Even if youve begrudgingly begun to schlep into an office on a regular basis, its likely that you still maintain some semblance of a work-from-home setup. In fact, according to the latest Gallup data, 53 percent of U.S. employees have hybrid schedules. If youre lucky, you have a spare bedroom or dedicated study at home where you can go for the daily grind, undisturbed. If youre a small-space dweller, however, its probable that your WFH cranny is doing double duty as your bedroom or living room, and thatnearly five years inyour chipped particle-board desk and ugly ergonomic chair are no longer cutting it. Dont you think its time for an upgrade? Office design is equal parts art and science, and small, multipurpose areas require different aesthetic and functional considerations. Theres a big difference between designing a dedicated home office and establishing a workspace within a room that serves dual purposes, such as being both a bedroom or a living room, affirms ELLE DECOR A-List designer Ghislaine Vias, whose firm designs private residences, commercial offices, and hospitality projects alike. For inspiration, weve turned to the ELLE DECOR archive, where weve discovered 30 clever small home office ideas by Vias and many more interior designers. Even if youre not the boss, after scrolling through these youll certainly feel like one.1Camouflage Home OfficeNoe DeWittIf you hate the ever-present reminder of work in your home, camouflage it! ELLE DECOR A-List designer Nick Olsen shows us how it's done in his thoughtful Sag Harbor home. Here in the den, the blue-painted desk blends in perfectly with the indigo mud cloth walls. Now you see it, now you don't! 2Arched Enclave Home OfficeGenevieve LutkinAll I want is to create good things that stand the test of time, ELLE DECOR A-List architect Miminat Shodeinde tells us. And what could be more enduring than a combined bookshelf-desk, which works hard even when you're off the clock? Herein a minimal London townhouseShodeinde created an arch-shaped nook for a computerand surrounded it by niches to display treasures and tomes. Advertisement - Continue Reading Below3Bold Rug Home OfficeWilliam Jess LairdNever underestimate the transformative power of a good rugand designer Mike Moser's Hollywood Heights bungalow is proof. Here, he perched a vintage desk and set of ultra-deep chairs onto a cerulean blue Art Deco carpet. 4Scenic Wallpaper Home OfficeFrancesco DolfoIf you're like us, your eyes will wander out the window when you're deep in thought. No window? No problem. Here, in his Milan flat, hospitality designer Eric Egan enveloped his living room in a gorgeous scenic wallpaper and tucked in an unobtrusive WFH zone. Talk about a successful merger! Advertisement - Continue Reading Below5Super-Curated Home OfficeAdrian Gaut"Intentional spareness" was the goal for this Miami vacation pad designed by Martin Brl. So in lieu of desk clutter in this home office, you'll only find super-curated finds. including a vintage desk, an Isamu Noguchi table lamp, a Larry Sultan photo, and vintage rope chairs by artist Christian Astuguevieille6Neat Niche OfficeKelly MarshallTalk about carving out your professional niche! This office alcove, expertly created by ELLE DECOR A-List designer Tiffany Howell for writer and director Mara Brock Akil, is its own mood, thanks to a dusty blue paint job, a vintage lamp, a floating desk, and an abstract artwork by Peter Beard. Advertisement - Continue Reading Below7Pretty and Pink Home OfficeAnnie SchlechterHostess-with-the-mostest Rebecca Gardner wedged a home office into the corner of her pink living room, though youd barely notice thanks to all of the maximalist accessories. The glass-topped table provides a chic perch for a laptop but also does double duty as a console table when guests arrive for cocktails. 8Moody Blue OfficeSharyn CairnsBlink and youll miss this sexy study, in a Melbourne home designed by Powell & Glenn. A deep turquoise coat of paint and boudoir-like furnishingsincluding a Cassina chair and a Gubi mirrormake this area feel equally suited to gussying up as it is to bossing around. Advertisement - Continue Reading Below9Green Lacquered Home OfficeChris MottaliniWant true work-life separation? Then hide your office. Here, in a Miami Beach apartment designed by Charlap Hyman & Herrero, the desk area virtually disappears thanks to a coat of slick emerald lacquer (Benjamin Moores Alligator Alley, for your information). Using one color or material everywhere sublimates forms, blurring the edges of a room and the pieces of furniture within it, explains firm co-founder Adam Charlap Hyman. The effect is something expansive, even infinite.10Nautical Home OfficeStephan JulliardIn this sweet studyin the French vacation home that ELLE DECOR A-List designer Jean-Louis Deniot shares with his sisterthe out-of-office message is loud and clear, even though its residents may not be. A regal, blue-upholstered chair is pulled up to a pint-sized Peter Lovig Nielsen desk, while a rattan lamp (which ties in nicely with the whimsical rope details on the floor lamps and door trim) and sunny Slim Aarons photograph are reminders of the dreamy seaside setting. Advertisement - Continue Reading