Adobe Commerce Unauthorized XXE Vulnerability

By Security News
July 8, 2024

Overview

The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation.

A proof of concept is publicly available on GitHub. Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier and Magento Open-Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier are vulnerable. Although Magento Open Source is popular mainly for dev environments, according to Shodan and FOFA, up to 50k exposed Adobe Commerce with Magento template are running.

Technical Overview

Magento (Adobe Commerce) is a built-in PHP platform that helps programmers create eCommerce websites and sell online. It is an HTTP PHP server application. Such applications usually have two global entry points: the User Interface and the API. Magento uses REST API, GraphQL, and SOAP.

Attackers can leverage this vulnerability to gain unauthorized admin access to REST API, GraphQL API, or SOAP API, leading to the disclosure of confidential data, denial of service, server-side request forgery (SSRF), port scanning from the perspective of the machine where the parser is located, and complete compromise of affected systems. This vulnerability poses a significant risk due to its ability to exfiltrate sensitive files, such as app/etc/env.php, containing cryptographic keys used for authentication, as shown in Figure 1. This key is generated during Magento 2 installation process. Unauthenticated actors can utilize this key to forge administrator tokens and manipulate Magento’s APIs as privileged users.

Figure 1: app/etc/env.php

The vulnerability is due to improper handling of nested deserialization in Adobe Commerce and Magento. This allows attackers to exploit XML External Entities (XXE) during deserialization, potentially allowing remote code execution. Unauthorized attackers can craft malicious JSON payloads that represent objects with unintended properties or behaviors when deserialized by the application.

Triggering the Vulnerability

XML External Entities (XXE) attack technique takes advantage of XML’s feature of dynamically building documents during processing. An XML message can provide data explicitly or point to a URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals, or compromise the security of the data the server/XML application has access to.

In the example below, the attacker takes advantage of an XML Parser’s local server access privileges to compromise local data:

  • The sample application expects XML input with a parameter called “username.” This parameter is later embedded in the application’s output.
  • The application typically invokes an XML parser to parse the XML input.
  • The XML parser expands the entity “test” into its full text from the entity definition provided in the URL. Here, the actual attack takes place.
  • The application embeds the input (parameter “username,” which contains the file) in the web service response.
  • The web service echoes back the data.

Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow-on attacks. Other examples wherein sensitive files can be disclosed are shown in Figure 2.

Figure 2: Disclosing targeted files.

Exploiting the Vulnerability

A crafted POST request to a vulnerable Adobe instance with an enabled Magento template is the necessary and sufficient condition to exploit the issue. An attacker only needs to be able to access the instance remotely, which could be over the Internet or a local network. A working PoC with a crafted POST query aids in exploiting this vulnerability. Figure 4 shows a demonstration of exploitation leveraging the publicly available PoC.

Exploiting CVE-2024-34102, steps are enumerated below, which will exfiltrate the contents of the system’s password file from the target server.

  • Create a DTD file (dtd.xml) on the attacker’s machine. This file includes entities that will read and encode the system’s password file, then send it to your endpoint.
  • Host the dtd.xml file on the attacker’s machine, accessible via HTTP on a random port.
  • Send the malicious payload via a sample curl request to the vulnerable Magento instance, as shown in Figure 3. The payload includes a specially crafted XML payload referencing the DTD file hosted on the attacker’s machine.
  • The XML parser in Magento will process the DTD file, triggering the exfiltration of the system’s password file as shown in Figure 4.
  • Lastly, observe your endpoint to capture and decode the exfiltrated data.

Figure 3: CVE-2024-34102 attack request

00:00

00:15

Figure 4: CVE-2024-34102 Exploitation

Out of the 50k exposed Magento instances in the wild, multiple events were observed wherein attackers leveraged this vulnerability, as only 25% of instances have been updated since the vulnerability was exploited in the wild. According to Sansec analysis, CVE-2024-34102 can be chained with other vulnerabilities, such as the PHP filter chains exploit (CVE-2024-2961), leading to remote code execution (RCE).

SonicWall Protections

To ensure SonicWall customers are prepared for any exploitation that may occur due to this vulnerability, the following signatures have been released:

  • IPS: 4462 – Adobe Commerce XXE Injection

Remediation Recommendations

Considering the severe consequences of this vulnerability and the trend of nefarious activists trying to leverage the exploit in the wild, users are strongly encouraged to upgrade their instances, according to Adobe advisory, to address the vulnerability.

Relevant Links

Source :
https://blog.sonicwall.com/en-us/2024/07/adobe-commerce-unauthorized-xxe-vulnerability/

The Top 10 AI Security Risks Every Business Should Know

By: Trend Micro
July 08, 2024
Read time: 4 min (1104 words)

With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year.

For more than 20 years, Open Worldwide Application Security Project (OWASP) top 10 risk lists has have been go-to references in the fight to make software more secure. In 2023, OWASP brought forward a new addition: a rundown of risks specific to AI. Two draft versions of the AI risk list were published in spring/summer of that year, with a formal version 1 released in October.

Since then, LLMs have only become more entrenched as business productivity tools. Most companies are either using or exploring the use of AI, and while some liabilities are well known—such as the need to always check an LLM’s work—others remain under the radar.

We did some analysis and found the vulnerabilities identified by OWASP fall broadly into three categories:

  1. Access risks associated with exploited privileges and unauthorized actions.
  2. Data risks such as data manipulation or loss of services.
  3. Reputational and business risks resulting from bad AI outputs or actions.

In this blog, we take a closer look at the specific risks in each case and offer some suggestions about how to handle them.

1. Access risks with AI

Of the 10 vulnerabilities listed by OWASP, three are specific to access and misuse of privileges: insecure plugin design, insecure output handling, and excessive agency.

According to OWASP, an LLM using that uses insecure could lose access control, opening them up to malicious requests or the execution of unauthorized remote code. On the flipside, plugins or applications that handle large language model outputs insecurely—without evaluating them—could expose backend systems be susceptible to XSS, CSRF, and SSRF attacks that execute unwanted actions, and to unauthorized privilege escalations, and remote code execution.

And because AI chatbots are ‘actors’ able to make and implement decisions, it matters how much free reign (i.e., agency) they’re given. As OWASP explains, “Excessive Agency is the vulnerability that enables damaging actions to be performed in response to unexpected/ambiguous outputs from an LLM (regardless of what is causing the LLM to malfunction; be it hallucination/confabulation, direct/indirect prompt injection, malicious plugin, poorly-engineered benign prompts, or just a poorly-performing model).”

For example, a personal mail reader assistant with message-sending capabilitiess could be exploited by a malicious email to propagate spam from a user’s account.

In all these cases, the large language model becomes a conduit for bad actors to infiltrate systems.

2. AI and data risks

Poisoned training datasupply chain vulnerabilitiessensitive information disclosuresprompt injection vulnerabilities , and denials of service are all data-specific AI risks.

Data can be poisoned deliberately by bad actors and inadvertently when an AI system learns from unreliable or unvetted sources. Both types of poisoning can occur within an active AI chatbot application or emerge from the LLM supply chain, where reliance on pre-trained models, crowdsourced data, and insecure plugin extensions may produce biased data outputs, security breaches, or system failures.

Poisoned data and the supply chain are input concerns. Allowing private, confidential, personally identifying information and the like into model training data can also result in unwanted disclosures of sensitive information.

With prompt injections, ill-meaning inputs may cause a large language model AI chatbot to expose data that should be kept private or perform other actions that lead to data compromises.

AI denial of service attacks are similar to classic DOS attacks. They may aim to overwhelm a large language model and deprive users of access to data and apps, or—because many AI chatbots rely on pay-as-you-go IT infrastructure—force the system to consume excessive resources and rack up massive costs.

3. Reputational and business risks associated with AI

The final two OWASP vulnerabilities relate to model theft and overreliance on AI. The first applies when an organization has its own proprietary LLM model. If that model is accessed, copied, or exfiltrated by unauthorized users, it could be exploited to harm the performance of a business, disadvantage it competitively, and potentially cause a leak of sensitive information.

Overreliance on AI is already having consequences around the world today. There’s no shortage of stories about large language models generating false or inappropriate outputs from fabricated citations and legal precedents to racist and sexist language.

OWASP points out that depending on AI chatbots without proper oversight can make organizations vulnerable to publishing misinformation or offensive content that results in reputational damage or even legal action.


Given all these various risks, the question becomes, “What can we do about it?” Fortunately, there are some protective steps organizations can take. 

What enterprises can do about AI vulnerabilities

From our perspective at Trend Micro, defending against AI access risks requires a zero-trust security stance with disciplined separation of systems (sandboxing). Even though generative AI can challenge zero-trust defenses in ways that other IT systems don’t—because it can mimic trusted entities—a zero-trust posture still adds checks and balances that make it easier to identify and contain unwanted activity. OWASP also advises that large language models “should not self-police” and calls for controls to be embedded in application programming interfaces (APIs).

Sandboxing is also key to protecting data privacy and integrity: keeping confidential information fully separated from shareable data and making it inaccessible to AI chatbots and other public-facing systems.

Good separation of data prevents large language models from including private or personally identifiable information in public outputs, and from being publicly prompted to interact with secure applications such as payment systems in inappropriate ways.

On the reputational front, the simplest remedies are to not rely solely on AI-generated content or code, and to never publish or use AI outputs without first verifying they are true, accurate, and reliable.

Many of these defensive measures can—and should—be embedded in corporate policies. Once an appropriate policy foundation is in place, security technologies such as endpoint detection and response (EDR), extended detection and response (XDR), and security information and event management (SIEM) can be used for enforcement and to monitor for potentially harmful activity.

Large language model AI chatbots are here to stay

OWASP’s catalogue of AI risks proves that concerns about the rush to embrace AI are well justified. At the same time, AI clearly isn’t going anywhere, so understanding the risks and taking responsible steps to mitigate them is critically important.

Setting up the right policies to manage AI use and implementing those policies with the help of cybersecurity solutions is a good first step. So is staying informed. The way we see it at Trend Micro, OWASP’s top 10 AI risk list is bound to become as much of an annual must-read as its original application security list has been since 2003.

Source :
https://www.trendmicro.com/en_us/research/24/g/top-ai-security-risks.html

SANS’s 2024 Threat-Hunting Survey Review

By: Trend Micro
June 04, 2024
Read time: 3 min (709 words)

In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year.

The 2024 survey highlights a growing maturity in threat-hunting methodologies, with a significant increase in organizations adopting formal processes.

This marks a shift towards a more standardized approach in cybersecurity strategies despite challenges such as skill shortages and tool limitations. Additionally, the survey reveals evolving practices in sourcing intelligence and an increase in outsourcing threat hunting, raising questions about the efficiency and alignment with organizational goals. This summary encapsulates the essential findings and trends, emphasizing the critical role of threat hunting in contemporary cybersecurity frameworks.

