Android Archives - Page 11 of 20 - Appunti dalla rete

How To Install Kimai Time Tracking App in Docker

In this guide, I’ll show you how to deploy the open source time tracking app Kimai in a Docker container. Kimai is free, browser-based (so it’ll work on mobile devices), and is extremely flexible for just about every use case.

It has a stopwatch feature where you can start/stop/pause a worklog timer. Then, it accumulates the total into daily, weekly, monthly or yearly reports, which can be exported or printed as invoices.

It supports single or multi users, so you can even track time for your entire department. All statistics are visible on a beautiful dashboard, which makes historical time-tracking a breeze.

Why use Kimai Time Tracker?

For my scenario, I am salaried at work. However, since I’m an IT Manager, I often find myself working after hours or on weekends to patch servers, reboot systems, or perform system and infrastructure upgrades. Normally, I use a pen and paper or a notetaking app to track overtime, although this is pretty inefficent. Sometimes I forget when I started or stopped, or if I’ve written down the time on a notepade at home, I can’t view that time at work.

And when it comes to managing a team of others who also perform after hours maintenance, it becomes even harder to track their total overtime hours.

Over the past few weeks, I stumbled across Kimai and really love all the features. Especially when I can spin it up in a docker or docker compose container!

If you don’t have Docker installed, follow this guide: https://smarthomepursuits.com/how-to-install-docker-ubuntu/

If you don’t have Docker-Compose installed, follow this guide: https://smarthomepursuits.com/how-to-install-portainer-with-docker-in-ubuntu-20-04/

In this tutorial, we will be installing Kimai for 1 user using standard Docker run commands. Other users can be added from the webui after initial setup.

Step 1: SSH into your Docker Host

Open Putty and SSH into your server that is running docker and docker compose.

Step 2: Create Kimai Database container

Enter the command below to create a new database to use with Kimai. You can copy and paste into Putty by right-clicking after copy, or CTRL+SHIFT+V into other ssh clients.

sudo docker run --rm --name kimai-mysql \
    -e MYSQL_DATABASE=kimai \
    -e MYSQL_USER=kimai \
    -e MYSQL_PASSWORD=kimai \
    -e MYSQL_ROOT_PASSWORD=kimai \
    -p 3399:3306 -d mysql

Step 3: Start Kimai

Next, start the Kimai container using the already created database. If you look at the Kimai github page, you’ll notice that this isn’t the same command as what shows there.

Here’s the original command (which I’m not using):

docker run --rm --name kimai-test -ti -p 8001:8001 -e DATABASE_URL=mysql://kimai:kimai@${HOSTNAME}:3399/kimai kimai/kimai2:apache

And here’s my command. I had to explicitly add TRUSTED_HOSTS, the ADMINMAIL and ADMINPASS, and change the ${HOSTNAME} to the IP address of your docker host. Otherwise, I wasn’t able to access Kimai from other computers on my local network.

Green = change port here if already in use
Red = Add the IP address of your docker host
Orange = Manually specifying the admin email and password. This is what you’ll use to log in with.
Blue = Change to docker host IP address

sudo docker run --rm --name kimai -ti -p 8001:8001 -e TRUSTED_HOSTS=192.168.68.141,localhost,127.0.0.1 -e ADMINMAIL=example@gmail.com -e ADMINPASS=8charpassword -e DATABASE_URL=mysql://kimai:kimai@192.168.68.141:3399/kimai kimai/kimai2:apache

Note that 8 characters is the minimum for the password.

Step 4: Log In via Web Browser

Next, Kimai should now be running!

To check, you can go to your http://dockerIP:8001 in a web browser (192.168.68.141:8001)

Then simply log in with the credentials you created.

Step 5: Basic Setup

This app is extremely powerful and customizeable, so I won’t be going over all the available options since everyone has different needs.

Like I mentioned earlier, I’m using Kimai for overtime tracking only, so the first step for me is to create a new “customer”.

Create a Customer

This is sort of unintuitive, but you need to create a customer before you can start tracking time to a project. I’m creating a generic “Employee” customer.

Click Customers on the left sidebar, then click the + button in the top right corner.

Create A Project

Click Projects on the left sidebar:

Then click the + button in the top right corner.

Add a name, choose the customer you just created, and then choose a date range.

Create An Activity

Click Activity on the left, then create an activity. I’m calling mine Overtime Worked and assigning it to the Project “Overtime 2021” I just created.

Step 6: Change “Timetracking Mode” to Time-clock

Click Settings. Under Timetracking mode, change it to Time-Clock. This will let you click the Play button to start/stop time worked vs having to manually enter start and stop times.

Step 7: Start Tracking Time!

To start tracking time, simply click the timer widget in the top right corner.

A screen will pop up asking you what project and activity you want to apply the time to.

The selfhosted stopwatch will start tracking time right after. You can then view the timesheets for yourself under the My Times section or for all users under the Timesheets or Reporting tabs.

Wrapping Up

Hopefully this guide helped you get Kimai installed and setup! If you have any questions, feel free to let me know in the comments below and I’ll do my best to help you out.

My Homelab Equipment

Here is some of the gear I use in my Homelab. I highly recommend each of them.

Server 2019 w/ Hyper-V
Case: Fractal Design Node 804
Graphics Card: NVIDEA Quadro K600
CPU: AMD Ryzen 7 2700

The full list of server components I use can be found on my Equipment List page.

Source :
https://smarthomepursuits.com/how-to-install-kimai-time-tracking-app-in-docker/

Apply sensitivity labels to your files and email in Office

Excel for Microsoft 365 Word for Microsoft 365 Outlook for Microsoft 365 More…

Note: This feature requires a Microsoft 365 subscription and is available for users and organizations whose administrators have set up sensitivity labels. If you’re an administrator looking to get started with sensitivity labels see Get started with sensitivity labels.

You can apply sensitivity labels to your files and emails to keep them compliant with your organization’s information protection policies.

The names of these labels, the descriptions you see when you hover over them, and when to use each label will be customized for you by your organization. If you need additional information about which label to apply, and when, contact your organization’s IT department.

How are sensitivity labels applied?

Sensitivity labels are applied either manually or automatically.

Note: Even if your administrator has not configured automatic labeling, they may have configured your system to require a label on all Office files and emails, and may also have selected a default label as the starting point. If labels are required you won’t be able to save a Word, Excel, or PowerPoint file, or send an email in Outlook, without selecting a sensitivity label.

To apply, change, or remove a label manually follow these steps:

Office 365 Office 365 for Mac Office for Android Office for iOS Web

Outlook

When composing an email, select Sensitivity.

