Microsoft exposes Russian hackers targeting global organizations

0
[ad_1]

Microsoft recently disclosed a nation-state attack on its corporate systems from Russian state-sponsored hackers. It turns out the Windows maker was not the only target of this hacking campaign. The same group of attackers has also been targeting other organizations.

Microsoft sheds more light on the recent Russian attack

On January 12, Microsoft’s security team detected a breach in its corporate systems and immediately activated its response process to mitigate the attack. An internal investigation revealed that the hacker group Nobelium, believed to be working for Russia’s Foreign Intelligence Service, was behind the attack. The group also carried out the sophisticated SolarWinds attack in 2020.

Microsoft referred to the attackers as Midnight Blizzard—other industry names of the hackers include Cozy Bear, APT29, and The Dukes. According to the company, the attack began in late November last year and was not the result of a vulnerability in its products or services. Instead, the attackers “used a password spray attack to compromise a legacy non-production test tenant account” to access its systems.

In this attack, the threat actors try to sign into accounts by using the most popular or most likely passwords. The compromised account did not have multifactor authentication (MFA) enabled, which made the job easier for the hackers. Midnight Blizzard also employed other techniques to evade detection and avoid account blocks, including “launching these attacks from a distributed residential proxy infrastructure.”

These techniques obfuscated their activity, allowing them to persist the attack until successful. The breach exposed the corporate email accounts of “a very small percentage” of Microsoft employees across various internal divisions, including cybersecurity and legal. The tech giant found that Midnight Blizzard initially targeted email accounts for information related to itself. The attackers seemingly wanted to find out what Microsoft knew about them.

The group is targeting more organizations

In a new blog post, Microsoft revealed that Midnight Blizzard has also been targeting other organizations, likely with a similar intent. The firm didn’t name the organizations that might be under attack from Russian state-sponsored hackers but said it has already begun notifying them. It added that the investigation is still ongoing. The Windows maker plans to share more details as appropriate.

Meanwhile, Hewlett Packard Enterprise (HPE) recently revealed that Midnight Blizzard gained unauthorized access to its cloud-based email environment, hosted by Microsoft. This attack might be part of the same espionage campaign run by the Russian hackers. As of this writing, there is no report that these attacks compromised customer data. We will keep a close eye on it and let you know as soon as we have more information.


[ad_2]
Source link

Exploit Released for Critical Jenkins RCE Flaw

0
[ad_1]

Jenkins has been discovered with a critical vulnerability that is associated with arbitrary code execution that threat actors can exploit for malicious purposes.

The vulnerability is tracked as CVE-2024-23898, and the severity is yet to be categorized.

However, Jenkins has fixed this vulnerability on their latest versions, 2.442 and LTS 2.426.3. Jenkins currently has a market share of 44% as of 2023, which means that the potential impact of exploiting this vulnerability can be catastrophic.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

CVE-2024-23898: Cross-Site WebSocket hijacking

This particular vulnerability exists due to the lack of origin validation of requests that are made through the CLI WebSocket endpoint, which could allow a threat actor to execute CLI commands on the Jenkins controller. Moreover, the vulnerability has specific criteria which must be met for an attacker to exploit it.

This vulnerability is dependent on the fact that most browsers do not implement a “lax by default” policy, which serves as a potential safeguard against this vulnerability. Nevertheless, the exploitation of this vulnerability requires a malicious link to be sent to the victim, and a user interaction is mandatory.

According to the reports shared with Cyber Security News by SonarSource, one of the methods to invoke the Jenkins-CLI command is by using web sockets.

Jenkins-CLI allows users to execute custom commands that are implemented in the Hudson/CLI directory of the Jenkins Git repository.

The most common way of invoking a command is using Jenkins-cli.jar or SSH. However, there was another method discovered that invokes commands by sending two POST requests to http://jenkins/cli?remoting=false.

When a CLI command is invoked, Jenkins uses args4j’s parseArgument, which calls expandAtFiles. If an attacker can control the arguments, it can be expanded to an arbitrary number of ones from an arbitrary file on the Jenkins instance.

