U.S. will take “strongest possible” action against Huawei

0
[ad_1]

Following the surprise breakthrough in chip manufacturing from China in Huawei phones, the U.S. has vowed to take the “strongest possible” action. Previously, the U.S. had levied strict sanctions against companies in the U.S. and its allies. This prevented these companies from selling advanced tech to China. That meant Huawei had to work with the Chinese company Semiconductor Manufacturing International Corporation to get chips for new products. However, the sanctions took time to take effect in foreign countries, so China was able to secure advanced equipment under the wire.

The new chip fabrication equipment, called deep ultra-violet technology, has helped Huawei and SMIC break the 7nm barrier. While it isn’t on par with the latest chips from Samsung or TSMC, it’s still a breakthrough for China. The new 7nm chips power the latest Huawei Mate 60 Pro. This was released in August. It served as an alternative flagship in China. Though the technology industry sees China’s advancements as a surprising development, the U.S. isn’t as happy about it. Some government leaders are calling for action against what they view as a violation of U.S. sanctions.

“Every time we see something that’s concerning, we investigate it vigorously,” said Gina Raimondo, the U.S. secretary of commerce, in an interview with Bloomberg. Although Raimondo refused to comment on whether an official investigation has been opened, she did call the developments “deeply concerning.” The U.S. Bureau of Industry and Security, which is an arm of the Commerce Department, has the authority to investigate further. However, Raimondo has asked for more resources to aid in that effort.

“The investigations take time,” Raimondo added. “You know, we need them to stick. We need to gather information. So at this point, all I will say is that was concerning and we will take whatever action is the strongest possible in order to protect America.”

Did Huawei violate U.S. sanctions against China with new chips?

The Mate 60 Pro has a 7nm Kirin 9000s 5G chip inside, which is the source of the questions raised by the U.S. However, it’s unclear whether China actually broke any rules in developing the chip. The sanctions try to limit what chips, and which equipment needed to make chips, can be sold to China. However, ASML Holding is a leader in chip manufacturing equipment, and Bloomberg reported that it provided the equipment required to make 7nm chips.

The problem is, that ASML is based in the Netherlands. After the U.S. drew up these sanctions, it took months for the Netherlands to adopt them. This could have given China enough time to source equipment before sanctions were enacted.

“The US has time and again abused export-control measures, and this is not in the interests of global and industrial supply chains,” said Mao Ning, a spokeswoman for the Chinese Foreign Ministry.


[ad_2]
Source link

The EU, Apple’s two-letter headache, has the tech giant reaching for the aspirin again

0
[ad_1]
Apple has a two-letter headache. Those two letters are EU. Thanks to the Common Charger law passed by the EU, Apple replaced its proprietary Lightning port for charging and data transfers with a USB-C port starting with the iPhone 15 series this year. The EU’s Digital Markets Act (DMA) also applied a little pressure on Apple resulting in the decision to allow the iPhone to support Rich Communication Services (RCS) sometime next year.

Regulators in the EU have pressured Apple into replacing Lightning with USB-C and adding RCS support

By supporting RCS, iPhone users will be able to get features like read receipts, typing indicators, high-quality photos and videos, and end-to-end encryption when messaging with an Android user. 

Apple has never allowed iPhone users to sideload apps because it means that users will be able to install apps that Apple cannot check for malware like it can with the apps in the App Store. But thanks to the DMA, Apple could be forced to allow sideloading next year, but it might only approve sideloading on iPhone units available in the EU’s 27 member states. Sideloading is still expected to be blocked by Apple in the U.S. and most other countries outside of those who are members of the EU.

And now there’s more. According to Bloomberg, EU regulators are close to deciding whether to punish Apple for preventing apps that offer music streaming subscriptions from redirecting subscribers to alternative websites where payments can be made. Apple is trying to prevent this from happening because it bypasses Apple’s own in-app payment platform. The tech giant takes 15% to 30% of in-app revenue that it processes using its payment platform and this so-called Apple Tax has been at the center of much controversy.
Besides forcing Apple to allow music streamers to collect payments using alternative methods, Apple could be fined 10% of its fiscal 2023 revenue of $383.3 billion, or $38.3 billion. Even for a huge company worth over $3 trillion like Apple, that is a huge chunk of change. The company could also be forced to change its business model in the EU. The EU is expected to decide at the beginning of next year. 

Some changes forced on Apple by the EU, such as sideloading, will be allowed in the 27 member states only

The Digital Markets Act will take effect next March and will prevent companies from promoting their own services in the EU ahead of the competition. The tech giants will also be prevented from combining personal data collected from their various services. The DMA also states that data received from third-party merchants can not be used by the big tech firms to compete against these merchants.

When it comes to changing the Lightning ports to USB-C and supporting RCS, Apple decided that it would be too costly and time-consuming to make these changes only for iPhone units sold in the EU. But with sideloading, the stakes are too high for Apple to support third-party app stores worldwide. The potential for iPhone users to accidentally install a malicious app from an app storefront other than the App Store is just too great for Apple to allow sideloading in markets other than the EU where it is being pressured to allow it.

While Apple says that it needs to prevent sideloading to keep users iPhones safe, app developers have complained that Apple takes this position to force developers into paying the Apple Tax. As for iPhone users, most say that they paid for the device and if they want to risk installing malware that steals their personal data, that should be their decision.

[ad_2]
Source link

The EU rolls its first-ever comprehensive AI regulation bill

0
[ad_1]

As AI is expanding its role in our everyday lives, governments around the world are in a rush to enact their own set of regulations. The goal is to mitigate AI risks for citizens and pave the way for trustworthy AI development. The US first introduced the AI Bill of Rights as a set of principles for safe AI deployment. It was then followed by the EU with the AI Act.

While AI regulations in the United States are still changing hands between lawmakers, the EU’s Parliament and Council negotiators reached a vital agreement to regulate AI on the continent.

According to The Washington Post (via Engadget), a 72-hour debate between negotiators resulted in a historic agreement. The agreement is said to be the most comprehensive of its kind. The deal was reached while nations like France, Germany, and Italy were worried that enacting new laws might prevent EU members from developing cutting-edge AI technologies.

The EU takes a big leap forward in regulating AI in the continent

The new legislation basically proposes a set of guidelines for organizations that want to rely on AI for their work. For example, proposed regulations prohibit entities from using AI to design biometric categorization systems. Such systems could be used to target civilians based on their philosophical beliefs, political, religious, etc.

Additionally, using AI to create facial recognition databases and exploit people’s vulnerabilities is banned. According to the EU’s new legislation, designing AI systems to manipulate human behavior, designing social scoring systems, and launching emotion recognition in the workplace are other examples of banned AI applications.

The legislators have considered some exemptions for law enforcement agencies to use biometric identification systems (RBI). The RBI would be used in cases such as looking for abduction, trafficking, and sexual exploitation victims. Other uses are finding criminals and preventing a terrorist attack. Most details about the new legislation are still undercover. However, the MEPs also mandated high-risk and general AI systems to a set of rules for protecting civilians’ rights.


[ad_2]
Source link

You can now set your Instagram status as a selfie video and reply to notes with more than just text

0
[ad_1]
Instagram’s Notes, once a quiet corner for ephemeral text updates, is undergoing a metamorphosis. The platform announced today that it is expanding its capabilities by mixing in multimedia, such as video notes, emoji-infused replies, and an exciting new way to express yourself beyond the limitations of text.Gone are the days of static text updates. Video notes take center stage, allowing users to capture and share fleeting moments in just two seconds. Whether it’s a quick burst of laughter, a heartfelt message to a loved one, or a glimpse into your daily life, video notes will offer you a way to showcase it. However, these short looping updates will be reserved for your inner circle as only mutual followers and your designated “Close Friends” can view them.
Creating a video note will be as easy as navigating to your inbox, tapping on your profile picture, and letting your creativity flow. Each take is capped at two seconds, and the ever-present “trash can” button stands ready for creative retakes. Once your note is ready, you can add an extra touch a with a text bubble, post it, and wait for it to disappear in 24 hours.

This new feature was teased by Instagram boss, Adam Mosseri, when it began its testing stages. At the time, Mosseri shared a video on how a video note could be created, as seen below.

But the evolution doesn’t stop there. Instagram Notes now will allow users to reply with GIFs, photos, videos, audio recordings, and stickers. Responding is as simple as tapping on a note and composing your reply. 

These replies will arrive as direct messages, fostering a more personal and engaging conversation. With this update, Instagram embraces the power of the ephemeral messages, encouraging users to ditch generic comments and express themselves through video, audio, and emojis. 


[ad_2]
Source link

New WordPress Update Addressed A POP Chain RCE Vulnerability

0
[ad_1]

Heads up, WordPress admins! Ensure updating your websites at the earliest as a severe remote code execution (RCE) vulnerability threatens WordPress sites, triggering full website takeover. WordPress patched the flaw with the latest version 6.4.2.

A POP Chain Vulnerability In WordPress Could Allow RCE Attacks

WordPress recently released version 6.4.2 with a major security update. As explained in its advisory, this release addressed a critical code execution flaw allowing WordPress website takeover.

Specifically, WordPress Security Team discovered and patched seven different bugs affecting WordPress Core. One of these includes a security fix addressing a PHP code execution flaw. WordPress clarified that their team believes the flaw may pose a serious threat despite not being directly exploitable in core. Hence, they urge WordPress administrators to update their websites at the earliest to avoid potential threats.

While WordPress didn’t elaborate on the flaw, the security firm Wordfence shared a detailed analysis in their post.

As elaborated, the vulnerability was basically a Property Oriented Programming (POP) chain vulnerability. It affected the WP_HTML_Token class that was introduced in WordPress 6.4 for improved HTML parsing in block editor. The class includes a __destruct magic method, which allowed an adversary to exploit the flaw and take over the target website.

This __destruct method uses call_user_func to execute the function passed in through the on_destroy property, accepting the bookmark_name property as an argument… Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to easily gain full control.

This vulnerability affects WordPress 6.4 to 6.4.1. To patch this issue, WordPress introduced a __wakeup method with version 6.4.2, which prevents the execution of the __destruct function.

Wordfence explained that WordPress doesn’t exhibit any known object injection vulnerabilities. However, such flaws are common in WordPress themes and plugins. Thus, an attacker may chain those plugins’ vulnerabilities with this flaw to achieve code execution.

Now that the vulnerability details are known publicly, it’s crucial for all users to update their websites immediately to remain safe from possible attacks.

Let us know your thoughts in the comments.


[ad_2]
Source link

What Is Copy Trading & How To Copy Trade?

0

How to pick out a replica trader might be explained in more particulars in the subsequent part. Even new buyers can use copy buying and selling as a end result of it’s a passive system. This means that you can depart the tough work of selecting investments to others. Earning returns in your portfolio is possible without spending hours researching the market. Since the professional trader directs funding choices, diversification and danger administration can also be done. There is no rule that you’ll want any previous experience to copy commerce.

Instead of automated trade execution, social buying and selling is supposed to enhance your buying and selling skills and assist you to turn into a greater trader of your own. Another method of increasing your chances of success is by copying multiple successful merchants with totally different trading systems. After all, diversification makes you less dependent on market conditions. For newbie merchants, it’s a good tool to generate buying and selling earnings, but they have to be sure the particular person you are copying knows what they’re doing. For different traders, copy trading is a great way to stay energetic in a market after they don’t have the time to commit to buying and selling themselves.

does copy trading work

First, your success hinges on which investor’s actions you comply with. No investor is perfect in relation to understanding when to buy or promote or where to take a position. This makes many individuals favour mirror buying and selling over copy buying and selling, as all human error is removed from the equation. For example, the markets are continually evolving, which may end result in the algorithm running on outdated assumptions. When this occurs, the algorithm will take trades that now not work in the current surroundings, quickly blowing up your whole trading account.

Our website is focused on main segments in monetary markets – stocks, currencies and commodities, and interactive in-depth rationalization of key economic occasions and indicators. You ought to be really cautious in your selection of platform depending on how a lot management you want to have over the operations. You should also be careful which dealer you select – on the end of the day, you are entrusting part of your portfolio to a complete stranger. When acquiring our spinoff products you haven’t got any entitlement, proper or obligation to the underlying financial asset. AxiTrader just isn’t a financial adviser and all companies are provided on an execution only foundation.

Marco Monserrati (abbroush) – Low Risk Fairness And Fund Trader

So, when the copied dealer opens and closes a position, your account will routinely open and close the same position. SmartAsset Advisors, LLC (“SmartAsset”), a wholly owned subsidiary of Financial Insight Technology, is registered with the U.S. With this strategy, as an alternative of replicating an investor’s movements trade for trade, you’re mirroring their total investment type. In that case, you might choose to reflect Warren Buffett’s investment fashion. You may not necessarily purchase every investment he does or every funding he recommends. But you’d base your investing selections on the same ideas he follows.

does copy trading work

Unlike social trading, copy trading isnt as reliant on the knowledge supplied by different traders as it is reliant on their actions. In other words, copy buying and selling allows you to copy the actions accomplished by other traders. In order for the method to be considered copy buying and copy trading system selling and not social trading, you must copy a trader using the automatic system supplied by the platform youre utilizing. For example, the trader with the best return might expertise huge drawdowns or might have a really brief buying and selling history.

When choosing an investor to observe, it’s necessary to evaluate their monitor record for consistent success over time. This evaluation helps determine if their fashion aligns together with your interests and risk tolerance. Cryptocurrencies are a relatively new entrant to the financial markets, offering volatility and profit potential. Many providers are shortly working to offer cryptocurrency copy trading on main crypto coins, including Bitcoin, Ethereum and Litecoin.

What A Duplicate Trader Should Know

Copy buying and selling is usually a good way to earn a revenue and make you rich, but it is very important understand that you will not become rich overnight. If you try to turn out to be rich too fast, you could have to copy very high-risk trades, and you will probably end up losing your money. If you use copy buying and selling to build wealth slowly, you ought to have a good probability of becoming a millionaire in due time.

  • If for whatever cause you don’t fancy using eToro on your copy trading endeavours – a selection of different options are on the table.
  • Huge advances in social buying and selling and the multiple social buying and selling networks means that is now freely available.
  • As there are heaps of devices to select from, every with its personal set of liquidity, volatility, and market exposure, some merchants might have their very own speciality.
  • Once you’ve acquired a signal, you’ll be able to then edit your settings and buying and selling parameters in line with your technique.
  • The latter two provide intelligent crypto copy buying and selling robots that rapidly execute market positions in real-time.
  • You ought to consider whether you perceive how CFDs work and whether or not you’ll be able to afford to take the high threat of shedding your cash.

For example, the news of rate of interest hikes has brought on volatility in crypto markets earlier than, which may trigger your position to get stopped out. Copying a trader that takes these components into consideration will allow you to survive during times of uncertainty. Finally, copy buying and selling lets you get exposure to markets you aren’t acquainted with yourself.

Copy Trading: The Last Word Beginner’s Information

As a outcome, copying them would theoretically let you do the same. You can do copy buying and selling on your own or through a replica buying and selling platform. Trades occur mechanically so there’s very little you have to do. Also, make certain there’s enough money in your trading account to cowl trade exercise. You ought to have a glance at how merchants are rated and have a glance at their buying and selling performance. All good social trading and replica trading platforms ought to have some sort of ranking system that can help you make an informed determination.

Currency ticker symbols are used within the forex market to symbolize the pair that’s being traded. A foreign money, such as the greenback, is rarely bought or offered in absolute phrases, however always in relation to another. Is the graphical representation of the signal provider’s account balance. Allows you to copy transactions made by one or more buyers inside a trading community. Is the fall in equity in a trader’s account, usually from a relative peak to a relative trough.

Step 2 Select One Dealer To Use The Copy Trading Strategy

Similarly, basic evaluation can be required to commerce effectively. This is the process of studying and decoding financial news developments and how they will impact the value of an asset. Research is by far the most important talent that you have to have as a dealer.

Below are three of the most popular buying and selling methods in the cryptocurrency house. Beyond numbers, followers should contemplate reading trader descriptions to understand their strategy and whether it aligns with their goals. Consider range by choosing merchants specialising in numerous tokens or sectors, strategies, holding intervals, and threat profiles. Imagine if you could open the same traders as skilled investors. Replicate the trading actions of monetary experts and earn a passive earnings with out spending time researching each investment you make. It can be a good idea to weigh the allotted cash primarily based on the chance profile of the copied trader.

As the name suggests, signals are basically indicators that followers can use to take a position on the markets. Once you’ve obtained a sign, you presumably can then edit your settings and trading parameters in line with your strategy. Signals have a tendency to offer extra flexibility than fastened and automated copy trading. You could want to edit your trade size, stop https://www.xcritical.com/ loss and take revenue levels before you execute trades. Copy trading permits you to connect part of your portfolio with someone else’s, the place any opened trades and future actions are mechanically copied to your account. This can be an effective way to diversify your investments; for instance, a dealer might consider following a long-term investor in the stock market.

Leading on from the above section, copy buying and selling can be great should you search a passive form of income. Once again, as quickly as you might have elected to copy your chosen trader – there could be nothing more so that you can do. Instead, the dealer will buy, sell, and trade monetary instruments in your behalf.

does copy trading work

MoonXBT is known for its unbelievable pace of execution, according to its staff. If you didn’t find out about this, odds are you’ll have already stopped copying the trend-following system before a trend reveals up. But if you did your homework, you would be comfy, waiting for the following trending move to level out up.

An total favorite among merchants is the award-winning brokerage, eToro, which has been cited by quite a few on-line critiques. For those who want to use popular third-party platforms, AvaTrade or Pepperstone are also good selections. It’s important to contemplate how your individual buying and selling technique aligns to that of the providers you want to copy.

New SLAM Attack Threatens Future CPUs Security

0
[ad_1]

Researchers have devised a new attack strategy that threatens the security of future CPUs. Identified as SLAM attack, the attack targets the future CPUs from Intel, ARM, and AMD, exploiting their newly launched features to access sensitive information.

SLAM Attack Risks Data Leak In Future CPUs

Researchers from the Systems and Network Security Group (VUSec Group) at Vrije Universiteit Amsterdam, have identified a new exploit impacting the upcoming processors.

The researchers identify the new side-channel attack as “Spectre based on Linear Address Masking” (SLAM), which exploits the new security features in Intel (Linear Address Masking (LAM)), AMD (Upper Address Ignore (UAI)), and ARM (Top Byte Ignore (TBI)) chips. (The vendors have simply named the same feature differently for their respective CPUs. Hence, the SLAM attack similarly targets all the processors.)

Specifically, the SLAM attack is a transient execution technique exploiting the new memory improvement features to leak sensitive information, like password hashes. According to the researchers, SLAM exploits a “previously unexplored class of Spectre disclosure gadgets” that involve pointer chasing. The unmasked gadgets, unlike the Standard (masked) gadgets, are common code patterns across different software, and are even available with the Linux Kernel that doesn’t include masked gadgets.

It means SLAM – unlike other side-channel attacks – risks a wider range of systems, including Linux. In their study, the researchers emulated the Intel LAM feature on Ubuntu to demonstrate how the SLAM attack exploits the unmasked gadgets to leak arbitrary ASCII kernel data from a userland process.

The following video demonstrates the SLAM attack on Ubuntu, leaking password hashes.

Attack Duly Reported To The Respective Vendors

With SLAM attack, the researchers highlighted how the upcoming linear address masking feature may allow unmasked gadgets exploitation despite otherwise improving the security.

Following this discovery, the researchers reported the vulnerability to Intel, AMD, and ARM, making Intel and ARM release guidelines for the future processors. Linux developers also released patches to disable LAM until further guidelines arrive. Nonetheless, AMD didn’t release any guidelines, navigating to the existing Spectre v2 mitigations as their strategy to address SLAM.

The researchers have shared the details about the SLAM attack in a research paper accepted for the IEEE S&P’24, sharing the other relevant data on GitHub.

Let us know your thoughts in the comments.


[ad_2]
Source link

The sound of you typing on your keyboard could reveal your password

0
[ad_1]

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to the sound of you typing it on your keyboard.

The slight differences in the sounds each key makes is an unintentional leak of information, known as a “side channel”. Computers typically have lots of side channels, such as noises, heat, and changes in electromagnetic emissions, which can be hoovered up and analysed by adversaries to learn more about what’s happening on the computer.

Side channel research can get a little far-fetched and impractical at times but it serves a useful purpose in improving our knowledge about what’s possible. However, this research is firmly rooted in the possible, starting with the decision to monitor sound, rather than something more exotic.

The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.

The researchers also used real-world attack scenarios, such as snooping on a laptop keyboard using the microphone on a smartphone in the same room, and by capturing the sound on a Zoom call.

As it is in so much cybersecurity research, Artificial Intelligence is centre stage. The new password-busting technique uses Deep Learning (a form of AI that mimics the learning process of the human brain) to determine which of a keyboard’s 36 keys are being pressed. The algorithm was taught using 25 presses on each key of an Apple laptop using different fingers and different pressures. The sounds from the key presses were processed extensively before being turned into images, and then fed into a deep learning algorithm used for image classification.

Did it work? Yes, even over Zoom.

The method presented in this paper achieved a top-1 classification accuracy of 95% on phone-recorded laptop keystrokes, representing improved results for classifiers not utilising language models and the second best accuracy seen across all surveyed literature. When implemented on the Zoom-recorded data, the method resulted in 93% accuracy, an improved result for classifiers using such applications as attack vectors.

Research like this always begs the question, should you be worried about this? Most people have far more basic password problems to concern themselves with before fixing their noisy keyboards. However, all targets of cybercrime are not created equal, and there are nation state agencies willing to spend millions to compromise specific people. It is not difficult to imagine an intelligence agency using a technique like this, and it isn’t too far fetched for industrial espionage either.

As the reseachers point out, a deep learning engine trained on one laptop could probably guess passwords on other laptops of the same model, meaning “a successful attack on a single laptop could prove viable on a large number of devices.” A hint that techniques like this could even be commodified one day.

If you are concerned about this it’s worth noting that entering a password with a password manager makes almost no sound. However, if you think you’re genuinely at risk from techniques like this you should be looking beyond passwords at things like passkeys anyway.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

How to pin your WhatsApp messages

0
[ad_1]

You’re the admin for a large WhatsApp group chat, and you need to announce some major news. Guess what, that message about “Big changes coming to the company” just got washed away by the other messages raining into the group. This is frustrating, especially when that announcement is important. Well, your worries are over, as you can simply pin your messages to the top of your WhatsApp group chat.

If you’ve been wondering where this feature has been all your life, well, it’s been in testing. WhatsApp has been testing this feature for several months before bringing it to the masses. That’s also important to know in case you’ve been kicking yourself for not seeing it sooner.

So, how do you pin your WhatsApp messages? We’ll go over that in this piece. Also, we’ll talk about some other interesting things you can do in WhatsApp, so you’ll want to read to the end.

How to pin your WhatsApp messages

Pinning your messages in WhatsApp is pretty easy, but there are just a few things you’ll want to know about the feature. Firstly, pinning your messages will differ depending on what operating system you’re using.

If you’re using Android, then you’ll want to tap and hold on the message you want to pin. You’ll see a little menu pop up. Tap on the thumbtack icon. This will pin the message. If you’re using iOS, then the process is a little different. Instead of holding, you’ll just swipe your message to the right. This will bring up the menu with the Pin option.

Unpinning your messages is just as easy as pinning them. For Android, hold your finger down on the pinned message and you’ll see a thumbtack icon with a line through it. Tapping on that will push the message back to its original place in the message feed. For iOS, swipe right on that pinned message and tap on the Unpin button.

Other things you need to know about this feature

When you pin a long message, the app will truncate it. You’ll have to tap on it to see the full message.  This helps in case you need to post an extended announcement.

You can pin any kind of message. Along with regular text-based chats, you can pin pictures, videos, and even polls. So, you’re not limited in what you can pin to the top of your group chat. That’s great because not all important messages are only text-based. People often need to send other forms of messages for their colleagues to see. Say, you need to share a large file with your employees with important documents; you can do that.

Something to know is that these posts are temporary. At the time of writing this article, there’s no way to pin a message permanently. When you’re pinning a message, you’ll have the option to have it stay up for 24 hours, 7 days, or 30 days. That can be a bit frustrating if you need something to stay for the duration of the group. However, here’s hoping that WhatsApp changes this. The message will be set to 24 hours by default.

Other cool things you can do with WhatsApp

WhatsApp is always testing and launching new features, and it’s so easy to miss a few. If you’re a WhatsApp user, then you might want to know about the features that are coming out for the platform. Here’s a quick rundown of what you can do.

Original quality media

Before, WhatsApp would heavily compress any media that you upload on the platform. This is something that’s always frustrated people who want to share important pictures on the platform. Well, that’s a thing of the past. The company now preserves the original quality of your media. If you don’t want to upload in the original quality for some reason, you can choose the quality of the pictures that you’re uploading.

At the time of writing this article, this ability is only available for iOS users. However, the feature is going to come to Android users.

View-once messages

This is a trend that was popularized by Snapchat messages. As the name suggests, when you receive a view-once message, you’ll only be able to view it once before it’s deleted. This means that, if you want to see it again, you’ll need to ask the sender to send it again.

This feature is useful for people who need to send important information that they don’t want to fall into the wrong hands. It’s very useful for people who work in high-level positions. Either that or it could just come in handy when you want to confess your undying love to someone.

Secret chats

This feature is actually several features that add to a more secure (or surreptitious) chatting experience. Firstly, there are locked chats that no one can access without a password. This feature comes in handy if you’re talking with a colleague about sensitive matters. High-level executives often have access to some seriously locked-down information pertaining to their company. This information needs to stay behind lock and key.

Now, WhatsApp used to have those chats visible in your chat feed. While other people couldn’t access them, it was still obvious that you had secret chats. This is why WhatsApp allows you to hide those locked chats with a secret code. Having locked chats is good, but if people can see that you have locked chats, they can become curious as to what you have to hide.

This feature will hide your locked chats from your chat feed. In order to access those chats, you’ll need to enter a secret code that you created. You’ll type that code into the search bar.

WhatsApp is always working on new features, so always be on the lookout for new and exciting additions to the platform.


[ad_2]
Source link

Scammers Weaponize Google Forms in New BazarCall Attack

0
[ad_1]

Google Forms is the latest Google product to be abused by threat actors, this time for a new variant of the BazarCall attack

Cybersecurity researchers at Abnormal Security have identified a new attack campaign in which scammers use the BazarCall technique (BazaCall or Callback phishing) to target victims. This time, however, the notorious phishing attack method has taken a sophisticated turn by incorporating Google Forms to enhance its deceptive strategies.

Here, it is worth noting that Abnormal Security’s findings came just a couple of weeks after the FBI warned users of the Silent Ransom Group (SRG), also identified as Luna Moth, employing Callback phishing techniques for network hacks.

In the usual scenario, the BazarCall attack typically begins with a phishing email masquerading as a payment notification or subscription confirmation from familiar brands. The email prompts recipients to call a provided phone number to dispute charges or cancel a service, creating a sense of urgency. However, the real objective is to trick victims into installing malware during the phone call, exposing organizations to future cyber threats.

What sets this BazarCall variant apart is its utilization of Google Forms to elevate the authenticity of malicious emails. The attacker crafts a Google Form, adding details about a fake transaction, including an invoice number and payment information. The response receipt option is then activated, sending a copy of the completed form to the target’s email address.

In a blog post, Mike Britton Chief Information Security Officer at Abnormal Security that the attacker manipulates the process further by sending the form invitation to themselves, completing it with the target’s email address, and making it look like a payment confirmation for a product or service. Using Google Forms, sent from a legitimate Google address, enhances the attack’s legitimacy, making it harder to detect.

“Because the email is sent directly from Google Forms, the sender address is forms-receipts-noreply@googlecom, and the sender display name is “Google Forms.” Not only does this contribute to the appearance of legitimacy, it increases the chances of the message being successfully delivered as the email is from a legitimate and trusted domain.”

Mike Britton – Abnormal Security

The uniqueness of this BazarCall lies in its difficulty to be identified by traditional email security tools. Unlike typical threats with malicious links or attachments, this attack relies on Google Forms, a trusted service for surveys and quizzes.

Scammers Weaponize Google Forms in New BazarCall Attack
Actual email sent by threat actors using Google Forms (Image credit: Abnormal Security)

The dynamic nature of Google Forms URLs further complicates detection, as they frequently change, evading static analysis and signature-based detection used by many security tools. Mike further noted that legacy email security tools, such as secure email gateways (SEGs), struggle to discern the malicious intent behind these emails, leading to potential threats slipping through the cracks.

However, modern AI-native email security solutions equipped with behavioural AI and content analysis can accurately identify and thwart such attacks by recognizing brand impersonation and phishing attempts.

In navigating the evolving landscape of cyber threats, staying informed about sophisticated attack methods like this BazarCall variant is crucial. Adopting advanced email security solutions that leverage artificial intelligence is paramount to effectively protect organizations and individuals from the ever-changing tactics of cybercriminals.

  1. New BEC 3.0 Attack Exploiting Dropbox for Phishing
  2. Phishers Exploiting Google Docs to Harvest Crypto Credentials
  3. Iran’s MuddyWater Group Targets Israelis with Fake Memo Phishing
  4. USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data
  5. Hotel booking phishing scam uses PDF links to spread MrAnon Stealer

[ad_2]
Source link