By Owais Sultan
AI data marketplace Ta-da has announced the completion of a $3.5M funding round. A number of leading blockchain…
This is a post from HackRead.com Read the original post: Ta-da Raises $3.5M to Build Out Its AI Data Marketplace

AI data marketplace Ta-da has announced the completion of a $3.5M funding round. A number of leading blockchain VCs funded the project, which was incubated by Dubai-based Morningstar Ventures since 2021. The funds raised will be used to develop Ta-da’s infrastructure and to expand its operations.

After its seed round led by Morningstar Ventures which also participated in its follow-up, the project received fresh capital injection led by layer 1 blockchain protocol MultiversX and investors such as GBV Capital, XVentures, NxGen and Spark Digital Capital. 

In addition to helping expand its AI data marketplace, funds will be allocated towards enhancing Ta-da’s marketing and communication and growing its team. It will also support the commission of security audits to verify the integrity of its protocol independently.

Ta-da was founded to solve the problem of high-quality AI data being difficult and expensive to obtain. This has prevented AI companies from realizing their full potential. By providing a competitive marketplace where businesses can acquire reliable datasets, Ta-da enables AI innovation to flourish.

In addition to meeting the needs of AI companies, Ta-da supports individuals who can earn tokens by recording and checking voice data. Using a gamified web3 app, Ta-da allows “checkers” to perform microtasks and to be rewarded for the data they validate.

To support the launch of its native app, and support a thriving marketplace for AI data, Ta-da will hold an IDO on xLaunchpad, the official token launchpad of MultiversX. 

Ta-da is the brainchild of Vivoka, a successful startup that develops speech recognition solutions. CEO William Simonin is a serial entrepreneur while his brother Hasheur, founder of Meria.com and one of the leading web3 influencers in France. Other members of its advisory board include Luc Julia (creator of Apple’s Siri) and Morningstar Ventures’ CEO Danilo Carlucci.

The market for AI data is predicted to experience a 25% CAGR over the next decade, transforming it into a $109B economy by 2023. By gamifying data collection and distribution, Ta-da aims to capture a slice of this rapidly growing sector while unlocking new incentives for web3 users.

****About Ta-da****

Ta-da crowdsources data verification, allowing individuals to check datasets and participate in a thriving AI economy. While gamifying AI data and expanding use cases for web3 technology, Ta-da allows businesses to access affordable datasets. This ensures AI companies can leverage verified data to build transformative applications that will change the world.

Ta-da Raises $3.5M to Build Out Its AI Data Marketplace

Gentoo Linux Security Advisory 202401-11 - Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.17 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Apache Batik: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #724534, #872689, #918088  
       ID: 202401-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Apache Batik, the worst of  
which could result in arbitrary code execution.

Background  
==========

Apache Batik is a Java-based toolkit for applications or applets that  
want to use images in the Scalable Vector Graphics (SVG) format for  
various purposes, such as display, generation or manipulation.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-java/batik  < 1.17        >= 1.17

Description  
===========

Multiple vulnerabilities have been discovered in Apache Batik. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Apache Batik users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"

References  
==========

[ 1 ] CVE-2018-8013  
      https://nvd.nist.gov/vuln/detail/CVE-2018-8013  
[ 2 ] CVE-2019-17566  
      https://nvd.nist.gov/vuln/detail/CVE-2019-17566  
[ 3 ] CVE-2020-11987  
      https://nvd.nist.gov/vuln/detail/CVE-2020-11987  
[ 4 ] CVE-2022-38398  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38398  
[ 5 ] CVE-2022-38648  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38648  
[ 6 ] CVE-2022-40146  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40146  
[ 7 ] CVE-2022-41704  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41704  
[ 8 ] CVE-2022-42890  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42890  
[ 9 ] CVE-2022-44729  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44729  
[ 10 ] CVE-2022-44730  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44730

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-11

Apple may be found negligent in an Airtags stalking lawsuit, but it has made improvements that may help potential victims

Each year, an estimated 13.5 million people in the US are victim to stalking. This is a worrying fact stated in the introduction of a lawsuit against Apple brought by stalking victims who charge that AirTags empowered their abusers.

