VexTrio a hub of Cyber attacks Massive Criminal Affiliate Chain

0
[ad_1]

VexTrio, a cybercrime syndicate with a history dating back to at least 2017, has been implicated in nefarious activities utilizing a sophisticated dictionary domain generation algorithm (DDGA). 

Their malicious campaigns encompass scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and explicit content, with a notable occurrence in 2022 involving the distribution of the Glupteba malware following a prior intervention by Google in December 2021.

The scope of VexTrio’s influence extends to a network of over 70,000 documented domains, facilitating traffic brokering for approximately 60 affiliates, including ClearFake, SocGholish, and TikTok Refresh. 

Document
Free Trial

Open Suspicious Files & Links in the ANY RUN Sandbox Safely; Try All Features for Free. Understand malware behavior, collect IOCs, and easily map malicious actions to TTPs — all in our interactive sandbox.

VexTrio
VexTrio

Security analysts from Infoblox posit that VexTrio may be advertising its services on dark web forums or employing alternative channels for cybercriminal engagement.

Operational Mechanism of VexTrio:

Functioning as intermediaries between malware creators and those seeking to launch cyberattacks, VexTrio offers affiliates:

  1. Access to a network of malicious domains hosting malware, phishing pages, and harmful content.
  2. Traffic distribution systems (TDS) redirect victims based on location, interests, and other parameters.
  3. Payment processing, compensating affiliates based on generated traffic or successful attacks.
Cyber attacks
Cyber attacks

Prominent VexTrio Affiliates:

ClearFake: Specializes in crafting deceptive websites to pilfer personal information.

SocGholish: Utilizes social engineering tactics to trick victims into interacting with malicious links or downloading malware.

TikTok Refresh: Targets TikTok users through phishing scams and counterfeit applications.

Impact of VexTrio:

VexTrio poses a substantial threat to global internet users, leading to issues such as identity theft, financial losses, and data breaches affecting businesses and organizations.

Infoblox has uncovered a web of Vextrio attacks, with the initial threads dating back to early 2022 and ongoing campaigns detected in February.

Michael Jones, Malware Expert: “The fact that they were able to bypass Google’s intervention with the Glupteba malware distribution shows their adaptability and resilience. They are constantly evolving their tactics and techniques, making it a constant challenge for defenders to stay ahead.”

Protective Measures against VexTrio:

  1. Exercise caution with visited websites, prioritizing trusted sources.
  2. Avoid clicking on suspicious links or attachments in emails or messages from unfamiliar sources.
  3. Keep software updated to mitigate vulnerabilities.
  4. Employ a robust security suite to counter malware and phishing threats.
  5. Stay informed about the latest cyber threats to proactively safeguard against potential risks.

[ad_2]
Source link

ASUS ZenFone 11 appears on Google Play Console with confusing specs

0
[ad_1]

The ASUS ZenFone 11 has appeared on Google Play Console, but its specs are quite confusing. First of all, the model number that appeared is ASUS_AI2401. Its name is also highlighted next to the model number.

You can see the listing itself below the article. Don’t pay much attention to the device image (shown below), as it’s not revealing much, and it could be just a placeholder. Now, when we get to the spec section, things get rather confusing.

Alleged ASUS ZenFone 11

The ASUS ZenFone 11 rears its head with rather confusing specs

The phone is said to be fueled by a Snapdragon 8 series chip. The thing is, the model number indicates it’s the Snapdragon 8 Gen 3, while the GPU tells a completely different story.

The model number here is listed as ‘SM8650’, which is the Snapdragon 8 Gen 3. The GPU is listed as ‘Adreno 830’, while the Snapdragon 8 Gen 3 comes with the Adreno 750. There’s also some confusion in the CPU cores department.

All in all, these specs are not accurate, at least not the CPU section. The listing does claim the phone will offer 16GB of RAM, and a fullHD+ (2400 x 1080) display. Both of those claims are easily possible.

