Researchers have found that cybercriminals are shifting to Cloudflare Tunnel to hide and anonymize their nefarious activities.
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. Cybercriminals are increasingly using this service to keep their activities from being detected.
Cloudflare Tunnel, also known by its executable name, Cloudflared, reaches out to the Cloudflare Edge Servers by creating an outbound connection over HTTPS(HTTP2/QUIC), where the tunnel’s controller makes services or private networks accessible via Cloudflare console configuration changes. It’s used to allow external sources to directly access important services, including SSH (Secure Shell), RDP (Remote Desktop Protocol), SMB (server Message Block), and others.
Researchers have found that cybercriminals are shifting from using ngrok to Cloudflare Tunnel probably because it provides a lot more usability for free. It allows an attacker to execute a single command from a victim machine to establish a foothold and conduct further operations once they have achieved a foothold.
Once the tunnel is established, Cloudflared obtains the configuration and keeps it in the running process. All the victim will be able to find when the discreet communication channel is discovered is a unique tunnel token which will make them none the wiser. The attacker however is able to easily modify the tunnel configuration on the fly.
Since this tool is a legitimate binary which is supported on every major operating system, and the initial connection is initiated through an outbound HTTPS connection to Cloudflare-owned infrastructure, this method might prove to become even more popular among cybercriminals. It provides them with a tool to establish persistence when they need it, and to then turn it off when they don’t, in order to avoid being found out.
Because of the HTTPS connection and the port the data exchange takes place on (QUIC on port 7844), it is unlikely to be picked up by protection software like firewalls unless specifically instructed to do so.
As if that wasn’t worrying enough, the researchers found that they could abuse Cloudflare’s ‘Private Networks’ feature to access an entire range of internal IP addresses remotely once they established a tunnel to a single client (victim).
Mitigation
The researchers note that on the victim machine, RDP and SMB need to be enabled before attempting to connect. So, if you don’t need those, this is another good reason to disable them.
To detect unauthorized use of Cloudflare Tunnels, the researchers recommend that organizations monitor for specific DNS queries (as shared in the report) and use non-standard ports like 7844.
Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes EDR and MDR remove all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Apple has just seeded the third public beta for iOS 17, and this comes a day after the fifth developer beta was released by the company. So right on time. After this update, we should start to see weekly updates, until the Release Candidate or RC is released about a week ahead of the iPhone event. Basically, we’re in the home stretch now.
There’s a few changes here with this beta, likely the same changes we saw with the developer beta that was released yesterday. But nothing major. Most of the changes are going to be under-the-hood changes, and optimizations to help get this ready for the public release next month.
What’s new with iOS 17?
iOS 17 isn’t a huge update this year, but there are still a number of new features available. This includes StandBy. This is a new mode for your iPhone when it is plugged in or on a MagSafe dock and in landscape mode. It will show you the time, as well as other options for picture galleries, shortcuts to Home toggles and more.
The update also brings interactive widgets to the home screen and lock screen in iOS 17. Something that users have wanted for quite some time.
AirDrop is also bringing in some new features for iOS 17, which includes NameDrop. Now when you tap your phone with someone else’s, you can instantly provide your contact information. No more needing to hand out business cards, nor write down someone’s phone number. Speaking of phone numbers, iOS 17 also brings in Contact Posters. This is a customizable poster that others will see when you call them. This can include just text, or a memoji, or even a portrait of yourself.
iOS 17 should be launching for everyone on the week of September 18, so just a little over a month before it’s available for everyone.
Some big changes are coming to Disney’s streaming services as the price for ad-free Disney+ and Hulu are getting hiked. At the same time, Disney says that it wants to start “actively exploring” how it can better police password sharing just as Netflix is now doing. The company might feel some pressure since the number of global Disney+ subscribers declined for just the second time during the second quarter to 157.8 million, a 4 million decline from the first quarter figure.