Important: Sensitivity is not available if your Office account isn’t a work account, and if your administrator hasn’t configured any sensitivity labels and enabled the feature for you.
Choose the sensitivity label that applies to your email.

Note: If your organization has configured a website to learn more about their sensitivity labels, you will also see a Learn More option.

To remove a sensitivity label that has already been applied to an email, unselect it from the Sensitivity menu. Naturally if your organization requires labels on all files you won’t be able to remove it.

Word, Excel, PowerPoint

On the Home tab, select Sensitivity.

Important: Sensitivity is not available if your Office account isn’t a work account with a Office 365 Enterprise E3 or Office 365 Enterprise E5 license assigned, or if your administrator hasn’t configured any sensitivity labels and enabled the feature for you .
Choose the sensitivity label that applies to your file.

Note: If your organization has configured a website to learn more about their sensitivity labels, you will also see a Learn More option.

To remove a sensitivity label that has already been applied to a file, unselect it from the Sensitivity menu. Naturally if your organization requires labels on all files you won’t be able to remove it.

Automatically applied (or recommended) labels

If your administrator has set up automatic labeling then files or emails that contain certain kinds of information – such as social security numbers, credit card numbers, or other sensitive information – can have a specified label either recommended for, or applied, automatically.

If a label has been applied automatically you’ll see a notification below the Office ribbon that looks like this.

Screenshot of a Policy Tip for an automatically applied sensitivity label

The notice for when a label has been recommended, but not automatically applied, looks similar.

For more information see Automatically apply or recommend sensitivity labels to your files and emails in Office

How do I know what label is currently applied?

The way to see the currently applied label, if any, varies slightly depending upon whether you’re on desktop or mobile.

On desktop apps (including Office for the web) look at the status bar at the bottom of the window.

The Excel status bar showing a "General" sensitivity label has been applied

On the Office mobile apps, select the Three dots icon menu.

Outlook is a bit different

In Outlook nothing appears if no label has been selected or if you’re composing an email and only the default label is applied.

If a label has been selected, however, you’ll see it on the InfoBar just above the To field.

A sensitivity label displayed in the InfoBar above the To field in an Outlook email message.

What happens when I apply a sensitivity label?

When you apply a sensitivity label, the label information will persist with your file or email, even as it is shared between devices, applications, and cloud services. Applying a sensitivity label may also result in changes to your file or email according to your organization’s configuration, such as:

Encryption with Information Rights Management may be applied to your file or email
A header or footer may appear in your file or email
A watermark may appear in your file

Note: If you don’t have permission to change or remove a sensitivity label, you’ll be prevented from doing so with an error message in most apps. In some apps, like Outlook mobile, the sensitivity labels will simply be disabled.

Not all apps on all platforms support the same behavior, so the exact results of applying a sensitivity label may vary slightly. For more information about what capabilities are supported on each platform see Support for sensitivity label capabilities in apps.

Justify changes to sensitivity label

Your administrator can have a policy that requires you to provide justification before changing a sensitivity label from a higher sensitivity to a lower sensitivity. In this configuration, you may be asked to choose a justification reason or provide your own when selecting a less sensitive label.

Note: You will only be asked to justify changes one time after opening a document or replying to forwarding an email message. After justifying once, subsequent changes will not require justification until that document or email message is closed and opened again.

The dialog box that appears when your organization requires you to provide a justification for changing a sensitivity label.

Google introduces end-to-end encryption for Gmail on the web

Google announced on Friday that it’s adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.

Client-side encryption (as Google calls E2EE) was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta).

Once enabled, Gmail client-side encryption will ensure that any sensitive data delivered as part of the email’s body and attachments (including inline images) can not be decrypted by Google servers — the email header (including subject, timestamps, and recipients lists) will not be encrypted.

“With Google Workspace Client-side encryption (CSE), content encryption is handled in the client’s browser before any data is transmitted or stored in Drive’s cloud-based storage,” Google explained on its support website.

“That way, Google servers can’t access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally.”

Gmail E2EE beta is currently available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

They can apply for the beta until January 20, 2023, by submitting their Gmail CSE Beta Test Application which should include the email address, Project ID, and test group domain.

The company says the feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.

After Google emails back to confirm that the account is ready, admins can set up Gmail CSE for their users by going through the following procedure to set up their environment, prepare S/MIME certificates for each user in the test group, and configure the key service and identity provider.

The feature will be off by default and can be enabled at the domain, organizational unit, and Group levels by going to Admin console > Security > Access and data control > Client-side encryption.

Once enabled, you can toggle on E2EE for any message by clicking the lock icon next to the Recipients field and clicking “Turn on” under the “Additional encryption” option.

https://static.btloader.com/safeFrame.html?upapi=true

https://e550bca7ddabd8d6701a8c4b48f12667.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?upapi=true

Users will then be able to compose their Gmail messages and add email attachments as they would normally do.

“Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities,” Google added.

“Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs.”

Apple rolls out end-to-end encryption for iCloud backups

Twitter source code indicates end-to-end encrypted DMs are coming

Learn to use Google Docs, Sheets, Gmail and more for just $41

OldGremlin hackers use Linux ransomware to attack Russian orgs

Source :
https://www.bleepingcomputer.com/news/security/google-introduces-end-to-end-encryption-for-gmail-on-the-web/

Everything you might have missed during Cloudflare’s Impact Week 2022

And that’s a wrap! Impact Week 2022 has come to a close. Over the last week, Cloudflare announced new commitments in our mission to help build a better Internet, including delivering Zero Trust services for the most vulnerable voices and for critical infrastructure providers. We also announced new products and services, and shared technical deep dives.

Were you able to keep up with everything that was announced? Watch the Impact Week 2022 wrap-up video on Cloudflare TV, or read our recap below for anything you may have missed.

Product announcements

Blog	Summary
Cloudflare Zero Trust for Project Galileo and the Athenian Project	We are making the Cloudflare One Zero Trust suite available to teams that qualify for Project Galileo or Athenian at no cost. Cloudflare One includes the same Zero Trust security and connectivity solutions used by over 10,000 customers today to connect their users and safeguard their data.
Project Safekeeping – protecting the world’s most vulnerable infrastructure with Zero Trust	Under-resourced organizations that are vital to the basic functioning of our global communities (such as community hospitals, water treatment facilities, and local energy providers) face relentless cyber attacks, threatening basic needs for health, safety and security. Cloudflare’s mission is to help make a better Internet. We will help support these vulnerable infrastructure by providing our enterprise-level Zero Trust cybersecurity solution to them at no cost, with no time limit.
Cloudflare achieves FedRAMP authorization to secure more of the public sector	We are excited to announce our public sector suite of services, Cloudflare for Government, has achieved FedRAMP Moderate Authorization. The Federal Risk and Authorization Management Program (“FedRAMP”) is a US-government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
A new, configurable and scalable version of Geo Key Manager, now available in Closed Beta	At Cloudflare, we want to give our customers tools that allow them to maintain compliance in this ever-changing environment. That’s why we’re excited to announce a new version of Geo Key Manager — one that allows customers to define boundaries by country, by region, or by standard.