Exploitation method (Source: Sonarsource)

Exploitation

Moreover, this arbitrary command execution combines a Data-leak vulnerability (CVE-2024-23897) with a similar background. CVE-2024-23897 exists due to a similar reason but is associated with leaking the contents of an arbitrary file on the Jenkins instance.

Numerous researchers have replicated several attack scenarios and have produced functional proof-of-concept (PoC) exploits that have been made available to the public on GitHub.

However, this Data-leak vulnerability is leveraged for reading the contents of the file in order to find the arbitrary number of arguments, which is later used in the exploitation of Remote Code Execution.

In addition, the success rate of arbitrary code execution over the Jenkins instance is dependent on different contexts. Some of the interesting files that are evident for successful exploitation are 

  • SSH keys
  • /etc/passwd, /etc/shadow
  • Project secrets and credentials (refer to Jenkins’ advisory for more information)
  • Source code, build artifacts
  • and more… 

[ad_2]
Source link

Samsung may be cutting costs with its upcoming foldable phones

0
[ad_1]

Foldable phones are coming down in price, however, they’re still rather expensive. The specialized parts needed to build them really drive up the price, and Samsung’s Galaxy Z Fold phones are some of the most expensive on the market. Well, according to a new report, Samsung could be using inkjet printing for the bezels on its upcoming foldable phones, which could cut down on costs.

The bezel of a phone’s screen is very important, even though people want less of them. Phone companies need the bezels to house the circuitry that powers the display. Companies have been making compromises to make the bezel thinner, but coming up with a completely bezel-less phone has been the goal of most manufacturers. The material that composes the bezel can often affect the price of the phone itself.

Samsung could switch to inkjet printing for bezel for its upcoming foldables

The foldables in question are the Galaxy Z Fold 6 and the Galaxy Z Flip 6. Even though we don’t have any leaks about these devices, we know that Samsung is going to stick with the same naming convention.

Up until now, the company has been using a method called micro dry process decoration (MDD) to make its bezels. Despite this, Samsung has been able to make its foldable devices a bit cheaper over the years, especially the Z Flip line of phones. Bezels need ink, and the ink for the MDD method already exists in the film that the company cut the bezels out of.

However, Samsung may opt for the inkjet printing method for bezels. Basically, Samsung is able to produce more films using this method, which means that it can produce more phone displays per batch. So, the company will be able to lower the price of each display made, thus, ostensibly, reducing the cost of production.

This could corroborate a rumor

While we don’t have too much information about Samsung’s next foldables, we’ve been following rumors that the company’s planning on making a cheaper version of the Galaxy Z 6 later this year. We’re not quite sure how much this phone will cost, or if Samsung is even going to make it. However, we expect it to compete against the likes of the OnePlus Open, Vivo X Fold 2, and other foldables that undercut the Galaxy Z Fold prices.

So, using this cheaper method of making bezels for its phones could possibly drive down the price of production and facilitate cheaper handsets. We don’t know if this will lead to a cheaper flagship foldable model, however. In any case, hopefully, Samsung will deliver a cheaper foldable this year. This will make it more accessible


[ad_2]
Source link

McAfee pop-up scam is running rampant, be careful

0
[ad_1]

McAfee antivirus is one of the most popular antivirus software offerings out there. With that in mind, someone created a scam that is using McAfee as a front, a pop-up scam, if you will.

This malicious software pops up while people are using their computers, and claims that your device is infected. On top of that, it claims that your McAfee subscription has expired.

McAfee pop-up scam is making the rounds, be careful

Now, many of you will probably think to yourself, well, I never had a McAfee subscription. Or you’ll be aware when your subscription ends. That’s true, but it may trick some people, as many people get scared when they see something like that.

This scam seems to be pretty good, though, in terms of design. That, plus it uses fear to get people to do things they’re not supposed to. This scam is basically trying to get you to provide a bunch of your information to threat actors.

McAfee pop up scam image 1

The whole point here is, of course, for them to get your credit card information. Considering this is a subscription service we’re talking about, unaware people could be persuaded to provide such information.