Participants

survey demographics
Figure 1: Survey demographics

This year’s survey attracted participants from a wide array of industries, with cybersecurity leading at 15% and 9% of respondents from the manufacturing sector, which has recently faced significant challenges from ransomware attacks. The survey participants varied in organization size, too, ranging from those working in small entities with less than 100 employees (24%) to large corporations with over 100,000 employees (9%).

The respondents play diverse roles within their organizations, highlighting the multidisciplinary nature of threat hunting. Twenty-two percent are security administrators or analysts, while 11% hold business manager positions, showcasing a balance between technical, financial, and personnel perspectives in threat-hunting practices.

However, the survey does note a geographical bias, with 65% of participants coming from organizations based in the United States, which could influence the findings related to staffing and organizational practices, though it’s believed not to affect the technical aspects of threat hunting.

Significant findings and implications

The survey examines the dynamic landscape of cyber threats and the strategies deployed by threat hunters to identify and counteract these risks. Notably, it sheds light on the prevalent types of attacks encountered:

  • Business email compromise (BEC): BEC emerges as the foremost concern, with approximately 68% of respondents reporting its detection. BEC involves malicious actors infiltrating legitimate email accounts to coerce individuals into transferring funds through social engineering tactics.
  • Ransomware: Following closely behind is ransomware, detected by 64% of participants. Ransomware operations encrypt data and demand payment for decryption, constituting a significant threat in the cybersecurity landscape.
  • Tactics, techniques, and procedures (TTPs): The survey found that TTPS are employed in different attack scenarios. In ransomware incidents, threat actors often deploy custom malware, target specific data for exfiltration, utilize off-the-shelf tools like Cobalt Strike, attempt to delete traces, and sometimes resort to physical intrusion into target companies.

Evolving threat-hunting practices

SANS also found that organizations have significantly evolved their threat-hunting practices, with changes in methodologies occurring as needed, monthly, quarterly, or annually.

Outsourced threat hunting is now used by 37% of organizations, and over half have adopted clearly defined methodologies for threat hunting, marking a notable advancement.

Additionally, 64% of organizations formally evaluate the effectiveness of their threat-hunting efforts, showing a decrease in those without formal methodologies from 7% to 2%. The selection of methods is increasingly influenced by available human resources, recognized by 47% of organizations.

The chief information security officer (CISO) plays a key role in developing threat-hunting methodologies, with significant involvement in 40% of cases.

Benefits of better threat-hunting efforts

Significant benefits from threat hunting include improved attack surface and endpoint security, more accurate detections with fewer false positives, and reduced remediation resources.

About 30% of organizations use vendor information as supplemental threat intelligence, with 14% depending solely on it. Incident response teams’ involvement in developing threat-hunting methodologies rose to 33% in 2024, indicating better integration within security functions.

Challenges such as data quality and standardization issues are increasing, underscoring the complexities of managing expanding cybersecurity data.

Final thoughts

The SANS 2024 Threat Hunting Survey highlights the cybersecurity industry’s evolution and focuses on improving cyber defense capabilities. Organizations aim to enhance threat hunting with better contextual awareness and data tools, with 51% looking to improve response to nuanced threats.

Nearly half (47%) plan to implement AI and ML to tackle the increasing complexity and volume of threats. There’s a significant planned investment in both staff and tools, with some organizations intending to increase their investment by over 10% or even 25% in the next 24 months, emphasizing threat hunting’s strategic importance.

However, a small minority anticipate reducing their investment, hinting at a potential shift in security strategy.

Source :
https://www.trendmicro.com/en_us/research/24/f/sans-2024-threat-hunting-survey-review.html

Not Just Another 100% Score: MITRE ENGENUITY ATT&CK

By: Trend Micro
June 18, 2024
Read time: 4 min (1135 words)

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps— balancing detections and business priorities including operational continuity and minimized disruption.

Trend took part in the MITRE Engenuity ATT&CK Evaluations for managed detection and response (MDR) services—building on a history of strong performance in other MITRE Engenuity tests. Key to that ongoing success is our platform approach, which provides high-fidelity detection of early- and mid-chain tactics, techniques, and procedures (TTPs) enabling quick and decisive counteractions before exfiltration or encryption can occur. Of course, we know real-world outcomes matter more than lab results. That’s why we’re proud to support thousands of customers worldwide with MDR that brings the most native extended detection and response (XDR) telemetry, leading threat intelligence from Trend™ Research and our Trend Micro™ Zero-Day Initiative™ (ZDI) under a single service to bridge real-time threat protection and cyber risk management. 

The evaluation focused on our Trend Service One™ offering, powered by Trend Vision One, which included XDR, endpoint and network security capabilities. The results proved Trend Micro MDR is a great alternative to managed services that rely on open XDR platforms or managed SIEM platforms.

Our detection of adversarial activity early in the attack chain combined with our platform’s deeply integrated native response capabilities enables rapid mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR). At the same time, comprehensive visibility and protection gives security teams greater confidence.

MITRE ENGENUITY ATTACK EVALUATIONS Managed Services Badge

Full detection across all major steps

This most recent MITRE Engenuity ATT&CK Evaluations for Managed Services featured attacks modeled on the real-world adversaries menuPass and BlackCat/AlphV. These took the form of advanced persistent threats (APTs) designed to dwell in the network post-breach and execute harmful activity over time.

Trend MDR achieved full detection coverage, reflecting and reinforcing our achievements in cybersecurity:

  • 100% across all  major attack steps
  • 100% for enriched detail on TTPs
  • 86% actionable rate for major steps

How Trend MDR delivers

To put its MDR evaluation in context, MITRE Engenuity conducted a survey prior to testing, gaining insights into market perceptions and expectations of managed cybersecurity services. More than half (58%) of respondents said they rely on managed services either to complement their in-house SOC or as their main line of defense. For companies with fewer than 5,000 employees, that tally increased to 68%.

Our MDR service at Trend helps meet those needs by combining AI techniques with human threat expertise and analysis. We correlate data and detect threats that might otherwise slip by as lower severity alerts. Our experts prioritize threats by severity, determine the root cause of attacks, and develop detailed response plans.

XDR is a key technology to achieve these security outcomes, extending visibility beyond endpoints to other parts of the environment where threats can otherwise go undetected: servers, email, identities, mobile devices, cloud workloads, networks, and operational technologies (OT). 

Integrated with native XDR insights is deep, global threat intelligence. Native telemetry enables high-fidelity detections, strong correlations and rich context; global threat intelligence brings highly relevant context to detect threats faster and more precisely. Combined with a broad third-party integration ecosystem and response automation across vectors, Trend Vision One introduces a full-spectrum SOC platform for security teams to speed up investigations and frees up time to focus on high-value, proactive security work including threat hunting and detection engineering. In some cases, smaller teams rely on our MDR service completely for their security operations.

With Trend Vision One, teams have access to a continuously updated and growing library of detection models—with the ability to build custom detection models to fit their unique threat models.

Proven strength in delivering higher-confidence alerts

Security and security operations center (SOC) teams are inundated with detection alerts and noise. Our visibility and analytics performance achieves a finely tuned balance between providing early alerts of critical adversarial tactics and techniques and managing alert fatigue to improve the analyst experience. Our MDR operations team takes advantage of the platform advantage and knows only to alert customers when critical.

In each simulation during the MITRE Engenuity ATT&CK Evaluations, there was no scenario where menuPass and BlackCat/AlphV attack attempts successfully breached the environment without being detected or disrupted.

It’s important to note that MITRE Engenuity doesn’t rank products or solutions. It provides objective measures but no scores. Instead, since every service and solution functions differently, the evaluation reveals areas of strength and opportunities for improvement within each offering. 

About the attacks

The menuPass threat group has been active since at least 2006. Some of its members have been associated with the Tianjin State Security Bureau of the Chinese Ministry of State Security and with the Huaying Haitai Science and Technology Development Company. It has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government targets—and in 2016–17 went after managed IT service providers. BlackCat is Rust-based ransomware offered as a service and first observed in November 2021. It has been used to target organizations across Africa, the Americas, Asia, Australia, and Europe in a range of sectors. 

Putting our service to the test

In cybersecurity, actions speak louder than words. Our significant investment in research and development extend to our MDR service offering to support thousands of enterprises around the world.

We’re dedicated to continuous iteration and improvement to equip security teams with cutting-edge solutions to keep their organizations safe. As we evolve our solutions, MITRE Engenuity continues to evolve its evaluation approach as well. The category of “actionability” was new in this evaluation, determining if each alert provided enough context for the security analyst to act on. The actionability testing category is an area we’re investing in heavily from a process and technology standpoint to ensure contextual awareness, prioritization, and intelligent guidance are included while maintaining manageable communication cadences and minimizing false positive alerts.

Overall, areas for improvement surfaced through the test scenarios have been resourced with dedicated engineering and development efforts to match the high standard we hold ourselves to-and that our users expect. We are pleased to see our MDR service demonstrated a strong balance of detection capabilities across the entire attack chain, both within the service itself and embedded in the underlying Trend Vision One platform.

We invite all our MDR customers to take a look at the MITRE Engenuity ATT&CK Evaluations for Managed Services to better understand the strength of their defensive posture, and to come to us with any questions or thoughts.

Next steps

For more on Trend MDR, XDR, and other related topics, check out these additional resources:

Forward vision

At Trend, we are dedicated to continuous iteration and improvement to equip security teams with cutting-edge solutions to keep their organizations safe. These relevant areas of improvement surfaced through the scenarios have been resourced with dedicated engineering and development efforts to match the high standard we hold ourselves to and which our users expect.

Source :
https://www.trendmicro.com/en_us/research/24/f/mitre-enginuity-attack-evaluations.html

How to Make Your Employees Your First Line of Cyber Defense

May 01, 2024
The Hacker News

There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats.

As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard, you’re only as secure as your weakest link. There’s still one group that can inadvertently open the gates to unwanted threat actors—your own people.

Security must be second nature for your first line of defense #

For your organization to thrive, you need capable employees. After all, they’re your source for great ideas, innovation, and ingenuity. However, they’re also human. And humans are fallible. Hackers understand no one is perfect, and that’s precisely what they seek to exploit.

This is why your people must become your first line of defense against cyber threats. But to do so, they need to learn how to defend themselves against the treachery of hackers. That’s where security awareness training (SAT) comes in.

What is Security Awareness Training (SAT)? #

The overall objective of an SAT program is to keep your employees and organization secure. The underlying benefit, however, is demonstrating compliance. While content may differ from program to program, most are generally similar, requiring your employees to watch scripted videos, study generic presentations, and take tests on cyber “hygiene.” At their core, SAT programs are designed to help you:

  • Educate your employees on recognizing cybersecurity risks such as phishing and ransomware
  • Minimize your organization’s exposure to cyber threats
  • Maintain regulatory compliance with cyber insurance stipulations

These are all worthwhile goals in helping your organization thrive amidst ever-evolving cyber threats. However, attaining these outcomes can feel like a pipe dream. That’s because of one unfortunate truth about most SAT programs: they don’t work.

