DuckDuckGo’s email protection feature allow users to create an alias email that helps to block creepy email trackers that come with email messaging.

While DuckDuckGo emphasizes on protecting web searchers' privacy and avoiding the filter bubble of personalized search results, it distinguishes itself from other search engines by not profiling users and displaying the same search results to all users for a given search query.

Now, its foray into email protection means that the same privacy standard is coming to the email system and it affords users addresses belonging to the unique domain, duck.com, owned by DuckDuckGo itself, for instance you can get an address like [email protected]

How DuckDuckGo Email Protection works?



DuckDuckGo Email Protection is launching into beta, as a new feature in its apps that will protect users' email privacy without having them switch email services.



They can generate unique private email addresses in the DuckDuckGo app, and extension which can’t be tracked, with such addresses as [email protected] email address. And emails sent to it is automatically forwarded to your regular inbox, with no creepy email trackers to worry about. Even DuckDuckGo will never save your email.

If perhaps you use email services like Gmail or Yahoo, the emails sent to your private Duck Address will arrive as usual to your normal inbox so that you can read your email as you normally do, be it in app or on the web.

How to Join the private beta waitlist?



DuckDuckGo Email Protection feature has been released into beta while access to the beta requires that you join the private waitlist.

And the process is simple and straightforward, just Download DuckDuckGo for iOS or Android; Open Settings > Beta Features > Email Protection and Click “Join the Private Waitlist." Once you've got a Personal Duck Address, you can expect DuckDuckGo to support it long-term so you can confidently share it.

DuckDuckGo Email Protection helps to Block Email Trackers

There is an active cryptojacking campaign targeting Linux-based machines running weak SSH credentials, with the attackers goal mainly to deploy the Monero mining malware, albeit their toolbox could allow for other attacks.

According to Bitdefender security researchers who discovered the cryptojacking attacks, it has been active since at least 2020 and the attackers are believed to be a threat group likely based in Romania. The attackers exploited Linux Systems with previously undocumented SSH brute-forcer written in Golang, with their toolset dubbed "Diicot brute" which is a password cracking tool supposed to be available via a software-as-a-service model.

The stealthy part isn't necessarily the brute-forcing of those credentials, but that the hackers does it in a way that lets them go completely undetected.

How the Linux Cryptojacking Attackers target Linux Systems?



While exploitation of weak SSH credentials isn't quite uncommon to Linux Systems, the method employed by the threat group involves obfuscating Bash scripts by compiling them with a shell script compiler (shc) and using Discord to report back the information.



The toolkit used by the threat actors includes traditional tools such as masscan and zmap, and as distributed on an as-a-service model, each threat actor supplies their own API key in their scripts. And like most tools in this kit, the brute force tool has a mix of Romanian and English languages in its interface.

Once the attackers finds a Linux device with inadequate SSH credentials, they'll deploy and execute the loader, as in the current campaign, they employed .93joshua, though they have a couple of others such as .purrple and .black. However, all the loaders are obfuscated via shc and the loader gathers system information and relays to the attacker using an HTTP POST through a Discord webhook.

Albeit, there's no shortage of Linux machines with weak SSH credentials, and the only way to find out is through scanning.

As a mitigation strategy, it is recommended that Linux users should resort to runtime cloud security as an important last line of defense if they detect malicious code injections and other threats that took place after a vulnerability has been exploited by an attacker.

Cryptojacking Campaign targeting Linux Systems on the Rise

Google's Threat intelligence researchers discovered four zero-day exploits used as part of three different campaigns, which vulnerabilities affects the major browsers, including Chrome, Internet Explorer and Apple Safari.

While the WebKit (Safari) zero-day is a Use-After-Free vulnerability in QuickTimePluginReplacement, tracked as CVE-2021-1879, which was discovered on March 19, 2021, and recently exploited by a likely Russian government-backed actors.

The campaign targeting Apple iOS devices also coincided with campaigns from same actor targeting users on Windows devices with the aim to deliver Cobalt Strike, a remote access software designed to execute targeted attacks.

