Google’s graveyard is getting bigger with each month. The search giant’s latest victim is Stack: PDF Scanner, a service that allows users to scan and manage documents.
This time around the reasoning behind the decision to kill the app makes perfect sense, so we don’t think Google is to blame (or is it?). According to the Mountain View company, the same functionality provided by Stack: PDF Scanner has been added to the Google Drive app.
If you’re one of the app’s users, Google is trying to make the transition to Drive much easier, so you’ll have access to a tool that allows you to export all your Stack documents to Google Drive.
Obviously, there’s no point in continuing to use Stack: PDF Scanner now that Google announced it will shut down the app in just a few months, so if you need to scan and organize important documents, start using Google Drive instead.
Export documents to Google Drive | Image credits – Google
Here is how you can export your Stack documents to Google Drive:
Open Stack app
Tap Account / Settings / Export all documents to Drive
Confirm by tapping Export
It’s a very simple process that will make it so all your Stack documents will be transferred to the My Drive section of your Google Drive. You’ll recognize them easily since the app will create a green folder titled “Stack.”Now, if you just want to export a single document from Stack, you’ll need to follow this simple process:
Open Stack app
Tap to open the document you want to export
Tap Share
Select the app to export to (Google Drive in this case)
Keep in mind that Stack: PDF Scanner will continue to work for a few more months. However, starting the week of September 23, 2024, support for this functionality will be removed, so make sure to have all your documents exported to Google Drive by then.
Hackers attack AI infrastructure platforms since these systems contain a multitude of valuable data, algorithms that are sophisticated in nature, and significant computational resources.
So, compromising such platforms provides hackers with access to proprietary models and sensitive information, and not only that, it also gives the ability to manipulate the outcomes of AI.
Cybersecurity researchers at Wiz Research recently discovered an Ollama AI infrastructure platform flaw that enables threat actors to execute remote code.
Ollama AI Platform Flaw
The critical Remote Code Execution vulnerability has been tracked as “CVE-2024-37032” (“Probllama”), in Ollama which is a popular open-source project for AI model deployment with more than 70,000 GitHub stars.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
This vulnerability has been responsibly disclosed and mitigated. Users are encouraged to update to Ollama version 0.1.34 or later for their safety.
By June 10, numerous internet-facing Ollama instances were still utilizing vulnerable versions, which highlights the need for users to patch their installations to protect them from potential attacks that exploit this security hole.
Tools of this kind often lack such standard security features as authentication and consequently can be attacked by threat actors.
Over 1000 Ollama instances were exposed, and various AI models were hosted without protection.
Wiz researchers determined in the Ollama server, that leads to arbitrary file overwrites and remote code execution. This issue is especially severe on Docker installations operating under root privileges.
The vulnerability is due to insufficient input validation in the/api/pull endpoint, which allows for path traversal via malicious manifest files from private registries. This highlights the need for enhanced AI security measures.
This critical vulnerability allows for the manifestation of malicious descriptive files using path traversal to enable arbitrary reading and writing of files.
In Docker installations with root privileges, this can escalate into remote code execution by tampering with /etc/ld.so.preload to load a malicious shared library.
The attack starts when the /api/chat endpoint is queried, creating a new process that loads the attacker’s payload.
Even non-root installations are still at risk, as some other exploits utilize the Arbitrary File Read technique.
However, it’s been recommended that the security teams should immediately update Ollama instances and avoid exposing them to the internet without authentication.
While Linux installations bind to localhost by default, Docker deployments expose the API server publicly, which significantly increases the risk of remote exploitation.
This highlights the need for robust security measures in rapidly evolving AI technologies.
Disclosure Timeline
May 5, 2024 – Wiz Research reported the issue to Ollama.
May 5, 2024 – Ollama acknowledged the receipt of the report.
May 5, 2024 – Ollama notified Wiz Research that they committed a fix to GitHub.
May 8, 2024 – Ollama released a patched version.
June 24, 2024 – Wiz Research published a blog about the issue.
FreeWebinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
Mobile app security provider Promon has uncovered a never-before-seen Android banking malware. Dubbed Snowblind, it uses a novel technique to exploit Android OS functionalities and compromise banking apps. The firm says the malware is effective on all Android devices, including the best ones with the strongest security measures. It requires app-level security enhancements to nullify potential financial loss.