Age-Old Challenges of Old-School SATs#

Traditional SAT programs have long been scrutinized for their inability to drive meaningful behavioral changes. In fact, 69% of employees admit to “intentionally bypassing” their enterprise’s cybersecurity guidance.

If you oversee cybersecurity for an organization, then you’re likely familiar with the pain that comes with implementing one, managing it, and encouraging its usage. Given their complexities, traditional SAT solutions practically force non-technical employees to become full-on technologists.

Challenges for AdministratorsChallenges for EmployeesChallenges for Your Organization
Complex, ongoing management is frustrating. Plus, through it all they just find poor results.They’re bored. Unengaging content is detrimental, as it doesn’t lead to knowledge retention. Boring, unengaging content doesn’t help with knowledge retention.Most SATs aren’t effective because they’re created by generalists, not real cybersecurity experts And many are designed with little reporting capabilities, leading to limited visibility into success rates

Because most SAT programs are complex to manage, they’re usually dismissed as a means to an end. Just check a box for compliance and move on. But when done right, SAT can be a potent tool to help your employees make more intelligent, more instinctive, security-conscious decisions.

Ask the Right Questions Before Choosing Your SAT Solution#

When it comes to choosing the right solution for your organization, there are some questions you should first ask yourself. By assessing the following, you’ll be better equipped to select the option that best fits your specific needs.

Learning-Based Questions

  • Are the topics covered in this SAT relevant to my organization’s security and compliance concerns?
  • Are episodes updated regularly to reflect current threats and scenarios?
  • Does this SAT engage users in a unique, meaningful manner?
  • Is this SAT built and supported by cybersecurity practitioners?
  • Is the teaching methodology proven to increase knowledge retention?

Management-Based Questions

  • Can someone outside of my organization manage the SAT for me?
  • Can it be deployed quickly?
  • Does it automatically enroll new users and automate management?
  • Is it smart enough to skip non-human identities so I don’t assign training to, say, our copy machine?
  • Is it simple and intuitive enough for anyone across my organization to use?

Your ideal SAT will allow you to answer a resounding “Yes” to all of the above.

Essential Features of an Effective SAT#

A SAT solution that’s easy to deploy, manage, and use can have a substantial positive impact. That’s because a solution that delivers “ease” has considered all of your organization’s cybersecurity needs in advance. In other words, an effective SAT does all the heavy lifting on your behalf, as it features:

Relevant topics
…based on real threats you might encounter.
What to look for:

To avoid canned, outdated training, choose a SAT solution that’s backed by experts. Cybersecurity practitioners should be the ones regularly creating and updating episodes based on the latest trends they see hackers leveraging in the wild. Additionally, every episode should cover a unique cybersecurity topic that reflects the most recent real-world tradecraft.
Full management by real experts
…so you don’t have to waste time creating, managing, and assigning training.
What to look for:

Ideally, you want a SAT solution that can manage all necessary tasks for you. Seek a SAT solution that’s backed by real cybersecurity experts who can create, curate, and deploy your learning programs and phishing scenarios on your behalf.
Memorable episodes
…with fun, story-driven lessons that are relatable and easy to comprehend.
What to look for:

Strive for a SAT solution that features character-based narratives. This indicates the SAT is carefully designed to engage learners of all attention spans. Remember, if the episodes are intentionally entertaining and whimsical, you’re more likely to find your employees conversing about inside jokes, recurring characters, and, of course, what they’ve learned. As a result, these ongoing discussions only serve to fortify your culture of security.
Continual enhancements …so episodes are updated regularly in response to real-world threats.
What to look for:
Seek out a SAT solution that provides monthly episodes, as this will keep your learners up to date. Regular encounters with simulated cybersecurity scenarios can help enhance their abilities to spot and defend against risks, such as phishing attempts. These simulations should also be dispersed at unpredictable time intervals (i.e. morning, night, weekends, early in the month, later in the month, etc.), keeping learners on their toes and allowing them to put their security knowledge into practice.
Minimal time commitment
…so you don’t have to invest countless hours managing it all.
What to look for:
For your learners, choose a SAT solution that doesn’t feel like an arduous chore. Look for solutions that specialize in engaging episodes that are designed to be completed in shorter periods of time.
For your own administrative needs, select a SAT that can sync regularly with your most popular platforms, such as Microsoft 365, Google, Okta, or Slack. It should also sync your employee directories with ease, so whenever you activate or deactivate users, it’ll automatically update the information. Finally, make sure it’s intelligent enough to decipher between human and non-human identities, so you’re only charged for accounts linked to real individuals.
Real results …through episodes that instill meaningful security-focused behaviors and habits.
What to look for:
An impactful SAT should deliver monthly training that’s rooted in science-backed teaching methodologies proven to help your employees internalize and retain lessons better. Your SAT should feature engaging videos, text, and short quizzes that showcase realistic cyber threats you and your employees are likely to encounter in the wild, such as:PhishingSocial engineeringPhysical device securityand more
Measurable data …with easy-to-read reports on usage and success rates.
What to look for:
An impactful SAT program should provide robust reporting. Comprehensible summaries should highlight those learners who haven’t taken their training or those whom a phishing simulation has compromised. Additionally, detailed reports should give you all the data you need to help prove business, insurance, and regulatory compliance.
Easy adoption
….that makes it easy to deploy and easy to scale with your organization.
What to look for:
Choose a SAT solution that’s specially built to accommodate organizations with limited time and resources. A solution that’s easy to implement can be deployed across your organization in a matter of minutes.
Compliance …with a range of standards and regulations
What to look for:
While compliance is the bare minimum of what a SAT should offer your organization, it shouldn’t be understated. Whether to meet insurance check boxes or critical industry regulations, every business has its own compliance demands. At the very least, your SAT solution should cover the requirements of:
Health Insurance Portability and Accountability Act (HIPAA)Payment Card Industry Data Security Standard (PCI)Service Organization Control Type 2 (SOC 2)EU General Data Protection Regulation (GDPR)

The Threat Landscape is Changing. Your SAT Should Change With It. #

Cybercriminals think they’re smart, maliciously targeting individuals across organizations like yours. That’s why you need to ensure your employees are smarter. If they’re aware of the ever-changing tactics hackers employ, they can stand as your first line of defense. But first, you need to deploy a training solution you can trust, backed by real cybersecurity experts who understand emerging real-world threats.

Huntress Security Awareness Training is an easy, effective, and enjoyable solution that helps:

  • Minimize time-consuming maintenance and management tasks
  • Improve knowledge retention through neuroscience-based learning principles
  • Update you and your employees on the current threat landscape
  • Establish a culture that values cybersecurity
  • Inspire meaningful behavioral habits to improve security awareness
  • Engage you and your employees in a creative, impactful manner
  • Assure regulatory compliance
  • Keep cyber criminals out of your organization

Discover how a fully managed SAT can free up your time and resources, all while empowering your employees with smarter habits that better protect your organization from cyber threats.

Say goodbye to ineffective, outdated training. Say hello to Huntress SAT.

Start your free trial of Huntress SAT today.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Source :
https://thehackernews.com/2024/05/everyones-expert-how-to-empower-your.html

Empowering Cybersecurity with AI: The Future of Cisco XDR

May 7, 2024
Siddhant Dash

In 2007, there was a study from the University of Maryland proving that internet-connected systems were attacked every 39 seconds on average. Today, that number has grown more than 60%. Cisco sees 64 attempts to connect to ransomware infrastructure every second. The world is becoming digitized, and hybrid, which creates an environment that criminals target with increasing sophistication. It’s too much for human-scale, and so a hybrid world requires a hybrid approach that sits between humans and machines.

Envision an AI Assistant that serves as a reliable partner for incident responders, offering precise, real-time guidance on the subsequent steps to take, tailored to the specific state of the incident at hand and allowing SOC (Security Operations Center) teams to respond faster and do more with less. I am pleased to announce the launch of the AI Assistant in XDR as a part of our Breach Protection Suite.

In our RSAC 2023 announcement, we introduced a vision of our Cisco SOC Assistant, designed to expedite threat detection and response. Today, this vision is realized and available in private preview. It enhances our Breach Protection Suite which is powered by Cisco XDR’s capabilities. It significantly speeds up investigations and responses, enabling security teams to safeguard their environments more efficiently and cost-effectively.

Assist with Information Discovery

In 2024, the global shortfall of 3.5 million security professionals, as reported by ISC2, underscores the importance of retaining and recruiting skilled personnel to counter increasingly sophisticated cyber threats and safeguard enterprises. Moreover, the lack of appropriate tools often leads to ineffective cyber risk management and professional burnout, adversely affecting staff retention and the SOC’s capacity to thwart attacks.

The AI Assistant in XDR acts as a potent enhancer, empowering SOC teams to maximize their efficiency and effectively close the personnel and skill gap. When an incident occurs, the assistant will contextualize events across email, the web, endpoints, and the network to tell the SOC analyst exactly what happened and its impact on their environment. It presents a short description of the incident that quickly answers what, when and how an incident happened. It also provides a long description of the incident which explains the timeline of events that have happened in this active incident.

Figure 1: Short Description of Incident Details generated by the AI Assistant
Figure 2: Long Description of Incident Details and Events Timeline

Moreover, our AI Assistant utilizes XDR’s patented ability to prioritize critical incidents, reducing alert fatigue for the SOC team and enhancing their efficiency in handling active incidents.

Figure 3: Targeted Prioritization of Incidents by AI Assistant that Need Immediate Attention

Augment and Elevate SOC Teams with Best Practice Recommendations

Today’s SOCs often struggle with a fragmented technology stack, making it difficult to respond effectively to cyber threats. Alert fatigue is a major hurdle for modern SOC teams, hindering proactive threat hunting and leading to overlooked alerts and burnout. The Cisco AI Assistant comes to the rescue and jumpstarts the incident response process for a modern SOC team.

Our AI Assistant, powered by Cisco XDR the platform for Cisco’s Breach Protection Suite, synthesizes data from email, web, processes, endpoints, cloud, and network domains, offering precise action recommendations to effectively contain ongoing cyber-attacks. It works at machine scale to identify patterns and potential attacks that humans might miss because of alert fatigue, if a defender is only looking at one domain in isolation, or while trying to manually correlate data. The AI Assistant is context aware, meaning it tracks the state of the incident in real-time and generates tailored recommendations specific to that incident.

Figure 4: Tailored Recommendations for an Incident by the AI Assistant

Mean Time to Detection (MTTD) and Mean Time to Respond (MTTR) are two primary metrics that SOC teams want to optimize for. Cisco XDR with our AI Assistant enables security teams to reduce these metrics by jumpstarting investigations and incident response by providing tailored recommendations for that specific incident.

