Firefox Relay: Mozilla’s Solution to Tracking and Email Spam

Firefox, the popular web browser of Mozilla gets a new feature, Firefox Relay, to prevent tracking and email spam. Mozilla hopes for ending the email spamming and online tracking of its users.”

Firefox, the popular web browser of Mozilla gets a new feature, Firefox Relay, to prevent tracking and email spam. Mozilla hopes for ending the email spamming and online tracking of its users.

Also Read, Cloudflare cites an increase in “specific, targeted threats”

This new feature, Firefox Relay was first unrolled in the beta version in August 202 as an extension. Firefox Relay can mask the email addresses of users when they sign up for new accounts on websites, disabling third parties to get direct access to their real email accounts.

With this new feature, Firefox users now don’t need to have access to the management dashboard to generate these email aliases. Rather than this, Firefox Relay will encourage users of the browser to use an existing mask to make a new one while creating an account on a webpage.

Masking Your Email

These aliases that the new Firefox feature makes forward messages to the user’s real email address, which means users remain anonymous while still being able to get advantages from various websites, and services online. 

By having different aliases for different sites, users can easily delete and create new ones if they get spam messages without changing their actual email account address.

And in case your email is exposed to data breaches, then all the threat actors have is your alias instead of your actual email address, protecting their privacy and anonymity.

Till today, Mozilla claims that the new feature has prevented more than two million spam and unwanted emails from appearing in actual email accounts of users.

Unlike other similar features from other tech giants, Firefox Relay also removes trackers from emails before moving them forward to the user’s real email account.

Users need to first sign up for using this feature in Firefox, which includes free and paid tiers.

New US Cybersecurity Strategy Targets Cyber Attacks from China

“The strategy also pointed towards China which is considered, “the broadest, most active, and most persistent threat to both government and private sector networks.”

The US unveils a new cybersecurity strategy that puts a huge responsibility on tech giants in preventing cyber crimes and cyber attacks.

The National Cybersecurity Strategy made by The Joe Biden-Kamala Harris administration in the US put stress on equalizing the responsibility to safeguard cyberspace by “shifting the responsibility for cybersecurity away from local governments, individuals or small businesses and also to the companies that are best fit to minimize risks for all of us.

Also Read, Hackers in Order to Install Frebniis Malware Hacks IIS Feature

The strategy also pointed towards China which is considered, “the broadest, most active, and most persistent threat to both government and private sector networks.”

The strategy ensured that we must reorient incentives to support long-term investments by “striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future”.

The US government said by using all instruments of national power, “we will make malicious cyber actors incapable of threatening the national security or public safety of the United States” and track ransomware threats via a complete Federal approach and in “lockstep with our international partners”.

The US will put the responsibility on those organizations in the digital ecosystem which are best placed to minimize risk and move the consequences of poor cybersecurity away from the most feeble “in order to make our digital ecosystem more trustworthy”.

The country has lately been the victim of several nation-state cyber attacks on its industry and government organizations, especially from China-based cyber attacks.

The country “seeks a world where responsible state behavior in cyberspace is expected and reinforced and where irresponsible behavior is isolating and costly”.

Hackers in Order to Install Frebniis Malware Hacks IIS Feature

“Frebniis, the malware uses a method that injects harmful code into iisfreb.dll’s memory. Iisfreb.dll is a DLL file attached with an IIS feature used for checking unsuccessful web page requests.”

“Frebniss” is a new sort of malware that recently posed a threat to Microsoft’s Internet Information Services (IIS). 

Also Read, What is the ‘North Korean Hacking’ fiasco in the cryptocurrency fiasco?

The malware is being employed by hackers to help them carry out stealthy commands using web requests that are transmitted through the internet.

Microsoft IIS is a robust software app platform uses for web application hosting and web server functionality. Among its multiple uses, the software application platform serves crucial services of Microsoft such as Outlook.

Microsoft IIS is a trusted platform and enables users to get easy access to services and web applications, making it a preferred choice for businesses and individuals simultaneously.

Frebniis Corrupts IIS Feature

Frebniis, the malware uses a method that injects harmful code into iisfreb.dll’s memory. Iisfreb.dll is a DLL file attached with an IIS feature uses for checking unsuccessful web page requests. 

With the help of the IIS feature, all HTTP requests are stealthily tracked by Frebniis and detect particular formats of requests from the hacker, leading to the possibility of executing remote code.

frebniis-malware

The hacker must get access to the Windows system operating the IIS server utilizing another method to apply this trick. But, how the hacker got this access in this instance remains uncertain.

frebniis

The injected .NET backdoor allows C# code execution and helps in proxying without doing disk interaction which makes it undetectable. A particular password is checked when default[.]aspx or logon[.]aspx are requested. 

frebniis-malware-attack-microsoft-iis-internet-information-services

Frebniis can command and link with other systems via compromised IIS, utilizing a base64 encoded string as a second HTTP parameter, accessing secured internal systems which are publicly unavailable.

