Authorities Seized Grandoreiro Banking Malware Infrastructure

0
[ad_1]

The Grandoreiro, a criminal organization that uses banking malware to commit electronic banking fraud against Spain, Mexico, Brazil, and Argentina, has been seized by authorities. It’s been operating since 2017.

Through fraudulent actions, the criminal group is believed to have moved at least 3.6 million euros since 2019.

The Spanish financial institution Caixa Bank claims that efforts at fraud with Brazilian banking malware were detected, potentially resulting in losses of 110 million euros. 

ESET and the Brazilian Federal Police have joined forces to attempt to take down the Grandoreiro botnet.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Overview of the Grandoreiro’s Operators

The Federal Police stated that based on evidence provided by Caixa Bank, which showed that the banking malware’s operators and programmers were located in Brazil, the investigations got underway. 

According to those conducting the investigation, the infrastructure for the Grandoreiro malware operations was hosted on cloud servers.

ESET researchers mention that the operators of Grandoreiro have misused cloud service providers like AWS and Azure to host their network infrastructure.

Through the use of command and control programs, victims’ computers might be accessed remotely, providing a means of cybertheft of valuables.

Emails with malicious messages (phishing) were used to infect victims’ devices by leading them to believe that the messages were official, such as court subpoenas, overdue invoice collections, or invoices, among other things.

Hence, the malicious file was downloaded by clicking on the link or opening the attachment, leaving the victim’s computer susceptible to malicious activity.

The funds were transferred to the accounts of criminal group members who had improperly “lent” their accounts to move illegal funds.

Generally, Grandoreiro malware allows blocking the screen of the victim, logging keystrokes, simulating mouse and keyboard activity, sharing the victim’s screen, and displaying fake pop-up windows.

“The DGA is the only way Grandoreiro knows how to report to a C&C server. Besides the current date, the domain generation algorithm (DGA) accepts static configuration as well – we have observed 105 such configurations as of this writing”, ESET said.

When researchers monitor the generated domains and the IP addresses linked to them, they find many domains generated by DGAs with various configurations resolve to the same IP address.

Schema of an IP overlap in two different Grandoreiro DGA configurations (Source: ESET)
Schema of an IP overlap in two different Grandoreiro DGA configurations (Source: ESET)

Nearly 41% of all victims are from Brazil, with Mexico coming in second with 30% and Spain with 28%. Less than 1 percent is made up of Argentina, Portugal, and Peru. 551 victims are connected on average each day.

The Disruption Operation

In the states of São Paulo, Santa Catarina, Pará, Goiás, and Mato Grosso, federal police officers executed 13 search and seizure orders in addition to five temporary arrest warrants.

Court decisions to seize and restrict assets and valuables are also being enforced to decapitalize the criminal enterprise and to recover assets.

The Federal Police of Brazil conducted a disruption operation that targeted individuals believed to be at the top of the Grandoreiro operation structure.


[ad_2]
Source link

Samsung keeps making Android’s notification management hard to access

0
[ad_1]

Samsung‘s One UI 6.1 update, introduced with the Galaxy S24 series, has brought several improvements to Samsung phones. However, the notification management in the latest One UI version is telling a different story. Since Android 8.0, you can specify an app to show or hide certain kinds of notifications which may prove very helpful in certain scenarios.

This feature, renamed as Notification categories (in OneUI) is now disabled by default. Unlike Google‘s approach (Notification channels) which is only one tap away from the notification shade, Samsung’s implementation is several taps away hidden inside the settings app.

Samsung renamed Notification channels as Notification categories and added a toddle that’s turned off by default

ZACHARY KEW-DENNISS from Android Police discovered the “Manage notification categories for each app” toggle hidden inside the settings, which is disabled by default. This change will likely be implemented in older supported Galaxy devices with the OneUI 6.1 update. If you are currently on OneUI 6.1, you can enable the notification categories by following some simple steps. Open Settings, scroll down, and open the Notifications menu. Then you can find the ‘Advanced Settings’ menu. At the bottom of this menu, turn on Manage notification categories for each app.

Going back to the “Notifications” section and then selecting “App notifications” you will be able to allow only specific notifications for an app that you care about without getting distracted by ones that you don’t. It’s still possible and quite simple to re-enable the feature that Android has offered for years. However, the intention behind making things relatively difficult is unclear.

Notably, OneUI 6.1 brings some other not-so-helpful outcomes. In the latest version, Samsung removed the ability to hide the gesture bar with the introduction of the Circle to Search feature. Additionally, the “Vivid” color profile in the Galaxy S24 series is reportedly “dulled down.” The AOD looks dimmer as compared to devices with older versions such as the Galaxy S22 or Galaxy S23 series. However, these small ‘imperfections’ will likely get fixed soon, if not implemented intentionally.


