Reportedly, criminal hackers exploited an unsecured Authy (an MFA app) API to verify phone numbers falsely. This activity makes the phone numbers of millions of users vulnerable to cyber threats.
Unsecured Authy API Exploited In Recent Attacks
Twilio, the parent firm behind the popular MFA app Authy, recently disclosed a security incident affecting its app. As explained in its security update, Twilio detected malicious abuse of the app to falsely verify millions of phone numbers.
Specifically, the yet-unknown hackers abused an unsecured Authy API endpoint to obtain users’ data related to Authy, including their phone numbers. Twilio explains that hackers may use this data to target users with malicious activities like SMS phishing and SIM swapping attacks.
While the hackers accessed users’ data, Twilio confirmed having no impact on the Authy app’s structure. Nor is there any infiltration with Authy accounts. Instead, the breach happened merely because of the unsecured endpoint that allowed unauthenticated requests.
Nonetheless, upon detecting this issue, Twilio protected the exposed API and addressed the issue. Consequently, it asks all users to update their Authy apps with the latest versions. The firm has released the update with Authy Android v25.1.0 and iOS App v26.1.0, available on the Google Play Store and Apple App Store, respectively.
Besides, the firm also asked users who may be having trouble accessing their Authy accounts to contact Twilio support for assistance.
While Twilio didn’t mention anything about the attackers’ identity, according to Bleeping Computer, the notorious ShinyHunters hacker group dumped a CSV text file of 33 million phone numbers on a dark web forum in June 2024. The poster claimed these numbers to have been registered with Authy. Bleeping Computer elaborated that the attackers fed a list of phone numbers to the unsecured Authy API endpoint to gather information about the accounts linked to the registered numbers.
Urban Armor Gear, aka UAG, has launched its collection of rugged protective cases for Samsung‘s new foldables, the Galaxy Z Fold 6 and Galaxy Z Flip 6. The company’s lineup includes two covers for the Flip and three for the Fold, all with military-grade drop protection. There is also a glass screen protector for both foldables. The accessories are already available to purchase from its website and select offline retailers.
UAG unveils tough protective cases for Samsung’s Galaxy Z Fold 6 and Flip 6
Last year, UAG introduced an all-new Plyo Pro series of cases for Samsung’s Galaxy Z Fold 5 and Flip 5. The cases featured a clear/translucent design and a built-in magnet module. The company has retained the lineup this year for the Galaxy Z Fold 6 and Flip 6, with the Fold getting a new “Mallard” blue color option. UAG says the Plyo Pro series features “a combination of air-soft corner protection and an impact-resistant soft core design.”
Alongside the Mallard blue/Ice colorway, the Galaxy Z Fold 6‘s Plyo Pro case comes in Ice/Silver and Ash/Space Grey options. The Flip 6’s cover, meanwhile, is only available in an Ice/Silver color. Maybe UAG plans to add more colorways for the clamshell foldable later. While the Fold’s cover is already on sale, the company is currently taking pre-orders for the Flip. It plans to start shipping on July 24. Both cases cost $69.95.
UAG also has a standard Plyo series case for the new Samsung foldables. Priced at $59.95, it is a lightweight cover featuring a TPU shock-absorbing frame, impact-resistant soft core, and air-soft corners for cushioning impact. The company also claims a “maximum device functionality” thanks to an open hinge design. It comes in a single colorway dubbed Ice. Like the Plyo Pro, the Fold’s Plyo cover is on sale, while the Flip’s cover is still in pre-order.
Additionally, UAG has made a $59.95 Civilian series case for the Galaxy Z Fold 6. It is available in Black, Olive, and Mallard blue colors. This rugged case features a hinged, one-piece composite construction with an impact-resistant soft core and impact-resistant bumpers. The company added more protective measures with a raised screen border and spine protection, covering the entire phone in both open and closed positions.
