Hɪ!! Gᴜʏᴢ Wᴇʟᴄᴏᴍᴇ Bᴀᴄᴋ Aɢᴀɪɴ Tᴏ Mʏ YᴏᴜTᴜʙᴇ Cʜᴀɴɴᴇʟ… Iғ Yᴏᴜʀ ɴᴇᴡ Tᴏ ᴍʏ ᴄʜᴀɴɴᴇʟ. Dᴏɴ’ᴛ Lᴇᴀᴠᴇ ᴡɪᴛʜᴏᴜᴛ ʙʀᴇᴀᴋɪɴɢ ᴛʜᴇ …
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.
Dubbed “Oscorp” by Italy’s CERT-AGID, the malware “induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the screen.”
So named because of the title of the login page of its command-and-control (C2) server, the malicious APK (called “Assistenzaclienti.apk” or “Customer Protection”) is distributed via a domain named “supportoapp[.]com,” which upon installation, requests intrusive permissions to enable the accessibility service and establishes communications with a C2 server to retrieve additional commands.
Furthermore, the malware repeatedly reopens the Settings screen every eight seconds until the user turns on permissions for accessibility and device usage statistics, thus pressurizing the user into granting the extra privileges.
Once the access is provisioned, the malware exploits the permissions to log keystrokes, uninstall apps on the device, make calls, send SMS messages, steal cryptocurrency by redirecting payments made via Blockchain.com Wallet app, and access two-factor authentication codes from the Google Authenticator app.
The attacker-controlled wallet had $584 as of January 9, the researchers said.
In the final step, the malware exfiltrates the captured data — along with system information (e.g., apps installed, phone model, carrier) — to the C2 server, in addition to fetching commands from the server that allows it to launch the Google Authenticator app, steal SMS messages, uninstall apps, launch specific URLs, and record audio and video of the screen through WebRTC.
What’s more, users opening the apps targeted by the malware are displayed a phishing page that asks for their username and password, CERT noted, adding the style of this screen varies from app to app and that it’s designed with an intent to trick the victim into providing the information.
The exact kind of applications singled out by this malware remains unclear, but the researchers said it could be any app that deals with sensitive data, such as those for banking and messaging.
“Android protections prevent malware from doing any kind of damage until the user enables [accessibility] service,” CERT-AGID concluded. “Once enabled, however, a ‘dam’ opens up. In fact, Android has always had a very permissive policy towards app developers, leaving the ultimate decision to trust an app or not to the end user.”
When it comes to COVID vaccine distribution, California marijuana workers want to know: where are they supposed to stand in line?
At the same time that registered medical cannabis workers in Maryland have become eligible for priority access to coronavirus vaccines as part of the state’s first phase rollout, there remains an open question about the policy in California, where about 40,000 people are employed in the marijuana sector.
While cannabis workers are defined by the state as essential healthcare employees, some are struggling to find answers about whether they’re eligible for vaccines in the initial rollout like nurses and caretakers are. The California Department of Public Health (CDPH) released guidance on who qualifies for each phase of distribution, but there’s no explicit mention of where marijuana business employees stand.
Victor Pinho, manager of an Oakland-based cannabis delivery service, told Marijuana Moment that he’s faced challenges as he’s attempted to determine whether he or his workers could receive a vaccination under the state’s guidance. After reaching out to his county supervisor’s office to inquire about the issue, he was told that while cannabis workers are considered “essential” for business purposes, the state’s vaccine eligibility criteria is different.
“Being in the position that I’m in now—a management position for a delivery service in Oakland—my employees are like, ‘When do we get this? We’re seeing people every day,’” he said.
Marijuana Moment reached out to CDPH and a senior cannabis advisor with the Governor’s Office of Business and Economic Development for clarification, but representatives were not able to deliver a definitive answer despite multiple follow-up requests for clarification on the state’s policy.
A spokesperson said CDPH would “do our best” to resolve the uncertainty, but ultimately replied with a link to the state’s vaccine page that was not directly responsive to the question.
In contrast, the Maryland Health Department (MHD) recently notified the state’s Medical Cannabis Commission (MCC) of the decision to prioritize vaccination for its marijuana workers, which industry representatives say will help protect thousands of employees and patients who have relied on their services amid the pandemic.
Frontline workers employed in health care, law enforcement, nursing homes and the judiciary also qualify for the phase 1A vaccinations. And now that will be extended to medical cannabis workers at dispensaries, cultivation facilities, labs and processing businesses.
Maryland’s move is yet another example of states recognizing the essential role of cannabis businesses during the health crisis. But this is the first time that a state has specifically prioritized marijuana industry workers for vaccines.
Earlier this month, a coalition of cannabis businesses asked California policymakers to include workers in their sector in the next phase of COVID-19 vaccine distribution.
The group argued that there are unique risks in the industry because workers frequently interact with patients who might be more vulnerable to the virus because they are immune compromised or elderly.
