Galaxy S24 could utilize AI to erase objects from videos

0
[ad_1]

Samsung‘s Galaxy S24 flagships will ship with Android 14-based One UI 6.1 out of the box. The new One UI version brings a plethora of AI features. Leaks have revealed AI-powered battery health protection tools, wallpapers, lockscreen effects, image expansion, object relocation in images, notes arrangement and summary, circle search, voice detection in recordings, and more. It appears the Galaxy S24 lineup also uses AI to erase objects from videos.

Galaxy S24 may let you erase objects from videos using AI

A recent post on X by @BennettBuhner detailed a bunch of AI features Samsung will introduce with One UI 6.1 on the Galaxy S24 series. The tipster says the new flagships will use AI processing to optimize videos. AI can help enhance the quality of videos in low-light scenes by reducing graininess and improving stability and exposure. The phones also improve low-light photos with the help of AI.

Additionally, the Galaxy S24 lineup can remove objects from photos and videos. You have to simply select an object in a photo or video clip and AI will remove it from all scenes. It will automatically fill in the space with relevant details depending on surrounding objects. This may be easier to pull off in photos than videos but Samsung seems confident that its self-developed AI solution will give satisfactory results to users.

The upcoming flagship lineup is also said to boast an on-device AI chatbot, similar to ChatGPT. The tool can give you answers to your questions and solve basic equations. Based on Samsung’s official announcements and leaks, it will be available offline. The source says the AI chatbot may not be available at launch. The Korean firm may still be working on it. The feature may arrive later via a software update.

The Galaxy S24 series may also monitor your phone calls and detect the topic you discussed. Since this can be a privacy concern, the feature will likely be optional. When enabled, AI will offer you suggestions based on what you spoke during the call. For example, if you planned a meeting, it may ask you to set up a reminder or add the event to your calendar. This feature may also work when you use Bixby Text Call which can translate and transcribe voice calls.

These AI features may reach other Galaxy flagships later

All of these AI features are part of Samsung’s One UI 6.1. The company will update the likes of the Galaxy S23 and recent foldables to the new One UI version following the Galaxy S24 launch. The update should bring some of these features if not all. The new flagships are expected to go official on January 17, 2024. So it is just about a month of waiting now before the Korean firm presents its AI-powered phones.


[ad_2]
Source link

“Get Paid to Like Videos”? This YouTube Scam Leads to Empty Wallets

0
[ad_1]

Beware! YouTube “Social Media Marketing” Scam Snatches Cash After Luring Users with Likes & Subscriptions.

Cybersecurity researchers at Bitdefender Labs have uncovered a new scam wherein users earn money by liking random YouTube videos. In this scam, threat actors send a message from an unknown number, usually beginning with an African country code, promising payment for liking videos on YouTube

Bitdefender researchers participated in one such scam for investigative purposes and found that scammers ask for personal information, including WhatsApp phone number, age, occupation, full name, and bank account number before asking the victim for likes and subscriptions.

Further, researchers were instructed to like three YouTube videos and send screenshots as proof. The researchers were then instructed to download Telegram, join a channel, and discuss payment with a receptionist. After providing the required data, researchers received a payment of 30 RON ($6.50). The scammer then promised additional daily tasks.

However, the scam’s second phase starts after the victim joins the Telegram channel. They are invited to join a VIP group for higher-earning tasks, which can only be unlocked for a fee, ranging from $21.66 to $1,083. Once the victim makes the payment, scammers block their number and stop communicating. Their Telegram channel features screenshots of payments made to victims to gain trust, highlighting the scammers’ intent.

According to Bitdefender Labs’ blog post, researchers found similar job listings on Facebook groups promoting remote work or lucrative pay for liking/subscribing to YouTube channels. One of the posts read, “Hello. I’m Lopez Digital Marketing at , do you want some extra income?

Scammers claim that users can make 30 RON by liking 3 videos and earn around 200-2,000 RON or more per day. One of the intros scammers posted with the offers read (translated in English from Romanian):

“We are a global multinational company and we are currently working as a social media team to increase the visibility of social media celebrities on YouTube and get paid by following and liking our celebrity YouTube accounts. We have to fill out the form to pay you a salary of 30 RON.”

"Get Paid to Like Videos"? This YouTube Scam Leads to Empty Wallets
Screenshots from the Telegram channel run by scammers reveal their efforts to prompt people to like a YouTube video about Romania, share payment invoices, and invite unsuspecting victims to join a VIP Telegram group. (Credit: BitDefender)

Although this isn’t the first time a scam is pitched to make money, this time, “victims actually get paid something,” which is “a highly successful tactic”, explained Bitdefender’s Cyber Threat Intelligence Lab’s Manager, Nicolae Postolachi.

