Nitrux team has released a new version of the Ubuntu-based Linux distribution, Nitrux 1.3.7, with Sudo utility upgraded to its latest version 1.9.5-p2, which fixes the newly discovered vulnerability in the program.

While Nitrux 1.3.7 also comes with several other bug fixes, and core software updates, with performance improvements and ready-to-use hardware support.

Including its core features like NX Desktop and NX Firewall built on top of the KDE Plasma 5 desktop environment and Calamares installer, along with MauiKit Applications.

What's New in Nitrux 1.3.7 Release?



Besides the upgraded Sudo utility, Nitrux 1.3.7 has updated KDE Plasma desktop to v5.20.5, KDE Frameworks to v5.78.0, and KDE Application bundle to latest version 20.12.1.



Also, it now ships with the latest Long-Term Support (LTS) and non-LTS kernel version, namely: Kernel 5.10.10 and 5.9.16, respectively. And among the enhancements is the addition of a new default application menu known as Ditto menu, replacing NX Simplemenu, the previous application menu.

With several bug fixes, including:

  • Automatic Time adjustment when selecting a timezone in System Settings has been fixed
  • Regional Settings KCM no longer display languages other than US English
  • New users can no longer be added using the Users KCM in System Settings and no displayed users
  • Removal of Nvidia X11 driver configuration and AppImage file download from the postinst script


Furthermore, Nitrux 1.3.7 offers two new Latte Dock layouts by default (nx-bottom-panel-2 and nx-top-panel-2) which makes use of the new application menu and the Window Buttons Applet plasmoid.

How to Download or Upgrade to Nitrux 1.3.7



Nitrux 1.3.7 is now available for download, through the ISO images, if you are a new user who want to give it a spin. And if you're an existing user, you can easily upgrade your system to Nitrux 1.3.7 from the previous version.

However, you'll need to create a Bootable USB after downloading the file, and boot from your USB device. Kindly note that the new ISO uses the LZ4 lossless data compression algorithm for faster installation.

Nitrux 1.3.7 Release: Upgraded Sudo utility and several other bug fixes

Microsoft launched Win32 Metadata project to provide a full description of the WinAPI, thus allowing an automated projection to any language, by minimizing maintenance overload.

While the Win32 Metadata project will make Windows APIs accessible to more languages, by producing metadata for the APIs, with such Languages as Rust, C#, and C++ already beneficiaries of this project.

It follows an ECMA 335-compliant Windows metadata file published to Nuget.org, as accurately describing all the Windows APIs take time, there is a call for developers to build tools to assist with the project.

How Win32 Metadata project will enable automated projections of WinAPI signatures for the languages



There have been such earlier projects as Pinvoke for .NET and winapi-rs for Rust which offered more strongly typed and idiomatic representations of the bindings and wrappers, but getting a sustained API coverage has been pretty difficult.



Microsoft aims to provide sustainable and broad API coverage across languages with the Win32 Metadata project.

With project as C#/Win32, which help to parse metadata and generate P/Invoke wrappers required to call the APIs; serving as sample of what is possible with dynamic projections of Win32 APIs, C#/Win32 provides IntelliSense capabilities and also strong types for parameters.

The roadmap for the Win32 Metadata project has C#, C++, and Rust and ready to be published in 2022, after a later preview this year. And Microsoft hopes to work with the community to support more languages based on demand, with the project haven published a set of principles and goals including the maximum API coverage.

Similarly projects to the Win32 Metadata project



Rust for Windows is a similar project which is Rust language projection that allow Rust developers to call Windows API via metadata, using code generated on the fly. The APIs could be called as if they were another Rust module, with a Modern C++ projection still also in development.

Before now, developers were forced to handcraft the wrappers or bindings, which process is error-prone. With the Win32 Metadata project, there is now a sustainable API coverage across more languages.

Microsoft looks to make Windows APIs accessible to more languages

There are three zero-day flaws in Apple iOS, tvOS and iPadOS, marked as CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871, which vulnerabilities could have allowed an attacker achieve remote code execution and elevated privileges.

While Apple has already released updates for the three zero-day flaws, including for iOS, iPadOS, and tvOS, the company did not say how widespread the attack was or reveal the attackers exploiting the flaws in the wild.

The flaws which were reported by an anonymous researcher, included privilege escalation bug in the kernel (CVE-2021-1782) `that could cause a malicious application to elevate its privileges, discovered in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871), which could permit an attacker to achieve arbitrary code execution on Safari.

Apple's fixes for the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS



Apple announced the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS, after the patches have been released and widely applied, with the race condition and the WebKit flaws haven been addressed with improved locking and restrictions.



The patches and fixes released for the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS are as follows.

  • iOS 14.4 and iPadOS 14.4


  • Kernel



    Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

    Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

    Description: A race condition was addressed with improved locking.

    CVE-2021-1782: an anonymous researcher.

    WebKit



    Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

    Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

    Description: A logic issue was addressed with improved restrictions.

    CVE-2021-1871: an anonymous researcher. CVE-2021-1870: an anonymous researcher.

  • tvOS 14.4


  • Kernel



    Available for: Apple TV 4K and Apple TV HD.

    Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

    Description: A race condition was addressed with improved locking.

    CVE-2021-1782: an anonymous researcher.



These updates are available for iPhone 6s and later, iPad mini 4 and later, iPad Air 2 and later, and iPod touch (7th generation), as well as Apple TV HD and Apple TV 4K.

