Hackers use Malicious QR Codes to Steal Employee Credentials

andreasc
-
0
Hackers use Malicious QR Codes to Steal Employee Credentials
[ad_1]

Hackers use Malicious QR Codes to Retrieve Employee Credentials. Sophisticated technology has been overwritten by simple technologies like QR replacing Barcodes. QR (Quick Response) has been playing a major role in the current generation, which provides the response within a snap.

Speaking of the speed QR codes provide, hackers adapting themselves to it for conducting phishing attacks has increased. Researchers at Inky have seen the latest phishing campaign with QR codes for stealing credentials from employees.

CSN

QR Phishing Campaign

The recent QR phishing campaign comes from hijacked organizational accounts which impersonate large brands like Microsoft, Sharepoint, or others.

Based on their analysis, the phishing campaigns originated from a hijacked Japanese retail store, an American manufacturer, and a digital marketing service company in Canada.

QR Phishing campaign

Altogether, these phishing campaigns account for more than 545 emails originating from hijacked accounts, which are found to be a “spray and pray” attack by the attackers.

Image-based QR Phishing

One of the most unique techniques followed in this phishing campaign is that these emails do not contain any text in them. Instead, the email contains only an image of the Malicious QR Codes and the text, which evades any text-based phishing detection

These emails additionally require an OCR (Optical Character Recognition) to convert the words in the image to text which is then used for checking phishing texts.

To make this phishing campaign more legitimate to the victims, they have added a parameter in the URL with the victim’s email ID that automatically fills in the email address and name of the victim. This convinces any person who doesn’t have an awareness of phishing.

Inky has published a complete analysis of the phishing campaign. Individuals must train to protect themselves from these kinds of malicious phishing attempts.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.


[ad_2]
Source link

Xiaomi MIX Fold 3 coming next month, but won’t be sold globally

andreasc
-
0
Xiaomi MIX Fold 3 coming next month, but won’t be sold globally
[ad_1]

The Xiaomi Mi MIX Fold and MIX Fold 2 were quite interesting devices, especially the second-gen model. The Xiaomi MIX Fold 3 will launch next month, and much like its predecessors, this handset won’t be sold globally either.

The Xiaomi MIX Fold 3 is coming next month, but won’t be sold globally

This information comes from Ice Universe, a well-known tipster. We’re not sure why Xiaomi doesn’t take the plunge and make the device available at least in some countries, but there you go.

The company probably doesn’t think that it’s worth it just yet. Foldables apparently didn’t take off to the level Xiaomi wanted, or something of the sort. That’s a shame, though, as the MIX Fold 2 is quite an interesting device, and very thin for a foldable. It would bring much-needed competition to the Galaxy Z Fold series.

Now, the company’s President, Lu Weibing, did announce that the phone is coming in August, to China. It is also official that Leica lenses will be a part of the package, and some of the company’s camera prowess on the software side of things.

We still do not know when exactly will it launch, however. As the launch event gets closer, Xiaomi will likely share more information. So stay tuned for that, if you’re interested.

The Snapdragon 8 Gen 2 will fuel it, while you can also expect to get a periscope camera

The Snapdragon 8 Gen 2 will likely fuel the phone, while the phone could also offer some sort of water resistance, unlike its predecessor. We do expect the Xiaomi MIX Fold 3 to be as thin or thinner than its predecessor.

A periscope camera is also tipped for the device, which is not something we usually get on foldables. Xiaomi will likely include LPDDR5X RAM here, along with UFS 4.0 flash storage. Android 13 will come pre-installed, with MIUI on top of it.

It remains to be seen what other improvements Xiaomi has in store for us, as the Xiaomi MIX Fold 2 was a substantial leap from the Xiaomi Mi MIX Fold.


[ad_2]
Source link

Magic V2 foldable won’t be the only HONOR device to launch on July 12

andreasc
-
0
Magic V2 foldable won’t be the only HONOR device to launch on July 12
[ad_1]

HONOR recently announced that the Magic V2 foldable will launch on July 12, but it seems like it won’t be the only device from the company to become official during that event. In fact, HONOR is planning three additional products.