This particular scam seems to be a bit more advanced than just a simple ad

This may not seem like a special scam, as we see such scams that arrive via ads all the time. The thing is, this one, in particular, seems to be a bit more advanced. Based on the information provided by Fox News, this is not coming from an ad, but from a “malicious file that has integrated itself into your browser and is displaying images that look like pop-ups”.

The source doesn’t seem to be too sure what to do exactly, with this particular problem, but there are a number of suggestions mentioned. Let’s just go over them, as they’re quite different in nature.

Clearing your cache & checking your extensions should do the trick

The first one is to shut down your browser, as that does the trick sometimes if you’re on a suspicious website that triggered the problem. Clearing cache sometimes helps too, as does taking a look at your extensions. Some Chrome extensions can be infected and start throwing such scams your way.

You should always report such scams to Google, or some other internet browser provider you’re using. Most importantly, you should remain calm when you see such pop-ups. They’re usually scams, and if you calm down and just focus on what’s on the screen, you’ll likely be able to tell whether it’s real or fake.


[ad_2]
Source link

Huawei has a new flip phone in the pipeline, coming in February

0
[ad_1]

Huawei is planning to launch a new flip phone foldable, it seems. This information comes from a distributor who shared some details online. The phone’s codename is ‘LEM’, by the way, which is not saying much on its own.

A new Huawei flip phone foldable is coming next month

The source did say that this is a clamshell foldable and that the launch is planned for next month. A different tipster suggested that the press event will happen on February 24. Unfortunately, however, that’s pretty much everything the source said at this point.

What else do we know about this phone? Well, we can guess that it will utilize Huawei’s Kirin chip. Therefore, it will support 5G connectivity. Nothing specific in terms of specifications was shared.

Huawei has three foldable smartphone lineups out there. The ‘X’ and ‘Xs’ lineups are the company’s higher-end foldables. The devices from the ‘X’ lineup are book-style foldable, while the ‘Xs’ lineup represents outward-folding phones.

It will be a part of the Huawei Pocket lineup

The Huawei Pocket lineup is reserved for flip phones. So, this upcoming device will almost certainly be a part of it. The only question is whether it will be a higher-end device or a mid-range phone.

Huawei did release both in the pack. The Huawei Pocket S was the most recent addition, and it arrived in 2022. Huawei doesn’t have a habit of launching these devices every year, you see.

The Huawei Pocket S had a price of under $700 (converted), one large and one tiny display, and was fueled by the Snapdragon 778G SoC. All in all, it was a rather compelling smartphone, though not to the level of the Huawei P50 Pocket, its sibling.

We truly don’t know what to expect from Huawei at this point. It could go both ways, either the company will go for a flagship-level device, or for a more affordable model. The Huawei P70 series is coming, though, so this could be Huawei’s way to add a new higher-end flip phone to the table. We’ll see.


[ad_2]
Source link

Global HONOR Magic6 & Porsche Edition Magic V2 RSR coming February 25

0
[ad_1]

HONOR has just announced its launch event for the Mobile World Congress (MWC) 2024 in Barcelona. The company announced that the event will take place on February 25 and that global variants of both the Magic6 series and Porsche Design Magic V2 RSR are coming.

Global HONOR Magic6 & Porsche Design Magic V2 models will launch on February 25

The company said that the press event will take place at 2 PM CET / 1 PM BST / 8 AM EST / 5 AM PST in case you’d like to tune in. Yes, HONOR will livestream this event, it won’t be exclusive to the people on site.

So, it seems like we’ll get to see global variants of three of HONOR’s high-end devices. The HONOR Magic6 series consists of Magic6 and Magic6 Pro, both of which launched in China already. The Magic6 Lite launched before them, but that budget phone was already made available globally, and likely won’t be a part of the launch event.

All of these devices already launched in China

Along with the two Magic6 devices, the Porsche Design HONOR Magic V2 RSR will also make an appearance. That phone was announced during the China Magic6 series launch. It was also briefly mentioned recently when the company announced the global variant of the HONOR Magic V2 in Germany. This will be a proper launch for the Porsche Design HONOR Magic V2 RSR, though.

