Plus: Three arrested in North Korean IT workers fraud ring, Tesla staffers shared videos from owners’ cars, and more.

Laser warfare, among all the long-unfulfilled imaginings of science fiction writers, is right up there with flying cars. Now it's finally becoming a reality. After decades of research, the US military is actively deploying laser defense systems in the Middle East to shoot down drones launched by adversaries like Yemen's Houthi rebels, one of several recent deployments of laser tech in actual combat situations.

In less _pew_\-_pew_\-oriented security news, the debate continues over the extension of Section 702 of the Foreign Intelligence Surveillance Act, signed by President Biden last month, as 20 civil liberties organizations sent a letter to the Justice Department demanding more clarity on when the NSA can demand US tech companies cooperate in its wiretaps. Elsewhere, WIRED obtained emails showing how New York City decided to deploy a gun-detection system called Evolv in subways despite false-positive rates as high as 85 percent.

At the Google I/O developer conference, meanwhile, the search giant debuted a new AI-based feature in Android that's designed to detect if a phone has been stolen and automatically lock it down. And we dug into the stakes for financial privacy and surveillance posed by the $2.3 billion Tornado Cash money laundering case, whose cofounder was found guilty and sentenced to more than five years in prison on Tuesday.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The system known as SS7—which connects cellular networks run by different providers—and its more recent upgrade called Diameter have long been considered a serious security and privacy problem. Researchers have warned that hackers who can gain access to a mobile provider's system or even create their own have the ability to reroute cellular data, allowing them to track individuals or eavesdrop on their communications. Now one US official is raising the alarm that this technique has been used numerous times against real victims in the US.

As first reported by 404 Media, CISA's senior adviser for telecommunications, Kevin Briggs, responded to questions from the Federal Communications Commission in a public filing, confirming that he has seen multiple cases of Americans tracked via SS7 or Diameter, including one person whose location was tracked with the technique in March 2022 and three more the next month. He also warned that there were signs that many more people had been targeted, but that spies had used techniques to mask their exploitation of the system.

The revelation sounds a clear warning that telecoms—and their regulators—need to do more to lock down a known, critical vulnerability that leaves any of hundreds of millions of Americans open to espionage. “Much more could be said,” Briggs cryptically concluded his statement, “but this ends my public comments.”

**US Feds Bust a North Korean Remote Tech Worker Scheme**

The post-pandemic era of the virtual workplace has led to a strange new problem: North Korean tech workers secretly infiltrating US companies as remote workers to earn money for the world's most authoritarian regime. This week the Justice Department announced three arrests, including one American woman in Arizona and a Ukrainian man in Poland, who allegedly helped to enable thousands of North Korean workers based in China and Russia to obtain jobs in Western companies, often with fraudulent job applications and stolen identities. A third man, a Vietnamese national, was arrested in Maryland for allegedly offering his own identity to the North Koreans as cover. In total, the North Korean workers got jobs at more than 300 companies—including a high-end retail chain and a major Silicon Valley tech firm—and cumulatively earned at least $6.8 million, the Justice Department said. Much of that money was funneled to the regime of Kim Jong-Un, including to its weapons programs.

**Tesla Staff Collected and Shared Sensitive Videos From Cars**

Given that Teslas are massive collections of cameras on wheels, they've always held the potential to serve as powerful surveillance devices. But Tesla drivers probably weren't expecting all that video surveillance to be turned on them. Reuters this week revealed that Tesla staff have collected and circulated videos recorded by cars' cameras, which have included everything from mundane shots turned into memes, to a violent video of a child on a bicycle being struck by the car, to a fully naked man approaching his vehicle. (They also included a video that showed a submarine used in a James Bond movie in Elon Musk's garage, filmed from cameras on the Tesla CEO's own car.) Tesla assures customers in its privacy fine print that videos collected by Tesla's staff remain anonymous and aren't linked to any particular vehicle. But seven former staffers told Reuters that the videos are linked with location data that could likely be used to identify vehicle owners.

**FBI Busts Cybercriminal Site BreachForums—Again**

BreachForums has long been one of cybercriminals' most well-known gathering places for selling hacking tools and stolen data. Now it's been taken down—for the second time in two years—in an FBI operation that also seized the Telegram channel for the forum and that of its alleged operator, who goes by the name Baphomet. That bust follows the arrest of the site's previous administrator, Conor Brian Fitzpatrick, last year, when the FBI seized a previous incarnation of the site. That earlier version of BreachForums itself replaced an older cybercriminal marketplace called RaidForums. Given that history, the latest BreachForums takedown is perhaps “the least surprising infosec news of the year,” writes security entrepreneur and HaveIBeenPwned creator Troy Hunt.