Enable Seamless Collaboration Across Security Teams

The Cisco AI Assistant, embedded within XDR, facilitates team collaboration using Webex, Teams, or Slack. This empowers security teams to swiftly assemble the right experts for an active incident, thereby speeding up the MTTR. The AI Assistant unifies the team by setting up WAR rooms, summarizing messages, and logging them in XDR for instant audit-readiness.

Figure 5: AI Assistant creates a Webex WAR Room and brings the right experts together for Incident Response

Automate Workflows to Neutralize Threats Across the Enterprise

Today’s SOCs often lack a cohesive technology stack to respond to cyber threats efficiently and consistently. As the IT environment grows beyond the on-premises data center to cloud, hybrid-cloud and multi-cloud country specific data centers, organizations accumulate point solutions to monitor and protect pieces of the environment. As a result, SOC analysts must do a lot of the heavy lifting required to detect and respond to an attack. This includes logging into different tools to execute workflows that contain an attack.

Our AI Assistant taps into advanced workflows and atomics with Cisco XDR’s 90+ integrations. Our AI assistant enables the execution of workflows at a single click, guided by the AI Assistant’s personalized recommendations that consider the incident’s playbook and current state in real-time.

Figure 6: Execution of Automated Workflows by the AI Assistant to Contain an Incident

Gone are the days when security teams had to juggle multiple isolated products and execute workflows in each to mitigate an attack. With Cisco Breach Protection Suite, billions of security events can be correlated and recommended actions can be generated and executed all in one place. This is the transformative power of the Cisco XDR combined with Cisco’s AI Assistant revolutionizing enterprise security.

Conclusion

By leveraging comprehensive telemetry data from various sources in Cisco XDR and combining that with our AI Assistant, we enable SOC teams to rapidly respond to active incidents and fortify defenses against complex threats. The AI Assistant amplifies the SOC’s existing knowledge, streamlines routine tasks, and empowers analysts to focus on strategic initiatives. This boosts analyst productivity and job satisfaction, leading to improved staff retention and SOC effectiveness, ultimately resulting in precise, consistent, and accurate security outcomes.

Learn how Cisco Breach Protection SuiteCisco XDR and our AI Assistant can simplify your security operations.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn

Source :
https://blogs.cisco.com/security/empowering-cybersecurity-with-ai-the-future-of-cisco-xdr

NIST Launches Cybersecurity Framework (CSF) 2.0

By: Shannon Murphy, Greg Young
March 20, 2024
Read time: 2 min (589 words)

On February 26, 2024, the National Institute of Standards and Technology (NIST) released the official 2.0 version of the Cyber Security Framework (CSF).

What is the NIST CSF?

The NIST CSF is a series of guidelines and best practices to reduce cyber risk and improve security posture. The framework is divided into pillars or “functions” and each function is subdivided into “categories” which outline specific outcomes.

As titled, it is a framework. Although it was published by a standards body, it is not a technical standard.

https://www.nist.gov/cyberframework

What Is the CSF Really Used For?

Unlike some very prescriptive NIST standards (for example, crypto standards like FIPS-140-2), the CSF framework is similar to the ISO 27001 certification guidance. It aims to set out general requirements to inventory security risk, design and implement compensating controls, and adopt an overarching process to ensure continuous improvement to meet shifting security needs.

It’s a high-level map for security leaders to identify categories of protection that are not being serviced well. Think of the CSF as a series of buckets with labels. You metaphorically put all the actions, technology deployments, and processes you do in cybersecurity into these buckets, and then look for buckets with too little activity in them or have too much activity — or repetitive activity — and not enough of other requirements in them.

The CSF hierarchy is that Functions contain many Categories — or in other words, there are big buckets that contain smaller buckets.

What Is New in CSF 2.0?

The most noteworthy change is the introduction of Governance as a sixth pillar in the CSF Framework. This shift sees governance being given significantly more importance from just a mention within the previous five Categories to now being its owna separate Function.

According to NIST the Govern function refers to how an organization’s, “cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored.”  This is a positive and needed evolution, as when governance is weak, it often isn’t restricted to a single function (e.g. IAM) and can be systemic.

Governance aligns to a broader paradigm shift where we see cybersecurity becoming highly relevant within the business context as an operational risk. The Govern expectation is cybersecurity is integrated into the broader enterprise risk management strategy and requires dedicated accountability and oversight.

There are some other reassignments and minor changes in the remaining five Categories. CSF version 1.0 was published in 2014, and 1.1 in 2018. A lot has changed in security since then. The 2.0 update acknowledges that a review has been conducted.

As a framework, the CISO domain has not radically changed. Yes, the technology has radically evolved, but the greatest evolution in the CISO role really has been around governance: greater interaction with C-suite and board, while some activities have been handed off to operations.

NIST Cybersecurity Framework

So How Will This Impact Me in the Short Term?

The update to the NIST CSF provides a fresh opportunity to security leaders to start or reopen conversations with business leaders on evolving needs.

  • The greatest impact will be to auditors and consultants who will need to make formatting changes to their templates and work products to align with version 2.0.
  • CISOs and security leaders will have to make some similar changes to how they track and report compliance.
  • But overall, the greatest impact (aside from some extra billable cybersecurity consulting fees) will be a boost of relevance to the CSF that could attract new adherents both through security leaders choosing to look at themselves through the CSF lens and management asking the same of CISOs.
Category

Source :
https://www.trendmicro.com/it_it/research/24/c/nist-cybersecurity-framework-2024.html

Lineage OS Changelog 28 – Fantastic Fourteen, Amazing Applications, Undeniable User-Experience

WRITTEN ON FEBRUARY 14, 2024 BY NOLEN JOHNSON (NPJOHNSON)

21 – Finally old enough to drink (at least in the US)!

Hey y’all! Welcome back!

We’re a bit ahead of schedule this year, we know normally you don’t expect to hear from us until April-ish.

This was largely thanks to some new faces around the scene, some old faces stepping up to the plate, and several newly appointed Project Directors!

With all that said, we have been working extremely hard since Android 14’s release last October to port our features to this new version of Android. Thanks to our hard work adapting to Google’s largely UI-based changes in Android 12/13, and Android 14’s dead-simple device bring-up requirements, we were able to rebase our changes onto Android 14 much more efficiently.

This lets us spend some much overdue time on our apps suite! Applications such as Aperture had their features and UX improved significantly, while many of our aging apps such as Jelly, Dialer, Contacts, Messaging, LatinIME (Keyboard), and Calculator got near full redesigns that bring them into the Material You era!

…and last but not least, yet another new app landed in our apps suite! Don’t get used to it though, or maybe do, we’re not sure yet.

Now, let’s remind everyone about versioning conventions – To match AOSP’s versioning conventions, and due to the fact it added no notable value to the end-user, we dropped our subversion from a branding perspective.

As Android has moved onto the quarterly maintenance release model, this release will be “LineageOS 21”, not 21.0 or 21.1 – though worry not – we are based on the latest and greatest Android 14 version, QPR1.

Additionally, to you developers out there – any repository that is not core-platform, or isn’t expected to change in quarterly maintenance releases will use branches without subversions – e.g., lineage-21 instead of lineage-21.0.

New Features!

  • Security patches from January 2023 to February 2024 have been merged to LineageOS 18.1 through 21.
  • Glimpse of Us: We now have a shining new app, Glimpse! It will become the default gallery app starting from LineageOS 21
  • An extensive list of applications were heavily improved or redesigned:
    • Aperture: A touch of Material You, new video features, and more!
    • Calculator: Complete Material You redesign
    • Contacts: Design adjustments for Material You
    • Dialer: Large cleanups and code updates, Material You and bugfixes
    • Eleven: Some Material You design updates
    • Jelly: Refreshed interface, Material You and per-website location permissions
    • LatinIME: Material You enhancements, spacebar trackpad, fixed number row
    • Messaging: Design adjustments for Material You
  • A brand new boot animation by our awesome designer Vazguard!
  • SeedVault and Etar have both been updated to their newest respective upstream version.
  • WebView has been updated to Chromium 120.0.6099.144.
  • We have further developed our side pop-out expanding volume panel.
  • Our Updater app should now install A/B updates much faster (thank Google!)
  • We have contributed even more changes and improvements back upstream to the FOSS Etar calendar app we integrated some time back!
  • We have contributed even more changes and improvements back upstream to the Seedvault backup app.
  • Android TV builds still ship with an ad-free Android TV launcher, unlike Google’s ad-enabled launcher – most Android TV Google Apps packages now have options to use the Google ad-enabled launcher or our ad-restricted version.
  • Our merge scripts have been largely overhauled, greatly simplifying the Android Security Bulletin merge process, as well as making supporting devices like Pixel devices that have full source releases much more streamlined.
  • Our extract utilities can now extract from OTA images and factory images directly, further simplifying monthly security updates for maintainers on devices that receive security patches regularly.
  • LLVM has been fully embraced, with builds now defaulting to using LLVM bin-utils and optionally, the LLVM integrated assembler. For those of you with older kernels, worry not, you can always opt-out.
  • A global Quick Settings light mode has been developed so that this UI element matches the device’s theme.
  • Our Setup Wizard has seen adaptation for Android 14, with improved styling, more seamless transitions, and significant amounts of legacy code being stripped out.
  • The developer-kit (e.g. Radxa 0, Banana Pi B5, ODROID C4, Jetson X1) experience has been heavily improved, with UI elements and settings that aren’t related to their more restricted hardware feature-set being hidden or tailored!

Amazing Applications!

Calculator

calculator

Our Calculator app has received a UI refresh, bringing it in sync with the rest of our app suite, as well as a few new features:

  • Code cleanup
  • Reworked UI components to look more modern
  • Added support for Material You
  • Fixed some bugs

Glimpse

glimpse

We’ve been working on a new gallery app, called Glimpse, which will replace Gallery2, the AOSP default gallery app.

Thanks to developers SebaUbuntu, luca020400 and LuK1337 who started the development, together with the help of designer Vazguard.

We focused on a clean, simple and modern-looking UI, designed around Material You’s guidelines, making sure all the features that you would expect from a gallery app are there.

It’ll be available on all devices starting from LineageOS 21.

Aperture

This has been the first year for this new application and we feel it has been received well by the community. As promised, we have continued to improve it and add new features, while keeping up with Google’s changes to the CameraX library (even helping them fix some bugs found on some of our maintained devices). We’d like to also thank the community for their work on translations, especially since Aperture strings changed quite often this year.