Zero-Day Security Vulnerabilities in Apple's iOS and iPadOS Exploited in the Wild

FLoC (Federated Learning of Cohorts) is Google's new approach to deliver and measure ads sent to Chrome users after it rests the already retired third-party cookie.

While Google announced a highly monumental change to its Chrome browser in early 2020, which over the course of next two years, will phase out support for third-party cookies. The hint on the crumbling of cookie has definitely raised a lot of arguments among advertisers and publishers, as it will impact heavily on online marketing.

The goal of phasing out third-party cookie is to make the web more private and secure for all users, as cookies track web users online, and used by advertisers to serve targeted ads based on what web users previously searched for on the web.

What is FLoC?



Google's proposal for interest-based cohorts, also known as FLoC (Federated Learning of Cohorts) will be made available for public developer testing starting in March. And recently, Google shared the latest results of its experiments with the FLoC API.



FLoC is created by using on-device machine learning to group Chrome users into cohorts that are based on browsing behavior, and by clustering large groups of people with similar interests, with individual users being theoretically, indistinguishable from other people in the cohort.

Google claims that its simulations demonstrate that cohorts have the capability to drive about 95% of the conversions per dollar spent compared to cookie-based advertising.

And if all goes according to plan, advertisers will start testing FLoC-based cohorts in Google Ads by Q2, 2021. With Chrome 90 release in April seeing the first controls for the Privacy Sandbox, which will be an initial on-off decision and further customisation coming later.

How Advertisers will be impacted by the replacement of third-party Cookie?



If third party cookies are wiped out in Chrome, in that programmatic ecosystem, it means online advertisers will be unable to personalize content or serve targeted ads for almost half of their audience.

Chrome browser is the most dominant of the lots, with statistics pointing to about two billion installation and one billion people using the browser each month, which means that any changes to the ecosystem will drastically affect the online advertising world.

Now, there are some skepticism in the advertising community about the viability of FLoC as a replacement for third-party cookies. But Google is convinced that FLoC and other proposals within the Privacy Sandbox represent the future of how ads and measurement products will work on the web.

What is FLoC? Google's new Replacement for third-party Cookie

There is a new malware spreading through WhatsApp by automatically replying to received messages with a link to malicious Huawei Mobile app.

According to Lukas Stefanko, an ESET researcher who discovered the Android malware, it propagates itself via WhatsApp messages to the victim's other contacts with the goal of expanding an adware campaign. The malware leverages the quick reply feature on WhatApp used to respond directly to incoming messages from the notifications to automatically send out reply to received message.

It automatically replies to received messages with a link to malicious Huawei Mobile app, which upon clicking, redirect users to a fake Google Play Store.

How the Android Malware Spreads via WhatsApp



The malware app once installed on a victim's device, prompts the victim to grant it notification access, which it then abuses to carry out the automatic wormable attack.



It also requests for other intrusive access in order to run in the background and draw over other apps, which means that the malware app can overlay other apps running on the device with its own window to steal credentials and additional sensitive data.



The malware is fully capable of sending automatic replies to WhatsApp contacts, though the feature could be potentially extended with a future update to include other messaging apps that support the quick reply functionality.

Albeit, the exact mechanism it uses to find its way around on initial set of directly infected victims is yet not clear, but, as wormable malware are potentially able to expand from a device to several others in incredibly quick time.

This new malware has once again underscores the importance of sticking to trusted sources like Google Play Store for downloading apps, and for users to carefully scrutinize every app permissions before installation.

New Android Malware Spreading via WhatsApp messages

IPFS, which stands for InterPlanetary File System, is a peer-to-peer networking protocol similar to BitTorrent designed to serve as a decentralized storage system.

While Brave browser is the first web browser to integrate IPFS support, and offers an alternative way of using the internet instead of the HTTPS (Hypertext Transfer Protocol Over Secure Socket Layer) protocol that is currently the norm.

Albeit, IPFS is a relatively obscure transport protocol with promises of improving on the dominant HTTP standard by ensuring faster access to content and more resiliency to failure and control.

Why does IPFS support matter in Brave's Web Browser?



Normally, web users uses URLs (universal resource locators) to access the different sites from centralized servers and you are left with either using HTTP or HTTPS on your browser. Now, the physical proximity to the servers does affect how long it takes to load a page and the amount of bandwidth.



But, IPFS instead of relying on URLs and servers, distributes website related data across a network. And the data can also be accessed with URIs (universal resource identifier), which in simple terms, is akin to how BitTorrent and blockchain function. With every PC or mobile device known as “nodes” and temporarily stores a piece of a website’s data, meaning that whenever a user accesses a website via IPFS, it loads data from any nearby nodes on the network.

The obvious advantages of the new approach include faster speed as data is distributed and stored closer to the users who are accessing the information, as well as lower costs of server for the original publisher of the content. And most importantly, IPFS has the potential to make content more resilient to failures and censorship.

As a user, you can also choose to not be a node and access IPFS content through public gateway, though the public gateways can view and log your IP address.

Some Privacy concerns in Brave’s IPFS network



There are privacy concerns in Brave’s IPFS network, whether you’re a local node or simply loading IPFS content. If you’re a node, Brave gives you a unique ID, which ID though hashed, is still viewable by other users to see what you are hosting and accessing. Your PC and network’s resources will also be used when another user accesses the IPFS data you’re hosting.

And even if you choose to not be a node and simply access IPFS content via a public gateway, the public gateways can still view and log your IP address. But, Brave for now uses IPFS alongside HTTP/HTTPS, so it will affect only the content that’s configured for IPFS hosting.