Below11Office with a ViewRead McKendreeStudies show that access to light and nature is a key ingredient to workplace productivity, so if you have the opportunity to place your desk near a window, take it. For this soothing setup in a Pebble Beach, California, home, the designers at Workshop/APD oriented a CB2 desk toward the stunning ocean view. 12Memphis-Inspired Home Office Matthew WilliamsJust because your job is all work and no play doesnt mean your home office needs to be too. Case in point: this fun-loving office in a Wisconsin lake house designed by Victoria Sass of Prospect Refuge Studio. The postmodern-inspired look includes a floating custom desk, a diminutive blue desk lamp from the Future Perfect, a primary-colored chair from Dims, and a playful rug from Cold Picnic. Next stop, happy hour! Advertisement - Continue Reading Below13Modern & Minimal Home OfficeNicole FranzenMany of us dont have the luxury of a dedicated room for a home office. If thats the case, use art and accessories to delineate your work area in a way that complements the rest of your home decor. In the Brooklyn home of Calico Wallpaper founders Rachel and Nicholas Cope, a study nook in the living room gives off a distinctly midcentury vibe, with its Danish rosewood desk and a fun magazine rack by designer Arthur Umanoff. A mobile by Ladies & Gentlemen Studio and a painting by Leon Benn provide artful touches. 14Glamorous Home OfficeEma PeterEvergreen-hued velvets define this dramatic bedroom in a mother-daughter pad designed by Vancouver firm PlaidFox. The study space (or vanitydepending on the time of day) blends in with the mood perfectly, thanks to a matching Juliana Vasconcellos chair, a custom burlwood desk, and a funky vase by Gaetano Pesce. Advertisement - Continue Reading Below15Bohemian Home OfficeVictoria PearsonHome offices should feel grounding, not chaotic. And a good way to create calm is to surround yourself with objects that you know and love. In this cool-and-collected bohemian beach house, designer Schuyler Samperton designed a small living room work area around the clients stunning 18th-century Chinese painters desk. Similarly soulful objects were layered into the vignette, such as the owners prized 1948 Greta Magnusson Grossman lamp and a 1930s French armchair. A terra-cotta-colored grass-cloth wallcovering, paisley curtains, and a patterned rug make the look extra embracing. 16Neutral Oasis Home OfficeDavid MitchellLike many home offices, this WFH area in a house designed by Timothy Godbold is in a bedroom. The vintage Danish teak desk, sculptural lamp, artworks, and chubby NOOM chair meld with the neutral decor of the room, ensuring thatthough home offices are physical reminders of a 9-to-5this look isnt one to lose sleep over. Advertisement - Continue Reading Below17Wallpapered Home Office Serena Eller VainicherAn attractive Zoom backdrop is a must in this day and age, and nothing makes you look more erudite than a curated bookshelf. In their Rome apartment, architects Massimo Alvisi and Junko Kirimoto backed their custom shelf with a delicate floral wallpaper and displayed a series of sweet sculptures by Giuseppe Palermo atop the antique mantelpiece. 18Midcentury OfficeWilliam AbranowiczLike the Ed Ruscha artwork suggests, this Los Angeles home office is elegant without taking itself too seriously. Cliff Fong, the designer behind the ELLE DECOR A-List firm Matt Blacke, selected midcentury classicslike the 1967 desk by Peter Lovig Nielsen and the Arne Jacobsen chair behind itbut kept it all from looking too Mad Men with a glamorous vintage French chandelier and an all-white paint job. Home offices are a Mighty Topic indeed! Advertisement - Continue Reading Below19Patterned & Playful Home Office Guido TaroniIf the thought of a corporate-looking WFH setup crushes your soul, then patterns are your new office bestie. Here, in a stately Rome home, art historian Carolina Vincenti eschewed a desk for a 19th-century table and an antique cane chair. Colorful textiles, like the Isabella Ducrot abstract polka-dot wallhanging and the floor-skimming curtains in a GP & J Baker fabric, add whimsy. And never forget: Flowers are a surefire way to brighten up the workday. 20Patterns and Plants Home OfficeMiguel Flores-ViannaIts no surprise that Nathalie Farman-Farma, founder of the fabric house Dcors Barbares, surrounds herself with vibrant prints in her bohemian London home office. Here, she slid a Napoleon III stool beneath an antique Danish rolltop desk and topped it all off with a coordinating textile and an unruly zigzag cactus. Anna FixsenDeputy Digital EditorAnna Fixsen is the deputy digital editor of ELLE DECOR, where she oversees all facets of ElleDecor.com. In addition to editing articles and developing digital strategy, she writes about the worlds most beautiful homes, reviews the chicest products (from the best cocktail tables to cute but practical gifts), and reports on the most exciting trends in design and architecture. Since graduating from Columbia Journalism School, shes spent the past decade as an editor at Architectural Digest, Metropolis, and Architectural Record and has written for outlets including the New York Times, Dwell, and more.