That’s because it generates a sense of trust and convinces users to “invest” in becoming VIP members to earn easy money on effortless tasks such as liking YouTube videos.

Remember, there are no secret tools, apps, or platforms that enable easy money. To steer clear of scams on WhatsApp, exercise caution with recruiters who demand high payments for tasks like watching or liking YouTube videos, encourage users to download Telegram, or request upfront payments to unlock higher-paying opportunities.

If you fall victim, take screenshots, cease communication, block the user, and leave the Telegram group. Secure your accounts with strong passwords and enable two-factor authentication. Report the scam account to the social media platform, file a police report, and alert friends and family.

  1. Hackers used fake job website to scam jobless US veterans
  2. Fake Resumes, Real Malware: Hackers Target Job Recruiters
  3. Fake LinkedIn job offers scam spreading More_eggs backdoor
  4. Interpol Busts Human Traffickers Luring Victims with Fake Job Ads
  5. Hackers Used Fake LinkedIn Job to Hack Off $625M from Axie Infinity

[ad_2]
Source link

Government offices in China ban Samsung and Apple phones

0
[ad_1]

China is intensifying its ban on foreign smartphones in government offices. Several Chinese agencies and state-backed firms have ordered employees to stop bringing Apple iPhones, Samsung Galaxy phones, and other non-Chinese devices to the workplace. These “verbal directives” were issued in at least eight provinces over the past month or so, people familiar with the matter told Bloomberg.

China bans Samsung and Apple phones from government offices

The ties between the US and China, the world’s two largest economies, have worsened in recent years. The two countries are fighting a trade war that escalated in 2019 after the Donald Trump-led US government placed the Chinese electronics giant Huawei in its Entity List. The sanctions cut off the firm’s access to the latest foreign technologies, limiting its business scope and competitiveness.

The US has continued to tighten its sanctions on Huawei and is also exploring a ban on TikTok. The Chinese-origin video app is already banned from government devices in most states. China, meanwhile, is increasingly becoming self-sufficient in the field of technology. A robust domestic supply chain has enabled Huawei to stand up and fight its way back into the global smartphone scene.

While it is still far from where it was before the 2019 US sanctions, the Chinese government is helping its cause. Xi Jinping’s administration has long banned foreign devices from sensitive government departments. Other official agencies and firms are now following suit. Bloomberg’s sources have confirmed such directives in provinces along the prosperous coastal region and other parts of the country.

The scale of this ban is unknown, i.e., how many agencies have ordered their employees against bringing Apple and Samsung phones to the office is unclear. However, China hasn’t passed any written law to ban foreign devices from government offices. “China has not issued laws and regulations to ban the purchase of Apple or foreign brands’ phones,” a Chinese Foreign Ministry spokeswoman said in September.

iPhone sales are already declining in China

This ban will affect Apple more than Samsung. Despite being the world’s biggest smartphone company, the latter has a negligible presence in the world’s largest smartphone market (less than a two percent market share). On the other hand, Apple generates about a fifth of its smartphone revenue from China. It produces the majority of iPhones in the world’s largest country, though it is gradually shifting away.

As the US-China trade war intensifies, Apple is becoming collateral damage. Studies have shown that iPhone sales in China are dropping. The iPhone 15 series is selling worse than the previous generation. The more China pushes for self-sufficiency, the bigger will be the impact on Apple. The company’s CEO Tim Cook is trying to maintain a healthy relationship with Beijing but those efforts may not help.


[ad_2]
Source link

New SMTP Smuggling Attack Lets Hackers Send Spoofed Emails

0
[ad_1]

SMTP (Simple Mail Transfer Protocol) smuggling is a technique where attackers exploit the inconsistencies in how proxy servers or firewalls analyze and handle the SMTP traffic. 

Threat actors can smuggle malicious payloads or evade detection by exploiting these inconsistencies.

This complete process makes it difficult for security systems to accurately diagnose the email transfer process, leading to potential security vulnerabilities.

In collaboration with SEC Consult, Timo Longin unveiled a new SMTP exploitation technique named SMTP smuggling.

Vulnerable servers globally can be exploited for phishing attacks by sending malicious emails from any address.

Besides this, multiple 0-day flaws were found, and vendors were already notified in a 2023 responsible disclosure.

New SMTP Smuggling Attack

SMTP protocol interpretation differences enable SMTP smuggling, sending spoofed emails while passing SPF checks. 

There are two types of SMTP smuggling were discovered, and we have mentioned them:- 

Overview of a simplified e-mailing process via SMTP from left to right
Overview of a simplified e-mailing process via SMTP from left to right (Source – SEC Consult Vulnerability Lab)

This allows spoofing from various domains to major SMTP servers. Microsoft and GMX fixed vulnerabilities, but SEC Consult urges manual updates for Cisco Secure Email users.

MUA (Mail user agent) connects to Outlook’s MTA (Mail transfer agent) via TCP/587. After that, a series of SMTP commands are sent; Outlook SMTP evaluates permission, then sends an inbound email to the receiver’s SMTP server via TCP/25, bypassing:-

Inbound SMTP servers verify sender authenticity using SPF, DKIM, and DMARC to prevent arbitrary domain emails. SPF relies on DNS records for sender IP permission, and the failure results in non-forwarding or spam marking. 

However, SPF checks only the MAIL FROM domain, not the arbitrary value in the From header, which poses a limitation.

DKIM signs message data, including the From header, verified by the receiver with a public key in DNS. 

But it doesn’t enforce the key’s domain. DMARC introduces identifier alignment by checking if the “From” domain aligns with SPF and/or DKIM. 

The policy (p=) specifies the rejection of messages failing DMARC, ensuring acceptance only with valid SPF or DKIM.

Email providers used

Here below, we have mentioned all the email providers that are used:-

  • outlook.com 
  • gmail.com 
  • gmx.net 
  • icloud.com 
  • zoho.com 
  • fastmail.com 
  • runbox.com 
  • startmail.com 
  • mailbox.org 
  • aol.com 
  • yahoo.com 
  • web.de 

Analyzing outbound SMTP servers revealed an anomaly in Microsoft Outlook’s (outlook.com) server. Sending <LF>.<LF> sequence results in non-transmission, triggering an error message:-

  • “550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message contains bare linefeeds, which cannot be sent via DATA and receiving system does not support BDAT”

Unlike GMX, Outlook doesn’t filter <LF>.<CR><LF> sequences. Smuggling to certain receivers is blocked due to Outlook’s use of the optional BDAT SMTP command, an alternative to DATA, specifying message length without relying on an end-of-data sequence.

Due to negligent outbound server sanitization, SMTP smuggling is possible in GMX and Exchange Online. 

Investigating insecure inbound SMTP servers, a scanner tests for permissiveness with exotic end-of-data sequences. While here, a timeout indicates the server ignored the unconventional sequence.

Research uncovered exotic inbound SMTP servers interpreting end-of-data sequences like <CR><LF>\x00.<CR><LF> (null byte represented by “\x00”). 

Despite prompt patches by Microsoft and GMX, inbound SMTP smuggling to default-configured Cisco Secure Email instances remains possible. Changing these configurations is strongly advised.

Timeline

Timeline
Timeline (Source – SEC Consult Vulnerability Lab)

[ad_2]
Source link

Xiaomi announces global rollout timeline of HyperOS

0
[ad_1]

Xiaomi introduced HyperOS, its next-generation proprietary operating system, in October this year. It replaced MIUI, which the Chinese brand has been using on all its smartphones for over a decade. HyperOS is already available in the company’s home market since its release. Now, Xiaomi has announced the global rollout timeline of HyperOS for eligible devices.

Xiaomi reveals global release timeline of HyperOS

It took nearly two months for Xiaomi to reveal the details of the HyperOS custom skin for eligible devices in the global market. The company confirmed the details through its official Xiaomi HyperOS account on X (formerly Twitter). Additionally, Xiaomi’s sub-brand POCO Global on its X handle also revealed eligible POCO devices to receive the HyperOS update

Xiaomi added that the HyperOS update for the eligible devices will be rolled out over-the-air in a phased manner. The brand will reveal the release plan for other models gradually. Hence, owners of older Xiaomi, Redmi, and POCO phones will have to wait a little longer to experience HyperOS on their devices.

List of eligible Xiaomi and POCO devices for HyperOS

HyperOS global rollout plan
HyperOS global rollout timeline

In total, eight Xiaomi and Redmi smartphones along with a tablet are set to receive the HyperOS update in the first quarter of 2024 i,e, between January to March. These include: Xiaomi 13 Ultra, Xiaomi 13 Pro, Xiaomi 13, Xiaomi 13T, Xiaomi 13T Pro, Redmi Note 12, Redmi Note 12S, and the Xiaomi Pad 6.

The POCO F5 will be the first device from the Xiaomi sub-brand to get the HyperOS update. However, POCO did not explicitly reveal the specific rollout window. The brand has promised to share for other devices at a later date.

No HyperOS updates if you unlock Xiaomi’s bootloader

The company announced last month that it is tightening bootloader unlocking restrictions. It will be disabled by default on HyperOS phones citing reasons such as security, data protection, and overall experience. Users who unlock the bootloader will lose access to HyperOS updates and it can only be regained by relocking their devices.


[ad_2]
Source link

Xiaomi SU7 Max electric car spotted on the road; launch in 2024

0
[ad_1]

The Xiaomi SU7 Max electric car has been spotted on the road. This is one of three SU7 series cars that the company presented a couple of months ago. It’s the best look at the car that we’ve had thus far.

The Xiaomi SU7 Max electric car has been spotted on the road

If you check out the video provided below this paragraph, you’ll see the thing in the flesh. It does look rather sporty, and gives off both Aston Martin and Tesla vibes, at least to me personally. It sure does look nice.

You can clearly see a huge Xiaomi branding on the back, and the ‘SU7’ license plate on the back. The front side of the car definitely reminds me of some Aston Martin models, more so than the back. This particular model is gray-colored, which is the color Xiaomi showed off at the announcement.

There are three cars in that lineup

Three Xiaomi SU7 models will be available, the SU7, the SU7 Pro, and the SU7 Max. They will seemingly look the same, but will have different top speeds, and some other parameters.

The Xiaomi SU7 has a top speed of 210 km/h, while the other two peak at 265 km/h. The two more expensive models also have dual motors, hence the speed boost.

All three models come with optional LiDAR tech, and all three are 4,997mm long. They are 1,963mm wide, and have a height of 1,455mm. Those are the specs Xiaomi shared.

The Xiaomi SU7 series dimensions are similar to the Tesla Model 3

These dimensions are actually quite similar to the Tesla Model 3 and the Nio ET5, in case you were wondering. All three cars are expected to launch in the first half of 2024, and the expected price target is around $20,000.

It is worth noting that they’ll almost certainly launch in China only, at least at first. It would be nice to see them elsewhere, but that will raise the price tag.


[ad_2]
Source link

Nubia Z60 Ultra is official with powerful cameras & under-display camera

0
[ad_1]

The Nubia Z60 Ultra has been announced, and it’s a rather interesting-looking phone. This device was announced in China, and it has a clear canvas up front. It has thin bezels with no display hole or notch. Nubia opted for an under-display camera here.

The Nubia Z60 Ultra is official with an odd-looking camera setup on the back

The phone’s corners are rather sharp, while the frame is flat all around. The front side is also flat, while there’s a lot going on at the back. There are three cameras back there, and they look entirely different design-wise, one compared to the other. It’s one of the oddest camera layouts we’ve seen to date.

Nubia Z60 Ultra image UDC camera 95

All the physical buttons sit on the right-hand side, with the power/lock button being red-colored. Nubia also made some gaming-focused improvements to the device. There’s an aerospace-grade thermal plate on the inside, along with a large vapor chamber with superconducting nanocarbon fiber.

A great display optimized for gaming is included here, along with one of the most powerful processors

The Nubia Z60 Ultra features a 6.8-inch AMOLED display with a 120Hz refresh rate. That panel has a peak brightness of 1,500 nits, and it supports a 1,200Hz peak sampling rate. A 2,160Hz PWM dimming is also a part of the package.

The Snapdragon 8 Gen 3 fuels the Nubia Z60 Ultra. Nubia also offers LPDDR5X RAM here, and UFS 4.0 flash storage. Models with 8GB, 12GB, and 16GB of RAM are available. The storage goes up to 1TB.

The phone supports 80W charging

A 6,000mAh battery sits on the inside of the phone, while 80W charging is also supported here. Yes, the charger is included in the package too. Android 14 comes pre-installed on the device, with Nubia’s MyOS on top of it.

A 50-megapixel main camera (1/1.49-inch sensor, Sony IMX800, 35mm f/1.6 optically-stabilized lens) sits on the back. A 50-megapixel ultrawide camera (f/1.8 aperture, 3-level optical stabilization, 1/1.56 unit) is also included. The third camera on the back is a 64-megapixel telephoto unit (OmniVision OV64B sensor, 1/2.0-inch sensor, OIS, 85mm unit).

Nubia Z60 Ultra image 92

An under-display camera is also a part of the package here

On the front, you’ll find a 12-megapixel camera under the display. That camera has a 2.24um pixel size. That camera also has its own display chip, and an AI deep-sensing engine.

Nubia also included a dedicated Game Space in this phone’s software and some interesting tech like Super frame stabilization.

The Nubia Z60 Ultra comes in Black, Gray, and Silver color options. The 8GB RAM model includes 256GB of storage. The 12GB RAM unit is available in both 256GB and 512GB storage flavors. The 16GB RAM variant includes 1TB of storage. Price tags are still a mystery, but they’ll be revealed soon for China.


[ad_2]
Source link

Hackers Actively Exploiting ActiveMQ Vulnerability Install Malware

0
[ad_1]

Attackers have been exploiting the Apache ActiveMQ Vulnerability (CVE-2023-46604) to steal data and install malware constantly.

Using the Apache ActiveMQ remote code execution vulnerability, the Andariel threat group was found to be installing malware last month. Their primary targets are national defense, political groups, shipbuilding, energy, telecommunications, ICT firms, universities, and logistics firms.

Researchers have now discovered new attacks that installed Ladon, NetCat, AnyDesk, and z0Miner.

Overview of the Apache ActiveMQ Vulnerability

A remote code execution vulnerability in Apache ActiveMQ, an open-source messaging and integration pattern server, is identified as CVE-2023-46604.

“If an unpatched Apache ActiveMQ is externally exposed, the threat actor can execute malicious commands from a remote location and take over the target system,” AhnLab Security Emergency Response Center (ASEC) shared in a report with Cyber Security News.

The vulnerability attack involves manipulating a serialized class type in the OpenWire protocol to instantiate the class in the classpath. When the threat actor sends a modified packet, the susceptible server uses the path (URL) in the packet to load the XML configuration file for the class.

Researchers examine that the latest attacks that have installed malware such as Ladon, NetCat, AnyDesk, and z0Miner.

Ladon:

One of the tools that threat actors who speak Chinese typically employ is Ladon. Ladon provides several features required for the attack procedure. Reverse shell, scanning, privilege escalation, and account credential theft are some of the main characteristics.

Once it was established that a vulnerable version of the Apache ActiveMQ service was being utilized, they downloaded Ladon and executed additional commands using the PowerShell command.

The reverse shell is executed using the ReverseTCP command, and Netcat (nc) was utilized to do this.

Ladon’s GitHub page
Ladon’s GitHub page

AnyDesk & Netcat

Using the TCP/UDP protocol, Netcat is a utility for sending and receiving data to and from specific targets within a network.

It works with both Windows and Linux environments. It may also be said that network managers regularly utilize it because it provides a variety of functions for network testing, but threat actors can also take advantage of it.

Netcat is being installed and executed through a vulnerability attack
Netcat is being installed and executed through a vulnerability attack

The threat actor installed AnyDesk after installing Netcat in the recently discovered attack. AnyDesk was installed, and the setup file was obtained from the original AnyDesk website’s download URL.

Installing AnyDesk using Netcat
Installing AnyDesk using Netcat

“Threat actor would have connected to the infected system and used the password transmitted as the “–set-password” argument upon execution to remotely control the target system,” researchers said.

z0Miner

Attack efforts using XMRig CoinMiner have also been observed recently. The XML configuration file is called “paste.xml,” and it contains information on how to run PowerShell commands using CMD.

The PowerShell script that may be downloaded is simple to use and downloads and executes both the configuration file and XMRig CoinMiner.

PowerShell script that installs XMRig CoinMiner
PowerShell script that installs XMRig CoinMiner

To stop attacks that make use of known vulnerabilities, system administrators need to verify if the Apache ActiveMQ service they are using is one of the vulnerable versions and install the most recent updates.

Finally, caution should be exercised by updating V3 to the most recent version to prevent malware infection in advance.


[ad_2]
Source link

RedMagic 9 Pro gaming phone announced with attention-grabbing design

0
[ad_1]

The RedMagic 9 Pro is now official, the company’s brand new gaming smartphone. Needless to say, this is a high-end device, and it has a premium spec sheet. It also comes with an attention-grabbing design, that’s for sure.

The RedMagic 9 Pro has a recognizable design with no camera bump, and clear canvas on the front

Speaking of the design, the phone is rather squarish. Its corners are sharp, and its frame is flat all around. The front and back sides are also flat, and there’s not even a camera bump. That’s something RedMagic is quite proud of.

Now, two out of three variants of the phone are also see-through, which adds to the unique design aspect. This handset also comes with an added physical button on the right, which is red-colored, and shoulder trigger keys as well.

To make things even better, the RedMagic 9 Pro has very thin bezels around the display, and no display camera hole. There is no notch either. RedMagic opted for an under-display camera here, to maximize screen real estate.

Its OLED display is equipped for gaming

The company opted for a 6.8-inch BOE Q9+ display here. That is an OLED panel with a 120Hz refresh rate, and it has a 960Hz multi-finger screen touch sampling rate, for gaming purposes. It also has a 2,000Hz instant touch sampling rate. This panel does support 2,160Hz PWM dimming + DC dimming, and its brightness goes up to 1,600 nits. Corning’s Gorilla Glass 5 protects this panel.

The Snapdragon 8 Gen 3 fuels the device, while both 12GB and 16GB LPDDR5X RAM variants have been announced. Those two models include 256GB and 512GB of UFS 4.0 flash storage. The storage is not expandable, though.

A large battery is included, along with 80W wired charging & a charger

A 6,500mAh battery is also included here, and it supports 80W wired charging. Yes, a charger is also a part of the package. Android 14 comes pre-installed, with RedMagic OS 9.0 skin. There are also two SIM cards included here, and an audio jack. Dual 1115K speakers are also in use, along with 3 microphones, and Bluetooth 5.4.

A 50-megapixel main camera (Samsung’s GN5 sensor) is backed by a 50-megapixel ultrawide camera (Samsung’s JN1 sensor, 120-degree FoV). On the front, a 16-megapixel camera sits under the display.

The RedMagic 9 Pro also comes with an upgraded ICE 13 cooling system. It has a 22,000 rpm cooling fan built-in, and is designed with shark-fin blades. It operates at 4DB, which is very quiet. Yes, RGB lighting is also back, and it’s customizable.

A huge VC is on board for heat dissipation and optimal gaming performance

A 10,182mm² VC is also included, as it enables heat dissipation for gaming. The CUBE energy engine is also on board, and it’s scheduled through EVS, Power freezing, and various other tech to achieve high energy, and low consumption. The whole point is to keep the phone cool and achieve high frame rates in games.

The RedMagic 9 Pro measures 163.98 x 76.35 x 8.9mm, while it weighs 229 grams. The device’s 12GB RAM model with 256GB of storage comes in ‘Sleet’ color and costs $649/€649. The 16GB RAM model with 512GB of storage comes in ‘Cyclone’ and ‘Snowfall’ versions, and it’s priced at $799/€799.

The phone will go on pre-order on December 27 over at redmagic.gg. It will become available to purchase from January 3.


[ad_2]
Source link

QakBot Malware Emerges with New Tactics

0
[ad_1]

QakBot (aka Qbot) primarily targets financial institutions since it is a sophisticated banking trojan and malware.

This malware can facilitate more malicious acts, such as the following, by infecting Windows systems and stealing confidential data, such as banking credentials:-

  • Wire fraud
  • Unauthorized access to financial accounts

Besides this, QakBot is often distributed through malicious email attachments or links and has been a significant threat to online banking security.

Recently, cybersecurity researchers at Microsoft Threat Intelligence identified QakBot malware with new tactics, and it was found to be attacking the hospitality industry.

Attacking Hospitality Industry

QakBot resurfaces in phishing scam mimicking IRS emails by sending PDFs posing as IRS personnel, warns Microsoft since December 11th, initially targeting the hospitality sector.

PDF from a user masquerading as an IRS employee (Source – Microsoft on Twitter)

However, despite uncertainty about its revival, cybersecurity analysts urged people to watch for reply-chain phishing emails, which are a common method for Qbot distribution.

Qakbot transformed into a delivery service, aiding the following illicit elements and activities:-

Distributed through phishing, it leverages reply-chain attacks using stolen email threads to deliver malicious documents or files to infect users.

Types of Files Exploited

Here below, we have mentioned the types of files exploited:-

  • Word documents
  • Excel documents
  • OneNote files
  • ISO attachments

Recommendations

Here below, we have mentioned all the recommendations offered by the researchers:-

  • Use Updated Security Software
  • Employee Training
  • Network Segmentation
  • Email Filtering
  • Strong Authentication
  • Regular Software Updates
  • Behavioral Analysis
  • Backup and Recovery

[ad_2]
Source link