AirTags are marketed as trackers that allow you to easily find lost belongings like keys and luggage. If you lose an object, you can find the AirTag in the Find My app on another Apple device. The tracker transmits its location via Ultra Wideband technology which is more accurate than Bluetooth when it comes to determining exact location. Since the tracker shares its location with the Apple devices of others, you can also find your AirTag over large distances.

AirTags are relatively cheap ($29), small (1.29”/3.19 cm) and can run for about a year before they need the battery replaced. This makes them an ideal tool for stalkers—they just need to attach one to something that they expect you to keep with you.

An important part of a negligence claim is whether the manufacture could have foreseen the issue—in this case, the stalking issue. This shouldn’t be a problem since lots of people were screaming from the rooftops that Apple was basically putting out a product for stalkers.

From the suit:

> “Prior to and upon the AirTag’s release, advocates and technologists urged the company to rethink the product and to consider its inevitable use in stalking. In response, Apple heedlessly forged ahead, dismissing concerns and pointing to mitigation featured that it claimed rendered the devices ‘stalker proof.'”

One plaintiffs’ lawyer argued that Apple did not make it possible, at the time the victim was stalked, for people being followed to locate an unwanted AirTag.

When the judge asked what Apple could have done better, the lawyer acknowledged that Apple has since made many fixes, but victims should have been alerted they were being subjected to unwanted tracking more quickly.

**How do the improvements Apple made help victims?**

Since AirTags were introduced, Apple has made some changes that can help potential stalking victims.

The most important one is that someone is now able to find out if an AirTag that they don’t own is moving with them over time.

On iPhones and iPads this is enabled by default, but it doesn’t hurt to check, especially if somoene may have had access to your device.

To make sure these options are enabled:

*   Go **to Settings** **\> Privacy & Security** > **Location Services**: Location Services should be on
*   Under **Location Services** > **System Services** > **Find My iPhone/iPad**: Significant Locations should be on.
*   Under **Settings** you also need to make sure you’re not in **Airplane Mode** and **Bluetooth** is on.
*   Open the **Find My** app, open the **Me** tab, and make sure **Tracking Notifications** are turned on.

If an unknown AirTag is following you, you’ll see an alert like this:

In the Find My app, you’ll be able to see how long the AirTag has been with you and you can use the Play Sound option to have the tracker emit a noise, which can help you find it.

For Android owners, Google has created a similar anti-stalking feature. Please note that the path to find the appropriate settings may vary with vendors and Android versions, but this should give you a good idea:

*   Select **Settings** \> **Safety and emergency** \> **Unknown tracker alerts**. Here you can allow alerts and do a manual scan for nearby trackers.

An unknown tracker alert is sent when someone else’s tracker device is separated from them and detected to be traveling with you and out of Bluetooth range from the owner. You can trigger any found AirTag to make a sound and you’ll be able to see how long it’s been with you on a map.

There are plans to broaden the scope of the tracker alerts besides AirTags. Companies including Samsung, Tile, Chipolo, Eufy, and Pebblebee have expressed interest in supporting this technology.

We’ll keep an eye on the lawsuit and let you know how it progresses.

 AirTags stalking lawsuit alleges Apple&#8217;s negligence in protecting victims 

Researchers have found flaws in the way SMTP servers handle messages, allowing them to send spoofed emails to and from targets.

SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable.

Let’s take a closer look at what it is exactly, and how cybercriminals can use it.

The first thing we need to look at is the Simple Mail Transfer Protocol (SMTP), a protocol that allows the exchange of emails. Mail servers and other message transfer agents use SMTP to send and receive mail messages.

SMTP is very much a protocol that has developed over time since it became the standard for always-online servers in the 1980s.