Technical deep dives

Blog	Summary
Cloudflare is joining the AS112 project to help the Internet deal with misdirected DNS queries	Cloudflare is participating in the AS112 project, becoming an operator of the loosely coordinated, distributed sink of the reverse lookup (PTR) queries for RFC 1918 addresses, dynamic DNS updates and other ambiguous addresses.
Measuring BGP RPKI Route Origin Validation	The Border Gateway Protocol (BGP) is the glue that keeps the entire Internet together. However, despite its vital function, BGP wasn’t originally designed to protect against malicious actors or routing mishaps. It has since been updated to account for this shortcoming with the Resource Public Key Infrastructure (RPKI) framework, but can we declare it to be safe yet?

Customer stories

Blog	Summary
Democratizing access to Zero Trust with Project Galileo	Learn how organizations under Project Galileo use Cloudflare Zero Trust to protect their organization from cyberattacks.
Securing the inboxes of democracy	Cloudflare email security worked hard in the 2022 U.S. midterm elections to ensure that the email inboxes of those seeking office were secure.
Expanding Area 1 email security to the Athenian Project	We are excited to share that we have grown our offering under the Athenian Project to include Cloudflare’s Area 1 email security suite to help state and local governments protect against a broad spectrum of phishing attacks to keep voter data safe and secure.
How Cloudflare helps protect small businesses	Large-scale cyber attacks on enterprises and governments make the headlines, but the impacts of cyber conflicts can be felt more profoundly and acutely by small businesses that struggle to keep the lights on during normal times. In this blog, we’ll share new research on how small businesses, including those using our free services, have leveraged Cloudflare services to make their businesses more secure and resistant to disruption.

Internet access

Blog	Summary
Cloudflare expands Project Pangea to connect and protect (even) more community networks	A year and a half ago, Cloudflare launched Project Pangea to help provide Internet services to underserved communities. Today, we’re sharing what we’ve learned by partnering with community networks, and announcing an expansion of the project.
The US government is working on an “Internet for all” plan. We’re on board.	The US government has a $65 billion program to get all Americans on the Internet. It’s a great initiative, and we’re on board.
The Montgomery, Alabama Internet Exchange is making the Internet faster. We’re happy to be there.	Internet Exchanges are a critical part of a strong Internet. Here’s the story of one of them.
Partnering with civil society to track Internet shutdowns with Radar Alerts and API	We want to tell you more about how we work with civil society organizations to provide tools to track and document the scope of these disruptions. We want to support their critical work and provide the tools they need so they can demand accountability and condemn the use of shutdowns to silence dissent.
How Cloudflare helps next-generation markets	At Cloudflare, part of our role is to make sure every person on the planet with an Internet connection has a good experience, whether they’re in a next-generation market or a current-gen market. In this blog we talk about how we define next-generation markets, how we help people in these markets get faster access to the websites and applications they use on a daily basis, and how we make it easy for developers to deploy services geographically close to users in next-generation markets.

Sustainability

Blog	Summary
Independent report shows: moving to Cloudflare can cut your carbon footprint	We didn’t start out with the goal to reduce the Internet’s environmental impact. But as the Internet has become an ever larger part of our lives, that has changed. Our mission is to help build a better Internet — and a better Internet needs to be a sustainable one.
A more sustainable end-of-life for your legacy hardware appliances with Cloudflare and Iron Mountain	We’re excited to announce an opportunity for Cloudflare customers to make it easier to decommission and dispose of their used hardware appliances in a sustainable way. We’re partnering with Iron Mountain to offer preferred pricing and value-back for Cloudflare customers that recycle or remarket legacy hardware through their service.
How we’re making Cloudflare’s infrastructure more sustainable	With the incredible growth of the Internet, and the increased usage of Cloudflare’s network, even linear improvements to sustainability in our hardware today will result in exponential gains in the future. We want to use this post to outline how we think about the sustainability impact of the hardware in our network, and what we’re doing to continually mitigate that impact.
Historical emissions offsets (and Scope 3 sneak preview)	Last year, Cloudflare committed to removing or offsetting the historical emissions associated with powering our network by 2025. We are excited to announce our first step toward offsetting our historical emissions by investing in 6,060 MTs’ worth of reforestation carbon offsets as part of the Pacajai Reduction of Emissions from Deforestation and forest Degradation (REDD+) Project in the State of Para, Brazil.
How we redesigned our offices to be more sustainable	Cloudflare is working hard to ensure that we’re making a positive impact on the environment around us, with the goal of building the most sustainable network. At the same time, we want to make sure that the positive changes that we are making are also something that our local Cloudflare team members can touch and feel, and know that in each of our actions we are having a positive impact on the environment around us. This is why we make sustainability one of the underlying goals of the design, construction, and operations of our global office spaces.
More bots, more trees	Once a year, we pull data from our Bot Fight Mode to determine the number of trees we can donate to our partners at One Tree Planted. It’s part of the commitment we made in 2019 to deter malicious bots online by redirecting them to a challenge page that requires them to perform computationally intensive, but meaningless tasks. While we use these tasks to drive up the bill for bot operators, we account for the carbon cost by planting trees.

