Pick up the Amazon Fire 11 Max for $80 off for Black Friday

0
[ad_1]

If you own one of Amazon’s Fire tablets, then now is the perfect time to upgrade. Right now, Amazon is selling its biggest and most advanced Fire tablet for a whopping $80 off. We’re talking about the Amazon Fire 11 Max, and you can have this tablet for only $149.99 for Black Friday. That’s a deep discount off of an already extremely accessible price.

Amazon doesn’t bother too much with the specs when it comes to its devices. Moreover, the company focuses on the experience. The core of the Amazon Fire tablet experience is seamlessly connecting you to all of the great services that Amazon provides. While Amazon does have its hardware devices, its main ecosystem is in software services.

Are you an avid Amazon shopper, well you have easy access to the Amazon store and recommendations for what to buy. Do you have Amazon Fire Video, well that app comes pre-installed, and you can see recommended content right in the interface. Do you like listening to Amazon music, well, that service comes pre-installed into the software.

This is the kind of tablet to get if you enjoy watching and listening to media. It has a large 11-inch screen that looks very nice. While you’re watching videos, you’ll definitely have a great video-watching experience. Not only that, but it does have some updated hardware. This means that you will have a smoother experience while using your tablet. You won’t have to worry about any sort of slowdown.

Overall, this is an amazing device to get if you really want to enjoy your video-watching experience. Also, the $80 discount only sweetens the deal.


[ad_2]
Source link

Hackers Abusing WhatsApp Messages to Install Android Malware

0
[ad_1]

Embarking on a journey into the realm of cyber threats, Microsoft recently uncovered a series of mobile banking trojan campaigns meticulously designed to exploit unsuspecting users in India. 

This expose delves into the sophisticated strategies employed by cybercriminals utilizing social media platforms like WhatsApp and Telegram to manipulate users into installing malicious apps, posing as reputable entities ranging from banks to government services.

In an alarming revelation, Microsoft underscores the persistent and evolving nature of mobile malware infections, elucidating the severe consequences faced by users. 

From unauthorized access to personal information to the jeopardy of financial loss due to fraudulent transactions, this section examines the multifaceted threats posed by these campaigns, emphasizing the urgency for users to fortify their digital defenses.

Document
Free Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

An insightful exploration into the evolution of tactics reveals a shift in the playbook of cybercriminals. 

Microsoft’s investigation highlights the current campaigns sharing malicious APK files directly with mobile users in India, as opposed to the conventional method of enticing users with malicious links. 

This shift prompts a deeper understanding of the adversaries’ strategies and the need for users to adapt their vigilance accordingly.

Embarking on a detailed analysis, this section dissects two malicious applications impersonating official banking apps. 

By shedding light on their deceptive tactics and the data they aim to pilfer, readers gain a comprehensive understanding of the inner workings of these nefarious apps, empowering them to recognize potential threats in the future.

The Anatomy of Deception

Delving into the first case study, Microsoft unravels a WhatsApp phishing campaign orchestrated to instigate banking trojan activity. 

Screenshot of a fake WhatsApp phishing message asking users to update KYC using a APK file.
A fake WhatsApp message was sent to users to update KYC using a shared APK file.

By dissecting the malicious APK file and scrutinizing the deceptive messages employed, this section elucidates the tactics employed by cybercriminals to trick users into divulging sensitive information, thus exposing the vulnerability of unsuspecting victims.

Cyber Espionage in Action

In the second case study, Microsoft exposes a more insidious facet of the campaigns – the theft of credit card details. 

This segment offers an in-depth exploration of the fraudulent app’s capabilities, revealing the extent of user information at risk. 

By unmasking the tactics used to deceive users, readers are equipped to recognize and thwart potential threats targeting their financial assets.

Delving into the layers of sophistication, this section unveils the additional features observed in some versions of the malicious apps. 

From capturing financial and personal information to the theft of one-time passwords (OTPs), this analysis sheds light on the comprehensive arsenal cybercriminals deploy to exploit unsuspecting users.

A Call to Vigilance

Armed with the insights gained from dissecting these campaigns, Microsoft issues a call to vigilance. 

Readers are guided through the signs of potential infection, empowering them to identify unusual app behaviors and take decisive action to mitigate the impacts of these evolving threats. 

Recommendations for preventative measures underscore the importance of adopting a proactive defense strategy.

In conclusion, this expose serves as a beacon, illuminating the intricate landscape of mobile banking trojan campaigns. 

Microsoft’s unwavering commitment to raising awareness underscores the collective responsibility to fortify our digital defenses. 

As the cyber threat landscape continues to evolve, the imperative for robust and proactive defense strategies has never been more pressing. 

Stay informed, stay vigilant.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


[ad_2]
Source link

Konni RAT Exploiting Word Docs to Steal Data from Windows

0
[ad_1]

The return of Konni RAT and latest findings should not come as a surprise, considering that, as of 2022, the Microsoft Office Suite remains the most exploited set of tools by hackers for spreading malware.

Cybersecurity researchers at FortiGuard Labs have discovered a new malware campaign dubbed ‘Konni,’ which targets Windows systems through Word documents containing malicious macros. When unsuspecting users open or download the document, a remote access trojan (RAT) called Konni is executed.

The Konni RAT is a sophisticated malware incorporating self-defence mechanisms, with capabilities that include stealing login credentials, remote command execution, and the ability to execute commands with elevated privileges. Additionally, it can download and upload files.

It is worth noting that the Konni RAT is known for its previous targeting of Russia. Notably, it was the same malware used against North Korea following its missile tests in August 2017.

As for the latest campaign, the malicious Word document is written in the Russian language, and distributed as a legitimate file, such as invoices, contracts, or job applications, to trick users into opening them.

Konni RAT is back!
The malicious email sent by threat actors (screenshit via: FortiGuard Labs)

Even though the document was created in September 2023, FortiGuard Labs’ internal telemetry shows that the campaign’s C2 server remains active. This means the campaign is ongoing, and new victims are being infected. This continuous activity shows the persistent nature of the Konni campaign.

Researchers observed that a ‘sophisticated threat actor’ has employed an advanced toolset within a Word document using ‘batch scripts and DLL files.’ The payload contains a UAC bypass encrypted communication with a C2 server, probably to allow the actor to execute privileged commands

Upon opening the Word document, a prompt requests the user to enable content, triggering a VBA script. This script initiates the download and execution of a ‘check.bat’ batch script. The ‘check.bat’ script conducts various checks, including verifying the presence of a remote connection session, identifying the Windows operating system version, and checking the system architecture.

Subsequently, the script executes the ‘wpns.dll’ library, bypassing UAC (User Account Control), and exploits the legitimate Windows utility ‘wusa.exe’ to launch a command with elevated privileges.

Afterwards, it runs the ‘netpp.bat’ batch script with inherited elevated privileges. The script stops the ‘netpp’ service, copies necessary files to the ‘System32’ directory, and creates a service named ‘netpp” that automatically starts at system startup. The malware begins execution after adding registry entries and starting the “netpp” service.

According to the FortiGuard Labs blog post, Konni RAT can extract information and execute commands on infected devices. Once installed, it lets attackers control the infected system remotely to steal sensitive data, deploy additional malware, or perform unauthorized activities.

The malware fetches a list of active processes on the system, and after performing compression and encryption, it sends the data to the C2 server. It also downloads a payload or command from the C2 server by sending an HTTP request. When it receives a response, it extracts and decrypts the data, stores it as a temporary file and executes the cmd command to expand the payload and initiate further actions.

The latest findings should not come as a surprise, considering that, as of 2022, the Microsoft Office Suite remains the most exploited set of tools by hackers for spreading malware.

The Konni campaign has been observed targeting individuals and organizations worldwide, particularly those in the Middle East and North Africa. To protect yourself from the Konni campaign and similar malware attacks, avoid opening email attachments from unknown senders or emails with suspicious subject lines.

Additionally, disable macros in Word documents and enable only when you know the document’s origin and purpose. Lastly, ensure your operating system and applications are updated to the latest versions to address known security vulnerabilities.

  1. LinkedIn Phishing Scam Steals Microsoft Accounts
  2. Hackers are digging into a 17 year old Microsoft Word flaw
  3. NodeStealer 2.0 Poses as ‘Microsoft’ to Hack Facebook Accounts
  4. Google, Microsoft and Oracle generated most vulnerabilities in 2021
  5. VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware

[ad_2]
Source link

Mysterious bumps spotted on some Pixel 8 Pro displays

0
[ad_1]

We have some bad news related to Google’s latest flagship. New reports reveal that some Pixel 8 Pro displays are having problems with mysterious bumps. Multiple reports popped up, showing the same problem.

Mysterious bumps appear on some Pixel 8 Pro displays

If you check out the images shown below, you’ll see what we mean. It actually looks like something is causing these bumps from underneath, as if something is pressing up against the display. The display itself, under the glass, is soft, so… there you go.

The glass itself, the Gorilla Glass Victus 2, is not bothered by this. It’s obviously coming from underneath. Even a teardown appears to confirm that, as the positioning of some components aligns with these bumps.

Pixel 8 Pro JerryRigTeardown

These bumps do not affect the device’s functionality

Do note that these bumps do not affect the functionality of the Pixel 8 Pro. The touchscreen still works normally, and you really have to look for these bumps in order to see them. You have to be under specific lighting and angle the phone in a specific way to see them.

At the moment, that’s not much of a problem. However, users are concerned it could become a problem down the line. They’re worried they may become worse and damage the display in the process.

At the moment, there are dozens of reports of this happening, so it’s definitely not an isolated case. Some users even contacted Google to get a replacement unit because of this.

Google did not issue a statement regarding this, or anything of the sort. Well, at least not at the time of writing this article. Let’s hope the company will react in one way or the other, as this does deserve some attention, whether it’s a real problem, or something that users shouldn’t be worried about.


[ad_2]
Source link

New Phishing Attack Hijacks Email Thread to Inject Malicious URL

0
[ad_1]

Researchers discovered a new campaign delivering DarkGate and PikaBot that employs strategies similar to those employed in QakBot phishing attempts.

This operation sends out a large number of emails to a variety of industries, and because the malware transmitted has loader capabilities, recipients may be vulnerable to more complex threats such as reconnaissance malware and ransomware.

“These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery,” Cofense Intelligence stated in a report shared with Cyber Security News.

Infection Chain 

The tactics, techniques, and procedures (TTPs) used in this campaign make it a high-level threat because they allow phishing emails to reach their targeted targets, and the malware they distribute has sophisticated capabilities.

A hijacked email thread is used at the start of the campaign to trick customers into visiting a malicious URL with further layers. This restricts access to the malicious payload to users who match certain criteria provided by the threat actors (location and web browser).

This URL downloads a ZIP archive containing a JS file known as a JS Dropper, a JavaScript program that connects to another URL to download and execute malware. At this point, the DarkGate or PikaBot malware has successfully infected a victim.

Infection chain used in the campaign

The most prominent feature of these malware families is their ability to deliver additional payloads once they are successfully planted on a user’s PC.

Advanced crypto mining software, reconnaissance tools, ransomware, or any other malicious file the threat actors choose to install on a victim’s computer might be delivered via a successful DarkGate or PikaBot infection.

Document
Free Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

“Threat actors disseminate the phishing emails through hijacked email threads that may be obtained from Microsoft ProxyLogon attacks (CVE-2021-26855). This is vulnerability on the Microsoft Exchange Server that allows threat actors to bypass authentication and impersonate admins”, researchers explain.

Figure 3: Real hijacked email thread example that delivered PikaBot (ATR 351964).
Real hijacked email thread that delivered PikaBot

The email’s malicious URL has a distinct pattern similar to those found in QakBot phishing attacks. Threat actors have added layers to these URLs to restrict access to the malicious file they are delivering, making them more sophisticated than your typical phishing URL.

Hence, employees should be aware that this kind of threat exists, as the campaign’s threat actors have skills that go beyond those of a typical phisher.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


[ad_2]
Source link

Samsung One UI lets Galaxy users lock apps in open state

0
[ad_1]

Samsung has added a nifty trick to One UI to prevent accidental closing of open apps. The Android-based custom software for Galaxy phones lets you lock apps in an open state. You can minimize the app but it won’t be cleared from the background even if you select “Close all” from recent apps.

Samsung’s One UI keeps users from closing apps by mistake

Android phones let users quickly terminate all open apps from the Recent Apps screen. A “Close all” button closes all apps that are running in the background at once. Many people have a habit of using this button invariably every time they go back to Home after using an app. Some do this just to keep a clean slate while others believe closing background apps helps improve performance or battery life.

However, since there is no option to confirm your decision, you may have sometimes accidentally closed an app you didn’t want to. You may have realized that as soon as you hit the “Close all” button, but there is no way to resume the app from where you left off the last time. Samsung is fixing this problem for Galaxy smartphone users with its new One UI feature (via SamMobile).

When on the Recent Apps screen, tapping the app icon at the top now gives you an option to “Keep open.” Tapping it will lock the app in an open state in the background, which is confirmed by the pop-up message “1 app kept open for quick launching.” The “Close all” button can’t close it either. A lock icon on the bottom-right corner of the app preview in Recent Apps denotes a locked app. If you want to unlock it, simply tap on the said lock icon.

Samsung One UI lock apps

Android phones from other brands have this feature too

This is an extremely convenient way to keep yourself from accidentally closing apps. Galaxy users would love it. However, Samsung isn’t the only Android manufacturer offering this ability. Devices from a few other OEMs have a similar feature too, including Vivo.

You can manually swipe a locked app away to close it from the Recent Apps screen. The next time you open it, the app will retain its locked state. If you are a Galaxy user and haven’t tried this feature yet, go check it out. The Android 14-based One UI 6.0 update will bring a host of new features to your phone.


[ad_2]
Source link

OpenAI could lose basically all of its employees

0
[ad_1]

OpenAI, one of the world’s leading AI companies, is going through a massive shake-up after a very dramatic weekend that just happened. If you want to know more about what’s going on at the company, be sure to read our timeline of the whole OpenAI situation. There’s a lot going on at OpenAI that threatened to put it in the ground, and one thing is a potential mass exodus from its employees.

The drama began when the company’s CEO, Sam Altman, was suddenly fired from his position. This led many workers loyal to Altman to contemplate leaving the company. And, by many, we mean the mass majority of the employee base. According to reports, there are about 700 employees currently working at OpenAI. At the time of writing this, more than 500 have agreed to leave the company if the non-profit board does not resign.

There could be a mass exodus happening at OpenAI

So, the situation going on an OpenAI is rather complicated and steadily developing. What we can say for sure is that the folks at OpenAI are in a bit of a pickle. At this point, we don’t know exactly why the board fired Altman in the first place. Regardless of the reason, the mass majority of the workforce is heavily upset with the decision.

Just hours after Altman was fired, several of the company’s AI scientists resigned. After that, more people expressed their anger at the situation. In fact, there was an open letter floating around the office requesting that the board members who fired Altman resign. This came before Sam Altman himself requested that the board resign. If the board refuses to step down, then OpenAI can say goodbye to nearly three-thirds of its employees at the very least.

Where will they go? Well, that’s another reason why the situation is complicated. Microsoft stated that it will open its doors to all 700 employees who jump ship from OpenAI. The company has already moved to hire Sam Altman and Greg Brockman. What’s another 700?

It seems ironic that Microsoft would hire Altman while the company that it’s heavily invested in seems to be a sinking ship. Sam Altman’s employment with Microsoft might not be officially finalized. He and Brockman are planning on returning to open AI if the remaining three board members were to retire. That deal is still going on. If they return to the company, then the many employees planning on leaving might stay where they are. Only time will tell at this point.

Again, this is an ongoing and developing story, so you have to stay tuned for more developments that come.


[ad_2]
Source link

OnePlus launched an online AI Music Studio where you can generate songs and join a contest

0
[ad_1]

As the Chinese company OnePlus gears up for the release of its upcoming flagship, the OnePlus 12, it gives its users something to have fun with. You probably have already noticed how AI is making its way into almost every aspect of our online and digital presence, with tech giants like Google incorporating AI into its services or Meta introducing its AI assistant to Messenger, Instagram, and WhatsApp. Now, OnePlus is also joining the trend with a new AI Music Studio.The OnePlus AI Music Studio is a free online tool that allows users to effortlessly generate lyrics, music, and music videos through text prompts. If you want to try it out, you have to create an account. Once registered, choose from music genres (currently offering RAP, EDM, and POP only), specify mood, and select a music video theme.

The next step is entering a prompt about what your song should be about, and that’s it. The rest is up to the AI to create the song you have “written.” If the lyrics don’t quite hit the mark, a simple regeneration can fine-tune the artistic output. After the song is finished, you have the option to share, download, or simply enjoy your creation (if you like what you hear, of course).

Launching this tool for users to play with is not all; OnePlus has also launched a contest for users in North America, Europe, and India. Participants can submit their music tracks by December 17, and OnePlus will select 100 winners from each region.