Basically, an email is written using software like Microsoft Outlook or Apple Mail and is then handed over to an SMTP server. The server looks up the appropriate mail server for the domain in the recipient’s address—the part on the right side of the @ symbol, and sends the mail to that server.

It sometimes takes a few steps, but if all goes well the email will be received by the SMTP server that handles the mail for the recipient. This server may deliver the messages directly to storage, or forward it over a network using SMTP before it reaches the recipient.

Simplified, the process looks like this:

Image courtesy of SEC Consult

Image courtesy of SEC Consult

Image courtesy of SEC Consult

Since SMTP lacks authentication it used to be extremely easy to spoof a sender address. Several safeguards emerged to stop this:

*   SPF (Sender Policy Framework): This uses DNS records to indicate to receiving mail servers which IP addresses are authorized to send mail for a given domain. So this still leaves the work to the receiving server.
*   DKIM (Domain Key Identified Mail): This method signs outgoing emails using a private key. Receiving servers validate the sender using the sending server’s public key,.
*   DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC verifies if the email’s “From” domain aligns with SPF checks and/or DKIM signatures. Thus, the DMARC check fails if there is a mismatch between the MAIL FROM and the From domain where otherwise the SPF check would pass. Unfortunately DMARC is not very widely used.

**SMTP smuggling**

SMTP smuggling takes advantage of inconsistencies in the way that proxy servers and firewalls handle SMTP traffic.

Traditionally, the end of data in an SMTP conversation is indicated by a sequence <CR><LF>.<CR><LF> (CR LF stands for Carriage Return and Line Feed, which are standard text delimiters) which can also be written as \r\n.\r\n.

Researchers published about two types of SMTP smuggling, inbound and outbound. They started working from the question, what happens if outbound and inbound SMTP servers interpret the end-of-data sequence (<CR><LF>.<CR><LF>) differently?

If you can tell one server the email ends here and the other one that the full packet ends later, you can create a compartment in which you can smuggle more data.

So, the researchers started testing by putting a <LF>.<LF>  sequence in the middle of sent packages. And they found that outbound SMTP servers have different methods of dealing with it, including:

*   Dot-stuffing (Escaping the single dot with another dot):  <LF>..<LF> 
*   Replacing it with a <CR><LF> 
*   Encoding it (e.g., via quoted-printable): =0A.=0A 
*   Removing the entire sequence 
*   Not sending the message 
*   Or do nothing at all

By testing, which included sending specially constructed messages from and to different email providers, the researchers were able to find combinations that allowed them to send two email messages in one package. The sequence <LF>.<CR><LF> turned out to be effective on a custom SMTP server called NemesisSMTPd which is in use by email services provided by Ionos (e.g. GMX) which accounts for about a million hosted domains.

Image courtesy of SEC Consult

Some vendors (Microsoft and GMX) were quick to fix the vulnerabilities that facilitated SMTP smuggling, but the researchers urge companies using the also affected Cisco Secure Email product to manually update their vulnerable default configuration. The Cisco flaw affects more than 40,000 vulnerable instances and allows an attacker to send spoofed emails to high-value targets, such as Amazon, PayPal, eBay, and the IRS.

The recommendation by the researchers tells organizations using Cisco Secure Email Gateway (on premises) or Cisco Secure Email Cloud Gateway (cloud) to change the default settings of “CR and LF Handling” from “Clean” to “Allow,” citing Cisco guidelines to help administrators understand the change that should be made.

That may sound counterproductive, but this setting passes e-mails with bare carriage returns or line feeds on to the actual e-mail server (Cisco Secure Email Gateway is just a gateway), which only interprets <CR><LF>.<CR><LF> as end-of-data sequence. So, if you don’t want to receive spoofed e-mails with valid DMARC checks, we highly recommend changing your configuration.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 Explained: SMTP smuggling 

Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

It’s been nearly two years since Russia’s invasion of Ukraine, and as the grim milestone looms and winter drags on, the two nations are locked in a grueling standoff. In order to “break military parity” with Russia, Ukraine’s top general says that Kyiv needs an inspired military innovation that equals the magnitude of inventing gunpowder to decide the conflict in the process of advancing modern warfare.

