X ranks the worst in handling misinformation states EU report

0
[ad_1]

X, formerly known as Twitter, has always had a misinformation problem, especially since the blue checkmark became available to anyone willing to pay. Now, in a recent development, a new report from the European Union (EU) has questioned X’s role in handling the spread of misinformation, which could also be a direct violation of the new Digital Services Act (DSA).

According to the report, which evaluated all major social media platforms using structural indicators designed to detect disinformation, Twitter ranked highest in both the volume of disinformation on its platform and the engagement it generated with misleading content. Additionally, Twitter’s recent exit from the EU’s Code of Practice on Disinformation has raised significant concerns, especially considering the fact that EU lawmakers warned that Twitter’s policies were amplifying Kremlin propaganda.

“Mr Musk knows he is not off the hook by leaving the code of practice. There are obligations under the hard law. So my message for Twitter/X is you have to comply. We will be watching what you do,” said European Commission Vice President Vera Jourova.

Furthermore, there are concerns about the platform’s new fact-checking feature called Community Notes. While this feature aims to involve users in assessing the accuracy of content by allowing them to add contextual notes to questionable tweets, it also raises concerns because Twitter seems to be outsourcing its responsibility to users.

X’s response

Although X did not directly respond to the EU’s report, the company did use its Global Affairs Twitter account to contest the study’s “framing” and stated that the data does not support the narrative being portrayed in the media.

“This important debate should consider the full range of actions taken by platforms and recognize the importance of protecting free expression. More than 700 unique Community Notes have appeared on posts related to the Ukraine conflict,” said X.


[ad_2]
Source link

Fake Bitwarden Password Manager Website Drops ZenRAT Windows Malware

0
[ad_1]

If you’ve installed Bitwarden Password Manager recently, ensure that you downloaded it from its official website and not from a fraudulent, malicious source.

  • ZenRAT malware is distributed as an installation package for the widely used Bitwarden password manager.
  • Malware operators have designed a fake Bitwarden website to deliver the malware.
  • It specifically looks for Windows-based devices.
  • ZenRAT is a modular RAT capable of stealing sensitive information.

Enterprise security firm Proofpoint’s cybersecurity researchers have discovered a spooky new malware distributed as an installation package for the popular password manager Bitwarden to deceive users and steal sensitive data from their devices.

This bogus installation package, dubbed ZenRAT, is delivered via a fake Bitwarden website, which looks exactly like the original one but is not legitimate. If a user pays attention, it is easy to catch that malware operators have used the typosquatting technique because the fake website is titled bitwaridencom.

Fake Bitwarden Password Manager Website Drops ZenRAT Malware on Windows
The fake website (Proofpoint)

ZenRAT’s main targets are unsuspecting Windows users. If a visitor clicks on the downloadable link marked for another platform (e.g., Linux or macOS), they are redirected to the original Bitwarden website (vault.bitwarden.com) on the Downloads page. If a Windows user clicks on it, their device will be infected with ZenRAT, and the malware will establish a connection with its C2 server (185.186.7214).

Once this is done, the malware will collect desired data, including system details and stored credentials. ZenRAT can steal information like the CPU and GPU names, OS version, RAM, IP address, and device gateway. It will also extract information about installed antivirus solutions and other apps. It can also steal browser data and passwords. ZenRAT transmits the logs to the C2 server in plaintext.

It redirects the website visitors to a benign website. However, researchers didn’t specify how the visitors are redirected to the website. Previously, the malware was distributed in such campaigns through phishing, SEO poisoning, or malvertising attacks. The payload is titled Bitwarden-installer-version-2023-7-1.exe and downloaded via crazygamescom. This trojanized version of the legit Bitwarden installer contains a .NET executable titled (ApplicationRuntimeMonitor.exe).

According to Proofpoint’s blog post, when researchers examined the malicious installer package’s metadata, they observed that the attacker had masqueraded it as Priform’s Speccy. It is a freeware Windows utility that displays hardware/software-related information.

Moreover, the executable has an invalid signature that seems to be signed by FileZilla fame German computer scientist Tim Kosse. However, this signature is also fake. This modular RAT also runs anti-sandbox and anti-VM checks to determine if it is safe to operate on the device. The checks also include geofencing to ensure it isn’t installed in any Russian-speaking region.

Exercise Caution When Using a Password Manager

Researchers strongly advise users to exercise caution when downloading software and recommend obtaining applications exclusively from official sources. It’s worth noting that password managers have frequently been targeted in cyberattacks and scams, with LastPass being a notable example.

As a safer alternative, the top three browsers—Google Chrome, Mozilla Firefox, and Safari—offer free password manager features. If you’re unsure about which service to use, any of these three options would provide similar benefits and, in some cases, may be more secure than others.

