Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

0
[ad_1]

Citrix ShareFile can be exploited remotely by unauthenticated attackers.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability to its catalog of know exploited vulnerabilities, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by September 6, 2023 to protect their networks against this active threat. We urge everyone else to take it seriously too and preferably not to wait untill the last moment.

According to the Citrix security advisory, this vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. Customers using ShareFile-managed storage zones in the cloud do not need to take any action.

Citrix customers should update to the latest version of ShareFile storage zones controller and read the instructions for upgrading. As an extra precaution Citrix has blocked all customer-managed ShareFile storage zones controllers versions prior to the latest version (5.11.24). Customers will be able to reinstate the storage zones controller once the update to 5.11.24 is applied.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The vulnerability at hand is listed as CVE-2023-24489 and has a CVSS score of 9.1 out of 10. It is a cryptographic bug in Citrix ShareFile’s Storage Zones Controller, a .NET web application running under Internet Information Services (IIS). Due to errors in how ShareFile handles cryptographic operations, attackers can generate valid padding which enables unauthenticated attackers to upload arbitrary files, leading to remote code execution (RCE).

Several Proof of Concepts (PoCs) have been made available since the vulnerability was discovered in July.

This year, the Cl0p ransomware gang has made extensive use of vulnerabilities in file transfer software. In March it emerged from dormancy to become the most active gang in the world by exploiting a zero-day vulnerability in GoAnywhere MFT. After going quiet for a few months it repeated the trick in June and July as its widespread exploitation of a MOVEit Transfer zero-day vulnerability became clear.

With Cl0p seemingly looking for exactly this kind of vulnerability, it should be a no-brainer that this needs to be patched as soon as possible.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.


[ad_2]
Source link

The original Galaxy Z Fold is not dead yet, gets August update

0
[ad_1]

Four years ago, Samsung shook the world with the first consumer foldable phone, the Galaxy Z Fold. It was a train wreck, but it helped lead the foldable phone to be the flashy tour de force that it is today. If you still own your original Galaxy Z fold (first off, you deserve a gold medal for protecting your phone), you’re getting the August 2023 security patch.

With four generations between now and the first Galaxy Fold, it feels like a lifetime has passed. The brand, and the foldable phone in general, has changed so much since then, but it doesn’t mean that Samsung has washed its hands of the product. People still rock the first-gen Fold, and they’re still enjoying software updates from the company.

The original Galaxy Z Fold is getting the August update

Samsung has been issuing updates really early in the month, but since the original Galaxy Fold is pretty old, it’s getting its update a bit later. The device no longer gets major platform upgrades, but it’s still getting security updates.

Right now, the update has landed in four markets: France (version F900FXXS7HWG1), Hong (version F900FXXS7HWG1) Kong, The UK (version F907BXXS7HWG1), and Korea (version F907NKOU3IWH1). Other markets will follow as time goes on.

So, there’s not much you can expect from this update. Since it’s a routine security patch, the phone got some fixes for system vulnerabilities. These will patch spots in your software that could give bad actors access to your system. The patch fixes several Samsung Galaxy-specific issues along with issues present within Android in general. There aren’t going to be any new features or changes to the system.

If you’re looking forward to this update, then you should go to your settings, find the Software Update section and tap on the Download and install button at the bottom of the screen. If you don’t see the update just yet, you’ll want to wait a few days for the update to make its way to you.


[ad_2]
Source link

Amazon Music raises the price of its Unlimited subscription

0
[ad_1]

Subscription prices for streaming services have been on the rise recently, thanks in part due to the stringent economic conditions. Now, in line with these efforts, Amazon, for the second time this year, is raising the price of its Amazon Music Unlimited plans, affecting both Prime members and those on the family plan.

As first reported by The Hollywood Reporter, the company has quietly changed the familiar $9 monthly price tag for an individual plan to now $10, and for an annual commitment, it translates to about a shift from $89 to $99 per year. When talking about family plans, they will also cost a dollar more and rise from $16 to $17 per month or from $159 to $169 annually.

While new users will immediately be subject to these new rates, the company has granted existing users a grace period until September 19 before the revised prices take full effect. However, it remains uncertain whether Amazon intends to extend the benefits of these price hikes to the music creators who currently earn approximately $5000 per million streams.