Snowblind is a first-of-its-kind Android banking malware
Snowblind appears to be one of the most advanced Android banking malware with novel anti-detection techniques. According to Promon, the malware manipulates a Linux kernel safety feature built into Android OS called “seccomp” (secure computing). The feature “controls what an app is allowed to do by limiting the system calls, or requests, an application can make from the operating system.”
Like most other malware, Snowblind relies on exploiting accessibility services to gain system-level access to an infected device and perform malicious activities without the user’s knowledge. However, since Android has security measures in place to detect malicious accessibility services, it modifies apps to prevent detection. It “performs a normal repackaging attack” with a lesser-known technique based on seccomp.
Promon says Snowblind’s technique abuses the seccomp functionality “to intercept and manipulate system calls,” which enables it to bypass security checks and anti-tampering mechanisms. This allows the attackers to stealthily execute malicious activities on the device. They can use other functions of the malware to steal login credentials for a banking app and make unauthorized transactions.
To make their work easier, Snowblind can disable security features such as two-factor authentication (2FA) and biometric verification. It can also exfiltrate sensitive personally identifiable information and transaction data from the app. This data can be exploited later for fraudulent activities, including impersonation. Since Snowblind attacks the app itself, it is effective on all modern Android devices.
Snowblind’s technique is new, so most apps are vulnerable
The security firm discovered that the Snowblind Android malware is currently designed to specifically target banking Android apps in Southeast Asia. However, the firm found its seccomp-based technique “more interesting than the malware itself,” so much so that threat actors may soon devise more types of exploits and attacks. To make the matter worse, it’s a new technique and most modern apps lack protection against it.
Promon says it has developed protective measures against Snowblind and other potential variants of seccomp-based attacks and malware strains. Version 6.5.2 or newer of its Promon SHIELD platform offers these protections. Developers can employ the solution to keep their apps safe. For end users, these types of powerful banking malware are a reminder that we shouldn’t install apps from unknown sources. Never download files from shady websites or via forwarded links. Always visit the official website of a developer or an official app store to download apps.
Right now, it’s the Wild West on the AI landscape. We’re still waiting for actual laws and regulations regarding the technology. It’s been almost two years since ChatGPT hit the scene, so we’re overdue for some sort of structure. According to a new report, several entities banded together to form an AI trade group.
Right now, there are lawsuits floating around regarding AI technology. The New York Times is suing OpenAI and Microsoft for copyright infringement. Also, several top record labels are suing AI music generators for much the same reason. We’re still waiting for the results from those cases. The results from those cases could have an effect on the AI market as a whole.
Several content licensing companies have developed an AI trade group
Rightsify, vAIsual, Pixta, and Datarade are some of the companies involved in this new trade AI trade group. This will help advocate for the ethical sourcing of data to train AI models. Together, they formed the Dataset Providers Alliance (DPA). A big part of what the alliance will be doing will focus on pushing for legislation to go through regarding the use of AI.
For example, the DPA will push for the NO FAKES ACT to pass in the U.S. This is the bill that forbids entities from using digital copies of people’s likeness or voice. We’ve seen examples of this, and celebrities are the main target.
Along with that, the DPA will push for companies to be more transparent about how they’re sourcing and using the data they get. According to Alex Bestall, CEO of Rightsify and GCX, the alliance plans to release a white paper in July.
This is just the kind of thing that the AI space needs. Right now, there’s no telling how many people have had their content scraped to train AI models without their consent. There’s nothing that the average Joe can do because large trillion-dollar companies like Google are always going to have their way. So, it’s important that we have alliances like these to help even the playing field.
Strava announced last month a bunch of improvements coming to its app in the next few months including a dark mode, AI tools, as well as a new Family Plan subscription, the sister of the company’s Student Plan.
While the of the new features have already been implemented, it took Strava about slightly more than a month to bring the promised Dark mode to its Android and iOS apps (via 9to5google).
One of Strava’s most requested features, Dark mode promises to improve the in-app experience for all users. Obviously, the biggest benefit of having Dark mode enabled is the reduction in eye strain, but the functionality also improves accessibility while scrolling through the feed.