But without clarification from the state, the question of whether cannabis industry workers can get vaccines now or will have to wait until later is largely up to individual counties and healthcare providers, which have discretion to adopt distribution policies that best fit their needs.
Guidance provided by the state in early December recommended that “persons at risk of exposure to SARS-CoV-2 through their work in any role in direct health care or long-term care settings” should be prioritized for vaccinations.
“This population includes persons at direct risk of exposure in their non-clinical roles, such as, but not limited to, environmental services, patient transport, or interpretation,” it says, without specifying whether that includes marijuana workers.
San Diego County, in contrast, in its own local guidelines for phase 1A of the vaccine rollout released last week, specifies that the list “includes cannabis industry” workers.
Meanwhile, activists in Washington, D.C. recently announced plans to hand out free bags of organically grown cannabis outside of coronavirus vaccination centers in the nation’s capital. The goal is to “highlight the need for further local and national cannabis reform while also advocating for equitable distribution of the critical vaccine.”
Separately, while states have taken steps to protect the market and ensure that patients and consumers maintain access amid the pandemic, the same can’t be said of the federal government.
Because marijuana remains federally illegal, cannabis companies have been denied economic relief through agencies like the Small Business Administration. Even industries that work “indirectly” with state-legal marijuana businesses are ineligible for certain relief loans.
Photo courtesy of Mike Latimer.
mailing list archives
Re: Fully Automated CONOPs Exercise
From: Dave Dittrich via Dailydave <dailydave () lists aitelfoundation org>
Date: Wed, 27 Jan 2021 21:39:01 -0800
Did any of them mention international humanitarian law, specifically discrimination, respecting territory of neutral ("green") actors and their infrastructure, and avoiding harm to neutral third parties and non-combatants? The problem with most worms is the inability to accurately discriminate targets and resulting harm. This is an area where technical experts need to be balanced with operators and policy makers to ensure that non-technical operators and policy makers fully understand what it is that they are talking about. And where use of *all* of the levers of sovereign power, in partnership with other nations, to establish and enforce norms, is crucial. Should we really consider unconstrained damage and instantaneous global chaos as "fun?" ;) On Wed, Jan 27, 2021 at 8:45 PM Dave Aitel via Dailydave <dailydave () lists aitelfoundation org> wrote:
So one of my new fav questions to ask policy teams is what they would do if they were told to switch their offensive team entirely to worms. Nothing else. Just worms. What needs to change to make that happen - from op tempo to supply chain to personnel to policy and technological investment. And how would their defensive team need to change strategically if they were facing such an offensive team. It's a fun thing to see people wrap their minds around. :) Also, if you missed it, yesterday's CYBER HOT TAKES are here: https://www.youtube.com/watch?v=hzcmfIgvj7A&t=2s&ab_channel=DaveAitel -dave _______________________________________________ Dailydave mailing list -- dailydave () lists aitelfoundation org To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
-- Dave Dittrich @davedittrich dave.dittrich () gmail com https://davedittrich.github.io/ _______________________________________________ Dailydave mailing list -- dailydave () lists aitelfoundation org To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
UPDATED 7:00 AM PT – Thursday, January 28, 2021
Critics are calling out Joe Biden for going back on his word after he signed a record number of executive orders during his first week in office in direct contradiction of statements he made while on the campaign trail.
While speaking during an ABC town hall in October, Biden told viewers that only a dictator can legislate by executive order.
“Some of my Republican friends and some of my Democratic friends occasionally say, ‘well if you can’t get the votes, by executive order you’re going to do something,’” he stated. “You can’t do it by executive order, unless you’re a dictator…we’re democracy, we need consensus.”
Republicans are warning Biden’s willingness to engage in unilateral actions at such an alarming rate signals a clear danger of executive overreach.
In a message to his constituents, Florida Sen. Marco Rubio (R-Fla.) warned Biden is acting as a puppet for the far-left agenda instead of being the centrist leader he claims to be.
So far Biden has talked like a centrist but governed from the radical left pic.twitter.com/wVnARR4dta
— Marco Rubio (@marcorubio) January 22, 2021
Congresswoman Lauren Bobert (R-Colo.) also slammed the hypocrisy coming from the left by highlighting how Democrats spent four years calling President Trump a dictator while applauding Biden for setting the record of week one executive orders.
The party that spent four years calling President Trump a dictator are now applauding Joe Biden for setting the record of week-one executive orders.
— Lauren Boebert (@laurenboebert) January 27, 2021
Rudy Giuliani, President Trump’s personal attorney, also criticized Biden for walking back on his previous statement. He posed the question: do Biden’s words also apply to himself?
Joe Biden once said that excessive reliance on executive orders and ignoring the Legislature, is dictatorial.
Well Joe, are you aware that it now applies to you?
— Rudy W. Giuliani (@RudyGiuliani) January 27, 2021
If Biden continues at this rate, he will have surpassed the 220 executive orders President Trump signed during his entire term in just six-weeks.
