8.3 C
New York
Sunday, March 16, 2025
Home Blog Page 3787

Piping stdout and stderr to Preview — Erica Sadun


Some time again, I wrote about how useful it was to redirect a person web page into Preview. This lets you preserve the person web page open, search it, and usually have a greater person expertise than combating extra (or much less) to navigate by way of the data offered there.

man -t apropos | open -fa Preview

Not too long ago, somebody requested me about extra trendy command line interplay, particularly, instructions that use --help or related to offer their documentation. Might that data be opened in Preview as effectively.

So I placed on my considering hat and set to work. The primary command line utility I made a decision to work with was screencapture as a result of I’ve been utilizing it pretty closely over the previous couple of days. Nonetheless, it seems that Apple did not construct in an precise assist system past man. It was a poor option to attempt to use to render however I made a decision to maintain plugging away at it as a result of I needed to have the ability to pipe each stdoutand stderr to Preview.

What I got here up with regarded one thing like this, multi functional line in fact:

bash -c "screencapture -? &> 
    $TMPDIR/previewrendertext.txt; 
    /usr/sbin/cupsfilter -i textual content/plain 
        -D $TMPDIR/previewrendertext.txt 
        2> /dev/null | 
    open -fa Preview"

This all depends on cupsfilter, which might convert a file of textual content to a printable kind, which simply occurs to be readable by Preview as a PDF.

I’m doing fairly a little bit of conglomeration, becoming a member of the stderr and stdout streams utilizing &> and saving them into my Mac’s $TMPDIR. That file is cleaned up by the -D possibility from cupsfilter.

I additionally am eradicating the incessant debug messages from cupsfilter by redirecting them to /dev/null earlier than opening the print output in Preview.

Please notice that I’m nonetheless utilizing tcsh/zsh over bash on my major system, in order that definitely impacts issues. Since I wanted somewhat of the bash nuance, I made a decision to run all of it squished as a single -c command. (I’m positive if I spent sufficient time, I may do all of it in csh however I actually didn’t wish to spend that point.)

As you may see within the earlier screenshot, an older utility meant for man output doesn’t actually look all that scorching shoved into Preview through cupsfilter, particularly with line lengths. There’s additionally no good groffing and troffing to make every part fairly, the way in which you get with man:

So how may would this kludge work with a contemporary command-line app, similar to these produced utilizing the Swift Argument Parser (https://github.com/apple/swift-argument-parser)? First, I constructed a utility that might let me run any command (effectively, as long as it was correctly quoted) with out having to sort all the main points out every time I ran it:

#! /bin/bash

$@ &> $TMPDIR/previewrendertext.txt ; /usr/sbin/cupsfilter -i textual content/plain -D $TMPDIR/previewrendertext.txt 2> /dev/null | open -fa Preview

This allowed me to name preview "now --help" to redirect the usual assist message from my now utility (https://github.com/erica/now)  to Preview. Yeah, initially I needed to simply pipe stuff into it however I couldn’t work out the right way to get the stderr and the stdout piped collectively right into a single stream, not to mention convert them right into a file kind as a result of cupsfilter doesn’t know or do pipes.

It’s fairly readable and well-formatted as a result of computerized configuration that the Swift Argument Parser gives from my code nevertheless it simply feels, you recognize, very very plain.

So I went forward and tried to see what would occur if I groffed it up somewhat by passing it by way of /usr/bin/groff -Tps -mandoc -c as a substitute of utilizing cupsfilter:

bash -c "now --help &> 
    $TMPDIR/previewrendertext.txt; 
    /usr/bin/groff -Tps -mandoc -c 
    $TMPDIR/previewrendertext.txt" | 
    open -fa preview

And it’s…fairly meh. I attempted mandoc, mdoc, me, mm, ms, and www codecs. All of them got here out the identical, and not one of the SAP tabs actually labored. I believe it appears to be like much more “manny” than the straight printout however the indentation actually bugged:

I made a decision to cease at about this level as there’s actually a time when additional effort simply isn’t value additional funding — so I may throw it on the market and see if this was of curiosity to anybody else.