How the Apple WebKit Zero-day was exploited in the wild?



The Apple WebKit Zero-day was exploited in the wild with attackers using LinkedIn Messaging to target officials from Western European countries by specially crafted malicious links.



Once the target victim visits the link from any iOS device, it would redirect to the attacker-controlled domain which served the next stage payloads. And through several validation checks to ensure the iOS device was a real device, the final payload which exploits CVE-2021-1879 would be served to the device.

This exploit turns off Same-Origin-Policy protections to be able to collect authentication cookies from popular websites, such as Google, LinkedIn, Facebook, which it then sends to an attacker-controlled IP via WebSocket. Albeit, not all attacks need chaining multiple zero-day exploits to be successful, the campaign mirrors a wave of targeted attacks carried out by Russian hackers tracked as Nobelium, that was found to abuse the vulnerability to strike Western government agencies.

How to Mitigate against the Apple WebKit Zero-day?



The WebKit flaw could be exploited by adversaries to process maliciously crafted web content to carry out a universal cross-site scripting attack.

However, Apple had promptly patched the flaw on March 26, 2021 with the release of iOS 14.4.2 and iPadOS 14.4.2, therefore users of affected Apple devices should update their devices in order to mitigate the Apple WebKit Zero-day.

Apple WebKit Zero-day actively exploited in the wild

The Solus team has released a new version of Solus 4 ‘Fortitude’ series, Solus 4.3 which follows on the heels of the previous version 4.2 with updates for the software stacks and hardware enablement.

While Solus is an independently developed Linux distribution for the x86-64 architecture featuring the homegrown Budgie desktop environment, GNOME, MATE or KDE Plasma as desktop environment. Solus 4.3 features Linux Kernel 5.13, which brings a huge array of hardware support such as AMD GPU FreeSync/Adaptive-Sync HDMI support and AMD Aldebaran accelerator support.

Along with several bug fixes, Solus 4.3 also offers the most important updates like the upgrade to the Gnome 40 stack (GNOME 40.2) and fixes to Budgie panel applets and tracking of various window state.



What's New in Solus 4.3 Release?



The introduction of Linux Kernel 5.13 boasts of support for M1 powered Apple Macs, and also, preliminary support for Alder Lake-S GPUs; coupled with the hugely improved RISC-V support, RISC-V been a fully open-source CPU architecture, that serves as free alternative to the proprietary arm chips used in smartphones.

Solus 4.3 offers these other improvements:

  • Basic Apple M1 Support
  • Preliminary Alder Lake S GPU Support
  • AMD GPU FreeSync/Adaptive-Sync HDMI support
  • AMD Aldebaran accelerator support
  • New Generic USB display driver
  • Much better RISC-V support


Additionally, Solus 4.3 has all the latest apps including Firefox 89.0.2, LibreOffice 7.1.4.2 and Thunderbird 78.11.0. And the flagship edition, Budgie, haven been upgraded to Budgie 10.5.3, also received lots of improvements.

How to Download or Upgrade to Solus 4.3



For existing Solus users, you'll automatically receive the latest update and then, you can simply update your system.

And if you're new to Solus and want to try out the latest version Solus 4.3, you can download the ISO image from their official download page.

Solus 4.3 Release: brings new Kernel and improved Hardware support

Macro malware was common some years ago as a result of macros running automatically when a document is opened, however, malware authors now have to convince target victims to turn on macros so that their malware can run.

Malware authors are increasingly devising new tricks using non-malicious documents to disable macro security warnings prior to executing code to infect computers. According to researchers at McAfee Labs, there is a novel tactic used by hackers that "downloads and executes malicious DLLs (ZLoader) without any malicious code present in the initial spammed attachment macro."

The researchers discovered that ZLoader infections which propagated using this mechanism was started with phishing email that contains a Microsoft Word document attachment, that if opened, downloads a password-protected Microsoft Excel file from a remote server.

