Mobile apps have played significant roles in our daily living, in virtually every sector, such applications have been pretty useful.

In this article, we'll focus on how the education sector has benefited from these improved technology. With some applications haven simplified how students can accomplish their assignments without much struggle. By ordering academic term papers you can get more insights on student's welfare in matters relating to technology advancement.

From the teachers, students, and even other academic staff, all deserves a smooth experience within the learning environment. For instance, teachers find it challenging to manage a large number of students. It becomes challenging for a teacher to evaluate a student at a personal level.

However, with improved tech, students can access tablets and communicate with teachers on complex concepts personally. Still, the mobile apps have enabled teachers, students, parents, and other staff in handling different matters with ease.

7 Ways Mobile Applications have Improved the Education Sector



So, below are ways in which mobile applications have contributed to a better learning experience.



  • Real-time Tracking


As a student, you have several activities to accomplish. Without proper planning and organization, you might forget some of the essential details. For instance, there could be an upcoming exam which you must revise for. If you forget and get to the exam room minus revising, you can panic and end up getting low grades. However, with mobile apps, you can create a clear schedule and reminders of upcoming and urgent tasks to work upon them effectively.

  • Student Groups


It is now easier than before. Each student can create a profile with all their details and connect with other online platforms via mobile apps. This is an excellent idea because students can discuss different matters relating to education and get a solution. For instance, if, as a student, you didn't understand a particular concept in class, you can raise the topic and discuss it with others to find a real-time solution. The advantage here is that each person gives their opinion, and the more they discuss, the more you understand—besides, the response rate in real-time.

  • View Assignments & Grades


Mobile applications benefit the teachers and students at large in different ways. For example, teachers can easily allocate assignments to students via the mobile apps. On the other hand, students can access the projects and instructions and work on them as required. Still, students can view their progress via these apps and evaluate areas they need to put in more effort.

  • Seamless Learning


Another benefit of mobile apps for education is the smooth learning experience. Even if students aren't in the school, they can still access all the school programs via the app. For instance, the school can share the plans for lessons, assignments, the syllabus, course evaluation, among other requirements. Students can then analyze the report and plan their time well to manage all the activities in school.

  • Develop Problem-solving Skills


With education apps, students have to embrace creative thinking to solve some issues. Sometimes, the teacher isn't present, and the students must think on their own. In such a case, when the matter at hand is urgent, the students have to figure out ways to solve the issue. In the end, they become experts in solving different problems without close supervision.

  • Offline Data Storage


Mobile applications offer excellent storage space that students can access documents and files while offline. This simplifies students' work because they don't have to sync the app's data to get the required files.

  • Event Scheduling & Notifications


In a school environment, some events take place and calls for students to participate in one way or the other. It can be challenging for such essential information to reach all students within the required time frame. However, with mobile apps, the school updates the list of events and respective dates in advance so that students can plan their schedules appropriately.

7 Advantages of Mobile Apps in the Educational sector

Google has been working on the Android Open Source Project (AOSP) since last 18 months, in a bid to prevent memory safety bugs, by adding support for Rust programming language.

The company had preferred languages like Java and Kotlin as the best options for Android app development, and with the Android OS use of Java extensively, thereby protecting large portions of the Android platform from memory safety bugs.

However, Java and Kotlin languages aren't an option for the lower layers of the Android OS, with code written in C and C++ languages requiring robust isolation when parsing untrustworthy input, the technique of containing the code in a strictly constrained sandbox can be expensive, and results additional memory usage and latency issues.

What Rust Programming Language brings to the table



Rust programming language provides memory safety guarantees through a combination of compile-time checks that enforce object lifetime/ownership and runtime checks which ensures that every memory access is valid.



Given the memory safety bugs in C and C++ which constitutes about 70% of all high severity security vulnerabilities in Android, the idea to switch to a memory-safe language like Rust is to prevent such from happening in the first instance.

Albeit, Google would not have to rewrite all of its existing C and C++ code into the underlying OS, but rather to focus its memory-safe language efforts on new or recently modified code with higher likelihood of memory bugs.

Some other efforts at Memory Safety with Rust Language



Microsoft has been working on new ‘memory safe’ programming language, which internally is referred to as “Safe Infrastructure Programming” based on Rust language.

The experiment with the Rust language is in a bid to improve its software, under Project Verona initiative, as Rust programming language is better than the C/C++ languages commonly used to write micro-controller firmware.

Google turns to Rust Language to prevent Android Memory Safety bugs

Microsoft has released a preview of its own build of OpenJDK, known as Microsoft Build of OpenJDK, an open source and freely available, long-term support distribution of Java.

Microsoft Build of OpenJDK binaries of Java 11 is available for download on Windows, Linux, and MacOS, with Microsoft publishing an early access binary for Java 16, which is the latest version of standard Java, for Windows on Arm. With Builds for Java 11 based on OpenJDK source code, and follows the same build scripts employed in the Eclipse Adoptium project, formerly AdoptOpenJDK.

Azure cloud users can also try the build via Azure Cloud Shell, albeit Microsoft’s binaries have passed the Java Technology Compatibility Kit (TCK) for Java 11.

What you need to know about Microsoft Build of OpenJDK



Microsoft Build of OpenJDK is to serve as a simple drop-in replacement for other OpenJDK distribution in the Java ecosystem. And the company has pledged to support Java 11 until at least 2024.



Also, Microsoft will offer support for Java 8 binaries from Eclipse Adoptium on Azure-managed services, with Java 8 offered as a target runtime option. While OpenJDK binaries for Java 17 will be due for release by the end of the year. Microsoft is a huge contributor to OpenJDK, with more than 50 patches for OpenJDK, covering areas such as garbage collection fixes, MacOS packaging, build and infrastructure.

Microsoft Build of OpenJDK binaries may come with backported fixes and enhancements deemed important to users. Though some of the fixes may not have been formally backported upstream and signposted in OpenJDK release notes.

Open competition with Oracle in the Java distribution space



The move has been seen by analysts as a serious competition for Oracle in the Java space, as Java is one of the most popular programming languages today, used for almost everything from enterprise applications to robots.

Microsoft is increasingly experiencing growth in its customer use of Java across the company’s cloud services and development tools, haven deployed more than 500,000 JVMs internally, excluding Azure services and customer workloads. Indeed, Microsoft Build of OpenJDK would set up the company to compete with Oracle in the Java space.

Microsoft Build of OpenJDK to compete with Oracle in the Java space

Cybercriminals are increasingly targeting professionals on LinkedIn with weaponized job offers via a new spear-phishing campaign in an attempt to infect targeted victims with a backdoor trojan known as "more_eggs."

According to cybersecurity firm eSentire's Threat Response Unit (TRU), the phishing lures follows a malicious ZIP archive file that has the same name as that of the victim's job titles taken from their LinkedIn profile. And once the fake job offer is opened, the victim has unwittingly initiated the stealthy installation of the fileless backdoor.

The backdoor upon execution can download additional malicious plugins and provide hands-on access to the victim’s computer and the threat group behind more_eggs, Golden Chickens, are known to sell the backdoor under a malware-as-a-service(MaaS) arrangement to other cybercriminals.

How More_Eggs Attacks are targeted at Professionals on LinkedIn



The TRU team analysis shows that the targets were professionals working in the healthcare technology industry, which upon downloading and executing the alleged job file, the victim unwittingly executed VenomLNK, an initial stage of more_eggs.