  1. Fake Windows 11 installers infecting devices with adware
  2. Big Head Ransomware in Malvertising, Fake Windows Updates
  3. Fake Telegram, WhatsApp clones aims at crypto on Android, Windows

[ad_2]
Source link

A screen to die for

0
[ad_1]

The Android tablet is making a comeback in the tech world. While the tablet market as a whole is on the decline, interest in the Android tablet has been on the rise. Android manufacturers are again putting tender love and care into the tablets that they make. Lenovo has offered its series of tablets for years, and the company gave us its most extreme model. Android Headlines was given the opportunity to review the Lenovo Tab Extreme.

This tablet is, in many ways, a productivity-focused piece of hardware, and it’s no doubt meant to be a competitor the Samsung Galaxy Tab S Ultra tablets. So, what does it have to offer? What makes it better than the latest Galaxy Tab? Why should you buy it? In this review, we’ll answer those questions and any others that you might have. So, let’s dive into this review.

Lenovo Tab Extreme Review: Design

Lenovo has established a design language all its own with its tablets, and the Tab Extreme continues the company’s innate aesthetic. Honestly, I like the design. It has an interesting two-tone look with a predominantly metal design. The majority of the tablet is made from a matte metal.

Lenovo Tab Extreme 18

Across the top of the back, there’s a slender glass strip that houses the cameras and the magnet for the stylus. The strip is reflective, and it gives the tablet a sleek and elegant design. The glass strip on top juts out just a bit.

The design of the Lenovo Tab Extreme is simple, but it definitely sticks out from other tablets that you would see on the market.

Lenovo Tab Extreme Review: Build quality

Let’s not mince words; the Lenovo Tab Extreme is a pricey tablet. Fortunately, its build quality reflects that. It goes far beyond the metal chassis. Any company can slap a metal body on a tablet and call it premium. However, it’s not as simple as that.

This tablet is solidly built with a pleasing heft to it. It’s heavy enough to let you know that it’s premium, but it avoids being bulky. Don’t get me wrong, it definitely gets a bit uncomfortable to hold after a bit. However, it strikes a nice balance between being too heavy and too light.

The Lenovo Tab Extreme is also rather thin. this, coupled with the heft of the tablet makes it feel rather compact. That gives the tablet that solid feeling in the hand.

Lenovo Tab Extreme 17

Lenovo Tab Extreme Review: Display

The Lenovo Tab Extreme has a massive 14.6-inch display, and it’s one of the best parts of the whole experience. I’ve used other Lenovo tablets with similar screen technologies, but this one stands above them and other tablets that I’ve used.

Colors

There are three different color modes that you can choose from: Standard, Natural, and Vibrant. Standard and Natural modes keep the colors toned down to produce a more natural picture. It will remind you of what you’d see from a standard LCD display.

However, this is an OLED panel, and switching it to the Vibrant mode will really punch up the colors. In this mode, pictures and videos just pop with more saturated colors.

That being said, the vibrant color mode shows a level of restraint that keeps them from baking your retinas. The colors are all well-contained, which is important. There is such a thing as too saturated, and thankfully, Lenovo didn’t choose to go overboard.

When you choose a color mode, the color temperature is chosen automatically. However, you can change the color temperature in the display menu.

Brightness

This is the kind of tablet you’re likely to take out with you on work days. So, brightness is important, and Lenovo nailed it. The screen is extremely bright; brighter than what would be necessary in most indoor situations. I had no trouble using this tablet outside in the bright sun. The only time I had trouble with the brightness was when the sun itself was directly reflected in the screen, but no one would realistically try to work like that.

Lenovo Tab Extreme 19

Refresh rate

The Lenovo Tab Extreme comes with a silky smooth 120Hz refresh rate. The refresh rate is only made better by how beautiful the company made the animations in the software.

Overall, the display is one of the main reasons to get this tablet. It’s an absolutely breathtaking display that you’ll love to watch content and do work on. Whether you’re at home, in a brightly lit building, or outside in the sun, it will completely fulfill your needs.

Lenovo Tab Extreme Review: Speakers

Whenever I get a new mobile device, it’s rare that I would use its actual speakers for recreational listening. I’d either throw on a pair of headphones or take out my Bluetooth speaker. The only other tablet that I don’t do this with is the Honor Pad 8.

Basically, tablet speakers have yet to be a suitable replacement for a good Bluetooth speaker… that was until I reviewed the Lenovo Tab Extreme. I was honestly blown away when I heard the sound coming out of these speakers.

In all honesty, shortly after listening to the sound coming out of them, I forgot that I was listening to a tablet. When you’re listening to a bad set of speakers, the bad qualities make themselves apparent throughout the listening experience; it’s hard to forget and just enjoy the audio. The sound from these speakers is so immersive, so punchy, so well-balanced that my ears just accepted it as sound, not sound from a tablet’s speakers.

Loudness

There’s a set of four speakers on this device, and that makes for quite a powerful sound. With a screen this big, you’re likely to use this to show movies or videos to a group of people. These speakers are more than loud enough to spread the sound around a room. I could sit this tablet all the way across my room and listen to music at only half volume.