It is expected to include up to 16GB of RAM, and a compact display once again

The ASUS ZenFone 10 comes with up to 16GB of RAM, and it has a 2400 x 1080 display. This also kind of confirms that the ASUS ZenFone 11 will also be quite compact. As a reminder, the ZenFone 10 includes a 5.92-inch display. Android 14 is also mentioned here.

Do note that the ASUS ZenFone 11 Ultra also appeared a couple of times. It seems like ASUS is finally planning to launch its flagship smartphones in different sizes.

We’re not entirely sure when will that happen. If the company ends up sticking with its release cycle, the ZenFone 11 series won’t arrive until the summer. The ZenFone 10 launched in June. That is still a possibility, but it’s also possible that they’ll arrive sooner than expected, a couple of months early. We never get this much information about new ZenFone devices ahead of time, not so early anyway.

ASUS ZenFone 11 Google Play Console


[ad_2]
Source link

Nokia & OPPO finally resolve their 5G patent dispute

0
[ad_1]

Nokia and OPPO have finally managed to resolve their 5G patent dispute. This has been going on for quite some time, and the company’s just announced it’s over. OPPO has signed a global cross-licensing agreement with Nokia.

Nokia & OPPO resolve their 5G patent dispute as they sign global cross-licensing agreement

That agreement covers 5G standard-essential patents and “other vital communication technologies”. OPPO notes that the agreement will “resolve all pending litigations in all jurisdictions”.

OPPO wanted to be clear that it “respects Nokia’s intellectual properties and its contribution to the global communication industry”. The company also highlighted that it’s looking forward to working with Nokia.

Was this issue felt by consumers? Well, yes, definitely, in some regions. Users in Germany, in specific were affected. Both OPPO and OnePlus, who are a part of the same company, had to halt sales of their smartphones in Germany.

Back in 2022, OPPO & OnePlus had to halt sales of their smartphones in Germany due to this issue

This happened way back in August 2022. Back in March 2023, both companies denied exiting Europe, which was a rumor that was going around at the time. The two companies were quite fast to reach to the rumor, and OPPO even clarified things.

Considering that this agreement has been reached, we presume that OPPO will continue the sales of its products in Germany shortly. OnePlus was not mentioned in OPPO’s press release, but it’s possible (and even probable) that it’s also a part of the deal.

If this issue continued, things could have gotten very tricky. This way, everything is settled, basically. OPPO can continue operating as per usual.

Just to be clear, OPPO and OnePlus are a part of the same company, as already mentioned. The company in question is called BBK Electronics, and Vivo is also a part of the equation. That is probably not surprising to many of you, but there you have it.


[ad_2]
Source link

Parrot TDS Injecting Malicious Redirect Scripts

0
[ad_1]

In the murky depths of the digital world lurks a cunning predator – Parrot TDS, a cyber campaign that has flown under the radar for years, leaving a trail of compromised websites and vulnerable users in its wake. 

Parrot TDS identifies itself through a whisper in the code – keywords like Ndsj, Ndsw, and Ndsx. 

These cryptic markers serve as a beacon for researchers, revealing the campaign’s vast reach and persistent nature. 

Document
Free Trial

Open Suspicious Files & Links in the ANY RUN Sandbox Safely; Try All Features for Free. Understand malware behavior, collect IOCs, and easily map malicious actions to TTPs — all in our interactive sandbox.

While the recent discovery of Parrot TDS by Palo Alto researchers, the service used to inject malicious scripts into existing JavaScript code on servers, has garnered significant attention, this tactic isn’t entirely new to the campaign’s history. 

Here’s a closer look at its evolution in this area:

Early Days (2019-2020):

  • Limited Code Injection: Parrot TDS primarily relied on appending malicious code to the end of legitimate JavaScript files. This approach was relatively crude and easier to detect.
  • Basic Obfuscation: The injected code often employed basic obfuscation techniques, making it slightly more challenging to read but not significantly hindering analysis.

Evolving Tactics (2021-2022):

  • More Sophisticated Injection: The attackers moved towards injecting code into the middle of existing JavaScript functions, disrupting their normal operation and making detection more complex.
  • Advanced Obfuscation: Increased use of techniques like string encryption and variable renaming made analyzing the injected code significantly more time-consuming.

