Critical F5 BIG-IP Flaw Allows Remote Code Execution Attacks

0
[ad_1]

A critical security flaw existed in the F5 BIG-IP Configuration utility that allows an adversary to execute arbitrary commands. In worst-case exploits, an attacker having prior access to the target network may easily exploit the vulnerability. F5 has released the patched versions, urging users to upgrade accordingly.

F5 BIG-IP RCE Flaw

In a recent advisory, F5 disclosed a critical severity vulnerability affecting its BIG-IP systems.

BIG-IP is a dedicated hardware and software solutions suite facilitating application access control, availability, and security. Given its useful functionalities, BIG-IP boasts a huge customer base, which also indicates the extent of vulnerable users in case of any BIG-IP exploit.

As explained in the advisory, the vulnerability typically affected BIG-IP systems with Traffic Management User Interface (TMUI) exposed. However, an attacker with prior access to the target network via the management port of self IP addresses could also exploit the flaw. Once done, the adversary could execute unauthenticated remote commands on the target systems.

This vulnerability, CVE-2023-46747, received a critical severity rating with a CVSS score of 9.8. Technical details about the BIG-IP flaw are available in F5’s advisory.

F5 Deployed The Patch

Following the bug report, the vendors quickly developed a patch for the security vulnerability. F5 acknowledged the researchers Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. to discover and report the flaw.

The researchers have also shared the details about their findings in a separate post. The timeline they shared in their post reflects how vigilantly F5 acted upon the vulnerability report, reproducing the exploit and confirming the vulnerability. The firm pledged to deliver a fix quickly, which they did, as they rolled out the patched releases in a couple of weeks.

Besides releasing the fixes, F5 also shared numerous mitigation strategies to protect vulnerable systems until they are updated.

Let us know your thoughts in the comments.


[ad_2]
Source link

The search bar in Gmail gets bigger complying with M3 design

0
[ad_1]

Gmail for Android users recently encountered a visual revamp, particularly in the search bar department. The search bar has been redesigned to align with the latest Material 3 design guidelines. These modifications might seem subtle, but they contribute to a refined and polished user interface.

One notable change is the increase in the size of the search bar. Previously standing at 48dp, it has now grown to a height of 56dp, reports 9to5Google. This adjustment adheres to Material 3‘s design principle of a taller search bar.

This design change complements Material You’s preference for more expansive elements in the interface. Furthermore, the larger size accommodates users who prefer a more substantial touch target for interaction.

What lies ahead: Consistency across Google apps with Material You design

This design update was first spotted in Gmail (version 2023.10.15.x) and Google Chat (version 2023.10.15.x), both integral parts of the Google Workspace. As the search bar in Gmail gets bigger, users can anticipate similar visual enhancements across their suite of applications.

Previously, Google apps featured full-width search fields at the top of the screen, offering a consistent visual theme. However, some apps deviated from this design paradigm.

For instance, Google Messages introduced a new look for its home screen, and the Play Store narrowed its search field. The Google (Search) app, on the other hand, still features an oversized search field above the Discover feed, which appears somewhat out of place compared to the updated design of Gmail and Google Chat.

As Google progresses toward a more uniform design language, users can look forward to further updates aimed at enhancing the overall user interface and experience throughout the Google app ecosystem. This ongoing commitment to design refinement ensures that Google’s suite of applications remains cohesive and user-friendly.

With the Material 3 design, Google is not only refreshing the look of its apps but also enhancing user interaction and consistency across its platform.


[ad_2]
Source link

Humane's AI Pin is innovative… and pricey!

0
[ad_1]
Humane AI Pin

Not too long ago, Humane co-founder Imran Chaudhri gave a Ted Talk where he showed off a device that could bring ChatGPT into the real world. It’s called the AI Pin, and it’s an innovative device, to say the least. Well, according to The Information (via The Verge), the Humane AI Pin could have a pretty high price.

This device is one of the most innovative devices of the year. It’s a wearable pin that has access to OpenAI’s GPT-4 LLM. It can scan objects in the real world and use its AI knowledge to give you real-time audible feedback. In the presentation, Chaudhri showed himself scanning a candy bar and asking if he should eat it. It gave a pretty personalized response.

The potential price for the Humane AI Pin was leaked, and it’s high

This is a leak, so you’ll want to take it with a grain of salt. As per the report, the AI Pin could cost as much as $1,000 when it launches. That’s quite a pretty penny to pay for such a small device. However, its real-world applications could justify the price.

Along with that, you could also be required to pay for subscription services on top of the price. This is to access the AI services. That’s a tough pill to swallow. If you don’t pay for the service, we hope that you’ll still have access to SOME functionality from the device. That, however, remains to be seen.

This device will have it all

The AI Pin will be a feature-rich device, having access to the GPT-4 language model. With such a powerful LLM, the AI Pin is able to scan objects in the real world and provide responses based on them. It comes with a camera, speaker, and microphone with other sensors just like a smartphone. Also, just like a smartphone, it comes with a Snapdragon chip.

During his presentation, Chaudhri gave an example of Pin translating his speech and receiving a call from his wife along with the candy bar example. Also, while this is a small device without a screen, there’s a bit of a graphical user interface, and that’s through the laser projector.

There’s a lot to love about this device, and we might discover more when it gets its official announcement on November 9th.

The post Humane's AI Pin is innovative… and pricey! appeared first on Android Headlines.


[ad_2]
Source link

Hackers Deliver Remcos RAT-Weaponized PDF Payslip Document

0
[ad_1]

AhnLab Security Emergency Response Center (ASEC) has recently revealed a disturbing case of Remcos RAT, a malicious software that can remotely access and manipulate infected machines. 

The attackers behind this malware used a clever email scam that pretended to be a payslip to trick the recipients into opening a compressed CAB file that contained the Remcos RAT disguised as a PDF file.

Remcos RAT to enter the target's system
Remcos RAT to enter the target’s system

This sneaky trick allowed the Remcos RAT to enter the target’s system, giving the attacker a lot of malicious options. 

The Remcos RAT, once run, has many intrusive capabilities. It can log keystrokes, take screenshots, control webcams and microphones, and execute various actions as per the attacker’s commands. 

It can also steal sensitive data, such as browsing histories and stored passwords, from the victim’s system.

Remcos RAT
Remcos RAT

Interestingly, the Remcos RAT stays inactive until it gets commands from the attacker’s command and control (C2) server. 

This helps it evade detection by security systems. However, it has a unique feature that makes it different from typical remote-access trojans. 

The Remcos RAT has an offline keylogger that starts working right after infection without needing a command from the C2 server. 

This creates a weakness that can be used for detection, especially with sandbox devices.

Various control features of the Remcos RAT’s remote control server (Remcos v2.6.0

The offline keylogger in the Remcos RAT works by using the SetWindowHookExA API and installing a hook procedure to monitor keyboard input events through the WH_KEYBOARD_LL argument.

AhnLab’s MDS sandbox environment successfully detects the malicious behavior of this offline keylogger.

This feature helps to identify the Remcos RAT’s presence even before it connects with the C2 server.

Remcos RAT malware detected using AhnLab MDS (2)

To conclude, Remcos RAT is a serious threat that can do a lot of harm. Its unique offline keylogger feature offers a chance for detection, making it important for security administrators to use advanced threat prevention solutions, such as MDS, and to carefully monitor endpoint environments for any unusual behaviors using products like EDR. 

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.


[ad_2]
Source link

Malvertising via Dynamic Search Ads delivers malware bonanza

0
[ad_1]

Dynamically generated ads can be problematic when the content they are created from has been compromised.

Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating one. Today, we look at a different scenario where, as strange as that may sound, malvertising was entirely accidental.

The reason this happened was due to the combination of two separate factors: a compromised website and Google Dynamic Search Ads.

Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python developers, and visible to people doing a Google search for it. Victims who clicked on the ad were taken to a hacked webpage with a link to download the application, which turned out to install over a dozen different pieces of malware instead.

Compromised website promotes software crack

While we identified the compromised ad before the website, we will first describe what happens from the point of view of the site owner to better understand what led to the ad creation in the first place.

This website is for a business that specializes in wedding planning and their portfolio includes testimonials from previous customers sharing their story and experience. Unfortunately, some of those pages have been injected with malware that spams malicious content into them.

In particular, it changes the page’s title and creates an overlay that promotes a serial key for various software programs. For example, the screenshot below shows that overlay advertising a license key for Pycharm, a popular program used by software developers:

Malvertising via Dynamic Search Ad

Dynamic Search Ads (DSA) are a type of Google ads that use the content of a website to automate the creation of ads. While this feature is very handy for advertisers, it also comes with the unlikely but potential for abuse. Indeed, if someone is able to modify the website’s content without the owner’s knowledge, automated ads may be entirely misleading.

Circling back to where our investigation started, this is what we first saw when doing a Google search for ‘pycharm’. The ad’s headline is showing “JetBrains PyCharm Professional” while the content snippet has gathered a bunch of keywords related to the wedding business. Obviously, there is a discrepancy here between what the ad’s title promotes (a program for developers) and the ad’s description (wedding planning).

What happened here is Google Ads dynamically generated this ad from the hacked page, which makes the website owner an unintentional intermediary and victim paying for their own malicious ad.

Fake serial leads to malware bonanza

People searching for PyCharm may not take the time to read the ad’s description, but instead will simply click on the headline. From there, they will be redirected to the compromised page showing the overlay with the link to download the serial key. While not everyone will proceed at this point, those who do will have an experience they aren’t likely to forget:

Running this installer will result in a deluge of malware infections the like we have only seen on rare occasions, rendering the computer completely unusable:

Sometimes, an unexperienced criminal may want to monetize as many software loads as possible in order to earn a commission on each. Clearly this is not an elegant attack as the victim will be aware their computer has been loaded with unwanted programs.

Whatever the case may be, downloading cracks or serial keys is akin to walking across a mine field, and you typically only do it once.

Summary

This incident is not your typical malvertising case and in fact, it’s unlikely that whoever hacked that website was even aware of this happening. Compromised sites can be monetized in many different ways and usually threat actors expect traffic to come from organic search results, not ads.

From an ad quality point of view, this would be difficult to detect in the sense that the ad has been paid for by a legitimate business and takes users to the correct destination. There is no malicious redirect to a fake domain that attempts to deceive users like we have seen before.

Google may be able to detect that the website has been compromised because it contains spam injections. If that is the case, Dynamic Search Ads may inadvertently promote malicious content.

We recommend users to practice safe browsing and always be cautious with sponsored content. Downloading cracked software has never been a good idea, but if you do, always make sure it is clean before you run it.

We have informed the wedding planner business that their website is currently compromised and leading to malicious content.

Malwarebytes already detected all the payloads with its anti-malware and heuristic engines:

Indicators of Compromise

Download URL for fake serial:

eplangocview[.]com/wp-download/File.7z

Subsequent malware download URLs:

roberthamilton[.]top/timeSync[.]exe
109[.]107[.]182[.]2/race/bus50[.]exe
171[.]22[.]28[.]226/download/Services[.]exe
experiment[.]pw/setup294[.]exe
medfioytrkdkcodlskeej[.]net/987123[.]exe
171[.]22[.]28[.]226/download/WWW14_64[.]exe
185[.]172[.]128[.]69/newumma[.]exe
194[.]169[.]175[.]233/setup[.]exe
171[.]22[.]28[.]221/files/Ads[.]exe
171[.]22[.]28[.]213/3[.]exe
lakuiksong[.]known[.]co[.]ke/netTimer[.]exe
stim[.]graspalace[.]com/order/tuc19[.]exe
neuralshit[.]net/1298d7c8d865df39937f1b0eb46c0e3f/7725eaa6592c80f8124e769b4e8a07f7[.]exe
pic[.]himanfast[.]com/order/tuc15[.]exe
85[.]217[.]144[.]143/files/My2[.]exe
galandskiyher5[.]com/downloads/toolspub1[.]exe
gobr1on[.]top/build[.]exe
flyawayaero[.]net/baf14778c246e15550645e30ba78ce1c[.]exe
632432[.]space/385118/setup[.]exe
yip[.]su/RNWPd[.]exe
potatogoose[.]com/1298d7c8d865df39937f1b0eb46c0e3f/baf14778c246e15550645e30ba78ce1c[.]exe
185[.]216[.]71[.]26/download/k/KL[.]exe
walkinglate[.]com/watchdog/watchdog[.]exe
walkinglate[.]com/uninstall[.]exe