The HONOR Magic V2 foldable is coming on July 12, but it won’t be the only device to launch

The company will announce a tablet, an eSIM smartwatch, and a smart TV too. Do note that we’re talking about a Chinese event here, and chances are that not all of these products will make it to global markets.

The HONOR Magic Vs, HONOR’s latest foldable, did make it to markets outside of China. So, we do hope the same will happen with the Magic V2. When it comes to the other products, we can’t know for sure

Now, the upcoming tablet will be called the MagicPad 13, while the watch will carry the HONOR Watch 4 name. We’re not sure about the name of the smart TV, but it will be a fifth-gen smart TV from the company.

Not much is known about either of these products, only bits and pieces

We don’t have much info about any of these products, to be quite honest. We do know that the tablet will have a 13-inch display, and very thin bezels (for a tablet). The HONOR Watch 4 teaser did appear, and you can check it out below.

HONOR Watch 4 teaser 1

As you can see, this won’t be a round smartwatch. It also seems like it will come with proprietary bands, which is not something we’re happy to see. Not much else is known. In regards to the smart TV, no info leaked out.

If we had to guess, we’d say that both the Magic V2 and MagicPad 13 will make it to global markets. The same will happen with the Watch 4, but the TV will probably stay exclusive to China. We’ll get more info in about a week.


[ad_2]
Source link

Apple could be working on a Mac Monitor that becomes a smart home display

andreasc
-
0
Apple could be working on a Mac Monitor that becomes a smart home display
[ad_1]

According to new reports, a Mac Monitor Smart Home display might be in the works. Netizens have seen the launch of a ton of Mac Monitors in the past, but this one is new to them. The report claims that this monitor would be able to become a smart home display while it’s not in use.

Apple fans would need to take this information with a pinch of salt, as there is no official confirmation. However, considering that it came from Mark Gurman, a reputable Apple tipster, fans can be in anticipation. From the available information (accessible to Power On subscribers) this product would be the first of its kind and might reshape the entire Mac line-up.

Currently, there is no Mac Monitor available for purchase that can serve as a smart home display. This means that there is no Mac monitor out there that can stay on even while it’s not in use. The major reason for this is that all available monitors from Apple don’t have the necessary tech to control their display.

More details on the rumored Apple Mac Monitor Smart Home display

Apple is currently retailing two monitor displays on their official website. These are the Studio Display and the Pro Display XDR, both of which retail above $1000 and use Apple’s Retina display technology. The Studio display is a 27-inch 5K monitor, while the Pro Display XDR is a 32-inch 6K monitor.

Well, unlike a few other monitors in the market, these options from Apple are not AIO (All-In-One) monitors. This is to say that they don’t come with a fully functional built-in process, hence relying on an external device to function. The processors on board are limited in what they can do, as Apple restricts them to a certain extent.

To cope with this users have to use these displays with the Mac MiniStudio, or Pro powerhouses. These PCs from Apple come with the processors necessary for the Studio Display and the Pro Display XDR to function. Therefore, for this rumored Mac Monitor Smart Home display to work, it’d need a fully functional iOS device chip.

With this chip on board, the display would be able to support the Always-On feature. This will further enable it to act like a smart home display when it is not in use. If you wish to purchase this monitor once available, you’d need to wait till next year.


[ad_2]
Source link

World’s first smartphone with 24GB of RAM is now official

andreasc
-
0
World’s first smartphone with 24GB of RAM is now official
[ad_1]

The world’s first smartphone with 24GB of RAM is now official, it’s the RedMagic 8S Pro+. Well, the company announced both the RedMagic 8S Pro and 8S Pro+ variants. The differences are in the RAM, storage, battery and charging departments. RedMagic has been teasing these smartphones for a while now, and now we finally have all the details.

World’s first smartphone with 24GB of RAM is official

The devices got announced in China, but at least one is almost certainly coming to global markets. We’ll have to wait for more info on that, however, as today’s event was fully focused on the Chinese market. Chances are the RedMagic 8S Pro will be launched globally, though.