Strava users have a couple of options at their disposal when choosing the right Dark mode setting. For instance, the integration comes with “Always Dark” and “Always Light” toggles, as well as the option to match your device’s settings.
In other news, Strava users should prepare for a wave of AI-oriented features, such as the AI-enabled Leaderboard Integrity, which promises to “harness machine learning to automatically flag irregular, improbable, or impossible activities recorded to the platform.”
Strava says that this leaderboard has been trained by millions of activities and its aim is to make users enjoy their time spend on the platform without having the feeling that they’ve been cheated by other users.
Strava Dark Mode Heatmap | Image credits – Strava
Other important new improvements coming to Strava include features like Night Heatmaps, Quick Edit, and Strive for More. Night Heatmaps only show activities between sundown and sunrise, while Quick Edit allows Strava users to make edits – like activity name, privacy settings – on the fly.
Last but not least, Strive for More is a program that aims to promote and support women in movement and sport. In this regard, Strava announced last month a partnership with TOGETHXR to encourage women to watch and play women’s sports.
OilRig is an Iranian-linked cyber espionage group that has been active since 2015, and this group is known for its sophisticated spear-phishing campaigns and advanced infiltration techniques.
This group conducts a multitude of cyber attacks against various sectors, and among them, the most executed ones are intelligence gathering, surveillance, and high-profile cyberattacks.
Besides this, cybersecurity researchers at Cyble recently identified that OilRig hackers have been actively attacking Middle Eastern entities and organizations related to Iranian interests.
The group continually evolves its tools to evade detection and has expanded its operations to include disruptive attacks like ransomware and data-wiping.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
OilRig Hackers Attacking Individuals
OilRig targets over 20 countries across various regions:-
Origin and Targeted Countries (Source – Cyble)
It attacks diverse sectors including:-
Aerospace & Defense
BFSI
Chemicals
Education
Energy & Utilities
Government & LEA
Hospitality
IT & ITES
Technology
Telecommunication
The group employs customizable attack vectors, often starting with spear-phishing or exploiting public-facing applications to deliver malware for data exfiltration.
OilRig is suspected to have links with Greenbug and is known for exploiting unpatched SharePoint servers. Its extensive reach and adaptable tactics make it a significant threat in the cyber espionage landscape.
The group OilRig made use of LinkedIn-based phishing masquerading as Cambridge University Members and exploited already known vulnerabilities like CVE-2019-0604 and CVE-2017-11882.
LinkedIn Message Asking to Download File (Source – Cyble)
For persistence, OilRig uses malicious loaders, VBScript, or scheduled tasks. Their arsenal also includes various RATs like Alma Communicator and BONDUPDATER, among others.
The group also employs living-off-the-land tactics to attack public-facing applications in their operations, as the Cyble report reads.
They do so by linking IPs and domains from previous attacks, which helps them illuminate the group’s development as a continuous threat touching many sectors.
Here below we have mentioned all the tools used:-
Alma Communicator
BONDUPDATER
Clayslide
DistTrack
DNSExfitrator
DNSpionage
Dustman
Fox Panel
Helminth
ISMAgent
ISMDoor
ISMInjector
Karkoff
Mimikatz
LaZagne
LIONTAIL
LONGWATCH
SideTwist
Neuron
Nautilus
PICKPOCKET
Plink
PsList
RDAT
Saitama
SpyNote RAT
TONEDEAF
OilRig is a group of elite hackers who are experts in cyber espionage. They specialize in secret C&C communication using various methods.
They have developed targeted exchange servers, HTPSnoop implants, HTTP and DNS queries, and protocol tunneling for stealthy network communications.
Recommendations
Here below we have mentioned all the recommendations:-
Regular software patching
Enhanced email security
Robust network monitoring
Advanced endpoint protection
Strict access control
Comprehensive incident response plan
Utilize threat intelligence
Ongoing employee cybersecurity training
FreeWebinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
As expected, Samsung announced its next Unpacked today. The big launch event will take place on July 10 in Paris, France. Leaks have already revealed what the company has in store. It will unveil new foldables, watches, earbuds, and more. As we wait for the event, a fresh leak has disclosed the alleged prices of the Galaxy Z Fold 6 and Galaxy Z Flip 6, along with their storage variants and color options.