VenomLNK enables the malware’s plugin loader, TerraLoader, which then hijacks legitimate Windows processes, cmstp and regsvr32 by abusing Windows Management Instrumentation. With TerraLoader initiated, which is a decoy word document presented to the victim, designed to impersonate a legitimate employment application; but it serves no functional purpose in the infection.

Then, TerraLoader will install msxsl in the victim’s roaming profile and loads the payload, TerraPreter, which is an ActiveX control (.ocx file) downloaded from Amazon Web Services, as TerraPreter begins to beacon to a Command & Control server (C2) via the rogue copy of msxsl.

This signals that the more_eggs backdoor is ready for the threat group’s customer to gain access and carry out their malicious activities, whether it is to infect the victim with additional malware, such as ransomware, or getting a foothold into the victim’s network so as to exfiltrate data.

Risks posed by More_Eggs Backdoor to Organizations and Professionals



The threat actors went after employees of the healthcare technology sector with fake job offers, and cleverly using the job title listed on their LinkedIn profiles, in communications to the employees. They also used malicious email attachments which if the target clicked on the attachment, they'll get their system infected with more_eggs.

While the TRU team don't know for certainty what the end game is for this campaign, but what is clear is that this current activity mirrors an eerily similar campaign which was reported in the U.S. retail, entertainment and pharmaceutical companies in February 2019, where online shopping, were targeted.

Coincidentally, the hacking group, Evilnum is also known to spearphish employees of companies they are targeting by enclosing malicious zip files, which upon execution, gets the employees hit with the more_eggs backdoor, along with other malware.

New spear-phishing campaign targeting professionals on LinkedIn

Ubuntu is a popular Linux distribution based on Debian, released in three editions, namely: Server, Desktop, and Core, with all editions capable of running on PC or a virtual machine.

While Ubuntu 21.04 is the latest version of the distro, and third version to receive a codename with the letter “H”, with the earlier version, Ubuntu 5.04 which was released in 2005 codenamed “Hoary Hedgehog”, and followed by Ubuntu 8.04 LTS “Hardy Heron” in 2008. And the codename for Ubuntu 21.04 was revealed as “Hirsute Hippo“ which is a rather humongous name.

The Beta version of Ubuntu 21.04 Hirsute Hippo arrived on April 1, 2021, and the final freeze milestone is expected on April 15, with the final stable version to be made available on April 22, 2021.

What's new in Ubuntu 21.04 Hirsute Hippo Beta?



Unlike previous Ubuntu releases that came with tons of core and visual changes, Ubuntu 21.04 Hirsute Hippo Beta is rather straightforward, with the absence of GNOME 40 as a disappointment to many users, albeit it does come with GNOME 40 apps.



Ubuntu 21.04 Hirsute Hippo Beta features Wayland as the default session, whch is a replacement for X.org’s windowing system, with such advantages as support for emerging HDR technology and significantly easier to maintain. Also, Ubuntu 21.04 comes with the ability to change the power profile mode with Pipewire support.

Additionally, it brings a new set of preloaded wallpapers and there are other flavors like Xubuntu, Lubuntu, Kubuntu, Ubuntu MATE, and Xubuntu versions.

How to Update to Ubuntu 21.04 Hirsute Hippo Beta



If you wish to update from older Ubuntu versions to Ubuntu 21.04 Hirsute Hippo Beta, check the Updates section and in the Notify me of a new Ubuntu version dropdown, select the For any new version option and close the app.

But note that Ubuntu is distributed on three types of images, with the Desktop image allowing you to try Ubuntu without changing your PC at all, and at your option to install it permanently later. However, you will need at least 1024MiB of RAM to install Ubuntu from this image.

And the second type, which is the server install image allows you to install Ubuntu permanently on a computer for use as a server, but it does not install a graphical user interface.

Therefore, the 64-bit PC (AMD64) desktop image should be prefered if you have a computer based on the AMD64 or EM64T architecture (e.g., Athlon64, Opteron, EM64T Xeon, Core 2). And the 64-bit PC (AMD64) server install image is prefered if you have a computer based on the AMD64 or EM64T architecture (e.g., Athlon64, Opteron, EM64T Xeon, Core 2).

If you need help in burning these images to disk, you can refer to the Image Burning Guide.

Ubuntu 21.04 Hirsute Hippo Beta features and how to update your system

The Windows Background Intelligent Transfer Service (BITS) was introduced with Windows XP to simplify the downloading and uploading of large files; with applications using BITS to deliver updates for minimal usage disruption.

While the BITS service runs in a service host process and able to schedule transfers to happen at any time, but such files and data are stored in a local database. And like many such technologies, BITS can also be used by malicious applications to create files that are downloaded or uploaded in the context of the service host process.

According to researchers at FireEye, there is a previously unknown mechanism that shows the hackers made use of BITS to launch their backdoor.

How Hackers leverages on BITS to infiltrate Windows systems



Hackers use malicious applications to create BITS jobs and files which are downloaded or uploaded in the context of the service host process to evade firewalls that could block such malicious or unknown processes, and to obscure which application requested the transfer.



As BITS transfers can also be scheduled, it enables the attackers to schedule the attacks to occur at specific times without relying on long-running processes or the task scheduler. Also, BITS transfers are asynchronous, which results in a situation whereby the application that created a job may not be running when the requested transfer is complete.

This scenario is remedied when BITS jobs are created with a user-specified notification command, which executes after the job completes or in case of errors. Then, the notification commands associated with BITS jobs can specify the executable or command to run.

But attackers can also utilize this feature as a method for maintaining persistence of their malicious applications, since the command data is stored in a database instead of traditional registry locations, it can be overlooked by forensic investigators or tools that attempt to identify persistence executables and commands.

How to secure your Windows machine against such infiltration



This new exploit is perhaps another reminder of how even useful tools like BITS can be repurposed by hackers to their own advantage.

Therefore, the researchers have made available a Python utility known as BitsParser that aims to parse BITS database files and extract job and file information for additional analysis to aid incident response and forensic investigations.

Hackers leverages on the Windows Background Intelligent Transfer Service

The Debian based GNU/Linux distribution, Parrot OS is developed by Parrot Security with a special focus on forensics and ethical hacking, with support for KDE Plasma, Mate and Xfce Desktop Environments.

Now, the Parrot Security team has released the latest version of the distro, Parrot OS 4.11 which follows the previous release Parrot OS 4.10 that came with several bug fixes and the latest updates from upstream sources, including fixes for the BootHole Vulnerability, affecting almost all Linux distros via GRUB2 bootloader.

Parrot OS is considered a forensic distribution and detects vulnerabilities in systems and networks, as such the latest release brings all updates to the Debian test repository, including the upcoming Debian 11 “Bullseye”.

What's new in Parrot OS 4.11 Release?



Besides the latest Linux kernel and Debian 11 “Bullseye), Parrot OS 4.11 includes a number of updated core software packages for security and penetration testing.



Also, the sandbox system now has a new revision, with the following forensic tools modified, according to the official Parrot OS 4.11 release notes:

  • Default GCC version is now 10.2.1.
  • Pisces and Zsh support now available, including the latest zsh-autocomplete version.
  • Bundled with Python 3.9 and Python 2 finally removed, with / usr / bin / python pointing to / usr / bin / python3 by default.
  • Metasploid framework updated to 6.0.36 and gets updated weekly.
  • Better Cap hasbeen updated to 2.29
  • The clip now includes Go 1.15


Additionally, the 64-bit image Parrot Home 4.11 (ISO) MATE-Desktop and Parrot KTE Home 4.11 (ISO), with KTE plasma are available for security researchers and forensic scientists.