Let me know.

Lazarus Hacker Group Exploited Microsoft Home windows Zero-day

0


The infamous Lazarus hacker group has been recognized as exploiting a zero-day vulnerability in Microsoft Home windows, particularly concentrating on the Home windows Ancillary Operate Driver for WinSock (AFD.sys).

This vulnerability, cataloged as CVE-2024-38193, was found by researchers Luigino Camastra and Milanek in early June 2024.

The flaw allowed the group to achieve unauthorized entry to delicate system areas, posing a big menace to customers worldwide.

CVE-2024-38193: A Crucial Safety Vulnerability

The CVE-2024-38193 vulnerability is classed as an “Elevation of Privilege” flaw. It allowed attackers to bypass regular safety restrictions and entry delicate system areas which might be sometimes off-limits to most customers and directors.

Any such assault is subtle and resourceful. It’s estimated to be price a number of hundred thousand {dollars} on the black market.

The vulnerability was exploited utilizing a specialised malware referred to as “Fudmodule,” which successfully hid the hackers’ actions from safety software program.

Free Webinar on Detecting & Blocking Provide Chain Assault -> Guide your Spot

The Lazarus group focused people in delicate fields, resembling cryptocurrency engineering and aerospace, aiming to infiltrate their employers’ networks and steal cryptocurrencies to fund their operations.

Microsoft Responds with a Crucial Patch

In response to this alarming menace, Microsoft has swiftly issued a patch to handle the crucial vulnerability.

The corporate’s proactive efforts had been bolstered by the Gen cybersecurity staff, which alerted Microsoft to the difficulty and supplied detailed instance code that helped pinpoint and resolve the flaw successfully.

This fast motion has safeguarded all weak Home windows units from potential assaults. All Home windows customers should replace their techniques promptly and stay vigilant in opposition to potential threats for continued safety.

Gen’s dedication to digital freedom extends past defending its clients; it includes safeguarding your complete digital ecosystem.

By rigorous analysis and deep visibility into rising threats, their cybersecurity staff was in a position to uncover this crucial vulnerability and produce it to gentle earlier than it might trigger widespread hurt.

By sharing this info with Microsoft, Gen has protected hundreds of thousands of Home windows customers worldwide and reaffirmed its dedication to making a safer digital future for all.

This effort is a testomony to Gen’s mission of empowering and defending folks in all places, making certain everybody can navigate the digital world confidently and securely.

The vulnerability is related to the weak point CWE-416: Use After Free, with a CVSS rating of seven.8/7.2, indicating its excessive severity.

Microsoft, the assigning CNA, has categorized the utmost severity of this vulnerability as “Vital.”

Because the digital panorama continues to evolve, this incident underscores the significance of collaboration between cybersecurity consultants and expertise firms to guard customers from subtle cyber threats.

Are you from SOC and DFIR Groups? Analyse Malware Incidents & get stay Entry with ANY.RUN -> Get 14 Days Free Entry

Finest Exterior SSD For Mac 2024

0


Holding your Android gadget protected from textual content message fraud


Cell-site simulators, often known as False Base Stations (FBS) or Stingrays, are radio gadgets that mimic actual cell websites as a way to lure cellular gadgets to connect with them. These gadgets are generally used for safety and privateness assaults, akin to surveillance and interception of communications. Lately, carriers have began reporting new forms of abuse perpetrated with FBSs for the needs of economic fraud.

Particularly, there’s more and more extra proof of the exploitation of weaknesses in mobile communication requirements leveraging cell-site simulators to inject SMS phishing messages straight into smartphones. This technique to inject messages fully bypasses the service community, thus bypassing all the subtle network-based anti-spam and anti-fraud filters. Cases of this new kind of fraud, which carriers check with as SMS Blaster fraud, have been reported in Vietnam, France, Norway, Thailand and a number of different international locations.