How Hackers uses the New Trick to Disable Macro Warnings in Malicious Office Files?



ZLoader infections primarily targeted victims in the U.S., Canada, Japan, and Spain, and was a descendant of the infamous banking trojan, ZeuS, that is known for aggressively employing macro-enabled Office documents as initial attack vector to steal personally identifiable information from users of financial institutions.



After downloading the XLS file, it reads the cell contents from the XLS and creates a new macro for the same XLS file and writes the cell contents to XLS VBA macros as functions, and once the macros are written and ready, the Word document sets the policy in the registry to 'Disable Excel Macro Warning' which invokes the malicious macro function from the Excel file.



While macros are needed to be enabled in the Word document to trigger the download itself, but simply turning off the security warning, the attackers were able to stay undetected, and the obfuscation techniques used by these attackers have been evolving over the years.

Interestingly, the malware did not only lure users into enabling macros, but also have embedded files containing XLM macros which download and execute malicious second-stage payload that is retrieved from a remote server.

New Evasive Trick used by attackers to disable Macro Security Warnings

KaOS is a Linux distribution with specific focus on Qt and KDE, offering better flexibility and usability, with the latest update KaOS 2021.06 having packages such as the new Plasma 5.22 with Adaptive Transparency.

While the new Plasma 5.22 Adaptive Transparency feature means that the panel widgets will be translucent, and if there are any maximized windows, it will be entirely opaque.

The latest KaOS version also offers other new functionalities, such as support for JPEG XL, an upgrade to the JPEG format, and Plasma Wayland session now supports Activities, allowing users to keep their main work separate from other tasks.

What's New in KaOS 2021.06 Release?



Besides the desktop environment upgrade, KaOS 2021.06 comes with LibreOffice, replacing Calligra as the default office suite. And the latest Plasma packages are built on Qt 5.15.2+, including Plasma 5.22.2, Frameworks 5.83.0 and KDE applications 21.04.2.



Other new and updated core tools in KaOS 2021.06 includes:

  • KWin Wayland now supports Present Windows effect
  • Maliit virtual keyboard packages now Added
  • Fosshost is now the default mirror, utilizes Fastly CDN to deliver content
  • Calamares installer now offers two new QML modules
  • KSysguard replaces Plasma System Monitor


Further more, there is no need to adjust a mirror list to install/update to KaOS anymore, with Fosshost as the default mirror.

How to Download or Upgrade to KaOS 2021.06 Release?



For existing KaOS user, simply use the following command to upgrade your current system to KaOS 2021.06:

sudo pacman -Syu


And for a fresh installation, you can download the ISO images from the official site, but note that the welcome screen can now display text or other info as a QML file in the Calamares window.

KaOS 2021.06 Release: Brings Plasma 5.22 with Adaptive Transparency

Microsoft Edge has a security flaw, which stems from the universal cross-site scripting (UXSS) triggered when translating web pages via Microsoft Translator, the browser's built-in feature.

While UXSS is an attack that exploits client-side vulnerabilities in a browser or browser extensions to generate an XSS condition to execute malicious code; the Edge flaw tracked as CVE-2021-34506 has CVSS score of 5.4 and the discovery credited to Ignacio Laurence, Vansh Devgan and Shivam Kumar Singh of CyberXplore.

Microsoft, however, has already rolled out updates for the Edge browser with fixes for the issue and subsequently awarded the researchers $20,000 as part of its bug bounty program.

How the Edge Browser Flaw Could have allowed anyone to Steal Your Private Data?



Microsoft Translator Which comes pre-installed on Edge browser has a vulnerable code which takes any html tags having an “>img tag without sanitising the input or converting payload to text while translating so that internal translator was taking “>img src=x onerror=alert(1)> payload and executing it as JavaScript as no proper validation check which does sanitization or convert DOM into text and then process it for translation.



As the translation feature failed to sanitize input, it could allow an attacker to insert malicious JavaScript code in any web page and subsequently execute it if the user clicks on the prompt in the address bar to translate the page.