Low end

When it comes to listening to music, especially more modern music, low end is extremely important. I found that, regardless of the audio setting, the low end was well-contained. Listening to more bass-heavy music, I never found that the bass overwhelmed the audio.

If I could say anything, I’d say that the bass is ever so slightly too subdued. It’s not by a large margin. There are some points when I could used just an ounce more bass. However, the sound isn’t thin by any means.

Lenovo Tab Extreme 14

I get the most low end in the Dolby Atmos settings. I set it to the Warm setting in the Music section. It has the biggest EQ boost in the lower-mids.

High end

The low end is juicy and the high end is crisp. While listening to music, violins cut through, snare drums and high hats have no problem being heard. Just like the bass, the highs keep from being overbearing. They’re subdued, yet they’re still dynamic.

Overall balance

As for the overall balance, these speakers do a good job of representing the full range of frequencies. While listening to modern music, neither the high-end nor low-end felt like too much. However, I felt that the voices did suffer in the Music setting just a bit.

Listening to epic cinematic music, these speakers shine. Simultaneously, I hear the impactive punch of the bass drums, the grit of the low brass, and the higher tones of the strings. It’s an all-around amazing and immersive sound.

When it comes to listening to classical music, balance is extremely important. The bass isn’t emphasized to blow your head off. Rather, each part is meant to flow together in a beautiful tapestry of sound. So, balance is needed for a proper music-listening experience.

I’ve never used a set of tablet speakers better for classical than the speakers on the Lenovo Tab Extreme. Just like with cinematic music, all of the parts get equal attention.

Who are these speakers for?

These speakers are really for everybody because of how balanced they are. If you’re into listening to more modern bass-heavy music, they’re for you. If you’re into more traditional orchestral or classical music, they’re for you. This also goes for watching content. It doesn’t matter if you’re watching an action movie, documentary, drama, or comedy, these speakers are great.

Lenovo Tab Extreme Review: Performance

MediaTek has come a long way since a few years ago. Before, their chips were confined to lower-powered handsets while the Snapdragon processors were held for the performance beasts. However, times have changed; MediaTek is shelling out chips that are going toe-to-toe with the likes of the best Snapdragon processors.

Why is this important? Well, the Lenovo Tab Extreme uses the extremely powerful MediaTek Dimensity 9000 SoC. The Dimensity line of chips has shown itself to be a powerful set of chips, and those on the upper end have no trouble keeping up.

Lenovo Tab Extreme 22

Using this tablet, I had no issue whatsoever. Navigating the interface, using apps, working, content consuming; it didn’t matter what I did on this tablet, everything ran smoothly. I give half of the props to MediaTek for making such a powerful processor, but I also give props to Lenovo for optimizing the software for the chip. I once reviewed a different tablet with the same processor, and I noticed occasional stutter and lag throughout the software. In the case of the Lenovo Tab Extreme, it ran perfectly smoothly.

In terms of RAM management, I didn’t have any problem with too many apps closing in the background. I’d play some games and go on writing with two Chrome windows open. After that, I’ll play some more games and still be able to return to the games I played earlier.

The fact of the matter is that this is a work tablet, and it performs like it.

Lenovo Tab Extreme Review: Gaming

Moving onto gaming, you can expect this tablet to crush most of the games that you’ll throw at it. Starting off with simple and 2D games, this tablet handles them like a dream. Games like Streets of Rage 4, EvoLand, and others like that run 100% smoothly on the Tab Extreme. The Dimensity 9000 is able to power through them without breaking a sweat.

Moving onto simple 3D games, the story is quite the same. We’re talking about games like Dragon Ball Legends and Sky: Children of The Light. These games are pretty good-looking, and they could give weaker hardware some trouble now and then. However, the Tab Extreme doesn’t flinch in the slightest. I’m still able to get a smooth 60fps.

Now, for the final frontier of mobile gaming, the more graphically intensive titles. We’re talking about games like Genshin Impact. This game sits in a class all its own, being one of the prettiest games that you can download on a mobile device, and it’s unplayable on lower-powered devices. However, the Lenovo Tab Extreme handles this game without much issue. Overall, it’s extremely smooth, even when the graphics are turned to their highest setting.

I didn’t have any hiccups while playing the game, and that involved heavy battling and traveling. I’d say that I probably wasn’t able to get a full 60fps throughout, but I know that it was able to get and maintain well over 30fps.

Lenovo Tab Extreme 15

While you might not use this tablet for much gaming, just know that it’s more than capable of running all of the games that you can throw at it.

Lenovo Tab Extreme Review: Battery

So far, most aspects of this tablet have been exceptional. However, when it comes to the battery life, things are rather lukewarm. The battery life in the Lenovo Tab Extreme is pretty average. While using this tablet, I’d have the brightness down to about 70%. On long days, I’d get between five and six hours of screen-on time.