If you made some New Year’s resolutions related to digital security (it’s not too late!), check out our rundown of the most significant software updates to install right now, including fixes from Google for nearly 100 Android bugs. It’s close to impossible to be completely anonymous online, but there are steps you can take to dramatically enhance your digital privacy. And if you’ve been considering turning on Apple’s extra-secure Lockdown Mode, it’s not as hard to enable or as onerous to use as you might think.

If you’re just not quite ready to say goodbye to 2023, take a look back at WIRED’s highlights (or lowlights) of the most dangerous people on the internet last year and the worst hacks that upended digital security.

But wait, there's more! Each week, we round up the security and privacy news we didn’t break or cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

23andMe said at the beginning of October that attackers had infiltrated some of its users' accounts and abused this access to scrape personal data from a larger subset of users through the company's opt-in social sharing service known as DNA Relatives. By December, the company disclosed that the number of compromised accounts was roughly 14,000 and admitted that personal data from 6.9 million DNA Relatives users had been impacted. Now, facing more than 30 lawsuits over the breach—even after tweaking its terms of service to make legal claims against the company more difficult—the company said in a letter to some individuals that “users negligently recycled and failed to update their passwords following … past security incidents, which are unrelated to 23andMe.” This references 23andMe’s long-standing assessment that attackers compromised the 14,000 user accounts through “credential stuffing,” the process of accessing accounts using usernames and passwords compromised in other data breaches from other services that people have reused on multiple digital accounts. “Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,” the company wrote in the letter.

“Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, one of the lawyers representing victims who received the letter, told TechCrunch. “23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing—especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform.”

Russia’s war—and cyberwar—in Ukraine has for years produced novel hybrids of hacking and physical attacks. Here’s another: Ukrainian officials this week said that they had blocked multiple Ukrainian civilians’ security cameras that had been hacked by the Russian military and used to target recent missile strikes on the capital of Kyiv. Ukraine’s SBU security service says the Russian hackers went so far as to redirect the cameras and stream their footage to YouTube. According to the SBU, that footage then likely aided Russia’s targeting in its bombardment on Tuesday of Kyiv, as well as the Eastern Ukrainian city of Kharkiv, with more than a hundred drones and missiles that killed five Ukrainians and injured well over a hundred. In total, since the start of Russia’s full-scale invasion of Ukraine in February 2022, the SBU says it’s blocked about 10,000 security cameras to prevent them from being hijacked by Russian forces.

Last month, a Russian cyberattack hit the telecom firm Kyivstar, crippling phone service for millions of people across Ukraine and silencing air raid warnings amid missile strikes in one of the most impactful hacking incidents since Russia’s full-scale invasion began. Now, Illia Vitiuk, the cyber chief of Ukraine’s SBU security service, tells Reuters that the hackers accessed Kyivstar’s network as early as March 2023 and laid in wait before they “completely destroyed the core” of the company in December, wiping thousands of its machines. Vitiuk added that the SBU believes the attack was carried out by Russia’s notorious Sandworm hacking group, responsible for most of the high-impact cyberattacks against Ukraine over the last decade, including the NotPetya worm that spread from Ukraine to the rest of the world to cause $10 billion in total damage. In fact, Vitiuk claims that Sandworm attempted to penetrate a Ukrainian telecom a year earlier but the attack was detected and foiled.

This week in creepy headlines: 404 Media’s Joseph Cox discovered that a Google contractor, Telus, has offered parents $50 to upload videos of their children’s faces, apparently for use as machine learning training data. According to a description of the project Telus posted online, the data collected from the videos would include eyelid shape and skin tone. In a statement to 404, Google said that the videos would be used in the company’s experiments in using video clips as age verification and that the videos would not be collected or stored by Telus but rather by Google—which doesn’t quite reduce the creep factor. “As part of our commitment to delivering age-appropriate experiences and to comply with laws and regulations around the world, we’re exploring ways to help our users verify their age,” Google told 404 in a statement. The experiment represents a slightly unnerving example of how companies like Google may not simply harvest data online to hone AI but may, in some cases, even directly pay users—or their parents—for it.