How to Download or upgrade to Parrot OS 4.11



Parrot OS is a rolling release distro, meaning that new updates are available in the repo as soon as it is stable, so existing users running the immediate previous version of Parrot OS, or older versions, simply update their package to the new stable version with the below commands.

sudo parrot-upgrade


Or

sudo apt update && sudo apt full-upgrade


For new users, the ISO images of Parrot OS 4.11 can be downloaded from the official site, with multiple editions, such as Mate, KDE, Xfce, Netinstall, Security, Virtual, and Home.

Parrot OS 4.11: Forensics & Anonymous Surfing with updated KDE Plasma and Mate

Compat2021 is a lofty project led by Google and Microsoft, with the “broader web community” to pool resources that will improve browser compatibility along five critical areas identified by the group.

According to the group, the last couple of years have highlighted browser compatibility issues as the top challenges faced by developers, and research in the MDN Browser Compatibility Report has helped hone that signal into five areas where browser compatibility is particularly an issue, namely: CSS Flexbox, CSS Grid, CSS position: sticky, the CSS aspect-ratio property, and CSS transforms.

Albeit, the effort seems to be centered around improving the open source Chromium engine which powers Google Chrome and Microsoft’s Edge browsers.

What the Compat2021 project hopes to achieve?



The Compat2021 project working group identified the focus areas above based on feature, number of upvotes on given bugs in their different tracking system, with various feedback via survey, CanIUse data, and results from web-platform-tests.



Microsoft Edge team, on its part, intends to contribute fixes to Chromium to surpass 100% of CSS Grid tests and support the improvement of interop across browsers, as well as assist with triage in web-platform-tests. While the Chromium project had already started work on improving the compatibility of the browser in 2020 with the fine-tuning of the scope of the changes offered by Microsoft.

Still, there are compatibility issues in basically all of the web platform, even though the focus of this project remains on a rather small number of the most important areas, those voted as top issues for developers.

How to get Involved with the Compat2021 Project?



If you are a developer and encountering compatibility issues in the above listed areas, it is advised that you continue to file bugs in the appropriate tool via the “Send Feedback” or directly in the appropriate project like Chromium, Webkit, or Gecko.

And you can follow up on the project’s progress on the Compat2021 Dashboard on web-platform-tests, and by subscribing to the mailing list for updates.

Compat2021 Project towards improving Browser Compatibility

OpenSSL is a full-featured toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols necessary to secure communications sent over a computer network.

According to a security advisory published by OpenSSL, there are high-severity security flaws in the software toolkit that could be exploited to bypass certificate verification and even carry out denial-of-service (DoS) attacks. Among the flaws, is one tracked as CVE-2021-3450, that prevents applications from rejecting TLS certificates that are not digitally signed by a trusted certificate authority (CA).

While the second flaw, tracked as CVE-2021-3449 concerns a potential denial-of-service (DoS) vulnerability due to NULL pointer dereferencing which can cause a TLS server to crash when in the course of renegotiation, the client transmits a malicious "ClientHello" message during the handshake.

How the OpenSSL Flaws could be exploited to bypass Certificate verification and for DoS attacks?



OpenSSL TLS server if sent a maliciously crafted renegotiation ClientHello message and if a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result.



The NULL pointer then could lead to a crash and a denial of service (DoS) attack. Albeit, the server is only vulnerable if it is running TLSv1.2 and renegotiation enabled, but OpenSSL TLS clients are not impacted by this security issue.

In order to bypass Certificate verification, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.

The flaw prevent apps from rejecting TLS certificates that are not digitally signed by a trusted certificate authority (CA) and affects all OpenSSL 1.1.1 versions, including OpenSSL versions 1.1.1h and newer.

How to Mitigate against the OpenSSL Flaws



The maintainers of OpenSSL has promptly released patches for high-severity security flaws, after the vulnerability was discovered by Xiang Ding and others at Akamai, with a fix released on GitHub by the former Red Hat principal software engineer and OpenSSL developer, Tomáš Mráz.

The fix for the vulnerabilities are available in the updated version OpenSSL 1.1.1k released on Thursday. Therefore, applications that rely on the vulnerable version of OpenSSL are advised to apply the patches in order to mitigate the risks.

OpenSSL Flaw could be exploited for Denial of Service (DoS) Attack

Cybercriminals have continued to leverage on the ProxyLogon vulnerabilities to gain access to systems running unpatched Microsoft Exchange servers, with the DearCry and Black KingDom ransomware attacks.

According to Sophos, the Black KingDom ransomware isn't the most sophisticated payload, as analysis reveals that it's somewhat rudimentary in its composition, but still, it can cause a great deal of damage to users of Exchange Servers. It exploited the on-premises version of Microsoft Exchange Server, thereby abusing ProxyLogon, the remote code execution (RCE) vulnerability.

Sophos telemetry detected the ransomware on March 18 as it targets Exchange servers that were unpatched against the ProxyLogon vulnerabilities, alongside the DearCry ransomware attacks reported last week.

How the Black Kingdom ransomware spreads on Exchange servers?



Black KingDom ransomware was orchestrated from a remote server with the IP address, 185.220.101.204 which corresponds to Germany, and the threat actors operated from 185.220.101.216; albeit both IP addresses belong to a Tor exit node, which makes it impossible to know exactly where the attackers are located.



It exploited the on-premises versions of Microsoft Exchange Server, which after successfully breaching the Exchange server, the attacker delivered a webshell by abusing the remote code execution (RCE) vulnerability also known as ProxyLogon.

The webshell provides remote access to the server, thus allowing the execution of arbitrary commands. And the ransomware binary is based on a Python script compiled into an executable via PyInstaller. The Sophos researchers were able to decompile the binary to its original source code to understand the ransomware’s functions.

The source code was named 0xfff.py, with the “fff” representing a hexadecimal value for the decimal number 4095; though the significance remains a mystery.

How to Detect Black KingDom ransomware attacks



The Black KingDom ransomware payload can be detected with Troj/Ransom-GFU, Troj/Ransom-GFV and Troj/Ransom-GFP or simply by the CryptoGuard capability within the Sophos endpoint protection Intercept X. SophosLabs has also published indicators of compromise to Github.

Cyber Threat hunters running Sophos EDR may also utilize the queries posted here to find further indicators of compromise on their networks.

New Ransomware Attacks targeting Microsoft Exchange Servers

Mozilla has been a staunch advocate of the browser-side protection that block sites from tracking users online activities, with its Firefox browser, pushing hard on privacy with pro-privacy features.

Now, the company has introduced a Tracking Protection tool for Firefox Private Browsing and Strict Traction Protection Modes known as SmartBlock that automatically blocks third-party scripts, images, and other media content from being loaded on the browser. Thus the blocking of those scripts will protect users from being tracked across sites.

Starting with Firefox 87, the latest version of the browser, users can begin to experience a new privacy feature touted as intelligently fixing webpages that are broken by actively tracking protections, without compromising on user privacy.

What is Firefox SmartBlock all about?



SmartBlock is Firefox's built-in content blocking feature, necessary for both private browsing and strict tracking protection modes, which ultimately blocks third-party scripts, and other content from being loaded from cross-site tracking lists compiled by Disconnect.



It aims to fix the issues with websites not displaying properly as a result of using old blockade techniques, as SmartBlock provides local stand-ins for blocked third-party tracking scripts. The stand-in scripts behave just like the originals to make sure that all the webpages works properly.