Galaxy Z Fold 6 & Flip 6 prices leaked again, but they may not be accurate
A few weeks ago, we got word that Samsung will increase the prices of its next-gen foldables. Both the Galaxy Z Fold 6 and Galaxy Z Flip 6 were said to cost about $100 more than their respective predecessors in the US, putting their starting prices at $1,900 and $1,100. The latest leak now gives us European prices of the upcoming foldables. Unsurprisingly, Samsung is charging more in Europe too.
However, before diving deeper, let us tell you that the alleged prices seem a little off. The report says the new Fold will see a price jump of a whopping €300 across the board. This may not be true. The upcoming book-style foldable doesn’t have anything that warrants such a massive price hike. The Flip’s reported price hike of €130 is more reasonable, but we’d still advise you to take this information with some caution.
This being said, let us break down the prices. Samsung will reportedly price the 256GB Galaxy Z Fold 6 at €2,200 in Europe, up €300 from €1,900. Likewise, its 512GB storage model costs €2,330 instead of €2,040 and the 1TB model costs €2,580 instead of €2,280. All three storage variants will have 12GB of RAM—there is no 16GB RAM option for the phone. Color options include Silver, Pink, and Navy.
Coming to the Galaxy Z Flip 6, Samsung is upgrading it to 12GB RAM with 256GB and 512GB storage options, priced at €1,330 and €1,450, respectively. These prices are €130 more than the Flip 5’s €1,199 and €1,319. The device has more notable hardware upgrades—RAM boost, new primary rear camera (50MP), and bigger battery (4,000mAh)—so this price hike may be justified. It comes in Blue, Mint, and Silver Shadow colors.
You can already pre-reserve the upcoming foldables
Samsung has already started accepting pre-reservations for the Galaxy Z Fold 6 and Galaxy Z Flip 6. You can reserve either foldable before July 10 to get a $50 credit that you can redeem on Samsung’s online store when purchasing the device. However, if the leaked prices are accurate, the foldable duo could be a tough buy. You might be better off picking up the 2023 model at a discount, or perhaps grabbing one from some other brand. The foldable market has no shortage of options.
Early in 2024, North Korean threat actors persisted in using the public npm registry to disseminate malicious packages that were similar to those that Jade Sleet had previously used.
Initially thought to be an extension of Sleet’s activity, further investigation revealed a new threat actor targeting the open-source ecosystem through the npm registry, highlighting the ongoing risk posed by North Korean actors despite heightened awareness within the security community.
Timeline
A new North Korean threat actor, Moonstone Sleet, leverages the open-source software supply chain vulnerability by distributing malware through malicious packages on the public npm registry.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
This tactic, which is comparable to that of other North Korean actors like Jade Sleet, exposes developers to potential compromise and emphasizes the ongoing threat that state-sponsored actors pose to the integrity of the open-source ecosystem.
Microsoft has identified a new North Korean threat actor, Moonstone Sleet, that uses various tactics (TTPs) for financial gain and espionage, which overlap with other North Korean actors but also include unique methods.
Malicious Payload Execution
Similar to techniques reported by Phylum, Moonstone Sleet distributes malicious npm packages through both targeted freelancing platforms and the public npm registry, which expands their reach and increases the chance of unsuspecting developers installing their malware.
An analysis of malicious npm packages by Checkmarx reveals distinct code styles between those linked to Jade Sleet (Spring/Summer 2023) and Moonstone Sleet (Late 2023/Early 2024), while Jade Sleet’s packages employed a two-part strategy to evade detection.
The first, published under a separate account, created a directory and fetched updates from a remote server, establishing the infrastructure for the second package, likely containing the malicious payload, to execute on the compromised machine.
code of the first package in the pair
The second package in the pair acts as a downloader and executor, which retrieves a token from a file created by the first package and uses it to download malicious code from a specific URL, which is then written to a new file on the victim’s machine and executed as a Node.js script, unleashing its malicious functionality.
Code of second package in pair
The two-package approach is a shift from the single-package method used in late 2023 and early 2024, where the payload was directly encoded and executed upon installation.