US Official Warns a Cell Network Flaw Is Being Exploited for Spying

By Uzair Amir
Discover time-saving document merging strategies for professionals. Learn how to streamline workflows, enhance collaboration, and protect document integrity for increased productivity and peace of mind.
This is a post from HackRead.com Read the original post: Efficient Document Merging Strategies for Professionals

Professionals often struggle with managing huge amounts of data spread across various files. A study from COVEO found that employees spend 3.6 hours a day — nearly half their workday — just looking for documents. This means 45% of the workday is spent just on finding documents, a time that could be used more effectively.

One of the solutions to this challenge is to merge PDF files. By combining files that go together, you simplify workflows and save time in your daily processes.

In this article, we’ll offer practical strategies and tips for efficient document merging, helping professionals focus on producing quality work for their clients. 

****Manual Merging Techniques****

Manual merging allows you to pick and choose the pages you want to join together to determine how your final PDF document will appear.

****Using built-in software features for document merging****

For Mac users, utilizing the built-in preview tool makes document merging a breeze. Windows users will need a third-party application or an online tool for this task.

To merge PDFs on Mac using Preview:

*   Open the PDFs you want to combine in the Preview app on your Mac.
*   In each open PDF, go to View > Thumbnails to see page thumbnails in the sidebar.
*   Simply drag and drop the thumbnails you wish to include into the thumbnail sidebar of another PDF.
*   Rearrange pages by dragging thumbnails as needed. You can choose which pages should be excluded from the final document.
*   To save your final file, navigate to File > Export as PDF.

****Step-by-step guide for manual merging in various applications****

Wondering how merging works with other systems? The process is surprisingly straightforward and doesn’t demand any technical know-how. Moreover, it tends to follow a similar pattern across various applications.

This is a typical step-by-step guide.

*   Select and install your preferred tool or access an online platform. Be sure to go for the best PDF editor online when choosing.
*   Choose the PDF files you want to combine from either your device or cloud services such as Google Drive or Dropbox.
*   Customize the settings like page sequence, compression levels, security features, etc. You can also remove unwanted pages from the list or rearrange them as necessary.
*   Initiate the merge operation by clicking on “Merge.” The duration may vary from seconds to minutes, depending on file sizes.
*   Once done, save your final PDF in a location of your choice for future reference.

****Best practices for ensuring accuracy and consistency in manual merging****

When manually merging PDF documents, it’s important to follow best practices to ensure accuracy and consistency in the merged document. 

Here are some tips:

*   Review each document thoroughly before combining them to ensure content accuracy and proper order. While there are tools that allow you to do text editing online, it’s always best to be sure from the beginning.
*   Maintain consistent formatting and layout throughout the merged document.
*   Double-check for any errors or inconsistencies after process completion.
*   Always keep a backup of the original PDFs to prevent data loss.

****Automated Merging Solutions****

Technology has transformed document management with the creation of automated merging solutions. These tools make it easy to edit PDF file types and combine multiple documents or data sources into one, saving significant time and effort. Traditionally manual tasks, like compiling reports from various departments or joining different types of correspondence, are now more efficient.

Automated merging tools use algorithms and artificial intelligence (AI) to find, match, and combine content. This ensures the final document is coherent and consistently formatted. They’re compatible with many file types, including Word documents, PDFs, and spreadsheets (for when you want to make a fillable PDF), making them a versatile addition to any professional’s toolkit.

****Comparison of popular software solutions for automated merging****

Let’s compare some of the popular tools that professionals can use to merge PDF files.

**Tool**

**Adobe Acrobat**

**PDFsam (PDF Split and Merge)**

**Smallpdf**

**Lumin**

Features

Comprehensive PDF solution with advanced tools to edit PDF text, convert, review, merge, etc.

Open-source with basic and advanced merging capabilities

Web-based solution with various PDF tools

Web-based PDF solution with editing capabilities and Google Drive integration

Ease of Use

Feature-rich but with a steeper learning curve

Relatively straightforward for basic tasks. Advanced features may require familiarity

Simple drag-and-drop interface for quick merging

User-friendly interface, integrates with Google

Platforms

Windows, macOS

Windows, macOS, Linux

Windows, Mac, iOS, or Android device

Web-based, integrates with Google Drive

Pricing

Subscription-based plans

Free (PDFsam Basic), paid (PDFsam Enhanced)

Free and paid subscription plans with additional features

Free and paid subscription plans with additional features

****Benefits and limitations of automation in document merging******Benefits:**

*   **Efficiency:** Automation boosts efficiency, saving time for strategic tasks.
*   **Accuracy:** Automated tools enhance accuracy, reducing errors in merged documents.
*   **Scalability:** These solutions are scalable and can handle large document volumes.
*   **Flexibility:** Supports a wide range of document formats and merging scenarios, accommodating diverse professional needs.