Meta this week announced new features coming to its smart glasses designed in partnership with Ray-Ban. Ray-Ban Meta glasses will soon gain new AI capabilities as well as integration with Apples Shazam to identify songs.As announced by the company, software update v11 for the Ray-Ban Meta adds integration with Shazam, Apples song identification app. Once available, users will be able to simply use their voice to say Hey Meta, what is this song? and the glasses will use Shazam to recognize the song and answer the question.We all know the feeling: Youre out on the town when an absolute banger starts playingbut either its new, obscure, or even an old favorite whose track name or artist just happens to escape you at that particular moment. Now, your glasses can do the heavy lifting for you, Meta said in a blog post.This comes after Meta added Apple Music integration to its Ray-Ban smart glasses earlier this year. With this integration, those who own the glasses can ask Metas virtual assistant to play a song, playlist, album, station, or even artist all hands-free.In addition to Shazam integration, Ray-Ban Meta glasses will also receive some new AI features with the update. One of them is Live AI, which will let users share what theyre seeing with their glasses in real time so that Meta AI can help them with everyday activities. With Live AI, users can ask questions without having to say Hey Meta all the time.In addition, Meta is also bringing Live Translation to its smart glasses. When talking to someone in another language, youll hear what theyve said in your language through the glasses speakers. The feature was teased live earlier this year by Meta CEO Mark Zuckerberg.According to Meta, the v11 software update will begin rolling out starting today to Ray-Ban Meta glasses users. However, the AI features will only be available in beta for those registered in Metas Early Access Program.If you own a Ray-Ban Meta, heres how to upgrade your smart glasses:Open theMeta View appon your phoneTap theSettingsmenuChoose theYour GlassesoptionTapUpdatesMake sure your glasses are nearby, paired to your phone, and recharged before installing an update.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Meta has been working on a lot of new features for Threads, its microblogging platform, and theres another one coming soon. The company has now teased a long-awaited option that will let users schedule posts for a later time.Option to schedule posts coming to ThreadsAs announced by the official Threads account on the social network, the feature for scheduling posts is now being tested with a small group of users. According to Meta, it will be available to all Threads users soon, although no date has been set.With this option, Threads users can create a post and then schedule it to be posted at a later time or date. Once available, the feature can be found by tapping the three-dot button in the post composer. Scheduled posts will appear in the draft folder along with a label to indicate the time the post was scheduled. Scheduled posts can be edited or deleted before theyre published.Meta seems to have been ramping up the development of new features for Threads recently,coincidentally when its competing platform Bluesky has been growing significantly. Earlier this month, the company started allowing users to follow accounts from other users, albeit with limitations. Threads also now lets users watch videos in landscape and choose a Custom Feed to view by default.The Threads app is available for free on the App Store. Make sure you have the latest version of the Threads app installed in order to get access to the new features like the new option to schedule posts.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The iPhone 16s Camera Control feature arrived to mixed reviews, including from me. But iOS 18.2 upgrades the feature in several key ways, making it what it was always meant to be.Visual intelligence unlocks a new camera superpowerThe biggest change for Camera Control in iOS 18.2 is visual intelligence.By long-pressing Camera Control, your iPhones camera can launch in a special mode that provides key information about the world around youand shortcuts to take action on that info.Heres how Apple describes it:Users can click and hold Camera Control to pull up the hours or ratings for a restaurant they pass, add an event from a flyer to their calendar, quickly identify a dog by breed, and more. Camera Control will also serve as a gateway into third-party tools with specific domain expertise, like when users want to search on Google to find where they can buy an item, or to benefit from ChatGPTs problem-solving skills.My colleague Fernando made a video outlining 10 distinct uses for visual intelligence. I highly recommend checking it out to see whats your iPhone 16 can now do on iOS 18.2.Faster camera launcher than beforeAnother key upgrade in iOS 18.2 is that you can use Camera Control to launch the Camera app faster than ever before.By visiting Settings Display and Brightness youll find a new toggle for Camera Control: Require Screen On.iOS 18.2 defaults to this toggle being on, which makes Camera Control work like it always has. But if you switch it off, youll be able to launch your camera even when the iPhones display is off.Basically this removes