[ad_2]
Source link

Google could rename it to Gemini

0
[ad_1]

Since early last year, Google Bard has been the company’s flagship generative AI product. However, later in the year, the company unveiled Gemini. Since then, we’ve all wondered how Gemini and Bard were going to coexist. Well, it appears that they simply won’t. According to a new leak, Google might rename Bard to Gemini.

At this point, this isn’t 100% confirmed. So, at this point, we can’t say that Google is changing its name for sure. We’re going off of hints inside of the code and pre-release screenshots. So, you’ll want to take this news cautiously. Anything can change at this point.

Google might rename Bard to Gemini

Ever since Gemini came out, we all wondered what was going to happen to Bard. We wondered the same thing about Google Assistant when Bard came out. And, here we are with three powerful Google AI products. With such tight integration between the three- Google Assistant with Bard and Bard Advanced to name a few- there’s going to have to be some cannibalization going on.

While we can’t confirm this name change, this is something that the company has done before. Google sometimes launches several different similar products under different names and then subsequently streamlines them. So, random name changes should come as no surprise to Google fans.

Hints in the code

X User Bedros Pamboukian posted a thread showing a handful of hints pointing to Google renaming Bard to Gemini. Some of the screenshots show lines of code where Gemini is used instead of Bard. Other screenshots show actual images of products showing the name changes as well.

The first screenshot shows lines of text reading “New document created. Parts of your response may only be available in Gemini” along with other lines of code. The next screenshot shows some code where “Bard Advanced” is accompanied by “Gemini Advance”.

Moving down the line, we have a couple of screenshots showing actual front-end Google products where Gemini is used instead of Bard. We see a screenshot of the “Google Bard” extensions renamed to “Gemini extensions,” the Google Bard- homepage where you can type your prompts- with the text to Gemini, a text bubble saying “Learn how your conversation information is used and what Gemini shares with enabled Extensions by visiting the Gemini privacy help hub”, and a screenshot showing the Remove all links option with Bard changed to Gemini.

So, Bard may have just been a testing dummy

So, it appears that Google might be streamlining its AI affairs. It also appears that, throughout the year 2023, Google may have just been testing the waters. The company released Bard only to release an entirely new and more powerful AI system a few months later. Now, at the very beginning of 2024, not even a year after Bard launched, we’re getting hints that Google is renaming Bard.

We all knew that bringing Bard to the market was very much a hasty and nervous response to ChatGPT. So, Google quickly cobbled together something and presented it to the masses like a child who didn’t have anything prepared for Show-And-Tell. However, the company couldn’t sit around for the entire year while AI companies all moved on without it. The investors would rip it to shreds.

Now that some time has passed, Google is able to make some long-term plans and really create a unified AI experience. This, unfortunately, means that some sacrifices will need to be made. Again we don’t know if Google is going to follow through with this. We’ll just have to wait and see what the company does.


[ad_2]
Source link

Two Ivanti Zero-Day Vulnerabilities Demand Immediate Attention

0
[ad_1]

Ivanti has warned all Connect Secure and Policy Secure users to immediately update their systems with the latest versions as two new zero-day vulnerabilities receive patches. The firm admitted detecting active exploitation of one of these flaws.

Two New Ivanti Zero-Day Vulnerabilities Surfaced Online

According to a recent advisory, Ivanti Connect Secure and Policy Secure products exhibit two more vulnerabilities that the firm categorized as zero-day flaws.

These vulnerabilities differ from the two zero-days disclosed and patched in early January. The firm found these two security issues while investigating the previously disclosed flaws.

What makes these findings more important is the fact that Ivanti found one of these vulnerabilities actively exploited in the wild.

Specifically, the two newly discovered vulnerabilities include the following.

  • CVE-2024-21888 (CVSS 8.8): A privilege escalation vulnerability in Ivanti Connect Secure and Ivanti Policy Secure web component that allowed admin privileges to an attacker. Ivanti confirmed detecting active exploitation of this vulnerability.
  • CVE-2024-21893 (CVSS 8.2): A server-side request forgery (SSRF) in the SAML component of Ivanti Connect Secure and Ivanti Policy Secure, as well as Ivanti Neurons for ZTA. Exploiting the flaw could let an unauthenticated adversary gain access to restricted resources.

Ivanti patched these vulnerabilities with the release of Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1) and ZTA version 22.6R1.3.

Previously Disclosed Zero-Days Under Attack to Deploy Malware

While Ivanti patched the newly discovered vulnerabilities with the latest software releases, the menace of the two earlier-known flaws seemingly continues.