Recent Developments (2023-Present):

  • Dynamic Injection: Parrot TDS has started leveraging server-side scripting languages like PHP to dynamically inject malicious code into JavaScript files at runtime. This makes detection even more challenging, as the injected code may not be present in static website scans.
  • Targeted Injection: The attackers are now focusing on injecting code into specific JavaScript libraries or plugins known to be used by targeted websites, further increasing the effectiveness of their attacks.

The Payload Takes Flight:

Parrot TDS has morphed through four distinct versions of its landing script, each iteration cloaked in increasingly sophisticated obfuscation techniques. 

Version 1, a simple yet effective trespasser, paved the way for its more cunning descendants, V2, V3, and V4, each armed with layers of complexity designed to evade detection.

Beyond the landing script lies the true payload – the malicious code that delivers the coup de grâce. 

Identified by the keyword Ndsx, these scripts come in nine distinct versions, with V2 reigning supreme, constituting over 70% of the observed samples. 

Unlike its seemingly harmless V1 counterpart, most Parrot TDS payloads are armed to the teeth. 

They can download scripts from malicious URLs, weave intricate webs of obfuscation, and ultimately compromise your online security.

A Global Flock:

Parrot TDS is not a regional nuisance; it’s a global pandemic. 

Its victims span diverse industries and nationalities, united by one common thread – vulnerabilities in popular content management systems like WordPress and Joomla. 

The attackers exploit these weaknesses like a predator finding an open door, infiltrating servers, and turning them into unwitting pawns in their digital game.

Vigilance is the watchword against Parrot TDS. 

Website administrators must become hawk-eyed detectives, scanning their servers for telltale keywords and suspicious code. 

Marcus Hutchins, Malware Analyst: “Parrot TDS’ adaptability shows the need for AI-powered detection systems that can identify suspicious code patterns and anomalies, regardless of obfuscation techniques.”


[ad_2]
Source link

Threads might finally get DMs, thanks to Instagram

0
[ad_1]

Threads has a lot going for it, but it’s been missing one of the most core features of any social media app, and that’s the ability to DM people. Well, for a while, we’ve known that the company has been wanting to bring DM’s to Threads, but it’s been struggling. Thanks to a few lines of code found in the app, it appears that Threads might be implementing DMs through Instagram.

Threads has been a proper competitor to X (that’s especially true, as it just landed in Europe), but it’s been really short on features compared to the nearly 20-year-old platform. It’s slowly gaining features, and it’s hopefully regaining that momentum it lost ever since its peak.

DMs are probably one of the biggest features that the platform is missing. Adam Mosseri, Instagram CEO, explained that it’s working on bringing DMs to the platforms, but there’s an issue. Since Threads is so tightly integrated with Instagram, there’s no doubt that Threads’ DMs will basically be Instagram DMs. The problem is that Mosseri doesn’t want users to get duplicate messages. We’re not sure that you want to get a DM through Instagram AND a DM through Threads. I can get very annoying very fast.

New code indicates that Threads could get DMs through partial Instagram integration

This information was found through an APK deep-dive, so you’ll want to take it with a grain of salt. Strings of code found in the latest version of Threads (v315.0.0.29.109) let us know that this feature is in the works. However, Meta could change this at any moment or take it out.

<string name=”APKTOOL_DUMMYVAL_0x7f12004b”>When you message people on Instagram, your most recent chats will show up here.</string>

<string name=”APKTOOL_DUMMYVAL_0x7f12004c”>”You don’t have any chats yet”</string>

<string name=”APKTOOL_DUMMYVAL_0x7f120035″>Messages ·%1$s</string>

<string name=”APKTOOL_DUMMYVAL_0x7f120036″>Messages</string>

<string name=”APKTOOL_DUMMYVAL_0x7f120046″>To see your chats here, open Instagram and log in first.</string>

Some of these lines hint that you’ll be able to see your Instagram messages while in Threads. For instance, the first line of code says “When you message people on Instagram, the most recent chats will show up here.” So, it’s possible that all of your DMs will be handled through Instagram. You may receive only notifications for Instagram DMs. However, you may have the ability to access and read your Instagram DMS through Threads. This will essentially bring DMs to Threads through Instagram.