a step and lets you capture an image faster. No more needing to press Camera Control once to wake your device and a second time to launch the Camera (or tapping your display first to wake it).Just grab your iPhone, press Camera Control and your camera will be ready to go.More new features and settingsiOS 18.2 also introduces a two-stage shutter feature like Apple demoed back in September.Inside Settings Camera Camera Control, theres a new AE/AF Lock toggle. Nice that they're already adding improvements and listening to feedback, but it still feels too limiting to only have access to camera functions. This should've been billed as Action Button 2.0 with support for custom actions. You should be able to use it to scroll up and down on webpages, scrub through videos, maybe even assign it to volume control and use the two existing volume buttons as two more Action Buttons! View all commentsEnabling this means a light press on Camera Control will lock both focus and exposure, so you can press lightly to lock those details in, then press harder to actually take your photo.Theres also a new option in Settings Accessibility Camera Control to control the speed of a double-click action. You can choose from three options: Default, Slow, and Slower.iOS 18.2 Camera Control wrap-upCamera Control in iOS 18.2 is the feature Apple clearly wanted to ship with the iPhone 16, but was unable to. It makes the new dedicated button a lot more useful than before, such that it actually becomes the killer feature it was meant to be.Have you been using Camera Control in iOS 18.2? What do you think of the changes? Let us know in the comments.Best iPhone accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

"That's a sickness, actually."Not a FanPresident-elect Donald Trump has finally spoken out about the murder of UnitedHealthcare CEO Brian Thompson.During a news conference this week nearly two weeks after Thompson was gunned down in the streets of Manhattan Trump suggested that there's either something wrong with people valorizing Mangione or something wrong with the media reporting on that public reaction."How people can like this guy, is that's a sickness, actually," Trump said of the 26-year-old alleged assassin, who has been charged with murder as an act of terrorism by the Manhattan district attorney. "Maybe it's fake news, I don't know.""It's hard to believe that can even be thought of, but it seems that there's a certain appetite for him," the former and future president continued. "I don't get it."In Cold BloodDuring that same news conference, which was held at Mar-a-Lago alongside SoftBank CEO Masayoshi Son to announce the Japanese banker's $100 billion pledge to help build AI in the US, Trump also sounded off on the way Thompson was shot."It was cold-blooded; just a cold-blooded, horrible killing," the president-elect said. "The way it was done, it was so bad, right in the back and very bad."There's little surprise that Trump, himself a CEO and the subject of an attempted assassination earlier this year, would take this stance on the shooting, though the amount of time it took him to make the remarks feels telling.During that lengthy silence, Trump welcomed another young killer 25-year-old Marine veteran Daniel Penny to his box during the Army-Navy football game. The stunt took place just a few days after Penny was acquitted of negligent homicide in the death of Jordan Neely despite being captured on video putting the 30-year-old man in a chokehold for three long minutes in a crowded subway car.It's striking that the president-elect would find it appropriate to pal around with one New York killer while disparaging another except, of course, when you consider who died in those disparate encounters.Share This Article

Ouch.Cord CuttersPresident-elect Donald Trump is hellbent on reversing any progress current president Joe Biden has made by extending the national electric vehicle charging network.According to a document obtained by Reuters, Trump's transition team is recommending to cut off any federal funding for both EVs and chargers, while actively blocking any cars or EV batteries coming from China.The plan is to funnel any available EV and battery resources toward the military instead.If they come to pass, the plans could make electric cars substantially more expensive for American consumers, further entrenching existing slowdowns in EV demandsand limiting adoption.And it's not just EVs, according to Reuters the price of any piece of technology relying on batteries could soon spike, because the transition team also recommends placing tariffs on any battery materials globally.EV UnpluggedWhere the recommendations could leave Biden's promise to roll out half a million EV charging stations by 2030 remains to be seen. Despite a massive $7.5 billion being allocated by Congress, there are only seven stations operational across four states, as of March.The new rules could also hurt Tesla sales. But while Musk has put his entire weight behind Trump's reelection, the mercurial CEO has maintained that subsidies hurt Tesla more than they help.Earlier this year, Musk abruptlyfired the entire 500-person team working on its vaunted Supercharger network after receiving more than $17 million in federal grants.Trump, a longtime climate denier, has long pushed for a renewed focus on the oil and gas industry, calling for the country to "drill, baby, drill."Apart from giving up on EVs, Trump is also widely expected to roll back environmental regulations, giving Musk's SpaceX the green light to launch rockets without abiding by strict environmental rules.And that could potentially apply to the car sector as well. The transition team recommends loosening environmental review processes to boost "federally funded EV infrastructure projects," such as battery production.Unsurprisingly, the team is also looking to end Biden's policy to require federal agencies to electrify their fleets.Whether these new plans will kickstart a globally competitive EV production supply chain in the US is unclear at best.Share This Article