A decade ago, Wickr was on the short list of trusted software for secure communications. The app’s end-to-end encryption, simple interface, and self-destructive messages made it a go-to for hackers, journalists, drug dealers—and, unfortunately, traders in child sexual abuse materials—seeking surveillance-resistant conversations. But after Amazon acquired Wickr in 2021, it announced in early 2023 that it would be shutting down the service at the end of the year, and it appears to have held to that deadline. Luckily for privacy advocates, end-to-end encryption options have grown over the past decade, from iMessage and WhatsApp to Signal.

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits

By Waqas
In-depth analysis reveals concerning patterns in user data collection, with shopping and food delivery apps at the forefront.
This is a post from HackRead.com Read the original post: Signal, AI Generated Art Least, Amazon, Facebook Most Invasive Apps, Study

According to Surfshark, a third of data collected by these apps is susceptible to tracking by third-party advertisers or data brokers, posing a significant threat to user privacy.

In the latest study conducted by Surfshark’s Research Hub, an in-depth analysis of 100 popular apps has revealed troubling trends in data privacy practices. The research zeros in on shopping and food delivery apps, shedding light on the unsettling reality that Amazon Shopping and Wish are leading when it comes to collecting user data.

It’s not surprising that Amazon is taking the lead, but unfortunately, it’s for all the wrong reasons. Back in November 2023, Atlas VPN **conducted a study** that uncovered some unsettling facts. Amazon, along with eBay and Afterpay, emerged as the top Android shopping apps when it comes to collecting user data, surpassing all other apps in their data-hungry practices.

****Shopping and Food Delivery Apps: Data Hungry Culprits****

Surfshark’s study indicates that among various app categories, shopping and food delivery apps stand out as the most data-hungry, with Amazon Shopping and Wish taking the lead. An unexpected revelation is that more than a third of data collected by these apps is susceptible to tracking by third-party advertisers or data brokers, posing a significant threat to user privacy.

****User Tracking and Linking: The Alarming Statistics****

According to the company’s **report**, On average, shopping and delivery apps collect a staggering 21 out of 32 possible data points, with a startling 95% linked directly to the user’s identity.

Wish emerges as the most data-hungry app within this category, collecting 24 out of 32 data points, and utilizing over a third of the data to track its users. **DoorDash** and Wish stand out, with 40% of collected data points dedicated to user tracking, including sensitive information like email addresses, precise location, and purchase history.

Amazon, on the other hand, while not engaging in user tracking, emerges as a unique data collector, amassing 25 out of 32 possible data points, all intricately linked to the user’s identity.

****Food Delivery Apps and Intrusive Data Practices****

Zooming in on food delivery apps, **Uber Eats** takes the lead in tracking the most data points, sharing 12 out of 21 collected data points with third parties. The study also scrutinizes GrubHub and Instacart, uncovering their respective data collection practices.

****App-wide Data Collection Trends****

An astonishing 1523 data points are collected across the 100 apps under scrutiny, averaging 15 unique data points per app. Notably, 90% of these apps collect essential usage, diagnostic, and identifier data crucial for their functionality. Two-thirds of the apps collect user names and coarse location, while almost half track precise location data.

****Facebook, Instagram, AI Generated Art, and Signal****

Facebook and Instagram emerged as the most privacy-invasive apps, collecting all 32 data points defined by Apple. The app with the lowest data collection appetite is AI Generated Art, standing out as the sole app that refrains from gathering any data points. **Signal**, not so surprisingly, stands out in the top 10 most privacy-sensitive list, collecting only one data point (phone number) that is not linked to or used to track the user.