At this point, we’re not entirely sure about what Threads is planning on doing. So we’re going to have to wait to see how this whole thing pans out.


[ad_2]
Source link

The cheapest ad-free Netflix plan ($11.99/month) is going away

0
[ad_1]

Netflix has a gift, but are you ready to unwrap it? Instead of giving, it’s the kind of gift that takes from you – Netflix will soon put an end to the cheapest ad-free plan (the one that costs $11.99/month).

Back in October 2023, Netflix did another no-no – the then price hike crossed the psychological $20 barrier for the Premium plan and went from $19.99/month to $22.99/month.

Also in October 2023, the price hike applied to the Basic plan – it went from $9.99/month to $11.99/month. Back then, the Basic plan wasn’t available to new subscribers anymore. It was only existing Netflix users that could switch to it.

What were the plans like until now?


  • Standard with ads – $6.99/month
  • Basic (available to existing subscribers only) – $11.99/month
  • Standard – $15.49/month
  • Premium (it offers 4K content) – $22.99/month

What are the plans going to look like soon?


  • Standard with ads – $6.99/month
  • Standard – $15.49/month
  • Premium (it offers 4K content) – $22.99/month

The move is a result of Netflix’s shift into ad-supported streaming after relying on subscription revenue alone for years (via 9to5Google). Netflix wants subscribers to its basic ad-free plan to instead become ad-viewing subscribers or pay more for the streaming service.There’s a letter to Netflix shareholders, here’s an excerpt from it:

Scaling our ads business represents an opportunity to tap into significant new revenue and profit pools over the medium to longer term. In Q4 ‘23, like the quarter before, our ads membership increased by nearly 70% quarter over quarter, supported by improvements in our offering (e.g., downloads) and the phasing out of our Basic plan for new and rejoining members in our ads markets.

The ads plan now accounts for 40% of all Netflix sign-ups in our ads markets and we’re looking to retire our Basic plan in some of our ads countries, starting with Canada and the UK in Q2 and taking it from there. On the advertiser side, we continue to improve the targeting and measurement we offer our customers.

So, for now, the US users are “safe” – the first to see their Basic plan go will be those from the UK and Canada.


[ad_2]
Source link

MavenGate Attack Let Attackers Hijack Java & Android Apps

0
[ad_1]

Hackers use supply chain attacks to breach a target by gaining access to and taking advantage of weaknesses in the vendor, partner, or supplier network.

Threat actors can enter the target firm by distributing malware, influencing software upgrades, and gaining illicit access by breaching a reliable party in the supply chain.

Recently, cybersecurity researchers at Oversecured a supply chain attack, which is dubbed “MavenGate,” which let threat actors hijack Java and Android apps.

Document
Free Trial

Open Suspicious Files & Links in the ANY RUN Sandbox Safely; Try All Features for Free. Understand malware behavior, collect IOCs, and easily map malicious actions to TTPs — all in our interactive sandbox.

MavenGate Supply Chain Attack

Over 18% of dependencies are vulnerable, which could escalate the project risk. Exploiting allows code injection, build process risk, and infrastructure access. However, researchers reported more than 200 companies, including Google, Facebook, Signal, and Amazon.

Gradle projects have dependency repositories specifying where to find dependencies. 

Dependencies use groupId:artifactId: version format, and there are two repositories:-

  • Private (like Google)
  • Public (like mavenCentral())

Here, the security concern is how to prevent attackers from replacing public dependencies. To fix this, researchers advised doing identity confirmation via DNS TXT records for group ID registration by preventing substitution and ensuring safe usage of trusted dependencies.

Defense relies on adding DNS records, but abandoned projects pose a risk. The attack plan finds abandoned dependencies and then buys the domain. 