What function does the IPFS protocol in Brave's Web Browser serve?

MrbMiner is a relatively new crypto-mining malware that targets Microsoft SQL Server (MSSQL) databases, and quite similar to MyKings, Lemon_Duck, or Kingminer miners, as regards how the malware gained a foothold on the database servers.

According to researchers at Sophos, the database server process (sqlservr.exe) launched a downloader executable which seemed to spontaneously appear on the server. While the downloader retrieved a cryptominer called MrbMiner, the miner seems to have been created, hosted, and controlled by a software development firm based in Iran.

The malware operations is typically like most of other cryptominer attacks targeting internet-facing servers, albeit, the MrbMiner attacker appears to have jettison all cautions when it comes to concealing their identity.

MrbMiner Crypto-Mining Malware Linked to a Software Company in Iran



Mrbminer operation begins with Microsoft SQL Server (sqlservr.exe) process launching a file called assm.exe, which is a downloader Trojan. The assm.exe file download the cryptominer payload from a web server, which then connects to its C2 (command-and-control) server for further communications.



The MrbMiner cryptojacking payload also included a kernel-level device driver (WinRing0x64.sys), and a miner executable named Windows Update Service.exe which helps to obfuscate its purpose.

Sophos researchers in order to unravel the origin of the malware, began by digging into the domain hardcoded into the miner’s configuration file, vihansoft.ir. And a lot of the records relating to the miner’s configuration, including its domains and IP addresses, all points to a single point of origin, a software company based in Iran.

The Vihansoft.ir domain, used as both a C2 and a payload server, was registered to the software development company based in Iran. With Payloads also downloaded directly from the same IP address used to host the vihansoft.ir domain.

How to stop MrbMiner Cryptojacking



Cryptojacking remains a growing threat that is very difficult to detect, and it presents an open door to other threats, such as ransomware.

Therefore, it is important to thwart cryptojacking in its tracks by looking out for signs such as reduction in your PC speed and performance, overheating, increased demands on the CPU and increased power use.

MrbMiner Malware cryptojacking operation targets SQL servers

Freelancing is a demanding field and can even take a toll on your social interactions. That is why you can find a lot of useful info regarding freelancing tools on Manicreaders.com and how to improve productivity in the mentioned areas. Being a contractor is also another challenging activity that will consume much of your time in a day.

However, everything has been simplified and easier for the freelancer and contractor, thanks to the already available tools. SaaS (Software as a service) has grown widely and spread globally, making tasks easier. Through the SaaS platforms, contractors and freelancers can compile various activities and manage their careers on purely online platforms. Cloud computing has even smoothened the path for both parties.

It is sporadic to encounter a freelance or even a contractor dealing with some junk of papers in the name of documenting projects or even inventories. Developers and programmers are already on a spree to enhance the available tools that can be more substantial to the typical user and freelancers and contractors.

8 Best Online Tools for Contractors and Freelancers





Through these tools or platforms, a freelancer or contractor can keep an eye on the most brilliant and latest ideas, access already prepared inventories, or even prepare the checklists themselves. Find below the best tools and platforms useful for any freelancer and contractor.

  • Hubspot
  • It is one of the most effective platforms where a freelancer can keep an eye on consistent or potential clients. A couple of emails and conversations you have undertaken with your clients as freelancers are coupled more challenging in this powerful platform. Through Hubspot, you can prepare reminders, make notes, and do any other important activity about your freelancer career.
  • QuickBooks
  • Freelancing and smaller businesses benefit a range of services from this powerful tool. With QuickBooks, you can undertake accounting services and also manage all the expenses regarding freelancing. It is also a go-for tool when it comes to taxation.
  • Basecamp
  • As a freelancer or contractor, you might have a broader range of projects to undertake and manage. However, with Basecamp, everything about projects seems to be sorted out. It will help to keep and maintain projects. You can use it to prepare to-do lists. Asana, a tool that enables you to keep track of the client or project deadlines, is more substantial. It is a powerful top-up to Basecamp.
  • LinkedIn Sales Navigator
  • If you want to find the best people in any company or online organization, LinkedIn Sales Navigator can be of great help. With this tool, a freelancer can establish a company's best contract under a non-permanent client's ownership.
  • Harvest
  • Harvest is also another productive and essential tool for the freelancer and contractor. With the tool, a freelancer or even a company can keep track of timings and employee report hours. It can also keep track of project timelines enabling clients and their employees to be at per on the project's status underway. MyHours and Toggle are some more tools that will help you establish hours spent to complete given tasks.
  • Canva
  • Canva is a tool that's vital for the design of exclusive presentations and will enable you to create social assets for your website or blog. It is pretty easy to use, and the outcome is a perfect presentation that everyone will love.
  • Google Drive
  • Google Drive is a common platform essential for sending documents, saving your thesis ideas, and other crucial workpieces. Most freelancers keep an eye on their projects and quickly make adjustments and corrections courtesy of Google Drive. Fortunately, the application is free and easy to use, hence making a contractor and freelancer much easier.
  • Calendly
  • Time management is even more comfortable, courtesy of Calendly. All you need as a freelancer is to ensure strict adherence to its guidelines. Calendly will help you spare time by setting up meetings with various clients across the globe.


Conclusion



Freelancing and contracting is more manageable with the influx of better tools to manage every service undertaken. Usually, most of the applications or tools are substantial to both clients and freelancers.