The justification behind the price increase

Rebecca Silverstein, a spokesperson for the company, has confirmed these changes to The Verge and clarified that the price adjustment is motivated by a desire to enhance the quantity and quality of “content and features.” Although this explanation may seem underwhelming as the company isn’t introducing any groundbreaking features, it does reflect the ongoing industry trend of major streaming platforms raising their prices.

In a manner similar to Amazon, YouTube has also recently increased the cost of its Premium subscription from $12 to $14, mirroring price adjustments made by significant competitors such as Tidal, Apple Music, and Apple TV+. Furthermore, even Spotify, which has maintained a consistent subscription fee for years, recently elevated its subscription cost from $10 to $11.


[ad_2]
Source link

X is working on an ID verification process to combat impersonators

0
[ad_1]

The transition from Twitter to what is now called X has been a rocky one to say the least. One of the biggest fails that in this mess of a situation was the Twitter Blue verification feature, which resulted in numerous impersonation cases. In an effort to combat that, X has been spotted to be working on a new verification process.
This was first spotted by X user and app researcher Nima Owji, who shared a screenshot of the new verification. The screenshot shows us that Twitter will require users to upload a copy of their government-issued ID alongside a selfie.

Owji had first spotted hints of X working on this feature on none other than Elon Musk’s own X profile, where it said that “this account is ID verified,” with a an additional section having the rather quirky detail stating that it has been “verified since 3000 BCE.” Very much in billionaire’s sense of humor.

The new screenshot also reveals that this process should take around 5 minutes to complete. It is not X that is doing all the work here, though. Instead, as Engadget points out, the social media tech giant has joined forces with Au10tix (yeah, talk about creative naming), which is a company that specializes in identity intelligence.

Once submitted, both X and Au10tix will have access to the user’s information for 30 days. That includes all of your biometric data and the images of your ID. To add to its credibility, Au10tix states that it has also worked with other major companies such as Uber, Google, and PayPal.

ID verification should definitely help with putting a stop to all of the impersonation issues X users are having. The trouble is that the beloved by many platform is showing new fractures every other day, and it still feels like it could break at any minute.


[ad_2]
Source link

Attackers demand ransoms for stolen LinkedIn accounts

0
[ad_1]

LinkedIn support channels are being swamped by users that have been locked out of their accounts.

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts.

Whether the attackers are using brute force methods or credential stuffing isn’t known, but because some victims are being being locked out following a great number of failed attempts, you might suspect brute force methods. It’s also not unthinkable that the attackers are using a combination of attack methods. Credential stuffing is a popular tactic of attempting to access online accounts using username-password combinations acquired from breached data. In a brute force attack attackers typically try a lot of common passwords.

Either way, victims are complaining about slow response times.

The campaign is targeting LinkedIn users all over the world. It pressures the victims that have lost control of their accounts into paying a ransom to avoid having their accounts deleted by the attackers.

victim asking for help: Someone has hacked my account and asking for money and no response from LinkedInelp

The X account of LinkedIn Help is swamped with similar messages

Victims are usually made aware of the take-over by a notification that the email address associated with their account has changed. In many of the examples we saw the new email address was linked to the Russian “rambler.ru” service. This does not necessarily mean the attack is originating from Russia, but it’s not unthinkable that the accounts will be used in disinformation campaigns. According to one victim we spoke to the attackers added fake accounts to their connections.

But the accounts could also be used to distribute malware, phishing campaigns, or other types of fraud. And if that’s the case, the deletion of the account sounds better to me than having your reputation damaged.

From complaints seen by BleepingComputer, LinkedIn support has not been helpful in recovering the breached accounts, with users just getting frustrated by the lack of response.

The LinkedIn Help account has pinned a message to say:

“Hey there! 👋 We’re experiencing an uptick in questions from our members, causing longer reply times. Rest assured, we’re doing our best to assist you! For account-specific inquiries, please DM us the details and your email address. We appreciate your patience. Thanks! 🙌”

The best defence against brute force attacks, credential stuffing, and other password attacks, is to set up two-step verification.