That’s not too bad especially if you use this tablet mostly for work. It will get you through an average day of work. However, if you plan on using it after your work, then you’ll want to have the charger handy.

The battery life isn’t terrible especially considering the fact that the display is so large. It’s similar to how most powerful laptops don’t get the best battery life because the battery is powering so much.

When it comes to charging, Lenovo again went above and beyond. This tablet comes with a large 68W charger in the box. This gets the Tab Extreme charged up in just over an hour.

Lenovo Tab Extreme Review: Camera

The Lenovo Tab Extreme is a top-tier piece of hardware, but all devices have their Achilles heel. For this tablet, it’s the camera. This should come as no surprise and it shouldn’t really dampen the experience. No one really buys a tablet for its camera, and that goes double for a device this big. It’s not quite point-and-shoot-sized. Lenovo put the two cameras on the back of this tablet as a formality. The camera quality in this tablet is what you’d expect from a tablet.

Lenovo Tab Extreme 16

Colors

The Tab Extreme’s display has some nice and juicy colors, but you wouldn’t know it by looking at the pictures it takes. Looking back at the pictures that this tablet produces, the colors are toned down. They’re absolutely dead. Taking a picture of green grass on a sunny day, you’d expect the colors to pop, but they don’t.

In just about every scenario, it looks like someone took a picture, put it in a photo editor, and turned down the saturation. There was only one picture where the sky had a nice juicy shade of blue, but taking a picture of the sky is problematic for a different reason I’ll discuss later. All in all, if you’re in a pinch and you need to use this tablet’s camera, don’t expect it to be anything noteworthy.

Exposure

Now, let’s talk about that sky; just about every picture I took with the sky in it, the sky was blown out. Getting a well-exposed shot on a harsh summer day is hard for any camera, don’t get me wrong. The camera has to compensate for the dark shadows as well as the highlights. However, most other cameras manage to retain some of the colors in the sky while properly exposing everything else. For this tablet, pretty much the entire sky is a wash of white.

One thing that makes the exposure issue worse is the fact that the shadows are still crushed when overcompensating. Shots where the sky is over-exposed still had dark or even completely black spots in the shadows.

Contrast

Moving onto contrast, as you can expect, it’s not good. Just like with the colors, it’s like someone turned down the contrast setting in a photo editor. Photos taken in the bright summer sun have a lot of potential for great contrast, but the pictures just look dull. This is even with the blown-out highlights and crushed shadows.

Video

As you can expect, the videos that this tablet takes aren’t anything special. They have the same issues as with the pictures. The colors and contrast just aren’t there, and the video’s littered with blown-out highlights and crushed shadows. Lastly, the stabilization is also terrible.

Overall

The camera is the worst aspect of this tablet, and you most likely have a much better camera in your pocket. Am I going to dock points from the tablet? No. As stated, the camera is just a formality. It can take pictures and videos; that’s it. The camera can take these if you’re in a pinch, but it’s not a focus of the core experience.

Lenovo Tab Extreme 20

Lenovo Tab Extreme Review: Software

Lenovo’s other tablets have an experience that’s pretty similar to stock Android, but that’s not the case with this tablet. The Lenovo Tab Extreme has a different aesthetic. At the time of this review, this tablet is using Lenovo ZUI version 15.0.765 running on Android 13. So, it’s running the latest version of Android that’s currently out.

The experience overall is pretty familiar if you’re used to modern Android tablets. Being on Android 13, it has the new slew of tablet optimizations that Google pushed out with Android 12L. This means that the notification drawer is split, the recent app screen is a grid, the app doc is there by default, and more.

As for the overall aesthetics, there’s no Material You influence to be found. Lenovo went in its own direction, and that direction is a bit simpler than most other software. It’s pretty toned down when it comes to the animations. Also, the UI isn’t really cluttered with a ton of different features or visual additions. So, the interface is pretty clean for the most part.

There’s almost a glass effect on certain bits of the UI like the notification shade, the app dock, and the folders. There’s a pleasing transparent look to them, and they pair well with the pre-installed wallpapers.

The software looks nice, but since Lenovo went in its own direction with the software, there are no Dynamic Colors. This means that your software won’t take on the color aesthetic of the wallpaper you set. That’s unfortunate, but it’s not the worst thing.

Lenovo Tab Extreme Review: Accessories

The company was kind enough to send us a couple of accessories to test out with the tablet.

Lenovo Precision Pen 3

Let’s start off with the stylus. I used the Lenovo Precision Pen 3 with the Tab Extreme, and this pen is nothing if not precise. You’ll have no trouble using this to write or draw.

 

When it comes to the functionality of the pen, Lenovo packed a ton of software features into this stylus. Firstly, it connects to the tablet and charges magnetically. When you take it off of the tablet, you have the option to summon a toolbar with additional options. Some of the tools are a magnifier tool, a screenshot tool, and a camera shortcut.