GSMA’s Fraud and Safety Group (FASG) has developed a briefing paper for GSMA members to lift consciousness of SMS Blaster fraud and supply tips and mitigation suggestions for carriers, OEMs and different stakeholders. The briefing paper, obtainable for GSMA members solely, calls out some Android-specific suggestions and options that may assist successfully shield our customers from this new kind of fraud.

What are SMS Blasters?

SMS Blaster is the time period that international carriers use to check with FBS and cell-site simulators operated unlawfully with the purpose of disseminating (blast) SMS payloads. The most typical use case is to leverage these gadgets to inject Smishing (SMS phishing) payloads into person gadgets. Fraudsters sometimes do that by driving round with moveable FBS gadgets, and there have even been studies of fraudsters carrying these gadgets of their backpacks.

The tactic is easy and replicates identified methods to trick cellular gadgets to an attacker-controlled 2G community. SMS Blasters expose a pretend LTE or 5G community which executes a single operate: downgrading the person’s connection to a legacy 2G protocol. The identical gadget additionally exposes a pretend 2G community, which lures all of the gadgets to connect with it. At this level, attackers abuse the well-known lack of mutual authentication in 2G and drive connections to be unencrypted, which allows an entire Individual-in-the-Center (PitM) place to inject SMS payloads.

SMS Blasters are offered on the web and don’t require deep technical experience. They’re easy to arrange and able to function, and customers can simply configure them to mimic a specific service or community utilizing a cellular app. Customers may simply configure and customise the SMS payload in addition to its metadata, together with for instance the sender quantity.

SMS Blasters are very interesting to fraudsters given their nice return on funding. Spreading SMS phishing messages generally yields a small return as it is vitally troublesome to get these messages to fly undetected by refined anti-spam filters. A really small subset of messages ultimately attain a sufferer. In distinction, injecting messages with an SMS blaster fully bypasses the service community and its anti-fraud and anti-spam filters, guaranteeing that every one messages will attain a sufferer. Furthermore, utilizing an FBS the fraudster can management all fields of the message. One could make the message appear like it’s coming from the reputable SMS aggregator of a financial institution, for instance. In a latest assault that impacted lots of of hundreds of gadgets, the messages masqueraded as a medical insurance discover.

Though the kind of abuse carriers are uncovering just lately is monetary fraud, there’s precedent for the usage of rogue mobile base stations to disseminate malware, for instance injecting phishing messages with a url to obtain the payload. You will need to observe that customers are nonetheless susceptible to one of these fraud so long as cellular gadgets assist 2G, whatever the standing of 2G of their native service.

Android protects customers from phishing and fraud

There are a selection of Android-only security measures that may considerably mitigate, or in some circumstances absolutely block, the impression of one of these fraud.

Android 12 launched a person choice to disable 2G on the modem stage, a characteristic first adopted by Pixel. This feature, if used, utterly mitigates the chance from SMS Blasters. This characteristic has been obtainable since Android 12 and requires gadgets to adapt to Radio HAL 1.6+.

Android additionally has an choice to disable null ciphers as a key safety as a result of it’s strictly mandatory for the 2G FBS to configure a null cipher (e.g. A5/0) as a way to inject an SMS payload. This safety characteristic launched with Android 14 requires gadgets that implement radio HAL 2.0 or above.

Android additionally offers efficient protections that particularly tackles SMS spam and phishing, no matter whether or not the supply channel is an SMS Blaster. Android has built-in spam safety that helps to determine and block spam SMS messages. Further safety is supplied by RCS for Enterprise, a characteristic that helps customers determine reputable SMS messages from companies. RCS for Enterprise messages are marked with a blue checkmark, which signifies that the message has been verified by Google.