Developers often use one repository, which makes it vulnerable. While the attacker can claim rights via DNS TXT in a repository without account management. 

If the groupId is registered then the threat actors may contact support with a reason for access. Besides this, the procedures for transferring permissions can vary across repositories without a common standard.

Ethical concerns prevent testing on real dependencies. Besides this, for onboarding new projects, researchers focused on com.oversecured groupId by studying the processes in mavenCentral and jitpack repositories.

Mavencentral verified
Mavencentral verified (Source – Oversecured)

Types of Attacks 

Web and mobile app attacks:-

  • Attack on existing library versions: The attacker’s repository higher on the list replaces library copies with malicious code (Existing Defenses considered).
  • Attack on new versions: The attacker’s repository lower on the list releases a new version with embedded malicious code; many apps don’t check digital signatures.

Library Attacks:-

  • Make sure to check library groupId hijackability.
  • Library dependencies checked in the using project, transitive but searched based on the project’s repository declarations.

To gauge the issue of unsigned dependencies and missing public keys, experts suggest running ‘./gradlew –write-verification-metadata pgp,sha256 –export-keys.’ 

It reveals a high number of unsigned dependencies from Google. Apache dependencies lacked validation due to missing public keys. MavenCentral, which is a key repository, discloses statistics, while other repositories may not.

Vulnerability disclosures were sent to major companies, including Google, Facebook, Amazon, Microsoft, Adobe, LinkedIn, Netflix, and over 200 others.


[ad_2]
Source link

Galaxy Tab Active 5 is coming to the US, price revealed

0
[ad_1]

Earlier this month, Samsung launched a new rugged Android tablet, the Galaxy Tab Active 5. The company initially only announced its pricing and availability details for Europe. The Korean firm now appears ready to bring the tablet to other regions, including the US. It has revealed the device’s US price and a tentative release date.

Samsung’s Galaxy Tab Active 5 is headed to the US soon

Targeted at field and industrial workers, the Galaxy Tab Active 5 is the newest rugged tablet from Samsung. It is a mid-range product designed to survive and function efficiently in the harshest environments. The device boasts a MIL-STD-810H military standard build and IP68 dust and water resistance. The S Pen, which comes in the box, has an IP68 rating too.

Samsung ships the tablet with a protective case that has a holster to keep the S Pen. In this case, the Galaxy Tab Active 5 is resistant to drops from up to 1.8 meters. Even if you don’t use the case, the device is sturdy enough to handle the wear and tear of everyday use. A side-mounted fingerprint scanner, physical navigation buttons, and enhanced touch sensitivity also make it ideal for industrial use.

The Korean behemoth plans to sell the rugged tablet in an Enterprise Edition model in the US. Enterprise Edition Galaxy devices come with customized software and tools that help companies configure and manage the machines. The Galaxy Tab Active 5 will be available through the Samsung Business website in March. Prices start at $548.99 for the LTE version. The 5G version will cost more.

It is a decent mid-range tablet

While ruggedness is the primary selling point of the Galaxy Tab Active 5, the specs on offer are fairly decent too. You get an 8-inch TFT LCD screen with a Full HD+ resolution and a 120Hz refresh rate. Samsung has protected the display with a layer of Corning’s Gorilla Glass 5.

The tablet is powered by Samsung’s Exynos 1380 processor, the same chipset found inside the Galaxy Tab S9 FE. The company is offering 6GB RAM and 128GB storage, with a microSD card slot for expanding the storage capacity. A 5,050mAh user-removable battery fuels the Galaxy Tab Active 5. It supports charging via a USB Type-C port and Pogo pins. You can also use the tablet without a battery.

For imaging, the device has a 13MP rear camera and a 5MP selfie camera. The former supports 4K 30fps video recording while the latter records 1080p videos. Other highlights include Wi-Fi 6, Bluetooth v5.3, NFC, a 3.5mm headphone jack, Dolby Atmos audio, GPS, a customizable Active Key, Samsung Knox security with Samsung Knox Vault, and face recognition. The device runs Android 14 out of the box.