There’s a physical button on the stylus that you can press to perform different tasks. There’s actually a remote control feature that will let you use your stylus’ button for certain tasks while at a distance from the tablet. You can use it to skip tracks, play/pause media, etc.

Aside from that, there are other features and functionality that you have with the stylus.

Lenovo Tab Extreme Keyboard

A tablet like the Tab Extreme needs a keyboard that’s equally as extreme, and that’s what the company gave me to review. This is a combination tablet case and keyboard that’s about as heavy-duty as you can get. It’s made from sturdy materials that will keep the tablet protected from falls.

It has a pretty robust hinge that locks into place to prevent any sliding. The top part of it bends to let you adjust the tablet to the angle that you want. The range of motion is pretty limited, but it’s not too bad. You’re still sure to find the angle that suits you.

The only issue is that it doesn’t offer 100% protection, The back of the case only goes up to the glass section. This means that the thin glass strip at the top is still vulnerable during a drop.

As for the keyboard itself, it’s great as far as keyboard cases go. The back plate is resilient, so you can use it on your lap without it bending or buckling.

As for the keys, they’re also great as far as keyboard cases go. They’re fairly mushy, so if you’re used to using a mechanical keyboard, then it’ll take some getting used to. Also, the keys are pretty large to accommodate the large size of the tablet, so that’ll also take some getting used to. One neat feature of this keyboard is the backlight. It has both a bright and dim mode.

Lenovo Tab Extreme folio case

This provides all-around protection to the Lenovo Tab Extreme. The folio case is made from sturdy materials and will keep your tablet protected during a fall. You can use it as a tablet stand as well because the top flat folds backward. So, you can prop it to watch movies. You can also attach a controller to it and use it to play games on.

Lenovo Tab Extreme Review: Final verdict

Anyone can make a big tablet; anyone can slap a flagship-grade processor into said tablet; anyone can stick an OLED screen onto their tablet, but it doesn’t mean a thing unless you can create an all-around powerful and usable experience. This is exactly what Lenovo did.

The Lenovo Tab Extreme is a fantastic piece of hardware, and it’s the most powerful Android tablet I’ve ever used. The power and performance are top-notch, the software is well-optimized, the display is gorgeous, the speakers are amazing, and it’s all wrapped up in an incredibly sturdy and high-quality chassis.

Lenovo Tab Extreme 21

My only gripe is that the battery performance might leave you with an empty tank on long work days. However, you can always keep the charger with you. Would I recommend this tablet to others who want to get serious work done? Yes, I’d do it in a heartbeat!


[ad_2]
Source link

Node.js Malware Takes Over Victim’s Computer

0
[ad_1]

Through strategies like polymorphic code, which continuously alters its appearance to prevent detection, as well as employing encryption and obfuscation to disguise its actions, malware is getting more complex and sneaky.

Additionally, to infiltrate systems and avoid detection by traditional security measures, malware increasingly leverages social engineering and advanced delivery methods, like- 

  • Spear-phishing
  • Zero-day exploits

Recently, cybersecurity researchers at Any.Run has examined a Node.js-based Lu0Bot malware sample that completely takes over the victim’s computer system.

Researchers were intrigued by Node.js malware, initially thought to be a basic DDOS bot but revealed as more complex. Node.js targets a versatile runtime environment used in modern web apps.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Lu0Bot Malware

Since this malware utilizing JavaScript employs multi-layer obfuscation techniques, that’s why it poses a distinctive detection challenge.

Lu0bot emerged in February 2021 as a GCleaner second-stage payload, functioning as a bot that awaits commands from a C2 server and sends encrypted system data.

The bot’s activity is modest, with 5-8 new monthly samples on dark marketplaces. 

As of now, only one new sample was uploaded in August, but there may be more dormant ones awaiting C2 commands, though this is speculative.

Despite limited activity, Lu0bot’s creative Node.js design sets it apart, with its capabilities bounded only by the language itself.

Due to the bot’s IP address issue, the security analysts were unable to find a live sample. However, a public sample connected, triggering:-

  • JavaScript
  • A new domain
  • Encrypted exchanges

Researchers quickly detected an SFX packer in the file, which acts as a self-extracting archive that is openable with any utility.