UAG also made a screen protector for the Samsung foldables
UAG’s updated accessory lineup for the Galaxy Z Fold 6 and Galaxy Z Flip 6 also includes a double-strengthened tempered glass screen protector. Available for the cover display, it is drop-resistant up to 6 ft (1.8 meters). Thanks to an oleophobic coating, the glass panel repels natural skin oils, limiting fingerprints and smudges. The company has priced it at $24.95 for the Flip and $29.95 for the Fold. The screen protector is on sale through UAG’s website.
Last month, Microsoft quietly removed the official instructions for switching to a local account on Windows 11 devices. The company is pushing hard to get its users to sign into its Windows machines with a Microsoft account. However, Microsoft has now reinstated Windows 11’s official guide to switch to a local account. Besides, the company has also added a new set of instructions for creating a password reset disk for local accounts.
Microsoft has reinstated local accounts on Windows 11
According to Tom’s Hardware, Microsoft silently removed the guide to opt for a local account sign-in for Windows 11 on June 17. Before that date, these instructions were earlier listed below the guide to “Change from a local account to a Microsoft account”. Now, the tab for “Change from a Microsoft account to a local account” is back in the same place.
If you want to switch to a local account from a Microsoft account on Windows 11, first go to the Settings app. Then, head to the Accounts tab in the left navigation pane and click on the Your info section on the right. Here, select the “Sign in with a local account instead” option to proceed further. Then, type your username, password, and the password hint. Finally, click on “Next” and select “Sign out and finish”.
Microsoft already removed the bypass that allowed setting up a Windows 11 PC locally
This is not the first time Microsoft has made it difficult for users to switch to a local account. Last month, Microsoft removed a simple bypass, which allowed users to set up Windows 11 by typing a blocked email address. When a user typed a “bad” email address during the installation process, Windows 11 offered the local account option, instead.
Earlier, you could simply bypass this sign-in requirement by selecting “Offline Account” or “Sign in with a local account instead” options. However, the Redmond-based tech giant already removed these options in recent years. That said, it’s good that Microsoft has at least brought back the official guide to switch to a local account via the Settings app.
As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has emerged, targeting fans and attendees.
Cybersecurity firm QuoIntelligence has uncovered a sophisticated fraudulent campaign involving over 700 fake domains designed to sell counterfeit tickets for the Olympics and other major events.
This article delves into the details of this alarming discovery, its implications, and the ongoing efforts to combat such cyber threats.
Internal telemetries with mentions to the Olympics.
The Rise of Fake Domains
In December 2023, QuoIntelligence noticed a surge in online discussions about the upcoming Olympics, both on the surface web and in underground forums.
This prompted the firm to initiate an investigation, which led to the identification of multiple domains impersonating the official Olympic ticketing website.
Through detailed analysis, QuoIntelligence uncovered a broader network of 708 fraudulent domains, active since 2022, with activities intensifying throughout 2023 and continuing into 2024.
Target Audience: The campaign primarily targets Russian-speaking individuals and extends to English-speaking and Chinese-speaking users.
Scope of Fraud: The fraudulent ticket sales are not limited to the Olympics but also include other major events like UEFA EURO 2024 and various music festivals.
Financial and Reputational Impact: The campaign poses significant financial risks to individuals and event organizers, leading to potential losses and reputational damage.
High-Quality Fake Websites
The fraudulent websites, such as ticket-paris24[.]com, were meticulously crafted to resemble legitimate ticketing platforms.These sites allowed users to select events, choose seats, and even book accommodation in Paris.
Despite minor spelling and grammar errors, likely due to direct translations from Russian to English, the user experience was comparable to high-end legitimate sites.
Fake Ticketing Website
Payment System Analysis
QuoIntelligence’s analysis revealed that the fraudulent websites used Stripe as their payment system. Interestingly, the attackers did not aim to steal credit card information but rather to approve transactions only if the victim had sufficient funds.
This approach ensured that the attackers could maximize their financial gains without raising immediate suspicion.