Setting up MFA for LinkedIn with Okta turned out to be painful because LinkedIn does not provide a QR code but a secret key which is so long that it’s hard to get it right the first, or second time. But since it’s safer than using the SMS 2FA, this is how it’s done:

  • Open Settings & Privacy
  • Under Sign in & security
  • Select Two-step verification
  • Set the option to on and you will be presented with two choices
  • Choose the Authenticator app method and follow the instructions from there

You will receive an email confirming the change that tells you: From now on, you can use your authenticator app to get a verification code whenever you want to sign in from a new device or browser.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

YouTube Music song carousels get a Play All button

0
[ad_1]

YouTube Music is getting a new feature for its carousels that allows you to “play all” songs that are in it. As reported by 9To5Google, a new play all button has popped up for carousels on the home screen. This only appears to be for carousels on the home screen though.

It’s not clear if this is available for every single user just yet. But it is stated that the play all button is rolling out to YouTube Music users on Android, iOS, and the web. Wherever you use it, you just might see the new button available. If you’re using the Android or iOS apps though and you don’t see it, you can try updating the app. It also might just be that it’s a server-side change and it has yet to hit your device.

That being said, this is supposed to be a pretty wide rollout. So most users should see the play all button available by now. Or by the end of the day likely.

YouTube Music play all button is available on multiple home screen carousels

The button won’t show up on every single carousel but it is there for quite a few of them. We found it on Trending Songs but 9To5Google reports it’s also on Quick Picks, Covers & Remixes, Heard in Shorts and others. It’s also popped up on Recommended Music Videos.

The reason this feature is useful is because it allows you to play every song in the carousel you might want to hear. If you don’t tap play all, what happens is YouTube Music will just create a radio station based on that song. Very likely playing music from the same artist. But if you like multiple songs in the carousel, now you can listen to them in succession. And simply skip the ones you don’t care for.

It’s a minor change. But one that definitely brings some quality of life. And one users appear to be happy about.


[ad_2]
Source link

Amazon started testing a new star rating system, but it’s already confusing

0
[ad_1]

Amazon has reportedly started testing a new star rating system in specific regions. However, this new system is drawing criticism for being confusing. Critics argue that it makes it hard for buyers to see how a product ranks on the platform.

Android Police spotted the new star rating system in Amazon’s mobile app in India, the company’s website in Germany, and its global website when accessed from Germany. As you can see in the below image, Amazon now shows buyers an average star rating as a number. You can also find a singular gold star and a number that shows what percentage of ratings are five.

Amazon new star rating system

Amazon might have a new star rating system soon, but changes might be required

If the new star rating system is not activated in your region, you can still see Amazon products with five singular gold stars and the number of reviews each product has received. The current rating system is pretty straightforward, and it’s been on Amazon for many years. Buyers are also accustomed to it because of its simplicity and not causing confusion.

The problem with the new rating system is users can’t tell quickly if a product is rated well by other buyers. The only indicator is the percentage of five-star ratings, which might also be confusing for some users. Additionally, nefarious sellers might use the complexity of this new rating system to trick buyers into buying a product that’s not well-received by others.

The new system is being tested in some of Amazon’s greatest markets. This gives us more assurance that soon it will come to other regions, including the United States. In a statement to The Verge, Amazon Amazon spokesperson Maria Boschetti said, “We are always innovating on behalf of customers to provide the best possible shopping experience.”

Fake reviews and tricking potential buyers with illegitimate 5-star reviews have always been a problem for Amazon. The giant retailer reportedly plans to abandon its star rating and replace it with another system. The platform is also using generative AI to summarize user reviews.


[ad_2]
Source link

New button added to YouTube Music keeps the tunes and the videos playing

0
[ad_1]

Somewhere in Mountain View there just has to be a locked room full of Googlers whose sole job is to come up with small, subtle changes to Android and Google’s apps that move the needle slightly forward on the meter that tracks how much you are loving life. We hear that those inside the room get only Banquet brand frozen meals, lukewarm Diet Cola (from a generic brand), and cactus-flavored Jell-O until they come up with an idea.