[ad_2]
Source link

Tips for effectively managing documents within a data room environment

0
[ad_1]

Today, managing and organizing documents effectively is decisive, especially in a data room environment. Data rooms play a critical role in many business transactions, like due diligence processes during mergers and acquisitions, fundraising, and others. Helpfully managing documents within a data room is essential for arranging smooth and secure information exchange. In this article, we will explore tips for streamlining document management within a data room environment.

The importance of virtual data rooms for mergers and acquisitions

The mergers & acquisitions strategy involves complex negotiations and meticulous due diligence, where information is a critical asset. Virtual data rooms (VDRs) have become a fundamental part of M&A transactions. They provide a secure and organized platform for sharing confidential documents between parties. These platforms facilitate the exchange of information in a controlled and detectable manner. As a result, they help to enhance the overall efficiency of the deal-making process.

Choosing the right virtual data room provider

A virtual data room review is essential to understand the features, security protocols, and user-friendliness of different platforms. So, here you should compare virtual data rooms. The virtual data room solutions ensure that you choose a product that coordinates with your specific needs and provides the necessary tools for effective document management. When choosing the VDR, there are several features to think about: security, user-friendly interface, customization, document management tools, analytics and reporting, 24/7 support and integration capabilities.

Organizing documents within the data room

Once a suitable virtual data room has been selected, proper organization of documents is key. Creating a logical and intuitive folder structure within the dataroom ensures that all relevant information is easily accessible to authorized users. Categorizing documents based on their nature, such as financial statements, legal contracts, and intellectual property, can significantly enhance the efficiency of due diligence efforts.

Standardized naming conventions

Creating standardized naming conventions for documents intensifies the ability to search and comprehend. Logical naming practices provide clarity. That makes it easier for users to identify and locate specific files. Include relevant information such as date, version, and document type in the file names.

Implementing document indexing and search functionalities

Then, take advantage of indexing and search functionalities provided by virtual data room providers. This allows users to search for specific terms, reducing the time spent manually sifting through files. It is particularly valuable when dealing with large volumes of information, enabling users to locate crucial documents swiftly.

Setting access controls and permissions

Security is predominant and virtual data rooms offer robust access control features. It is essential to set granular access permissions, ensuring that only authorized individuals have access to sensitive information. This includes strict access based on roles, departments, or even specific documents. By implementing severe access controls, you can safeguard confidential data and maintain the integrity of the due diligence process.

Monitoring document activity and auditing

A proactive approach to document management involves monitoring document activity and conducting regular audits within the virtual data room. The data room providers typically offer tracking features that allow administrators to see who has accessed specific documents and when. Regular audits help identify any unauthorized access or unusual activity, providing an additional layer of security during sensitive M&A transactions.

Utilizing collaboration tools for efficient communication

Effective communication is crucial in M&A transactions, and virtual data rooms often come equipped with collaboration tools. Utilize features such as comments, annotations, and Q&A sections to facilitate communication between parties. Clear communication within the virtual data room environment can streamline the due diligence process and address any queries or concerns promptly.

Regular backups and data room maintenance

Of course, it is essential to implement regular backups and conduct routine maintenance of the virtual data room. This involves archiving outdated documents, updating access permissions, and verifying the overall functionality of the platform. Regular maintenance helps prevent data loss, arranges data room efficiency, and contributes to a smooth due diligence process.

Training users on virtual data room best practices

This process is important for effective document management within a virtual data room. Familiarizing users with the platform’s features, security protocols, and best practices guarantees that everyone operates within the established guidelines. Training sessions can significantly reduce the likelihood of errors and enhance the overall efficiency of document management.

Conclusion

Effectively managing documents within a data room environment is a multifaceted task that requires careful planning and adherence to best practices. A well-organized and secure data room not only expedites business transactions but also safeguards sensitive information. By carrying out the mentioned tips, organizations can enhance their document management processes and contribute to the success of critical business aims within the data room environment.


[ad_2]
Source link