Policy

Blog	Summary
The Challenges of Sanctioning the Internet	As governments continue to use sanctions as a foreign policy tool, we think it’s important that policymakers continue to hear from Internet infrastructure companies about how the legal framework is impacting their ability to support a global Internet. Here are some of the key issues we’ve identified and ways that regulators can help balance the policy goals of sanctions with the need to support the free flow of communications for ordinary citizens around the world.
An Update on Cloudflare’s Assistance to Ukraine	On February 24, 2022, when Russia invaded Ukraine, Cloudflare jumped into action to provide services that could help prevent potentially destructive cyber attacks and keep the global Internet flowing. During Impact Week, we want to provide an update on where things currently stand, the role of security companies like Cloudflare, and some of our takeaways from the conflict so far.
Two months later: Internet use in Iran during the Mahsa Amini Protests	A series of protests began in Iran on September 16, following the death in custody of Mahsa Amini — a 22 year old who had been arrested for violating Iran’s mandatory hijab law. The protests and civil unrest have continued to this day. But the impact hasn’t just been on the ground in Iran — the impact of the civil unrest can be seen in Internet usage inside the country, as well.
How Cloudflare advocates for a better Internet	We thought this week would be a great opportunity to share Cloudflare’s principles and our theories behind policy engagement. Because at its core, a public policy approach needs to reflect who the company is through their actions and rhetoric. And as a company, we believe there is real value in helping governments understand how companies work, and helping our employees understand how governments and law-makers work.
Applying Human Rights Frameworks to our approach to abuse	What does it mean to apply human rights frameworks to our response to abuse? As we’ll talk about in more detail, we use human rights concepts like access to fair process, proportionality (the idea that actions should be carefully calibrated to minimize any effect on rights), and transparency.
The Unintended Consequences of blocking IP addresses	This blog dives into a discussion of IP blocking: why we see it, what it is, what it does, who it affects, and why it’s such a problematic way to address content online.

Impact

Blog	Summary
Closing out 2022 with our latest Impact Report	Our Impact Report is an annual summary highlighting how we are trying to build a better Internet and the progress we are making on our environmental, social, and governance priorities.
Working to help the HBCU Smart Cities Challenge	The HBCU Smart Cities Challenge invites all HBCUs across the United States to build technological solutions to solve real-world problems.
Introducing Cloudflare’s Third Party Code of Conduct	Cloudflare is on a mission to help build a better Internet, and we are committed to doing this with ethics and integrity in everything that we do. This commitment extends beyond our own actions, to third parties acting on our behalf. We are excited to share our Third Party Code of Conduct, specifically formulated with our suppliers, resellers and other partners in mind.
The latest from Cloudflare’s seventeen Employee Resource Groups	In this blog post, we highlight a few stories from some of our 17 Employee Resource Groups (ERGs), including the most recent, Persianflare.

What’s next?

That’s it for Impact Week 2022. But let’s keep the conversation going. We want to hear from you!

Visit the Cloudflare Community to share your thoughts about Impact Week 2022, or engage with our team on Facebook, Twitter, LinkedIn, and YouTube.

Or if you’d like to rewatch any Cloudflare TV segments associated with the above stories, visit the Impact Week hub on our website.

Watch on Cloudflare TV

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you’re looking for a new career direction, check out our open positions.

Source :
https://blog.cloudflare.com/everything-you-might-have-missed-during-cloudflares-impact-week-2022/

Pixel 7a renders leak providing a first look at the new Google mid-range

Rumors regarding the upcoming midrange Google Pixel phone – the Pixel 7a, have been swirling around for some time now with specs that seem more akin to a flagship phone than Google’s usual summer phone release. While some rumors say that the Pixel 7a could ship with a ceramic body, an upgraded camera setup, the same Tensor G2 processor, wireless charging, and a high-refresh-rate screen, high-resolution renders have now leaked that shed light on some, but not all, of the speculations. These renders come to us via Smartprix and OnLeaks, which include not only views of the device from different angles but also a 360-degree video for a more detailed look.360-degree view of the Pixel 7a render

The device retains the familiar Pixel design language with the camera bar that has been its iconic look since the Pixel 6. However, unlike the one found in the 6a, which was enclosed in all glass, this camera bar looks to be enveloped in brushed aluminum, although we cannot confirm the exact material just by looking at the renders. In comparison to the Pixel 6a, the dimensions reveal that the 7a will be just about the same height but will be a bit wider and thicker (152.4 x 72.9 x 9.0mm on the Pixel 7a vs. 152.2 x 71.8 x 8.9 mm on the Pixel 6a), but the difference seems so minimal it may not even register during day to day use.

When viewing the device from the front, one could see the noticeable larger bezels and thicker chin, which isn’t surprising for a Google mid-tier device. A punch-hole camera is found in the top-middle of the display, just like its predecessor, and the power button, volume rocker, and USB-C port seem to have been kept in the same location as well. Unfortunately, though, just like the Pixel 6a, there is no headphone jack in sight.

The leak also reports that the device will be available in two colorways, white and dark gray, with the white color chosen as the one pictured in the renders that features a silver frame around the device to match the same color of the camera bar. It is unknown if the dark gray option will have darker or even black rails and whether the camera bar will come in a matching color as well. Hopefully, there will be a third, more colorful option, just like “Lemongrass” was for the Pixel 6a.

Some of the rumors that remain unanswered by this leak include the material on the outside of the device, and frankly, with the renders being white, it does very little to debunk whether it will be ceramic or not. We also have no way of confirming one of the hottest rumors surrounding this device, which is its supposed 90Hz display, a detail that has made quite a few Pixel fans very happy. It looks like we’re going to have to wait a bit longer to get a bit more info, but knowing how these things usually go, we are probably not far off from the next 7a leak.

Source :
https://chromeunboxed.com/pixel-7a-renders-leak

Yes, AirPods work fine with Pixel phones, but Pixel Buds Pro work better

We see this question floating around the web quite a bit: will my AirPods work with a Pixel? The simple answer is, of course, yes! Though AirPods (or AirPods Pro) are designed to work best with Apple products, they are still Bluetooth earbuds that can be connected to a wide variety of devices. As a matter of fact, I’ve used both the AirPods and AirPods Pro with my Chromebook, too, and there’s no real issue in getting them connected on that front, either.

How to pair your AirPods

Pairing is pretty simple. With the AirPods in their case, flip open the lid, hold the button around back until the LED begins pulsing, and look for your AirPods in the list of available Bluetooth devices to pair. Again, I’ve had little issue whatsoever in getting them connected to anything I’ve tried, so thankfully Apple hasn’t put any blocks in place for non-Apple devices.

What works with AirPods on Pixel

Once you get them all connected, the functionality is pretty basic. For standard AirPods, you can listen to media, take calls, and double-tap near the top to play/pause audio. That’s about it. They stay connected well and have very little latency, so for all sorts of applications, they are pretty great. If you are OK with a straightforward bluetooth earbuds experience, there’s technically nothing broken, here. There’s just not a ton of added features.

For the AirPods Pro, the haptic buttons on the earbuds themselves will work based on how you set them up. Out of the box, they default to a single click for play/pause, double-click for skip forward, and triple-click for skip back. A long press will toggle ANC and transparency modes, too.