They revolve around time management, project notifications, online scheduling meetups, and much more. Evernote, Google Analytics, Hootsuite, and Buffer are also primarily for organization and simplification of freelance activities.

8 Best Online Tools for Contractors and Freelancers

Google Project Zero security researcher, Natalie Silvanovich has disclosed several vulnerabilities found in multiple video conferencing applications, including Facebook Messenger, Signal, Google Duo, JioChat, and Mocha messaging apps, but which many are now fixed.

The bugs made it possible to transmit audio to the attackers' devices without having to gain any code execution. Such as the Signal bug which was patched in September 2019, that made it possible to connect the audio call by simply sending the connect message from the caller's device to the callee instead of the other way around, without user interaction.

Now, the vulnerability occurred due to a logic bug in a calling state machine, that is, as the recipient never responded with an "answer" before adding tracks to the connection.

How the Bugs in Signal, Facebook Messenger, and Google chat apps let attackers spy on users?



While the majority of messaging apps rely on WebRTC for communication, the connections are often created by exchanging call set-up using Session Description Protocol (SDP) between peers in what's known as signaling, that typically works by sending SDP offer from the caller to which the callee responds with an SDP answer.



If perhaps, a user starts a WebRTC call with another user, a session description called an "offer" will be created containing all the data necessary to set up a connection, like the kind of media, format, the transfer protocol, and the endpoint's IP address and port being used, among others.

Normally, it is expected that a callee consent is ensured ahead of audio transmission and that no information is shared until the receiver interacts with the app to answer the call, before adding tracks to the connection, but Silvanovich observed a contrary result.

The flaws did not only allow calls to be connected without interaction from the callee, but also, it potentially permitted the caller to force a callee device to transmit audio/video data.

All Affected Messaging Apps have released a Fix



Facebook issued a patch for Messenger in November 2020, against the vulnerability that could have granted an attacker logged into the Messenger app to simultaneously initiate a call and send a maliciously crafted message to a target signed in to both the app as well as any other Messenger client like a web browser, and starts receiving audio from the callee device.

And Signal on its part issued a fix in September 2019 for the audio call flaw in Signal's Android app that made it possible for the caller to get the callee's surroundings sound due to the fact that it didn't check if the receiving device that connect message from the callee was actually the caller device.

Other messaging apps including JioChat and Mocha messaging apps have all issued patches for their respective apps. Albeit, such logic bugs in the signaling state machines remains an under-investigated attack surface of video conferencing applications.

Project Zero discloses Critical Bugs in Signal, Messenger and Google chat apps

The .NET nanoFramework is an open source project that allows developers to leverage on familiar Microsoft technologies to build managed code applications for constrained embedded devices.

While the project will enable developers to use the Visual Studio IDE and C# to write applications for embedded systems without the need to worry about the low-level intricacies of the microcontroller, and suitable for IoT sensors, wearables, robotics and industrial equipment.

It comprises of a reduced version of the .NET Common Language Runtime and subset of .NET base class libraries, also the common APIs included in the Universal Windows Platform, which enables reuse of code from desktop apps, IoT Core applications, .NET code samples, and other open source projects.

What features are included in the .NET nanoFramework?



The .NET nanoFramework seems to pick up where .NET Micro Framework for embedded application development stopped and perhaps, as it uses some of its building blocks, with the project components completely rewritten, and several others improved upon.



Some unique features expected in the .NET nanoFramework include:

  • Support for Native multithreading
  • Execution constrains for device lockups and crashes
  • Support for Interop code which allow developers to write libraries that have both managed (C#) and native code (C/C++)
  • Support for common embedded peripherals and interconnects like SPI, GPIO, UART, I2C, and USB
  • Ability to run on resource-constrained devices of 256kB of flash and 64kB of RAM
  • Fully supports ARM Cortex-M and ESP32 devices, bare metal.


Additionally, there is an inclusion of a mark-and-sweep garbage collector which means no manual memory management.

The project is supported by the .NET Foundation, and the core team members and contributors to .NET nanoFramework are also embedded systems enthusiasts. It will make the development of such platforms easier, faster and less costly by giving developers of embedded systems access to modern technologies and same tools used by desktop app developers.

If you are a developer and want to get onboard, there are several resources available to get you started: from the getting started guides to the code samples repository and you can also find projects on Hackster.io.

What is .NET nanoFramework? Using C# to write embedded applications

There is an ongoing malware campaign that leverages on critical flaws, now fixed, in Laminas Project (Zend Framework) and Liferay Portal, also an unpatched vulnerability in TerraMaster; which malware variant is known as "FreakOut".

According to researchers at Check Point, the malware exploits recently disclosed vulnerabilities in NAS (network-attached storage) devices running on Linux employing the machines as part of an IRC botnet for crypto-mining activity and launching of distributed denial-of-service (DDoS) attacks.

The goal of these attacks is to create IRC botnet (machines infected with the malware that will be controlled remotely), which then can be used for any malicious activities, such as launching DDoS attacks on targeted organizations’ networks.

How FreakOut Malware Exploits vulnerabilities in Linux system?



The FreakOut attacks are specifically aimed at Linux systems that run any of the below listed products, which all products suffers from the new vulnerabilities that are exploited by the malware for the ones that have not being patched, already.



Find the affected products and their various version so as to know which to patch now to block the new “FreakOut” malware that is exploiting the vulnerabilities.