Anonymous: Keishicho ”Yubisatsujin” Taisakushitsu Synopsis: More and more problems are created by the popularity of social media. In response to these …
Human. Entrepreneur, Engineer, Facebook Media Buyer.
In most cases, when I work on projects with my clients, I use the tools I am more familiar with (and that are most widely adopted) to attract an audience – Facebook & Google. The effectiveness of these sources has long been tested and confirmed, however, Apple Search Ads (ASA) is a new unknown tool for many. In today’s post, I will talk about its key advantages and disadvantages of ASA, as well as, share a free and comprehensive ASA course that will be useful for both beginners and advanced mobile marketers. And so, in order.
Apple Search Ads Disadvantages
Apple Search Ads are not cheaper than in other channels
Installs on Apple Search Ads are often more expensive than on Facebook, Google Ads, and other channels, verified by my observation of dozens of projects.
You can look at my average prices for Apple Search Ads installs categorized by different countries by following the link.
Search Ads do not bring in more traffic
In Search Ads, the application can be shown only in the AppStore and only by queries that users enter there. On Facebook and Instagram, you can show ads at any time when a person is scrolling through the feed, and users do this much more often than they are looking for something in the AppStore. That is, in Search Ads, a potential client can be caught only at the moment when he is looking for something there.
Apple Search Ads Advantages
You can get search conversion data for ASO purposes
Apple Search Ads is a great tool to understand which queries are best converted into installs, and then use them in the title on the AppStore and target them as part of your App Store Optimization (ASO) strategy.
Expansion of the semantic core
If you use BroadMatch or SearchMatch, Apple itself will find search queries for you, which you can then use in ASO to show on them for free.
Getting better and more targeted installations
The settings from the Apple Search Ads are more relevant since the user was just looking for a new application at that moment; that is, he wanted to install the application and saw an advertisement. At the same time, on Facebook, a user accidentally sees an application in the feed and can install it simply out of curiosity, and not because he wanted it right now.
Using brand names
If you have a popular brand name and you do not want someone else to appear when your potential customers search for you. Your goal is to be in a higher position than your competitors. To do this, you will have to occupy this advertising space with your ad. Thus, you will partially cannibalize your traffic. On the other hand, you may find yourself in the search results for a competitor above the competitor and “squeeze out” a few percent of its target audience. I know of no other such possibility.
A / B tests of screenshots
Unfortunately, unlike Google Play, A / B tests of icons, screenshots, and description texts are not allowed in the AppStore, so the only way to test screenshots is Search Ads, where you can choose which images to show in ads and thus compare conversions.
Query value determination
Apple allows you to receive information directly in the application about what keyword the user came for if it was an installation from Search Ads. Thus, you can send this information to your analytics system (Amplitude or Firebase) and see LTV in terms of keywords. You can also immediately adjust the onboarding in the application to the user’s goals at the start.
In general, Apple Search Ads (ASA) can probably be equally attributed to both sources of attracting paid traffic and App Store Optimization (ASO) tools. Judge for yourself, but it is with the help of ASA that you can:
- Analyze the popularity of search queries (Search Ads Popularity);
- Fill the semantic core with new phrases offered by Apple itself;
- Determine the relevance of search queries by conversion to installs;
- Protect the position of your brand in search;
- Test screenshots and much more.
That is, App Store Optimization and Apple Search Ads are inextricably linked. More precisely, the competent setting of advertising in the Apple Search Ads significantly increases the effectiveness of your App Store Optimization strategy.
How to learn to work with Apple Search Ads for free
Here is a free course to help you learn how to nail Apple Search Ads in just 9 lessons! Designed for marketers of all levels, the course helps them learn all the essentials of running Apple Search Ads campaigns: from defining your main KPIs to scaling keywords and ROI optimization.
To further your career, the SearchAdsHQ Professional Exam for Search Ads can help you check your knowledge in setting up, managing, and optimizing Apple Search Ads campaigns, and get a personalized certificate if successful.
I wish you the best of luck with Apple Search Ads and the best in developing your mobile apps or games. Test hypotheses and work in the data plane, make decisions based on statistics.
Create your free account to unlock your custom reading experience.
A group of cannabis testing labs in Michigan claims that a large amount of marijuana on retail store shelves is rife with mold and yeast.
Members of the Michigan Coalition of Independent Cannabis Testing Laboratories have tested licensed cannabis in the state’s stores and found such contamination, the Detroit Free Press reported.
The revelation follows state regulators discontinuing a testing method it claims resulted in false negatives – or allowed contaminated marijuana to pass testing.
However, the Michigan Cannabis Industry Association disputes the lab group’s findings, saying the state’s move to halt the testing method was done for safety reasons and was not based on evidence of tainted marijuana.
“From our perspective, there has not been any indication there is contaminated product in the system,” Robin Schneider, the executive director of the association, told the Free Press.
Shady practices by marijuana testing labs and an overall lack of standards is an ongoing problem for the industry.
WATCH THIS – You need to hear this Subscribe: https://www.youtube.com/user/anonymousworldvoce?sub_confirmation=1 Find more content: …