDown bundles today

For IT teams plagued by the triad of complex deployment, scattered tooling, and excessive alert noise, ThreatDown bundles emerge as a superior solution that caters to the needs of today’s security teams.

Discover the difference with ThreatDown Bundles and elevate your organization’s defense against cyber threats. Get in touch for a free trial and experience the benefits of a simplified, yet robust, security framework.

Experience ThreatDown Bundles


[ad_2]
Source link

Galaxy Z Fold 6 could feature a 200MP camera, 4,400mAh battery

0
[ad_1]

Samsung might equip the Galaxy Z Fold 6 with its best smartphone camera yet. According to a well-known industry insider, the company plans to ship the new foldable with the same camera sensor as the Galaxy S24 Ultra. The source isn’t specific, but they may be talking about the 200MP primary shooter. If true, it would be a massive upgrade from the 50MP unit found on the Fold 5.

Samsung plans to equip the Galaxy Z Fold 6 with a 200MP camera

Samsung’s Galaxy Z Fold 5 and Fold 4 feature a 50MP primary camera at the back, upgraded from a 12MP unit on the Fold 3. It is the same sensor found on the smaller two models of the Galaxy S22, Galaxy S23, and Galaxy S24 lineups (Ultra models have a 108MP/200MP camera). The sensor would have almost turned three years old by the time the Galaxy Z Fold 6 hits the market. It wouldn’t be unfair to call it an outdated camera.

However, a few months back, a couple of noted tipsters claimed that the next-gen Fold won’t get a camera upgrade. Samsung was said to be focused on making the device thinner and wider, something users have been demanding lately. If there was enough space, the company would rather increase the battery capacity from 4,400mAh instead of equipping the device with a bigger camera.

It appears the company has changed its mind or is at least mulling to do things differently. According to X tipster Revegnus, one of the two people who made the previous claim, Samsung is now considering equipping the Galaxy Z Fold 6 with the Galaxy S24 Ultra’s 200MP camera. Well, they didn’t specify the sensor but they are likely referring to the primary shooter. Or maybe the whole camera setup, we shall find out soon.

The battery capacity may remain unchanged

The tipster added that Samsung plans to upgrade the Galaxy Z Fold 6’s camera “instead of decreasing the battery capacity.” We believe they made a typo and meant to say, “instead of increasing the battery capacity.” The 200MP camera in question has an optical size of 1/1.3 inches. It is bigger than the Fold 5’s 50MP camera, which measures 1/1.56 inches. Samsung may not be able to squeeze in a bigger camera and battery.

If this information turns out to be accurate, the Galaxy Z Fold 6 will come with an industry-leading 200MP camera and a 4,400mAh battery. Coupled with a thinner build and wider design, which makes the cover display more like a regular smartphone than a tall screen, the new Fold is shaping up to be a fairly decent upgrade. We expect more leaks about it and the Galaxy Z Flip 6 in the coming months.


[ad_2]
Source link

OpenAI’s developing its own search engine

0
[ad_1]

Right now, Google is in a heated battle against OpenAI. ChatGPT is the AI chatbot to beat,  and Google has its hands full with that. However, it looks like Google is going to have competition on its home front. According to reports, OpenAI could be developing its own search engine.

Based on the reports, this is very early information. So, as always, you’ll want to take this news with the grain of salt. Information could change over time. Also, if the company is working on a search engine, there is always the possibility of it scrapping the project. So, we’re going to want to wait for more information to come out to be completely sure.

OpenAI could be working on its own search engine

Using ChatGPT to steal people away from Google Search is one thing, but developing its own search engine seems like a direct shot taken at Google. As we know, Google makes most of its money from Search. It sells ads throughout the Google Search engine, and this earns it tens of billions of dollars every year.

So, if OpenAI were to make its own search engine, it would be more than likely to steal users away from Google Search. However, we’re not quite sure how many users it’ll be able to steal.

Reports state that OpenAI will heavily use the Bing search engine. This makes sense, as OpenAI and Microsoft are so closely tied together. There’s no doubt that the OpenAI search engine, if it ever comes to fruition, will be powered by Bing.

At this moment, details are extremely scarce. Either OpenAI is holding this project very closely to the chest or it’s in extremely early development.

How will it fare against the giant?

The only question is if OpenAI could make its search engine an actual threat to Google. Google has been the top search engine for the longest time, and no other company has even come close to tapping its dominance. Microsoft Bing is struggling to break 10% of the search engine market. Meanwhile, Google is paying billions of dollars every year to be the default search engine on iPhones.