****Limitations****

*   **Setup complexity:** Advanced tools may have a steep learning curve.
*   **Cost:** Premium tools’ fees may be high for small businesses.
*   **Privacy and security:** Online tools risk data confidentiality.
*   **Software dependence:** Reliance may cause compatibility or obsolescence issues.

****Advanced Merging Strategies********Customizing merging processes for specific needs****

Customization is key in document management because documents vary widely in format, purpose, and complexity. Tailoring tools to specific needs ensures accuracy. For example, you can program software to handle different sections of documents, like headers or footers. You can also merge documents based on criteria like date, author, or relevance.

This approach helps preserve important details such as the document’s author, creation date, and history. Using advanced tools for scripting and automation simplifies the process. It saves time and reduces the chance of errors.

****Implementing batch merging and bulk processing techniques****

Batch merging and bulk processing help manage large document volumes effectively. This method merges many documents at once, using specific criteria to speed up work on big projects or regular tasks. Understanding the software well is necessary, and sometimes specialized software is needed for handling lots of documents.

Organizations like law firms, banks, and research groups find these techniques very useful. They automate joining large document batches, cutting down manual work significantly. This saves time and improves workflow, letting teams focus on other important tasks.

****Integrating merging tools into existing workflows for maximum efficiency****

Integrating merging tools directly into existing workflows transforms document management, automating the process for increased efficiency. By syncing with project management, CRM, and ERP systems, documents automatically update with key events, like project completions or new clients. 

This integration also enables users to edit PDF form types seamlessly, boosting collaboration. While setup demands planning and development, the result is a significant boost in productivity and streamlined operations.

****Collaboration and Sharing Considerations****

**Compatibility and consistency**: For effective collaboration, it’s essential to ensure document compatibility and maintain consistency by standardizing formats and tools. This prevents formatting issues and data loss, making cross-platform tools key for merging documents smoothly across diverse sources.

**Sharing and distribution of merged documents:** Securing merged documents, especially those with sensitive information, requires encrypted transfers and strict access controls to ensure only authorized access. Use platforms with robust security protocols and customizable permissions for safe distribution.

**Version control and tracking changes:** Effective version control and change tracking ensure document integrity and transparency among collaborators. Using systems that log version history and changes help everyone stay aligned and informed, especially when there is a need to edit scanned PDF documents, enhancing collaboration and keeping the document current.

**Conclusion**

As we close, remember document merging does more than organize files. It saves time for crucial work, boosts team collaboration, and protects your documents’ integrity. The strategies shared equip you to confidently manage large volumes of documents, turning chaos into order. 

Another important key is to choose a reliable tool that can help with your document management processes. The good news is that there are lots of them to choose from – PC, Mac, Mobile, and Cloud-based. Even if you want to create a fillable PDF free from your files, rest assured that there is a suitable tool for your needs.

By adopting these practices, you can increase productivity and achieve peace of mind, knowing that your document management tasks are efficiently handled.

1.  Best Paid and Free OSINT Tools for 2024
2.  Top 3 Cybersecurity Tools to Protect Business Data
3.  PDF Security – How To Keep Data Secure in a PDF File
4.  The new Wondershare PDFelement with added features
5.  The Essential Tools and Plugins for WordPress Development

Efficient Document Merging Strategies for Professionals

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.

Thursday, May 16, 2024 14:00

While I one day wish to make it to the RSA Conference in person, I’ve never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. 

Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least gives me the advantage of not having my day totally slip away from me on the conference floor, so at least I felt like I didn’t miss much in the way of talks, announcements and buzz. So, I wanted to use this space to recap what I felt like the top stories and trends were coming out of RSA last week.  

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. 

**AI is the talk of the town** 

This is unsurprising given how every other tech-focused conference and talk has gone since the start of the year, but everyone had something to say about AI at RSA.  

AI and its associated tools were part of all sorts of product announcements (either to be used as a marketing buzzword or something that is truly adding to the security landscape).  

Cisco’s own Jeetu Patel gave a keynote on how Cisco Secure is using AI in its newly announced Hypershield product. In the talk, he argued that AI needs to be used natively on networking infrastructure and not as a “bolt-on” to compete with attackers.  

U.S. Secretary of State Anthony Blinken was the headliner of the week, delivering a talk outlining the U.S.’ global cybersecurity policies. He spent a decent chunk of his half hour in the spotlight also talking about AI, in which he warned that the U.S. needed to maintain its edge when it comes to AI and quantum computing — and that losing that race to a geopolitical rival (like China) would have devastating consequences to our national security and economy.  