  • Zend Framework: Which is a very popular collection of library packages for building web applications
  • Liferay Portal: An open-source enterprise portal that offer features for developing web portals and sites
  • TerraMaster Operating System (TOS): Another popular vendor of storage devices


Once a device is infected by the FreakOut malware, it can be used as a remote-controlled attack platform to target other vulnerable devices to expand the attackers network of infected machines.

The malware’s capabilities include information gathering, port scanning, creation and sending of data packets, network sniffing, and launching of DDoS and network-flooding attacks.

And the FreakOut attack exploits the following CVE’s: CVE-2020-28188 (TerraMaster TOS), CVE-2021-3007 (Zend Framework) and CVE-2020-7961 (Liferay Portal). While the patches are available for all the affected products, therefore users of these products are advised to check for the update and patch their devices to shut off the vulnerabilities.

FreakOut Attack: New Malware campaign Exploiting vulnerabilities in Linux systems

The hugely popular Google-built web development framework, Angular is set for a host of improvements with the expected release of Angular 12, ranging from improved error messages to better integration with deployment providers.

While current version Angular 11 was released on November 11, bringing improvement to typing of common pipes and bug fixes that ensure TestBed isn't instantiated after the override provider; Angular 12 follows on same improvements with the offering of stricter types and better router performance.

There are several other new changes in the framework, besides the router performance improvements, and stricter types, which is added for DatePipe and number pipes to catch misuses, such as passing an array at compile time.

What's Expected in Angular 12 Update?



Angular 12 has some major improvements in the works such as ng build compiler command and the yarn build bundler command running production builds by default. The aim is to improve integration with several providers, like Netlify, Heroku, and many others.



Also, another prospective feature is the improved error messages, with top 10 errors having much more detailed error messages and docs. Other expected features for Angular 12 include:

  • Updated version of Ivy language service to provide improved type checking
  • Tearing down of the test module and environment after every test, which would significantly improve test speed
  • Trimming of non-critical CSS for inlined styles in Universal. Though, an experimental feature, it would be an opt-in or opt-out enabled capability
  • Debut of the ng-linker for distribution of Angular Ivy libraries to NPM. It would allow deprecation of the compatibility compiler and improve build time
  • Use of CLI strict mode by default for new projects


Additionally, there will be support for inline Sass in components, and Angular Universal will render Angular applications in the server.

Angular 12 Roadmap and Release Date



The Angular roadmap published by the development team cited new point releases of Angular 11 still in development, with planned Angular 11.1 release to boost performance and offer improvements for the compiler CLI, and language service, including bug fixes. While Angular 12 is scheduled for release in May 2021.

All major Angular releases are supported for 18 months, with 6 months of active support, during which regularly-scheduled updates and patches are released. With 12 months of long-term support (LTS), during which only critical fixes and security patches are released.

Angular 12 Update: Expected Features and the final release date

DNS over HTTPS (DoH) protocol works by altering normal DNS, which queries in plaintext are made from a given app to the DNS server, using settings on the operating system received from the network provider.

Now, the United State's National Security Agency (NSA) has recommended DNS over HTTPS (DoH) that is configured appropriately in enterprise environments, could help to prevent initial access, and exfiltration techniques used by threat actors.

It encrypts DNS requests using HTTPS to provide both privacy and integrity, with 'last mile' source authentication for client's DNS resolver.

Why DNS-over-HTTPS protocol is recommended for Enterprise environments?



If someone visits a website that uses HTTPS, the DNS query and response is sent over an unencrypted connection, which could allow any third-party to eavesdrop on the network to track the websites a user visits. Also, man-in-the-middle (MiTM) attacks can simply be carried out by changing the DNS responses to redirect unsuspecting visitors to malicious sites.



While using HTTPS to encrypt the data from the DoH client and the DoH-based DNS resolver, it increases user privacy and security by preventing both eavesdropping and MiTM attacks by the manipulation of DNS data.

The NSA recommends that the gateway used to forward query to external authoritative DNS servers in any event that the enterprise DNS resolver doesn't have the DNS response cached, should be able to block DoH, DNS, and DNS over TLS (DoT) requests to external DNS servers and resolvers that are not from the enterprise.

Experts caution on the DNS-over-HTTPS protocol



There is the DoH fear that if it is widely deployed, bypassing enterprise filters by employees to access blocked content, as traffic to certain malware domains are blocked within the enterprises, will become easy.

Thus, IT administrators will need to keep an eye on the DNS settings across the various operating systems to prevent DNS hijack attacks, with hundreds of apps running their own unique DoH settings, this will be a herculean task for the administrators.

DNS over HTTPS (DoH) recommended by the NSA for Enterprise environments

DarkMarket is the largest illegal marketplace on the dark web, which has now been taken down in an operation involving Europol with coordinated cross-border collaborative effort of other countries.

According to Europol, DarkMarket had about 500,000 users and over 2,400 vendors, with more than 320,000 transactions leading to the transfer of 4,650 bitcoin and 12,800 monero (€140 million). The notorious dark web marketplace mainly have vendors who trade in all kinds of drugs, stolen or counterfeit credit/debit card details, anonymous SIM cards and counterfeit money.

Europol's initiatives is to create a coordinated approach to tackle crime on the dark web, which involves law enforcement agencies from across and outside the EU and other relevant partners, such as Eurojust.

Europol-led operations against DarkMarket



The operator of DarkMarket was arrested near the German-Danish border, while investigation by the cybercrime unit of the Koblenz Public Prosecutor's Office led to the location and closure of the marketplace.



Europol's involvement included facilitating international information exchange, specialist operational support and providing of advanced analytics that assisted the German authorities to identify and track down the alleged operator of DarkMarket.

The takedown of DarkMarket also means that law enforcement will seize the criminal infrastructure, including over 20 servers in Moldova and Ukraine, used to conduct the operations.

Europol's Dark Web Commitments



In May 2019, Wall Street Market and Silkkitie also known as the Valhalla Marketplace was shut down through a Europol-led police operation. With about 1.15 million users and 5,400 vendors of drugs, malware, and other criminal goods, the Wall Street Market was a huge dark web marketplace.

But despite the clampdown, cybercriminals still find their ways to alternative services for selling their wares, including services like Elude and Sonar, private channels on Discord that facilitate such illegal transactions.

DarkMarket Takedown: Secret Wars Against Illegal Dark Web Marketplaces

How to crack WinRAR password protected file has been one of the questions raised by several people who have heard about the advantages that can be obtained from such a software.

In case you are not aware, WinRAR is a data compression software developed by Eugene Roshal in 1995 for compressing large files, or encrypting it for privacy concerns. The WinRAR file is available in all over the Internet and they are easily accessible. You need not have to be an expert in order to be able to make use of these files. Simply you need to download the WinRAR utility program from its official site and start using it.

But what if you have downloaded a WinRAR file that is password protected? Or if you have encrypted a WinRAR file and you accidently lost or forgotten your password, then what would be the solution?

In this article, I’ll be sharing a great tool known as “RAR password recovery” that will help you in recovering your password protected RAR files.

How to Crack WinRAR Password Protected Files



There are several ways of recovering WinRAR file password such as using a recovery tool or without using any software. Today, we’ll discuss breaking WinRAR password using a software since not everyone is expert and everyone wants to save time. Therefore, using a software will be a better choice.



And there are many benefits of recovering WinRAR file using software such as it will ensure that all of your data is completely safe because it will prevent the possibility of a "dirty rip". When you rip a file, you are actually exposing sensitive data to being hacked into. This is the very reason why security is mandatory for this program.

If you choose to download free RAR password recovery tool, you will have to look for a legitimate one. There are many sites that offer recovery tools but you have to be aware that some of them are fake and they can cause damage to your computer.



Another advantage of using RAR password recovery is that you’ll not have to reveal anything to anyone because everything you download will be saved onto your computer. This means that your personal details and private files will always remain safe from prying eyes. To some, this is one of the major disadvantages to download free software since majority of them have malicious codes that hacks into your system and destroy your data so beware of not downloading any of the free programs that claim to recover RAR archive password.

It's because there is a high chance that these are just thinly disguised viruses that will do more harm than good for your system. However, RAR password recovery has managed to remove this flaw since it is completely safe to use. You can use it without worrying about anything. They do have a paid option too with more benefits but free version is enough to satisfy your need.

Conclusion



This software is quite user friendly and takes small size of installing setup file. This process of breaking WinRAR password is so easy that you don't have to pay money to a professional as it will do the work for you.

So give it a try to RAR password recovery tool and let us know your feedback about it.

How to Break WinRAR Password Protected Files?

WebP images make your website more SEO friendly and more visually appealing. And also, they have a shorter loading time than most graphics formats such as JPG, PNG, SVG or BMP formats and are relatively inexpensive when compared to Flash and other animated content.

WebP or web graphics, as they're commonly known, can be implemented in WordPress with the use of a WebP plugin. There are a number of popular websites that feature WordPress themes and plug-ins with WebP support, and you may want to browse these websites to get an idea of how easy it is to integrate WebP images in your WordPress blog.

WordPress offers lots of benefits to users, but one of the most important and often overlooked features is the ability to add image galleries to their web site. Since blogs are built around certain topics or themes, using images to enhance your blog is a great way to give your readers a visual depiction of what your blog is about without actually having to include them in your post.

You can add WebP support to your WordPress blog by adding a new WordPress gallery plug-in. The plugin will manage all of your web images, saving you time and allowing you to focus on other more important things such as creating great content for your blog.

Best Way to use WebP on WordPress





There are a few different ways to add this kind of support to your WordPress site. You can do a manual search for images using a search engine such as Google, Yahoo or MSN and copy the URL of the images you want to include (you can find an example of this in the plug-in examples folder in your WordPress software).

Another way to add this support is by installing the plugin called WebP PHP Uploader. This plugin automatically takes care of preloading WebP images that you can use in your posts.

WebP Express is another useful way to create images. This plugin provides support for a wide range of image formats including, but not limited to, JPEG, GIF and PNG. You can even store these images on your WordPress database, which is useful for restoring later. You can also preview the images before adding them to your website or blog.

Another great option to use WebP images on your website is to convert your existing images to WebP format using the WebP converter online that allows you to convert any format to WebP and vice versa in a matter of few clicks. Simply upload your images and get your images converted into WebP easily.

Conclusion



WebP images are an excellent way to display images without worrying about size restrictions. The WordPress repository has many plugins that helps you in resizing these images easily and quickly. Using images on your webpage can open up new levels of interaction with your visitors. These images have been used widely across the web for several years to enhance both web sites and graphic presentations.

Since it is the most optimized and the fastest image format for websites, you should definitely use WebP images and see a significant change in your load times.

Best Way to use WebP Image format on WordPress

Sophos threat researchers has uncovered new spyware operation that is targeted at users in Pakistan by leveraging on trojanized versions of legitimate apps to carry out espionage on Android users.

The malicious app variants obfuscate their operations by stealthily downloading a payload in form of an Android Dalvik executable (DEX) file, with the DEX payload containing the malicious features, which include ability to covertly exfiltrate sensitive data such as user's contacts and the full SMS messages contents.

Among the trojanized apps masquerading as legitimate apps are the Pakistan Citizen Portal, and a Muslim prayer-clock app known as Pakistan Salat Time, Registered SIMs Checker, Mobile Packages Pakistan, and TPL Insurance.

How the Trojanized apps Spy on Android users



On installation, the app would request some intrusive permissions, like the ability to location, access contacts, file system, microphone, and read SMS contents, which then allow it to gather personal data from a victim's device.



These apps all have one purpose, that is, to carry out espionage and exfiltrate data from a target device. Furthermore, the DEX payload in addition to sending the unique IMEI identifier, relays detailed profile information about the device, location, contact lists, call logs and the contents of text messages, with the listing of internal or SD card storage on the device.

The malicious apps after gathering this information then sends it to one of a number of command-and-control (C2) servers hosted in eastern Europe.

How to Safeguard against spying and covert espionage on Android phone



While Android apps are cryptographically signed to certify that the code originates with a legitimate source, thus tying the app to its developer, but exposing to end user when signed app's certificate isn't legitimate or not valid is still wanting on Android.

Therefore, Android users need to stick to trusted sources to download apps, verify if an app is actually built by a genuine developer, and scrutinize every app permissions carefully before installation.

Trojanized Apps employed by Hackers to Spy on Android users

WhatsApp is the most popular messaging app, but recently, the instant messenger is losing huge number of users as a result of privacy issues in its updated privacy policies.

The Facebook-owned messaging app is at the center of worldwide angst by users to clarify how it handles personal data within Facebook’s other family of apps and products. Whatever may be your concerns that warrants your leaving WhatsApp, below are list of 5 best WhatsApp alternatives for Free Instant Messaging in 2021.

5 WhatsApp Alternatives You Should Use in 2021



In this list, we've outlined instant messaging apps with focus on privacy, and also, those that features almost all the capabilities of WhatsApp. So, you can check out the list of WhatsApp alternative apps below and use any of the app that suits you.

1. Signal Private Messenger





Signal Messenger brings a number of security benefits compared to WhatsApp and it also offers self-destructing of messages, screen security to prevents anyone from taking screenshots of your messages, and many more.

It encrypt its backups, calls, group calls, and other persoanl data within the app, including the files sent via Signal are all protected. Furthermore, Signal doesn’t link your data to your identity according to its Apple’s App Store listing.

And Signal is very popular with journalists, as it is best suited for people who're looking for a secure messaging app and if you're such looking for simple and yet funtional messenger that doesn't compromise your privacy, Signal is the best WhatsApp alternative for you.

2. Telegram Messenger





Telegram Messenger is an open-source messaging app and one of the best WhatsApp alternative out there. It brings such features as super groups made up of about 100,000 people, public channels, usernames, and the ability to share files of up to 1.5 GB, with pass code lock and self-destructing messages, coupled with end-to-end encryption in secret chat among other features.

There are also Telegram Bots, which further enhances the experience, as the bots not only bring important information to you on the go but there are several game bots that allow you to play games within the messaging app.

Unlike WhatsApp, Telegram is multi-platform compliant and can be user in several platforms at once, so you can begin texting on your smartphone and continue on your PC in the Office.

3. Snapchat





Snapchat isn't just a messaging app, but also a full-fledged social media app, you can use it as a messaging application thanks to some unique features that it boasts of, for instance, you can send messages which self-destruct after a set period of time. Also, it notifies you when someone takes a screenshot of your chats with them.

It features are mostly copied by Facebook, such as the ability to create group chats, group voice calls, gifs, and many more. Snapchat is one of the most innovative messaging services you'll ever come across.

Furthermore, it offers the best face-mask collection of all the messaging apps that you may have ever used which makes the app super fun to use.

4. Viber





Viber is a hugely popular messaging and VoIP app that can stand toe-to-toe with WhatsApp, as the app offers end-to-end encryption in its calls, messages and shared media.

The messaging app brings multi-device support, which WhatsApp obviously lacks and messages saved in multiple devices are fully encrypted.

Viber also lets you make video and voice calls just like WhatsApp, but the app goes even a step ahead with its Viber Out feature, which allows you to make international calls to non-Viber users at very nominal rates.

5. Skype





This list can't be complete without mentioning Microsoft-powered Skype, which is perhaps is the best business chat applications of them all.

Skype is far ahead of the other business chat applications, and when it comes to personal chats also, it has earned its keep among normal users. It is the most ideal chatting application if you make a lot of video and voice calls.

Even as most other apps don’t actually support group video calls, several that try to often lag when more than three to four people are added. If you're someone who makes a ton of video calls with business associates and friends and family, then you can certainly find solace in Skype over WhatsApp or any other chat application.

5 Best WhatsApp Alternatives for Free Instant Messaging in 2021

Security Keys offers a phishing-resistant two-factor authentication (2FA) system that help to protect high-value enterprise users from the most sophisticated attacks.

But according to NinjaLab researchers, if an adversary is in possession of such two-factor authentication (2FA) device, it can be cloned by exploiting an electromagnetic side-channel within the chip. The vulnerability is tracked as CVE-2021-3011 and allows attackers to extract the encryption key or the ECDSA private key linked to victims' account from a FIDO Universal 2nd Factor (U2F) device like Google Titan Key, which completely defeats the 2FA protection.

The report published by the research team demonstrated how an adversary can sign in to a victim's account without using the U2F device, and the victim not noticing it.

How Attackers Could Clone Your 2FA Security Keys?



The researchers demonstrated how an attacker can clone the U2F key, by tearing down the device to remove the plastic casing and thus, exposing the two microcontrollers, which is a secure enclave (NXP A700X chip) used to perform the cryptographic operations and includes a general-purpose chip serving as a router between the USB/NFC interfaces and the microcontroller.



After this step, the researchers claim it is pretty possible to glean the ECDSA encryption key through a side-channel attack by observing the NXP chip during ECDSA signatures, which comprises the core cryptographic operation of the FIDO U2F protocol performed when a U2F key is registered for the first time.

Albeit, the security of hardware security key isn't reduced by the above attack scenario due to the limitations involved, but a potential exploitation in the wild isn't inconceivable.

List of 2FA Security Keys impacted by the flaw



The products affected includes all versions of Google Titan Security Keys, Feitian FIDO NFC USB-A / K9, Yubico Yubikey Neo, Feitian MultiPass FIDO / K13, Feitian FIDO NFC USB-C / K40 and Feitian ePass FIDO USB-C / K21.

Aside the above mentioned security keys, the attack scenario can also be carried out against NXP JavaCard chips, such as NXP J3D081_M59_DF, NXP J3D081_M59, NXP J3E145_M64, NXP J3A081, NXP J2E081_M64, NXP J3D145_M59, and NXP J3E081_M64_DF, and other such variants.

It is recommended that users who are security concious should probably switch to other FIDO U2F hardware security keys, for the meantime, until a solution or patch has been made available by the vendors.

2FA Security Keys could be Exploited via a Side-channel attack

ElectroRAT is a malware written in Golang, designed from the ground up to target multiple operating systems, including Linux, Windows, and macOS.

According to cybersecurity researchers at Intezer, the malware dubbed ElectroRAT is part of a wide-ranging scam targeting cryptocurrency users which started as early as January 2020 with trojanized applications distributed to install previously undetected RAT on target systems.

The malware campaign is believed to have claimed about 6,500 victims based on number of unique visitors to the Pastebin page used to locate the C&C (command and control) servers.

How ElectroRAT Malware targets Crytocurrency users?



The campaign dubbed "Operation ElectroRAT" involved attackers who created three different rogue applications, with each having a Linux, Windows, and Mac version; two of the apps pose as cryptocurrency trading and management applications and goes by the name of "Jamm" and "eTrade," while the third app is called "DaoPoker" which poses as a cryptocurrency poker platform.



And on installation, the app opens a harmless-looking UI, but in reality, the ElectroRAT is what runs hidden in the background as "mdworker," with intrusive capabilities that aim to capture keystrokes, screenshots, and upload files from disk, downloading of arbitrary files, and execution of malicious commands received from the C&C server on victim's machine.

The ElectroRAT attacker named "Execmac" who posted on Pastebin Pages as early as January 8, 2020 was discovered to have used same C2 servers commonly employed by Windows malware like Amadey and KPOT, suggesting the attackers may have pivoted from well-known trojans to new RAT capable of targeting multiple operating systems.

How to mitigate against the ElectroRAT Malware



It is rare to find such a wide-ranging and targeted campaign with various components such as fake apps and promotional efforts via popular forums and social media as ElectroRAT Malware.

Nonetheless, web users are urged to kill the malware spread process, by deleting all files related to the malware, and moving funds to new wallet with changed passwords.

ElectroRAT Malware used by Hackers to target Crypto Users

Septor Linux is a Debian GNU/Linux-based operating system that offers private computing environment for anonymous surfing of the Internet.

While the Septor Linux team has released a new edition dubbed Septor Linux 2021 with upgraded core applications and upstream version, including the update to latest Linux kernel and KDE Plasma desktop environment to new versions 5.9.15 and 5.20.4 respectively.

Septor Linux 2021 also brings other updated software for secure experience such as HexChat, qTox instant messaging, Tor Browser 10.0.7, Thunderbird, QuiteRSS, and OnionShare file sharing utility.

What's New in Septor Linux 2021 Release?



Besides the upgraded core applications, Septor Linux 2021 also include a bundle of new KDE Application 20.12 along with other updated software within productivity, graphics, and multimedia varieties of applications.



Other new changes in Septor Linux 2021 includes:

  • Graphics and Multimedia Apps: GIMP, Gwenview. VLC, K3b, Guvcview, and VokoscreenNG
  • Productivity Apps: LibreOffice, Kontact, KOrganizer, Okular, Kwrite, and Kate
  • Dolphin and KFind file management and search applications
  • Synaptic and DEBiTool for management and installation of software
  • Sweeper, KGpg, Cleopatra, Mat2, KWallet, zuluCrypt, ISO Image Writer, Gufw, Ark, and Cup-backup


Additionally, Septor Linux 2021 instead of the earlier stable Debian 10 “Buster” is based on a testing branch of the upcoming Debian 11 “Bullseye”.

How to Download or Upgrade to Septor Linux 2021



The ISO image of Septor Linux 2021 is now available for download, and you can follow the instructions on how to prepare the media for installation and plug it into your system to install it here.

Septor Linux 2021 Release: A Debian GNU/Linux-based OS for anonymous surfing