This is extremely embarassing.New and UnimprovedIt seems that Tesla's self-driving efforts have hit another snag, because the computers built into its cars that run its semi-autonomous driving software are failing,Electrek reports, adding to the Elon Musk-owned automaker's track record of dodgy quality control.The issue has been apparent for several weeks but has not received significant attention until now. According to complaints that Electrek says it's received from owners, it's brand new Teslas that are experiencing the hardware failures within just several hundred and sometimes just several dozen miles of driving.When the computers malfunction, it disables not only the Autopilot and Full Self-Driving modes, but more commonly used features like the vehicle's extensive suite of cameras, its GPS, navigation features, and active safety features, the site found.Quiet CoverupPer Electrek's investigation, the issue is related to the newest version of Tesla's onboard self-driving chips, dubbed HW4, which are reportedly "short-circuiting."An Electrek source speculated that the computer's built-in battery may be responsible for the apparent electrical error, and according to other sources inside the automaker, only Tesla models built within the past several months that are equipped with HW4 are experiencing the issue.From the outside, the breadth of the issue is difficult to gauge. But two of the anonymous insiders said that Tesla is "currently receiving a high number of complaints about this issue," though the automaker is yet to release a service bulletin.Anothersource alleges that Tesla service has been instructed to "play down any safety concerns related to this problem to avoid people believing their brand-new cars are not drivable." This is a serious claim to make, but the automaker has a history of misrepresenting its own capabilities and obfuscating crash reports that would be damaging to its image.According to Electrek, Tesla should have reported the issue to the National Highway Traffic Safety Administration because a broken rear-view camera violates federal safety regulations, which would mandate the vehicles be recalled.One Step BackwardEven by Tesla's ever-lowering standards, this sounds like an embarrassing blunder. Recall that CEO Elon Musk, not that long ago, made it sound like this new line of vaunted HW4 chips would finally provide a hardware platform powerful enough to enable cars to fully drive themselves.The solution is as yet unclear. If a software update can fix the issue, it could soon fade into memory. But the main fix being discussed at the company is a total computer replacement, according to Electrek.It's safe to say that in that case, the fallout will be costly, and the swamped status of Tesla service will likely mean that it could be months before owners could get their high-tech EVs repaired."I am owning such a car," wrote on Electrek commenter, who claims to own a Model 3 delivered this September. "Driving computer broken after 1 month [and] 1500km of use. Still not repaired due to missing spare part."Share This Article

Dec 17, 2024Ravie LakshmananMalware / Credential TheftA new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate."An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said."The attacker failed to install a Microsoft Remote Support application but successfully instructed the victim to download AnyDesk, a tool commonly used for remote access."As recently documented by cybersecurity firm Rapid7, the attack involved bombarding a target's email inbox with "thousands of emails," after which the threat actors approached them via Microsoft Teams by masquerading as an employee of an external supplier.The attacker then went on to instruct the victim to install AnyDesk on their system, with the remote access subsequently abused to deliver multiple payloads, including a credential stealer and the DarkGate malware.Actively used in the wild since 2018, DarkGate is a remote access trojan (RAT) that has since evolved into a malware-as-a-service (MaaS) offering with a tightly controlled number of customers. Among its varied capabilities are conducting credential theft, keylogging, screen capturing, audio recording, and remote desktop.An analysis of various DarkGate campaigns over the past year shows that it's known to be distributed via two different attack chains that employ AutoIt and AutoHotKey scripts. In the incident examined by Trend Micro, the malware was deployed via an AutoIt script.Although the attack was blocked before any data exfiltration activities