Individual talks ran the gamut from “AI is the best thing ever for security!” to “Oh boy AI is going to ruin everything.” The reality of how this trend shakes out, like most things, is likely going to be somewhere in between those two schools of thought.  

An IBM study released at RSA highlighted how headstrong many executives can be when embracing AI. They found that security is generally an afterthought when creating generative AI models and tools, with only 24 percent of responding C-suite executives saying they have a security component built into their most recent GenAI project.  

**Vendors vow to build security into product designs** 

Sixty-eight new tech companies signed onto a pledge from the U.S. Cybersecurity and Infrastructure Security Agency, vowing to build security into their products from earliest stages of the design process.  

The list of signees now includes Cisco, Microsoft, Google, Amazon Web Services and IBM, among other large tech companies. The pledge states that the signees will work over the next 12 months to build new security safeguards for their products, including increasing the use of multi-factor authentication (MFA) and reducing the presence of default passwords.  

However, there’s looming speculation about how enforceable the Secure By Design pledge is and what the potential downside here is for any company that doesn’t live up to these promises.  

**New technologies countering deepfakes** 

Deepfake images and videos are rapidly spreading online and pose a grave threat to the already fading faith many of us had in the internet. 

It can be difficult to detect when users are looking at a digitally manipulated image or video unless they’re educated on common red flags to look for, or if they’re particularly knowledgeable on the subject in question. They’re getting so good now that even targets’ parents are falling for fake videos of their loved ones.  

Some potential solutions discussed at RSA include digital “watermarks” in things like virtual meetings and video recordings with immutable metadata.  

A deep fake-detecting startup was also named RSA’s “Most Innovative Startup 2024” for its multi-modal software that can detect and alert users of AI-generated and manipulated content. McAfee also has its own Deepfake Detector that it says, “utilizes advanced AI detection models to identify AI-generated audio within videos, helping people understand their digital world and assess the authenticity of content.” 

Whether these technologies can keep up with the pace that attackers are developing this technology and deploying it on such a wide scale, remains to be seen.  

**The one big thing **

Microsoft disclosed a zero-day vulnerability that could lead to an adversary gaining SYSTEM-level privileges as part of its monthly security update. After a hefty Microsoft Patch Tuesday in April, this month’s security update from the company only included one critical vulnerability across its massive suite of products and services. In all, May’s slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which are of “important” severity. There is only one moderate-severity vulnerability. 

**Why do I care? **

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. An authenticated attacker who obtains Site Owner permissions or higher could exploit this vulnerability by uploading a specially crafted file to the targeted SharePoint Server. Then, they must craft specialized API requests to trigger the deserialization of that file’s parameters, potentially leading to remote code execution in the context of the SharePoint Server. The aforementioned zero-day vulnerability, CVE-2024-30051, could allow an attacker to gain SYSTEM-level privileges, which could have devastating impacts if they were to carry out other attacks or exploit additional vulnerabilities. 

**So now what? **

A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page. In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. The rules included in this release that protect against the exploitation of many of these vulnerabilities are 63419, 63420, 63422 - 63432, 63444 and 63445. There are also Snort 3 rules 300906 - 300912. 

**Top security headlines of the week **

**A massive network intrusion is disrupting dozens of hospitals across the U.S., even forcing some of them to reroute ambulances late last week.** Ascension Healthcare Network said it first detected the activity on May 8 and then had to revert to manual systems. The disruption caused some appointments to have to be canceled or rescheduled and kept patients from visiting MyChart, an online portal for medical records. Doctors also had to start taking pen-and-paper records for patients. Ascension operates more than 140 hospitals in 19 states across the U.S. and works with more than 8,500 medical providers. The company has yet to say if the disruption was the result of a ransomware attack or some sort of other targeted cyber attack, though there was no timeline for restoring services as of earlier this week. Earlier this year, a ransomware attack on Change Healthcare disrupted health care systems nationwide, pausing many payments providers were expected to receive. UnitedHealth Group Inc., the parent company of Change, told a Congressional panel recently that it paid a requested ransom of $22 million in Bitcoin to the attackers. (CPO Magazine, The Associated Press) 

**Google and Apple are rolling out new alerts to their mobile operating systems that warn users of potentially unwanted devices tracking their locations.** The new features specifically target Bluetooth Low Energy (LE)-enabled accessories that are small enough to often be unknowingly tracking their specific location, such as an Apple AirTag. Android and iOS users will now receive the alert when such a device, when it's been separated from the owner’s smartphone, is moving with them still. This alert is meant to prevent adversaries or anyone with malicious intentions from unknowingly tracking targets’ locations. The two companies proposed these new rules for tracking devices a year ago, and other manufacturers of these devices have agreed to add this alert feature to their products going forward. “This cross-platform collaboration — also an industry first, involving community and industry input — offers instructions and best practices for manufacturers, should they choose to build unwanted tracking alert capabilities into their products,” Apple said in its announcement of the rollout. (Security Week, Apple) 