Also, it allows broken websites that rely on the original scripts to load with their functionality intact. The SmartBlock stand-ins are bundled into Firefox, with no actual third-party content loaded at all, so there is no chance for third-party to track users and, of course, the stand-ins don't contain any code for tracking functionality.

How to Download or Upgrade to Firefox 87



Firefox 87 is now available for download and introduces the new privacy feature called SmartBlock, which intelligently fixes up web pages that are broken by other tracking protections, without compromising on the user privacy.

But as Firefox update happens in the background, the changes will be automatic, however users can manually upgrade the browser via the hamburger menu to Help —> About Firefox, and the download should begin immediately.

Firefox SmartBlock makes Private browsing less of a hassle

Purple Fox is an active malware campaign that targets Windows machines, which until recently, infected Windows machines by using exploit kits and phishing emails.

According to researchers at Guardicore Labs, there is a new infection vector of this malware where Windows machines are breached through SMB password brute force. The Purple Fox malware includes a rootkit that allows the threat actors to hide the malware and make it difficult to detect or remove from the machine.

The researchers also identified Purple Fox’s vast network of compromised servers which hosts its dropper and payloads, and these servers appear to be compromised Microsoft IIS 7.5 servers.

How Purple Fox Rootkit Spread Itself to Other Windows machines?



Purple Fox is distributed in the form of malicious ".msi" payloads which are hosted on nearly 2,000 compromised Windows servers, and in turn, download and execute a component with rootkit capabilities, enabling the threat actors to hide the malware and thus evade possible detection.



The vast majority of the servers, which are serving the initial payload, runs on relatively old versions of Windows Server, namely: IIS version 7.5 and Microsoft FTP, which servers are known to have multiple vulnerabilities with varying degrees of severity.

There are several ways this campaign is spreading: first the worm payload is being executed once a victim machine is compromised via a vulnerable exposed service such as SMB. And secondly, the worm payload spreads via email through a phishing campaign which exploits a known browser vulnerability.

The malware once successfully infiltrated a machine, blocks multiple ports (445, 139, and 135) in an attempt to "prevent the infected machine from getting reinfected, and/or being exploited by a different threat actor. And the next phase is the propagation process by generating IP ranges and scanning on port 445, with the probes to discover vulnerable devices on the network with weak passwords and brute-forcing them to create a botnet.

How to Mitigate against Purple fox



Botnets are often deployed by threat actors to spread all kinds of malware, including ransomware attacks, on the infected computers, albeit in this case, it isn't quite clear what the attackers are after.

Given that it spreads via old Windows versions, the most obvious advice to mitigate Purple Fox is regular updating and patching of your system. Additionally, secure your network by adding more advanced layers of security such as anti-malware solutions that use behavior monitoring and AI to strengthen detection capabilities.

Purple Fox malware spreading via wormable infection technique

Brave, the company behind the popular privacy-focused browser by the same moniker recently announced its acquisition of Tailcat, an open search engine developed by the team responsible for the private search and browser products at Cliqz.

With the acquisition, Brave is developing a privacy-focused alternative search engine to Google that promises above all things to never profile users activities. Brave refers to its upcoming search engine as an antidote to “Big Tech,” and the need to harvest users search history to serve targeted ads and recommendations.

Interestingly, Brave will also be bringing a combination of privacy-focused browser and search engine, which is perhaps what made Google successful, given the heavy adoption of its chrome browser.

What Brave Search is bringing to the table?



The open search engine, Tailcat will become the foundation of Brave Search, with Brave Search and the Brave browser constituting the industry’s first true independent, privacy-focused alternative to Google and Chrome, which rely heavily on tracking its users across all websites.



As Brave browser offers the stringent privacy protections to users, even so is the Brave Search being developed according to the same principles, as follows:

  • Brave Search offers Choice: Providing options for ad-free paid search and ad-supported search.
  • Brave Search is Independent: Relies on anonymized contributions from the community to improve and refine its Search.
  • Brave Search is User-first: Meaning that Brave serves the user first, not the ad and data industries.
  • Brave Search is Private: it doesn't track or profile users.


Brave Search comes as part of the family of privacy-preserving Brave products, even as consumers are increasingly shifting to user-first alternatives. Brave browser, as a result, recorded an unprecedented growth in 2021, reaching more than 25 million monthly active users, lending to the fact that privacy is now becoming mainstream.

Does Brave search stand any chance with Google's strangle-hold on search?



Brave has grown its browser market share significantly over the past year, from about 11 million monthly active users to over 25 million. Therefore, it is expected that even greater demand for Brave in 2021 will spur the adoption of their search service, as more and more users demand real privacy solutions to escape the Big Tech’s invasive practices.

As a case in point, DuckDuckGo, another privacy-focused search engine has been growing steadily since it was launched in 2008, and has even scaled its efforts to capitalize on growing international reach for its pro-privacy products, which Google has recently recognized the importance of offering a private search option, by adding DuckDuckGo in the available search engines on Chrome for over 59 countries.

Brave Search: Privacy-focused Search Engine to counter Google

There is a proposal to add an actor model to Swift programming language, which the actor proposal review process was opened on March 15 and will be reviewed until March 29.

While the actor model would offer developers the ability to use shared mutable state, with static detection of data races and other common concurrency bugs. Apple had earlier implemented Swift Atomics, which is an open source package that makes it possible to build synchronization constructs, like concurrent data structures, directly within the Swift programming language.

Now, the actor model is suitable for most design patterns, like parallel maps and concurrent callback patterns, albeit it is limited to working with state captured by closures. Swift includes classes that offers a mechanism for declaring mutable state shared across a program, although classes are difficult to use within concurrent programs.

What is an Actor?



A reference type introduced by the keyword actor :) which protects access to its mutable state is known as an actor. And with reference to messaging, an actor can take local decisions, send messages, create more actors, and decide on how to respond to next message received.



Also, Actors can modify their own private state, but only affect each other indirectly via messaging, therefore eliminating the need for any lock-based synchronization.

Why An Actor Model of Concurrency for the Swift Programming Language?



The concurrency roadmap for the Swift language made available by apple last fall included a proposal for actors and actor isolation, with a structured concurrency proposal for Swift that introduces concurrent tasks and offers data race safety for functions and closures.

Despite the rise in popularity of the Swift programming language, it lacks the facilities for true concurrent programming. However, there is an extension to the language which enables access to said concurrent capabilities and offers an api for supporting these interactions.

But the adoption of the ACTOR model of concurrent computation shows that it can be successfully incorporated into the language. And the early findings on prototype implementation suggests a general design pattern for the implementation of the ACTOR model in the Swift programming language.

Proposal for Actor Model of Concurrency in Swift Programming Language

Apple's integrated development environment (IDE) known as Xcode is used for the development of applications for iOS, macOS, iPadOS, watchOS, and tvOS.

According to researchers at SentinelOne, threat actors are leveraging on Xcode as attack vector to compromise developers' system on the Apple platform with a backdoor, which attacks add to a growing trend targeting developers using the popular development environment.

The Trojanized Xcode Project, dubbed "XcodeSpy", is a tainted version of the open-source development environment project known as TabBarInteraction used by Apple developers to animate tab bars for iOS based on user interaction.

Previously, attackers resorted to a tainted Xcode executables called XCodeGhost to inject malicious code in iOS apps compiled with infected Xcode without the knowledge of the developers, and even use the infected apps to collect users' data when the apps are downloaded and installed on their devices from the App Store.

How threat actors are infecting Apple App Developers With XcodeSpy?