could take place, the findings are a sign of how threat actors are using a diverse set of initial access routes for malware propagation.Organizations are recommended to enable multi-factor authentication (MFA), allowlist approved remote access tools, block unverified applications, and thoroughly vet third-party technical support providers to eliminate the vishing risk.The development comes amid a surge in different phishing campaigns that have leveraged various lures and tricks to dupe victims into parting with their data -A large-scale YouTube-oriented campaign in which bad actors impersonate popular brands and approach content creators via email for potential promotions, partnership proposals, and marketing collaborations, and urge them to click on a link to sign an agreement, ultimately leading to the deployment of Lumma Stealer. The email addresses from YouTube channels are extracted by means of a parser.A quishing campaign that makes use of phishing emails bearing a PDF attachment containing a QR code attachment, which, when scanned, directs users to a fake Microsoft 365 login page for credential harvesting.Phishing attacks take advantage of the trust associated with Cloudflare Pages and Workers to set up fake sites that mimic Microsoft 365 login pages and bogus CAPTCHA verification checks to supposedly review or download a document. Phishing attacks that use HTML email attachments that are disguised as legitimate documents like invoices or HR policies but contain embedded JavaScript code to execute malicious actions such as redirecting users to phishing sites, harvesting credentials, and deceiving users into running arbitrary commands under the pretext of fixing an error (i.e., ClickFix).Email phishing campaigns that leverage trusted platforms like Docusign, Adobe InDesign, and Google Accelerated Mobile Pages (AMP) to get users to click on malicious links that are designed to harvest their credentials.Phishing attempts that claim to be from Okta's support team in a bid to gain access to users' credentials and breach the organization's systems.Phishing messages targeting Indian users that are distributed via WhatsApp and instruct the recipients to install a malicious bank or utility app for Android devices that are capable of stealing financial information.Threat actors are also known to swiftly capitalize on global events to their advantage by incorporating them into their phishing campaigns, often preying on urgency and emotional reactions to manipulate victims and persuade them to do unintended actions. These efforts are also complemented by domain registrations with event-specific keywords."High-profile global events, including sporting championships and product launches, attract cybercriminals seeking to exploit public interest," Palo Alto Networks Unit 42 said. "These criminals register deceptive domains mimicking official websites to sell counterfeit merchandise and offer fraudulent services." "By monitoring key metrics like domain registrations, textual patterns, DNS anomalies and change request trends, security teams can identify and mitigate threats early."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 17, 2024Ravie LakshmananCyber Espionage / MalwareA suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT."The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint researchers Nick Attfield, Konstantin Klinger, Pim Trouerbach, and David Galazin said in a report shared with The Hacker News.The enterprise security company is tracking the threat actor under the name TA397. Known to be active since at least 2013, the adversary is also referred to as APT-C-08, APT-Q-37, Hazy Tiger, and Orange Yali.Prior attacks conducted by the hacking group have targeted entities in China, Pakistan, India, Saudi Arabia, and Bangladesh with malware such as BitterRAT, ArtraDownloader, and ZxxZ, indicating a heavy Asian focus.Bitter has also been linked to cyber attacks that have led to the deployment of Android malware strains like PWNDROID2 and Dracarys, per reports from BlackBerry and Meta in 2019 and 2022, respectively.Earlier this March, cybersecurity company NSFOCUS revealed that an unnamed Chinese government agency was subjected to a spear-phishing attack by Bitter on February 1, 2024, that delivered a trojan capable of data theft and remote control.The latest attack chain documented by Proofpoint involved the threat actor using a lure about public infrastructure projects in Madagascar to entice prospective victims into launching the booby-trapped RAR archive attachment.Present within the RAR archive was a decoy file about a World Bank public initiative in Madagascar for infrastructure development, a Windows shortcut file masquerading as a PDF, and a hidden alternate data stream (ADS) file containing PowerShell code.ADS refers to a feature that was introduced in the New Technology File System (NTFS) used by Windows to attach and access data streams to a file. It can be used to smuggle additional data into a file without affecting its size or appearance, thereby giving threat actors a sneaky way to conceal the presence of a malicious payload inside the file record of a harmless file.Should the victim launch the LNK file, one of the data streams contains code to retrieve a decoy file hosted on the World Bank site, while the second