Obviously, those inside this room, which has muzak versions of Barry Manilow tunes piped in 24 hours a day, have powerful incentives to create new features. Sometimes, all it takes is a new button on an app to impress the brass at Google. And by the way, as far as we know, there is no such room although the point is valid; Google wants to keep its apps smelling new-car fresh, and sometimes a minor change is all that is required.
For example, per 9to5Google, on the YouTube Music app on Android and iOS Google has added a “Play all” button for some of the carousels that show only four songs at a time. The carousels with the new “Play all” button include Quick Picks, Recommended Music Videos, Trending songs, Covers and remixes, and Heard in Shorts. These carousels show only four tunes or videos at a time; you can swipe left to see additional pages listing more songs or videos. Pressing “Play all” will play all of the songs or videos listed under a particular category.
The new Play all button just started rolling out to Android, iOS, and the web yesterday and the buttons do appear on my Pixel 6 Pro packing Android 14 Beta 5 and my iPhone 11 Pro Max running iOS 16.6. If you don’t have YouTube Music on your Android phone, click on this link to install it from the Google Play Store. To install the app on your iPhone, click on this link.

[ad_2]
Source link

Netflix DVD renters should expect a final surprise in the mail

0
[ad_1]

Folks who still get DVDs from Netflix got the news that the company was discontinuing DVDs come September. While this is coming to a close, it seems that the streaming giant is looking to give its users a parting gift. According to Techradar, Netflix is going to give its DVD users a bunch of Finale Disc DVDs.

If you still get DVDs from Netflix, and you didn’t get the news, here’s a rundown. A few months ago, Netflix announced that it was discontinuing its DVD business. The last day that you can order DVDs is going to be September 29th, so you still have more than a month left. If you take out DVDs at the last minute, you’ll be able to return your discs by October 27th.

Now, Netflix announced Finale Discs

This is a bit confusing. It seems that Netflix is going to send its users a batch of up to 10 DVDs on September 29th. The company didn’t specify what types of DVDs they’ll be. We don’t know if they’ll be catered to the types of DVDs that the user usually gets. Maybe Netflix will give you DVDs that you rented in the past to keep. That’s only speculation.

Another explanation could be that Netflix is just getting rid of excess DVDs that it doesn’t need. Since it won’t be sending them out anymore, there would be no use in keeping them.

One thing we don’t know is whether you’ll need to return those DVDs or not. It doesn’t seem likely. Techradar reached out to Netflix for an answer, but the company hasn’t responded yet.

In any case, the days of delivered DVDs are drawing to a close. If you get your DVDs delivered to your house, just know that you’ll need to think about looking into some alternatives. Netflix is closing the door on a 26-year-old business. It was fun while it lasted.


[ad_2]
Source link

WhatsApp HD photo sharing begins rolling out to users

0
[ad_1]

WhatsApp has long been at the forefront of killing image quality, but the new HD photo feature is here to change things. This new feature was announced by Mark Zuckerberg via a recent Facebook post showing it in use. In the post, Mark also showed users how they could now step up the quality of photos they send to friends via WhatsApp.

This new feature is now coming to WhatsApp users globally via an app update. The update will bring a new button to the photo-sharing interface and with this button users can toggle between image quality. By default, photos shared with others via WhatsApp are sent using the platform’s standard quality.

Most images sent using this standard quality are messy and lose their original quality. With this new feature, WhatsApp will give users the ability to pick a different way to share images. This second photo-sharing option will retain its quality, hence ensuring that it gets to the receiver in good condition.

WhatsApp HD photo-sharing feature is here, and you can benefit from it as well

While this feature has been in the works for a while, it’s just making its way to end users. Some users in certain regions are already seeing this feature on their devices. Other users are yet to get this feature as it is rolling out region by region.

With this new feature, WhatsApp users will no longer worry about losing the quality of photos they share with others. By activating this feature before sharing a photo with another WhatsApp user, its quality will stay intact. Without the WhatsApp HD photo-sharing feature turned on, all pictures sent to others will lose their quality.

From Mark Zuckerberg’s announcement, how this feature can be put to use is highlighted. Users will be able to find this new feature in the image-sharing interface that pulls up before sending a photo to others. This is the interface from which users can edit photos before sending them to others.

The new WhatsApp HD photo-sharing feature sits on the top section of this interface. You will be able to find it between the ‘X’ and the crop/rotate button. Tapping on it will enable users to select to share the photo in HD quality, which will help retain its quality.

However, sharing photos using this new feature will mean they’d occupy more space and use up more data. Regardless of these facts, making use of the WhatsApp HD photo-sharing feature instead of the standard quality will be more beneficial to users. You will be able to access this new photo-sharing feature by updating your WhatsApp application via the Play Store or the App Store.


[ad_2]
Source link