We advocate leveraging a few vital Google security measures which can be found on Android, particularly Secure Searching and Google Play Shield. As a further layer of safety, Secure Searching built-in on Android gadgets protects 5 billion gadgets globally and helps warn the customers about doubtlessly dangerous websites, downloads and extensions which may very well be phishing and malware-based.

Let’s say a person decides to obtain an app from the Play retailer however the app accommodates code that’s malicious or dangerous, customers are protected by Google Play Shield which is a safety characteristic that scans apps for malware and different threats. It additionally warns customers about doubtlessly dangerous apps earlier than they’re put in.

Android’s dedication to safety and privateness

Android is dedicated to offering customers with a protected and safe cellular expertise. We’re continually working to enhance our security measures and shield customers from phishing, fraud, and different threats.

Working with international carriers and different OEMs by the GSMA to assist the ecosystem within the growth and adoption of additional mobile safety and privateness options is a precedence space for Android. We look ahead to partnering with ecosystem companions in additional elevating the safety bar on this area to guard cellular customers from threats like SMS blasters.

Thanks to all our colleagues who actively contribute to Android’s efforts in tackling fraud and FBS threats, and particular due to those that contributed to this weblog submit: Yomna Nasser, Gil Cukierman, Il-Sung Lee, Eugene Liderman, Siddarth Pandit.

New Mad Liberator gang makes use of faux Home windows replace display screen to cover information theft

0


New Mad Liberator gang makes use of faux Home windows replace display screen to cover information theft

A brand new information extortion group tracked as Mad Liberator is focusing on AnyDesk customers and runs a faux Microsoft Home windows replace display screen to distract whereas exfiltrating information from the goal gadget.

The operation emerged in July and though researchers observing the exercise didn’t seen any incidents involving information encryption, the gang notes on their information leak website that they use AES/RSA algorithms to lock information.

Mad Liberator's "About" page
Mad Liberator “About” web page
Supply: BleepingComputer

Focusing on AnyDesk customers

In a report from cybersecurity firm Sophos, researchers say {that a} Mad Liberator assault begins with an unsolicited connection to a pc utilizing AnyDesk distant entry utility, which is well-liked amongst IT groups managing company environments.

It’s unclear how the risk actor selects its targets however one principle, though but to be confirmed, is that Mad Liberator tries potential addresses (AnyDesk connection IDs) till somebody accepts the connection request.

Connection request on AnyDesk
Connection request on AnyDesk
Supply: Sophos

As soon as a connection request is permitted, the attackers drop on the compromised system a binary named Microsoft Home windows Replace, which exhibits a faux Home windows Replace splash display screen.

Fake Windows Update splash screen
Pretend Home windows replace splash display screen
Supply: Sophos

The one goal of the ruse is to distract the sufferer whereas the risk actor makes use of AnyDesk’s File Switch instrument to steal information from OneDrive accounts, community shares, and the native storage.

Through the faux replace display screen, the sufferer’s keyboard is disabled, to stop disrupting exfiltration course of.

Within the assaults seen by Sophos, which lasted roughly 4 hours, Mad Liberator didn’t carry out any information encryption within the post-exfiltration stage. 

Nonetheless, it nonetheless dropped ransom notes on the shared community directories to make sure most visibility in company environments.

Ransom note dropped on breached devices
Ransom notice dropped on breached gadgets
Supply: Sophos

Sophos notes that it has not seen Mad Liberator work together with the goal previous to the AnyDesk connection request and has logged no phishing makes an attempt supporting the assault.

Relating to Mad Liberator’s extortion course of, the risk actors declare on their darknet website that they first contact breached corporations providing to “assist” them repair their safety points and get well encrypted information if their financial calls for are met.

If the victimized firm doesn’t reply in 24 hours, their identify is revealed on the extortion portal and are given seven days to contact the risk actors.

After one other 5 days because the ultimatum has been issued handed with out a ransom fee, all stolen information are revealed on the Mad Liberator web site, which at present lists 9 victims.