XcodeSpy is a tainted version of the legitimate, open-source project called TabBarInteraction available on GitHub that's employed by developers to animate iOS tab bars.



It also contains an obfuscated Run Script which executes when the target developer's build is launched; then the script will attempt to contact the attacker-controlled server to retrieve a custom variant of the EggShell backdoor to install on the developer's machine.

The backdoor comes with such capabilities as recording through the victim's device microphone, camera, and keyboard. XcodeSpy may have been targeted at a group of developers, or even an individual developer, but there are potentially other scenarios where attackers could simply be trawling for targets to gather data for future attacks.

How Developers can detect XcodeSpy Infiltration



XcodeSpy relies on an in-built feature of Apple's IDE that allows developers to run custom shell script on launching their application. The technique is pretty easy to identify, but new or inexperienced developers who aren't aware of the Run Script feature will be particularly at risk since there isn't any indication in the debugger to indicate the execution of the malicious script.

Albeit, the objective behind the Xcode exploitation or even the identity of the group behind it remains unclear.

Trojanized Xcode Project: Hackers targeting Apple Developers with XcodeSpy

MyBB, originally known as MyBulletinBoard, is an open-source forum software that is written in PHP, with support for MySQL, PostgreSQL and SQLite database systems.

According to security researchers Simon Scannell and Carl Smith, there are critical vulnerabilities in the popular bulletin board software which could have allowed an attacker to get remote code execution (RCE) without having authorized access. The first is a nested auto URL persistent XSS vulnerability (CVE-2021-27889), which flaw stems from how MyBB parses messages with URLs, allowing unprivileged forum user to embed stored XSS payloads into threads and even private messages during the rendering process.

And the second vulnerability is an SQL injection (CVE-2021-27890) in the forum's theme manager which could lead to an authenticated remote code execution (RCE). The successful exploitation happens when an administrator with the "Can manage themes?" permission imports maliciously crafted theme, or a user visits a forum page where the theme has been set.

The vulnerabilities were promptly reported to the MyBB Team, and they subsequently released a patch on March 10, with MyBB software version 1.8.26 to address the issues.

How MyBB Vulnerabilities could have been chained together to achieve remote code execution (RCE)



The MyBB vulnerability could be exploited with minimal interaction by simply saving a maliciously crafted MyCode message on the server as a thread post or Private Message and luring a victim to a page where the content has been parsed.



Alternatively, an attacker could devise an exploit for the Stored XSS vulnerability by sending a private message to a targeted administrator on MyBB board, which as soon as the administrator opens the private message, the exploit will be triggered. And the RCE vulnerability will be automatically exploited in the background leading to a full takeover of the targeted MyBB forum.

The flaws currently affect MyBB forums with versions 1.8.16 and 1.8.25 , which vulnerabilities can be chained together to achieve Remote Code Execution (RCE) without any prior access to a privileged account on default MyBB-configurations.

How to Mitigate the risks associated with the flaws



Aside the two vulnerabilities mentioned above, MyBB latest version 1.8.26 also fixes other four security issues, namely: Improper validation of votes in thread poll options, which leads to SQL injection (CVE-2021-27946), Improper sanitization of data, resulting SQL injection (CVE-2021-27947), additional User Groups ID numbers saved without proper validation in the Admin Control Panel, leading to SQL injection (CVE-2021-27948) and lastly, a reflected XSS vulnerability in custom Moderator Tools (CVE-2021-27949).

Therefore, all MyBB users are hereby recommended to update their software to MyBB version 1.8.26 in order to mitigate the risks associated with the flaws.

MyBB squashes Critical Remote Code Execution Flaw

Apple now require apps to ask for permission from iPhone users before tracking them across websites or even other apps using the device's advertising identifier (IDFA), which new privacy framework is known as App Tracking Transparency (ATT).

While ad companies and marketers have used the IDFA to keep tab on iPhone users personal data between different apps in order to serve targeted ads and also, track how their ad campaigns have performed.

Now, the Chinese Advertising Association (CAA) has devised a scheme that's aimed at bypassing the new privacy rules introduced by Apple and allow ad companies to continue the tracking of users without having to rely on the IDFA; this they hope to achieve with an identifier called the China Anonymization ID (CAID).

How the China Anonymization ID (CAID) will help advertisers to serve Targeted Ads



The China Anonymization ID (CAID) possesses the characteristics of anonymity and decentralization, which means it doesn't collect private data. It only transmits the encrypted result, and the result is irreversible, thus protect the privacy and data security of the end user.



And since CAID doesn't depend on Apple IDFA, it can generate device identification ID independent of the IDFA, which it uses as an alternative to device identification for any iPhone running iOS 14 and as a supplementary solution if IDFA isn't available.

Albeit, CAID has not been formally implemented, as the tool is presently under testing by a number of China's largest ad tech companies, including Tencent, with several other foreign advertising companies haven applied on behalf of their Chinese partners, according to a report by the Financial Times.

However, it remains to be seen if CAID will get a green-light from Apple, as the proposal from the Chinese Advertising Association (CAA) is currently been actively communicated to the Cupertino-based company, which the report claims that "Apple is aware of the tool, but seems to have turned a blind eye to it."

The Future still looks bleak for Targeted Advertising



Google had recently announced a highly monumental change to its Chrome browser, which over the course of next two years, will phase out support for third-party cookies. The crumbling of cookie has definitely raised a lot of arguments among advertisers and publishers, as it will negatively impact online marketing.

If perhaps, third-party cookies are wiped out in Chrome, it simply means online advertisers will be unable to serve targeted ads for almost half of these audience, as statistics puts it at about two billion installation and one billion people using the browser each month.

App Tracking Transparency (ATT) circumvented to serve Targeted Ads

Cybersecurity researchers at Netlab 360 has discovered a new Mirai-based botnet which uses a honeypot to harvest victims, called ZHtrap and which borrows some features from Matryosh, a notorious DDoS botnet.

While Matryosh targets Android users by reusing the Mirai botnet framework which propagates via Android Debug Bridge (ADB) interfaces to infect Android devices. The ADB command-line tool is also part of the Android SDK that allows developers to debug their apps and handle communications on Android devices.

On the other hand, the ZHtrap botnet employs a similar technique by integrating an IP collection module for gathering IP addresses which are used as targets for worm-like propagation.

How ZHtrap Botnet traps Victims using a Honeypot?



The ZHtrap botnet gather IP addresses that are used as targets for further worm-like propagation, in addition to setting up a honeypot on the infected device.



It takes advantage of known vulnerabilities to propagate, and besides functionality such as DDoS and scanning, ZHtrap also implements backdoor functionality, which allows it to take snapshots from the victim devices, and disable the running of new commands, thus maintaining exclusivity over the device.

And by identifying IP addresses that connect to 23 designated ports, ZHtrap amasses IP addresses which it uses to inspect for the vulnerabilities, in order to inject the payload.

ZHtrap uses Tor C2 and communicates with the C2 using a proxy, with the first packet as the header and the second packet as the body; after sending the registration packet, it waits for the C2 to send the command, and if the header of the command packet passes the check, it selects the processing flow based on the command specified by the third byte in the header.

Obviously, ZHtrap takes a cue from Matryosh by using Tor for communication with a c2 server to download and execute its payloads. Albeit, many botnets uses worm-like scan propagation, ZHtrap's honeypot marks an "interesting" evolution of botnets to facilitate finding more targets.