SFX-packer (Source – Any.Run)

While besides this, the archive contains a BAT file and more:-

  • BAT-file
  • Files eqnyiodbs.dat 
  • lknidtnqmg.dat file 
  • gyvdcniwvlu.dat file

The static analysis highlights the following things:-

This malware stands out in how it constructs its domain, assembling it from parts in the JS code.

dns request
DNS requests (Source – Any.Run)

Security researchers received a JavaScript code that’s deeply obfuscated and unreadable.

unreadable code
Unreadable code (Source – Any.Run)

Researchers confirmed code readability after removing excess bytes and applying a JavaScript deobfuscator, resulting in this transformation:

transformed code
Transformed code (Source – Any.Run)

The code begins with an encrypted string array which:-

  • Undergoes manipulation
  • Decrypts using BASE64
  • URL encoding
  • RC4 with two variables

Capabilities of Lu0Bot

Here below, we have mentioned all the capabilities of Lu0Bot malware:-

  • Recording keystrokes 
  • Identity theft 
  • Gaining full control of the victim’s computer 
  • Functioning as a DDOS bot 
  • Using the compromised system for performing illegal activities

If Lu0bot’s campaign scales and the server becomes active, its distinctive use of NODE JS makes it an intriguing analysis subject with potential risks.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

Malware Concealed as Dependabot Contributions Strikes GitHub Projects

0
[ad_1]

According to the application security provider Checkmarx, cybercriminals concealed malicious code, masquerading as Dependabot, within GitHub repositories as part of a supply chain attack.

Cybersecurity experts have uncovered a series of malicious code injections camouflaged as legitimate Dependabot contributions across hundreds of GitHub repositories. These incidents, which occurred in July 2023, have raised concerns about the security of personal access tokens (PATs) on GitHub and the growing sophistication of threat actors in supply chain attacks.

What is Dependabot in GitHub?

Dependabot is a GitHub-native tool for automating dependency updates in software projects hosted on GitHub. It helps developers keep their projects up to date by automatically monitoring the project’s dependencies (such as libraries and packages) for security vulnerabilities and outdated versions.

When Dependabot detects that an update is available or a security vulnerability has been patched, it generates pull requests with the necessary updates. This simplifies the process of maintaining dependencies and ensures that projects stay secure and up to date with the latest software components.

The Deceptive Attack

During the first half of July, threat actors targeted a wide range of GitHub repositories, affecting both public and private projects. The victims primarily consisted of Indonesian user accounts, making it a significant and potentially widespread issue. The attackers utilized a clever technique to mimic Dependabot’s commit messages, deceiving developers into believing these were authentic contributions.

The falsified commit messages often bore the name “dependabot,” effectively camouflaging their activities and evading suspicion. Within these repositories, experts discovered two distinct groups of code alterations, strongly suggesting automated script usage by the attackers.

Malicious Payload and Tactics

According to a blog post from Guy Nachshon of Checkmarx, the attackers introduced a new GitHub Action file named “hook.yml” into the repositories, creating a new workflow that triggered during code pushes. This action siphoned GitHub secrets and variables, sending them to a suspicious URL, (sendwagateway.pro/webhook). This maneuver was executed with every push event, compounding the potential damage.

Additionally, the malicious actors tampered with existing project files bearing the “.js” extension. An obfuscated line of code was appended to these files, designed to create a new script tag upon execution in a browser environment. This new code aimed to load an external script from (sendwagatewaypro/client.js?cache=ignore), with the sinister purpose of intercepting web-based password forms and transmitting user credentials to the same exfiltration endpoint.

Malware Concealed as Dependabot Contributions Strikes GitHub Projects
Screenshot of a malicious commit (Checkmarx)

Uncovering the Attack Vector

Initially, it remained unclear how the attackers gained access to the targeted accounts, given GitHub’s strengthened mandatory two-factor authentication (2FA) measures. To shed light on the situation, experts contacted some of the victims and discovered that the attackers had exploited compromised PATs (Personal Access Tokens).

These tokens, stored locally on developers’ machines, facilitate Git operations without requiring 2FA. Attackers seemingly extracted these tokens quietly from the victims’ development environments, potentially through a malicious open-source package that had infiltrated their systems.

Automated Scale of the Attack

Malware Concealed as Dependabot Contributions Strikes GitHub Projects

Analyzing the scale of the attack indicated a high level of automation in the threat actor’s approach. The efficiency and sophistication of the attack underscored the need for increased vigilance among developers and software maintainers.

Lessons Learned and Moving Forward

This incident serves as a reminder of the importance of code source verification, even from trusted platforms like GitHub. It highlights that even well-established platforms can fall victim to such attacks, emphasizing the need for continuous online vigilance.

To enhance security, developers are urged to consider adopting GitHub’s fine-grained personal access tokens, reducing the risk associated with compromised tokens. However, it’s worth noting that access log activity for personal access tokens is currently visible only for enterprise accounts, leaving non-enterprise users less informed about potential breaches.

The attackers’ Tactics, Techniques, and Procedures (TTPs) demonstrate a growing sophistication in supply chain attacks. Their use of fake commits, credential theft, and Dependabot impersonation highlights the evolving threat landscape.

  1. New backdoor malware hits Slack and Github platforms
  2. Hackers use GitHub bot to steal $1,200 in ETH within 100 seconds
  3. Hackers can spoof commit metadata to create false GitHub repositories

[ad_2]
Source link

Apple captures lion’s share of a shrinking US smartphone market

0
[ad_1]

2023 hasn’t been the best of years for the smartphone industry. Sales saw a massive decline in the first six months of the year globally, including in North America. According to research firm Canalys, the region recorded the “worst quarterly performance for over a decade” in Q2 2023. New launches from Samsung, Google, and Apple will help the market recover a little in the second half, but we are still staring at a shipment decline for the full year.