Let’s talk about the design first. The RedMagic 8S Pro (both the  8S Pro & Pro+ look the same) definitely looks a lot like the RedMagic 8 Pro. The flat sides are once again combined with a flat display that has thin bezels. RedMagic once again opted for an under-display camera, so that you get as much screen real estate as possible.

Three cameras sit on the back of these two devices, and one variant of the phone even features a see-through back. This is a gaming smartphone series, and the phones feature an ICE 12.0 cooling system, which has a 3D vapor chamber, and a graphene heat sink. There is also a cooling fan included in the mix.

An overclocked version of the Snapdragon 8 Gen 2 is used here

These devices come with an overclocked version of the Snapdragon 8 Gen 2, basically the one we’ve seen in the Galaxy S23 series. RedMagic also included up to 24GB of LPDDR5X RAM here (Pro+ model only), and up to 1TB of UFS 4.0 flash storage.

The RedMagic 8S Pro includes a 6,000mAh battery, and supports 80W wired charging. The Pro+ model, however, comes with a 5,000mAh battery, but it supports 165W wired charging.

Shoulder triggers are included in the package, and the same goes for an RGB light on the back. A 16-megapixel under-display camera is used here, and a 50-megapixel main camera (ISOCELL GN5 sensor). An 8-megapixel ultrawide camera also sits on the back, as does a 2-megapixel depth/macro camera.

You do get an audio jack here

RedMagic opted to include a 3.5mm headphone jack on its new devices, while they also support Wi-Fi 7.

The RedMagic 8S Pro with 8GB of RAM and 128GB of storage costs CNY3,999 ($552), that’s the entry-level model. For the top-end variant, though, the RedMagic 8S Pro+ with 24GB of RAM and 1TB of storage, users have to set aside CNY7,499 ($1,036).


[ad_2]
Source link

Burp Suite New GraphQL API to Detect Hidden Endpoints

andreasc
-
0
Burp Suite New GraphQL API to Detect Hidden Endpoints
[ad_1]
Burp Suite GraphQL API

The Burp Scanner’s new GraphQL capabilities allow it to recognize known endpoints, locate hidden endpoints, determine whether introspection or recommendations are enabled, and report when an endpoint fails to validate the content type.

Portswigger, the firm behind the renowned web application security testing tool Burp Suite, has announced that Burp Scanner’s new GraphQL checks will automatically indicate multiple instances of GraphQL vulnerabilities during penetration testing.

CSN

In most cases, implementation and design problems lead to GraphQL vulnerabilities. Attacks using GraphQL often take the form of malicious requests that provide the attacker access to data or allow them to carry out unauthorized operations.

These attacks may be quite damaging, especially if the user manages to obtain administrator rights by tampering with queries or using a CSRF vulnerability. Information disclosure problems may also result from GraphQL API vulnerabilities.

Identify GraphQL API Flaws

Burp Scanner makes it easy to find the GraphQL endpoint on websites rather than having to manually search through them.

“We’ve defined some passive and active scan checks to find known endpoints automatically, allowing you to focus on finding the vulnerabilities,” the company stated.

When deploying a GraphQL endpoint to production by accident, for instance, a developer can do so without using it on the website. 

Even if a site isn’t utilizing GraphQL, Burp Suite will search for common endpoints and finds hidden deployments.

Source : portswigger

Given that a vulnerability will likely be discovered if it’s an unintentional deployment, these endpoints might be an invaluable resource for a tester.

Introspection lets you execute a query on the real schema to discover what queries it supports. Because a website might not wish to reveal the inner workings of its API to the public, it is frequently disabled in production. 

Burp will detect whether introspection is enabled; while this isn’t a vulnerability in and of itself, it may be beneficial to a tester to help test the site and to a developer to serve as a reminder to turn it off in production.

Further, the company stated that to assist in creating a proper query, certain GraphQL servers, such as Apollo, will offer recommendations when you submit an incorrect query.

Hence, even with introspection turned off, a tester may still utilize this to identify the underlying schema by using a word dictionary and the suggested answer as an oracle.

A valid schema may be created from a dictionary using a tool like clairvoyance. You may locate endpoints with recommendations enabled and report them using Burp.