ZHtrap Botnet using a Honeypot to find more Victims

When the tech industry comes to your mind, the first thing you think about is coding. Most people think that if they're not good at coding, they cannot have a splendid tech startup.

However, it is great to have an idea about coding, but you can still come up with the best tech startup even if you have none. Several startups have reached the best level search Alibaba, Amazon, and many more. With write my essay com you will be able to craft a great plan for your future startup.

If you've ever wondered how they succeeded and became the best, worry not because you're going to learn everything here. Most entrepreneurs want to build tech startups but fear they may not succeed at the end. You don't need to have a tech background to do great when it comes to technology. The founder of Codementor discussed the main points in building tech startups when you're a non-tech founder, as listed below:

  • Contributing value
  • Have a technical team
  • Create your prototype together with MVP


In this article, we wIll discuss the main point so that you can have an idea of how to become a great non-tech founder.

Ways of Building your Business Prototype and MVP



The main challenge most start-up founders go through is changing an idea into a particular product. To ensure that things run smoothly, the primary method is building a prototype together with an MVP. Both of them ensure that the development of the products gets designed to fit the market.



You have to ensure that the development of the prototype comes first before the MVP. For you not to make any mistake, you need to know the difference between the two. Since you don't have any technological skills, how do you go about it? During office hours, there are four main approaches to consider:ow:

  • Try building it alone
  • You can choose to work with freelancers
  • Consider working with development agencies
  • Join hands with your partner and work on it


However, it is good to know both the pros and cons of every building it Yourself. The first approach you can take is trying to create it on your own. It is excellent to know about the two separately because both prototype and MVP need unequal technical skills. Dissertation writing services can provide you with a lot of useful tips on such projects.

Pros:

  • The tools are practical and simple to use
  • It is an inexpensive option


Cons:

  • It is a process to get the correct tool
  • The design is not flexible


If you have a hard time building a prototype, you can turn online, and you'll get numerous help. You will get different tools that will help you get where you want. The tools you get online are both efficient and easy to use. You will not need anyone's help if you follow the right path. It is good to use ready-made templates since they make work more accessible, but it comes with several disadvantages.

The ready-made templates do not bring out any creativity that will help in designing the website. You will also have to spend much of your time trying to find the tool that will work flawlessly without giving you any problems.

3 Keys to building a Successful Technology Startup

Microsoft has released a one-click mitigation software, known as Exchange On-premises Mitigation Tool (EOMT), with the PowerShell-based script serving as a mitigation tool against ProxyLogon.

While ProxyLogon is the successful weaponization of the Exchange Server flaws, which attackers have leveraged to access Exchange Servers, and gain control and persistent system access to enterprise networks.

The ProxyLogon mitigation software applies all the countermeasures necessary to secure vulnerable Exchange server environments against the ongoing widespread cyberattacks.

Reasons for the Widespread attacks against unpatched Exchange Servers



Due to the successful weaponization of the Exchange Servers flaws which allows attackers to gain persistent system access and control of enterprise networks, there's been a widespread attacks against unpatched Exchange Servers.



And with the rapid expansion of attacks on vulnerable Exchange Servers, several threat actors are exploiting the vulnerabilities using the proof-of-concept (PoC) code shared on GitHub, before they were eventually deleted by Microsoft, and with the new ransomware threat, unpatched Exchange Servers are not only at risk of data theft but also potentially having the data encrypted, thus preventing the organization from getting access to the data.

Microsoft believes the initial attacks originates from Hafnium, a state-sponsored hacker group operating out of China, and the claims were tied to Hafnium activities which include conducting reconnaissance of victim environments by the deployment of batch scripts that automate functions like network discovery, account enumeration, and credential-harvesting.

How to Use This One-Click Mitigation Tool to Prevent Exchange Attacks?



With the Exchange On-premises Mitigation Tool (EOMT) which is now available to mitigate against current known Exchange attacks, you can simply scan the Exchange Server using the Microsoft Safety Scanner to discover any deployed web shells, and remediate the detected compromises.

Albeit, the tool is designed to serve as an interim mitigation for customers who are yet to patch/update their software and applied the on-premises Exchange security update released by Microsoft.

Microsoft releases a One-click Mitigation Tool against ProxyLogon

Fuzzing is a well-known technique for testing programming errors in software, and OSS-Fuzz is an open-source fuzzing service developed by Google which supports Python, C/C++, Rust, Go, and Java/JVM code.

While the open-source fuzz-testing service, OSS-Fuzz, now supports applications that are written in Java and other JVM-based languages, such as Kotlin and Scala; also, other programming languages supported by LLVM may equally work and OSS-Fuzz supports the fuzzing of x86_64 and i386 builds.

Furthermore, Google's Open Source Security team have partnered with Code Intelligence to integrate their Jazzer fuzzer into OSS-Fuzz, which integration, means that open source projects written in JVM-based languages can use OSS-Fuzz for continuous fuzzing.

What Jazzer integration with OSS-Fuzz brings to the table?



With the integration of Jazzer, developers will be able to fuzz code written in JVM-based languages with libFuzzer given that they already can for those written in C/C++; and this is possible through the providing of code coverage feedback from JVM bytecode to libFuzzer.



Other ways Jazzer supports important libFuzzer features are as follows:

  • Minimizing of crash inputs
  • Evaluation of code coverage based on 8-bit edge counters
  • FuzzedDataProvider for fuzzing code without an array of bytes
  • Value profile


And Jazzer will be able to support all libFuzzer features eventually, it currently offer coverage feedback from native code executed through JNI, which can uncover memory corruption vulnerabilities in memory-unsafe native code.

How to fuzz memory safe code



In fuzzing memory safe code, developers can use same classic approach for fuzzing memory unsafe code, namely: passing mutated input to code and wait for the crashes. Or perhaps, take a more unit test like approach whereby your fuzzer verifies that the code behaves correctly.

Alternatively, as fuzzing can find interesting bugs through differential fuzzing, therefore differential fuzzing, can allow your fuzzer pass mutated input from the fuzzer to multiple library implementations which should have the same capabilities.

OSS-Fuzz supports fuzzing of apps written in Java/JVM based languages

ProxyLogon is the name given to successful weaponization of Exchange Server flaws, which attackers have leveraged to access victims' Exchange Servers, and gaining control and persistent system access of an enterprise network.

According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.

And Microsoft has warned of a new family of human operated ransomware attacks, detected as Ransom:Win32/DoejoCrypt.A, which attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers. The heavy exploitation of the flaws by cybercriminals is as a result of a proof-of-concept (PoC) code shared on GitHub by a security researcher which has now been taken down by Microsoft.

How ProxyLogon allows an attacker to access victims' Exchange Servers?



The successful weaponization of the Exchange Servers flaws allows an attacker to gain persistent system access and control of an enterprise network.



There was a rapid expansion of attacks aimed at vulnerable Exchange Servers, with several threat actors exploiting the vulnerabilities before they were eventually patched by Microsoft last week, and with the new ransomware threat, unpatched Servers are not only at risk of data theft but also becoming potentially encrypted, thus preventing access to organization's mail.

With thousands of entities, including the European Banking Authority, have been breached via ProxyLogon to install a web-based backdoor called the China Chopper web shell which grants attackers the ability to plunder mailboxes and remotely access target systems.

Microsoft believes that the initial attacks originates from Hafnium, a state-sponsored hacker group operating out of China, and besides the installation of the web shell, other behaviors tied to Hafnium activity include conducting reconnaissance of victim environments by the deployment of batch scripts that automate functions like network discovery, account enumeration, and credential-harvesting.