Surfshark

****Recommendations for Users****

Surfshark advises users to scrutinize developers’ reputations and data retention policies before downloading apps. Additionally, paying attention to constant permission requests for access to sensitive information and limiting app access to information only when in use can contribute to enhanced privacy.

The study analyzed 100 apps across 10 categories, selecting them based on search engine results. Three layers of data points were considered: unique data points collected, data linked to the user, and data used to track the user.

Surfshark’s Lead Researcher, Agneska Sablovskaja, emphasizes, “Understanding an app’s privacy policy is crucial for safeguarding digital autonomy.” With this study, Surfshark aims to empower users with knowledge, allowing them to make informed decisions about the apps they choose to incorporate into their digital lives.

1.  **Watchdog Sues Adobe Over Mass Collection of Citizen Data**
2.  **Amazon Still Selling T95 TV Box with Pre-Installed Malware**
3.  **How data collected in gaming can be used to breach user privacy**
4.  **Lithuania wants users to dump Chinese phones citing data collection**
5.  **‘Off-Facebook Activity Tool’ lets users control data collected by websites**

Signal, AI Generated Art Least, Amazon, Facebook Most Invasive Apps, Study

Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors.
“SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [

Endpoint Security / Malware

Cybersecurity researchers have discovered a new Apple macOS backdoor called **SpectralBlur** that overlaps with a known malware family that has been attributed to North Korean threat actors.

"SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the \[command-and-control\] server," security researcher Greg Lesnewich said.

The malware shares similarities with KANDYKORN (aka SockRacket), an advanced implant that functions as a remote access trojan capable of taking control of a compromised host.

It's worth noting that the KANDYKORN activity also intersects with another campaign orchestrated by the Lazarus sub-group known as BlueNoroff (aka TA444) which culminates in the deployment of a backdoor referred to as RustBucket and a late-stage payload dubbed ObjCShellz.

In recent months, the threat actor has been observed combining disparate pieces of these two infection chains, leveraging RustBucket droppers to deliver KANDYKORN.

The latest findings are another sign that North Korean threat actors are increasingly setting their sights on macOS to infiltrate high-value targets, particularly those within the cryptocurrency and the blockchain industries.

"TA444 keeps running fast and furious with these new macOS malware families," Lesnewich said.

Security researcher Patrick Wardle, who shared additional insights into the inner workings of SpectralBlur, said the Mach-O binary was uploaded to the VirusTotal malware scanning service in August 2023 from Colombia.

The functional similarities between KANDYKORN and SpectralBlur have raised the possibility that they may have been built by different developers keeping the same requirements in mind.

What makes the malware stand out are its attempts to hinder analysis and evade detection while using grantpt to set up a pseudo-terminal and execute shell commands received from the C2 server.

The disclosure comes as a total of 21 new malware families designed to target macOS systems, including ransomware, information stealers, remote access trojans, and nation-state-backed malware, were discovered in 2023, up from 13 identified in 2022.

"With the continued growth and popularity of macOS (especially in the enterprise!), 2024 will surely bring a bevy of new macOS malware," Wardle noted.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

SpectralBlur: New macOS Backdoor Threat from North Korean Hackers

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

Beyond the web, trackers embedded in your mobile applications can gather data on your activity. On Android, you should turn off personalized ads through Google’s My Ad Center, simply toggling the setting to off. Also, delete your device’s advertising ID by going to **Settings, Privacy**, **Ads** and clicking on the **Delete advertising ID** option. There are also Android apps that will block cross-app trackers, such as DuckDuckGo’s browser app or the University of Oxford–developed TrackerControl. If you use iOS, go to **Settings,** **Privacy & Security, Tracking,** and toggle off **Allow Apps to Request to Track** to stop apps from tracking you across apps and websites.

For some people, a VPN may be useful for stopping their internet service provider from viewing their web traffic. VPNs can, however, see your online activity—in some cases keeping logs of it—and many are problematic. Our is Mullvad’s VPN, which is open source and accepts payments via cash mailed to its offices in Sweden.

Pick the Most Private Option

Every app, website, and service you use is likely to collect some data about you, but some collect more than others. Picking services that purposefully don’t collect information about you or that use end-to-end encryption, which stops companies from seeing the contents of your communications or data transfers, can help limit your exposure to the web. Generally, you want to avoid Big Tech.

For messaging, Signal collects very little information about who uses it, and it’s encrypted by default, meaning it cannot see the contents of the messages you send. For searching, DuckDuckGo, Brave Search, Kagi, Startpage, and Mojeek are our picks of the most privacy friendly search engines. For email, Proton and Tuta (formerly Tutanota) provide free end-to-end encryption options. OnionShare uses the Tor network to allow you to anonymously share files. Proton Drive offers encrypted file storage online, and Apple’s advanced data protection settings allow iCloud storage to be end-to-end encrypted once it is enabled.

If you're using a work laptop or phone, it's also worth keeping in mind that your employer can likely see many, if not all, of the things you do on those devices. If you're searching for a new job or running personal tasks, you likely want to do them on personal devices.

Check What You Post

As much as anything, being more anonymous online is linked to your mentality. Simply put, the less you share about yourself online, the less identifiable you will be. That means being careful about what you post on social media—not sharing information that could identify you, your location, or others around you.

For instance, if you want to create a new social media account that’s not tied to your identity, keep any names or personal information out of the account name. You should also not sign up using your primary phone number, email address, physical address, or any similar information that could be linked back to you. This doesn’t apply just to a new account you’re creating; it should be the wider way you think about all of your online behavior.

How to Be More Anonymous Online

Facebook has announced it will roll out a new option called Link History to mobile users around the world. What does that mean?

In what seems like yet another attempt to adapt its platform to prepare for new regulations, Facebook has started rolling out a new feature called Link History.

Link History allows users to view and re-visit links they have visited with their Facebook browsing activity.

Obviously Facebook will tell us that the new feature is for its users’ benefit, but we can see several ways in which this benefits Meta even more. The only positive for me is that it could be a handy option for finding that thing that you saw on Facebook that one time, but you can’t quite remember the details. This gets defeated partially by the fact that users that have Link History enabled report they were unable to see the Link History page at all when looking at Facebook on their laptop.

However, as Facebook tracking goes at least this is an option that you have some control over. On most, if not all, popular websites you’ll find Meta’s and other’s tracking pixels. With an ongoing battle against cookies and other trackers, this may be a new way for Facebook to track its user’s behavior.

With Link History, Facebook now has another separate place where it stores details about the websites you visit along with the settings to control that data. Settings that are, deliberately or not, hard to find and easy to misinterpret.

The company itself says:

> “When you allow link history, we may use your information to improve your ads across Meta technologies.”

Translated, this means that they will use the information to provide you with targeted ads.

Recently Meta got sued over coercing users to pay to stop tracking. Organizations concerned about our privacy say that by doing this, Meta has changed the user’s choices from “yes or no” to “pay or okay.”

Research in 2022 showed that in-app browsers inject JavaScript code into third party websites that cause potential security and privacy risks to the user. This resulted in a class-action complaint against Meta in San Francisco’s federal court, alleging the company built a secret workaround to Apple’s safeguards that protect iPhone users from tracking.

So this may be another attempt to follow users around on the web. Unlike on your desktop, clicking a link in Facebook, or Instagram, will open a special browser built into the app, rather than the default browser of the device.

For now, a limited number of Android and iPhone users will see this option appear in the Facebook Mobile Browser. But the company says it will roll out the option globally over time.

**How to turn link history on or off**

Link history is turned on by default so you will have to opt-out if you don’t want it.

1.  Tap any link inside the Facebook app to open Facebook’s Mobile Browser.
2.  Tap the three dots (more actions) in the bottom right, then tap **Go to Settings**.
3.  To turn link history on, tap the slider to on (blue) next to **Allow link history**, then tap **Allow** to confirm.
4.  To turn link history off, tap the slider to off (grey) next to **Allow link history**, then tap **Don’t allow** to confirm. 

**Note**: When you turn link history off, this will immediately clear your link history, and you will no longer be able to see any links you’ve visited. Facebook promises to delete the link history it’s created for you within 90 days.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 Facebook introduces another way to track you &#8211; Link History 

By Waqas
The hackers changed Mandiant's Twitter handle from "@Mandiant" to "@phantomsolw."
This is a post from HackRead.com Read the original post: X Account of Google Cybersecurity Firm Mandiant Hacked in Crypto Scam

The attacker utilized the compromised Mandiant account to promote a cryptocurrency scam by posing as the Phantom crypto wallet and luring users with a fake airdrop.

On Wednesday, January 3, 2024, at approximately 8:00 PM, Google’s Mandiant cybersecurity firm experienced a security breach in its X account (formerly known as Twitter).

Following the breach, unidentified hackers, (crypto scammers), exploited the compromised account by carrying out a cryptocurrency scam to the firm’s extensive follower base, which exceeded 122,000 users.

Mandiant, which was acquired by Google for $5.4 billion in September 2022, was observed sending out tweets to unsuspecting users that contained links to Phantom, a cryptocurrency wallet.

The attacker utilized the account to promote a cryptocurrency scam, posing as the Phantom crypto wallet and luring users with a fake airdrop. Additionally, the hackers changed Mandiant’s Twitter handle from “@Mandiant” to “@phantomsolw.”

Although Mandiant managed to regain control of the account, restoring it to its original state proved challenging due to Twitter’s restrictions on frequent name changes. However, at the time of writing, Mandiant’s Twitter account was successfully restored, and the malicious links from the scammers were removed from its timeline.

Screenshots: Hackread.com

The hacking of Mandiant’s Twitter account should not be viewed as a surprising incident. Scammers are notorious for compromising and taking control of high-profile accounts, often by exploiting 0-day vulnerabilities or leaked credentials from past data breaches and leaks.

In July 2020, the world witnessed a series of high-profile Twitter account hacks, orchestrated to execute cryptocurrency scams. Among the compromised accounts were those belonging to prominent figures and companies, such as Barack Obama, Joe Biden, Bill Gates, Elon Musk, Justin Sun, Apple, Uber, Coinbase, Gemini, Kanye West, Jeff Bezos, Kim Kardashian, and others.

In September 2020 and December 2021, the Twitter account of the Indian Prime Minister, Narendra Modi, fell victim to hacking incidents where the attackers exploited the compromised account to promote Bitcoin scams.

Additionally, in June 2022, the Twitter account of the British Military was compromised, and the hackers utilized the breach to push a cryptocurrency scam.

In September 2023, the Twitter account of ETH founder Vitalik Buterin experienced a security breach, resulting not only in unauthorized access but also in the theft of $700,000 by scammers.

Nevertheless, the hacking of a cybersecurity company is a matter that cannot be overlooked. The situation is further complicated by the sale of Twitter accounts with the Gold checkmark by scammers, intensifying challenges in addressing phishing and disinformation on the platform.

If you use social media or are involved in cryptocurrency investment, follow these simple yet vital tips to keep your accounts secure:

*   Never share your private keys or passwords with anyone.
*   Be wary of any investment that seems too good to be true.
*   Use a strong password manager to keep your passwords safe.
*   Only invest in cryptocurrencies that you understand and that have a good reputation.
*   Be careful about clicking on links in emails or social media posts, especially if they promise free money or tokens.

****_RELATED ARTICLES_****

1.  **Mandiant Denies Hacking Claims By LockBit Ransomware**
2.  **Mandiant Tracks 4 Uncategorized Groups Exploiting Citrix Flaw**
3.  **Cybersecurity Firm Acronis Data Breach: Hackers Leak 21GB of Data**
4.  **Twitter Confirms Data Breach as 5.4M Accounts Sold on Hacker Forum**
5.  **Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials**

Tag

#apple