A POST method with an application/json content type is used by the majority of GraphQL endpoints.

A browser cannot make this request without utilizing CORS (Cross-origin resource sharing ) if the content type is appropriately verified since sending the proper content type will be impossible.

This protects the endpoint against CSRF (Cross-site request forgery). 

However, it may be feasible to abuse the GraphQL endpoint by forging queries if a site does not check the content type and does not utilize a CSRF token, provided mitigations like SameSite cookies may be disregarded or neutralized due to the SameSite None flag. 

Burp will alert the user if a POST request with application/x-www-form-urlencoding or a GET request to the endpoint may be forged.

Conclusion

One of the most well-liked approaches to creating APIs and data-driven apps is now GraphQL. Traditional REST APIs provide a predetermined set of endpoints and replies, but GraphQL enables clients to query for just the data they want, increasing flexibility and efficiency for both client and server.

Knowing the most recent tools will help penetration testers uncover the most recent vulnerabilities. Today’s websites frequently employ GraphQL APIs, which expose the attack surface for a variety of security problems.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.


[ad_2]
Source link

Official Nothing Phone (2) images surface ahead of launch

andreasc
-
0
Official Nothing Phone (2) images surface ahead of launch
[ad_1]

The Nothing Phone (2) will become official in about a week, on July 11. As we’re waiting for that to happen, a handful of official Nothing Phone (2) images surfaced online. These images come from Evan Blass aka @evleaks, one of the most prominent tipsters out there.

A handful of official Nothing Phone (2) images leak ahead of launch

Before we get to it, do note that the design of the phone is not exactly a secret now. Nothing partnered up with MKBHD in order to show off the device, in a hands-on video. These images do give us yet another look at the phone, though.

You’ll get to see both color options that will be on offer here, both a white and a dark gray model. That gray variant is replacing the black Nothing Phone (1) model, for better or worse.

Now, the Nothing Phone (2) may look very similar to the Nothing Phone (1), especially at first glance, but there are some differences. Nothing improved the Glyph system on the back, by adding a lot more LEDs, and giving them more functionality.

The device will be easier to hold and use, while its display camera hole also moved

On top of that, the back glass on the phone is now curved, making the device easier and more enjoyable to hold. The sides on the device are still flat, though, and the back glass is see-through, as expected.

The display camera hole is moved to the centered of the display, and the display is still flat. The phone will be made out of metal and glass, as was its predecessor. Two cameras are still placed on the back.

We do know that the Nothing Phone (2) will be fueled by the Snapdragon 8+ Gen 1 SoC. The device will also include a slightly larger display than its predecessor, while retaining a 120Hz refresh rate.

Android 13 will come pre-installed, with a new version of Nothing OS, version 2.0. That build will bring a number of changes to the OS, and based on teasers, quite notable ones.

You’ll get both wired and wireless charging here, stereo speakers, and more. If you’d like to know more about the phone, check out our Nothing Phone (2) preview.


[ad_2]
Source link

Elderly targeted in car accident scam, kingpin arrested

andreasc
-
0
Elderly targeted in car accident scam, kingpin arrested
[ad_1]

The head of a criminal network responsible for defrauding hundreds of elderly people has been arrested, Europol has announced.

The head of a criminal network responsible for defrauding hundreds of elderly people has been arrested, Europol has announced.

After a joint operation in Germany, Poland, and the UK, Europol says the suspect was arrested in London from where he ran a network of fraudsters targeting mainly German and Polish citizens. Europol estimates that the overall damage done by the network amounts to around €5 million, and that €1.4 million of losses were prevented thanks to the successful takedown.

The fraudsters pretended to be police officers or impersonated other official authorities, calling targets to tell them one of their relatives had caused something like a car accident which resulted in injuries or the death of someone else. An accomplice, pretending to be the relative, would cry or scream into the phone frantically, begging the target to lend help.

The end goal was to get the target to hand over an amount of money to avoid the fake relative’s detention. The criminals would then send a person to collect the money at the victim’s doorstep. For this part the criminal network recruited unwitting accomplices for this task through online job platforms, in order to minimize exposure and avoid the risk of arrest of the criminals running the operation.

Targeting the elderly is nothing new, sadly. In many forms of phone scams, the perpetrators pose as close relatives of the targeted victims and pretend to have encountered financial, legal or health difficulties in order to fraudulently obtain money. Europol says:

“Crime targeting elderly citizens through scam calls, where individuals impersonate representatives of police and judicial authorities, poses a grave danger and has a profound impact on the victims. Apart from the suffered and often irrecoverable financial damage, it can cause emotional distress and a loss of trust in legitimate authorities.”

Don’t fall for them

It is important to stay vigilant and protect yourself from scam calls by following these guidelines:

  • Don’t share personal or financial information with unknown or unexpected callers
  • If someone is saying they are a relative of yours, check via another way—by calling them back on their own phone or other means to verify it is really them.
  • Keep in mind that law enforcement and other officials will never ask for money or payments over the telephone or in person by showing up at your door.
  • If you receive a call like this, hang up immediately and tell the police.

We’d also like to point out our 9 basic security tips for seniors to help you stay safe.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Fake reviewers face big fines

andreasc
-
0
Fake reviewers face big fines
[ad_1]

The FTC’s new proposed rule would apply large fines to those found distributing fake reviews online.

The FTC is cracking down on fake reviews. Under the new proposed rules, organisations involved in the buying, selling, and manipulation of reviews could be very much out of pocket. Every time a consumer sees a fake review, it will carry a fine of “up to $50,000” per viewing.

From the FTC release:

Our proposed rule on fake reviews shows that we’re using all available means to attack deceptive advertising in the digital age,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The rule would trigger civil penalties for violators and should help level the playing field for honest companies.”

Fake reviews are a huge aggravation online. Quite often they’re not “just” a bogus review that doesn’t really matter. They trick you into buying substandard products. Bogus offers and deals float to the top of a site’s visibility if they have enough positive entries. People are so enamoured of the best scores imaginable that threats can follow on even when a great (and entirely real) review has been left.

Can you be certain that those eBay reviews are genuine? What about that Etsy seller? Is the unusual but one of a kind item on Amazon being floated to the top of the pile with dozens of fake reviews?

These FTC rules aim to help you find out. The range of topics covered are very comprehensive and cover all the bogus review angles you can think of:

  • Selling or obtaining fake consumer reviews and testimonials: The proposed rule would prohibit businesses from writing or selling consumer reviews or testimonials by someone who does not exist, who did not have experience with the product or service, or who misrepresented their experiences. It also would prohibit businesses from procuring such reviews or disseminating such testimonials if the businesses knew or should have known that they were fake or false.
  • Review hijacking: Businesses would be prohibited from using or repurposing a consumer review written for one product so that it appears to have been written for a substantially different product. The FTC recently brought its first review hijacking enforcement action.
  • Buying positive or negative reviews: Businesses would be prohibited from providing compensation or other incentives conditioned on the writing of consumer reviews expressing a particular sentiment, either positive or negative.
  • Insider reviews and consumer testimonials: The proposed rule would prohibit a company’s officers and managers from writing reviews or testimonials of its products or services, without clearly disclosing their relationships. It also would prohibit businesses from disseminating testimonials by insiders without clear disclosures of their relationships, and it would prohibit certain solicitations by officers or managers of reviews from company employees or their relatives, depending on whether the businesses knew or should have known of these relationships.
  • Company controlled review websites: Businesses would be prohibited from creating or controlling a website that claims to provide independent opinions about a category of products or services that includes its own products or services.
  • Illegal review suppression: Businesses would be prohibited from using unjustified legal threats, other intimidation, or false accusations to prevent or remove a negative consumer review. The proposed rule also would bar a business from misrepresenting that the reviews on its website represent all reviews submitted when negative reviews have been suppressed.
  • Selling fake social media indicators: Businesses would be prohibited from selling false indicators of social media influence, like fake followers or views. The proposed rule also would bar anyone from buying such indicators to misrepresent their importance for a commercial purpose.

The really interesting part here is that it isn’t only the fake review posters looking at a whole lot of trouble. It’s the companies sitting in the middle who should have known reviews are fake too. The FTC is tackling this problem on all fronts, potentially reducing the wiggle-room that those involved typically use to get themselves out of trouble. In software land, “rogue affiliates” take the blame all the time and organisations which should likely also be punished get away with a light slap on the wrist. There’s nothing light about $50k per fake review viewing.

As a final warning bell to those tempted to fake it to make it, this isn’t the only financial penalty waiting in the wings. The FTC would also possess the ability to recover money directly for anyone harmed by the fake reviews.

There will be some limits, however. Social media portals and review sites themselves are free of liability unless involved in the creation of the fake reviews. The Washington Post notes that some of the big players are taking the problems caused by fake reviews seriously. Amazon blocked “more than 200 million suspected fake reviews in 2022”. Elsewhere, Yelp flagged 19% of reviews in 2022 as “not recommended”.

All the same, you often don’t have to look hard to find some bogus reviews. Will a combination of large sites continuing to police their backyards and the FTC bringing the proverbial hammer down turn the tide? Perhaps. Even with the new rules on the horizon, areas outside of the FTCs jurisdiction may not play ball. If you’re not in the US, you may experience spammy and fake reviews for some time to come.

Ultimately, as Samuel Levine of the FTC points out to The Washington Post, big review sites may be “running out of excuses”. If they have the most visibility of all of us into these issues on their sites, they’re almost certainly best placed to put an end to it. If they manage to pull it off, they can have all the five star reviews in town.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Galaxy Watch 6 series spotted in another certification listing

andreasc
-
0
Galaxy Watch 6 series spotted in another certification listing
[ad_1]

After picking up the FCC certification last month, Samsung‘s Galaxy Watch 6 series has just surfaced on the Google Play Console website. The listing doesn’t reveal any new information about the upcoming smartwatches but confirms the return of the Classic model. The new watches will debut later this month.

Spotted by 9to5Google, the Google Play Console website lists four model numbers for the upcoming Samsung watches: SM-R930, SM-R940, SM-R950, and SM-R960. We have long known that these are the Bluetooth versions of the 40mm and 44mm Galaxy Watch 6 and the 42mm and 46mm Galaxy Watch 6 Classic, respectively. These sizes aren’t officially confirmed, but the codenames “fresh6bl” and “fresh6bs” refer to large and small models.

As of this writing, the LTE versions of the Galaxy Watch 6 series haven’t appeared on the Google Play Console website. Their model numbers will replace the “0” at the end with a “5”. Apart from LTE connectivity, everything else will remain the same. The watches will come in the same sizes as their Bluetooth counterparts and will not bring any changes to changes to internals and the design.

Speaking of internals, rumors are that Samsung will offer marginally bigger batteries inside the Galaxy Watch 6. The smaller two models will get a 300mAh battery, while the bigger two models feature a 425mAh battery. The Galaxy Watch 5 series featured 284mAh and 410mAh batteries, respectively. Of course, Samsung launched a Galaxy Watch 5 Pro with a bonkers 590mAh battery last year. But it’s now switching to the Classic model with a physical rotating bezel.

The Galaxy Watch 6 series will bring more upgrades

Despite the same size, the Galaxy Watch 6 series is rumored to feature marginally bigger screens, thanks to Samsung shrinking the bezels. The screens are also sharper than before. Additionally, the company is expected to equip the watches with an improved processor (Exynos W930) for faster performance. The Wear OS 4-based One UI Watch 5 should also bring functional improvements. We are expecting a host of new and improved health features as well.

The Galaxy Watch 6 won’t upgrade in one key area, though. The new swatches aren’t getting faster charging. Samsung is keeping them limited to 10W of wireless charging. It has never shown interest in offering blazing-fast charging speeds on its mobile devices. Most of its smartphones are limited to 25W speeds, including the Galaxy S23 flagship. Stay tuned for the official launch of the Galaxy Watch 6 after this month. The watches will debut alongside new foldables and tablets at Samsung’s Galaxy Unpacked event in South Korea.


[ad_2]
Source link
1...1,1151,1161,117...1,475Page 1,116 of 1,475