ADS includes a Base64-encoded PowerShell script to open the lure document and set up a scheduled task responsible for fetching the final-stage payloads from the domain jacknwoods[.]com.Both WmRAT and MiyaRAT, as previously detailed by QiAnXin, come with standard remote access trojan (RAT) capabilities, allowing the malware to collect host information, upload or download files, take screenshots, get geolocation data, enumerate files and directories, and run arbitrary commands via cmd.exe or PowerShell.It's believed that the use of MiyaRAT is reserved for high-value targets owing to the fact that it has been selectively deployed in only a handful of campaigns."These campaigns are almost certainly intelligence collection efforts in support of a South Asian government's interests," Proofpoint said. "They persistently utilize scheduled tasks to communicate with their staging domains to deploy malicious backdoors into target organizations, for the purpose of gaining access to privileged information and intellectual property."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 17, 2024The Hacker NewsThreat Hunting / Sandbox AnalysisAddressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel. To avoid this, use these five battle-tested techniques that are certain to improve your company's threat awareness and overall security.Finding threats targeting orgs in your regionThe most basic, yet high-impact way to learn about the current threat landscape for your company is to go and see what type of attacks other organizations in your region are experiencing. In most cases, threat actors attempt to target dozens of businesses at the same time as part of a single campaign. This makes it possible to catch the threat early and make correct adjustments in your organization.How it contributes to your security:More targeted and effective defense strategy.Accurate threat prioritization.Resource optimization.How it works:While there are several ways to find out about the current threat landscape in your country, ANY.RUN provides one of the most comprehensive and user-friendly solutions for this. It runs a massive public database of analysis reports on the latest malware and phishing samples, which are uploaded to ANY.RUN's sandbox by over 500,000 security professionals worldwide. Extensive data from each sandbox session is extracted and can be searched through by users via ANY.RUN's Threat Intelligence (TI) Lookup. The service offers over 40 different parameters, from IP addresses and file hashes to registry keys and mutexes, helping you pinpoint threats using the smallest indicators with accuracy.Say we want to see what type of phishing threats are targeting organizations in Germany, while excluding URLs from the search (using the NOT operator), as we wish to focus on malicious files specifically. To do this, we can type the following query into TI Lookup:threatName:"phishing" AND submissionCountry:"de" NOT taskType:"url"You can explore each sandbox session shown by TI LookupIn seconds, we get a list of public sandbox sessions which include phishing documents, emails, and other types of content submitted to ANY.RUN by users in Germany. You can observe each session closely completely for free to gain additional insights into the threats and collect invaluable intelligence.One of the sandbox sessions from the TI Lookup results, showing analysis of a phishing emailAs shown in the image above, we can view the entire attack in action along with all network and system activities recorded during the analysis.Get a 14-day FREE trial of TI Lookup to see how it can improve your organization's security.Checking suspicious system and network artifacts with TI toolsOn an average day, security departments at mid-size organizations get hundreds of alerts. Not all of them are properly followed through, which leaves a gap for attackers to exploit. Yet, simply adding one more layer of verifying all the suspicious artifacts with TI tools can potentially save organizations from considerable financial and reputational losses.How it contributes to your security:Early detection of malicious activities.Understanding of the tactics and techniques used by attackers.Quick incident response to minimize impact.How it works:A common scenario for security departments is dealing with unusual IP connections. Since there are many instances of legitimate addresses generating alerts, it's easy for some employees to get complacent and let actual malicious ones slip off the hook.To eliminate such situations, employees can check all IP addresses in TI Lookup. Here is an example of possible query:destinationIP:"78[.]110[.]166[.]82"TI Lookup provides additional info for every indicator, including domains, ports, and eventsThe service instantly notifies us about the malicious nature of this IP and supplies more context: the name of the threat (Agent Tesla) and sandbox sessions where this IP was recorded.Similarly, security professionals can check system events like the use of suspicious scripts. We can include more than one indicator at the same time, to see if any of them is linked to malicious activities. Consider this query:commandLine:"C:\\Users\\Public\\*.ps1" OR commandLine:"C:\\Users\\Public\\*.vbs"It is set up to look for two types of scripts: .ps1 and .vbs format scripts that are