**The popular Christie’s online art marketplace was still down as of Wednesday afternoon after a suspected cyber attack.** The site, known for having many high-profile and wealthy clients, was planning on selling artwork worth at least $578 million this week. Christie’s said it first detected the technology security incident on Thursday but has yet to comment on if it was any sort of targeted cyber attack or data breach. There was also no information on whether client or user data was potentially at risk. Current items for sale included a Vincent van Gogh painting and a collection of rare watches, some owned by Formula 1 star Michael Schumacher. Potential buyers could instead place bids in person or over the phone. (Wall Street Journal, BBC) 

**Can’t get enough Talos? **

*   Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities 
*   Click Here Ep. #130: A wrinkle in time: GPS jamming in Ukraine and its ripple effects 
*   Talos Takes Ep. #184: Why CoralRaider is looking to steal your login credentials 
*   Generative AI’s disinformation threat is ‘overblown,’ top cyber expert says 

**Upcoming events where you can find Talos **

**ISC2 SECURE Europe** **(May 29)** 

_Amsterdam, Netherlands_ 

> _Gergana Karadzhova-Dangela from Cisco Talos Incident Response will participate in a panel on “Using ECSF to Reduce the Cybersecurity Workforce and Skills Gap in the EU.” Karadzhova-Dangela participated in the creation of the EU cybersecurity framework, and will discuss how Cisco has used it for several of its internal initiatives as a way to recruit and hire new talent._  

**Cisco Live** **(June 2 - 6)** 

_Las Vegas, Nevada_  

**_AREA41_** **_(June 6 – 7)_** 

_Zurich, Switzerland_ 

> _Gergana Karadzhova-Dangela from Cisco Talos Incident Response will highlight the primordial importance of actionable incident response documentation for the overall response readiness of an organization. During this talk, she will share commonly observed mistakes when writing IR documentation and ways to avoid them. She will draw on her experiences as a responder who works with customers during proactive activities and actual cybersecurity breaches._ 

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** 9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202   
**MD5:** e4acf0e303e9f1371f029e013f902262   
**Typical Filename:** FileZilla\_3.67.0\_win64\_sponsored2-setup.exe   
**Claimed Product:** FileZilla   
**Detection Name:** W32.Application.27hg.1201 

**SHA 256:** a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0   
**MD5:** b4440eea7367c3fb04a89225df4022a6   
**Typical Filename:** Pdfixers.exe   
**Claimed Product:** Pdfixers   
**Detection Name:** W32.Superfluss:PUPgenPUP.27gq.1201 

**SHA 256:** 1fa0222e5ae2b891fa9c2dad1f63a9b26901d825dc6d6b9dcc6258a985f4f9ab   
**MD5:** 4c648967aeac81b18b53a3cb357120f4   
**Typical Filename:** yypnexwqivdpvdeakbmmd.exe   
**Claimed Product:** N/A    
**Detection Name:** Win.Dropper.Scar::1201 

**SHA 256:** d529b406724e4db3defbaf15fcd216e66b9c999831e0b1f0c82899f7f8ef6ee1   
**MD5:** fb9e0617489f517dc47452e204572b4e   
**Typical Filename:** KMSAuto++.exe   
**Claimed Product:** KMSAuto++   
**Detection Name:** W32.File.MalParent 

**SHA 256:** abaa1b89dca9655410f61d64de25990972db95d28738fc93bb7a8a69b347a6a6   
**MD5:** 22ae85259273bc4ea419584293eda886   
**Typical Filename:** KMSAuto++ x64.exe   
**Claimed Product:** KMSAuto++   
**Detection Name:** W32.File.MalParent

Rounding up some of the major headlines from RSA

iOS users are reporting that photos they had deleted long ago suddenly showed up again after this week's 17.5 update.

iPhone owners are reporting that photos they’d deleted are now back on their phones, after updating to iOS 17.5.

With so many users reporting similar oddities, it would seem something went wrong, or at least different than to be expected. Here are some examples from Reddit:

> “When in conversation with my partner, I went to send a picture and saw that the latest pictures were nsfw material we’d made years ago”

> “I have four pics from 2010 that keep reappearing as the latest pics uploaded to iCloud. I have deleted them repeatedly.”

> “Same thing happened to me. Six photos from different times, all I have deleted. Some I had deleted in 2023.”

When you delete a photo from an iPhone or iPad, it goes into a “Recently deleted” album for up to 30 days to make it easy to recover if the photo is accidentally deleted. However, the above examples vastly exceed this timeframe, and it’s unclear exactly what’s happened here.

When you delete a file, actually all that happens is you remove the pointer that tells you where exactly the file is located. This makes it hard to find, but not impossible. Until the system uses the location of the deleted file and replaces it with other data, the file can be retrieved.

Apple’s last update for iOS 17.5 and iPadOS 17.5 came out on Monday with a warning to update your iPhone as soon as possible. That’s because iOS 17.5 fixes 15 security vulnerabilities, some of which are serious. Please don’t let this article stop you from installing the update, but it’s good to be prepared for some unexpected behavior.

At the time of writing, Apple hasn’t commented on the issue.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Deleted iPhone photos show up again after iOS update 

Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft.
These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding they are expected to be available via an update to Google Play services for devices running

Google Launches AI-Powered Theft and Data Protection Features for Android Devices

Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data.
This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their applications against malware.
"Developers can check if there are other apps running that could be capturing the screen, creating

Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps

Google is introducing new AI-powered safety tools in Android 15 that can lock down your phone if thieves nab it.

Billions of Android phones are getting new tools to stop phone thieves from accessing your information and to slow down their criminal behavior, Google announced today at its I/O developer conference. Android phones will soon use artificial intelligence to automatically detect when they have been snatched from your hand and lock themselves, as part of the new changes that include adding extra protections to secure your phone if it has been stolen.

The upgrades—some of which will come with the Android 15 operating system, while others will be compatible with older phones—come as phone companies are increasingly building extra measures into their software to thwart rampant levels of phone thefts and further protect people’s data. As well as the stolen phone tools, Google is introducing new changes to Android 15 that will scan how apps are using “sensitive permissions” in real time to detect potentially suspicious app activities.

Around the world, phone thefts are a huge problem—in London, for example, a phone is stolen every six minutes. Thieves riding electric bikes or scooters can snatch phones out of people’s hands, pickpockets can easily nab devices from bags, and others are known to peer over shoulders to learn a phone’s PIN before they steal the device.

Stolen phones can be resold if they are unlocked or passed on to others who can break them down for parts and sell those components. However, some criminals will also try to access banking or crypto apps and transfer money. “The thieves profit from the physical device themselves, but they also increasingly are trying to get into the content of the device, where the most valuable data is stored,” Jianing Sandra Guo, an Android security and privacy product manager at Google, tells WIRED. Some thieves, if they have a locked phone, spam people with phishing emails and messages to friends to try and get login details.

Google’s anti-theft tools have been designed to add more protection before a phone is stolen, during the theft, and after a phone has been taken, Guo explains. In keeping with Google’s and the wider tech industry’s push, some of these have been built using artificial intelligence as a key component.

Courtesy of Google

Android’s new Theft Detection Lock uses Google’s AI to determine when your phone has been snatched from your hand. If it detects this, the phone’s screen will automatically be locked. Using smartphone sensors, such as the accelerometer and gyroscope, Google trained its algorithms to detect sudden changes in the phone’s positioning and the motions that might indicate it has been snatched.

“There’s a grabbing of the phone, changing hands, and then an attacker running, biking, or even driving away with a device,” Guo says. To train the algorithm, Google’s research staff studied how phones are commonly stolen, then its teams re-created snatching events against each other to collect data about what a simulated theft looks like.

Thieves stealing phones, Guo says, will often open the camera app when they don’t know the phone’s PIN, to stop them from losing access to the device. They also often try to disconnect it from cell networks for a long period of time so they can’t be locked out of the device remotely. The company’s new Offline Device Lock will lock your screen when the phone is offline for an extended period of time, if the setting is turned on.

To increase protections before a phone is stolen, Google says in a blog post, the company is adding four data protection features that can help keep your information locked down. The first stops your phone from being set up after a factory reset, unless the person knows your login details. “This renders a stolen device unsellable, reducing incentives for phone theft,” Google vice president Suzanne Frey writes.

There’s also a new “private spaces” option where you can store sensitive apps, such as banking apps, that require a second PIN or use of your biometrics, such as a fingerprint, to access. There are also extra authentication controls being put in place: If a thief tries to disable Google's Find My Device location-tracking service they will need to also use your PIN, password, or biometric information to unlock it. If a thief does know your PIN, it will also be possible to turn on the need for biometric authentication to make changes to important Google account and device settings, such as a PIN change or turning off anti-theft settings.

The extra authentication features are similar to those introduced by Apple in its Stolen Device Protection system that debuted in iOS 17.3 earlier this year, although Google’s theft motion detection goes further than these tools. The aim of all anti-theft options is to lock down the information stored on phones but also to make it harder for criminals to abuse devices when they have them. Making it more difficult for criminals to resell phones or transfer money may help to deter thefts.