Here’s a quick list of some of the new features and improvements since the last update:

  • Added a better dialog UI to ask the user for location permissions when needed
  • UI will now rotate to follow the device orientation
  • Added Material You support
  • Improved QR code scanner, now with support for Wi-Fi and Wi-Fi Easy Connect™ QR codes
  • Added support for Google Assistant voice actions
  • Added photo and video mirroring (flipping) options
  • Audio can be muted while recording a video
  • Better error handling, including when no camera is available
  • Added configurable volume button gestures
  • The app will now warn you if the device overheats and is now able to automatically stop recording if the device temperature is too high
  • Added an information chip on top of the viewfinder to show some useful information, like low battery or disabled microphone
  • Added some advanced video processing settings (noise reduction, sharpening, etc.)
  • You can now set the flash to torch mode in photo mode by long-pressing the flash button
  • Added support for HDR video recording

Jelly

jelly

Our browser app has received a UI refresh, bringing it in sync with the rest of our app suite, as well as a few new features:

  • Code cleanup
  • Reworked UI components to look more modern
  • Added support for Material You
  • Fixed some bugs regarding downloading files
  • Added Brave as a search engine and suggestions provider
  • Dropped Google encrypted search engine, as Google defaults to HSTS now
  • Baidu suggestion provider now uses HTTPS
  • Implemented per-website location permissions

Dialer, Messaging, and Contacts

Dialer

Since AOSP abandoned deprecated the Dialer, we have taken over the code base and did heavy cleanups, updating to newer standards (AndroidX) and redesigning:

  • Code cleanup
  • Changed to using Material You design
  • Proper dark and light themes
  • Several bugfixes, specifically with number lookups and the contact list

While Messaging was also deprecated by AOSP, at least the Contacts app was not. Nonetheless we gave both of them an overhaul and made them also follow the system colors and look more integrated.

Careful Commonization

Several of our developers have worked hard on SoC-specific common kernels to base on that can be merged on a somewhat regular basis to pull in the latest features/security patches to save maintainers additional effort.

Go check them out and consider basing your device kernels on them!

Supported SoCs right now are:

SoC (system-on-chip)Kernel VersionAndroid Version 
Qualcomm MSM89963.1811 
Qualcomm MSM8998/MSM89964.413 
Qualcomm SDM8454.913 
Qualcomm SM81504.1413 
Qualcomm SDM6604.1913 
Qualcomm SM82504.1913 
Qualcomm SM83505.413 
Qualcomm SM84505.1013– Coming soon!
Qualcomm SM85505.1513 

Additionally, many legacy devices require interpolating libraries that we colloquially refer to as “shims” – these have long been device and maintainer managed, but this cycle we have decided to commonize them to make the effort easier on everyone and not duplicate effort!

You can check it out here and contribute shims that you think other devices may need or add additional components to additional shims and compatibility layers provided via Gerrit!

Deprecations

Overall, we feel that the 21 branch has reached feature and stability parity with 20 and is ready for initial release.

For the first time in many cycles, all devices that shipped LineageOS 19.1 were either promoted or dropped by the maintainer by the time of this blog post, so LineageOS 19.1 was retired naturally. As such, no new device submissions targeting the 19.1 branch will be able to ship builds (you can still apply and fork your work to the organization, though!).

LineageOS 18.1 builds were still not deprecated this year, as Google’s somewhat harsh requirements of BPF support in all Android 12+ device’s kernels meant that a significant amount of our legacy devices on the build-roster would have died.

LineageOS 18.1, is still on a feature freeze, and building each device monthly, shortly after the Android Security Bulletin is merged for that month.

We will allow new LineageOS 18.1 submissions to be forked to the organization, but we no longer will allow newly submitted LineageOS 18.1 devices to ship.

LineageOS 21 will launch building for a decent selection of devices, with additional devices to come as they are marked as both Charter compliant and ready for builds by their maintainer.

Upgrading to LineageOS 21

To upgrade, please follow the upgrade guide for your device by clicking on it here and then on “Upgrade to a higher version of LineageOS”.

If you’re coming from an unofficial build, you need to follow the good ole’ install guide for your device, just like anyone else looking to install LineageOS for the first time. These can be found at the same place here by clicking on your device and then on “Installation”.

Please note that if you’re currently on an official build, you DO NOT need to wipe your device, unless your device’s wiki page specifically dictates otherwise, as is needed for some devices with massive changes, such as a repartition.

Download portal

While it has been in the making for quite a while and already released a year ago, it’s still news in regards to this blog post. Our download portal has been redesigned and also gained a few functional improvements:

  • Dark mode
  • Downloads of additional images (shown for all devices but not used on all of them, read the instructions to know which ones you need for your device’s installation!)
  • Verifying downloaded files (see here) – if you go with any download not obtained from us, you can still verify it was originally signed by us and thus untampered with

Wiki

The LineageOS Wiki has also been expanded throughout the year and now offers, in addition to the known and tested instructions for all supported devices, some improvements:

  • The device overview allows filtering for various attributes you might be interested in a device (please note: choosing a device only based on that list still does not guarantee any device support beyond the point of when you chose it)
  • The device overview now lists variants of a device and other known marketing names in a more visible way, also allowing for different device information and instructions per variant to be shown
  • The installation instructions have been paginated, giving users less chance to skip a section involuntarily

In addition to that we’d like to take this time to remind users to follow instructions on their device’s respective Wiki Page given the complexity introduced by AOSP changes like System-As-Root, A/B Partition Scheme, Dynamic Partitions, and most recently Virtual A/B found on the Pixel 5 and other devices launching with Android 11, the instructions many of you are used to following from memory are either no longer valid or are missing very critical steps. As of 16.0, maintainers have been expected to run through the full instructions and verify they work on their devices. The LineageOS Wiki was recently further extended, and maintainers were given significantly more options to customize their device’s specific installation, update, and upgrade instructions.

Developers, Developers, Developers

Or, in this case, maintainers, maintainers, maintainers. We want your device submissions!

If you’re a developer and would like to submit your device for officials, it’s easier than ever. Just follow the instructions here.

The above also applies to people looking to bring back devices that were at one point official but are no longer supported – seriously – even if it’s not yet completely compliant, submit it! Maybe we can help you complete it.

After you submit, within generally a few weeks, but in most cases a week, you’ll receive some feedback on your device submission; and if it’s up to par, you’ll be invited to our communications instances and your device will be forked to LineageOS’s official repositories.

Don’t have the knowledge to maintain a device, but want to contribute to the platform? We have lots of other things you can contribute to. For instance, our apps suite is always looking for new people to help improve them, or you can contribute to the wiki by adding more useful information & documentation. Gerrit is always open for submissions! Once you’ve contributed a few things, send an email to devrel(at)lineageos.org detailing them, and we’ll get you in the loop.

Also, if you sent a submission via Gmail over the last few months, due to infrastructural issues, some of them didn’t make it to us, so please resend them!

Generic Targets

We’ve talked about these before, but these are important, so we will cover them again.

Though we’ve had buildable generic targets since 2019, to make LineageOS more accessible to developers, and really anyone interested in giving LineageOS a try, we’ve documented how to use them in conjunction with the Android Emulator/Android Studio!

Additionally, similar targets can now be used to build GSI in mobile, Android TV configurations, and Android Automotive (we’ll talk more about this later) making LineageOS more accessible than ever to devices using Google’s Project Treble. We won’t be providing official builds for these targets, due to the fact the user experience varies entirely based on how well the device manufacturer complied with Treble’s requirements, but feel free to go build them yourself and give it a shot!

Please note that Android 12 (and by proxy Android 13/14) diverged GSI and Emulator targets. Emulator targets reside in lineage_sdk_$arch, while GSI targets reside in lineage_gsi_$arch.

Translations

Bilingual? Trilingual? Anything-lingual?

If you think you can help translate LineageOS to a different language, jump over to our wiki and have a go! If your language is not supported natively in Android, reach out to us on Crowdin and we’ll take the necessary steps to include your language. For instance, LineageOS is the first Android custom distribution that has complete support for the Welsh (Cymraeg) language thanks to its community of translators.

Please, contribute to translations only if you are reasonably literate in the target language; poor translations waste both our time and yours.

