Recently Browsing 0 members
No registered users viewing this page.
By Usama Jawad96
Microsoft open sources CodeQL queries used in Solorigate investigation
by Usama Jawad
Last week, Microsoft finally completed its Solorigate investigation, concluding that while some code files for Azure, Intune, and Exchange were accessed, no customer data was compromised. The cyberattack had caused major concern around the globe because it targeted the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. Supply chain attacks were executed on SolarWinds, Microsoft, and VMware, with Microsoft President Brad Smith calling it "a moment of reckoning".
Now, Microsoft has open sourced the CodeQL queries that it utilized in the Solorigate investigation.
Image via Kevin Ku from Pexels For those unaware, CodeQL is code analysis engine which depends upon code semantics and syntax. It develops a database built around the model of the compiling code, which can then be queried just like a regular database. It can be used both for static analysis and retroactive inspection of code.
CodeQL queries were used by Microsoft in its Solorigate investigation in order to analyze its code in a scalable manner and pinpoint indicators of compromise (IoCs) and other coding patterns used by Solorigate attackers directly on a code-level.
Microsoft essentially built multiple CodeQL databases from various build pipelines, and then aggregated them in a single infrastructure to enable system-wide querying capabilities. This enabled the firm to detect malicious activity in code within hours of a coding pattern being described.
Given that this is more of a syntactic and semantic technique that depends upon identifying similarities in coding patterns such as the variable names used, Microsoft has emphasized that if you find the same patterns in your own code base, that does not necessarily mean that it's compromised. Multiple programmers can of course have the same coding style.
At the same time, it is also important to remember that a malicious actor is not constrained to a single coding style. Essentially, if the attacker deviates significantly from their usual implant pattern, they would be able to circumvent Microsoft's CodeQL queries. Regarding the syntactic and semantic code pattern identification capabilities of the CodeQL engine, the Redmond tech giant notes that:
More information about using Microsoft's CodeQL queries is available here. You can find out more about how to deploy queries here.
By Abhay V
Google announces a bunch of new Android features
by Abhay Venkatesh
Google today announced a few new features coming to Android, both via updates to select apps and the OS itself. The features related to security, accessibility, and more, and the rollout is similar to how the company introduced added capabilities to older Android versions late last year.
The first on the list today is the addition of the Password Checkup tool natively to Android, something that first debuted as an extension and then made it to the Chrome browser itself. As the name suggests, the feature helps users keep a tab on the integrity of their saved passwords by notifying them if their credentials have been exposed. This allows users to act on compromised credentials and avoid using passwords that might have been exposed on the web.
Now, the feature integrates with Autofill on Android 9 and newer, notifying users of any potential password exposures and a guide to reset them. Additionally, Autofill can also generate unique passwords and secure that information via biometric authentication, making it a great overall tool for password management.
Next up is a nifty new update to the Messages app that brings the ability to schedule messages to be sent later. Long pressing the send button will now provide an option to set the date and time to deliver the text message. The option to schedule messages has been present for users on Samsung devices via the default Messages app that ships with those devices. Alternatively, users have had to rely on third-party offerings such as Pulse SMS for the feature. The updated Messages app is now rolling out to users on Android 7 and newer.
As for accessibility improvements, the search giant announced a new update to TalkBack, its screen reader for those with impaired vision. The updates include new multi-finger gestures on Pixel and Samsung phones that can be used to perform preset commands like selecting and editing text. There are also new swipe commands for reading through just the headlines or through entire paragraphs. The firm is also adding 25 voice commands to help with actions such as finding particular text on the screen and more. Lastly, there are two new languages for the Braille keyboard.
Google assistant is also receiving some updates that let users interact with it better on the lock screen. The company is adding a new card layout to review Assistant commands right from the lock screen, including alarm and timer options, sending messaging using voice, and more. The firm adds that users can “get things done on [their] phone without needing to be right next to it”.
Another highly awaited feature announced today is the rollout of a dark theme for Maps. While Maps automatically switches to a darker theme when navigating, a proper dark mode has been teased for a while. Users will finally be able to switch to the darker side permanently from the settings, a welcome addition for those that prefer the theming option to conserve battery on AMOLED displays, or just as a matter of preference.