placed in the Public directory. Since we do not know the file names of these scripts, we can simply replace them with the * wildcard.Scripts matching the queryTI Lookup provides us with a list of matching scripts, found across numerous sandbox sessions.List of sandbox sessions featuring the requested scriptsNow, we can collect their names, see how they work as part of an attack, and take preventive measures based on the discovered intel.Exploring threats by specific TTPsWhile blocking known indicators of compromise (IOCs) is an important element of your security, they tend to change regularly. That is why a more sustainable approach is to rely on tactics, techniques, and procedures (TTPs) used by attackers to infect organizations in your industry. With TI tools, you can track threats that use TTPs of your interest, observe their behavior, and gather invaluable information on them to enhance your company's detection capabilities.How it contributes to your security:Detailed insights into attacker methods.Development of specific countermeasures.Proactive defense against emerging threats.How it works:TI Lookup provides an actionable MITRE ATT&CK matrix, which includes dozens of TTPs, which are accompanied by sandbox sessions featuring malware and phishing threats using these techniques in action.TI Lookup offers an actionable MITRE ATT&CK matrixIt is free and available even to unregistered users. You can explore how attacks are carried out and find specific threats that employ particular TTPs. TI Lookup provides samples of threats for each TTPThe image above shows how the service provides information on T1562.001, a technique used by attackers to modify security tools and avoid detection. In the center, TI Lookup lists signatures related to this technique which describe specific malicious activities. On the right, you can explore reports on relevant threats.Tracking evolving threatsThreats tend to change their infrastructure and evolve, as organizations adjust to their attacks. That is why it is vital to never lose track of the threats that once posed a risk to your company. This can be done by getting up-to-date information on the latest instances of this threat and its new indicators.How it contributes to your security:Timely actions to mitigate emerging threats.Enhanced situational awareness for security teams.Better preparation for future attacks.How it works:TI Lookup allows you to subscribe to receive notifications about updates on specific threats, indicators of compromise, indicators of behavior, as well as combinations of different data points.To receive notifications, simply enter your query and click the subscribe buttonThis lets you stay aware of new variants and evolving threats, adapting your defenses as needed almost in real time.For instance, we can subscribe to a query to receive information on new domain names and other network activities related to the Lumma Stealer:threatName:"lumma" AND domainName:""TI Lookup notifies you about new results for each subscriptionSoon, we'll see how new updates start appearing.TI Lookup showing new resultsBy clicking on the subscribed query, the new results will be displayed. In our case, we can observe new ports used in attacks involving Lumma.Enriching information from third-party reportsReports on the current threat landscape are an essential source of intelligence on attacks that may target your organizations. Yet, the information they contain may be quite limited. You can build on the existing knowledge and do your own research to uncover additional details.How it contributes to your security:Ensuring a more complete picture of the threat landscape. Threat data validation.More informed decision-making.How it works:Consider this recent attack targeting manufacturing companies with Lumma and Amadey malware. We can follow up on the findings outlined in the report to find more samples related to the campaign. To do this, we can combine two details: the name of the threat and a .dll file used by attackers:filePath:"dbghelp.dll" AND threatName:"lumma"Sandbox sessions matching the queryTI Lookup provides dozens of matching sandbox sessions, allowing you to significantly enrich the data provided in the original report and use it to inform your defenses against this attack.Improve and Speed up Threat Hunting in Your Organization with TI LookupANY.RUN's Threat Intelligence Lookup provides centralized access to the latest threat data from public malware and phishing samples.It helps organizations with:Proactive Threat Identification: Search the database to proactively identify and update your defense based on the discovered intelligence. Faster Research: Accelerate threat research by quickly connecting isolated IOCs to specific threats or known malware campaigns. Real-Time Monitoring: Monitor evolving threats by receiving updates on new results related to your indicators of interest. Incident Forensics: Enhance forensic analysis of security incidents by searching for contextual information on existing artifacts. IOC Collection: Discover additional indicators by searching the database for relevant threat information. Get a 14-day free trial of TI Lookup to test all of its capabilities and see how it can contribute to your organization's security.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE