The Debian based GNU/Linux distribution, Parrot OS is developed by Parrot Security with a special focus on forensics and ethical hacking, with support for KDE Plasma, Mate and Xfce Desktop Environments.

Now, the Parrot Security team has released the latest version of the distro, Parrot OS 4.11 which follows the previous release Parrot OS 4.10 that came with several bug fixes and the latest updates from upstream sources, including fixes for the BootHole Vulnerability, affecting almost all Linux distros via GRUB2 bootloader.

Parrot OS is considered a forensic distribution and detects vulnerabilities in systems and networks, as such the latest release brings all updates to the Debian test repository, including the upcoming Debian 11 “Bullseye”.

What's new in Parrot OS 4.11 Release?



Besides the latest Linux kernel and Debian 11 “Bullseye), Parrot OS 4.11 includes a number of updated core software packages for security and penetration testing.



Also, the sandbox system now has a new revision, with the following forensic tools modified, according to the official Parrot OS 4.11 release notes:

  • Default GCC version is now 10.2.1.
  • Pisces and Zsh support now available, including the latest zsh-autocomplete version.
  • Bundled with Python 3.9 and Python 2 finally removed, with / usr / bin / python pointing to / usr / bin / python3 by default.
  • Metasploid framework updated to 6.0.36 and gets updated weekly.
  • Better Cap hasbeen updated to 2.29
  • The clip now includes Go 1.15


Additionally, the 64-bit image Parrot Home 4.11 (ISO) MATE-Desktop and Parrot KTE Home 4.11 (ISO), with KTE plasma are available for security researchers and forensic scientists.

How to Download or upgrade to Parrot OS 4.11



Parrot OS is a rolling release distro, meaning that new updates are available in the repo as soon as it is stable, so existing users running the immediate previous version of Parrot OS, or older versions, simply update their package to the new stable version with the below commands.

sudo parrot-upgrade


Or

sudo apt update && sudo apt full-upgrade


For new users, the ISO images of Parrot OS 4.11 can be downloaded from the official site, with multiple editions, such as Mate, KDE, Xfce, Netinstall, Security, Virtual, and Home.

Parrot OS 4.11: Forensics & Anonymous Surfing with updated KDE Plasma and Mate

Compat2021 is a lofty project led by Google and Microsoft, with the “broader web community” to pool resources that will improve browser compatibility along five critical areas identified by the group.

According to the group, the last couple of years have highlighted browser compatibility issues as the top challenges faced by developers, and research in the MDN Browser Compatibility Report has helped hone that signal into five areas where browser compatibility is particularly an issue, namely: CSS Flexbox, CSS Grid, CSS position: sticky, the CSS aspect-ratio property, and CSS transforms.

Albeit, the effort seems to be centered around improving the open source Chromium engine which powers Google Chrome and Microsoft’s Edge browsers.

What the Compat2021 project hopes to achieve?



The Compat2021 project working group identified the focus areas above based on feature, number of upvotes on given bugs in their different tracking system, with various feedback via survey, CanIUse data, and results from web-platform-tests.



Microsoft Edge team, on its part, intends to contribute fixes to Chromium to surpass 100% of CSS Grid tests and support the improvement of interop across browsers, as well as assist with triage in web-platform-tests. While the Chromium project had already started work on improving the compatibility of the browser in 2020 with the fine-tuning of the scope of the changes offered by Microsoft.

Still, there are compatibility issues in basically all of the web platform, even though the focus of this project remains on a rather small number of the most important areas, those voted as top issues for developers.

How to get Involved with the Compat2021 Project?



If you are a developer and encountering compatibility issues in the above listed areas, it is advised that you continue to file bugs in the appropriate tool via the “Send Feedback” or directly in the appropriate project like Chromium, Webkit, or Gecko.

And you can follow up on the project’s progress on the Compat2021 Dashboard on web-platform-tests, and by subscribing to the mailing list for updates.

Compat2021 Project towards improving Browser Compatibility

OpenSSL is a full-featured toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols necessary to secure communications sent over a computer network.

According to a security advisory published by OpenSSL, there are high-severity security flaws in the software toolkit that could be exploited to bypass certificate verification and even carry out denial-of-service (DoS) attacks. Among the flaws, is one tracked as CVE-2021-3450, that prevents applications from rejecting TLS certificates that are not digitally signed by a trusted certificate authority (CA).

While the second flaw, tracked as CVE-2021-3449 concerns a potential denial-of-service (DoS) vulnerability due to NULL pointer dereferencing which can cause a TLS server to crash when in the course of renegotiation, the client transmits a malicious "ClientHello" message during the handshake.

How the OpenSSL Flaws could be exploited to bypass Certificate verification and for DoS attacks?



OpenSSL TLS server if sent a maliciously crafted renegotiation ClientHello message and if a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result.



The NULL pointer then could lead to a crash and a denial of service (DoS) attack. Albeit, the server is only vulnerable if it is running TLSv1.2 and renegotiation enabled, but OpenSSL TLS clients are not impacted by this security issue.

In order to bypass Certificate verification, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.

The flaw prevent apps from rejecting TLS certificates that are not digitally signed by a trusted certificate authority (CA) and affects all OpenSSL 1.1.1 versions, including OpenSSL versions 1.1.1h and newer.

How to Mitigate against the OpenSSL Flaws



The maintainers of OpenSSL has promptly released patches for high-severity security flaws, after the vulnerability was discovered by Xiang Ding and others at Akamai, with a fix released on GitHub by the former Red Hat principal software engineer and OpenSSL developer, Tomáš Mráz.

The fix for the vulnerabilities are available in the updated version OpenSSL 1.1.1k released on Thursday. Therefore, applications that rely on the vulnerable version of OpenSSL are advised to apply the patches in order to mitigate the risks.

OpenSSL Flaw could be exploited for Denial of Service (DoS) Attack

Cybercriminals have continued to leverage on the ProxyLogon vulnerabilities to gain access to systems running unpatched Microsoft Exchange servers, with the DearCry and Black KingDom ransomware attacks.

According to Sophos, the Black KingDom ransomware isn't the most sophisticated payload, as analysis reveals that it's somewhat rudimentary in its composition, but still, it can cause a great deal of damage to users of Exchange Servers. It exploited the on-premises version of Microsoft Exchange Server, thereby abusing ProxyLogon, the remote code execution (RCE) vulnerability.

Sophos telemetry detected the ransomware on March 18 as it targets Exchange servers that were unpatched against the ProxyLogon vulnerabilities, alongside the DearCry ransomware attacks reported last week.

How the Black Kingdom ransomware spreads on Exchange servers?



Black KingDom ransomware was orchestrated from a remote server with the IP address, 185.220.101.204 which corresponds to Germany, and the threat actors operated from 185.220.101.216; albeit both IP addresses belong to a Tor exit node, which makes it impossible to know exactly where the attackers are located.



It exploited the on-premises versions of Microsoft Exchange Server, which after successfully breaching the Exchange server, the attacker delivered a webshell by abusing the remote code execution (RCE) vulnerability also known as ProxyLogon.

The webshell provides remote access to the server, thus allowing the execution of arbitrary commands. And the ransomware binary is based on a Python script compiled into an executable via PyInstaller. The Sophos researchers were able to decompile the binary to its original source code to understand the ransomware’s functions.

The source code was named 0xfff.py, with the “fff” representing a hexadecimal value for the decimal number 4095; though the significance remains a mystery.

How to Detect Black KingDom ransomware attacks



The Black KingDom ransomware payload can be detected with Troj/Ransom-GFU, Troj/Ransom-GFV and Troj/Ransom-GFP or simply by the CryptoGuard capability within the Sophos endpoint protection Intercept X. SophosLabs has also published indicators of compromise to Github.

Cyber Threat hunters running Sophos EDR may also utilize the queries posted here to find further indicators of compromise on their networks.

New Ransomware Attacks targeting Microsoft Exchange Servers

Mozilla has been a staunch advocate of the browser-side protection that block sites from tracking users online activities, with its Firefox browser, pushing hard on privacy with pro-privacy features.

Now, the company has introduced a Tracking Protection tool for Firefox Private Browsing and Strict Traction Protection Modes known as SmartBlock that automatically blocks third-party scripts, images, and other media content from being loaded on the browser. Thus the blocking of those scripts will protect users from being tracked across sites.

Starting with Firefox 87, the latest version of the browser, users can begin to experience a new privacy feature touted as intelligently fixing webpages that are broken by actively tracking protections, without compromising on user privacy.

What is Firefox SmartBlock all about?



SmartBlock is Firefox's built-in content blocking feature, necessary for both private browsing and strict tracking protection modes, which ultimately blocks third-party scripts, and other content from being loaded from cross-site tracking lists compiled by Disconnect.



It aims to fix the issues with websites not displaying properly as a result of using old blockade techniques, as SmartBlock provides local stand-ins for blocked third-party tracking scripts. The stand-in scripts behave just like the originals to make sure that all the webpages works properly.

Also, it allows broken websites that rely on the original scripts to load with their functionality intact. The SmartBlock stand-ins are bundled into Firefox, with no actual third-party content loaded at all, so there is no chance for third-party to track users and, of course, the stand-ins don't contain any code for tracking functionality.

How to Download or Upgrade to Firefox 87



Firefox 87 is now available for download and introduces the new privacy feature called SmartBlock, which intelligently fixes up web pages that are broken by other tracking protections, without compromising on the user privacy.

But as Firefox update happens in the background, the changes will be automatic, however users can manually upgrade the browser via the hamburger menu to Help —> About Firefox, and the download should begin immediately.

Firefox SmartBlock makes Private browsing less of a hassle

Purple Fox is an active malware campaign that targets Windows machines, which until recently, infected Windows machines by using exploit kits and phishing emails.

According to researchers at Guardicore Labs, there is a new infection vector of this malware where Windows machines are breached through SMB password brute force. The Purple Fox malware includes a rootkit that allows the threat actors to hide the malware and make it difficult to detect or remove from the machine.

The researchers also identified Purple Fox’s vast network of compromised servers which hosts its dropper and payloads, and these servers appear to be compromised Microsoft IIS 7.5 servers.

How Purple Fox Rootkit Spread Itself to Other Windows machines?



Purple Fox is distributed in the form of malicious ".msi" payloads which are hosted on nearly 2,000 compromised Windows servers, and in turn, download and execute a component with rootkit capabilities, enabling the threat actors to hide the malware and thus evade possible detection.



The vast majority of the servers, which are serving the initial payload, runs on relatively old versions of Windows Server, namely: IIS version 7.5 and Microsoft FTP, which servers are known to have multiple vulnerabilities with varying degrees of severity.

There are several ways this campaign is spreading: first the worm payload is being executed once a victim machine is compromised via a vulnerable exposed service such as SMB. And secondly, the worm payload spreads via email through a phishing campaign which exploits a known browser vulnerability.

The malware once successfully infiltrated a machine, blocks multiple ports (445, 139, and 135) in an attempt to "prevent the infected machine from getting reinfected, and/or being exploited by a different threat actor. And the next phase is the propagation process by generating IP ranges and scanning on port 445, with the probes to discover vulnerable devices on the network with weak passwords and brute-forcing them to create a botnet.

How to Mitigate against Purple fox



Botnets are often deployed by threat actors to spread all kinds of malware, including ransomware attacks, on the infected computers, albeit in this case, it isn't quite clear what the attackers are after.

Given that it spreads via old Windows versions, the most obvious advice to mitigate Purple Fox is regular updating and patching of your system. Additionally, secure your network by adding more advanced layers of security such as anti-malware solutions that use behavior monitoring and AI to strengthen detection capabilities.

Purple Fox malware spreading via wormable infection technique

Brave, the company behind the popular privacy-focused browser by the same moniker recently announced its acquisition of Tailcat, an open search engine developed by the team responsible for the private search and browser products at Cliqz.

With the acquisition, Brave is developing a privacy-focused alternative search engine to Google that promises above all things to never profile users activities. Brave refers to its upcoming search engine as an antidote to “Big Tech,” and the need to harvest users search history to serve targeted ads and recommendations.

Interestingly, Brave will also be bringing a combination of privacy-focused browser and search engine, which is perhaps what made Google successful, given the heavy adoption of its chrome browser.

What Brave Search is bringing to the table?



The open search engine, Tailcat will become the foundation of Brave Search, with Brave Search and the Brave browser constituting the industry’s first true independent, privacy-focused alternative to Google and Chrome, which rely heavily on tracking its users across all websites.



As Brave browser offers the stringent privacy protections to users, even so is the Brave Search being developed according to the same principles, as follows:

  • Brave Search offers Choice: Providing options for ad-free paid search and ad-supported search.
  • Brave Search is Independent: Relies on anonymized contributions from the community to improve and refine its Search.
  • Brave Search is User-first: Meaning that Brave serves the user first, not the ad and data industries.
  • Brave Search is Private: it doesn't track or profile users.


Brave Search comes as part of the family of privacy-preserving Brave products, even as consumers are increasingly shifting to user-first alternatives. Brave browser, as a result, recorded an unprecedented growth in 2021, reaching more than 25 million monthly active users, lending to the fact that privacy is now becoming mainstream.

Does Brave search stand any chance with Google's strangle-hold on search?



Brave has grown its browser market share significantly over the past year, from about 11 million monthly active users to over 25 million. Therefore, it is expected that even greater demand for Brave in 2021 will spur the adoption of their search service, as more and more users demand real privacy solutions to escape the Big Tech’s invasive practices.

As a case in point, DuckDuckGo, another privacy-focused search engine has been growing steadily since it was launched in 2008, and has even scaled its efforts to capitalize on growing international reach for its pro-privacy products, which Google has recently recognized the importance of offering a private search option, by adding DuckDuckGo in the available search engines on Chrome for over 59 countries.

Brave Search: Privacy-focused Search Engine to counter Google

There is a proposal to add an actor model to Swift programming language, which the actor proposal review process was opened on March 15 and will be reviewed until March 29.

While the actor model would offer developers the ability to use shared mutable state, with static detection of data races and other common concurrency bugs. Apple had earlier implemented Swift Atomics, which is an open source package that makes it possible to build synchronization constructs, like concurrent data structures, directly within the Swift programming language.

Now, the actor model is suitable for most design patterns, like parallel maps and concurrent callback patterns, albeit it is limited to working with state captured by closures. Swift includes classes that offers a mechanism for declaring mutable state shared across a program, although classes are difficult to use within concurrent programs.

What is an Actor?



A reference type introduced by the keyword actor :) which protects access to its mutable state is known as an actor. And with reference to messaging, an actor can take local decisions, send messages, create more actors, and decide on how to respond to next message received.



Also, Actors can modify their own private state, but only affect each other indirectly via messaging, therefore eliminating the need for any lock-based synchronization.

Why An Actor Model of Concurrency for the Swift Programming Language?



The concurrency roadmap for the Swift language made available by apple last fall included a proposal for actors and actor isolation, with a structured concurrency proposal for Swift that introduces concurrent tasks and offers data race safety for functions and closures.

Despite the rise in popularity of the Swift programming language, it lacks the facilities for true concurrent programming. However, there is an extension to the language which enables access to said concurrent capabilities and offers an api for supporting these interactions.

But the adoption of the ACTOR model of concurrent computation shows that it can be successfully incorporated into the language. And the early findings on prototype implementation suggests a general design pattern for the implementation of the ACTOR model in the Swift programming language.

Proposal for Actor Model of Concurrency in Swift Programming Language

Apple's integrated development environment (IDE) known as Xcode is used for the development of applications for iOS, macOS, iPadOS, watchOS, and tvOS.

According to researchers at SentinelOne, threat actors are leveraging on Xcode as attack vector to compromise developers' system on the Apple platform with a backdoor, which attacks add to a growing trend targeting developers using the popular development environment.

The Trojanized Xcode Project, dubbed "XcodeSpy", is a tainted version of the open-source development environment project known as TabBarInteraction used by Apple developers to animate tab bars for iOS based on user interaction.

Previously, attackers resorted to a tainted Xcode executables called XCodeGhost to inject malicious code in iOS apps compiled with infected Xcode without the knowledge of the developers, and even use the infected apps to collect users' data when the apps are downloaded and installed on their devices from the App Store.

How threat actors are infecting Apple App Developers With XcodeSpy?



XcodeSpy is a tainted version of the legitimate, open-source project called TabBarInteraction available on GitHub that's employed by developers to animate iOS tab bars.



It also contains an obfuscated Run Script which executes when the target developer's build is launched; then the script will attempt to contact the attacker-controlled server to retrieve a custom variant of the EggShell backdoor to install on the developer's machine.

The backdoor comes with such capabilities as recording through the victim's device microphone, camera, and keyboard. XcodeSpy may have been targeted at a group of developers, or even an individual developer, but there are potentially other scenarios where attackers could simply be trawling for targets to gather data for future attacks.

How Developers can detect XcodeSpy Infiltration



XcodeSpy relies on an in-built feature of Apple's IDE that allows developers to run custom shell script on launching their application. The technique is pretty easy to identify, but new or inexperienced developers who aren't aware of the Run Script feature will be particularly at risk since there isn't any indication in the debugger to indicate the execution of the malicious script.

Albeit, the objective behind the Xcode exploitation or even the identity of the group behind it remains unclear.

Trojanized Xcode Project: Hackers targeting Apple Developers with XcodeSpy

MyBB, originally known as MyBulletinBoard, is an open-source forum software that is written in PHP, with support for MySQL, PostgreSQL and SQLite database systems.

According to security researchers Simon Scannell and Carl Smith, there are critical vulnerabilities in the popular bulletin board software which could have allowed an attacker to get remote code execution (RCE) without having authorized access. The first is a nested auto URL persistent XSS vulnerability (CVE-2021-27889), which flaw stems from how MyBB parses messages with URLs, allowing unprivileged forum user to embed stored XSS payloads into threads and even private messages during the rendering process.

And the second vulnerability is an SQL injection (CVE-2021-27890) in the forum's theme manager which could lead to an authenticated remote code execution (RCE). The successful exploitation happens when an administrator with the "Can manage themes?" permission imports maliciously crafted theme, or a user visits a forum page where the theme has been set.

The vulnerabilities were promptly reported to the MyBB Team, and they subsequently released a patch on March 10, with MyBB software version 1.8.26 to address the issues.

How MyBB Vulnerabilities could have been chained together to achieve remote code execution (RCE)



The MyBB vulnerability could be exploited with minimal interaction by simply saving a maliciously crafted MyCode message on the server as a thread post or Private Message and luring a victim to a page where the content has been parsed.



Alternatively, an attacker could devise an exploit for the Stored XSS vulnerability by sending a private message to a targeted administrator on MyBB board, which as soon as the administrator opens the private message, the exploit will be triggered. And the RCE vulnerability will be automatically exploited in the background leading to a full takeover of the targeted MyBB forum.

The flaws currently affect MyBB forums with versions 1.8.16 and 1.8.25 , which vulnerabilities can be chained together to achieve Remote Code Execution (RCE) without any prior access to a privileged account on default MyBB-configurations.

How to Mitigate the risks associated with the flaws



Aside the two vulnerabilities mentioned above, MyBB latest version 1.8.26 also fixes other four security issues, namely: Improper validation of votes in thread poll options, which leads to SQL injection (CVE-2021-27946), Improper sanitization of data, resulting SQL injection (CVE-2021-27947), additional User Groups ID numbers saved without proper validation in the Admin Control Panel, leading to SQL injection (CVE-2021-27948) and lastly, a reflected XSS vulnerability in custom Moderator Tools (CVE-2021-27949).

Therefore, all MyBB users are hereby recommended to update their software to MyBB version 1.8.26 in order to mitigate the risks associated with the flaws.

MyBB squashes Critical Remote Code Execution Flaw

Apple now require apps to ask for permission from iPhone users before tracking them across websites or even other apps using the device's advertising identifier (IDFA), which new privacy framework is known as App Tracking Transparency (ATT).

While ad companies and marketers have used the IDFA to keep tab on iPhone users personal data between different apps in order to serve targeted ads and also, track how their ad campaigns have performed.

Now, the Chinese Advertising Association (CAA) has devised a scheme that's aimed at bypassing the new privacy rules introduced by Apple and allow ad companies to continue the tracking of users without having to rely on the IDFA; this they hope to achieve with an identifier called the China Anonymization ID (CAID).

How the China Anonymization ID (CAID) will help advertisers to serve Targeted Ads



The China Anonymization ID (CAID) possesses the characteristics of anonymity and decentralization, which means it doesn't collect private data. It only transmits the encrypted result, and the result is irreversible, thus protect the privacy and data security of the end user.



And since CAID doesn't depend on Apple IDFA, it can generate device identification ID independent of the IDFA, which it uses as an alternative to device identification for any iPhone running iOS 14 and as a supplementary solution if IDFA isn't available.

Albeit, CAID has not been formally implemented, as the tool is presently under testing by a number of China's largest ad tech companies, including Tencent, with several other foreign advertising companies haven applied on behalf of their Chinese partners, according to a report by the Financial Times.

However, it remains to be seen if CAID will get a green-light from Apple, as the proposal from the Chinese Advertising Association (CAA) is currently been actively communicated to the Cupertino-based company, which the report claims that "Apple is aware of the tool, but seems to have turned a blind eye to it."

The Future still looks bleak for Targeted Advertising



Google had recently announced a highly monumental change to its Chrome browser, which over the course of next two years, will phase out support for third-party cookies. The crumbling of cookie has definitely raised a lot of arguments among advertisers and publishers, as it will negatively impact online marketing.

If perhaps, third-party cookies are wiped out in Chrome, it simply means online advertisers will be unable to serve targeted ads for almost half of these audience, as statistics puts it at about two billion installation and one billion people using the browser each month.

App Tracking Transparency (ATT) circumvented to serve Targeted Ads

Cybersecurity researchers at Netlab 360 has discovered a new Mirai-based botnet which uses a honeypot to harvest victims, called ZHtrap and which borrows some features from Matryosh, a notorious DDoS botnet.

While Matryosh targets Android users by reusing the Mirai botnet framework which propagates via Android Debug Bridge (ADB) interfaces to infect Android devices. The ADB command-line tool is also part of the Android SDK that allows developers to debug their apps and handle communications on Android devices.

On the other hand, the ZHtrap botnet employs a similar technique by integrating an IP collection module for gathering IP addresses which are used as targets for worm-like propagation.

How ZHtrap Botnet traps Victims using a Honeypot?



The ZHtrap botnet gather IP addresses that are used as targets for further worm-like propagation, in addition to setting up a honeypot on the infected device.



It takes advantage of known vulnerabilities to propagate, and besides functionality such as DDoS and scanning, ZHtrap also implements backdoor functionality, which allows it to take snapshots from the victim devices, and disable the running of new commands, thus maintaining exclusivity over the device.

And by identifying IP addresses that connect to 23 designated ports, ZHtrap amasses IP addresses which it uses to inspect for the vulnerabilities, in order to inject the payload.

ZHtrap uses Tor C2 and communicates with the C2 using a proxy, with the first packet as the header and the second packet as the body; after sending the registration packet, it waits for the C2 to send the command, and if the header of the command packet passes the check, it selects the processing flow based on the command specified by the third byte in the header.

Obviously, ZHtrap takes a cue from Matryosh by using Tor for communication with a c2 server to download and execute its payloads. Albeit, many botnets uses worm-like scan propagation, ZHtrap's honeypot marks an "interesting" evolution of botnets to facilitate finding more targets.

ZHtrap Botnet using a Honeypot to find more Victims

When the tech industry comes to your mind, the first thing you think about is coding. Most people think that if they're not good at coding, they cannot have a splendid tech startup.

However, it is great to have an idea about coding, but you can still come up with the best tech startup even if you have none. Several startups have reached the best level search Alibaba, Amazon, and many more. With write my essay com you will be able to craft a great plan for your future startup.

If you've ever wondered how they succeeded and became the best, worry not because you're going to learn everything here. Most entrepreneurs want to build tech startups but fear they may not succeed at the end. You don't need to have a tech background to do great when it comes to technology. The founder of Codementor discussed the main points in building tech startups when you're a non-tech founder, as listed below:

  • Contributing value
  • Have a technical team
  • Create your prototype together with MVP


In this article, we wIll discuss the main point so that you can have an idea of how to become a great non-tech founder.

Ways of Building your Business Prototype and MVP



The main challenge most start-up founders go through is changing an idea into a particular product. To ensure that things run smoothly, the primary method is building a prototype together with an MVP. Both of them ensure that the development of the products gets designed to fit the market.



You have to ensure that the development of the prototype comes first before the MVP. For you not to make any mistake, you need to know the difference between the two. Since you don't have any technological skills, how do you go about it? During office hours, there are four main approaches to consider:ow:

  • Try building it alone
  • You can choose to work with freelancers
  • Consider working with development agencies
  • Join hands with your partner and work on it


However, it is good to know both the pros and cons of every building it Yourself. The first approach you can take is trying to create it on your own. It is excellent to know about the two separately because both prototype and MVP need unequal technical skills. Dissertation writing services can provide you with a lot of useful tips on such projects.

Pros:

  • The tools are practical and simple to use
  • It is an inexpensive option


Cons:

  • It is a process to get the correct tool
  • The design is not flexible


If you have a hard time building a prototype, you can turn online, and you'll get numerous help. You will get different tools that will help you get where you want. The tools you get online are both efficient and easy to use. You will not need anyone's help if you follow the right path. It is good to use ready-made templates since they make work more accessible, but it comes with several disadvantages.

The ready-made templates do not bring out any creativity that will help in designing the website. You will also have to spend much of your time trying to find the tool that will work flawlessly without giving you any problems.

3 Keys to building a Successful Technology Startup

Microsoft has released a one-click mitigation software, known as Exchange On-premises Mitigation Tool (EOMT), with the PowerShell-based script serving as a mitigation tool against ProxyLogon.

While ProxyLogon is the successful weaponization of the Exchange Server flaws, which attackers have leveraged to access Exchange Servers, and gain control and persistent system access to enterprise networks.

The ProxyLogon mitigation software applies all the countermeasures necessary to secure vulnerable Exchange server environments against the ongoing widespread cyberattacks.

Reasons for the Widespread attacks against unpatched Exchange Servers



Due to the successful weaponization of the Exchange Servers flaws which allows attackers to gain persistent system access and control of enterprise networks, there's been a widespread attacks against unpatched Exchange Servers.



And with the rapid expansion of attacks on vulnerable Exchange Servers, several threat actors are exploiting the vulnerabilities using the proof-of-concept (PoC) code shared on GitHub, before they were eventually deleted by Microsoft, and with the new ransomware threat, unpatched Exchange Servers are not only at risk of data theft but also potentially having the data encrypted, thus preventing the organization from getting access to the data.

Microsoft believes the initial attacks originates from Hafnium, a state-sponsored hacker group operating out of China, and the claims were tied to Hafnium activities which include conducting reconnaissance of victim environments by the deployment of batch scripts that automate functions like network discovery, account enumeration, and credential-harvesting.

How to Use This One-Click Mitigation Tool to Prevent Exchange Attacks?



With the Exchange On-premises Mitigation Tool (EOMT) which is now available to mitigate against current known Exchange attacks, you can simply scan the Exchange Server using the Microsoft Safety Scanner to discover any deployed web shells, and remediate the detected compromises.

Albeit, the tool is designed to serve as an interim mitigation for customers who are yet to patch/update their software and applied the on-premises Exchange security update released by Microsoft.

Microsoft releases a One-click Mitigation Tool against ProxyLogon

Fuzzing is a well-known technique for testing programming errors in software, and OSS-Fuzz is an open-source fuzzing service developed by Google which supports Python, C/C++, Rust, Go, and Java/JVM code.

While the open-source fuzz-testing service, OSS-Fuzz, now supports applications that are written in Java and other JVM-based languages, such as Kotlin and Scala; also, other programming languages supported by LLVM may equally work and OSS-Fuzz supports the fuzzing of x86_64 and i386 builds.

Furthermore, Google's Open Source Security team have partnered with Code Intelligence to integrate their Jazzer fuzzer into OSS-Fuzz, which integration, means that open source projects written in JVM-based languages can use OSS-Fuzz for continuous fuzzing.

What Jazzer integration with OSS-Fuzz brings to the table?



With the integration of Jazzer, developers will be able to fuzz code written in JVM-based languages with libFuzzer given that they already can for those written in C/C++; and this is possible through the providing of code coverage feedback from JVM bytecode to libFuzzer.



Other ways Jazzer supports important libFuzzer features are as follows:

  • Minimizing of crash inputs
  • Evaluation of code coverage based on 8-bit edge counters
  • FuzzedDataProvider for fuzzing code without an array of bytes
  • Value profile


And Jazzer will be able to support all libFuzzer features eventually, it currently offer coverage feedback from native code executed through JNI, which can uncover memory corruption vulnerabilities in memory-unsafe native code.

How to fuzz memory safe code



In fuzzing memory safe code, developers can use same classic approach for fuzzing memory unsafe code, namely: passing mutated input to code and wait for the crashes. Or perhaps, take a more unit test like approach whereby your fuzzer verifies that the code behaves correctly.

Alternatively, as fuzzing can find interesting bugs through differential fuzzing, therefore differential fuzzing, can allow your fuzzer pass mutated input from the fuzzer to multiple library implementations which should have the same capabilities.

OSS-Fuzz supports fuzzing of apps written in Java/JVM based languages

ProxyLogon is the name given to successful weaponization of Exchange Server flaws, which attackers have leveraged to access victims' Exchange Servers, and gaining control and persistent system access of an enterprise network.

According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.

And Microsoft has warned of a new family of human operated ransomware attacks, detected as Ransom:Win32/DoejoCrypt.A, which attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers. The heavy exploitation of the flaws by cybercriminals is as a result of a proof-of-concept (PoC) code shared on GitHub by a security researcher which has now been taken down by Microsoft.

How ProxyLogon allows an attacker to access victims' Exchange Servers?



The successful weaponization of the Exchange Servers flaws allows an attacker to gain persistent system access and control of an enterprise network.



There was a rapid expansion of attacks aimed at vulnerable Exchange Servers, with several threat actors exploiting the vulnerabilities before they were eventually patched by Microsoft last week, and with the new ransomware threat, unpatched Servers are not only at risk of data theft but also becoming potentially encrypted, thus preventing access to organization's mail.

With thousands of entities, including the European Banking Authority, have been breached via ProxyLogon to install a web-based backdoor called the China Chopper web shell which grants attackers the ability to plunder mailboxes and remotely access target systems.

Microsoft believes that the initial attacks originates from Hafnium, a state-sponsored hacker group operating out of China, and besides the installation of the web shell, other behaviors tied to Hafnium activity include conducting reconnaissance of victim environments by the deployment of batch scripts that automate functions like network discovery, account enumeration, and credential-harvesting.

Other groups discovered to be exploiting the vulnerabilities prior to the patch release are Websiic, Tick, LuckyMouse, Calypso, and Winnti (APT41), with others such as ShadowPad, Mikroceen, and DLTMiner compromising Exchange servers days immediately after the release of the fixes.

How to Mitigate against the ProxyLogon flaws



The avalanche of attacks is a warning to users to patch all versions of the Exchange Server as soon as possible, and take necessary steps to identify signs of compromise, given that attackers were exploiting the zero-day vulnerabilities in the wild for months before Microsoft released the patches.

Therefore, the best advice to mitigate the vulnerabilities is to apply the relevant patches, and organizations will need to shift into response and remediation activities to counter any existing intrusions.

ProxyLogon PoC: Cybercriminals heavily exploiting Exchange Server flaws

Project Lilliput is a proposal led by Red Hat’s Roman Kennke, which effort aims to explore ways to reduce Java object header, with the goal of shrinking it to 64 bits.

The Java object header is currently a 128-bit object in the 64-bit HotSpot VM, coupled with a 64-bit multipurpose header word and a 64-bit class pointer. The proposal states that reducing header size would greatly enhance overall CPU and memory usage for all Java workloads, reduce memory pressure, irrespective of been in a large in-memory database or small containerized app.

The reduction in object header will been useful for such purposes as tracking the age of each object in garbage collection, type information and storing identity hash code.

What would Developers benefit from Project Lilliput?





With Project Lilliput, Java would have a smaller object header, which means improving memory usage, with other benefits including:

  • Packing of Objects gets tighter
  • Higher Object Allocation rate
  • Reduction in garbage collection activity
  • Reduction in heap usage


Additionally, it will make the header layout more flexible and allows more build or runtime configuration of how bits are used.

Initial work plan for Project Lilliput



Project Lilliput cites a number of techniques to downsizing header fields, such as backfilling fields known at compile time and compressing pointers.

Albeit, there are constraints to the project, like the fact that it requires a change in assembly across supported platforms. Also, there could be issues with other Java projects, such as Loom: for decrease complexity in concurrent applications, Panama: for bridging between Java and C/C++ and Leyden: which addresses Java issues like slow startup time.

Project Lilliput: OpenJDK proposal to reduce Java object header

There is a new sophisticated Trojan targeting Linux endpoints and servers, dubbed "RedXOR" by Intezer, which masquerades as a polkit daemon.

According to Intezer, there are similarities found between the malware and the Winnti Umbrella (or Axiom) threat group such as PWNLNX, ​XOR.DDOS​ and Groundhog; and it is believed that Chinese nation-state threat actors are behind it. And the malware samples were uploaded from Indonesia and Taiwan, both countries that are known to be targeted by China-based threat groups.

The moniker "RedXOR" was derived from its network data which is encoded with a scheme based on XOR, and compiled with a legacy GCC compiler on old release of Red Hat Enterprise Linux, which perhaps suggests that the malware is targeted at legacy Linux systems.

RedXOR possesses capabilities, such as stealing system information, performing file operations, running arbitrary shell commands, and executing commands with system privileges, or even options to remotely update the malware.

How RedXOR Malware targets legacy Linux systems



RedXOR use of XOR encoding between RedXOR and ​PWNLNX, allows it to take the form of an unstripped 64-bit ELF file ("po1kitd-update-k"), complete with a typosquatted name ("po1kitd" vs. "polkitd"), that upon execution, creates a hidden directory to store files, before finally installing itself on Linux machine.



Besides the similarities in terms of the overall flow and functionalities, RedXOR comes with an encrypted configuration housing the command-and-control (C2) server and port, and password is needed to authenticate the C2 server, before establishing any connection over a TCP socket.

And the communications aren't only disguised as HTTP traffic, but also encoded on both ways using an XOR encryption scheme, which are decrypted to conceal the exact command.

How Users victimized by RedXOR can take protective measures?



Linux users who are already victimized by RedXOR can take protective measures by simply killing the system process and remove all files related to the malware.

But above all, as sophisticated attacks on Linux systems continue to increase over time, it is now necessary to protect your Linux system with advanced security software, especially for business or enterprise users.

RedXOR Linux Malware with Remote Credential-stealing capabilities

Microsoft released .NET Core 2.1 in May 2018, as a long-term support (LTS) release, which means it was supported for three years or an additional year after the next LTS release.

Now, the company has announced that it will end support for the .NET Core 2.1 development platform on August 21, 2021, which means that those running the platform after that date will be at risk of security issues. And starting from September 2021, security updates will not be issued .NET Core 2.1 and every computer that has .NET Core 2.1 installed, will be potentially unsecure.

Therefore, Microsoft advises that users should migrate to successors such as .NET Core 3.1 or .NET 5, or risk facing potential security issues.

While .NET 5 which arrived in November 2020, as part of Microsoft’s push to unify the .NET technologies will serve as a merger of .NET Framework and .NET Core as it is intended to unify the .NET platforms. And the first preview of .NET 6 has already been published last month, with the public version due in November 2021.

What .NET Core 2.1 users are expected to do right away



As there will be no more updates for .NET Core 2.1, including security fixes, or technical support, Microsoft advises that users should to update to a currently supported successor, such as .NET Core 3.1 or .NET 5, with the supported versions available for download at dotnet.microsoft.com.

The end of support is scheduled for August 21, 2021; Microsoft has cautioned that if any user should run into issues and need technical support, they may not be able to help you.



So, if you are a developer and your application uses NET Core 2.1, it is strongly recommended that you migrate your application to a supported version, such as .NET 3.1 or later. And if you’re an end-user, it is recommended that you reach out to the vendor of your software to confirm that your version of the software is up-to-date.

How to Upgrade to .NET Core 3.1 or Later versions



The upgrading instructions for .NET Core 3.1 are as follows:

  • Open the project file (the *.csproj, *.vbproj, or *.fsproj file).
  • Change the target framework value from netcoreapp2.1 to netcoreapp3.1. The target framework is defined by the TargetFramework or TargetFrameworks element.
  • For instance, change netcoreapp2.1 to netcoreapp3.1.


You’ll need to update your .NET Core 2 to a supported version (.NET Core 3.1 or .NET 5.0) before this date in order to continue to receive updates.

Microsoft set to End Support for .NET Core 2.1 platform

Malware dropper is a sort of Trojan designed to "install" some particular kind of malware to a target system.

And there is a dropper, dubbed Clast82, that employs a series of evasive techniques to avoid detection by Google Play Protect, which infiltrated 9 Android apps distributed via Google Play Store to deploy a second stage malware capable of gaining intrusive access to users' financial details.

According to Check Point researchers, the malware targets victims as well as taking full control of their devices by changing the payload dropped from non-malicious to the notorious AlienBot Banker and MRAT malware.

How the 9 Android Apps spread AlienBot Banker and MRAT Malware?



Check Point researchers discovered 9 Android apps used to spread the malware dropper (Clast82), namely: eVPN, BeatPlayer, Cake VPN, Pacific VPN, QR/Barcode, Music Player, tooltipnatorlibrary, Scanner MAX, and QRecorder. But Google had promptly removed those apps from the Play Store on February 9, after the findings were reported by Check Point.



On evaluation of Clast82 on Google Play, the configuration from the Firebase C&C shows an “enable” parameter and based on the parameter’s value, the malware can “decide” whether to trigger the malicious behavior or not. Albeit, this parameter is set to “false” by default and only changes to “true” after Google has published the app on Google Play store.

And the malware’s ability to run undetected shows the importance of a capable mobile security solution, as it isn't enough to scan the app only during the evaluation period, as a threat actor can easily change the app’s behavior after it is published using third-party tools.

How to Mitigate against such malicious mobile apps



As the Clast82 payload does not originate from Google Play Store, the scanning of apps would not have actually prevented the installation of the malicious app.

Therefore, the only solution is to monitor the device itself, and constantly scanning network connections and the behaviors of installed application would certainly be able to detect such malicious behavior.

Hackers leveraged on Android Apps to spread Malware dropper

WhatsApp is among the best chat apps today with global recognition, but are there other alternatives?

WhatsApp has grown over the years with numerous features like end-to-end encryption coming into the fray, but in this article, we will be taking a look at some of the best WhatsApp alternative chat apps you should try out in 2021.



1. Telegram



The first WhatsApp alternative we will be taking a look at is Telegram, the UK-based messaging app with some of the best messaging features. This messaging app has end-to-end encryption, and unlike WhatsApp, which allows you to create groups with just 256 members, you can create Telegram groups which hold up to 200,000 members who can share files of up to 2 gigabytes all at once.

Pros




  1. Open API
  2. End-to-end Encryption
  3. Light data usage
  4. Group size of up to 200,000 members


Cons




  1. Metadata is stored on their servers



Supported Platforms



Windows PC, MacOS, Windows mobiles, iPad OS, Linux, Android, and iOS.

Pricing: Free

Quick Tips: It could happen that Telegram don´t run on your older softwares. If you are searching for a new one, Naija Reviews gives you the best shopping advice for smartphones.

2. Signal Messenger



The major reason you should consider Signal Private Messenger is that it is secure and developed by the same developers who brought end-to-end encryption to WhatsApp. As a plus, Signal messenger uses an open-sourced system that is far more secure than WhatsApp. A couple of new and exciting features on Signal are the screen security feature – preventing anyone from taking screenshots while it is on – and self-destructive messages. Truly Signal is an effective WhatsApp alternative you need to try.


  1. Phone call encryption
  2. No metadata storage
  3. Secure messaging
  4. Secure and open-source system


Cons




  1. Outdated versions cannot be used
  2. Update frequency is high
  3. No backup option for iOS users
  4. Only files up to 300kb and less can be sent


Supported Platforms



Windows, MacOS, iPad OS, Linux, Android, and iOS.

Pricing: Free

3. Wire messaging



Another effective WhatsApp alternative you need to check out today is the Wire messaging app. This is a Switzerland messaging app with a user-friendly interface. It also has an open-sourced system which makes it secure for use and an ideal alternative for WhatsApp. It has features like a cloud backup system and self-destructive messaging features. You also enjoy voice and video call options which makes it enjoyable to use.

Pros




  1. Multiple device login
  2. Group voice call option
  3. Open source system


Cons




  1. Metadata is stored on their servers



Supported Platforms



MacOS, iPad OS, Linux, Android, and iOS, browser extension.

Pricing: Free

4. Viber



Viber is a Japanese VoIP (voice over IP) messaging app, a great WhatsApp alternative. From your calls to shared media and even video calls, every one of your activities is protected using end-to-end encryption. You can create groups of 250 users and make video calls with up to 20 users without any form of complexity. Compared to WhatsApp, Viber has the "community" feature, allowing many communities for easy socializing.

Pros




  1. Availability of social communities
  2. It has video conferencing option
  3. You can make calls to users not on Viber at good rates


Cons




  1. The app supports advertisements



Supported Platforms



MacOS, iPad OS, Linux, Android, and iOS, Windows.

Pricing: Free

Conclusion



Though WhatsApp has been a great and effective messaging app, you need to explore these other options, especially with the recent user privacy issues. We have mentioned many WhatsApp alternatives here, with many features you would enjoy. Many of them are free and are available on multiple platforms like iOS and Android.

4 Best Alternative Chat Apps to WhatsApp

Power FX is an open-source programming language developed by Microsoft that promises to make coding as easy as building an Excel spreadsheet.

The Windows-maker touted Power FX as general purpose low-code programming language based on spreadsheet-like formulas which can be used across Microsoft’s Power Platform; and as it is based on Microsoft Excel it will be accessible to a larger number of people, even non-programmers.

Albeit, Power FX isn't so much a brand-new language as it is a new moniker for the formula language for Microsoft's canvas apps.

What Power FX brings to the coding table?



Power FX is a general-purpose, declarative, strong typed, and functional programming language that shares the same syntax and functions as Excel.



It currently works with Power Apps which is where you can experience it for now. And the process of extracting the programming language so that it can be used in more Microsoft Power Platform products and make it available for everyone is the next step.

As such, if you're familar with spreadsheets, or particularly, if you have written VBA macros, then you'll find Power FX pretty straightforward. There is also the fact that Power FX can be used in a "no-code" environment by making the UI generate the data and formulae needed for the computation.