[ad_2]
Source link

Samsung celebrates its legacy of innovation with Galaxy Z Flip 5 Retro

0
[ad_1]

Samsung has launched the Galaxy Z Flip 5 Retro. The limited edition phone is a homage to the company’s iconic old-school flip phone from 2003, the SGH-E700. The 20-year-old phone is famous for various reasons and is also known as the Benz Phone for its “exceptional design.” The Korean firm is commemorating it by painting the new Flip in its colors.

The Galaxy Z Flip 5 Retro is a nostalgic homage to its 2003 flip phone

Samsung describes the Galaxy Z Flip 5 Retro as a phone that embodies its “legacy of innovation.” This is a reference to the SGH-E700 that debuted 20 years ago with many innovative features. It was the first Samsung phone to feature a built-in antenna. It also featured an external display. The OLED color panel on its back side could be used as a viewfinder when capturing selfies using the rear camera.

According to Samsung, the SGH-E700 was a product “that captured the market’s imagination with its exceptional design and performance.” Unsurprisingly, it sold over ten million units globally, making it the first phone from the Korean behemoth to reach this sales milestone. Its innovative design and widespread popularity “played a pivotal role in advancing Samsung’s position in the mobile phone industry,” the company states.

Samsung Galaxy Z Flip 5 Retro official 3

The Korean firm went on to launch many iconic mobile phones over the years. It’s now paying homage to the SGH-E700 with the Galaxy Z Flip 5 Retro. The new limited edition foldable features an indigo blue rear panel and a silver frame, the same colors as the iconic flip phone. Additionally, Samsung has reinterpreted a UX design of 2000s pixel graphics. It’s also offering an exclusive cover screen animation portraying “a cityscape with a touch of nostalgia.”

Bundled with the package are a Flipsuit case and three Flipsuit cards featuring logos from different eras of Samsung’s history. It also includes a collector card “engraved with a unique serial number.” Samsung says this will add to the product’s collectible value for customers who purchase it. The Retro version of the Galaxy Z Flip 5 has the same internals and overall design as the standard foldable.

Price and availability

As of now, Samsung has confirmed the availability of the Galaxy Z Flip 5 Retro in six countries: Australia, France Germany, South Korea, Spain, and the UK. The device will go on sale in France on November 2 and the other five markets on November 1. The company hasn’t announced the price for the limited edition foldable. It will probably reveal that on the release date for each market. We will let you know if Samsung brings the phone to more countries, including the US.

Samsung Galaxy Z Flip 5 Retro official 2


[ad_2]
Source link

European Government email servers hacked using a new tactic

0
[ad_1]

The espionage group Winter Vivern resurfaces, exploiting a critical zero-day vulnerability in the widely used Roundcube Webmail service. 

Researchers at ESET, a prominent cybersecurity firm, have been closely monitoring Winter Vivern, an advanced persistent threat (APT) group. This group is known for its ties to Russia and Belarus. 

In the past, this group has targeted governments in Poland, Ukraine, India, and more, and its latest campaign poses a significant threat to governmental entities and think tanks across Europe.

Zero-Day Vulnerability Strikes Roundcube Webmail

Winter Vivern’s most recent campaign hinges on a previously undisclosed vulnerability within the Roundcube Webmail software. It is a popular, free, and open-source email platform. ESET’s researchers discovered the vulnerability, labeled CVE-2023-5631, on October 12 and promptly reported it to Roundcube. 

Roundcube acted swiftly, releasing a patch on October 14 to address the issue. But what made this vulnerability particularly concerning is that it required no user interaction beyond opening a seemingly innocent email in a web browser. It allowed the hackers to exfiltrate sensitive email messages with ease, leaving targets unaware of the matter.

Winter Vivern’s Persistent Threat

Matthieu Faou, a researcher at ESET, emphasized the ongoing Zero-Day vulnerability threat posed on Roundcube by Winter Vivern. This group’s persistence, coupled with its consistent execution of phishing campaigns, makes it a significant concern for governments as well as individuals.

Faou also noted that a substantial number of internet-facing applications are not regularly updated, despite having known vulnerabilities. Groups like Winter Vivern take advantage of this security negligence.

An intriguing aspect of this attack is that the initial emails sent by the hackers did not appear malicious. However, upon closer inspection, these seemingly harmless messages contained payloads that granted the attackers access to the email accounts, thereby compromising sensitive information. A sample of this seemingly harmless email (via Beeping Computer) is provided below.

ESET and Faou have been actively monitoring Winter Vivern since its appearance in 2020. The group’s primary focus is on government organizations within Europe and Central Asia. To achieve its goals, Winter Vivern employs various malicious documents, phishing websites, and an array of tools designed to infiltrate its targets.

Roundcube phishing email sample


[ad_2]
Source link

January 1, 2024, will be the end of this Samsung app due to low usage

0
[ad_1]
While most of the population is either trying to sober up and survive January 1 or hitting the local gym for that “New Year, new me” self-deception, Samsung is acting differently.

This coming January 1, 2024, will be the last day of a Samsung app, but don’t you worry – it’s not a major one. SamMobile’s report is dubbing it “useless”: that’s the Video Library app.

Here’s how it looks like, in case you’ve forgotten it (or you’ve never used it before):

Samsung sent a notice explaining that it will no longer update the app or provide compatibility support for Android 14 or One UI 6.0 and future updates.

In the end-of-support notice, the Korean giant explains things straightforwardly, stating that “it has become difficult to continue the service due to the low usage and activation rate and the difficulty of distinguishing Samsung Video Library from other apps”. Those “other apps” are probably the Gallery app and its Video Player and Video Editor components.

Samsung says that “after the discontinuation date [January 1, 2024], you can continue to use the app […] in the OS versions or supported models,” including:
  • Android 6 to Android 13.
  • Galaxy S5 to Galaxy S23 series.
  • Galaxy Note 4 to Galaxy Note 20.
  • All Galaxy Z, A, and M models.

What’s my alternative?

As said above, one can rely on the Gallery app and its embedded Video Player and Video Editor components to take over for the discontinued Video Library.

More about the One UI 6


Speaking of One UI 6, don’t forget to check if the stable One UI 6 has arrived on your Galaxy S23 if you’re lucky enough to own one. Now that the One UI 6 beta updates for those flagships are over, you can check for the stable release by going to Settings and tapping the Software update menu.

For now, the update is apparently being rolled out in select European countries including France, Germany, Poland, and the UK, but it’s worth checking if it has magically arrived on your Galaxy S23 as well, even if you’re not located in the aforementioned countries.

Expect the update at around 3GB as it includes the October 2023 security patch plus a bunch of important improvements like the simplification of the icon labels on the home screen and the new emoji designs that the Samsung Keyboard got.

Meanwhile, Galaxy Z Fold 5 users who are subscribed to the beta testing program, can now expect to lay their hands on the fourth One UI 6 beta for Samsung’s latest foldable.

[ad_2]
Source link

F-Secure Eyes $9.5M in Cost Savings With Layoffs

0
[ad_1]

F-Secure has recently implemented organizational changes in order to pursue strategic growth initiatives and meet its financial targets. These changes likely involve adjustments to the company’s structure, processes, and resources to ensure they are better aligned with their goals and objectives.

F-Secure Corporation is a leading provider of comprehensive cyber security and privacy solutions on a global scale. The company is headquartered in the vibrant city of Helsinki, Finland, where it is renowned for its cutting-edge technology and innovative approach to protecting businesses and individuals from cyber threats.

The organization sells antivirus, VPN, password management, and other cybersecurity products for various devices. They also offer free tools on their website.

On September 8th, F-Secure released a statement warning investors about a reduction in their financial projections for sales and adjusted EBITA for the year 2023.

The reason for this reduction was due to their business performance falling short of their initial expectations, resulting in lower-than-anticipated income.

Due to the ongoing war in Ukraine and high inflation, this impact led to weak consumer sentiment and lower demand. This also affects F-secure employees globally.

F-Secure Eyes $9.5M in Cost Savings

According to the initial estimation, the ongoing change negotiations are likely to lead to a cutback of around 70 positions. Out of these, up to 50 positions are expected to be eliminated in Finland. However, the actual number of job losses in Finland is unlikely to exceed 10.

The upcoming modifications are anticipated to result in a yearly cost reduction of approximately 9 million euros when compared to the current operational system.

In order to accurately reflect changes, it is common practice to include one-time costs related to planned changes as items that affect comparability (IAC) in financial records.

According to Timo Laaksonen, the President and CEO of F-Secure, the decision to initiate negotiations for change may be challenging, but it is a crucial step to ensure a satisfactory level of profitability while still investing in the company’s strategic growth initiatives.

On the 30th of October, the organization will commence a series of changes, which will involve negotiations. These negotiations are expected to last for approximately six weeks, although this timeline is subject to change based on any agreements that may be reached during the process.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.


[ad_2]
Source link

Threads should be a ‘de facto platform’ for online public conversations, CEO says

0
[ad_1]

Instagram CEO Adam Mosseri announced he expects Threads to become a “de facto platform” for online public conversations. He said this as a response to a question from a user asking, “What do you think ‘success’ looks like for Threads in one year?”

Meta’s ambitions for Threads are greater than what they seem. After Mark Zuckerberg said Threads has a good chance of becoming a “billion-person public conversations app,” Instagram CEO now hopes it can become the central platform for public conversations online. Threads now has nearly 100 million monthly active users.

According to Mosseri, they’re now debating the idea internally. “I do think the long-term aspiration is to be the de facto platform for public conversations online, which is about cultural relevance as much as it is about the overall size of Threads,” Mosseri added.

Mosseri says Threads can surpass X and become the largest public conversation platform

Meta’s announcement coincides with the first anniversary of Elon Musk taking over X (Twitter). Threads was actually Meta’s response to Musk’s ambitions of turning X into a crossroad for online public conversations. However, Mosseri admits Threads isn’t yet the largest public conversation platform, and X currently holds the title.

Instagram’s CEO added that Threads has a chance of surpassing X, even though X has “got a big head start, and we’ve got a long way to go.” Additionally, Mosseri said the team is focused on improving the core experience every week, and “Little by little, I think we can continue to build momentum and get there.”

Mosseri also explained the user’s requested features, including “some version of hashtags or tags” that help users find things by topic. He said while such features could be helpful, they can’t “meaningfully change the trajectory of the app.” Instagram CEO noted the Threads web version isn’t yet a primary focus for the company, and iOS and Android apps have way more usage.

Finally, Mosseri said they’re looking for a way to facilitate the integration between teams that work on Instagram and Threads. That’s probably why Meta has recently started cross-posting Threads posts to Facebook feed and Instagram.

The rivalry between X and Threads is reaching an interesting point where both platforms want to add more appealing services and features. Despite Threads’ plan to get away from the news, X plans to launch a newswire service called XWire. Threads also offers a free edit button that doesn’t require a premium subscription.


[ad_2]
Source link