If your phone does get stolen, Android already allows phones to be locked and wiped. However, Guo says, the experience of having a phone swiped from your hands is a “traumatic” experience, and in the aftermath, people may not remember all their Google account login details to close off access to the phone. To address this, Google’s new Remote Lock feature will allow people to lock their phone using just a phone number. “The content of the device is protected, and it buys the user a lot of time … to be able to organize themselves and do further remediation,” Guo says.

Google’s new protections around factory resets will launch with Android 15, while some of the other features will be available later this year. Guo says that, where possible, Google has tried to make the features work on versions of the software as old as Android 10.

Aside from the anti-phone-theft tools, Android is coming with other security and privacy updates. Google’s app safety system, Google Play Protect, scans billions of apps every day to detect malware, but now this is being expanded to do live scanning on people’s phones to better detect suspicious behavior. “With live threat detection, Google Play Protect’s on-device AI will analyze additional behavioral signals related to the use of sensitive permissions and interactions with other apps and services,” Dave Kleidermacher, a Google vice president, writes in a blog post.

Other security-related updates to Android 15 include hiding notifications and one-time passwords from appearing if you are sharing your phone’s screen with others, hiding login details if you are logging in to an app or website while sharing your screen, and identifying when cell connections are unencrypted and alerting people if there is a “potential false cellular base station” or IMSI catcher nearby that is logging a user’s phone.

_Updated 2:45 pm ET, May 15, 2024, to clarify that several new features will be included in updates that are separate from Android 15 itself, according to Google._

Android Update: Theft Detection Lock Knows When Your Phone Is Stolen

Google and Apple are pushing forward on industry guidelines to stop the sue of Bluetooth devices for unwanted tracking

Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking.

The specification, called Detecting Unwanted Location Trackers, will make it possible to alert users across both iOS and Android if a device is unknowingly being used to track them.

The alert would be pushed to the users device and would say “\[Item\] Found Moving With You.”

In many cases “\[Item\]” might well actually be an AirTag.

AirTags’ intended use is to let you easily track things like your keys, wallet, purse, backpack, luggage, and more. You can simply set it up with your iPhone, iPad, or iPod touch, attach it somewhere, and the AirTag will show up in your Find My app. However, AirTags have long been associated with this unwanted tracking, which is something Apple apparently did not foresee and has been working on to make this type of abuse harder.

Apple’s first step to discourage unwanted tracking was the “Tracking Notifications” option in the Find My app. This feature is available on iOS or iPadOS 14.5 or later.

Android introduced a similar “unknown tracker alert” to find trackers placed near you or in your belongings without your knowledge or consent.

With the new capability that both tech giants have pushed, users will now get the alert, regardless of the platform the device is paired with. If a user gets such an alert on their device, it means that someone else’s Bluetooth tracker is moving with them.

Android and iPhone users can view the tracker’s identifier, have the tracker play a sound to help locate it, and access instructions to disable it. Bluetooth tag manufacturers including Chipolo, eufy, Jio, Motorola, and Pebblebee have all said that future tags will be compatible.

Apple and Google will continue to work with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard for this technology.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple and Google join forces to stop unwanted tracking 

By Deeba Ahmed
Android Security Alert- Hackers are disguising malware as popular apps like Instagram and Snapchat to steal your login details. Learn how to identify fake apps and protect yourself from this sneaky cyberattack.
This is a post from HackRead.com Read the original post: Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data

Imagine opening your favorite social media app, only to unknowingly hand over your login details to a sneaky hacker. That’s what is happening with Android users targeted by a malicious new malware campaign.

The SonicWall Capture Labs threat research team reports that threat actors are using malicious Android apps to impersonate popular online services like Google, Instagram, Snapchat, WhatsApp, and X. These apps aim to steal sensitive data from vulnerable Android phones, including contacts, text messages, call logs, and passwords.

These apps look legitimate due to using familiar logos and names to trick unsuspecting users and hide in plain sight. When opened, the app requests access to two permissions: Android Accessibility Service and Device Admin Permission. If the victim grants these permissions, the app can gain full control of the device.

“By requesting these permissions, the malicious app aims to gain control over the victim’s device, potentially allowing it to carry out harmful actions or steal sensitive information without the user’s awareness or consent,” SonicWall’s blog post read.

The malicious app then establishes a connection with a hacker-controlled C2 server, receiving additional instructions. It can read messages, call logs, access notification data, send messages, install malware, and open malicious websites for phishing purposes. 

Moreover, the app redirects victims to fake login pages of popular services like Facebook, GitHub, Instagram, Netflix, PayPal, LinkedIn, Microsoft, X, WordPress, and Yahoo, etc., prompting them to enter their username and password.

This information is shared with hackers, who can steal accounts, commit fraud, or even identity theft if sensitive personal information, including driver’s license or Social Security number, is stored on services like OneDrive.

Researchers are, however, unsure about how these apps end up on the best Android phones, but they suspect they are distributed through phishing sites, emails, text messages, or bundled with pirated software.

Fake Instagram app (left) – Fake Instagram and PayPal login page (Screengrabs: SonicWall Capture Labs)

This development follows security firms Symantec and Cyfirma’s recent warning of a social engineering campaign using WhatsApp to spread a new Android malware, posing as a defence-related application. 

To avoid falling victim to deceptive malware, stay vigilant and download apps from the official Google Play Store, ensuring they are legitimate and not from third-party stores or suspicious websites. Be wary of apps requesting excessive permissions, especially those unrelated to the app’s core function.

1.  New iOS Trojan “GoldPickaxe” Steals Facial Recognition Data
2.  Fake Skype, Zoom Apps Infecting Devices with Multiple RATs
3.  Fake Chrome Updates Spread Android Brokewell Banking Malware
4.  SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds
5.  Android Banking Malware FjordPhantom Steals Funds Via Virtualization

Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data

Ubuntu Security Notice 6767-2 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6767-2May 14, 2024linux-bluefield vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-bluefield: Linux kernel for NVIDIA BlueField platformsDetails:Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - PowerPC architecture;   - S390 architecture;   - Block layer subsystem;   - Android drivers;   - Hardware random number generator core;   - GPU drivers;   - Hardware monitoring drivers;   - I2C subsystem;   - IIO Magnetometer sensors drivers;   - InfiniBand drivers;   - Network drivers;   - PCI driver for MicroSemi Switchtec;   - PHY drivers;   - Ceph distributed file system;   - Ext4 file system;   - JFS file system;   - NILFS2 file system;   - Pstore file system;   - Core kernel;   - Memory management;   - CAN network layer;   - Networking core;   - IPv4 networking;   - Logical Link layer;   - Netfilter;   - NFC subsystem;   - SMC sockets;   - Sun RPC protocol;   - TIPC protocol;   - Realtek audio codecs;(CVE-2024-26696, CVE-2023-52583, CVE-2024-26720, CVE-2023-52615,CVE-2023-52599, CVE-2023-52587, CVE-2024-26635, CVE-2024-26704,CVE-2024-26625, CVE-2024-26825, CVE-2023-52622, CVE-2023-52435,CVE-2023-52617, CVE-2023-52598, CVE-2024-26645, CVE-2023-52619,CVE-2024-26593, CVE-2024-26685, CVE-2023-52602, CVE-2023-52486,CVE-2024-26697, CVE-2024-26675, CVE-2024-26600, CVE-2023-52604,CVE-2024-26664, CVE-2024-26606, CVE-2023-52594, CVE-2024-26671,CVE-2024-26598, CVE-2024-26673, CVE-2024-26920, CVE-2024-26722,CVE-2023-52601, CVE-2024-26602, CVE-2023-52637, CVE-2023-52623,CVE-2024-26702, CVE-2023-52597, CVE-2024-26684, CVE-2023-52606,CVE-2024-26679, CVE-2024-26663, CVE-2024-26910, CVE-2024-26615,CVE-2023-52595, CVE-2023-52607, CVE-2024-26636)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.4.0-1084-bluefield  5.4.0-1084.91   linux-image-bluefield           5.4.0.1084.80After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6767-2   https://ubuntu.com/security/notices/USN-6767-1   CVE-2023-52435, CVE-2023-52486, CVE-2023-52583, CVE-2023-52587,   CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598,   CVE-2023-52599, CVE-2023-52601, CVE-2023-52602, CVE-2023-52604,   CVE-2023-52606, CVE-2023-52607, CVE-2023-52615, CVE-2023-52617,   CVE-2023-52619, CVE-2023-52622, CVE-2023-52623, CVE-2023-52637,   CVE-2024-23849, CVE-2024-26593, CVE-2024-26598, CVE-2024-26600,   CVE-2024-26602, CVE-2024-26606, CVE-2024-26615, CVE-2024-26625,   CVE-2024-26635, CVE-2024-26636, CVE-2024-26645, CVE-2024-26663,   CVE-2024-26664, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675,   CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26696,   CVE-2024-26697, CVE-2024-26702, CVE-2024-26704, CVE-2024-26720,   CVE-2024-26722, CVE-2024-26825, CVE-2024-26910, CVE-2024-26920Package Information:   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1084.91

Tag

#android