Canalys estimates North America’s smartphone market to shrink 12 percent in 2023, dropping below 140 million units. The firm says macroeconomic challenges such as rising interest rates and persistent inflation have led to a drop in consumer demand. As has been the trend globally, the premium segment has held strong in the region despite the challenges. It’s the low-end segment that is seeing the worst drop in sales due to dwindling prepaid demand.

The research firm sees the market growing marginally over the next few years. However, the shipment volume is “unlikely to break the 150-million-unit mark any time before 2027.” Smartphone shipments in North America had crossed 160 million units in 2021 when the industry started recovering from an unprecedented slowdown due to the coronavirus lockdowns in 2020. Time will tell whether the market will rebound to those levels in the coming years.

All top smartphone companies suffered a shipment decline in Q2 2023

As usual, Apple topped the US smartphone market in Q2 2023 with a whopping 54 percent share. Samsung followed it distantly, capturing 24 percent of the market. However, both companies suffered a decline in shipments this past quarter. Apple shipped 14.8 million iPhones between April and June this year, down 20 percent from the 18.5 million phones it sold during the same period last year.

Samsung’s shipment volume declined 27 percent from nine million to 6.6 million units during this period. Motorola and TCL, which are the next two biggest smartphone companies in the US, suffered a similar fate. Their shipments dropped 25 percent and 30 percent respectively. Overall, the US smartphone market saw a 22 percent decline in shipments in Q2 2023, which is huge.

Google defied this trend, though. It launched the Pixel 7a in May and ended up doubling its market share from two percent to four percent thanks to a staggering 59 percent increase in sales. The company is now gearing up to launch the Pixel 8 series in early October. Apple launched the iPhone 15 series a couple of weeks back, while Samsung debuted new foldables in August. These new arrivals should help the market recover in the third and fourth quarters of 2023.

North America smartphone market vendor share Q2 2023 Canalys


[ad_2]
Source link

Spotify partners with OpenAI to automatically translate podcasts

0
[ad_1]

Spotify has a booming podcast business, but the company is working on a way to expand it to new markets. According to The Verge, Spotify just partnered with OpenAI to automatically translate podcasts.

This is something that could definitely expand Spotify’s podcasting platform. You never know if there’s an amazing podcast that you’re missing out on because you don’t speak that language. Translating the podcasts could open shows up to many audiences.

Spotify will use AI to translate podcasts

As you can tell, this feature will use some serious AI power in order to pull this off. So, it’s fitting that the company contacted one of the leading AI companies to develop this tool. Spotify will take podcast episodes in one language and replace the audio with AI-generated voices. Those voices will speak in different languages. It’s similar to what YouTube is working on.

Right now, this feature is in testing, so you most likely won’t be able to use it for a while. Spotify is partnering with some notable podcast creators on the platform to be a part of the limited test. These figures include people like Lex Fridman, Monica Padman, Bill Simmons, Dax Shephard, and Steve Bartlett. Down the road, it will also include The Rewatchables and an unreleased show from Trevor Noah.

We’re not sure if Spotify is going to test this on a selection of their episodes or if it’s going to translate their entire catalogs right out the gate. What we do know is that they’re going to test translating their episodes into Spanish. It also plans on releasing it in French and German in the coming weeks.

Not only will the voices be in another language, they will actually replicate the voice of the speaker. We’ve seen this type of thing before. A model will train itself on a few seconds of speech from a person and mimic their voice to a pretty impressive degree.

Right now, we’re all in the dark about how widespread this feature will be and who will be able to use it. We don’t know if you’ll need to sign up for a paid subscription or if you’d need to pass some sort of engagement threshold. Only time will tell.


[ad_2]
Source link

Apple Security Fixes for iPhone, iPad, Safari & Sonoma14

0
[ad_1]

Apple previously reported three zero-day vulnerabilities exploited in the wild by threat actors, which Apple fixed as part of an Emergency patch update.

However, a new security advisory has been released by Apple, which mentions all the security patches and vulnerabilities that Apple has fixed.

In the advisory, a list of Apple products was provided for users to take note of. The list includes iPhone, iPad, iPod touch, Safari, Apple Watch, macOS, iOS, and Apple TV. It is important to be aware of these products in order to ensure their proper usage and maintenance.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Latest Software Updates From Apple

As per the reports, the latest version of iOS and iPad OS was 17.0.2, macOS was 14 (Sonoma), tvOS for Apple TV was 17, watchOS was 10.0.1 for Apple Watch Series 4 and 10.0.2 for Apple Watch Series 9 and Apple Watch Ultra.

“Note that after a software update is installed for iOS, iPadOS, tvOS, and watchOS, it cannot be downgraded to the previous version,” reads the advisory by Apple.