Lastly, the Mountain View company announced new Android Auto features such as “car-inspired backgrounds” and Assistant actions – features that began rolling out earlier this month. For long journeys, the in-car system is also adding voice-activated trivia games. Other new features include a split-screen view of Maps and audio controls – like on Apple CarPlay – on wide screens and a new privacy screen to “control when Android Auto appears on your car display”. These Android Auto features are rolling out to users running Android 6 or newer.
Samsung now promises four years of security updates for Galaxy devices
by João Carrasqueira
Longer-lasting software support has long been one of the factors pointed out when talking about the advantages of iOS compared to Android. In recent years, we've seen an increasing amount of effort from some companies to keep devices updated, with Google itself offering three years of feature and security updates for its Pixel devices.
Now, Samsung is trying to take things a step further by offering a minimum of four years of security updates for its Galaxy devices. Depending on the device you have and how old it is, security updates may be rolled out on a monthly or quarterly basis, but either way, getting security updates for four years is a welcome boon if you want your devices to last longer.
This isn't just a benefit for the latest devices coming out this year, either, nor does it target just flagships. Samsung provides a decently long list of devices that will be eligible for the extended security update period, going back to the Galaxy S10 and Note10 families, the Galaxy A series, and a wide range of tablets. Here's the full list provided by Samsung:
It's worth noting that this support period is even longer than what Google promises for its own Pixel phones - though it should be remembered that these are minimum support periods, and Google has supported some of its phones for longer than the minimum. Either way, if you happen to own or you're considering getting one of these devices, you may rest assured your phone or tablet will be kept safe for a while longer. This doesn't, however, include new Android feature updates, so you won't necessarily getting Android 12 or 13 when those versions are released.
By Usama Jawad96
Clubhouse confirms security breach, deploys new safeguards
by Usama Jawad
Private social app Clubhouse allows users to engage in informal conversations. The invite-only iOS application is used by Elon Musk with Facebook also looking to clone the chat service. However, concerns were raised around Clubhouse a couple of weeks ago with the Stanford Internet Observatory (SIO) citing numerous potential security weaknesses in the service. Today, Clubhouse has confirmed a security breach and placed new safeguards to prevent similar incidents in the future.
This situation feeds into the security concerns raised by the SIO a few days ago. One of these was Clubhouse user and chatroom IDs were being transmitted over the internet in plaintext instead of being encrypted.
Furthermore, SIO also revealed that the backend of the platform is handled by a Shanghai-based startup called Agora Inc. The Chinese company states that it "temporarily" stores raw audio data for processing in its servers but it is currently unknown how long this time period is and where the servers are situated. In a statement to The Verge, the firm confirmed that it does not route traffic produced by non-Chinese users through China. However, Agora declined to go into details about the security mechanisms and protocols in place to prevent security breaches, such as the one that took place over the weekend.
Source: Bloomberg | Image via Walk the Chat
By Usama Jawad96
Apple starts taking countermeasures against new macOS malware strain
by Usama Jawad
A recently discovered macOS malware has caught the attention of the security community due to its highly sophisticated nature and the mystery surrounding its missing payload. Dubbed "Silver Sparrow", the malware was discovered a few days ago and is known to have infected 30,000 Intel and M1 Mac devices spread across 153 countries. Now, it appears that Apple is taking steps to mitigate potential threats posed by Silver Sparrow.
Apple has reached out to Apple Insider to confirm that it has revoked the certificates of the developer accounts that were used to sign the malicious package. While this restricts the spread of this particular Silver Sparrow variant, it still leaves the door open for similar packages signed with a different certificate.
Furthermore, Apple has noted that it has many security measures in place at both hardware and software level. Furthermore, the company also releases software updates regularly which contain patches against potential threats such as Silver Sparrow.
That said, Apple as well as the cybersecurity community will likely be keeping an eye on this particular strain and its potential offshoots, given that it is seemingly in development by an advanced malicious actor. On infected machines, Silver Sparrow communicates with control servers once every 24 hours, awaiting binaries to receive and execute. It also has ephemeral self-destruct mechanisms in place that remove any trace of your machine being infected, even if your machine has already been attacked.
Source: Apple Insider