Build roster

Added 21 devices

Device nameWikiMaintainersMoved from
ASUS Zenfone 5Z (ZS620KL)Z01Rrohanpurohit, Jackeagle, ThEMarD20
Banana Pi M5 (Tablet)m5_tabnpjohnson, stricted20
Essential PH-1matahaggertk, intervigil, npjohnson, rashed20
F(x)tec Pro¹ Xpro1xBadDaemon, bgcngm, mccreary, npjohnson, qsnc, tdm20
F(x)tec Pro¹pro1BadDaemon, bgcngm, intervigil, mccreary, npjohnson, tdm20
Fairphone 4FP4mikeioannina20
Google Pixel 2 XLtaimenchrmhoffmann, Eamo5, npjohnson, jro197920
Google Pixel 2walleyechrmhoffmann, Eamo5, npjohnson, jro197920
Google Pixel 3 XLcrosshatchrazorloves, cdesai, intervigil, mikeioannina20
Google Pixel 3bluelinerazorloves, cdesai, intervigil, mikeioannina20
Google Pixel 3a XLbonitocdesai, mikeioannina, npjohnson20
Google Pixel 3asargocdesai, mikeioannina, npjohnson20
Google Pixel 4 XLcoralcdesai, Eamo5, mikeioannina, npjohnson20
Google Pixel 4flamecdesai, Eamo5, mikeioannina, npjohnson20
Google Pixel 4a 5Gbramblealeasto, mikeioannina20
Google Pixel 4asunfishPeterCxy, cdesai, mikeioannina20
Google Pixel 5redfinaleasto, mikeioannina20
Google Pixel 5abarbetaleasto, mikeioannina20
Google Pixel 6 Proravenmikeioannina20
Google Pixel 6oriolemikeioannina20
Google Pixel 6abluejaymikeioannina20
Google Pixel 7 Procheetahmikeioannina, npjohnson20
Google Pixel 7panthermikeioannina, neelc20
Google Pixel 7alynxmikeioannina, niclimcy20
Google Pixel 8 Prohuskymikeioannina 
Google Pixel 8shibamikeioannina 
Google Pixel Foldfelixmikeioannina 
Google Pixel TablettangorproLuK1337, mikeioannina, npjohnson, neelc20
Google Pixel XLmarlinnpjohnson, electimon20
Google Pixelsailfishnpjohnson, electimon20
HardKernel ODROID-C4 (Tablet)odroidc4_tabnpjohnson, stricted20
LG G5 (International)h850aleasto, AShiningRay, npjohnson, ROMSG, x86cpu20
LG G5 (T-Mobile)h830aleasto, AShiningRay, npjohnson, ROMSG, x86cpu20
LG G5 (US Unlocked)rs988aleasto, AShiningRay, npjohnson, ROMSG, x86cpu20
LG G6 (EU Unlocked)h870aleasto, AShiningRay, npjohnson, ROMSG, x86cpu20
LG G6 (T-Mobile)h872aleasto, AShiningRay, npjohnson, ROMSG, x86cpu20
LG G6 (US Unlocked)us997aleasto, AShiningRay, npjohnson, ROMSG, x86cpu20
LG V20 (AT&T)h910aleasto, AShiningRay, npjohnson, ROMSG, xxseva44, x86cpu20
LG V20 (GSM Unlocked – DirtySanta)us996daleasto, AShiningRay, npjohnson, ROMSG, xxseva44, x86cpu20
LG V20 (GSM Unlocked)us996aleasto, AShiningRay, npjohnson, ROMSG, xxseva44, x86cpu20
LG V20 (Global)h990aleasto, AShiningRay, npjohnson, ROMSG, xxseva44, x86cpu20
LG V20 (Sprint)ls997aleasto, AShiningRay, npjohnson, ROMSG, xxseva44, x86cpu20
LG V20 (T-Mobile)h918aleasto, AShiningRay, npjohnson, ROMSG, xxseva44, x86cpu20
LG V20 (Verizon)vs995aleasto, AShiningRay, npjohnson, ROMSG, xxseva44, x86cpu20
LG V30 (Unlocked) / LG V30 (T-Mobile)joanlifehackerhansol, SGCMarkus20
Motorola edge 20 propstarnpjohnson, SGCMarkus20
Motorola edge 20berlinnpjohnson, SGCMarkus20
Motorola edge 2021berlnaSyberHexen20
Motorola edge 30dubaithemard, sb6596, Demon00020
Motorola edge s / Motorola moto g100niodianlujitao20
Motorola moto g200 5G / Motorola Edge S30xpengthemard, rogers260220
Motorola moto g32devonDhina17, mikeioannina20
Motorola moto g42hawaoDhina17, mikeioannina20
Motorola moto g52rhodeDhina17, mikeioannina20
Motorola moto g6 plusevertjro197920
Motorola moto g7 playchannelSyberHexen, deadman96385, erfanoabdi, npjohnson20
Motorola moto g7 pluslakejro1979, npjohnson20
Motorola moto g7 poweroceanSyberHexen, erfanoabdi, npjohnson20
Motorola moto g7rivererfanoabdi, npjohnson, SyberHexen20
Motorola moto x4paytonerfanoabdi, ThEMarD, electimon20
Motorola moto z2 force / Motorola moto z (2018)nasherfanoabdi, npjohnson, qsnc20
Motorola moto z3 playbeckhamjro197920
Motorola moto z3messinpjohnson20
Motorola one actiontroikaStricted, npjohnson20
Motorola one vision / Motorola p50kaneStricted, npjohnson20
Nokia 6.1 (2018)PL2npjohnson, theimpulson20
Nokia 6.1 PlusDRGnpjohnson, theimpulson20
Nubia Mini 5GTP1803ArianK16a, npjohnson20
OnePlus 11 5Gsalamibgcngm 
OnePlus 5cheeseburgertrautamaki20
OnePlus 5Tdumplingtrautamaki, qsnc20
OnePlus 6enchiladaLuK133720
OnePlus 6TfajitaEdwinMoq20
OnePlus 7 ProguacamoleLuK1337, Tortel20
OnePlus 7guacamolebshantanu-sarkar20
OnePlus 7T Prohotdogqsnc20
OnePlus 7ThotdogbLuK133720
OnePlus 8 ProinstantnoodlepLuK133720
OnePlus 8instantnoodlejabashque20
OnePlus 8TkebabLuK133720
OnePlus 9 ProlemonadepLuK1337, bgcngm, mikeioannina20
OnePlus 9lemonademikeioannina, tangalbert919, ZVNexus20
OnePlus 9Rlemonadesmikeioannina20
OnePlus 9RTmartinimikeioannina20
OnePlus NordaviciiMajorP93, KakatkarAkshay20
Radxa Zero (Tablet)radxa0_tabbgcngm, npjohnson, stricted20
Razer Phone 2auramikeioannina, npjohnson20
Razer Phonecherylmikeioannina, npjohnson20
Samsung Galaxy Tab A7 10.4 2020 (LTE)gta4lchrmhoffmann20
Samsung Galaxy Tab A7 10.4 2020 (Wi-Fi)gta4lwifichrmhoffmann20
Samsung Galaxy Tab S5e (LTE)gts4lvbgcngm, LuK133720
Samsung Galaxy Tab S5e (Wi-Fi)gts4lvwifiLuK1337, bgcngm20
Sony Xperia 1 IIpdx203hellobbn20
Sony Xperia 1 IIIpdx215hellobbn20
Sony Xperia 10 PlusmermaidLuK133720
Sony Xperia 10kirinLuK133720
Sony Xperia 5 IIpdx206kyasu, hellobbn20
Sony Xperia 5 IIIpdx214kyasu, hellobbn20
Sony Xperia XA2 PlusvoyagerLuK133720
Sony Xperia XA2 UltradiscoveryLuK133720
Sony Xperia XA2pioneerLuK1337, Stricted, cdesai20
Xiaomi Mi 5geminibgcngm, ikeramat20
Xiaomi Mi 5s PlusnatriumLuK133720
Xiaomi Mi 6sagitArianK16a20
Xiaomi Mi 8 Explorer Editionursabgcngm20
Xiaomi Mi 8 Proequuleusbgcngm20
Xiaomi Mi 8dipperinfrag20
Xiaomi Mi 9 SEgrusSebaUbuntu20
Xiaomi Mi CC 9 / Xiaomi Mi 9 Litepyxisceracz20
Xiaomi Mi CC9 Meitu Editionvela0xCAFEBABE20
Xiaomi Mi MIX 2chironmikeioannina20
Xiaomi Mi MIX 2Spolarisbgcngm20
Xiaomi Mi MIX 3perseusbgcngm, rtx4d20
Xiaomi Poco F1berylliumbgcngm, warabhishek20
Xiaomi Redmi 3S / Xiaomi Redmi 3X / Xiaomi Redmi 4 (India) / Xiaomi Redmi 4X / Xiaomi Redmi Note 5A Prime / Xiaomi Redmi Y1 PrimeMi89370xCAFEBABE20
Xiaomi Redmi 4A / Xiaomi Redmi 5A / Xiaomi Redmi Note 5A Lite / Xiaomi Redmi Y1 LiteMi89170xCAFEBABE20
Xiaomi Redmi 8 / Xiaomi Redmi 8A / Xiaomi Redmi 8A DualMi4390xCAFEBABE20

Added 20 devices

Device nameWikiMaintainersMoved from
10.or GGkardebayan 
ASUS ZenFone 8sakeZVNexus, Demon000, DD3Boh19.1
ASUS Zenfone Max Pro M1X00TDVivekachooz19.1
BQ Aquaris X ProbardockproQuallenauge, jmpfbmx18.1
BQ Aquaris XbardockQuallenauge, jmpfbmx18.1
Banana Pi M5 (Android TV)m5stricted 
Dynalink TV Box 4K (2021)wadenpjohnson, bgcngm, stricted, webgeek1234, deadman96385, trautamaki, luca020400, aleasto19.1
Fairphone 3 / Fairphone 3+FP3dk1978, teamb5819.1
Google ADT-3deadpoolnpjohnson, stricted, webgeek1234, deadman96385, trautamaki, luca020400, aleasto19.1
HardKernel ODROID-C4 (Android TV)odroidc4stricted 
Motorola one fusion+ / Motorola one fusion+ (India)liberWilliam, Hasaber819.1
Motorola one zoomparkerHasaber819.1
Nubia Play 5G / Nubia Red Magic 5G Litenx651jCyborg2017 
Nubia Red Magic 5G (Global) / Nubia Red Magic 5G (China) / Nubia Red Magic 5S (Global) / Nubia Red Magic 5S (China)nx659jDD3Boh 
Nubia Red Magic Marsnx619jCyborg2017 
Nubia Red Magicnx609jCyborg2017 
Nubia Z17nx563jBeYkeRYkt, Cyborg201719.1
Nubia Z18 Mininx611jCyborg201719.1
Nubia Z18nx606jCyborg2017 
OnePlus Nord N200dretangalbert91919.1
Radxa Zero (Android TV)radxa0bgcngm, npjohnson, stricted 
SHIFT SHIFT6mqaxolotlamartinz, joey, mikeioannina19.1
Samsung Galaxy A52 4Ga52qSimon151119.1
Samsung Galaxy A52s 5Ga52sxqSimon1511 
Samsung Galaxy A72a72qSimon151119.1
Samsung Galaxy A73 5Ga73xqSimon1511 
Samsung Galaxy F62 / Samsung Galaxy M62f62Linux4 
Samsung Galaxy M52 5Gm52xqSimon1511 
Samsung Galaxy Note 9crownltebaddar9017.1
Samsung Galaxy Note10d1Linux419.1
Samsung Galaxy Note10+ 5Gd2xLinux419.1
Samsung Galaxy Note10+d2sLinux419.1
Samsung Galaxy S10 5GbeyondxLinux419.1
Samsung Galaxy S10beyond1lteLinux419.1
Samsung Galaxy S10+beyond2lteLinux419.1
Samsung Galaxy S10ebeyond0lteLinux419.1
Samsung Galaxy S9starltebaddar9017.1
Samsung Galaxy S9+star2ltebaddar9017.1
Samsung Galaxy Tab A 8.0 (2019)gtowifilifehackerhansol 
Samsung Galaxy Tab S6 Lite (LTE)gta4xlhaggertk, Linux419.1
Samsung Galaxy Tab S6 Lite (Wi-Fi)gta4xlwifiLinux4, haggertk19.1
Sony Xperia XZ2 Compactxz2cdtrunk9019.1
Sony Xperia XZ2 Premiumauroradtrunk9019.1
Sony Xperia XZ2akaridtrunk9019.1
Sony Xperia XZ3akatsukidtrunk9019.1
Walmart onn. TV Box 4K (2021)dopindernpjohnson, bgcngm, stricted, webgeek1234, deadman96385, trautamaki, luca020400, aleasto 
Xiaomi 11 Lite 5G NE / Xiaomi 11 Lite NE 5G / Xiaomi Mi 11 LElisaItsVixano19.1
Xiaomi Mi 10T / Xiaomi Mi 10T Pro / Xiaomi Redmi K30S UltraapollonRamisky, SebaUbuntu19.1
Xiaomi Mi 10T Lite 5G / Xiaomi Mi 10i 5G / Xiaomi Redmi Note 9 Pro 5GgauguinHridaya, Lynnrin19.1
Xiaomi Mi 11 Lite 5GrenoirArianK16a19.1
Xiaomi Mi 11 PromarsFlower Sea 
Xiaomi Mi 11i / Xiaomi Redmi K40 Pro / Xiaomi Redmi K40 Pro+ / Xiaomi Mi 11X ProhaydnAdarshGrewal, erfanoabdi19.1
Xiaomi Mi 9T / Xiaomi Redmi K20 (China) / Xiaomi Redmi K20 (India)davinciArianK16a17.1
Xiaomi Mi A1tissotabhinavgupta37119.1
Xiaomi POCO F2 Pro / Xiaomi Redmi K30 ProlmiSebaUbuntu19.1
Xiaomi POCO F3 / Xiaomi Redmi K40 / Xiaomi Mi 11XaliothSahilSonar, SebaUbuntu, althafvly19.1
Xiaomi POCO M2 Pro / Xiaomi Redmi Note 9S / Xiaomi Redmi Note 9 Pro (Global) / Xiaomi Redmi Note 9 Pro (India) / Xiaomi Redmi Note 9 Pro Max / Xiaomi Redmi Note 10 Litemiatolldereference23, ItsVixano19.1
Xiaomi POCO X3 NFCsuryaShimitar, TheStrechh19.1
Xiaomi POCO X3 ProvayuSebaUbuntu19.1
Xiaomi Redmi 7 / Xiaomi Redmi Y3oncliteDhina1719.1
Xiaomi Redmi 9lancelotsurblazer 
Xiaomi Redmi Note 10 Pro / Xiaomi Redmi Note 10 Pro (India) / Xiaomi Redmi Note 10 Pro Max (India)sweetbasamaryan, danielml3 
Xiaomi Redmi Note 10S / Xiaomi Redmi Note 10S NFC / Xiaomi Redmi Note 10S Latin Americarosemarysurblazer 
Xiaomi Redmi Note 7 Provioletjashvakharia, raghavt2016.0
Xiaomi Redmi Note 9merlinxsurblazer, bengris32 
ZUK Z2 Plusz2_plusDD3Boh19.1