Several products and their respective patches were mentioned in the advisory, including the latest iPhone 15, released recently. However, no relatable CVE(s) were identified for iPhone 15. 

As of macOS Sonoma, multiple vulnerabilities were patched with CVEs ranging in severity between medium to High were fixed as part of the security patch. Moreover, the advisory mentioned all the security updates released between January 2020 and September 2023 for all products, applications, and services. 

Safari had five vulnerabilities: CVE-2023-40417 (UI Spoofing), CVE-2023-40451 (JS execution leading to arbitrary code execution), CVE-2023-41074, CVE-2023-35074, & CVE-2023-41993 (Arbitrary code execution vulnerabilities) which Apple fixed.

“Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available. This document lists recent releases, including security updates and Rapid Security Responses.” reads the statement by Apple.

Users of all the mentioned Apple products, including iTunes, iCloud, Xcode, Studio Display Firmware, and other applications, are recommended to upgrade to the latest version of these products in order to prevent these vulnerabilities from getting exploited by threat actors.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

Google Messages crosses five billion installs globally

0
[ad_1]

Google Messages has surpassed five billion installs globally. The app has hit the milestone just over three years after reaching one billion downloads in May 2020. Previously called Android Messages, it reached 100 million global downloads in October 2017. All of these figures include pre-installed apps.

The Google Messages app has been installed over 5 billion times

The Google Play Store doesn’t show the exact download count for apps. Instead, it shows milestone increments such as one million, five million, ten million, 100 million, one billion, etc. You’ll find this statistic for pretty much every app on the store. Gmail became the world’s first Android app to reach one billion installs in May 2014. It went on to surpass ten billion installs in January 2022. Google Maps reached the “ten billion” milestone in November 2021.

Both of these apps benefitted from being pre-installed on most Android phones sold around the world. Google Messages, on the other hand, hasn’t been the default messaging app on Android for the longest. Apart from Google Pixels phones and devices from a few other brands, the majority of Android devices primarily used other messaging apps until recently. This included Samsung, the world’s largest smartphone company for the past several years.

This has changed over the past few years. Google Messages is now the default messaging app on most of the devices from many Android OEMs, including Samsung. Google’s rapid rollout of RCS (Rich Communication Services) through Messages has helped it gain popularity. RCS offers modern messaging features such as read receipts, typing indicators, and end-to-end encryption, making it a massive upgrade over the old-school SMS and MMS standards.

Since RCS is a messaging standard and not a proprietary service from Google, other third-party messaging platforms can also adopt it. Some have already adopted the standard. However, Google Messages is still the primary gateway to RCS on Android. Features like desktop sync via a web client make it the default choice of many users. The upcoming multi-device support could add to its popularity, helping it surpass ten billion installs over the next few years.

Google is lobbying Apple to support RCS on iPhones

RCS may have many benefits over SMS and MMS messaging, but Apple has yet to support it on iPhones. As such, cross-platform messaging between Android and iOS still relies on age-old standards. Google has been lobbying Apple to change this with several public campaigns over the years, often mocking it for its reluctance, but the latter hasn’t budged. It remains to be seen whether the “five billion” milestone makes Apple change its mind.


[ad_2]
Source link

iPhone 16 Ultra to get one more camera on the back

0
[ad_1]

The iPhone 15 series launched quite recently, and the iPhone 16 series rumors have already started. According to Majin Bu, a tipster, the iPhone 16 Ultra will get one more camera on the back (image above is a concept image).

The iPhone 16 Ultra could feature one more camera on the back

According to his source, the iPhone 16 Ultra will feature four cameras on the back, plus the LIDAR sensor, and an LED flash. The iPhone 15 Pro and Pro Max have three cameras, plus the LIDAR sensor, and the flash.

So, we’re getting an extra camera on the back of the ‘Ultra’ model. We’re not sure if the same will be the case with the iPhone 16 Pro or not, the tipster did not mention anything about the regular ‘Pro’ model.

That fourth camera will be a “small one”. So chances are that we’ll get a wide angle, an ultrawide angle, and a telephoto one (5x optical zoom, tetraprism lens) on both phones. We’re not sure what the fourth one will be for.

As many of you know, the iPhone 15 Pro Max is the only one that includes a tetraprism lens, and offers 5x optical zoom. The iPhone 15 Pro still has a regular telephoto camera on the back, with 3x optical zoom.

Both top-end iPhone 16 models will include a telephoto camera with a tetraprism lens

Various rumors thus far claim that things will change with next year’s model. In other words, both the iPhone 16 Pro and iPhone 16 Ultra (or whatever its name ends up being), will include that 5x camera.

We could guess what the fourth camera is for, but it would be a wild guess, as there’s no info yet. There are a number of possibilities for it, so let’s just wait for more information on that one. The launch of the iPhone 16 series is about a year away, so things could change, this is just early info.


[ad_2]
Source link