WhatsApp’s new feature of blocking alerts from Large Groups is on the way

WhatsApp is right now working on some new features like enabling the users to use the same account on different devices. One of the most remarkable feature that will help the users who are annoyed with group notifications are, “The ability to automatically mute large group chats to help reduce notifications has been released to some beta testers, and it is rolling out to more users over the coming days,”

 

Muting Feature for Large Groups

According to Tech Times, ”

WhatsApp to Release an Auto-Mute Feature for Groups With Over 256 Members, Along With Other Updates

By Trisha Kae Andrada, Tech Times Nov 13, 2022 10:58 AM EST

WhatsApp is continuously releasing new features via its beta version. Some of the most recent include the ability to automatically mute groups with a high number of members, message themselves and modify messages that have been sent out.

 

Automatic Muting Feature for Large Groups

WhatsApp Groups have been around for a long time, and it’s reasonable to assume that they can be both useful and irritating.

A user may now add more than hundreds of people to a WhatsApp group. However, one may get overwhelmed with group notifications, which may appear bad on their phone’s lock screen.”

News 18 said, “WhatsApp started Groups many years, and it is fair to say that the groups can be helpful and annoying at the same time. WhatsApp now lets you add more than 256 members to a group, with their consent of course. But that means you can be bombarded with hundreds of group notifications, which can a sore sight on your phone’s lockscreen.

So, people tend to mute groups to avoid such incidents, but WhatsApp is now bringing a feature that will automatically mute groups that have more than 256 members. The messaging app is now capable of having 1024 members in one group, and the Meta-owned platform clearly realises the importance of user’s having their privacy.”

 

For more updates on security industry, click here.

Signal revealed that third-party data breach exposed 1,900 phone numbers

Signal is not invulnerable to hacking incidents. The company said that a data breach at verification partner Twillio exposed the phone numbers and SMS codes of roughly 1,900 users.

 

Signal’ End-to-end encryption is a failure

 

TechCrunch reported, “End-to-end encrypted messaging app Signal says attackers accessed the phone numbers and SMS verification codes for almost 2,000 users as part of the breach at communications giant Twilio last week.

 

Twilio, which provides phone number verification services to Signal, said on August 8 that malicious actors accessed the data of 125 customers after successfully phishing multiple employees. Twilio did not say who the customers were, but they are likely to include large organizations after Signal on Monday confirmed that it was one of those victims.

 

Signal said in a blog post Monday that it would notify about 1,900 users whose phone numbers or SMS verification codes were stolen when attackers gained access to Twilio’s customer support console.”

 

The data hacked has already been misused and it’s a big trouble for the users

 

Signal’s Steps

 

According to Engadget, “Signal is taking steps to limit the damage. It will unregister the app on all devices linked to affected accounts, forcing users to re-register. The team also recommended enabling a registration lock that bars anyone from re-registering on other devices without providing a PIN code.

 

Twilio revealed the breach on August 8th. The currently unidentified perpetrators used phishing scams to obtain login details and access the accounts of 125 customers. Although it’s not clear which other customers were affected, Twilio typically serves large companies and organizations.

 

The attack increases pressure on Signal to join other encrypted messaging providers in moving away from phone numbers, which can be vulnerable to SIM swaps and other digit-based schemes. This is also a reminder that systems are only as secure as their technology partners — a slip at a third-party is sometimes as dangerous as a direct assault.”

With a ban on Netflix Password Sharing, you won’t be able to share accounts with peers

This might be the end of sharing Netflix passwords with friends and family. Netflix will soon launch a test letting primary account holders pay an additional fee for users outside their households — a new attempt by the company to address illicit password-sharing.

Netflix’s latest terms of service state that a customer’s account may not be shared with individuals beyond your household. After years of turning a blind eye to password-sharing behavior that falls outside that requirement, the company last year ran a limited test prompting users to enter their account credentials as a way to nudge freeloaders into paying for their own accounts.

 

Ban on Netflix password-sharing

 

According to Chengyi Long, director of product innovation at Netflix, in an upcoming test launching in three countries—Chile, Costa Rica and Peru—Netflix will let members who share their accounts with people outside their household do so easily and securely while also paying a bit more. The new options will roll out in the next few weeks in the three countries (and may or may not expand beyond those markets).

In a blog post, Long wrote, “We’ve always made it easy for people who live together to share their Netflix account, with features like separate profiles and multiple streams in our Standard and Premium plans. While these have been hugely popular, they have also created some confusion about when and how Netflix can be shared. As a result, accounts are being shared between households — impacting our ability to invest in great new TV and films for our members.”

With the add an extra member feature, members with Netflix’s Standard and Premium plans will be able to add subsidiary accounts for up to two people they don’t live with, each with their own profile, personalized recommendations, login and password — for less than the cost of a separate Netflix plan.