Disney is keeping the ad-supported versions of Disney+ and Hulu priced at $7.99 per month. The price for Disney+ ad-free will rise to $13.99 per month from $10.99 per month, a 27,3% rise. The price for ad-free Hulu is rising 20% from $14.99 per month to $17.99 per month. However, an ad-free Disney+/Hulu bundle will cost $19.99 per month, just $2 per month more than ad-free Hulu. This bundle will be available in the U.S. starting on September 6th.
Meanwhile, the Hulu+ Live TV offerings will see a price hike of $7 a month taking the ad-supported plan to $76.99, a 10% increase. The ad-free Live TV plan will be $89.99 following the price hike, an 8.4% increase. And ESPN+ pricing is going up 10% or $1 to $10.99 per month.
Disney has announced price hikes for Disney+, Hulu, and ESPN+
As for ways to combat password sharing, the other day during Disney’s quarterly conference call, CEO Bob Iger said, “We are actively exploring ways to address account sharing and the best options for paying subscribers to share their accounts with friends and family. Later this year, we will begin to update our subscriber agreements with additional terms and our sharing policies. And we will roll out tactics to drive monetization sometime in 2024.”
Iger added, “We already have the technical capability to monitor much of this, and I’m not gonna give you a specific number except to say it’s significant. We certainly have established this as a real priority, and we actually think that there’s an opportunity here to help us grow our business.”
If Iger is right about the timing, those Disney+ users viewing the platform thanks to a shared password have at least until the end of this year to continue this behavior.
We take a look at another case of facial recognition technology getting it wrong in the land of law enforcement.
Detroit law enforcement wrongly arrested a 32 year old woman for a robbery and carjacking she did not commit. She was detained for 11 hours and had her phone taken as evidence before finally being allowed to leave. The reason for the false arrest is down to a facial recognition error, the kind that privacy and civil liberty organisations have been warning about for some time now.
What makes this one particularly galling is that the surveillance footage used in this case did not show a pregnant woman. Meanwhile, Porsche Woodruff was eight months pregnant at the time of the arrest.
How did this all begin? A Detroit police officer made a facial recognition request on a woman returning the carjacking victim’s phone to a gas station. The facial recognition tool flagged Woodruff via a 2015 mug shot on file from a previous unrelated arrest. Despite being aware that the individual in the footage was not visibly pregnant, the victim was shown a line up which included the old photo. The robbery victim wrongly identified Woodruff as the culprit.
Shortly after, she was arrested for the alleged crime of carjacking and robbery.
Ars Technica reports that law enforcement used something called DataWorks Plus to match surveillance footage against a criminal mug shot database. DataWorks Plus bills itself as a “facial recognition and case management” technology. It provides “accurate, reliable facial candidates with advanced comparison…tools for investigations”. It also offers up similar services with regard to fingerprints, iris, and tattoo recognition.
Unfortunately for Woodruff, accuracy was on vacation the day her 2015 mug shot was wrongly identified as a match for the robbery in question.
She was charged in court with robbery and carjacking, with all charges dismissed about a month later. She has now filed a lawsuit for wrongful arrest against the city of Detroit which seems quite reasonable given the circumstances.
The New York Times claims that this is the sixth recently reported example of an individual being wrongly accused due to facial recognition technology not working as expected. This is the third such example to have taken place in Detroit, and all 6 wrongly accused individuals are black. A long running concern regarding these technologies is that they tend to perform very badly when dealing with women and people with dark skin. The Ars post has multiple links to various reports and studies highlighting some of these consistent flaws.
Indeed, multiple cities in the US have banned the use of facial recognition technology, though this may be something which may change in the future due to lobbying and “a surge in crime”.
One would think that “you look like this person even though you’re 8 months pregnant and they’re not” would keep this person out of a cell. Is the trust in the supposed accuracy of this technology so great that Detroit police trusted it over the evidence of their own eyes?
They took Woodruff away at her front door, and even used her older photo despite having access to her current driver’s licence photo which was issued in 2021. It does seem very strange that nobody appears to have intervened at the point the technology side of the workflow was going off the rails. From the complaint, via CNN:
When first confronted with the arrest warrant, Woodruff was “baffled and assuming it was a joke, given her visibly pregnant state,” the suit says. She and her fiancé “urged the officers to check the warrant to confirm the female who committed the robbery and carjacking was pregnant, but the officers refused to do so,” the complaint says.
You can go as far back as 2018 to find Detroit law enforcement getting it wrong with facial recognition technology. There, a man was wrongly flagged as a watch thief. In 2019, another individual was briefly accused of stealing a phone until his attorney was able to prove they’d once again accused the wrong individual.
American Civil Liberties Union (ACLU) Michigan is now taking an interest, and the outcome of the lawsuit remains to be seen. While it’s impossible to predict the outcome, Woodruff would appear to have a fairly strong case. The question is, will this result in any meaningful change to how law enforcement incorporates decision making into their technology workflow? Or will we be seeing yet another of these cases six months down the line?
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Samsung introduced its new foldable smartphones not long ago, and one of them is the Galaxy Z Fold 5. That is the company’s new book-style foldable. In this article, we’ll compare it to one of its predecessors, the Galaxy Z Fold 3. The Galaxy Z Fold 3 launched back in mid-2021, so it will be interesting to see what changed over two years. So, we’re looking at a comparison between the Samsung Galaxy Z Fold 5 vs Samsung Galaxy Z Fold 3 here.
You may be surprised how similar these two smartphones look, actually. We’ll talk more about that in the design section of the comparison. Having said that, we’ll first list their specifications, and will then move to compare them across a number of other sections. We’ll check out their designs, displays, performance, battery life, cameras, and audio performance. Having said that, let’s get started, shall we?
Specs
Galaxy Z Fold 5 & Galaxy Z Fold 3, respectively
– Screen size (main): 7.6-inch Foldable Dynamic AMOLED 2X display (120Hz, HDR10+, 1,750 nits 7.6-inch Foldable Dynamic AMOLED 2X display (120Hz, HDR10+, 1,200 nits) – Screen Size (cover): 6.2-inch Dynamic AMOLED 2X (120Hz) 6.2-inch Dynamic AMOLED 2X (120Hz) – Display resolution (main): 1812 x 2176 1768 x 2208 – Display resolution (cover): 2316 x 904 2268 x 832 – SoC: Qualcomm Snapdragon 8 Gen 2 for Galaxy Qualcomm Snapdragon 888 – RAM: 12GB (LPDDR5X) 12GB (LPDDR5) – Storage: 256GB/512GB/1TB (UFS 4.0) 256GB/512GB (UFS 3.1) – Rear cameras: 50MP (wide, f/1.8 aperture, Dual Pixel PDAF OIS), 12MP (ultrawide, 123-degree FoV), 10MP (telephoto, 3x optical zoom) 12MP (wide, f/1.8 aperture, OIS, Dual Pixel PDAF), 12MP (ultrawide, 123-degree FoV), 12MP (telephoto, 2x optical zoom) – Front cameras: 4MP (under display, main display, f/1.8 aperture), 10MP (cover display, f/2.2 aperture) 4MP (under display, main display, f/1.8 aperture), 10MP (cover display, f/2.2 aperture) – Battery: 4,400mAh 4,400mAh – Dimensions (unfolded): 154.9 x 129.9 x 6.1mm 158.2 x 128.1 x 6.4mm – Dimensions (folded): 154.9 x 67.1 x 13.4mm 158.2 x 67.1 x 14.4-16mm – Weight: 253 grams 271 grams – Connectivity: 5G, LTE, NFC, Wi-Fi, USB Type-C, Bluetooth 5.3 5G, LTE, NFC, Wi-Fi, USB Type-C, Bluetooth 5.2 – Security: Side-facing fingerprint scanner – OS: Android 13 with One UI – Price: $1,799 No longer available – Buy: Samsung No longer available
Samsung Galaxy Z Fold 5 vs Samsung Galaxy Z Fold 3: Design
The Galaxy Z Fold 5 and Galaxy Z Fold 3 actually look very similar, down to their camera islands on the back. Both smartphones are made out of metal and glass, and have similar curvatures around their body. You’ll notice a centered display camera hole on their cover displays. There is also a display camera hole on the Fold 3’s main display, while Samsung hid it under the display on the Galaxy Z Fold 5.
Both smartphones have three vertically-aligned cameras on the back. Those cameras are placed in the top-left corner, and each setup has its dedicated camera island of sorts. The Galaxy Z Fold 5 is a bit taller than its predecessor, while they’re equally wide. The Fold 5 is also a bit thinner when folded, mainly due to the fact it folds flat. The Galaxy Z Fold 3 does not, it leaves a gap in between two displays. That’s one of the main differences between the two phones, design-wise.
The Galaxy Z Fold 5 is also heavier than the Galaxy Z Fold 3. It weighs 271 grams, compared to 253 grams of the Fold 3. Both smartphones do offer an IPX8 certification for water resistance. They both feel good in the hand, though the Fold 5 is considerably heavier. They’re both slippery too.
Samsung Galaxy Z Fold 5 vs Samsung Galaxy Z Fold 3: Display
Both smartphones include 7.6-inch and 6.2-inch displays, but they’re not the same. The Galaxy Z Fold 5 has a 7.6-inch Foldable Dynamic AMOLED 2X display with a resolution of 1812 x 2176 pixels. That display supports a 120hz refresh rate, and HDR10+ content. This display has a peak brightness of 1,750 nits. The cover display on the phone measures 6.2 inches, and has a resolution of 2316 x 904 pixels. The aspect ratio here is 23.1:9, and that is a Dynamic AMOLED 2X panel with a 120Hz refresh rate. That cover display is protected by the Gorilla Glass Victus 2.
The Galaxy Z Fold 3, on the flip side, has a 7.6-inch Foldable Dynamic AMOLED 2X main display too, but a different one. That panel does support a 120Hz refresh rate, and HDR10+ content. This panel goes up to 1,200 nits of brightness at its peak, so it’s dimmer than the Fold 5’s panel. It has a resolution of 1768 x 2208. The cover display measures 6.2 inches, and has a resolution of 2268 x 832. That is a Dynamic AMOLED 2X panel with a 120Hz refresh rate. It’s protected by the Gorilla Glass Victus, and has an aspect ratio of 25:9.
All of these displays are good, but the Galaxy Z Fold 5’s does have an advantage, especially the main one. It does get noticeably brighter, which is something you’ll especially notice outdoors. On top of that, it feels sturdier than the Fold 3’s during use. It’s difficult to explain, you have to try it yourself. It feels less plasticky. The cover display offers better protection on the Fold 5, but the difference is not that big between them. All displays offer good viewing angles, and vivid colors, on top of those deep blacks that we’re used to with OLED panels.
Samsung Galaxy Z Fold 5 vs Samsung Galaxy Z Fold 3: Performance
The Snapdragon 8 Gen 2 for Galaxy SoC fuels the Galaxy Z Fold 5. Samsung also included 12GB of LPDDR5X RAM here, along with UFS 4.0 flash storage. The Galaxy Z Fold 3, on the other hand, is fueled by the Snapdragon 888 SoC. It is also equipped with 12GB of LPDDR5 RAM and UFS 3.1 flash storage. Needless to say, the Galaxy Z Fold 5 does have an edge spec-wise, across the board.
Is that a difference you’ll notice during actual usage? Well, yes, kind of. The Galaxy Z Fold 5 does feel a bit snappier. That comes for launching apps, multitasking, and while gaming too. The difference is not that big, though, as the Fold 3 still offers good performance, that’s for sure. If you’d like the best of the best, however, the Galaxy Z Fold 5 is the way to go. It’s simply a newer product with better hardware.
Samsung Galaxy Z Fold 5 vs Samsung Galaxy Z Fold 3: Battery
There is a 4,400mAh battery included inside both of these smartphones. If battery life is important to you, however, the Galaxy Z Fold 5 is the way to go. Despite the fact they have the same battery capacity, the Fold 5 offers considerably better battery life. It’s probably a mix of a more power-efficient SoC, combined with other components that bring power efficiency, like newer storage, for example.
With the Galaxy Z Fold 3, we always lingered around 6 hours of screen-on time. Sometimes a bit more, sometimes a bit less. With the Galaxy Z Fold 5, getting to 7 and a half hours of screen-on-time is not a problem at all. Do note that this is based on our usage, though, and your mileage may vary. There are a lot of variables to consider here, ranging from using different apps, on different signal strengths, to different display preferences. You may use the main display more than us, and so on. Overall, though, the Galaxy Z Fold 5 does have better battery life than the Fold 3. Its battery life is not bad at all. Another thing to note is that you should expect worse battery life if you plan on playing games on the two devices. We did that just for testing purposes.
When it comes to charging, they both offer 25W wired charging. The Fold 5 also offers 15W wireless and 4.5W reverse wireless charging. The Galaxy Z Fold 3 supports 11W wireless, and 4.5W reverse wireless charging. Neither phone includes a charger in the box, though.
Samsung Galaxy Z Fold 5 vs Samsung Galaxy Z Fold 3: Cameras
The Galaxy Z Fold 5 includes a 50-megapixel main camera, alongside a 12-megapixel ultrawide unit (123-degree FoV), and a 10-megapixel telephoto camera (3x optical zoom). The Galaxy Z Fold 3, on the other hand, has a 12-megapixel main camera, a 12-megapixel ultrawide camera (123-degree FoV), and a 12-megapixel telephoto unit (2x optical zoom).
Now, the Galaxy Z Fold 3 is still a decent camera smartphone, but it cannot measure up to the Galaxy Z Fold 5. The Fold 5 provides sharper images that offer better colors at the same time. Oversharpening is no longer an issue. Both phones do a good job in low light, but that’s also an area where the Galaxy Z Fold 5 is better.
Their ultrawide cameras provide somewhat similar results, while telephoto shots are better from the Galaxy Z Fold 5. That is not surprising considering that it has more zoom prowess. For low light shots, however, it would be best if you used the main camera on both phones. Neither of these two devices is a pinnacle of smartphone photography, but both do the job well.
Audio
You will find a set of stereo speakers on both of these phones. Both sets are tuned by AKG, and both provide good, clear sound. There’s also no noticeable distortion in sight, not to mention they’re loud enough. There’s no notable difference between them.
There is no audio jack on either of these two smartphones. They both do include Type-C ports, so you can use that to connect your wired headphones. If you’d prefer to go wireless, do note that the Galaxy Z Fold 5 offers Bluetooth 5.3, while the Galaxy Z Fold 3 comes with Bluetooth 5.2 support.
It’s no secret that Arm’s announcement to go public this September has garnered widespread attention from other major tech giants. Now, in a recent development, Apple, Samsung, Nvidia, and Intel are reportedly looking towards acquiring stakes in Arm.
Why is Arm this important?
Although at first glance, it may seem like Arm is just another tech company, the company’s role is pivotal as it specializes in licensing chip designs to a range of businesses. This approach not only relieves companies like Apple and Samsung from the burden of chip design but also enables customized solutions such as the M1 chip. Globally, Arm’s chips power over a staggering 250 billion devices and also constitute over 90% of the smartphone chip market.
When it comes to finances, the company achieved sales of $2.8 billion in fiscal 2022, reflecting an astonishing 70% surge compared to figures from its fiscal year 2016 when the acquisition by SoftBank Group concluded.
Arm’s strategic approach
In an effort to stable stock performance upon listing, Arm plans to allocate “a few percent each” in stakes to select companies like Apple and Samsung. This strategy aims to mitigate potential early trading volatility and pave the way for sustained growth in the company’s market value.
“We have diversified our business by not only developing different products but also by addressing it through different parts of the business model strategy. We knew our business was going to be okay. All of the financial results you are seeing now, which are terrific and the team has done a fantastic job on, really come from work that was done a few years ago,” said Arm CEO Rene Haas.
However, Arm’s path will not be without challenges as other companies, including Qualcomm and NXP Semiconductors, embark on their own ventures to develop a competing chip architecture called RISC-V. Additionally, Arm could encounter difficulties within the current economic landscape, where IPO values experienced a significant two-thirds drop in 2022.
Development of the coming Qualcomm 3nm chip might bring a partnership between three tech giants. While the launch of this chip is still a year away, its development process, which involves design and assembling, will kick off early. To facilitate this process reports claim that Qualcomm will partner with TSMC and Samsung.
This is quite intriguing because Qualcomm is currently working with TSMC alone. However, the chip designing and manufacturing firm previously had a business relationship with Samsung, which it severed. But the firm’s coming 3nm chip might bring its previous and current business partners on board.
While this might seem like a shocking move, it’s not uncommon in the tech industry for manufacturers to source materials from various providers. There are a few reasons that might warrant Qualcomm working with both TSMC and Samsung for the production of its coming chip. The reasons revolve around a possible improvement in the performance of one party’s 3nm fab, as well as saving production costs.
Reasons behind the possible involvement of both TSMC and Samsung in the coming Qualcomm 3nm chip
A recent analysis on this issue from Ming-Chi Kuo throws light on why double sourcing might be a thing for Qualcomm’s coming chip. Other reports also point out that Qualcomm is testing new chips with Samsung 3nm GAA technology. These chips have greatly improved in comparison with what was attainable with the Samsung 4nm entries.
Since Samsung’s 4nm fabrication process didn’t meet Qualcomm’s requirements, the company turned its attention elsewhere. This gave birth to the usage of the TSMC 4nm process for the Snapdragon 8 Gen 1 and 2 processors. But with Samsung’s improvement in its 4nm process, Qualcomm might consider working with them again.
Additionally, there is the need to cut down on the production cost of 3nm chips. The development cost of chips with the new 3nm process will affect the coming Qualcomm processor. This coming processor, the Snapdragon 8 Gen 3 will stick to using the 4nm process.
To cut down on the cost of developing the coming Snapdragon 8 Gen 4 processor, Qualcomm might need to look out of the box. This will mean sourcing chips from not only TSMC but also Samsung. Despite rumours that the next-gen TSMC N3E 3nm process will be cheaper, Qualcomm might need to further reduce production costs.
By doing this, the chip design and manufacturing firm will be able to cope with declining smartphone demands. There is no official statement concerning Qualcomm working with both TSMC and Samsung, but Ming-Chi Kuo’s analysis might be true. In the coming months, more details on this matter will be made available to the public.
Verizon subscribers on one of the carriers’ legacy unlimited plans will need to be prepared for a price increase in the near future. According to The Mobile Report (via The Verge), Verizon is looking to increase the price of three of its legacy unlimited plans. Specifically the Go Unlimited, Beyond Unlimited, and Above Unlimited plans.
The increase will be fairly minor at $3 more per month. But that isn’t really the point. Customers who have been using these plans since they were made available in 2018 have likely held onto them through other changes. As these are legacy plans, Verizon already has new ones. But they could cost more and may not offer the same thing. And now customers are going to have to pay a little extra to keep these older plans. This probably won’t bother most. But there will no doubt be a few who won’t be happy about the change.
Also worth mentioning is that some people may be on a fixed budget. And may not have accounted for an extra $3 more a month. Which over the course of a year is an addition $36. It doesn’t seem like a lot. But it could be to some.
Verizon will introduce the price increase for these unlimited plans on August 29
So, when we will these price changes come into play? This month, as it turns out. Verizon has confirmed that the increases are happening on August 29, so there’s only a couple more weeks before that happens. If your billing cycle ends before that point, then you should have one more bill coming with the current monthly price. But then going forward, it’ll reflect the additional $3 per month.
Verizon continues to shake things up with its plan offerings and these $3 increases are just the latest effort. Back in May the carrier revealed and launched its new myPlan offerings that were an attempt to simplify things for customers. It’s also not the only carrier adding prices onto your bill or sliding in some extra fees here and there. Just last month, T-Mobile announced it would begin charging customers $5 to pay their bill in stores.
A new ransomware group known as ‘Rhysida’ has been operating since May 2023, posing a huge danger to the healthcare industry.
Rhysida ransomware gang has been connected to several significant attacks, including an assault on the Chilean Army.
Recently, the organization was also implicated in an attack on Prospect Medical Holdings that had an impact on 166 clinics and 17 hospitals around the country.
Distribution of Rhysida victims per industry sector
“This threat is delivered through a variety of mechanisms which can include phishing and being dropped as secondary payloads from command and control (C2) frameworks like Cobalt Strike”, Cisco Talos.
“These frameworks are commonly delivered as part of traditional commodity malware, so infection chains can vary widely”.
Check Point Incident Response Team (CPIRT) report says this ransomware was found to have a lot in common with Vice Society’s TTPs, another ransomware group. Since 2021, Vice Society has been one of the most active and aggressive ransomware gangs, primarily focusing on the healthcare and education industries.
The two groups focused on the education and healthcare industries, which are distinctive in the ransomware ecosystem.
Distribution of Rhysida and Vice Society victims over time
The research focused on the TTPs that led to its deployment, specifically Lateral Movement, Credential Access, Defence Evasion, Command and Control, and Impact.
To conduct lateral movement, the attackers employed a range of techniques, including:
Remote Desktop Protocol (RDP) – Throughout the intrusion, the threat actor initiated RDP connections and took further steps to erase related logs and registry items to harden detection and analysis attempts (as mentioned in the Defence Evasion section).
Remote PowerShell Sessions (WinRM) – The threat actor was spotted starting remote PowerShell connections to systems inside the environment while connecting remotely through RDP.
PsExec – The ransomware payload was distributed from a server within the environment using PsExec.
Notably, for accessing credentials, the threat actor utilized ntdsutil.exe to build a backup of NTDS.dit under the temp_l0gs folder.
Researchers say this path was used by the actor several times. In addition, the threat actor identified Domain Administrator accounts and attempted to log in using some of them.
For persistence, threat actors have used a variety of backdoors and technologies, including SystemBC and AnyDesk.
Threat actors deleted logs and forensic artifacts regularly, including deleting the history of recently used files and directories, the list of recently executed programs, the recent path history in File Explorer, the PowerShell console history file, and all files and folders in the current user’s temporary folder.
Wrap Up
There has been significant development in the ransomware and extortion market, which might be attributed to the number of leaked builders and source codes associated with numerous ransomware cartels.
Along with its Galaxy Tab S series of tablets, Samsung also launches a series of FE tablets that offer a more mid-range experience. They’re for people who want a powerful tablet experience for a lower price. Well, the company is going to be selling the Galaxy Tab S9 FE tablets, and here’s a preview of these devices.
In this article, we’re going to go over the expected details for these tablets. We’ll go over the price, specs, release date, etc. As we get close to the official release, more information will flood in about these devices, so the article will be updated accordingly. Be sure to check back periodically to see what new information has been added.
How many models will there be?
So far, it’s strongly believed that there will be two models. We’re sure that both of these tablets will have mostly the same specs. The difference between the two models will mainly be the size. The smaller model is expected to be 10.9 inches and the other one could be 12.4 inches. The second model is the same size as the Galaxy Tab S9+.
As for the names, the names are expected to be the Galaxy Tab S9 FE and the Galaxy Tab S9 FE+.
How will these tablets look?
So far, it looks like both models of the tablets will have a similar look to what we got with the Galaxy Tab S9 tablets (you can pre-order them here). Based on some leaked images of these tablets, it looks like they will be made from matte metal that’s relatively reflective. On the back, we see a singular camera in the upper left corner. The antenna lines could sit on the top and bottom of the body and curve with the corners.
Looking at the front, there’s not much to see. We expect there to be one front-facing camera for video calls. Other than that, we see that the bezels are pretty sizable. They give the tablets a less premium look, but they’ll make it easier to grab them.
Will these tablets have a powerful processor?
The FE devices have had a history of using the previous year’s flagship processors, but that might not be the case this time around. When these tablets hit the FCC’s desk, we found out that Samsung might use the Exynos 1380 SoC.
That seems to be the Samsung equivalent of the Snapdragon 778. That’s an upper-mid-range processor. This means that you should expect really good performance, but you should also expect the occasional stutter or dropped frame while using it.
How much RAM will these tablets have?
We’re sure that there will be different RAM configurations, but that remains to be seen. However, rumors point to them starting at 6GB of RAM. That’s not bad for a mid-range tablet.
How much storage will these tablets have?
As for the storage, we believe that these tablets will start with 128GB of storage. We’re not sure if they will go up from there. If they do, then we don’t expect them to go higher than 256GB.
Will these tablets have the same screen found with the Galaxy Tab S9?
No. The Galaxy Tab S9 uses some very eye-catching Dynamic AMOLED 2X displays. The FE versions will use your run-of-the-mill LCD displays. We’re sure that it will still be a nice-looking panel.
What software will these tablets have?
Rumors point to the Galaxy Tab S9 FE running Android 13 out of the box with Samsung’s One UI 5. This could mean that they will launch within the next couple of months; sometime before the launch of Android 14 with One UI 6.
Will the Galaxy Tab S9 FE come with an S Pen included?
We don’t know 100%, but it seems possible. We, at least, know that they will be compatible with the Samsung-made stylus. In the leaked renders of the chassis, we see a magnetic strip on the back of the tablet. This is meant to hold and charge the S Pen. So, if the company doesn’t drop one in the box, you’ll be able to pick one up separately.
What battery capacities do these tablets have?
Right now, we don’t know the battery capacity for both models of the tablet. Rumor has it that the smaller model will come with an 8,400mAh battery. It makes sense that the 10.9-inch version has this capacity because the 11-inch variant of the Galaxy Tab S9 also has this capacity.
If that’s the case, then we should expect the 12.4-inch variant to have a capacity similar to the Galaxy Tab S9+’s. This tablet’s battery is 10,090mAh.
As for charging speeds, it looks like these tablets will cap out at 25W. That speed wouldn’t be too bad if the batteries were smaller. However, given how large the batteries are, charging them will take quite a while.
Will these tablets have microSD card expansion/headphone jack?
Based on the images, it doesn’t appear so. We will need to wait for further images to be sure. If these tablets do have these features, then they just don’t show up in the renders.
Will they have an IP rating?
Since the Galaxy Tab S9 series are all IP68 water and dust resistant, it’s tempting to think that Samsung trickled this technology into its FE models. At the moment, it doesn’t seem like the company did.
How much will these tablets cost?
The price of these tablets is expected to be pretty problematic. Rumor has it that the base Galaxy Tab S9 FE will start at ₹63,000 for the Indian price (about $760) for the 6GB/128GB variant. That’s a pretty bad price seeing as the base Galaxy Tab S9, which costs ₹73,000 ($880), starts with 8GB of RAM and 128GB of storage. It also has a much more powerful processor and a better display among other benefits.
When will these tablets launch?
Right now, we’re still in the dark about the release date. Previous rumors pointed to these tablets being unveiled along with the other Galaxy Tab S9 tablets, but that didn’t happen. However, rumor points to these tablets launching sometime within the next couple of months.