The attackers seem to be refining their technique by using a separate downloader to potentially evade detection while maintaining the core malicious functionality.
Attackers are using malicious open-source packages to deliver payloads, which download a file, decrypt it using a simple XOR, rename it, and execute it via rundll32 on Windows.
To evade detection, the package self-cleans by deleting temporary files and replacing its malicious code with a clean version, while the attack evolved in Q2 2024, with packages becoming more complex, using obfuscation, and targeting Linux systems as well.
FreeWebinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
Malwarebytes Premium has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.”
For its performance in the May 2024 evaluation, Malwarebytes Premium also received a certificate of “Excellence.”
According to AV Lab, such certificates “are granted to solutions that are characterized by a high level of security, with a rating of at least 99% of blocked threats in the Advanced In-The-Wild Malware Test.”
Every two months, the cybersecurity and information security experts at AV Lab construct a series of tests to compare cybersecurity vendors against the latest malware that is currently being used by adversaries and threat actors.
For the May evaluation, AV Lab tested 521 unique malware samples against 13 cybersecurity products. Malwarebytes Premium Security detected 521/521 malware samples, with a remediation time of 44 seconds—well below the 52-second average determined by AV Lab in its most recent testing.
Three cybersecurity vendors failed to block 100% of malware tested: ESET, F-Secure, and Panda.
To ensure that AV Lab’s evaluations reflect current cyberthreats, each round of testing follows three steps:
Collecting and verifying in-the-wild malware: AVLab regularly collects malware samples from malicious and active URLs, testing the malware samples to understand their impact to networks and endpoints.
Simulating a real-world scenario in testing: To recreate how a real-life cyberattack would occur, AVLab uses the Firefox web browser to engage with the known, malicious URLs collected in the step prior. In the most recent test, AVLab emphasized the potential for these URLs to be sent over instant messaging platforms, including Discord and Telegram.
Incident recovery time assessment: With the various cybersecurity products installed, AVLab measures whether the evaluated product detects a malware sample, when it detects a sample, and how long it took to detect that sample. The last metric is referred to as “Remediation Time.”
Malwarebytes is proud to once again achieve a 100% score with AVLab’s Advanced In-The-Wild Malware Test, a trusted resource that proves our commitment to user safety.
The Motorola Moto G85 is now official in both Europe and China
The Moto G85 launched in Europe and China. It’s called the Moto S50 Neo in China, actually. This is a budget smartphone, and chances are it won’t be making its way to the US… but it remains to be seen.
The Moto G85 does look really nice, however. It has a curved display with thin bezels and a centered display camera hole. Two vertically-aligned cameras are included on the back. They are located in the top-left corner, and that camera island does blend really well with the rest of the phone’s back.
This smartphone includes a 6.7-inch fullHD+ (2400 x 1080) pOLED display. That is a 10-bit display with a 120Hz refresh rate and a 360Hz touch sampling rate. It offers up to 1,600 nits of brightness.
Qualcomm’s mid-range chip fuels the device
The Snapdragon 6s Gen 3 fuels this phone, Qualcomm’s 6nm chip. Motorola included 12GB of RAM here, and 512GB of internal storage. In China, more RAM and storage options are available. Do note that the storage is also expandable.
A 5,000mAh battery sits inside the device, and 30W fast charging is supported. Android 14 comes pre-installed, with Motorola’s skin, while there are two nano SIM card slots included and a separate microSD card slot.
A 50-megapixel main camera (Sony’s IMX882 sensor, f/1.8 aperture, OIS) sits on the back, along with an 8-megapixel ultrawide unit (f/2.2 aperture, macro, depth camera). A single 32-megapixel unit (f/2.45 aperture) sits on the front.
It is water resistant, and has an in-display fingerprint scanner
The phone does include a set of stereo speakers, and Dolby Atmos is also supported. Two microphones are included on the phone, while the device is IP54 rated for water resistance. Bluetooth 5.1 is also supported, while the phone has an in-display fingerprint scanner too.
The Moto G85 measures 161.91 x 74.06 x 7.59mm, while it weighs 171 grams. There’s vegan leather on its back, by the way, but one additional variant will be available too, probably with glass on the back, we’re still not sure.
.webp)
.webp)
.webp)
.webp)
.webp)