Also, web based applications on Windows store may be vulnerable to this kind of attack as Windows stores ships apps with Microsoft Translator which was responsible for triggering the Universal XSS (UXSS) attack.

What Edge Browser users Need to do Right away



Microsoft has fixed the issue with the latest Edge update, version 91.0.864.59 now available for download.

Therefore, it is recommended that Edge users should promptly update their browser by going to Settings and more > About Microsoft Edge (edge://settings/help) to initiate the update, if not done automatically.

Edge Browser flaw exposes users Personal Data to any website

Rocky Linux is perhaps the most anticipated CentOS alternative for 2021, and it has finally arrived, with the first stable release v8.4, codenamed Green Obsidian, now available to the public.

While Rocky Linux is intended to serve as a complete binary-compatible release using the Red Hat Enterprise Linux source code, the project aims to provide a community-supported and production-grade enterprise operating system.

The first stable release, Rocky Linux 8.4 is based on Red Hat Enterprise Linux 8.4, with a conversion tool (migrate2rocky) that has been made available to help users easily migrate their existing Linux system to Rocky Linux.

What's the Major Features of Rocky Linux 8.4?



Rocky Linux 8.4 is based on Red Hat Enterprise Linux 8.4, and also feature some great security improvements, like the IPsec VPN by Libreswan which has been improved with TCP encapsulation support and security labels for IKEv2 protocol.



Also, there are several other updates which improve the memory management, along with technical changes that improves the memory allocation. Such as the slab memory controller that brings improvement in slab utilization, enabling shift in the memory accounting from the page level to object level.

Other upgraded features in Rocky Linux 8.4 include:

  • Redis 6
  • Python 3.9
  • PostgreSQL 13
  • SWIG 4.0
  • Subversion 1.14


Additionally, the compiler tool sets have all been updated in Rocky Linux 8.4 and there is also support Error Detection and Correction (EDAC) kernel module that work with Intel 8th and 9th gen processors.

How to Download and Install Rocky Linux 8.4?



Rocky Linux 8.4 is now available for download from the official website, you can also choose from the container images available on the Docker Hub and Quay.io.

But note that the first ISO doesn't come with Secure Boot support, however, a new ISO is expected for release later which will include the Secure Boot.

Rocky Linux 8.4 Stable Release takes on CentOS as Alternative

Apple's latest software update for its iPhone and iPad brought several security patches, including a weakness in Wi-Fi-connected devices which could expose users to nearby hackers.

But according to Zhi Zhou, a security engineer at Ant Financial Light-Year Security Labs, there is a wireless network naming bug affecting Apple's iOS which could effectively disable iPhone's ability to connect to Wi-Fi networks. The bug was first spotted by Carl Schou, who discovered that his iPhone's Wi-Fi functionality gets disabled on joining a Wi-Fi network with the name "%p%s%s%s%s%n" even after rebooting the phone.

Carl Schou noted that after joining the WiFi with the SSID “%p%s%s%s%s%n” his iPhone's WiFi functionality permanently got disabled and neither rebooting nor changing SSID could fix it.

Analysis of the SSID Format String Bug



The bug stems from the manner Apple's iOS parses the SSID input, which triggers a denial of service in the process; it concatenate the SSID to a format string and pass it to WFLog:message: method. With the destination as 3 so it was the second xref of CFStringCreateWithFormatAndArguments that triggered the denial of service.



It could have had some serious implications in an instance that bad actors exploit the issue to plant fraudulent Wi-Fi hotspots with the name to break a device's wireless networking features. But for the exploitability, the rest of the parameters doesn't quite seem likely to be controllable, thus making this case inexploitable.

After all, you'll need to connect to that WiFi to trigger this bug, where the SSID is visible to the victim and a phishing Wi-Fi portal page might be even more effective.

How to Mitigate the iPhone Wi-Fi naming bug?