Other groups discovered to be exploiting the vulnerabilities prior to the patch release are Websiic, Tick, LuckyMouse, Calypso, and Winnti (APT41), with others such as ShadowPad, Mikroceen, and DLTMiner compromising Exchange servers days immediately after the release of the fixes.

How to Mitigate against the ProxyLogon flaws



The avalanche of attacks is a warning to users to patch all versions of the Exchange Server as soon as possible, and take necessary steps to identify signs of compromise, given that attackers were exploiting the zero-day vulnerabilities in the wild for months before Microsoft released the patches.

Therefore, the best advice to mitigate the vulnerabilities is to apply the relevant patches, and organizations will need to shift into response and remediation activities to counter any existing intrusions.

ProxyLogon PoC: Cybercriminals heavily exploiting Exchange Server flaws

Project Lilliput is a proposal led by Red Hat’s Roman Kennke, which effort aims to explore ways to reduce Java object header, with the goal of shrinking it to 64 bits.

The Java object header is currently a 128-bit object in the 64-bit HotSpot VM, coupled with a 64-bit multipurpose header word and a 64-bit class pointer. The proposal states that reducing header size would greatly enhance overall CPU and memory usage for all Java workloads, reduce memory pressure, irrespective of been in a large in-memory database or small containerized app.

The reduction in object header will been useful for such purposes as tracking the age of each object in garbage collection, type information and storing identity hash code.

What would Developers benefit from Project Lilliput?





With Project Lilliput, Java would have a smaller object header, which means improving memory usage, with other benefits including:

  • Packing of Objects gets tighter
  • Higher Object Allocation rate
  • Reduction in garbage collection activity
  • Reduction in heap usage


Additionally, it will make the header layout more flexible and allows more build or runtime configuration of how bits are used.

Initial work plan for Project Lilliput



Project Lilliput cites a number of techniques to downsizing header fields, such as backfilling fields known at compile time and compressing pointers.

Albeit, there are constraints to the project, like the fact that it requires a change in assembly across supported platforms. Also, there could be issues with other Java projects, such as Loom: for decrease complexity in concurrent applications, Panama: for bridging between Java and C/C++ and Leyden: which addresses Java issues like slow startup time.

Project Lilliput: OpenJDK proposal to reduce Java object header

There is a new sophisticated Trojan targeting Linux endpoints and servers, dubbed "RedXOR" by Intezer, which masquerades as a polkit daemon.

According to Intezer, there are similarities found between the malware and the Winnti Umbrella (or Axiom) threat group such as PWNLNX, ​XOR.DDOS​ and Groundhog; and it is believed that Chinese nation-state threat actors are behind it. And the malware samples were uploaded from Indonesia and Taiwan, both countries that are known to be targeted by China-based threat groups.

The moniker "RedXOR" was derived from its network data which is encoded with a scheme based on XOR, and compiled with a legacy GCC compiler on old release of Red Hat Enterprise Linux, which perhaps suggests that the malware is targeted at legacy Linux systems.

RedXOR possesses capabilities, such as stealing system information, performing file operations, running arbitrary shell commands, and executing commands with system privileges, or even options to remotely update the malware.

How RedXOR Malware targets legacy Linux systems



RedXOR use of XOR encoding between RedXOR and ​PWNLNX, allows it to take the form of an unstripped 64-bit ELF file ("po1kitd-update-k"), complete with a typosquatted name ("po1kitd" vs. "polkitd"), that upon execution, creates a hidden directory to store files, before finally installing itself on Linux machine.



Besides the similarities in terms of the overall flow and functionalities, RedXOR comes with an encrypted configuration housing the command-and-control (C2) server and port, and password is needed to authenticate the C2 server, before establishing any connection over a TCP socket.

And the communications aren't only disguised as HTTP traffic, but also encoded on both ways using an XOR encryption scheme, which are decrypted to conceal the exact command.

How Users victimized by RedXOR can take protective measures?



Linux users who are already victimized by RedXOR can take protective measures by simply killing the system process and remove all files related to the malware.

But above all, as sophisticated attacks on Linux systems continue to increase over time, it is now necessary to protect your Linux system with advanced security software, especially for business or enterprise users.

RedXOR Linux Malware with Remote Credential-stealing capabilities

Microsoft released .NET Core 2.1 in May 2018, as a long-term support (LTS) release, which means it was supported for three years or an additional year after the next LTS release.

Now, the company has announced that it will end support for the .NET Core 2.1 development platform on August 21, 2021, which means that those running the platform after that date will be at risk of security issues. And starting from September 2021, security updates will not be issued .NET Core 2.1 and every computer that has .NET Core 2.1 installed, will be potentially unsecure.

Therefore, Microsoft advises that users should migrate to successors such as .NET Core 3.1 or .NET 5, or risk facing potential security issues.

While .NET 5 which arrived in November 2020, as part of Microsoft’s push to unify the .NET technologies will serve as a merger of .NET Framework and .NET Core as it is intended to unify the .NET platforms. And the first preview of .NET 6 has already been published last month, with the public version due in November 2021.

What .NET Core 2.1 users are expected to do right away



As there will be no more updates for .NET Core 2.1, including security fixes, or technical support, Microsoft advises that users should to update to a currently supported successor, such as .NET Core 3.1 or .NET 5, with the supported versions available for download at dotnet.microsoft.com.

The end of support is scheduled for August 21, 2021; Microsoft has cautioned that if any user should run into issues and need technical support, they may not be able to help you.



So, if you are a developer and your application uses NET Core 2.1, it is strongly recommended that you migrate your application to a supported version, such as .NET 3.1 or later. And if you’re an end-user, it is recommended that you reach out to the vendor of your software to confirm that your version of the software is up-to-date.

How to Upgrade to .NET Core 3.1 or Later versions



The upgrading instructions for .NET Core 3.1 are as follows:

  • Open the project file (the *.csproj, *.vbproj, or *.fsproj file).
  • Change the target framework value from netcoreapp2.1 to netcoreapp3.1. The target framework is defined by the TargetFramework or TargetFrameworks element.
  • For instance, change netcoreapp2.1 to netcoreapp3.1.


You’ll need to update your .NET Core 2 to a supported version (.NET Core 3.1 or .NET 5.0) before this date in order to continue to receive updates.

Microsoft set to End Support for .NET Core 2.1 platform

Malware dropper is a sort of Trojan designed to "install" some particular kind of malware to a target system.

And there is a dropper, dubbed Clast82, that employs a series of evasive techniques to avoid detection by Google Play Protect, which infiltrated 9 Android apps distributed via Google Play Store to deploy a second stage malware capable of gaining intrusive access to users' financial details.

According to Check Point researchers, the malware targets victims as well as taking full control of their devices by changing the payload dropped from non-malicious to the notorious AlienBot Banker and MRAT malware.

How the 9 Android Apps spread AlienBot Banker and MRAT Malware?



Check Point researchers discovered 9 Android apps used to spread the malware dropper (Clast82), namely: eVPN, BeatPlayer, Cake VPN, Pacific VPN, QR/Barcode, Music Player, tooltipnatorlibrary, Scanner MAX, and QRecorder. But Google had promptly removed those apps from the Play Store on February 9, after the findings were reported by Check Point.



On evaluation of Clast82 on Google Play, the configuration from the Firebase C&C shows an “enable” parameter and based on the parameter’s value, the malware can “decide” whether to trigger the malicious behavior or not. Albeit, this parameter is set to “false” by default and only changes to “true” after Google has published the app on Google Play store.

