Zoho Launches Privacy-Focused Web Browser ‘Ulaa’
Zoho Corp. has launched Ulaa, a privacy-centered browser built specifically to help users secure their personal data and activity by providing a browser solution that universally blocks tracking and website surveillance. According to Norton, 85% of global adults want to do more to protect their online privacy, with two-thirds of global consumers feeling that tech companies have too much control over their data. Ulaa is the next step in Zoho Corporation’s long-standing commitment to privacy and designed to help users protect their personal information and internet activity from the prying eyes of user tracking.
“Privacy continues to be an uphill battle in the world of internet browsers because the model is broken — browsers are offered by vendors with ad-based business models so the incentive to gather, sell or buy user data is significant. This is meant to leave little room for users to guard their privacy becoming accustomed to sacrificing it in the name of access or convenience,” said Hyther Nizam, President of Middle East and Africa at Zoho. “With Ulaa, users don’t have to compromise their privacy to browse the web, which unfortunately has become a surveillance minefield. Zoho’s commitment to privacy and a privacy-centric business model allows us to offer a conflict-free, privacy-centric browser that values their own privacy and their kid’s privacy.”
The web browser comes equipped with features that allow for privacy customisation, built-in user profile modes, and integrated productivity tools while keeping user data safe and private. Users can also sync browsing sessions between devices — either an entire browser window or a singular tab — allowing them to use multiple devices for the same browsing session seamlessly.
Ulaa, a word derived from the Tamil language, means journey or voyage and was developed to protect against tracking and surveillance. Ulaa is rooted in ensuring a maximum privacy web browsing experience by blocking unauthorised push notifications, pop-ups, and time tracking, preventing DNS prefetching, adding an extra layer of security through a multi-ID model in addition to privacy customisations, anonymised user data and stats, disabled APIs, geographical data isolation, end-to-end encryption, and privacy reports.
Ulaa users can toggle between five unique modes based on their desired browsing experience, with each mode completely isolated from others. The modes include Personal and Work Modes, Work Mode, Developer Mode, Kids Mode, and Open Season Mode. Each mode offers a protected browsing experience unique to the type of users or members of the family.
Ulaa comes equipped with tabs management options to view all open tabs in one place to be grouped and organised. It also comes with integrated apps that boost productivity, including Zia Search for existing Zoho users, Text2Speech, and Zoho Notebook, a dedicated note-taking space that works across all tabs, so a user can easily jot down ideas, reminders, or important information without leaving their browsing session. Ulaa includes Annotator, a new, built-in feature that can add annotations directly to web pages and images.
The new browser is available in all countries in the Middle East. Compatible with most browser extensions, Ulaa is free to all and its desktop version is fully available and can be downloaded here. The iOS and Android versions are currently in beta and available for download.
Kaspersky Intros New Enterprise Specialisations and Benefits to its Partner Program
Kaspersky United partner program now includes new Enterprise specializations for its Gold and Platinum partners. Rebates for resellers and distributors were also updated, and new compensations were introduced for Proof of Concept and Deployment services.
Kaspersky introduced two new specializations for partners that provide significant advantages when selling and deploying enterprise solutions: Enterprise specialization for Gold and Platinum partners and Enterprise+ for Platinum partners. These specializations allow partners to get additional rebates to drive sales of Expert products, to be eligible for prioritized presale support from Kaspersky, to run joint marketing activities for enterprise solutions, and other benefits. Partners offering advanced cybersecurity services to their customers, including the deployment of Kaspersky solutions, can get the Enterprise+ specialization. Partners with this specialization will be eligible to receive compensation for POC services and deployment, technical training vouchers, and much more benefits.
The program for distributors now includes two specializations. The Value Added Distributor (VAD) specialization allows partners to get rebates for sales of specific enterprise products, and the Specialist specialization rewards distributors for deployment and POC services on behalf of the partner. Distributors with VAD specializations are focused on driving enterprise product sales to the market, and Specialist specialization is created for the distributors who are eager to deliver deployment and additional services to customers. For MSP distributors in Italy, Iberia, France, North America, APAC, and LATAM, Kaspersky introduced additional rebates for MSP sales.
Kaspersky LMP (License Management Portal) is becoming easier to operate and to search for customers there. MSP partners can purchase an SKU Plus license, which allows them to get 24/7 immediate phone support from the Kaspersky team instead of the standard system of ticketing. Another update for MSPs includes a possibility for partners to buy Kaspersky Professional Services on behalf of the MSP, and Kaspersky will help with its expertise in deployment, implementation, etc.
“The introduction of the new Enterprise specializations reflects the shift in our corporate strategy, as we have extended our secure-by-design solution offering to enterprise customers globally. We believe they create additional opportunities for our channel partners to leverage the global cybersecurity trends and to address the growing cybersecurity customer concerns. These changes can be a great opportunity to grow businesses both for our partners and us,” comments Kirill Astrakhan, Executive Vice President at Kaspersky.
A Total of 13 Organizations in 9 Countries Fall Victim to “Dark Pink”
Group-IB has today published a new update into the APT (advanced persistent threat) group codenamed Dark Pink, revealing that a total of 13 organizations in 9 countries have now fallen victim to this malicious actor. Dark Pink’s operations were detailed in depth by Group-IB’s Threat Intelligence unit in a January 2023 blog post, and at this time, researchers linked the group to attacks on 7 organizations in the Asia-Pacific region and 1 in Europe. Group-IB experts have since discovered 5 new Dark Pink victims, and the geographic scope of the group’s operations is wider than previously thought, as organizations in Brunei, Thailand, and Belgium were all hit by Dark Pink attacks.
Continued analysis has revealed that this group is still active, as Dark Pink attacked a government ministry in Brunei this past January and a government agency in Indonesia as recently as April 2023. Additionally, Group-IB researchers were able to attribute three other attacks from 2022 to this particular APT group. The initial access vector for Dark Pink attacks continues to be spear-phishing emails, and Group-IB researchers noted in their January 2023 blog that the group utilized an almost-entirely custom toolkit to exfiltrate files and messenger data from infected devices and networks.
Since then, Group-IB experts can reveal that Dark Pink APT has updated many of these custom tools, changing their functionalities in order to allow the group to slip undetected past defense mechanisms of cybersecurity systems. For example, the group’s custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is still stored on the filesystem of infected devices, but it is now divided into two distinct parts — one that controls the device and the other that steals sensitive data. Dark Pink also continues to use an MSBuild utility to launch KamiKakaBot in the infection chain.
Group-IB’s Threat Intelligence unit has discovered Dark Pink’s new account on GitHub, which was created as soon as the first information about the APT group was published in the public domain this past January. The threat actors can issue commands to infected machines to download files from this GitHub account, and Group-IB researchers found 12 commits to the new account performed between January 9 and April 11, 2023.
Recent attacks have also seen the group exfiltrate stolen data over a HTTP protocol using Webhook service, and they have also leveraged functionalities of an MS Excel add-in to ensure the persistence of TelePowerBot (a simpler version of KamiKakaBot written in PowerShell). In line with Group-IB’s zero-tolerance policy to cybercrime, all confirmed and potential victims of Dark Pink attacks were issued with proactive warnings.
“Dark Pink APT shows no sign of slowing down,” Andrey Polovinkin, Malware Analyst at Group-IB, said. “APT groups are renowned for their responsiveness and ability to adapt their custom tools to continually avoid detection, and Dark Pink is no exception. The profile of the affected targets underscores the significant danger that Dark Pink poses for both public- and private-sector actors. Group-IB will continue to analyze all Dark Pink activity and ensure that confirmed and potential victims are informed.”
Regional Cybersecurity Leaders Promote Joint Action Against Cybercrime at GSMA M360 EURASIA 2023 Conference
On the sidelines of the GSMA M360 EURASIA 2023 conference in Baku, Azerbaijan, cybersecurity experts from the Middle East and Central Asia highlighted the need for collective action to address the global cybersecurity challenge at an exclusive media roundtable.
Dr. Tural Mammadov, Director of the Azerbaijan Computer Emergency Response Center (CERT), was joined in the panel by Dr. Mohammad Khaled, Director of Business Development and Strategic Projects, e& Enterprise, Dr. Elvin Balajanov, Chairman of the Board of Azerbaijan Cybersecurity Organization Association and Dr. Aloysius Cheang, Chief Security Officer, Huawei Middle East & Central Asia. Dr. Haitham Hilal Al Hajri, Sr. Executive – Cyber Security Projects, Oman National CERT, moderated the discussions.
Dr. Tural Mammadov observed that given the scale of the cybersecurity threat, no single regulatory body possesses enough depth to police cybercrime effectively. “The solution lies in all stakeholders working together, including bringing end-users on board. Numerous attacks today bypass information systems entirely and target end users directly. Telecoms cannot react to such threats as they lack visibility, requiring joint action by service providers, cybersecurity experts, and the end users.”
Under the theme of “Build more secure and resilient telecom networks to support the future digital economy efficiently,” participants in the media roundtable discussed various topics, including collaborations among network operators and their partners, suppliers, and customers in defending against telecom cybersecurity, how regulators could promote local telecom industry’s cybersecurity development, and the role that cybersecurity plays in safeguarding critical information infrastructure and the digital economy, among other topics.
Dr. Mohammad Khaled reiterated the need to diversify solutions and technology providers as part of an effective cyber defense strategy. “If we try to build one solution to defend against all threats, whatever application we put in place can be easily understood, manipulated, and finally breached. Since we face numerous cybersecurity threats, we must by necessity deploy as many cyber defense tools that address specific challenges.”
Similarly, Dr. Elvin Balajanov, Azerbaijan Cybersecurity Organization Association, stated that since the telecom infrastructure is built upon multiple technologies, then a multi-stakeholder cybersecurity approach is required to implement a holistic cybersecurity strategy. “A holistic approach promotes information sharing, which is very important, especially considering that different stakeholders depend on each other. Further, the cybersecurity landscape is too diverse and rapidly evolving; therefore, all stakeholders must remain informed and up-to-date.”
Dr. Aloysius Cheang highlighted the importance of regional cybersecurity initiatives such as OIC-CERT and the ITU Arab Regional Cyber Security Center in the overall war against cybercrime. “Through multinational efforts such as these, we can find synergies such as initiating joint projects, which can then be customized and localized. That said, such projects should follow a public-private partnership (PPP) model. In such a scenario, the industry should drive the process while governments provide the framework to ensure success.”
The telecom industry has become an integral part of modern society and is recognized as a critical infrastructure industry (CII). It plays a vital role in connecting people, businesses, and governments, facilitating communication, information sharing, and commerce on a global scale. However, as telecom networks become more complex and interconnected, they become more vulnerable to cyber threats.
Global standards, internationally agreed processes, and industry best practices are critical in addressing cyber threats effectively. NESAS/SCAS is an ideal example of global collaborative efforts in this domain. It offers a standardized cybersecurity assessment mechanism jointly defined by GSMA and 3GPP, the telecom industry’s leading standards-setting organizations, and GSMA 5G Cybersecurity Knowledge Base to provide useful guidance on 5G security risks and mitigation measures.
Toward the end of the session, Dr. Haitham Hilal Al Hajri reiterated that the Cybersecurity of telecoms is a critical component of national security, and therefore, it is essential to bring together telecom stakeholders to achieve a more robust telecom cybersecurity posture. This includes working closely with telecom service providers, equipment manufacturers, government entities, and other ICT industry players to identify and mitigate cybersecurity risks, develop and implement best practices, deliver cutting-edge digital services unimpeded by cyber threats, and further continuously raise awareness about the importance of cybersecurity in telecom.