Wednesday Newsbytes: Hackers Can Get You on YouTube, CISA Orders Agencies to Patch Windows, Gmail Seeks Ruling on Political Emails, Microsoft’s ‘Hardwear’, Android Phone Charging Tips & More
Every day we scan the tech world for interesting news in the world of technology. Every Wednesday, we feature some news articles that grabbed our attention over the past week. We hope you find this week’s “Wednesday Newsbytes” informative and interesting!
Hackers are using YouTube videos to trick people into installing malware
YouTube videos used to promote fake bitcoin mining software
Cybercriminals have begun to lean on YouTube as a means of distributing potent malware(opens in new tab), security experts have discovered.
Researchers from Cyble Research Labs recently stumbled upon more than 80 videos, all with relatively few viewers, and all belonging to the same user. The videos seem to demonstrate how a piece of bitcoin mining software operates, in an attempt to persuade viewers to download it.
The download link is found in the video’s description, and comes in a password-protected archive, to convince victims of its legitimacy. To further add to the effect, the downloaded archive also comes with a link to VirusTotal, showing the file as “clean”, and a warning that some antivirus programs(opens in new tab) might trigger a false positive alert.
No false positives
The malware itself, called PennyWise, steals all kinds of data, from system information, to login credentials, cookies, encryption keys and master passwords. It also steals Discord tokens and Telegram sessions, and takes screenshots along the way.
Furthermore, it scans the device for potential cryptocurrency wallets, cold storage wallet data and crypto-related browser add-ons…
CISA orders agencies to patch new Windows zero-day used in attacks
CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.
This high severity security flaw (tracked as CVE-2022-22047) impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases.
Microsoft has patched it as part of the July 2022 Patch Tuesday, and it classified it as a zero-day as it was abused in attacks before a fix was available.
‘An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,’ Microsoft explained in a security advisory published today.
Redmond says the vulnerability was discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).
BleepingComputer has also reached out to Microsoft earlier today with questions about how this vulnerability was used in attacks.
Federal agencies given three weeks to patch
CISA has given the agencies three weeks, until August 2nd, to patch the actively exploited CVE-2022-22047 vulnerability and block ongoing attacks that could target their systems…
Read more at Bleeping Computer
Gmail users “hard pass” on plan to let political emails bypass spam filters
The deadline to comment on “special treatment” for political emails is July 16.
Earlier this month, Google sent a request to the Federal Election Commission seeking an advisory opinion on the potential launch of a pilot program that would allow political committees to bypass spam filters and instead deliver political emails to the primary inboxes of Gmail users. During a public commenting period that’s still ongoing, most people commenting have expressed staunch opposition for various reasons that they’re hoping the FEC will consider.
“Hard pass,” wrote a commenter called Katie H. “Please do not allow Google to open up Pandora’s Box on the people by allowing campaign/political emails to bypass spam filters.”
Out of 48 comments submitted as of July 11, only two commenters voiced support for Google’s pilot program, which seeks to deliver more unsolicited political emails to Gmail users instead of marking them as spam. The rest of the commenters opposed the program, raising a range of concerns, including the potential for the policy to degrade user experience, introduce security risks, and even possibly unfairly influence future elections.
Business Insider reported that the period for public commenting ends on Saturday, July 16, which is longer than what was shared in conflicting reports that said the initial deadline to comment was July 11. That means there’s still time for more Gmail users and interested parties to chime in.
Top concerns from Gmail users
Having the extra five days to comment may not seem like a lot, but at least the minor extension provides an opportunity to those who perhaps are not yet aware of Google’s proposal. FEC spokesperson Judith Ingram told Business Insider that the FEC ‘declined to comment on whether the agency believes it has given the public adequate time to comment on the matter.’ The FEC and Google did not immediately respond to Ars’ requests for comment.
Already, many Gmail users have rushed to weigh in, though, with the majority of commenters citing their top concerns and urging the FEC to disapprove of the pilot program as much as they do.
Microsoft will sell you a $60 T-shirt with the Windows XP background
Say hello to Microsoft’s new ‘Hardwear’ clothing collection
Microsoft is launching a new “Hardwear” clothing collection that includes a Windows XP T-shirt. If you’ve always wanted to wander the streets with the Windows XP bliss wallpaper strapped to your back, now is your time. The famous blue sky and green hill are emblazoned on a mustard or black tee, available for $60.
The nine-piece collection of T-shirts, hats, sweats, jackets, and pants is part of a collaboration between Supervsn founder Gavin Mathieu and Microsoft. It’s Microsoft’s first capsule collection of clothing and merchandise, and the software maker clearly wanted to create a trendy nerd vibe with its collaboration.
‘The collection is reflective of the Normcore style, a lifestyle aesthetic that puts the focus on individuals and not on the clothing they wear,’ explains Amanda O’Neal, director of multicultural and social communications at Microsoft. ‘Every piece is intentional, and there is meaning behind each item in Hardwear.’
The normcore range also includes an MS Paint T-shirt that mimics the original color palette of the app and a “Hardwear” hat with Microsoft’s 1990s logo colorings.
This isn’t Microsoft’s first experiment with clothing, though…
Why You Need To Stop Charging Your Android Phone To 100%
If you’re concerned about your phone’s battery life and making it last as long as possible, you certainly aren’t alone. A survey conducted by USA Today showed that battery life was the most common factor chosen by Android users when asked what’d get them excited about buying a new phone. There are plenty of ways the average Android smartphone user can improve their battery life in the short term, but today we’re focusing on one of the most important factors in battery longevity.
There is a direct correlation between your battery’s life span and the number of times you charge your phone. Your smartphone’s battery life depends on charge cycles or the number of times your battery charges from zero all the way up to 100%. The more full charge cycles your phone experiences, the faster the battery will degrade.
Smartphone batteries don’t last forever
Most lithium-ion phone batteries have between 400 to 500 charge cycles before a user will need to go shopping for a new one. A new phone, that is to say, as most modern smartphones aren’t particularly user-friendly when it comes to battery replacement. So, if you want to extend your battery life and stop further degradation, you may not want to charge your phone to full capacity every time you plug it in.
Chinese scientists develop robot fish that gobble up microplastics
BEIJING, July 12 (Reuters) – Robot fish that “eat” microplastics may one day help to clean up the world’s polluted oceans, says a team of Chinese scientists from Sichuan University in southwest China.
Soft to touch and just 1.3 centimetres (0.5 inch) in size, these robots already suck up microplastics in shallow water.
The team aims to enable them to collect microplastics in deeper water and provide information to analyse marine pollution in real time, said Wang Yuyan, one of the researchers who developed the robot.
‘We developed such a lightweight miniaturised robot. It can be used in many ways, for example in biomedical or hazardous operations, such a small robot that can be localised to a part of your body to help you eliminate some disease.’
The black robot fish is irradiated by a light, helping it to flap its fins and wiggle its body. Scientists can control the fish using the light to avoid it crashing into other fish or ships…
Thanks for reading this week’s Wednesday Newbytes. We hope you found these articles useful, informative, interesting, fun, and/or helpful. Darcy & TC
As I say, these are all ways interesting.
Thanks…D.