And the malware’s ability to run undetected shows the importance of a capable mobile security solution, as it isn't enough to scan the app only during the evaluation period, as a threat actor can easily change the app’s behavior after it is published using third-party tools.

How to Mitigate against such malicious mobile apps



As the Clast82 payload does not originate from Google Play Store, the scanning of apps would not have actually prevented the installation of the malicious app.

Therefore, the only solution is to monitor the device itself, and constantly scanning network connections and the behaviors of installed application would certainly be able to detect such malicious behavior.

Hackers leveraged on Android Apps to spread Malware dropper

WhatsApp is among the best chat apps today with global recognition, but are there other alternatives?

WhatsApp has grown over the years with numerous features like end-to-end encryption coming into the fray, but in this article, we will be taking a look at some of the best WhatsApp alternative chat apps you should try out in 2021.



1. Telegram



The first WhatsApp alternative we will be taking a look at is Telegram, the UK-based messaging app with some of the best messaging features. This messaging app has end-to-end encryption, and unlike WhatsApp, which allows you to create groups with just 256 members, you can create Telegram groups which hold up to 200,000 members who can share files of up to 2 gigabytes all at once.

Pros




  1. Open API
  2. End-to-end Encryption
  3. Light data usage
  4. Group size of up to 200,000 members


Cons




  1. Metadata is stored on their servers



Supported Platforms



Windows PC, MacOS, Windows mobiles, iPad OS, Linux, Android, and iOS.

Pricing: Free

Quick Tips: It could happen that Telegram don´t run on your older softwares. If you are searching for a new one, Naija Reviews gives you the best shopping advice for smartphones.

2. Signal Messenger



The major reason you should consider Signal Private Messenger is that it is secure and developed by the same developers who brought end-to-end encryption to WhatsApp. As a plus, Signal messenger uses an open-sourced system that is far more secure than WhatsApp. A couple of new and exciting features on Signal are the screen security feature – preventing anyone from taking screenshots while it is on – and self-destructive messages. Truly Signal is an effective WhatsApp alternative you need to try.


  1. Phone call encryption
  2. No metadata storage
  3. Secure messaging
  4. Secure and open-source system


Cons




  1. Outdated versions cannot be used
  2. Update frequency is high
  3. No backup option for iOS users
  4. Only files up to 300kb and less can be sent


Supported Platforms



Windows, MacOS, iPad OS, Linux, Android, and iOS.

Pricing: Free

3. Wire messaging



Another effective WhatsApp alternative you need to check out today is the Wire messaging app. This is a Switzerland messaging app with a user-friendly interface. It also has an open-sourced system which makes it secure for use and an ideal alternative for WhatsApp. It has features like a cloud backup system and self-destructive messaging features. You also enjoy voice and video call options which makes it enjoyable to use.

Pros




  1. Multiple device login
  2. Group voice call option
  3. Open source system


Cons




  1. Metadata is stored on their servers



Supported Platforms



MacOS, iPad OS, Linux, Android, and iOS, browser extension.

Pricing: Free

4. Viber



Viber is a Japanese VoIP (voice over IP) messaging app, a great WhatsApp alternative. From your calls to shared media and even video calls, every one of your activities is protected using end-to-end encryption. You can create groups of 250 users and make video calls with up to 20 users without any form of complexity. Compared to WhatsApp, Viber has the "community" feature, allowing many communities for easy socializing.

Pros




  1. Availability of social communities
  2. It has video conferencing option
  3. You can make calls to users not on Viber at good rates


Cons




  1. The app supports advertisements



Supported Platforms



MacOS, iPad OS, Linux, Android, and iOS, Windows.

Pricing: Free

Conclusion



Though WhatsApp has been a great and effective messaging app, you need to explore these other options, especially with the recent user privacy issues. We have mentioned many WhatsApp alternatives here, with many features you would enjoy. Many of them are free and are available on multiple platforms like iOS and Android.

4 Best Alternative Chat Apps to WhatsApp

Power FX is an open-source programming language developed by Microsoft that promises to make coding as easy as building an Excel spreadsheet.

The Windows-maker touted Power FX as general purpose low-code programming language based on spreadsheet-like formulas which can be used across Microsoft’s Power Platform; and as it is based on Microsoft Excel it will be accessible to a larger number of people, even non-programmers.

Albeit, Power FX isn't so much a brand-new language as it is a new moniker for the formula language for Microsoft's canvas apps.

What Power FX brings to the coding table?



Power FX is a general-purpose, declarative, strong typed, and functional programming language that shares the same syntax and functions as Excel.



It currently works with Power Apps which is where you can experience it for now. And the process of extracting the programming language so that it can be used in more Microsoft Power Platform products and make it available for everyone is the next step.

As such, if you're familar with spreadsheets, or particularly, if you have written VBA macros, then you'll find Power FX pretty straightforward. There is also the fact that Power FX can be used in a "no-code" environment by making the UI generate the data and formulae needed for the computation.

Additionally, Power FX formulas can be stored in YAML source files for easy edit using either Visual Studio Code, or any other text editor and it also enables Power FX to be under the same source control with Azure DevOps, GitHub, or other source code control systems.

What Power FX means for Developers?



As Power Fx will be used within Microsoft's workflow automation tool and subsequently made available to all Windows 10 users, it can amplify the effectiveness and impact of developers by multiples of the same timeframe.

Therefore, offering developers a familiar way to express logic, will dramatically expand the possibility of building sophisticated solutions. And coupled with the tools a professional expects, including ability to directly edit apps in text-based editors like Visual Studio Code and use source control, Power FX will make it possible for developers to work faster and be more productive.

What is Power FX? Microsoft's new Open-source language based on Excel

ObliqueRAT is a notorious Trojan that was documented in February 2020, that primarily spy on users, including via webcam and the malware campaigns specifically target organizations in South Asia.

Cybersecurity company Cisco Talos has discovered a new campaign distributing the malicious remote access trojan (RAT) ObliqueRAT. And this new campaign deploys the ObliqueRAT payload and utilizes completely different macro code to download, with the attackers haven also updated the infection chain to deliver ObliqueRAT via hijacked websites.

The new malware campaign targeting organizations in South Asia utilizes malicious Microsoft Office documents forged with macros to spread ObliqueRAT.

What is the Mode of Operation of ObliqueRAT?



Previously, ObliqueRAT mode of operation, according to Cisco Talos, overlapped with another threat actors known as Transparent Tribe whose campaign in December 2019 was to disseminate CrimsonRAT, but the currentattacks differs in some key ways.



Besides the fact that it use of a completely different macro code to download and deploy the ObliqueRAT payload, the campaign operators have updated the delivery mechanism by cloaking the malware in seemingly innocous bitmap image files (.BMP files) on a network of adversary-controlled websites.

Additionally, the payload hosted on the hijacked website is simply a BMP image containing a ZIP file with the ObliqueRAT payload, and the malicious macros are responsible for extracting the ZIP and subsequently the ObliqueRAT payload on the endpoint.

The attack goal is to trick victims to open the emails containing the maldocs, which opened, will direct the victim to the ObliqueRAT payload using malicious URLs and ultimately export sensitive data from the victim's system.

How to Mitigate against such Email-based Malware attacks



Given that main attack vector remains the email, it is advised that users should desist from opening suspicious email and its attachements.

Additionally, they should use advanced malware protection solutions such as that offered by Cisco which is a better alternative to the in-built Windows protection.

ObliqueRAT resurfaces with Evasion tactics using hijacked websites