Tickets available to be purchased on ticket-paris24[.]org
The investigation identified a consistent pattern in the domain and subdomain structures of the detected sites. Common subdomains included terms like “jswidget,” “widget-frame,” and “widget-api.”
By analyzing these patterns, QuoIntelligence mapped out the network of 708 domains, revealing a sophisticated and well-coordinated campaign.
Redirection to Stripe’s payment page
Geopolitical Tensions
The Paris 2024 Olympics are set against a backdrop of significant geopolitical tensions, including the war in Ukraine and the Israeli-Palestinian conflict.
The International Olympic Committee’s decision to ban Russian and Belarusian athletes from participating under their national flags has further heightened diplomatic tensions.
This geopolitical landscape increases the likelihood of state-sponsored and hacktivist attacks targeting the Olympics.
The fraudulent campaign’s impact extends beyond financial losses. It erodes public trust in major events, potentially decreasing attendance and participation.
Event organizers and official ticket vendors face reputational damage, which can diminish consumer confidence in their services and reduce legitimate ticket sales.
Proactive Measures
To combat such threats, continuous monitoring and proactive measures are essential. QuoIntelligence’s investigation highlights the importance of gathering and profiling emerging threats and trends.
By staying ahead of cybercriminals, the cybersecurity community can develop effective defensive strategies.
Sharing this information helps other organizations and cybersecurity professionals detect and dismantle similar fraudulent networks.
The discovery of over 700 fake domains selling counterfeit Olympic tickets underscores the persistent and evolving nature of cyber threats. As major events like the Olympics attract global attention, they also become prime targets for cybercriminals.
Continuous vigilance, proactive measures, and collaboration within the cybersecurity community are crucial to safeguarding the integrity of such events and protecting individuals from falling victim to these sophisticated scams.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
Amazon has a pretty awesome deal for the Galaxy Watch 7 right now, it’s priced at $299 to start. Which is the regular price, but Amazon is also tossing in a free band, and a 3-month free trial to Amazon Music Unlimited. Obviously, not the absolute best deal you’ll find on the Galaxy Watch 7. However, if you are not looking to buy a new phone, then this is the best deal available right now.
The bad news? This deal seems to only be available for the 40mm Galaxy Watch 7, and not the 44mm model, nor the Galaxy Watch Ultra.
The Galaxy Watch 7 is a pretty nice upgrade over the Galaxy Watch 6. It still does not sport the rotating bezel, which appears to be exclusive to the “Classic” model that is being released every other year (at this point).
This smartwatch does include the new BioActive Sensor that Samsung announced earlier this week, and is able to introduce some new health features, including the ability to identify sleep apnea. It can also give you a body score, indicating whether you are ready for the day or not. This is similar to what Garmin and Whoop have already offered.
Of course, this is a Wear OS smartwatch, in fact Samsung says that this and the Galaxy Watch Ultra are the first smartwatches to run on Wear OS 5. Galaxy AI is also baked in here, which also works with some of the health features that it has. Giving you a pretty good idea of your health.
It’s a great smartwatch to pick up, and if you’ve been looking to grab one, now is the time. Since you do get that extra, fabric band, for free.
Samsung‘s Galaxy AI will be available on more than 200 million Galaxy devices by the end of 2024. TM Roh, the company’s head of mobile division, announced the number during Wednesday’s Galaxy Unpacked. The big launch event in Paris, France brought the Galaxy Z Fold 6, Galaxy Z Flip 6, Galaxy Watch 7, Galaxy Watch Ultra, Galaxy Buds 3, Galaxy Buds 3 Pro, and Galaxy Ring.
Samsung aims to bring Galaxy AI to 200 million devices this year
Galaxy AI is a suite of on-device and cloud-based AI features for Galaxy devices. Samsung introduced the AI suite with the Galaxy S24 series in January. Since then, the company has pushed the new AI features to dozens of other supported models. All S series flagships, including Fan Edition (FE) models and tablets, and foldables launched in 2021 and beyond received at least one Galaxy AI feature.
During the Galaxy S24 launch, TM Roh said Samsung plans to bring Galaxy AI to 100 million Galaxy devices this year. Since the company has already updated all eligible older models, it may have achieved the target. It now aims to double the number over the next six months. The Korean firm might be counting the estimated sales figures of the new devices it launched yesterday.
The new foldables, watches, and wireless earbuds arrive with an updated version of Galaxy AI with more features. The Galaxy Watch 7, Galaxy Watch Ultra, and Galaxy Buds 3 series are the first Samsung wearables to support Galaxy AI. The company seemingly hopes to sell at least 100 million units of these devices and the Galaxy Z Fold 6 and Flip 6 combined this year, bringing AI to 200 million devices.
The new AI features will roll out to older models
Samsung’s updated Galaxy AI contains several new AI features. Some of those are developed with S Pen in mind, making them particularly useful on Fold-series foldables, tablets, and Ultra flagships. Other features are compatible with a broader range of Galaxy devices. The company will roll out supported new features to order models, including the Galaxy S24 series and 2023 foldables.
For foldables and tablets, the new AI features will arrive with the One UI 6.1.1 update. For S series flagship phones, Samsung will roll out a new One UI 6.1 update. The Galaxy S24 series is also expected to pick up some camera improvements with the upcoming update. The rollout may begin later this month or early August. We will let you know when Samsung starts pushing the update.
Scammers are leveraging deepfake technology to create convincing health and celebrity-endorsed ads on social media, targeting millions globally. Learn how to spot and avoid these deceitful scams, which have already cost millions in losses.
Social media has always been a hotspot for scam advertisements. Still, recently, cybercriminals have been creating especially deceitful ads using deepfake technology and the allure of celebrity endorsements to exploit unsuspecting individuals.
A recent investigation by Bitdefender Labs highlights a surge in health-related scam ads on major social media platforms like Facebook, Messenger, and Instagram. These scams commonly use AI-generated deepfake videos and images to market miracle cures and supplements. Over three months, researchers identified more than 1,000 deepfake videos and 40 fraudulent supplement ads targeting millions globally, from North America to Australia.
Scammers exploit the credibility of well-known figures to enhance their deceit. Notable personalities, including Brad Pitt, Cristiano Ronaldo, and Dr. Ben Carson, have had their likenesses misused to promote bogus health products. These ads often promise quick and miraculous cures for chronic conditions, preying on individuals’ desperation for effective treatments.
Deepfake technology has revolutionised the reach and effectiveness of these scams. Scammers significantly increase their credibility by creating highly convincing yet entirely fabricated endorsements from celebrities and medical professionals. This technological advancement enables fraudsters to tailor messages to specific demographics, making it more likely for individuals to engage with the content.
The sophistication of these deepfakes varies, with some being easily identifiable while others are nearly indistinguishable from genuine videos. This technological edge allows scammers to propagate their deceitful messages more effectively, posing a significant challenge for both individuals and platforms to mitigate these threats.
A fake CNN webpage is promoting a phony tinnitus cure (Screenshot: Bitdefender)
Screenshot: Bitdefender
A Deepfake ad featuring Dr. Heinz Lüscher, a world renowned physician
Fake reviews on an AI generated ad (Screenshot: Bitdefender)
Martin Lewis, founder of MoneySavingExpert.com, has emerged as the most commonly misused celebrity in scam advertisements. Quite ironic since he does not endorse products in advertisements and any advertisement involving him is likely to be a scam.
According to Action Fraud data analysed by MoneySavingExpert, over 20 million pounds have been lost to scams featuring Lewis’s image in the past two years. Other high-profile figures like Taylor Swift, Elon Musk, and King Charles are also frequently impersonated in scam ads.
Lewis, who has repeatedly warned against these scams, emphasises the need for robust measures from tech companies and banks to combat this growing threat. “The new Government has promised to ensure that tech companies have a clear obligation, and a clear financial incentive, to work with banks to prevent scams, identify fraudulent transactions and support victims,” he said.
To protect against these pervasive scams, individuals should not be cautious about the content they engage with on social media but rather make it a habit to be extremely cynical regarding any link or advertisement. Key indicators of fraudulent ads are promises of miraculous cures, aggressive sales tactics, and endorsements from celebrities or medical professionals. Ads urging immediate action due to limited stock or time-sensitive discounts are also red flags.
Consumers are advised to research supplement companies and products thoroughly before making any purchases. Consulting with healthcare providers before taking any new supplements is crucial. Additionally, using security solutions with anti-phishing and anti-fraud features can help fend off malicious ads and websites.
Heads up, Microsoft users! It’s time to update your devices with the latest security updates, as Microsoft rolled out its Patch Tuesday update bundle for July 2024. This month’s update is huge, as it addressed 142 vulnerabilities across different products. Moreover, it also fixed some zero-day flaws, highlighting the significance of prompt device updates.
Four Zero-Day Flaws Fixed With Microsoft Patch Tuesday July 2024
The most significant security fixes with this month’s updates address four zero-day vulnerabilities. These include,
CVE-2024-35264 (CVSS 8.1): An important severity remote code execution flaw affecting .NET and Visual Studio. While this vulnerability escaped active exploitation, it became publicly known before the patch arrived. An attacker could exploit the flaw by winning a race condition, resulting in RCE.
CVE-2024-38080 (CVSS 7.8): This is another important vulnerability of high severity publicly disclosed before the patch. Microsoft described it as a privilege escalation vulnerability with Windows Hyper-V, allowing the adversary to gain SYSTEM privileges.
CVE-2024-38112 (CVSS 7.5): An important severity spoofing vulnerability affecting Windows MSHTML Platform. Microsoft confirmed detecting active exploitation of the flaw sans public disclosure and before a security patch. Exploiting the flaw requires an attacker to send a maliciously crafted file to the victim.
CVE-2024-37985 (CVSS 5.9): Identified as “FetchBench” side-channel attack, this vulnerability typically impacts ARM chips, allowing an adversary to steal data. While this flaw does not affect any Microsoft component, the firm still released its security fix with this update to ensure patching any vulnerable ARM-based systems with its users.
Other Important Patch Tuesday Fixes
Alongside these four zero-day flaws, Microsoft addressed 5 critical severity remote code execution vulnerabilities impacting Microsoft SharePoint Server (CVE-2024-38023; CVSS 7.2), Windows Imaging Component (CVE-2024-38060; CVSS 8.8), and Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077; CVSS 9.8).
Besides, the update bundle addressed 129 moderate-severity security vulnerabilities and a single low-severity issue affecting Microsoft Outlook (CVE-2024-38020). The important severity vulnerabilities could include 17 denial of service vulnerabilities, 23 privilege escalation issues, 8 information disclosure vulnerabilities, 53 remote code execution flaws, 24 security feature bypass issues, and 4 spoofing vulnerabilities.
Smartphone accessory maker Latercase has unveiled its offerings for the Galaxy Z Fold 6 and Galaxy Z Flip 6, the two new foldables Samsung announced at Unpacked in Paris on Wednesday. The firm launched protective cases for the duo and a tempered glass screen protector for the Flip.
Latercase unveils its Galaxy Z Fold 6 & Flip 6 cases
Latercase’s protective covers for the Galaxy Z Fold 6 and Galaxy Z Flip 6 feature a patterned design with a durable matte finish that, in the company’s words, is “addictive to touch”. The cases are incredibly thin measuring just 0.6mm, ensuring that the phones don’t feel bulky in hand. They are lightweight too—Fold’s case weighs 16 grams while Flip’s case weighs 11 grams.