What doesn’t work with Airpods on Pixel

When looking at the variety of available earbuds on the market, clearly the AirPods are pretty Spartan in their functionality on non-Apple devices. While they do technically work fine for the basics, there’s a bunch of stuff you need to know that these earbuds won’t do on a Pixel phone. First up, since there’s only support for a double-top on the standard AirPods (it defaults to play/pause), when you are needing to adjust volume or skip a track, you’ll need to grab your phone. As stated above, the AirPods Pro get around this limitation a bit more effortlessly thanks to the haptic buttons on the stems.

None of the physical shortcuts can be adjusted when using a Pixel phone, however, and you’ll need an Apple device of some sort in order to change the device name and customize your click functionalities. It is worth noting, however, that even on Apple devices, the number of custom things you can do with the AirPods Pro is pretty limited, so you aren’t missing out on too much if you don’t have an Apple device around.

A software battery life indicator is another key thing missing from the equation, and apart from installing some 3rd-party software, you won’t know the remaining charge you have on your earbuds when paired to a Pixel phone. If you have a wireless charging pad and keep your AirPods on them regularly, it’s not a huge deal. The only time it really bugs me is with my old, 1st-gen AirPods that don’t come with wireless charging. I forget to top them off regularly.

And speaking of charging, all the AirPods at this point still charge with Lightning cables. That’s right: if you don’t have one of those lying around, you’re gonna be in trouble. For me, wireless charging has solved this issue, but it is still unfortunate. As an Android/ChromeOS guy, I don’t have Lightning cables around very often. It’s a small-but-aggravating thing you need to remember.

Why the Pixel Buds Pro and Pixel phones are a better pair

This should be pretty obvious, but the Pixel Buds Pro are a far better fit if you have a Pixel phone. Well, I say it should be obvious; but Google hasn’t always made it that way, have they? With issues here and there with their older Pixel Buds, I’ve not been a huge fan up until the Pixel Buds Pro. At this point, however, I’m a huge fan and all the niceties you get along with them have totally turned the tide for me.

For starters, the on-ear functionality is fantastic. Gestures like swiping for volume controls, tapping for play/pause/skip, and holding for ANC or transparency are the best in the business. It all works like you’d expect, the surface of the actual earbud is big enough to keep you from missing on a regular basis, and the way the Pixel Buds Pro sit in your ear keep them from feeling uncomfortable when you press on them.

The Pixel Buds Pro also come with Fast Pair, so as soon as you open them up, your Pixel will see them and get you paired up with ease. To be fair, the AirPods do this as well, but only on Apple devices. Pixel Buds Pro will Fast Pair with any eligible Android device or Chromebook, too.

Obviously, the Pixel Buds Pro also have an app (it is baked-in on Pixel phones) that allows for all sorts of customization for your presses, swipes, and EQ settings. Again, this sort of thing is present for the AirPods on Apple devices, but Google’s customization on Pixels and Android phones is far more robust and with Feature Drops, it will only get better over time.

So, in a nutshell, if you are a Pixel owner, AirPods will definitely work with your device, but I’d recommend the Pixel Buds Pro in the end. They’ve been on sale a ton of times for $149, and for that price, they are barely more expensive than the standard AirPods and far cheaper than the AirPods Pro. They pair easier, have more features, and I’d argue the sound quality is better too. While the AirPods and AirPods Pro technically will work for you, I’d only recommend them if you are in possession of them already, have an Apple device or two you use on a regular basis, or you get them as a gift. In any other case, go for the Pixel Buds Pro.

Source :
https://chromeunboxed.com/airpods-pro-pixel-phones-will-it-work/

Pixel Android 13 December update rolls out with lots of fixes

Yesterday, new software features arrived to the Pixel family of devices via the usual Pixel Feature Drop. The new features for the Pixel phone included the promised free Google One VPN, Clear Calling, Recorder app speaker labels, Spatial Audio, new live wallpapers, and unified Security & Privacy settings, among others. Here is a summary of feature availability per device:

Source / ✝ Only available in English (US)

However, aside from the new exciting features, Pixel phones also received their monthly software update for December 2022 as well as the final and stable release for those enrolled in the Android 13 QPR1 beta. Essentially, the December 2022 update (Build TQ1A.221205.011) includes the Pixel Feature drop plus the latest platform optimizations, bug fixes, and security patches that address areas such as device performance, stability, and connectivity. The list of issues fixed can be found below and it’s quite long:

Apps

Fix for issue causing text input to certain fields in the Phone app to display in a darker color

Fix for issue occasionally causing playback errors when seeking through video content in certain apps

Fix for issue occasionally preventing text messages from restoring from cloud backups during device setup

General improvements for background performance in certain Google apps

Audio

General improvements for USB audio support for various cables or accessories *[1]

General improvements to support various audio codecs with certain devices or accessories *[4]

Battery & Charging

Battery usage in Settings displays information since last full charge (up to 7 days)

Fix for issue occasionally causing device to power off while Battery Share is active *[4]

Fix for issue occasionally causing higher battery usage during media playback with certain apps *[2]

Fix for issue occasionally preventing Adaptive charging from working in certain conditions *[2]

Fix for issue occasionally preventing wireless charging from working with certain accessories *[2]

General improvements for charging, battery usage or thermal performance in certain conditions *[1]

Biometrics

Fix for issue occasionally causing audio to skip when played over certain Bluetooth devices or accessories *[2]

Fix for issue occasionally delaying when the fingerprint icon is displayed on the lock screen *[1]

Fix for issue occasionally preventing fingerprint sensor from detecting touch while always-on display is active *[3]

Fix for issue where fingerprint enrollment may occasionally display visual glitches in certain conditions *[1]

Improvements for face unlock lock screen helper text shown in certain conditions *[2]

Bluetooth

Fix for issue causing music playback to continue without audible sound after ending a call while using certain Bluetooth accessories *[2]

Fix for issue occasionally causing audio to skip when played over certain Bluetooth devices or accessories *[2]

Fix for issue occasionally preventing audio switching between connected Bluetooth devices in certain conditions

Fix for issue occasionally preventing Bluetooth Low Energy devices from displaying a device name during pairing

Fix for issue occasionally preventing connection to car head units using older Bluetooth versions

Fix for issue occasionally preventing discovery of certain Bluetooth devices or accessories

Fix for issue occasionally preventing previously paired Bluetooth devices from reconnecting

General improvements for Bluetooth stability and performance in certain conditions

Camera

Fix for issue occasionally causing Camera app to crash while zoomed in or switching modes *[2]

Fix for issue occasionally causing viewfinder preview to display a blank screen *[2]

Fix for issue where video that is recorded while switching between camera modes occasionally shows gaps in playback *[2]