Neither one of these devices is a mystery at this point. All of them have already launched in China, so we know exactly what to expect. The Magic6 devices are both fueled by the Snapdragon 8 Gen 3 processor. Those are technically the company’s flagships.

They come with gorgeous displays that are also immensely bright. They do look rather similar, but they have different display camera hole and slightly different-looking camera islands on the back.

The HONOR Magic6 Pro has a very compelling camera setup

The ‘Pro’ model does have a more powerful camera setup. It comes with a variable aperture on its main camera, not to mention a 180-megapixel periscope telephoto camera, amongst others.

Both phones also have rather beefy batteries, 5,450mAh and 5,600mAh, respectively. Fast wired and wireless charging is supported, and much more.

The Porsche Design HONOR Magic V2 RSR is very similar to the regular Magic V2, but it has a different build on the back. It also has a slightly different weight.

Global HONOR Magic6 and Porsche Design Magic V2 RSR launch event 2


[ad_2]
Source link

Brave Sunsets Strict Fingerprinting Block For Better Browsing

0
[ad_1]

After adequate analyses of its users’ browsing habits and browser settings preferences, Brave decided to remove its “Strict” fingerprinting block mode from the browsers. With this move, Brave intends to provide users with a safer and smoother browsing experience.

Brave Removes Strict Fingerprinting Block Option From The Browser

The privacy-oriented browser Brave seemingly gets a bit lenient towards online tracking as the firm sunsets its strict fingerprinting block mode. But that doesn’t make the users vulnerable, nor does it suggest any change in Brave’s privacy preferences. Instead, Brave decided for it for some good reasons.

As explained in its blog post, Brave simplifies its fingerprint-blocking modes by entirely removing the “Strict,” leaving behind the Standard mode for users.

The firm decided to end this feature after carefully considering how it impacted users’ browsing experience. Specifically, the extensive blocking for web trackers and anti-browser fingerprinting activity with its Strict mode made most users face problems when browsing.

In order to block fingerprintable APIs, Strict mode frequently causes certain websites to function incorrectly or not at all. This website breakage means that Strict mode has limited utility for most Web users.

Consequently, Brave noticed less than 5% of its users using the Strict mode, making them more distinct than the majority who use the Standard mode. While Brave didn’t observe any issues around it, the firm still suspects that the less usage of this feature indirectly made its users more notable (and possibly, vulnerable) instead of protecting their privacy in the way they desire.

Besides, resolving broken website issues with Strict fingerprint blocking mode also became a tedious task for Brave engineers.

Therefore, after considering all these matters, Brave decided to eliminate the Strict fingerprint blocking feature. Users may still use the Standard blocking mode to protect their privacy. Though the Standard mode isn’t as robust as the Strict one, Brave assures that it’s still efficient enough to prevent unique fingerprint ID generation owing to its “innovative farbling of a number of major fingerprintable Web APIs.”

Let us know your thoughts in the comments.


[ad_2]
Source link

Exynos 2400 outperforms Snapdragon 8 Gen 3 in certain aspects

0
[ad_1]

Samsung has returned to its dual-platform strategy with its in-house Exynos 2400 chip that replaces the Snapdragon 8 Gen 3 from the Galaxy S24 and Galaxy S24 Plus in Europe and many other regions worldwide. Although Samsung isn’t using its in-house Exynos chip in the ultra flagship, the Galaxy S24 Ultra, anywhere on this planet. So, is there still a significant performance disparity between the current Exynos and Snapdragon flagships that could otherwise hold back the ultra flagship?

Well, the Exynos 2400 performs a lot better in terms of both peak performance and power efficiency compared to its predecessors and it does outperform the Snapdragon 8 Gen 3 in certain places.

Exynos 2400 outperformed the Snapdragon 8 Gen 3 in ray tracing performance

Golden Reviewer has tested out the performance and power efficiency of the Exynos 2400 chip with different synthetic benchmarks. Surprisingly, Samsung’s deca-core Exynos 2400 managed to surpass the Snapdragon 8 Gen 3 both in terms of FPS and power efficiency in 3DMark SolarBay. The Exynos chip scored 8642 FPS as compared to the 8601 FPS of the Snapdragon 8 Gen 3, it’s a win. even if the margin is smaller. Speaking of power efficiency, the Exynos 2400 consumed around 20% less power in this particular test. Samsung seems to have solved at least some of the issues with the Xclips 940 GPU.