A newcomer out of the blue, regardless of whether it is powered by ChatGPT or not, stands very little chance of being ample competition. However, with such a landmark anti-competition case that Google has gone through, there’s no telling if things will be different for the company by the time OpenAI unveils its own search engine.


[ad_2]
Source link

Facebook Marketplace users’ stolen data offered for sale

0
[ad_1]

Personal data belonging to Facebook Marketplace users has been published online, according to BleepingComputer.

A cybercriminal was allegedly able to steal a partial database after hacking the systems of a Meta contractor.

The leak consists of around 200,000 records that contain names, phone numbers, email addresses, Facebook IDs, and Facebook profile information of the affected Facebook Marketplace users. BleepingComputer was able to verify the some of the data.

Marketplace was introduced by Facebook in 2016 and quickly became a popular platform to sell items to local buyers. It’s often preferred over other marketplaces because you can find or sell items locally that would be too expensive to ship, but you can easily pick up yourself.

Smaller businesses also use it as well to get their ecommerce side of the business started. Statistics say that every month, on average 40% of Facebook users are Marketplace users, and an estimated 485 million or 16% of active users log in to Facebook for the sole purpose of shopping on Facebook Marketplace.

Depending on the buyer of the leaked data, both the email addresses and the phone numbers could be used in phishing attacks. Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. The combination of email addresses and phone numbers could also be used in SIM swapping attacks.

SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involves tricking the target’s phone carrier into porting the phone number to a new SIM which is under the control of the attacker. Having control over or access to the victim’s email combined with the knowledge of the associated phone number makes a SIM swap relatively easy.

Protect yourself from a SIM card swap attack

  • Don’t reply to calls, emails, or text messages that request personal information. Should you get a request for your account or personal information, contact the company asking for it by using a phone number or website that you know is real.
  • Limit the personal information you share online.
  • Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
  • Use Multi-Factor Authentication (MFA), especially on accounts with sensitive personal or financial information. If you do use MFA, keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.

If you want to find out how much of your own data is exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.


[ad_2]
Source link

You can now buy the OnePlus 12R in North America & Europe

0
[ad_1]

The OnePlus 12R was announced last month. The phone arrived alongside the OnePlus 12 as a more affordable option. The OnePlus 12R went on sale in India last week, and is now available to buy in North America and Europe too, through the company’s official website, amongst various retailers.

The OnePlus 12R is now available to buy in both North America & Europe

The phone is now available in the US, Canada, and Europe. In the US and Canada, it comes in Cool Blue and Iron Gray colors and can be purchased in both 8GB and 16GB RAM options. Those two variants come with 128GB and 256GB of storage, respectively.

In Europe, you can only get a 16GB RAM variant of the phone, which also has 256GB of storage. Do note that only the Iron Gray model is available in the UK, while the rest of the countries offer the Cool Blue model too.

In the US, the two models are priced at $499.99 and $599.99. In Canada, you can buy 8GB and 16GB models for CAD$669.99 and CAD$799.99, respectively. The 16GB RAM model in Europe costs €699, while it’s priced at £649 in the UK. The purchase links are included below the article.

The device has an outstanding price tag in the US

The OnePlus 12R actually has an outstanding price point in the US. It offers a great package for $499.99. Those price tags don’t seem as appealing in Europe, but that’s not a bad price tag either, considering what you’re getting.

The OnePlus 12R is fueled by the Snapdragon 8 Gen 2 processor. The phone includes a 6.78-inch 2780 x 1264 LTPO4 AMOLED display. That panel gets immensely bright, it’s exactly the same display as the one in the OnePlus 12.

The phone has three cameras on the back, led by a 50-megapixel main shooter (Sony’s IMX890 sensor). An in-display fingerprint scanner is also included, as are stereo speakers.

The device has a large 5,500mAh battery, and it supports 100W (80W in the US) wired charging. We’ve already reviewed the device, and we were quite impressed, especially considering the price tag.

Buy the OnePlus 12R (OnePlus.com)

Buy the OnePlus 12R (Best Buy)

Buy the OnePlus 12R (Amazon)


[ad_2]
Source link

TikTok fight against fake news heats up ahead of EU elections

0
[ad_1]

As the European Parliament elections approach, misinformation and fake news campaigns continue to rise. To combat this issue, social media platform TikTok has announced a new initiative aimed at curbing misinformation, according to Reuters.

The platform announced on Wednesday that it will release a local language app for all EU members, consisting of 27 countries. The initiative, dubbed “election centers,” is a sequel to the app’s 2021 approach to battle misinformation amid elections in Greece, the Netherlands, Poland, Slovakia, and Spain.

“Next month, we will launch a local language Election Centre in-app for each of the 27 individual EU member states to ensure people can easily separate fact from fiction,” TikTok’s head of trust & safety EMEA Kevin Morgan said.

TikTok gears up to battle misinformation during the EU elections in June

TikTok’s local app aims to inform and educate EU voters about the electoral process. The ByteDance-owned platform has reportedly produced educational videos regarding voting. The content will be accessible via the election centers.

“Working with local electoral commissions and civil society organizations, these Election Centres will be a place where our community can find trusted and authoritative information,” Morgan said.

TikTok’s head of trust & safety also noted the app plans to expand its partnership with fact-checkers and launch nine additional media literacy campaigns this year to curb misinformation better. The platform now works with nine fact-checking organizations in Europe.

TikTok also plans to open a mission control space in its Dublin office. The division oversees the election-related content on the app from June 6 to June 9.

TikTok’s popularity is on the rise in every corner of the world. The app is now the fastest-growing social platform in the US. TikTok also currently hosts 134 million users from EU members monthly, and roughly 30% of European Parliament lawmakers use the app. The EU’s Digital Services Act (DSA) obligates every social platform with over 45 million monthly users to tackle misinformation, especially during elections.

Around 400 million EU voters should cast their ballots in June. Meanwhile, EU officials are deeply concerned about the impact of misinformation campaigns and election manipulation. EU Industry Commissioner Thierry Breton warned of “geopolitical instability” and “manipulation of citizens” amid the June elections in the bloc. He also warned about “foreign interference of all kinds,” that aims to target the elections.


[ad_2]
Source link

Nothing Phone (2a) price gets revealed ahead of launch

0
[ad_1]

The Nothing Phone (2a) price just got revealed, ahead of the phone’s launch. Various sources were guessing that the phone will cost around €400, but it may be even more affordable than that.

The Nothing Phone (2a) price gets revealed early

According to folks over at Dealabs, the Nothing Phone (2a) will cost €349 in Europe. That means that it will be €50 more affordable than the original Nothing Phone (1). The Nothing Phone (2) is priced at €679, by the way.

Do note that this is likely the price tag of an 8GB RAM model with 128GB of storage. A 12GB RAM model with 256GB of storage is also rumored, and that one is said to cost €399 in Europe. These price tags are based on info pulled from France, but it should be the same elsewhere too.

Nothing has already confirmed that the device will launch on March 5, Its name has also been confirmed, while we also know that it won’t launch in the US. Well, it won’t launch the normal way. It will, however, be a part of a limited ‘Developer Program’ that we don’t know much about just yet. That’s a shame, as the Nothing Phone (2) did arrive to the States.

This will be a rather capable mid-ranger, based on the leaked specifications

Now, the phone’s specifications did surface as well. The Nothing Phone (2a) is expected to ship with the MediaTek Dimensity 7200 Ultra processor. Both 8GB and 12GB RAM models will seemingly be available.

A 6.7-inch fullHD+ display is rumored, and it will have a 120Hz refresh rate. Android 14 will come pre-installed on the device, along with the company’s Nothing OS 2.5 Android skin.

45W wired charging is also tipped, and the same goes for a dual 50-megapixel camera setup on the back. Those will be wide and ultrawide shooters, it seems. A single 32-megapixel camera is said to be included on the front.

The phone is coming in about half a month, but chances are we’ll get more information at MWC 2024, as Nothing will be there.


[ad_2]
Source link

OpenAI seeks ways to pull the plug on Google and occupy its search engine throne

0
[ad_1]

Sergey Brin and Larry Page’s lovechild – that’s just another way of saying “Google!” – might be in danger. OpenAI is coming for its search engine throne, a new hot rumor has it.

That means in the future, one might be “OpenAI-ng it” instead of “Googling it”, as MSPowerUser states. The source is The Information, citing an anonymous insider which claims OpenAI is currently developing a web search product. The details remain unclear: will the search tool be integrated within the popular ChatGPT platform… or this could be some separate, standalone product.

Regardless, it’s clear that such a move is aimed directly at Google’s search engine hegemony. OpenAI has taken the “Shoot for the stars!” mantra quite literally and it will be very interesting to see what comes out of it.

If it’s real. So far, no confirmation comes from Sam Altman’s project.

Leaks and rumors about OpenAI could turn out to be true, as the company has resorted to hiring investigators to crack down leakers and to “mitigate potential insider threats”.

The undisclosed source declares that the OpenAI search engine tool might utilize Bing, Microsoft’s search platform, “for some of its functionality”. This aligns with Microsoft’s significant investments in OpenAI and its ongoing integration of GPT-based AI into products like Bing Chat and Copilot.

[ad_2]
Source link

Critical DNSSEC Flaw Attacker Bring DNS With Single DNS Packet

0
[ad_1]

A new flaw has been discovered in DNSSEC, which, when exploited by threat actors, could result in the unavailability of technologies such as web browsing, email, and instant messaging. This new class of attacks has been termed “KeyTrap” by researchers. 

Moreover, a threat actor could completely disable large parts of the worldwide internet. KeyTrap attacks affect not only DNS but also the applications using it. The “KeyTrap” class of attacks has been assigned with CVE-2023-50387, and the severity is yet to be categorized.  As of December 2023, 31.47% of the web clients used DNSSEC-validating DNS resolvers worldwide. 

Document
Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

Technical Analysis

This particular vulnerability exists due to the processing of responses from specially crafted DNSSEC-signed zones, which causes CPU exhaustion on a DNSSEC-validating resolver.

Successful exploitation of this vulnerability could significantly affect the resolver’s performance, disrupting the DNS resolution service.

As a workaround, DNSSEC validation can be disabled entirely, preventing this vulnerability. However, this was not a recommended resolution. Additionally, there is no evidence of active exploitation of this vulnerability by threat actors.

To fix this vulnerability, it is advised to upgrade to the following versions of BIND 9 and BIND Supported Preview Edition:

Nevertheless, researchers also stated that “The flaws are not recent,” describing an obsolete internet standard, RFC 2535, from 1999. Fast forwarding to 2012, there was another implementation flaw for DNSSEC validation in standards RFC 6781 and RFC 6840. 

Although this vulnerability has existed for the past 25 years, it went unnoticed by the community due to the complexity of the DNSSEC validation requirements. 

If this vulnerability had been exploited, it would not only result in the unavailability of DNS but also could have potential risks of disabling security mechanisms such as anti-spam defenses, Public Key Infrastructure (PKI), or even inter-domain routing security like RPKI (Resource Public Key Infrastructure).

Furthermore, a complete report about this vulnerability has been published by ATHENE researchers, which provides detailed information about the impact, attack types, vectors, and other information.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

New Xiaomi 14 Ultra images share even more details about the phone

0
[ad_1]

The Xiaomi 14 Ultra renders surfaced yesterday for the very first time. Those images basically revealed the phone’s design to the world. Well, new Xiaomi 14 Ultra images are now here, and they reveal even more details about the device.

New Xiaomi 14 Ultra images give us even more details about the upcoming flagship

Yesterday’s shots did show us the phone from all sides except for one… its front. Well, these images from MySmartPrice do change that. Two images have appeared, as you can see below this paragraph.

Xiaomi 14 Ultra front and back leak

They’re showing both the black and white colors of the Xiaomi 14 Ultra. Those are seemingly the only colors that are coming. They will both have a vegan leather backplate, based on what we’ve seen thus far. There are some rumors about glass models too, but we’re not sure about that.

The display will be flat, it seems

In any case, these images of the device do show us both the front and the back sides. Based on these images, the display won’t be curved as we thought it would. The panel itself seems to be flat, but the curve towards the sides is there. So basically the sides will be curved, but the display won’t, at least that’s what it looks like here

The Xiaomi 14 Ultra will follow in the Samsung Galaxy S24 Ultra‘s footsteps, kind of. Samsung’s flagship also switched to a flat display this year. Xiaomi seems to be going the same route.

The bezels around the display are very minimal, and they actually seem to be uniform, but we cannot confirm that just yet. All the physical buttons sit on the right-hand side, and the camera is centered at the top of the display.

The camera island does seem very similar to the one included in the Xiaomi 13 Ultra

The camera island on the back will look very similar to last year, in terms of the sensor arrangement on the inside. Four cameras will be present on the back, but the back side of the phone will be flat. On the Xiaomi 13 Ultra, the back side gradually rises in height towards the camera island. That’s not the case here, it seems.

The Xiaomi 14 Ultra will launch on February 25 for global markets. It will launch at MWC 2024 in Barcelona. There is some talk about a February 22 launch in China, but that event is not official yet.


[ad_2]
Source link