Specifically, the US CISA recently warned Ivanti users to stay wary of the previous two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, as they found active exploitation of these flaws to deploy malware. According to its advisory, the service caught mass exploitation attempts of these vulnerabilities from multiple threat actors.

Researchers have also found the active exploitation of these vulnerabilities to deploy a Rust-based malware, “KrustyLoader.”

Hence, it’s now crucial for all users to patch their devices immediately to avoid potential threats.

Let us know your thoughts in the comments.


[ad_2]
Source link

Ripple Co-Founder’s Personal XRP Wallet Breached in $112 Million Hack

0
[ad_1]

Ripple CEO Brad Garlinghouse has also confirmed that the XRP wallet belonging to Ripple’s co-founder, Chris Larsen, was indeed hacked emphasizing that this incident was isolated and did not constitute a breach of Ripple as a cryptocurrency asset.

Another day, another shock for the cryptocurrency industry. Unknown hackers have successfully managed to steal $112 million worth of XRP, Ripple’s native token, in a recent hacking incident.

As a result of speculations surrounding the hacking, Ripple’s XRP token fell over 4% to $0.50. However, reports suggest the funds were stolen from Ripple co-founder Chris Larsen’s personal wallet and not from cryptocurrency firm Ripple itself.

According to Ripple’s co-founder Chris Larsen’s post on X (Twitter), on Tuesday (30th January 2024) unauthorized access to some of his “personal XRP accounts (not Ripple)” occurred. He categorically denied attackers targeting any of Ripple network’s accounts.

Ripple CEO Brad Garlinghouse clarified that the incident was an individual security breach and should not be considered a Ripple security breach.

“Given some irresponsible speculation and reporting, I want to reiterate that NO Ripple-managed wallets were compromised. Full stop,” Garlinghouse noted.

Larsen confirmed that most affected funds were converted out of XRP and that nearly all funds were frozen. He has taken the law enforcement agencies on board to pursue the remaining funds aggressively.

Larsen posted this confirmation after crypto sleuth and blockchain analyst ZachXBT announced on X that Ripple was hacked for approximately 213 million XRP. ZachXBT, who broke the news first on social media, reported that stolen XRP funds have been laundered through various crypto exchanges and platforms, including MEXC, Gate, Binance, Kraken, OKX, HTX, and HitBTC.

The exact method of hacking is still being probed, however, experts believe that Larsen’s private keys may have been compromised. XRPScan’s on-chain data analysis revealed that the hacked wallet, called Ripple (50), was activated by another wallet called “FundingWallet1” on 5th November 2018. This second wallet was previously activated by Larsen on 6th February 2013, a month after creating his account,”~chrislarsen.”

Binance is aware of the incident and is supporting the investigation, as per its spokesperson Simon Matthews, while Kraken’s representative Megan Thorpe claims they have engaged their incident response team to prevent such incidents.

For your information, Ripple, formerly called RippleNet, is a real-time gross settlement system, currency exchange, and remittance network established in 2012. The network recently launched the enhanced Ripple Payments solution and promotes itself as a reliable payments and enterprise infrastructure provider boasting a market capitalization of $27.4 billion.

Lately, cryptocurrency wallets have been a preferred target among cyber criminals. Mark Cuban, a renowned TV personality, investor, and billionaire, was earlier targeted in a hack attack, resulting in the draining of all funds (around $900,000 worth of crypto) from his inactive wallet “mcuban” on OpenSea.

The cryptocurrency community is concerned about individual wallet security and potential targeted attacks, underscoring the need for responsible digital asset management and vigilance against evolving cyber threats.

Leading blockchain cybersecurity firm, Immunefi’s November 2023 report revealed startling figures with cryptocurrency losses exceeding $1.75 billion due to hacks and rug pull attacks. The company reported 296 incidents, resulting in $1,753,707,812 in losses year-to-date.

  1. Trezor Data Breach Exposes Email and Names of 66,000 Users
  2. YouTube Crypto Con: Scammers Rake in $600K with Deepfakes
  3. Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets
  4. Hackers Stole $59 Million of Crypto Via Malicious Google and X Ads
  5. SEC Twitter Account Hacked, Spreads Fake News About Bitcoin ETFs

[ad_2]
Source link

Nothing Phone (1) gets Android 14 with a bunch of new features

0
[ad_1]

Android 14 is now available for Nothing’s first smartphone, the Nothing Phone (1). The big update is rolling out with Nothing OS 2.5.2. Users who participated in the company’s Android 14 beta program will get the update first, followed by those on stable Android 13. The rollout should be completed in the next few days.

Nothing Phone (1) gets Android 14 with Nothing OS 2.5.2

The Android 14-based Nothing OS 2.5.2 brings a host of new features and functional improvements to the Nothing Phone (1). The company has added new home screen and lock screen customization options, wallpaper, wallpaper effects, and themes to give you more ways to personalize your phone.

The Glyph Interface, which is the main USP of Nothing phones, has been improved to synchronize better with the device’s audio. There is also a new Glyph animation for NFC, while you now get direct access to the Glyph Interface’s Music Visualisation feature. Nothing has also improved the Flip to Glyph experience.

For those of you into gestures, you can now customize what a double-press of the power button does. Nothing OS 2.5.2 also lets you add shortcut gestures for Do Not Disturb, Mute, QR code scanner, and video camera to the lock screen. A three-finger swipe gesture will take screenshots, with Nothing giving you a new screenshot editor too. The firm has also redesigned the back gesture arrow visual.

The Quick Settings panel gets an updated layout with support for more icons, including buttons to switch ring modes. It also lets you access your network settings without unlocking the device. If you like to place widgets on the home screen, there are a few more options to pick from. You can now add widgets for the step counter, media player, and screen time.

Other highlights of Android 14 for the Nothing Phone (1) include an improved Weather app, an updated volume control interface with separate controls for ringtone and notification sound volumes, automatic exclusion of screenshot previews when taking continuous screenshots, improved camera stability, enhanced system stability and smoothness, and improved battery life.

Back up important files and data before installing the update

Android 14 should soon reach all eligible Nothing Phone (1) units globally. While the update shouldn’t delete data, some users who installed it say their phone was formatted. So, it might be a better idea to back up important files and data before installing the update. Some others have also noticed stutters when using Quick Settings. The update seems to be pretty stable otherwise. You can check for it from the Settings app.


[ad_2]
Source link

Hulu joins the Netflix trend: The streaming service takes action against password sharing

0
[ad_1]

Streaming services have been cracking down on password sharing, with names like Netflix and Disney Plus taking the lead in recent years. And now, another major platform seems to be hopping on the bandwagon.

According to The Verge, Hulu is making moves to clamp down on password sharing, signaling a shift that could affect friends, family, and freeloaders using its streaming service. The company updated its Terms of Service, prohibiting password sharing beyond “your primary personal residence.” Subscribers have been notified that they must comply with the new terms by March 14th, 2024.

The revised subscriber agreement from Hulu now includes a clear stance on password sharing: “Unless otherwise permitted by your Service Tier, you may not share your subscription outside of your household. “Household” means the collection of devices associated with your primary personal residence that are used by the individuals who reside therein.


Additionally, Hulu is already informing its subscribers about the changes through email notifications, as reported by users on Reddit.

However, both the email and the Terms of Service lack details on how Hulu will assess compliance or the speed of potential actions. Yet, Hulu states it will “analyze the use of your account” and retains the right to “limit or terminate access” if it deems a violation of the policy has occurred.

This development is not exactly shocking. Signs were there since Netflix boasted about the success of its password-sharing crackdown, leading to increased signups. Disney CEO Bob Iger also hinted at a similar move, and Disney Plus wasted no time in implementing its own crackdown. Oh, and it is worth noting that Disney is on track to acquire Hulu entirely, and both platforms are gradually merging.


[ad_2]
Source link

HONOR Magic6 Pro’s new silicon-carbon battery aces freezer test

0
[ad_1]

The HONOR Magic6 Pro’s global model will launch at this year’s Mobile World Congress in Barcelona, which is taking place later this month. This smartphone includes a second-gen silicon-carbon battery, and that battery aced the freezer test.

HONOR actually partnered up with PhoneBuff, a YouTuber, in order to conduct this test. The whole point was to prove how much better silicon-carbon batteries handle low temperatures, compared to regular lithium-ion ones.

The HONOR Magic6 Pro’s silicon-carbon battery shows its prowess in a freezer test

In this test, the HONOR Magic6 Pro was stuck in a freezer at a temperature of -20℃. The video itself is embedded below the article, and before we begin, do note that the Magic6 Pro uses a second-gen silicon-carbon battery.

Also, silicon-carbon batteries are more dense, so they offer more capacity in the same form factor as lithium-ion ones. They use as silicon carbon anode, instead of a graphite one.

Now, back to the freezer test. After 8 hours of running a YouTube video, the phone was at 47% at -20℃. Needless to say, that’s very commendable, as lithium-ion batteries don’t really handle the cold all that well.