The rewards? Coupons, redeemable for OnePlus products. While users are welcome to submit multiple entries, it’s essential to note that entries with inappropriate or offensive content or those violating copyright laws will be disqualified.

[ad_2]
Source link

Former Cyber Security COO Pleads Guilty for Hacking Hospitals

0
[ad_1]

Former COO of the Atlanta-based cybersecurity company Securolytics, Vikas Singla, launched a series of cyberattacks on the non-profit healthcare organization Gwinnett Medical Center (GMC), which has locations in Lawrenceville and Duluth, Georgia.

GMC suffered a financial loss of $817,804.12 as a result of the defendant’s computer intrusions that affected the GMC ASCOM phone system, printers, and Digitizer, as well as the defendant’s course of conduct.

Document
Free Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Specifics of the Hack

The plea agreement states that on September 27, 2018, the defendant intentionally sent a command that caused an unlawful change to the ASCOM phone system configuration template for the GMC hospital campus in Duluth, Georgia.

Additionally, he knew he did not have the authority to make the changes he intended to make to the configuration files of the ASCOM phone system.

As a result, upon the defendant’s transmission, every ASCOM phone at GMC Duluth that was linked to the phone system became unusable. There was an outage of over two hundred ASCOM handset devices.

Internal communication between nurses and doctors, even during “Code Blue” emergencies, was made possible by the ASCOM phones utilized by the hospital staff members. Making calls from outside the hospital was also possible using the ASCOM phones.

The defendant gained access to over 300 patients’ names, dates of birth, and sex without permission from a Hologic R2 Digitizer that was attached to a mammography machine at the GMC hospital in Lawrenceville.

The Digitizer required a password to access it, and it was available over GMC’s VPN. His access to the Digitizer’s information was not authorized.

Singla intentionally sent a command that led to the printing of a file called Baidu.txt, which caused more than 200 printers at Gwinnett’s hospital campuses in Duluth and Lawrenceville to print patient information such as name, birthdate, and sex that was obtained without consent from the digitizer and interspersed with the statement “WE OWN YOU.”

“The printers were used in connection with patient care and the messages printed on the computer had the potential to cause fear among medical staff and impair the provision of hospital services.”

On October 2, 2018, Singla allegedly “caused” the posting of 43 messages on the @baidu325017231 Twitter account, alleging that Gwinnett had been compromised. 

Prosecutors claim in the plea agreement that Singla received the name, date of birth, and gender of each patient from the hacked digitizer, which was included in each of the 43 messages.

As part of the plea agreement, he has now consented to pay the Insurance Company and Northside Hospital Gwinnett in Lawrenceville more than $817,000 in repayment, plus interest.

Given that Singla has a serious vascular illness and a rare, incurable form of cancer, the plea agreement suggests home detention as an alternative to imprisonment.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


[ad_2]
Source link

Google’s Pixel Tablet is an incredible value at $398

0
[ad_1]

Amazon has the Google Pixel Tablet on sale for just $398. This is actually going to be the all-time lowest price for the Pixel Tablet, even beating out the discounted price we saw during Prime Day. So if you’ve been looking to grab yourself a new tablet, this Black Friday sale is going to be the best time to grab it.

The Google Pixel Tablet is a bit of an interesting product, to be quite honest. Google built it, knowing that it would not be able to compete with the iPad, or even with Samsung’s own Galaxy Tabs. So instead, they took an interesting approach that I actually quite like. And that is to make it also work as a smart display. Google bundles a speaker dock in the box with the Pixel Tablet, which lets you dock the tablet and use it like a smart display. Then pick up the tablet when you want to take it elsewhere.

It’s a really good experience, and great for using in the kitchen, or sitting on the couch browsing through Twitter starting flame wars, and such. However, it’s not as great for productivity. If you want this tablet to replace your laptop, I’d recommend looking elsewhere like the Galaxy Tab S9 series. This is not the fastest tablet in the world, but it can get the job done.

Honestly, my favorite aspect of this tablet is indeed the speaker dock. That dock is such a great accessory to have in the box, by the way. I have the Pixel Tablet sitting on my desk, most days playing Spotify, but I can also start playing YouTube TV if there’s a game on I want to watch while I’m working – which does happen pretty often.

This is an all-time low for the Pixel Tablet, so now is a great time to grab one, at the link below.

Google Pixel Tablet – Amazon


[ad_2]
Source link