 

Costs for adding sub-members

 

In the test countries, the cost for adding a sub-member is 2380 CLP in Chile, $2.99 USD in Costa Rica, and 7.9 PEN in Peru. As with other tests the streamer has conducted, there’s no guarantee that the option to pay for non-household members will end up a permanent part of the service. “We’ll be working to understand the utility of these two features for members in these three countries before making changes anywhere else in the world,” Long wrote in the post.

In addition, Netflix is testing out the ability to let subscribers transfer user profiles to new accounts, which would make it easier for password moochers to pay for their own plans. Members in the three test countries can allow people who share their account to transfer profile information either to a new account or an Extra Member sub-account—preserving their viewing history, My List and personalized recommendations info.

In the three test markets, Netflix over the next few weeks will notify members who share their accounts outside their household about the new options. A member may be prompted to verify their account only if a device outside of their household logs in to the account; Netflix may then ask the user to verify the login from the device by sending a verification code.

 

Also Read: Why did Meta issue a prohibit call on its platform for assassination of high-ranking world leaders?

Why did Meta issue a prohibit call on its platform for assassination of high-ranking world leaders?

Recently, Meta introduced a new rule where it prohibit call for assassination of high-ranking global leaders. Meta (previously known as Facebook), the parent company of Facebook and Instagram, issued a reminder recently that it prohibits calls on its platforms for the assassination of high-ranking world leaders, following intense scrutiny of the company’s decision last week to relax hate speech policies in Ukraine.

 

Prohibit Call

 

Meta’s latest action on the prohibit calls reflects its seriousness regarding violation of policies. The prohibit calls are vital, according to Meta’s statement. In an internal post to employees, Meta President of Global Affairs Nick Clegg said “we do not permit calls to assassinate a head of state.” Russia opens a criminal case against Meta following temporary hate speech policy change. The internal post, which was reported by Bloomberg and Reuters and confirmed to CNN Business by a Meta spokesperson, does not mention Russian President Vladimir Putin by name. The spokesperson affirmed that the restrictions on calls for assassination apply globally.

Meta’s earlier decision allows Ukrainian users to post otherwise prohibited calls for violent self-defense or condemnation of Russia’s invasion and effectively created more leeway for users in the country to express support for violence on Meta’s platforms. (On Sunday, Mykhailo Fedorov, Ukraine’s Minister of Digital Transformation thanked Meta and said the decision “respect[ed] our right to counter the aggression” from Russia.)

But Meta was forced to clarify its stance after Russia accused it of facilitating “illegal calls for murder and violence” against Russian citizens and opened a criminal case against the company. Russia has separately moved to block Facebook and Instagram in the country as part of a crackdown on information about the war in Ukraine, though a growing number of Russian internet users appear determined to circumvent the ban.

 

Ukraine-Specific Policy

 

The Ukraine-specific policy on hate speech, which is temporary, is “focused on protecting people’s rights to speech as an expression of self-defense in reaction to a military invasion of their country,” Clegg said in a public statement Friday. The statement added that Meta has no quarrel with the Russian people and that “there is no change at all in our policies on hate speech as far as the Russian people are concerned.” Clegg’s internal post on Sunday doubled down on that position.

We are now narrowing the focus to make it explicitly clear in the guidance that it is never to be interpreted as condoning violence against Russians in general,” Clegg wrote, adding that the hate-speech carveout for Ukraine applies only to speech “regarding the Russian military invasion.”

 

Also Read: How can Personal Boundary by Meta enable Digital Privacy Protection?

How can Personal Boundary by Meta enable Digital Privacy Protection?

Personal space and personal boundary in the digital space is one of the major concerns for users. Previous reports and past studies suggest that several cybercrimes that are caused are major privacy hacks. Recently, the transition to the Metaverse has aroused concern among users about privacy invasion.

 

Personal Boundary by Meta

 

In February 2022, Meta introduced a feature called Personal Boundary to Horizon Worlds and Venues to combat harassment. The company gave every avatar a bubble with a radius of two virtual feet, making it so that no one could come within four feet of your personal space. At the time, Meta made it so that users could not disable the feature. In response to community feedback, however, the company is now updating the tool to give people more control over it.

 

Horizon Worlds Personal Boundary Meta

 

You now have three options that allow you to decide who can get close to your avatar. The app will default to the first one, “On for Non-Friends.” As you can probably guess, this one prevents people who aren’t on your friends list from getting close to your avatar. Then there’s “On for Everyone” and “Off.” The latter option effectively returns your avatar to the standard Meta enforced before introducing Personal Boundary. In some contexts, such as when two people first meet, the software will switch to a more restrictive setting to ensure everyone is safe.

 

As much as things like groping have become a significant issue in VR social spaces, today’s update would suggest that there’s no one-size-fits-all solution for helping people feel safe in virtual reality. Meta acknowledges as much in its latest blog post, noting these new options will make it easier for friends to high-five, first-bump and take selfies while in Horizon Worlds.

 

Also Read: Top 5 Tips for Improving Enterprise Network Security