Additionally, Power FX formulas can be stored in YAML source files for easy edit using either Visual Studio Code, or any other text editor and it also enables Power FX to be under the same source control with Azure DevOps, GitHub, or other source code control systems.

What Power FX means for Developers?



As Power Fx will be used within Microsoft's workflow automation tool and subsequently made available to all Windows 10 users, it can amplify the effectiveness and impact of developers by multiples of the same timeframe.

Therefore, offering developers a familiar way to express logic, will dramatically expand the possibility of building sophisticated solutions. And coupled with the tools a professional expects, including ability to directly edit apps in text-based editors like Visual Studio Code and use source control, Power FX will make it possible for developers to work faster and be more productive.

What is Power FX? Microsoft's new Open-source language based on Excel

ObliqueRAT is a notorious Trojan that was documented in February 2020, that primarily spy on users, including via webcam and the malware campaigns specifically target organizations in South Asia.

Cybersecurity company Cisco Talos has discovered a new campaign distributing the malicious remote access trojan (RAT) ObliqueRAT. And this new campaign deploys the ObliqueRAT payload and utilizes completely different macro code to download, with the attackers haven also updated the infection chain to deliver ObliqueRAT via hijacked websites.

The new malware campaign targeting organizations in South Asia utilizes malicious Microsoft Office documents forged with macros to spread ObliqueRAT.

What is the Mode of Operation of ObliqueRAT?



Previously, ObliqueRAT mode of operation, according to Cisco Talos, overlapped with another threat actors known as Transparent Tribe whose campaign in December 2019 was to disseminate CrimsonRAT, but the currentattacks differs in some key ways.



Besides the fact that it use of a completely different macro code to download and deploy the ObliqueRAT payload, the campaign operators have updated the delivery mechanism by cloaking the malware in seemingly innocous bitmap image files (.BMP files) on a network of adversary-controlled websites.

Additionally, the payload hosted on the hijacked website is simply a BMP image containing a ZIP file with the ObliqueRAT payload, and the malicious macros are responsible for extracting the ZIP and subsequently the ObliqueRAT payload on the endpoint.

The attack goal is to trick victims to open the emails containing the maldocs, which opened, will direct the victim to the ObliqueRAT payload using malicious URLs and ultimately export sensitive data from the victim's system.

How to Mitigate against such Email-based Malware attacks



Given that main attack vector remains the email, it is advised that users should desist from opening suspicious email and its attachements.

Additionally, they should use advanced malware protection solutions such as that offered by Cisco which is a better alternative to the in-built Windows protection.

ObliqueRAT resurfaces with Evasion tactics using hijacked websites

Microsoft Mesh is a new mixed-reality platform powered by Azure which allows people in different locations to join in shared holographic experiences using several kind of devices.

At the company’s Ignite digital conference, Microsoft uses 3D capture technology to beam a lifelike image of a person into a virtual scene, and as the first keynote experience is designed entirely for mixed reality, attendants at the conference could experience the show as avatars in a shared holographic world.

The idea is that people can actually feel like they’re in the same place with someone sharing content or can teleport from different mixed reality devices and be present with everyone even when not physically together.

How Microsoft Mesh will actually work?



The main goal of Microsoft Mesh is to enable persons in different locations to share collaborative holographic experiences, using holoportation to project themselves as their lifelike, photorealistic selves.



And the designers or engineers working with 3D physical models could appear as themselves in a shared virtual space to collaborate on holographic models. It is born of years of Microsoft research and development in areas ranging from hand and eye tracking and HoloLens development to creating persistent artificial intelligence models that can create expressive avatars.

Powered by Azure, which is Microsoft’s cloud computing platform, Microsoft Mesh will take advantage of Azure’s enterprise-grade security and privacy features, as well as the vast computational resources, data, AI and mixed reality services.

What Devices are supported for Microsoft Mesh geographically distributed teams?



Mesh will offer a suite of AI-powered tools to developers for creating avatars, session management, spatial rendering, and synchronization across multiple users; with holoportation to build collaborative solutions in mixed reality, and solutions working across many devices such as PCs, smartphones, Hololens 2, virtual reality headsets, and tablets.

In these collaborative experiences, the content isn't on the device or within any application, rather the holographic content is in the cloud. And you only need the special lenses to see it.

Microsoft introduces a new mixed-reality platform powered by Azure

Gootloader is the name given to the newly expanded delivery system employed by Gootkit RAT, a notorious banking Trojan that focuses on stealing banking credential.

While Gootkit was first documented in 2014, the JavaScript-based malware platform is fully capable of carrying out covert activities, ranging from capturing keystrokes to taking screenshots, web injection, recording videos, and also password theft.

According to Sophos, it thrives on the malware delivery method pioneered by the threat actors behind the REvil ransomware, which infection mechanism involves JavaScript-based framework that delivers a variety of payloads, including ransomware, filelessly.

How Gootloader expands its payload delivery systems



Gootloader employs a rather malicious SEO techniques to trick Google in order to alter search results, which search engine deoptimization serves as the first phase of the attack.



This is possible given that the operators of Gootloader maintain a network of servers hosting compromised legitimate websites, ostensibly belonging to legitimate business. And if visitors click on the link in the search result, they’re presented with a different site, which is a specific page that seems to answer their exact search question, using the same wording as the search query.

The visitor on clicking the “direct download link” on the page, downloads a .zip archive file with a filename that matches the search query used in the initial search, which contains another file that is named in precisely the same way. The JavaScript file is the initial infector, and serves as the only stage of the infection at which a malicious file is written to the filesystem.

And after the target double-clicks this script, it runs entirely in memory, out of the reach of traditional endpoint protection tools.

What's Gootloader Mode of Operations?



How the operators of Gootloader gain access to these websites to serve the malicious injects remains unclear, but Sophos researchers suspect the attackers may have obtained the secret login details by installing the Gootkit malware or by the purchase of stolen credentials from underground markets.

Furthermore, the criminals tend to reuse their proven techniques instead of developing new mechanisms, rather than actively attacking endpoint tools like other malware distributors, the creators of Gootloader opt for evasive techniques that conceal the end result.

Gootloader spreading via malicious ZIP files on compromised sites