If perhaps, you experimented with it and your iPhone has been affected by the bug, you would need to have the iOS network settings reset by going to Settings > General > Reset > Reset Network Settings and confirm.

Albeit, it rarely looks like a format string bug which is seen nowadays, but luckily, Android devices are not affected.

Apple's iOS susceptible to Wi-Fi network naming bug

Of course, you want the fastest and the best Internet connection. Every one of the 4.66 billion active Internet users across the globe wants the same thing. By ensuring that your Mac, iPad or iPhone automatically prioritizes and connects to the strongest available Wi-Fi network is going to help you with blazing fast browsing speed.

Regardless of whether you have multiple access points in your house or got a bunch of saved networks in an area, you can get the best connection at all times by simply setting network priority. It is important to know that isn’t an option or button on your Apple devices that just lets you set a Wi-Fi network on priority. This is because your device will connect to one of the available networks automatically and it is typically the one with the best strength.

But, the problem arises when you are in areas with multiple Wi-Fi networks. Then your device might get connected to any one of the saved networks and it might not necessarily be the fastest one. But, you can manually manipulate this. Are you looking to set the Wi-Fi network priority on your Apple devices? Read on to know what you have to do.

Wi-Fi Network on Priority in Macs



macOS is all about user-friendliness and one of the features that are often ignored by Mac users is the ability of their device to prioritize saved networks by the order in which you want Mac to connect to them. This allows you to define which network has a higher priority so that your Mac will connect to them when they’re available and even if you’re working on a different network, your device will switch to the prioritized network when it becomes available.



If your Mac is connected to multiple networks, you can simply delete a Wi-Fi network that isn’t useful to you anymore. This will make sure that your device doesn’t get connected to a network that doesn’t offer you the speed and signal strength that you are looking for. Also, you can forget all of the accumulated networks and add them back again one by one. Remember that the last network which you add is going to be the high priority one.

Next, you can follow these steps:

  • You can access the feature in your Mac that helps you prioritize Wi-Fi by clicking on the Wi-Fi icon in the menu bar and go to Open Network Preferences or you can go to Settings and then to the Network preference pane.
  • From the Network preference pane, make sure that you have selected Wi-Fi in the left sidebar and then from the right sidebar, you have to click on the ‘Advanced’ button which you can find toward the bottom.
  • In the next window, you’ll be presented with a column titled ‘Preferred Networks’ where you’ll find all of your remembered networks and it will be listed. You will notice a ‘+’ and ‘-‘ buttons below that window and these buttons will help you to move the networks up and down according to your preference. So, the networks that you place on top of the list are going to be the high-priority ones and your device will first connect to them if they’re available. To lower the preference of the network, you just need to move it down the list.


When you’re done, simply click OK and your Mac will save those settings.

Wi-Fi Network Priority on Apple iOS



  • Manually connect to a Wi-Fi network – Even though your device will probably automatically connect to a network, but if that is not your preferred network, you can always manually connect. You can do this on iPad, iPhone, and also Mac. On your iPad or iPhone, you can switch Wi-Fi networks from the Control Center or the Settings app. From the Control Center, you have to go to the Wi-Fi icon and from the list of available networks, select one that you prefer.
  • Sync network priority from Mac to iPhone/iPad – If you own a Mac, you can set the Wi-Fi priority there (as mentioned before) and then sync the settings with your iPhone or iPad. You will have to be signed in with the same Apple ID on both the systems and also keep the iCloud keychain turned on. You can check these settings on System Preferences on your macOS and click on the Apple ID. Then make sure that the Keychain box is clicked. On your iPad or iPhone, you have to go to iCloud and then Keychain to ensure that it is toggled on. When both these settings are turned on, it means that you are ready to sync.


In conclusion, prioritizing Wi-Fi networks will most definitely help to bring better connection speed and range. Therefore, you can go ahead and try these hacks out if you want to have a more smoother experience.

How to Set Wi-Fi Network Priority on Apple devices - iPhone, iPad, and Mac?