Added 18.1 devices

Device nameWikiMaintainersMoved from
Google Nexus 7 2013 (LTE, Repartitioned)debxnpjohnson, surblazer, Elektroschmock, hpnightowl, ROMSG 
Motorola moto zgriffinerfanoabdi, npjohnson17.1

Source :
https://lineageos.org/Changelog-28/

How to Set Up Google Postmaster Tools

Updated: Jan 31, 2024, 13:03 PM
By Claire Broadley Content Manager
REVIEWED By Jared Atchison Co-owner

Do you want to set up Postmaster Tools… but you’re not sure where to start?

Postmaster Tools lets you to monitor your spam complaints and domain reputation. That’s super important now that Gmail is blocking emails more aggressively.

Thankfully, Postmaster Tools is free and easy to configure. If you’ve already used a Google service like Analytics, it’ll take just a couple of minutes to set up.

In This Article

Who Needs Postmaster Tools?

You should set up Postmaster Tools if you meet any of the following criteria:

1. You Regularly Send Emails to Gmail Recipients

Postmaster Tools is a tool that Google provides to monitor emails to Gmail users.

Realistically, most of your email lists are likely to include a large number of Gmail mailboxes unless you’re sending to a very specific group of people, like an internal company mailing list. (According to Techjury, Gmail had a 75.8% share of the email market in 2023.)

Keep in mind that Gmail recipients aren’t always using Gmail email addresses. The people who use custom domains or Google Workspace are ‘hidden’, so it’s not always clear who’s using Gmail and who isn’t. To be on the safe side, it’s best to use it (it’s free).

2. You Send Marketing Emails (or Have a Large Website)

Postmaster Tools works best for bulk email senders, which Google defines as a domain that sends more than 5,000 emails a day.

If you’re sending email newsletters on a regular basis, having Postmaster Tools is going to help.

Likewise, if you use WooCommerce or a similar platform, you likely send a high number of transactional emails: password reset emails, receipts, and so on.

Reset password email

If you don’t send a large number of emails right now, you can still set up Postmaster Tools so you’re prepared for the time you might.

Just note that you may see the following message:

No data to display at present. Please come back later.
Postmaster Tools requires your domain to satisfy certain conditions before data is visible for this chart.

This usually means you’re not sending enough emails for Google to be able to calculate meaningful statistics.

It’s up to you if you want to set it up anyway, or skip it until your business grows a little more.

How to Add a Domain to Postmaster Tools

Adding a domain to Postmaster Tools is simple and should take less than 10 minutes.

To get started, head to the Postmaster Tools site and log in. If you’re already using Google Analytics, sign in using the email address you use for your Analytics account.

The welcome popup will already be open. Click on Get Started to begin.

Add a domain in Postmaster Tools

Next, enter the domain name that your emails come from.

This should be the domain you use as the sender, or the ‘from email’, when you’re sending emails from your domain. It will normally be your main website.

Enter domain name in Postmaster Tools

If your domain name is already verified for another Google service, that’s all you need to do! You’ll see confirmation that your domain is set up.

Domain added to Google Postmaster Tools

If you haven’t used this domain with Google services before, you’ll need to verify it. Google will ask you to add a TXT record to your DNS.

Postmaster Tools domain verification

To complete this, head to the control panel for the company you bought your domain from. It’ll likely be your domain name registrar or your web host. If you’re using a service like Cloudflare, you’ll want to open up your DNS records there instead.

Locate the part of the control panel that handles your DNS (which might be called a DNS Zone) and add a new TXT record. Copy the record provided into the fields.

Note: Most providers will ask you to enter a Name, which isn’t shown in Google’s instructions. If your provider doesn’t fill this out by default, you can safely enter @ in the Name field.

Verify domain by adding TXT record for Google Postmaster Tools

Now save your record and wait a few minutes. Changes in Cloudflare can be near-instant, but other registrars or hosts may take longer.

After waiting for your change to take effect, switch back to Postmaster Tools and hit Verify to continue.

Verify domain in Postmaster Tools

And that’s it! Now your domain has been added to Postmaster Tools.

Verified domain in Postmaster Tools

How to Read the Charts in Google Postmaster Tools

Google is now tracking various aspects of your email deliverability. It’ll display the data in a series of charts in your account.

Here’s a quick overview of what you can see.

As I mentioned, keep in mind that the data here is only counted from Gmail accounts. It’s not a domain-wide measurement of everything you send.

Spam Rate

Your spam rate is the number of emails sent vs the number of spam complaints received each day. You should aim to keep this below 0.1%.

You can do that by making it easy for people to unsubscribe from marketing emails and using double optins rather than single optins.

Example of a Postmaster Tools report for Gmail recipients

It’s normal for spam complaint rates to spike occasionally because Google measures each day in isolation.

If you’re seeing a spam rate that is consistently above 0.3%, it’s worth looking into why that’s happening. You might be sending emails to people who don’t want to receive them.

IP Reputation

IP reputation is the trustworthiness of the IP address your emails come from. Google may mark emails as spam if your IP reputation is poor.

IP reputation in Postmaster Tool

Keep in mind that IP reputation is tied to your email marketing provider. It’s a measure of their IP as well as yours.

If you see a downward trend, check in with the platform you’re using to ask if they’re seeing the same thing.

Domain Reputation

Domain reputation is the trustworthiness of the domain name you’ve verified in Postmaster Tools. This can be factored into Google’s spam scoring, along with other measurements.

Domain reputation in Postmaster Tools

The ideal scenario is a consistent rating of High, as shown in our screenshot above.

Wait: What is IP Reputation vs Domain Reputation?

You’ll now see that Google has separate options for IP reputation and domain reputation. Here’s the difference:

  • IP reputation measures the reputation of the server that actually sends your emails out. This might be a service like Constant Contact, ConvertKit, or Drip. Other people who use the service will share the same IP, so you’re a little more vulnerable to the impact of other users’ actions.
  • Domain reputation is a measure of the emails that are sent from your domain name as a whole.

Feedback Loop

High-volume or bulk senders can activate this feature to track spam complaints in more detail. You’ll need a special email header called Feedback-ID if you want to use this. Most likely, you won’t need to look at this report.

Authentication

This chart shows you how many emails cleared security checks.

In more technical terms, it shows how many emails attempted to authenticate using DMARC, SPF, and DKIM vs. how many actually did.

Postmaster Tools authentication

Encryption

This chart looks very similar to the domain reputation chart we already showed. It should sit at 100%.

If you’re seeing a lower percentage, you may be using outdated connection details for your email provider.

Check the websites or platforms that are sending emails from your domain and update them from an SSL connection to a TLS connection.

wp mail smtp host and port settings

Delivery Errors

Last but not least, the final chart is the most useful. The Delivery Errors report will show you whether emails were rejected or temporarily delayed. A temporary delay is labeled as a TempFail in this report.

This chart is going to tell you whether Gmail is blocking your emails, and if so, why.

If you see any jumps, click on the point in the chart and the reason for the failures will be displayed below it.

Delivery errors in Postmaster Tools

Small jumps here and there are not a huge cause for concern. However, very large error rates are a definite red flag. You may have received a 550 error or a 421 error that gives you more clues as to why they’re happening.

Here are the 3 most important error messages related to blocked emails in Gmail:

421-4.7.0 unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been temporarily rate limited.

550-5.7.1 Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been blocked.

550-5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for example.com did not pass with ip: 192.186.0.1.

If you’re seeing these errors, check that your domain name has the correct DNS records for authenticating email. It’s also a good idea to examine your emails to ensure you have the right unsubscribe links in them.

Note: WP Mail SMTP preserves the list-unsubscribe headers that your email provider adds. That means that your emails will have a one-click unsubscribe option at the top.

One click unsubscribe link

If you’re using a different SMTP plugin, make sure it’s preserving that crucial list-unsubscribe header. If it’s not there, If not, you may want to consider switching to WP Mail SMTP for the best possible protection against spam complaints and failed emails.

Fix Your WordPress Emails Now

Next, Authenticate Emails from WordPress

Are your emails from WordPress disappearing or landing in the spam folder? You’re definitely not alone. Learn how to authenticate WordPress emails and ensure they always land in your inbox.

Ready to fix your emails? Get started today with the best WordPress SMTP plugin. If you don’t have the time to fix your emails, you can get full White Glove Setup assistance as an extra purchase, and there’s a 14-day money-back guarantee for all paid plans.

If this article helped you out, please follow us on Facebook and Twitter for more WordPress tips and tutorials.

Source :
https://wpmailsmtp.com/how-to-set-up-google-postmaster-tools/

Reflecting on the GDPR to celebrate Privacy Day 2024

26/01/2024
Emily Hancock

10 min read

This post is also available in DeutschFrançais日本語 and Nederlands.

Reflecting on the GDPR to celebrate Privacy Day 2024

Just in time for Data Privacy Day 2024 on January 28, the EU Commission is calling for evidence to understand how the EU’s General Data Protection Regulation (GDPR) has been functioning now that we’re nearing the 6th anniversary of the regulation coming into force.

We’re so glad they asked, because we have some thoughts. And what better way to celebrate privacy day than by discussing whether the application of the GDPR has actually done anything to improve people’s privacy?

The answer is, mostly yes, but in a couple of significant ways – no.