Lithium-ion batteries can lose up to 50% of its capacity in such temperatures

They can lose quite a bit of capacity at freezing temperatures, up to 50%, it all depends on the scenarios. So not only are silicon-carbon batteries denser, and have the advantage of offering more capacity in the same form factor, but they also handle freezing temperatures much better.

The HONOR Magic6 Pro managed to last 13 hours and 7 minutes in this test. This is a great result considering the temperature was constantly at -20℃. Lithium-ion batteries with the same capacity would not be able to compete here. Speaking of which, this phone includes a 5,600mAh battery.

The HONOR Magic6 Pro already launched in China, but its global variant is coming at MWC 2024. So stay tuned for that. Its smaller sibling is also expected to arrive.


[ad_2]
Source link

YouTube and Facebook still hold ground, but TikTok’s explosive growth shakes up US social media

0
[ad_1]
Ever wondered how many people use social media or which is the most popular social media platform in the US? Well, keep reading, and you will find out.

The Pew Research Center, as reported by Engadget, dropped fresh insights on US adult social media habits. YouTube and Facebook are still the big players, holding onto their dominance from the 2021 survey. But TikTok is also making waves. Even after some in Congress shouted for a ban, TikTok’s user base is booming, with over a third of adults admitting they’re on the app.

Between May 19 and September 5, 2023, the survey reached out to 5,733 US adults. YouTube emerged as the top contender, with 83 percent of respondents using it at some point. Meanwhile, Facebook wasn’t far behind, with 68 percent of users reporting their activity on the platform.

YouTube and Facebook stand out as the go-to platforms across all age groups. However, significant age-based gaps persist, particularly for Instagram, Snapchat, and TikTok – favorites among adults under 30. For instance, 78% of 18- to 29-year-olds are active on Instagram, compared to just 15% of those 65 and older.

Speaking of Instagram, the social media takes the third spot overall, with 47 percent of respondents admitting to using it. Following closely are Pinterest (35 percent), TikTok (33 percent), LinkedIn (30 percent), WhatsApp (29 percent), and Snapchat (27 percent). Notably, TikTok’s growth steals the show, skyrocketing by 12 points from 21 percent just two years ago, making it the fastest-growing social platform.

Reddit and X (formerly Twitter) share the next tier at 22 percent. Elon Musk’s company rebranded from Twitter to X and welcomed a new CEO during the survey period. As a result, reported X users dipped slightly from 23 percent in 2021. On the flip side, Reddit saw a four-point rise from 18 percent two years prior despite facing API disputes during the survey period.

Social media has been a hot topic lately, with controversies swirling around misinformation, data privacy, and child safety. In a recent Senate hearing, big shots like Mark Zuckerberg from Meta (Facebook, Instagram), Linda Yaccarino from X/Twitter, Evan Spiegel from Snapchat, Shou Zi Chew from TikTok, and Jason Citron from Discord had their say on the matter. You can find out more here.


[ad_2]
Source link

Xiaomi MIX Fold 4 could launch globally with Snapdragon 8 Gen 4

0
[ad_1]

The Xiaomi MIX Fold 4 is actually expected to launch globally with the Snapdragon 8 Gen 4. This information comes from GSMChina. Do take this information with a grain of salt, though.

The Xiaomi MIX Fold 4 will allegedly launch globally

The source claims that the device is coming to both China and global markets with 2405CPX3DC and 2405CPX3DG model numbers, depending on the market, of course. Its codename is ‘Ruyi’, by the way.

Now, neither of Xiaomi’s previous foldable smartphones made their way to global markets. They were all limited to Xiaomi’s homeland. Xiaomi is expected to make a jump to other markets at some point in the future, but we’re not sure that will happen with the Xiaomi MIX Fold 4.

Based on what GSMChina shared, however, even if the Xiaomi MIX Fold 4 arrives to other markets, its availability will be limited. The phone may be sold in a couple of markets only, based on this information, including Turkey.

GSMChina is not the usual source for such information, so it would be best to wait for some other tipsters to have their say in this. We presume that some additional information will arrive soon.

This is not the first time we’re seeing a rumor like this, but it would be false

GSMChina did mention last year that the Xiaomi MIX Fold 4 is expected in more markets, though, so this is not the first time we’ve heard this rumor. That phone will feature high-end specs, needless to say.

We’re expecting to see two 120Hz AMOLED displays, the Snapdragon 8 Gen 3 processor, and plenty of LPDDR5X RAM. UFS 4.0 flash storage will also be used, and hopefully an even more compelling camera setup with Leica optics. We also expect it to be even thinner and lighter than its predecessor.

Xiaomi is also expected to announce its first clamshell foldable this year. We’re not sure when exactly will it arrive, though.


[ad_2]
Source link