Tag Archive for: capability

New Chameleon Android malware variant emerges with fingerprint lock bypass capability


A new variant of Chameleon Android malware has been found in the wild with new features, notable among them the ability to bypass fingerprint locks.

The Chameleon Android banking trojan first entered the scene in early 2023 with a primary focus on mobile banking applications in Australia and Poland but has since expanded into other countries, including the U.K. and Italy. The malware uses multiple loggers but has somewhat limited functionality.

Earlier versions of Chameleon could perform actions on behalf of the victim, with those behind the malware able to undertake account and device takeover attacks. As detailed Dec. 21 by researchers at ThreatFabric, Chameleon has traditionally abused the Android Accessibility Service to steal sensitive information from endpoints and mount overlay attacks.

However, the new version comes with two changes: the ability to bypass biometric prompts and the ability to display an HTML page to enable accessibility service in devices implementing Android 13’s “Restricted Settings” feature. According to the researchers, the enhancements elevate the sophistication and adaptability of the new Chameleon variant, making it a more potent threat in the ever-evolving landscape of mobile banking trojans.

Source…

Outlook for Android, iOS to get own Multi-factor authentication capability this month


Microsoft plans to inject a dedicated multi-factor authentication (MFA) capability into Outlook for Android and iOS, and its general availability is expected to arrive this month.

Microsoft wants to make it easier for its Outlook users to perform MFA. With this, the Redmond company revealed in its latest Microsoft 365 roadmap entry that it will introduce a so-called “Authenticator Lite” in the app. According to the feature description, it will cover work or school accounts being used on Microsoft 365 app, Azure Active Directory, and Outlook.

“Authenticator Lite (in Outlook) is a feature that allows your users to complete multi-factor authentication (MFA) for their work or school account using the Outlook app on their iOS or Android device,” the roadmap entry reads.

Despite this, it is important to note that the company already offers the Microsoft Authenticator that Android and iOS users can use for Outlook, other Microsoft products, and other third-party applications. And while introducing the Authenticator Lite might sound redundant for those who already have the Microsoft Authenticator, this will make Outlook a more comprehensive app armed with its own MFA feature. Additionally, this might be one of the software giant’s initiatives to further boost the security capabilities of Outlook as more authorities put scrutinizing eyes on tech companies.

Last month, it can be recalled that the director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, called out Microsoft and Twitter due to the low MFA usage rate among their customers. According to Easterly, only one-quarter of Microsoft’s enterprise customers use it. The official, meanwhile, praised Apple for the high usage rate of the security feature due to its decision to make the feature a default.

Microsoft is also determined to promote the use of MFA in its products, starting with Outlook. However, instead of going the same path Apple is taking by making MFA default, it seems the software company wants to achieve this by making the security feature more convenient and accessible to encourage more users to embrace it. Once Authenticator Lite is completely rolled out, we will see how effective this…

Source…

News: Cyber Incident Response Capability established in the Republic of Moldova with NATO support, 21-Jan.-2021


Today (21 January 2021), NATO inaugurated a new Cyber Incident Response Capability for the Moldovan Armed Forces. This capability was established with support from the NATO Science for Peace and Security (SPS) Programme and in cooperation with the NATO Information and Communication Agency (NCIA) through a multi-year project. It will help to minimize any threat resulting from cyber incidents, provide quick and efficient recovery and prevent similar incidents in the future. The inauguration was marked through a virtual ribbon-cutting ceremony.

At the event, NATO Deputy Secretary General Mircea Geoană remarked: “NATO and Moldova have been partners for more than 25 years. Our cooperation supports Moldova’s efforts to reform and modernize its defence and security structures and institutions, in full respect of Moldova’s constitutional neutrality.” “The new Cyber Incident Response Capability established with support from the NATO Science for Peace and Security Programme is an excellent example of NATO’s commitment to this partnership, “he added.
Addressing participants from Chisinau, the Minister of Defence of the Republic of Moldova, H.E. Victor Gaiciuc, said: “With the finalization of this important project, we took a step forward towards increasing our cyber defense capabilities. The establishment of the Cyber Incident Response Center of the National Army of the Republic of Moldova will increase the Ministry of Defence’s posture and capacity to respond to cyber threats.

The NATO Information and Communication Agency provided critical technical advice for the design of the cyber laboratory and the supporting physical IT infrastructure. The Agency Chief of Staff Major General Göksel Sevindik pointed out: “We are proud to collaborate with partner nations such as Moldova to prepare them for the cyber challenges they may face in the future. Cyber security is a team sport. We must use our collective knowledge to ensure the security of our Allies and partners.”

This…

Source…

AWS Announces the Next Version of Amazon Aurora Serverless, a New Capability that Makes it Easier to Migrate from SQL Server to Amazon Aurora, and an Open Source Project to Help More Organizations Leave SQL Server for PostgreSQL


SEATTLE–()–Today at AWS re:Invent, Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), announced the next version of Aurora Serverless, as well as a new capability that makes it easier for customers to migrate from SQL Server to Amazon Aurora PostgreSQL, and a new open source project that helps even more organizations migrate off legacy databases to open source alternatives. For customers that don’t want to deal with the work associated with self-managing database capacity, Amazon Aurora Serverless v2 scales to hundreds of thousands of transactions in a fraction of a second, delivering up to 90% cost savings compared to provisioning for peak capacity. AWS also announced Babelfish for Aurora PostgreSQL, a new capability for Amazon Aurora that allows customers to run SQL Server applications directly on Amazon Aurora PostgreSQL with little to no code changes. Finally, AWS shared its plans to open source Babelfish for PostgreSQL under the permissive Apache 2.0 license and make it available on GitHub. Together these innovations make Amazon Aurora even more attractive for a wide range of workloads, and bring the benefits of Amazon Aurora and PostgreSQL to more organizations. To get started, visit https://aws.amazon.com/rds/aurora/

Old-guard, legacy databases that have been developed and used for many decades typically require a well-trained and funded support staff to run and manage them. These commercial databases offer high performance and advanced availability features, but are expensive, complex to manage, and have high lock-in. Moreover, customers that are self-managing commercial databases are often at the mercy of old-guard database vendors and the brazen tricks they play, such as imposing arbitrary and punitive licensing terms. Today, more than a hundred thousand customers are choosing to run their database workloads on Amazon Aurora because it delivers the performance and availability of the highest-grade commercial databases at one tenth of the cost, making it the fastest-growing service in AWS history. In total, more than 350,000 databases have been migrated to AWS using AWS Database Migration Service (DMS). Today’s…

Source…