Moving on to some other GPU tests, however, the Exynos chip was outperformed by the Snapdragon 8 Gen 3. For example, in the 3DMark Wildlife extreme, the Exynos 2400 scored quite a bit lower at 4360 as compared to the 5181 of the Snapdragon flagship. The power efficiency was also higher on the Snapdragon 8 Gen 3. Other GPU tests like the GFXBench 3.1 GFXBench Aztec also yielded similar results, i.e. close but still inferior to the Snapdragon counterpart.

Exynos 2400 still consumes a lot of power in places

The Exynos 2400 achieved 2266 points in Single-Core and 7326 points in Multi-Core test in Geekbench. NotebookCheck noted that it surpassed the average score of the Snapdragon 8 Gen 3 in their benchmark database, albeit by a small margin. Additionally, NotebookCheck noted that the Exynos chip in question consumes more than 20 watts of power in places during the test. Datasheets from Golden Reviewer also show a higher average power consumption for both the ‘Big’ Cortex-X4 core and the Mid cores.


[ad_2]
Source link

Instagram starts testing more private profile spaces called “flipside”

0
[ad_1]
Instagram is working on a new feature called “flipside” that will allow users to create a secondary profile without having to open another account. The functionality of the new feature is similar to “Close friends,” which made it to the platform a few months ago.

Flipside is now being tested on Instagram (via Engadget), but it’s unclear whether or not it will be given the green light. Not even Instagram’s Adam Mosseri is sure about the feature’s usefulness considering that the app already offers similar functionality.

But what exactly is “flipside” and how does it work? Basically, Instagram users can create a secondary profile that only selected friends can see. Think of it as a more private profile that you can share with your closest friends and contacts.

Creating a “flipside” profile doesn’t require users to make another Instagram account, but they will still have to manage two separate accounts because content shared on the “flipside” profile won’t be visible on the main account.

It remains to be seen how people will react to the new feature, but chances are slim that the majority will want something that’s already available under a different name. Perhaps if Instagram would add other functionalities to “flipside,” it will make the feature more interesting for Instagram users.


[ad_2]
Source link

Apple Music to expand SharePlay to HomePod and Apple TV in iOS 17.4

0
[ad_1]

In the latest scoop, Apple spiced things up with the public release of iOS 17.3, introducing a collaborative playlist feature for Apple Music. Now, you can gather your friends on a playlist, granting them the power to add, remove, and rearrange songs. And there is more to come, as the streaming service might be in for additional enhancements. According to MacRumors, in the upcoming iOS 17.4, currently in beta, Apple is set to broaden SharePlay music control to include HomePod speakers and Apple TV. This expanded compatibility will be featured in the iOS 17.4, tvOS 17.4, and HomePod 17.4 software updates. Apple aims to roll out iOS 17.4 globally in March.

This feature lets your family and friends take the reins on the music playing on your HomePod or Apple TV, with your permission, of course. Currently, it’s limited to the Music app, but the best part is that your friends don’t need an Apple Music subscription to join in.

To get the party started on HomePod, an iPhone user with Apple Music can kick off a song in the Music app and hit the SharePlay icon to generate a QR code. Friends can then scan the code with their phones to request control over the music playback. What is more, it appears this feature works seamlessly on both iPhone and Android devices and is compatible with both HomePod and HomePod mini.

For Apple TV users, with tvOS 17.4, the Music app can display a QR code right on your TV screen. Guests can simply scan this code to gain access to music control through any connected speaker.

Expanding SharePlay music control to HomePod speakers and Apple TV adds a dash of convenience, especially when you have guests over, throw a party, or just want the whole family to dive into the music selection together.

Last year, with the release of iOS 17, Apple had already introduced a similar feature for CarPlay. This feature enables anyone in the car to contribute their song preferences to a shared playlist, even if they aren’t subscribed to Apple Music.


[ad_2]
Source link