Tag: year | Page 3

Apple to make a big change to iPhone messages next year

November 20, 2023/in Mobile Security

(CNN) – The long-standing battle over the iOS’ blue and Android’s green text bubbles will soon take a more friendly turn.

Apple has announced plans to adopt a messaging standard that will finally bring iMessage features to Android users, eroding what some considered an element of Apple’s walled garden.

The change – first reported by tech site 9to5Mac – will add features, such as read receipt, typing indicators, better support for group chats, and higher quality media sharing of images and videos, across platforms.

Apple said in a statement it will add support for the standard, called RCS (Rich Communication Services), later next year. RCS is considered the replacement to alternatives such as SMS, or short messaging service, and can work over both Wi-Fi and mobile data.

“We believe RCS Universal Profile will offer a better interoperability experience when compared to SMS or MMS,” the company said in the statement. “This will work alongside iMessage, which will continue to be the best and most secure messaging experience for Apple users.”

A push from Europe
The change follows pressure from both regulators and competitors to more seamlessly work across operating systems. The European Union’s Digital Markets Act, for example, requires companies to make their key services interoperable between platforms. Earlier this year, it launched an investigation into whether it considers iMessage a core product.

Meanwhile, Google, which already has support for RCS within its messaging app, has been vocal about wanting Apple to adopt the standard. In early November, the company wrote a letter to the European Commission arguing iMessage was indeed a core Apple product and should be required to comply.

“Everyone deserves to communicate with each other in ways that are modern and secure, no matter what phone they have,” Google said in a statement. “That’s why we have…

Source…

Cyberthreats reached a new high this year, with AI playing a major role

November 19, 2023/in Computer Security

Historically, summer is the time of year when hacks and malware scams drop in volume and intensity, mostly because people are on holiday and not as active online as the rest of the year.

However 2023 seems to have bucked this trend, with adware, malvertising, spyware, and other forms of malicious activity spiking in the months from July to August, according to a report from Avast, which reported that during this period, its tools blocked more than a billion attacks every month, which is a new record.

One of the key reasons for this switch in trends is the deployment of Artificial Intelligence (AI) which makes attacks easier to set up, and more potent. Jakub Kroustek, Avast Malware Research Director, said the team was “blown away” by the results of the research. “Apparently the days of cyberthreat seasonality are long gone with the increased use of AI and advanced tools at the fingertips of cybercriminals.”

AI-powered innovations

While attacks may be spiking, there’s nothing spectacular or revolutionary in terms of the threats themselves. The hackers are still deploying adware, malvertising, spyware, and are engaged in finance scams, identity theft, romance scams, and similar.

There are some novelties, though. One is called “Invisible Adware”. This type of malware, which has already been downloaded more than two million times on the Google Play Store alone, allows threat actors to display ads on a mobile device even while the screen is turned off. Best case scenario – victims end up with a drained battery sooner. Worst case – malware is installed without their knowledge. The other one is called Love-GPT, and this is an AI-powered tool that creates realistic personas on popular dating apps.

When it comes to finance scams, the most affected countries are Japan (+19%), Greece (+17%), and the US (+14%). Elon Musk, Mr. Beast, and Donald Trump, are some of the most impersonated individuals out there.

More from TechRadar Pro

Source…

ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year

October 2, 2023/in Internet Security

Other servers with ShadowSyndicate’s SSH fingerprint were used as C2 servers for Sliver, an open-source penetration testing tool written in Go; for IcedID, a Trojan that has been used as malware dropped by multiple ransomware gangs in recent years; for Meterpreter, the implant from the Metasploit penetration testing framework; and for Matanbuchus, a Malware-as-a-Service (MaaS) loader that can also be used to deploy payloads.

In fact, there might even be a connection between some of these. For example, IcedID has been used to deploy Cobalt Strike implants before. It has also been used in connection with the Karakurt, RansomEXX, Black Basta, Nokoyawa, Quantum, REvil, Xingteam, and Conti ransomware families.

A successful ransomware affiliate

The researchers said they are fairly confident that ShadowSyndicate is not a hosting service because the servers were located in 13 different countries — with Panama being the favorite — and across different networks belonging to different organizations.

The researchers have found strong connections between ShadowSyndicate and attacks with Quantum (September 2022), Nokoyawa (October 2022, November 2022, and March 2023) and ALPHV (aka BlackCat) ransomware in February 2023. Weaker connections were found with Royal, Cl0p and Play ransomware.

“While checking List A servers using Group-IB data sources, we established that some servers were mapped as Ryuk, Conti, and Trickbot,” the researchers said. “However, these criminal groups no longer exist. Ryuk ceased to exist at the end of 2021, while Conti and Trickbot (which are connected) went dormant at the beginning of 2022. Researchers believe that former members of these groups could be continuing with their criminal activity using the same infrastructure, but they might now operate individually or in other criminal groups.”

There is a possibility that ShadowSyndicate is an initial access broker, a type of threat actor that compromises systems and sells the access gained to other cybercriminals, including ransomware gangs. However, the researchers believe it’s more likely that the group is actually an independent affiliate working for multiple RaaS operations.

Source…