According to Latercase, these covers are made with premium aramid fibers for a smooth feel. “They’re hand-laid by skilled craftsmen” and then “laser-cut to perfection” for a precise fit, the company claims. This makes the cases easy to put on and take off. The cases also come with a strong grip without a sticky feel. They support wireless charging and boast complete camera protection.
Latercase has priced its Galaxy Z Fold 6 protective case at $65 and Flip 6 case at $55. The covers are available in Classic (black/grey), Coffee, Crimson, Willy Blue, and Midnight (black) colorways. They are eligible for the firm’s Bundle and Save program which offers special discounts if you purchase more items. Supported bundle products include a magnetic ring and microfibre cloth.
Alongside the protective covers, Latercase offers a tempered glass screen protector for the Galaxy Z Flip 6. It’s a 0.45mm thin glass sheet with an oleophobic coating, world-class scratch resistance, and shatterproof impact defense. Each pack contains two sheets of this protective glass for the Flip 6’s cover display, aka Flex Window. The package costs $25.
These accessories are currently available for pre-order
Unlike some other vendors, Latercase isn’t yet ready to sell its Galaxy Z Fold 6 and Galaxy Z Flip 6 protective accessories. The company is currently taking pre-orders for both cases and the screen protector. It expects to start shipping the products in early August. The firm hasn’t specified a date, though.
Samsung has also opened pre-orders for the new foldables. The duo will go on sale on July 24. Early buyers may receive their units next week. If you plan to buy the Galaxy Z Fold 6 or Galaxy Z Flip 6, you might want to check out these pre-order offers for Fold and Flip. Stay tuned for our detailed review.
Now that Samsung has officially unveiled the Galaxy Z Fold 6 and Galaxy Z Flip 6, third-party accessory makers are rushing to launch their offerings for the new foldables. After Caseology, UAG, and a few others, OtterBox is here with its collection of protective cases for the duo. The two foldables are now available for pre-order.
OtterBox launches protective cases for the Galaxy Z Fold 6 and Flip 6
OtterBox’s case lineup for the new Samsung foldables includes the Thin Flex Series in four colors and Defender Series XT in three colors. As the name implies, the former is an ultra-slim case tailored to foldable phones. Since foldables are already quite bulky, this cover adds extra protection without making the devices bulkier.
The Thin Flex Series cases for the Galaxy Z Fold 6 and Galaxy Z Flip 6 have a tough body with soft grip edges. OtterBox has added extra layering around the edges for a secure fit and tougher protection against everyday drops and bumps. The cases also have raised edges to protect the camera and screen and support wireless charging.
The company claims it used 50% recycled plastic to make each Thin Flex Series case for the foldable duo. Priced at $59.95, the cover is available in Black, Clear, and Ballet Shoes (Pink) colorways for the Galaxy Z Fold 6. The Flip 6’s case comes in Black, Color, Denver Dusk Purple, and Berry Bliss (Pink) shades and costs $49.95. Only the Black variant is on sale currently, though. OtterBox says the remaining color options will be available soon.
Otterbox also has a rugged option
If you want something more robust and rugged, OtterBox has the Defender Series XT cases for both Samsung foldables. These cases feature a rugged hinge cover and port covers to guard vulnerable areas against dust and dirt. The firm claims grippy edges for a confident handhold, while a built-in lanyard attachment provides versatility. The hinge also provides a grip space when the device is in an unfolded state, while you get an optional holster too.
Despite a rugged build, OtterBox’s Defender Series XT cases for the Galaxy Z Fold 6 and Galaxy Z Flip 6 support wireless and reverse-wireless charging. For the Fold, the cases are available in Black and Baby Blue Jeans (Blue) colors, priced at $89.95. The Flip’s cases come in Black, Denver Dusk Purple, and Red Clay (Red) colorways and cost $79.95. All of these cases are now on sale via OtterBox’s website. The firm offers a 10% discount on when you purchase a screen protector.
![Tickets available to be purchased on ticket-paris24[.]org](https://gbhackers.com/wp-content/uploads/2024/07/image-16.png)