Overall, the GDPR is rightly seen as the global gold standard for privacy protection. It has served as a model for what data protection practices should look like globally, it enshrines data subject rights that have been copied across jurisdictions, and when it took effect, it created a standard for the kinds of privacy protections people worldwide should be able to expect and demand from the entities that handle their personal data. On balance, the GDPR has definitely moved the needle in the right direction for giving people more control over their personal data and in protecting their privacy.

In a couple of key areas, however, we believe the way the GDPR has been applied to data flowing across the Internet has done nothing for privacy and in fact may even jeopardize the protection of personal data. The first area where we see this is with respect to cross-border data transfers. Location has become a proxy for privacy in the minds of many EU data protection regulators, and we think that is the wrong result. The second area is an overly broad interpretation of what constitutes “personal data” by some regulators with respect to Internet Protocol or “IP” addresses. We contend that IP addresses should not always count as personal data, especially when the entities handling IP addresses have no ability on their own to tie those IP addresses to individuals. This is important because the ability to implement a number of industry-leading cybersecurity measures relies on the ability to do threat intelligence on Internet traffic metadata, including IP addresses.  

Location should not be a proxy for privacy

Fundamentally, good data security and privacy practices should be able to protect personal data regardless of where that processing or storage occurs. Nevertheless, the GDPR is based on the idea that legal protections should attach to personal data based on the location of the data – where it is generated, processed, or stored. Articles 44 to 49 establish the conditions that must be in place in order for data to be transferred to a jurisdiction outside the EU, with the idea that even if the data is in a different location, the privacy protections established by the GDPR should follow the data. No doubt this approach was influenced by political developments around government surveillance practices, such as the revelations in 2013 of secret documents describing the relationship between the US NSA (and its Five Eyes partners) and large Internet companies, and that intelligence agencies were scooping up data from choke points on the Internet. And once the GDPR took effect, many data regulators in the EU were of the view that as a result of the GDPR’s restrictions on cross-border data transfers, European personal data simply could not be processed in the United States in a way that would be consistent with the GDPR.

This issue came to a head in July 2020, when the European Court of Justice (CJEU), in its “Schrems II” decision1, invalidated the EU-US Privacy Shield adequacy standard and questioned the suitability of the EU standard contractual clauses (a mechanism entities can use to ensure that GDPR protections are applied to EU personal data even if it is processed outside the EU). The ruling in some respects left data protection regulators with little room to maneuver on questions of transatlantic data flows. But while some regulators were able to view the Schrems II ruling in a way that would still allow for EU personal data to be processed in the United States, other data protection regulators saw the decision as an opportunity to double down on their view that EU personal data cannot be processed in the US consistent with the GDPR, therefore promoting the misconception that data localization should be a proxy for data protection.

In fact, we would argue that the opposite is the case. From our own experience and according to recent research2, we know that data localization threatens an organization’s ability to achieve integrated management of cybersecurity risk and limits an entity’s ability to employ state-of-the-art cybersecurity measures that rely on cross-border data transfers to make them as effective as possible. For example, Cloudflare’s Bot Management product only increases in accuracy with continued use on the global network: it detects and blocks traffic coming from likely bots before feeding back learnings to the models backing the product. A diversity of signal and scale of data on a global platform is critical to help us continue to evolve our bot detection tools. If the Internet were fragmented – preventing data from one jurisdiction being used in another – more and more signals would be missed. We wouldn’t be able to apply learnings from bot trends in Asia to bot mitigation efforts in Europe, for example. And if the ability to identify bot traffic is hampered, so is the ability to block those harmful bots from services that process personal data.

The need for industry-leading cybersecurity measures is self-evident, and it is not as if data protection authorities don’t realize this. If you look at any enforcement action brought against an entity that suffered a data breach, you see data protection regulators insisting that the impacted entities implement ever more robust cybersecurity measures in line with the obligation GDPR Article 32 places on data controllers and processors to “develop appropriate technical and organizational measures to ensure a level of security appropriate to the risk”, “taking into account the state of the art”. In addition, data localization undermines information sharing within industry and with government agencies for cybersecurity purposes, which is generally recognized as vital to effective cybersecurity.

In this way, while the GDPR itself lays out a solid framework for securing personal data to ensure its privacy, the application of the GDPR’s cross-border data transfer provisions has twisted and contorted the purpose of the GDPR. It’s a classic example of not being able to see the forest for the trees. If the GDPR is applied in such a way as to elevate the priority of data localization over the priority of keeping data private and secure, then the protection of ordinary people’s data suffers.

Applying data transfer rules to IP addresses could lead to balkanization of the Internet

The other key way in which the application of the GDPR has been detrimental to the actual privacy of personal data is related to the way the term “personal data” has been defined in the Internet context – specifically with respect to Internet Protocol or “IP” addresses. A world where IP addresses are always treated as personal data and therefore subject to the GDPR’s data transfer rules is a world that could come perilously close to requiring a walled-off European Internet. And as noted above, this could have serious consequences for data privacy, not to mention that it likely would cut the EU off from any number of global marketplaces, information exchanges, and social media platforms.

This is a bit of a complicated argument, so let’s break it down. As most of us know, IP addresses are the addressing system for the Internet. When you send a request to a website, send an email, or communicate online in any way, IP addresses connect your request to the destination you’re trying to access. These IP addresses are the key to making sure Internet traffic gets delivered to where it needs to go. As the Internet is a global network, this means it’s entirely possible that Internet traffic – which necessarily contains IP addresses – will cross national borders. Indeed, the destination you are trying to access may well be located in a different jurisdiction altogether. That’s just the way the global Internet works. So far, so good.

But if IP addresses are considered personal data, then they are subject to data transfer restrictions under the GDPR. And with the way those provisions have been applied in recent years, some data regulators were getting perilously close to saying that IP addresses cannot transit jurisdictional boundaries if it meant the data might go to the US. The EU’s recent approval of the EU-US Data Privacy Framework established adequacy for US entities that certify to the framework, so these cross-border data transfers are not currently an issue. But if the Data Privacy Framework were to be invalidated as the EU-US Privacy Shield was in the Schrems II decision, then we could find ourselves in a place where the GDPR is applied to mean that IP addresses ostensibly linked to EU residents can’t be processed in the US, or potentially not even leave the EU.

If this were the case, then providers would have to start developing Europe-only networks to ensure IP addresses never cross jurisdictional boundaries. But how would people in the EU and US communicate if EU IP addresses can’t go to the US? Would EU citizens be restricted from accessing content stored in the US? It’s an application of the GDPR that would lead to the absurd result – one surely not intended by its drafters. And yet, in light of the Schrems II case and the way the GDPR has been applied, here we are.

A possible solution would be to consider that IP addresses are not always “personal data” subject to the GDPR. In 2016 – even before the GDPR took effect – the Court of Justice of the European Union (CJEU) established the view in Breyer v. Bundesrepublik Deutschland that even dynamic IP addresses, which change with every new connection to the Internet, constituted personal data if an entity processing the IP address could link the IP addresses to an individual. While the court’s decision did not say that dynamic IP addresses are always personal data under European data protection law, that’s exactly what EU data regulators took from the decision, without considering whether an entity actually has a way to tie the IP address to a real person3.

The question of when an identifier qualifies as “personal data” is again before the CJEU: In April 2023, the lower EU General Court ruled in SRB v EDPS4 that transmitted data can be considered anonymised and therefore not personal data if the data recipient does not have any additional information reasonably likely to allow it to re-identify the data subjects and has no legal means available to access such information. The appellant – the European Data Protection Supervisor (EDPS) – disagrees. The EDPS, who mainly oversees the privacy compliance of EU institutions and bodies, is appealing the decision and arguing that a unique identifier should qualify as personal data if that identifier could ever be linked to an individual, regardless of whether the entity holding the identifier actually had the means to make such a link.

If the lower court’s common-sense ruling holds, one could argue that IP addresses are not personal data when those IP addresses are processed by entities like Cloudflare, which have no means of connecting an IP address to an individual. If IP addresses are then not always personal data, then IP addresses will not always be subject to the GDPR’s rules on cross-border data transfers.

Although it may seem counterintuitive, having a standard whereby an IP address is not necessarily “personal data” would actually be a positive development for privacy. If IP addresses can flow freely across the Internet, then entities in the EU can use non-EU cybersecurity providers to help them secure their personal data. Advanced Machine Learning/predictive AI techniques that look at IP addresses to protect against DDoS attacks, prevent bots, or otherwise guard against personal data breaches will be able to draw on attack patterns and threat intelligence from around the world to the benefit of EU entities and residents. But none of these benefits can be realized in a world where IP addresses are always personal data under the GDPR and where the GDPR’s data transfer rules are interpreted to mean IP addresses linked to EU residents can never flow to the United States.

Keeping privacy in focus

On this Data Privacy Day, we urge EU policy makers to look closely at how the GDPR is working in practice, and to take note of the instances where the GDPR is applied in ways that place privacy protections above all other considerations – even appropriate security measures mandated by the GDPR’s Article 32 that take into account the state of the art of technology. When this happens, it can actually be detrimental to privacy. If taken to the extreme, this formulaic approach would not only negatively impact cybersecurity and data protection, but even put into question the functioning of the global Internet infrastructure as a whole, which depends on cross-border data flows. So what can be done to avert this?

First, we believe EU policymakers could adopt guidelines (if not legal clarification) for regulators that IP addresses should not be considered personal data when they cannot be linked by an entity to a real person. Second, policymakers should clarify that the GDPR’s application should be considered with the cybersecurity benefits of data processing in mind. Building on the GDPR’s existing recital 49, which rightly recognizes cybersecurity as a legitimate interest for processing, personal data that needs to be processed outside the EU for cybersecurity purposes should be exempted from GDPR restrictions to international data transfers. This would avoid some of the worst effects of the mindset that currently views data localization as a proxy for data privacy. Such a shift would be a truly pro-privacy application of the GDPR.

1 Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems.
2 Swire, Peter and Kennedy-Mayo, DeBrae and Bagley, Andrew and Modak, Avani and Krasser, Sven and Bausewein, Christoph, Risks to Cybersecurity from Data Localization, Organized by Techniques, Tactics, and Procedures (2023).
3 Different decisions by the European data protection authorities, namely the Austrian DSB (December 2021), the French CNIL (February 2022) and the Italian Garante (June 2022), while analyzing the use of Google Analytics, have rejected the relative approach used by the Breyer case and considered that an IP address should always be considered as personal data. Only the decision issued by the Spanish AEPD (December 2022) followed the same interpretation of the Breyer case. In addition, see paragraphs 109 and 136 in Guidelines by Supervisory Authorities for Tele-Media Providers, DSK (2021).
4 Single Resolution Board v EDPS, Court of Justice of the European Union, April 2023.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet applicationward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you’re looking for a new career direction, check out our open positions.

Source :
https://blog.cloudflare.com/reflecting-on-the-gdpr-to-celebrate-privacy-day-2024/