General improvements for camera stability and performance in certain conditions

Display & Graphics

Fix for issue occasionally causing screen to flicker when waking from always-on display

Fix for issue occasionally causing visual artifacts or glitches while using certain apps or games *[3]

Framework

Fix for issue occasionally causing notifications to display in a different color theme from the system

Fix for issue occasionally causing the wrong character to display after a new line in certain apps or UI elements

Fix for issue occasionally causing Work Profile app notifications to appear even if Work Profile is paused

Fix for issue occasionally preventing certain apps to rotate to landscape orientation

Fix for issue occasionally preventing keyboard from being dismissed while using certain apps

Sensors

Fix for issue occasionally preventing “tap to wake” or “lift to wake” from working in certain conditions *[1]

Fix for issue occasionally preventing Adaptive brightness from activating in certain conditions

Fix for issue occasionally preventing Quick Tap from triggering app or system shortcuts in certain conditions

Fix to improve Adaptive brightness transitions during phone calls in certain conditions *[1]

General improvements for proximity sensor performance under certain lighting conditions *[1]

System

General improvements for system stability and performance in certain conditions

General improvements to optimize device thermal performance in certain conditions or use cases *[1]

Telephony

Fix for issue causing reduced network or call stability under certain conditions *[2]

Fix for issue occasionally preventing network SIM cards from activating in certain conditions *[3]

General improvements for network connection stability and performance in certain conditions

General improvements for network connectivity after toggling airplane mode off

General improvements for switching between 3G to 4G on certain carrier networks

General improvements for VPN connection stability and performance on mobile networks under certain conditions

General improvements for Wi-Fi calling stability and performance for certain carriers or networks

Improve dual SIM network connectivity in certain conditions *[3]

Improve RCS messaging stability under certain conditions *[2]

Touch

General improvements for touch response and performance in certain conditions *[1]

User Interface

Change for home screen search bar behavior to open the Google app when tapping the G logo

Fix for issue occasionally causing “Pause work apps” button display over app drawer or in the wrong position

Fix for issue occasionally causing certain Settings toggles to appear disabled, or set to the wrong state

Fix for issue occasionally causing device color theme to change unexpectedly

Fix for issue occasionally causing home screen app icons to appear duplicated after adjusting grid size

Fix for issue occasionally causing home screen widgets or icons to appear small or scaled down in certain conditions

Fix for issue occasionally causing media player controls to appear invisible or hidden in notification shade

Fix for issue occasionally causing notification overflow dot to overlay app icons on lock screen

Fix for issue occasionally causing notifications to disappear or appear invisible in notification shade

Fix for issue occasionally causing screenshot captures to fail in certain conditions

Fix for issue occasionally causing suggested apps in Search to overlap or display over results

Fix for issue occasionally causing text to appear incorrectly cutoff or truncated at different font sizes

Fix for issue occasionally causing UI to reset after adjusting display resolution

Fix for issue occasionally causing wallpaper to appear black or empty in certain conditions

Fix for issue occasionally enabling touch interaction during the lock screen transition after screen is turned off

Fix for issue occasionally preventing media player album art from updating when content changes

Fix for issue occasionally preventing media player controls from displaying on lock screen

Fix for issue occasionally preventing screen to appear blank or frozen after launching certain apps

Fix for issue where incoming notifications would occasionally display over others listed in the notification shade

Fix to improve responsiveness of At A Glance home and lock screen widget for certain conditions or use cases

Fix to improve spacing for certain UI modals in device setup and Settings

General improvements for performance in certain UI transitions and animations

Wi-Fi

Fix for issue occasionally preventing hotspot from turning on in certain conditions *[1]

General improvements for Wi-Fi network connection stability & performance in certain conditions *[1]

*[1] Included on Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro
*[2] Included on Pixel 7, Pixel 7 Pro
*[3] Included on Pixel 6, Pixel 6 Pro, Pixel 6a
*[4] Included on Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro

All Pixel devices running Android 13 (Pixel 4a, 5, 5a, 6, 6 Pro, 6a, 7, 7 Pro) began receiving these upgrades yesterday. The rollout will continue over the next week in phases, so if your eligible device doesn’t show the update available yet, you may just need to wait a few more days. However, once the OTA (over-the-air) update becomes available for your device, you will receive a notification.

Source :
https://chromeunboxed.com/december-2022-pixel-phone-update

How to keep your Gmail Inbox free of Spam and Promotions

Using its time-tested and refined algorithms, Gmail does a pretty good job of trying to keep our inboxes free of Spam, Junk emails, and unwanted promotions. It even utilizes inbox tabs to categorize your promotions, social, updates, and forum emails and keep them out of your primary email tab where your actual new emails are shown. However, even with all of these tools, filtering out unwanted emails is not 100% perfect, and a little manual input from us can go a long way. There are three ways that you can train Gmail to filter out unwanted emails from your inbox, which are as follows:

Inbox Categories

The first is the aforementioned inbox categories that can separate certain types of emails and display them on a different tab. Although initially done programmatically, this can be further tweaked so that you have the desired results.

To turn this feature on, navigate to your Gmail settings, then click on the Inbox tab. Make sure the Inbox type is set to “Default,” then add a checkmark to the categories you wish to have in a separate tab. If you just want to keep out marketing emails, add a check to the “Promotions” category, then “Save Changes.”

You will now have a “Promotions” tab in your emails that you have the option to check if desired. If you see emails in there that you’d rather go straight to your Primary tab, just drag it out and into the main tab. Gmail will then ask if you would like for it to automatically do the same for future emails from the same sender.

I just want the steps!

Go to Gmail settings

Click on the Inbox tab

Make sure the Inbox type is set to “Default”

Add a check to the “Promotions” category

Click on “Save Changes”

Gmail Filters

Utilizing Gmail filters is a manual process at first, but completely pays off once it’s set up and starts automatically filtering based on the parameters you have set. You can be very deliberate with your email filters, setting specific email addresses and/or domains to automatically go to Spam, or you can be more general and block out an entire email list that you may have been unwillingly made a part of. To do this, open the Spam email you would like to filter out in the future, then click on the three-dot menu, and select “Filter messages like these.”

Depending on the email, if Gmail detects that this was sent to a mailing list and not you directly, you will see an option to filter the email based on the list itself. Click on “Create filter,” and then choose to either archive or delete the email. If there are other emails in your inbox that match this filter, you should also see an option to apply it to all the matching conversations. Once you’ve chosen your desired action(s), click on “Create filter.”

I just want the steps!

Open the Spam email you would like to filter out in the future

Click on the three-dot menu

Select “Filter messages like these”

Click on “Create filter,” and then choose to either archive or delete the email

Select option to apply it to all the matching conversations

Click on “Create filter”

Reporting Spam in Inbox

Lastly, you can train Gmail to programmatically unsubscribe from an email list, mark the email as Spam, or do both at the same time. The latter is the most effective and recommended method, as it not only tries to unsubscribe you from the list but also marks it as Spam in case unsubscribing doesn’t go through as it should.

To just unsubscribe, you can click on the “Unsubscribe” link that appears beside the sender’s email address. Once you click there, you will receive a notification asking you to confirm that you want to go ahead and unsubscribe.

To both unsubscribe and mark the email as Spam, click on the exclamation mark that appears in the menu above the email, then confirm that you want to form “Report spam and unsubscribe.”

I just want the steps!

To just unsubscribe, click on the “Unsubscribe” link that appears beside the sender’s email address, then confirm by clicking the blue “Unsubscribe” button

To both unsubscribe and mark the email as Spam, click on the exclamation mark that appears in the menu above the email

At the confirmation popup, click on “Report spam and unsubscribe”

Source :
https://chromeunboxed.com/how-to-filter-spam-promotions

How to record your Pixel phone’s screen without installing a third-party application

In the early days of Android phones, which is now over ten years ago, I remember having to go to the Android Marketplace to find a third-party application to record my screen. Many of the instances where I felt I needed to capture my display occurred when I wanted to explain to my friends or family how to use their handsets without having to talk them through it on a phone call.

Nowadays, pretty much all modern versions of Android have a built-in screen recorder that you can access with just a few taps. Today, I’m going to show you how to do that on your Pixel or Android 12+ device so you can quickly save short clips to your storage and share them with others!

You may find that you have the same needs I have in the past, or you may simply want to record gameplay footage of mobile titles for YouTube. In the case of the latter, Google Play Games does support direct recording and even has special tools for it, though it’s worth noting that these are currently absent on my device at the time of writing this!

Alright, so first, you’ll need to swipe down the notification shade at the top of your phone. Swipe down a second time to pull up the Quick Settings panel. From there, you should see the colored tiles pictured below. If you don’t see the “Screen record” tile, you can tap the pencil icon at the bottom right of the panel to edit which tiles are available to you.

Oh and don’t forget that the quick settings are paginated, so you can swipe left and right to swap between the pages available. If you do need to edit your settings panel to place the screen recorder on the front page or to drag it out of the extra tiles section, you can simply press and hold it and bring it up higher (see the middle image).

Once it’s available – and please don’t skip this step – clear your screen of any personal information. This includes notifications and widgets that feature notes, emails, messages, and more. All too often, I see people record their screens and leave certain things visible that could compromise their privacy.

Tap the “Screen record” tile, select your audio device, whether or not you want to record audio, to begin with, and whether you’re interested in capturing your screen touches using the dialogue box that pops up. Your notification shade will close, and a red timer counting down from three will appear in your status bar.

The moment this disappears, you’re officially recording! This means that anything you do from touching, swiping, opening apps, and more will be captured. At this point, please avoid opening banking apps, your email, personal Keep notes, and so on. You wouldn’t want anyone to steal your secret government documents or find out that you’re a millionaire, now would you?

I wish I had either or both of those problems, and I’m sure you do too. Anyways, once you’re finished recording, just go ahead and swipe down from the top of your screen again to call up your notification shade. Then, tap the huge, red “Recording screen” notice.

That’s it! You’re no longer recording. Wait just a moment and you’ll see your recorded video appear as its own separate notification that you can then watch, delete, share or even upload to Google photos for later. Have fun and be safe!

I just want the steps!1. Swipe down twice from the top of your phone
2. Edit the quick settings panel if you need to make the “Screen record” tile available” (tap the pencil icon!)
3. Tap the “Screen record” tile and choose if you want to record audio or screen touches. You may also need to select your microphone!
4. Wait for the red countdown timer in your status bar to expire
5. You’re now recording! Perform any actions you wish to capture 🙂
6. When you’re finished, swipe down from the top of your screen and tap the red recording notice.
7. Upload your new video to Google Photos, share it with a friend or delete it!

Source :
https://chromeunboxed.com/how-to-easily-record-your-pixel-phone-screen

LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling

Reverse-engineering reveals close similarities to BlackMatter ransomware, with some improvements

A postmortem analysis of multiple incidents in which attackers eventually launched the latest version of LockBit ransomware (known variously as LockBit 3.0 or ‘LockBit Black’), revealed the tooling used by at least one affiliate. Sophos’ Managed Detection and Response (MDR) team has observed both ransomware affiliates and legitimate penetration testers use the same collection of tooling over the past 3 months.

Leaked data about LockBit that showed the backend controls for the ransomware also seems to indicate that the creators have begun experimenting with the use of scripting that would allow the malware to “self-spread” using Windows Group Policy Objects (GPO) or the tool PSExec, potentially making it easier for the malware to laterally move and infect computers without the need for affiliates to know how to take advantage of these features for themselves, potentially speeding up the time it takes them to deploy the ransomware and encrypt targets.

A reverse-engineering analysis of the LockBit functionality shows that the ransomware has carried over most of its functionality from LockBit 2.0 and adopted new behaviors that make it more difficult to analyze by researchers. For instance, in some cases it now requires the affiliate to use a 32-character ‘password’ in the command line of the ransomware binary when launched, or else it won’t run, though not all the samples we looked at required the password.

We also observed that the ransomware runs with LocalServiceNetworkRestricted permissions, so it does not need full Administrator-level access to do its damage (supporting observations of the malware made by other researchers).

Most notably, we’ve observed (along with other researchers) that many LockBit 3.0 features and subroutines appear to have been lifted directly from BlackMatter ransomware.

Is LockBit 3.0 just ‘improved’ BlackMatter?

Other researchers previously noted that LockBit 3.0 appears to have adopted (or heavily borrowed) several concepts and techniques from the BlackMatter ransomware family.

We dug into this ourselves, and found a number of similarities which strongly suggest that LockBit 3.0 reuses code from BlackMatter.

Anti-debugging trick

Blackmatter and Lockbit 3.0 use a specific trick to conceal their internal functions calls from researchers. In both cases, the ransomware loads/resolves a Windows DLL from its hash tables, which are based on ROT13.

It will try to get pointers from the functions it needs by searching the PEB (Process Environment Block) of the module. It will then look for a specific binary data marker in the code (0xABABABAB) at the end of the heap; if it finds this marker, it means someone is debugging the code, and it doesn’t save the pointer, so the ransomware quits.

After these checks, it will create a special stub for each API it requires. There are five different types of stubs that can be created (randomly). Each stub is a small piece of shellcode that performs API hash resolution on the fly and jumps to the API address in memory. This adds some difficulties while reversing using a debugger.

Screenshot of disassembler code — LockBit’s 0xABABABAB marker

SophosLabs has put together a CyberChef recipe for decoding these stub shellcode snippets.

Output of a CyberChef recipe — The first stub, as an example (decoded with CyberChef)

Obfuscation of strings

Many strings in both LockBit 3.0 and BlackMatter are obfuscated, resolved during runtime by pushing the obfuscated strings on to the stack and decrypting with an XOR function. In both LockBit and BlackMatter, the code to achieve this is very similar.

Georgia Tech student Chuong Dong analyzed BlackMatter and showed this feature on his blog, with the screenshot above.

By comparison, LockBit 3.0 has adopted a string obfuscation method that looks and works in a very similar fashion to BlackMatter’s function.

API resolution

LockBit uses exactly the same implementation as BlackMatter to resolve API calls, with one exception: LockBit adds an extra step in an attempt to conceal the function from debuggers.

The array of calls performs precisely the same function in LockBit 3.0.

Hiding threads

Both LockBit and BlackMatter hide threads using the NtSetInformationThread function, with the parameter ThreadHideFromDebugger. As you probably can guess, this means that the debugger doesn’t receive events related to this thread.

Printing

LockBit, like BlackMatter, sends ransom notes to available printers.

Deletion of shadow copies

Both ransomware will sabotage the infected computer’s ability to recover from file encryption by deleting the Volume Shadow Copy files.

LockBit calls the IWbemLocator::ConnectServer method to connect with the local ROOT\CIMV2 namespace and obtain the pointer to an IWbemServices object that eventually calls IWbemServices::ExecQuery to execute the WQL query.

LockBit’s method of doing this is identical to BlackMatter’s implementation, except that it adds a bit of string obfuscation to the subroutine.

Enumerating DNS hostnames

Both LockBit and BlackMatter enumerate hostnames on the network by calling NetShareEnum.

In the source code for LockBit, the function looks like it has been copied, verbatim, from BlackMatter.

Determining the operating system version

Both ransomware strains use identical code to check the OS version – even using the same return codes (although this is a natural choice, since the return codes are hexadecimal representations of the version number).

Configuration

Both ransomware contain embedded configuration data inside their binary executables. We noted that LockBit decodes its config in a similar way to BlackMatter, albeit with some small differences.

For instance, BlackMatter saves its configuration in the .rsrc section, whereas LockBit stores it in .pdata.

And LockBit uses a different linear congruential generator (LCG) algorithm for decoding.

Some researchers have speculated that the close relationship between the LockBit and BlackMatter code indicates that one or more of BlackMatter’s coders were recruited by LockBit; that LockBit bought the BlackMatter codebase; or a collaboration between developers. As we noted in our white paper on multiple attackers earlier this year, it’s not uncommon for ransomware groups to interact, either inadvertently or deliberately.

Either way, these findings are further evidence that the ransomware ecosystem is complex, and fluid. Groups reuse, borrow, or steal each other’s ideas, code, and tactics as it suits them. And, as the LockBit 3.0 leak site (containing, among other things, a bug bounty and a reward for “brilliant ideas”) suggests, that gang in particular is not averse to paying for innovation.

LockBit tooling mimics what legitimate pentesters would use

Another aspect of the way LockBit 3.0’s affiliates are deploying the ransomware shows that they’re becoming very difficult to distinguish from the work of a legitimate penetration tester – aside from the fact that legitimate penetration testers, of course, have been contracted by the targeted company beforehand, and are legally allowed to perform the pentest.

The tooling we observed the attackers using included a package from GitHub called Backstab. The primary function of Backstab is, as the name implies, to sabotage the tooling that analysts in security operations centers use to monitor for suspicious activity in real time. The utility uses Microsoft’s own Process Explorer driver (signed by Microsoft) to terminate protected anti-malware processes and disable EDR utilities. Both Sophos and other researchers have observed LockBit attackers using Cobalt Strike, which has become a nearly ubiquitous attack tool among ransomware threat actors, and directly manipulating Windows Defender to evade detection.

Further complicating the parentage of LockBit 3.0 is the fact that we also encountered attackers using a password-locked variant of the ransomware, called lbb_pass.exe , which has also been used by attackers that deploy REvil ransomware. This may suggest that there are threat actors affiliated with both groups, or that threat actors not affiliated with LockBit have taken advantage of the leaked LockBit 3.0 builder. At least one group, BlooDy, has reportedly used the builder, and if history is anything to go by, more may follow suit.

LockBit 3.0 attackers also used a number of publicly-available tools and utilities that are now commonplace among ransomware threat actors, including the anti-hooking utility GMER, a tool called AV Remover published by antimalware company ESET, and a number of PowerShell scripts designed to remove Sophos products from computers where Tamper Protection has either never been enabled, or has been disabled by the attackers after they obtained the credentials to the organization’s management console.

We also saw evidence the attackers used a tool called Netscan to probe the target’s network, and of course, the ubiquitous password-sniffer Mimikatz.

Incident response makes no distinction

Because these utilities are in widespread use, MDR and Rapid Response treats them all equally – as though an attack is underway – and immediately alerts the targets when they’re detected.

We found the attackers took advantage of less-than-ideal security measures in place on the targeted networks. As we mentioned in our Active Adversaries Report on multiple ransomware attackers, the lack of multifactor authentication (MFA) on critical internal logins (such as management consoles) permits an intruder to use tooling that can sniff or keystroke-capture administrators’ passwords and then gain access to that management console.

It’s safe to assume that experienced threat actors are at least as familiar with Sophos Central and other console tools as the legitimate users of those consoles, and they know exactly where to go to weaken or disable the endpoint protection software. In fact, in at least one incident involving a LockBit threat actor, we observed them downloading files which, from their names, appeared to be intended to remove Sophos protection: sophoscentralremoval-master.zip and sophos-removal-tool-master.zip. So protecting those admin logins is among the most critically important steps admins can take to defend their networks.

For a list of IOCs associated with LockBit 3.0, please see our GitHub.

Acknowledgments

Sophos X-Ops acknowledges the collaboration of Colin Cowie, Gabor Szappanos, Alex Vermaning, and Steeve Gaudreault in producing this report.

Source :
https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/