Google has recently rolled out a minor change to its contact syncing process on Android devices that may actually have a substantial outcome. This change, when not dealt with correctly, can actually completely wipe your contacts from your phone although they are still saved in the cloud.
As reported by Android Authority, this change is part of the May 24th update to Google Play Services (v23.20) where the changelog indicates that turning off sync with Google Contacts will now remove all the previously synced entries from your Android Phone. This differs from the previous behavior where the contacts would remain on the phone even when sync was off, just not sync any new ones.
This is significant because there could be instances in which this setting could be potentially turned off and the user could mistakenly think that the contact entries have been lost. In reality, all synced contacts can be viewed from any device or the web by navigating to contacts.google.com and these entries remain unchanged unless you manually delete them.
However, the default setting is for the toggle to sync contacts to be on, and turning it off actually requires some extra steps. This ensures that turning off sync is not something you can just do by accident and requires that you navigate through the device’s Settings > Passwords & accounts menu.
The important detail to remember is that should you notice your contacts are missing from your Android phone, the first thing to check is to make sure that contacts sync hasn’t been accidentally turned off. Should you need to immediately access your contacts and cannot wait for a sync to complete, you can also access them via the web.
Meanwhile this new version of Google Play Services also contains bug fixes and new developer features for app developers to support device connectivity features within in their apps. Google Play Services updates normally roll out along with updates to the Android operating system, which in the case of May, rolled out for Android 13 back in the beginning of the month to Pixel and other eligible devices.
GitLab has recently rolled out an emergency update, patching a critical path traversal vulnerability. Users must ensure running the latest patched releases to avoid potential risks.
Path Traversal Vulnerability Riddled Gitlab
According to a recent security bulletin from GitLab, the service has rolled out another major update to the platform. As described, a critical severity vulnerability existed in GitLab that could allow a remote unauthenticated adversary to access files in a public project.
Specifically, the firm described the issue as a path traversal vulnerability allowing arbitrary file read. An attacker may exploit the flaw to “read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.”
GitLab labeled this flaw (CVE-2023-2825) with maximum severity rating, giving it a CVSS score of 10.0. The vulnerability typically affected GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. And the firm patched the issue with the release of version 16.0.1 for GitLab CE/EE.
Besides releasing the fix, GitLab credited the security researcher “pwnie” for reporting the bug via their HackerOne bug bounty program.
For now, the service refrained from sharing further details about the vulnerability. Apparently, it’s a wise step given the highly critical nature of the flaw and the potential risks it could cause to GitLab users if exploited in the wild.
GitLab web versions need no further input from the users as the service has already patched the platform. However, for users running GitLab installations, especially version 16.0.0, the firm urged them to update their devices with the patched release at the earliest.
Besides the fix, no workaround exists to mitigate the flaw, except the fact that it requires a particular structure (an attachment in a public project nested within five groups) which may not apply to all projects. Also, the vulnerability does not affect any GitLab CE/EE releases before version 16.0.0.
Nonetheless, it’s still essential for users to update their systems immediately to remain safe from potential exploitation.
The Motorola Razr 40 has surfaced on both Geekbench and 3C websites prior to its launch. Just to be clear, this is the vanilla Razr 40 model, not the ‘Ultra’ variant that has been intensively leaking over the last couple of weeks.
The Motorola Razr 40 surfaced on both Geekbench & 3C websites
In any case, the phone surfaced on Geekbench and 3C websites under the ‘XT2323-3’ model number. The Geekbench listing does confirm that the phone will be fueled by the Snapdragon 8 Gen 1 SoC.
Truth be said, that’s a bit weird, as the Snapdragon 7 Gen 2 is already out there. It seems like Motorola opted for a first-gen option instead. In any case, the listing also says that the device will include 12GB of RAM.
Android 13 inclusion is also mentioned here. Motorola will add some of its apps and features on top of Android 13, but it should look fairly similar to stock Android overall.
Now, the 3C certification added one detail to the mix, 33W charging. The Motorola Razr 40 will offer 33W wired charging, while no other details were mentioned. Wireless charging almost certainly won’t be on offer.
The Motorola Razr 40 & Razr 40 Ultra will launch on June 1
Now, the Motorola Razr 40 will debut on June 1, globally. That launch date has been confirmed by the company quite recently. The device will launch alongside the Motorola Razr 40 Ultra aka Razr+, which will be considerably more powerful.
The Razr 40 Ultra is tipped to utilize the Snapdragon 8+ Gen 1 SoC, along with 8GB/12GB of RAM and a 3,800mAh battery. That device will also offer 33W wired charging, and a 12-megapixel main camera. A 13-megapixel ultrawide camera was also mentioned.
The Motorola Razr 40 Ultra will have a much larger cover display than its sibling. It will actually have the largest cover display of any clamshell foldable, a 3.5-inch unit.
A mysterious Samsung device with an unreleased Exynos processor recently surfaced in a Geekbench machine learning (ML) benchmark. The device in question bears the model number SM-S9190, suggesting that it’s a flagship smartphone from the Galaxy S line. But the chip powering it has the model ID S5E9935, which has been previously associated with the Exynos 2300 that never saw the light of day. It features an unusual setup with nine CPU cores.
The Exynos 2300 chip was in the works with a nine-core CPU setup
There have been reports last year that Samsung is readying a new flagship Exynos chip with nine CPU cores. The company planned to launch it as the Exynos 2300, but it ended up canceling the chip altogether. However, the same model ID associated with this unreleased chip has now surfaced on Geekbench along with a nine-core CPU setup. It has one prime core operating at 2.60GHz, four mid-cores at 2.59GHz, and four efficiency cores at 1.82GHz.
The CPU frequency is a lot lower than what you’d expect on a flagship processor, or what we’ve heard in rumors (peak frequency of 3.09GHz and base frequency of 2.1GHz). But that isn’t unusual in early benchmark runs. After all, it’s an ML test (the device scored 456, which is quite low too). Meanwhile, we can see that Samsung has paired the CPU with an Xclipse 930 GPU. This GPU doesn’t exist but the Exynos 2200 has the Xclipse 920 GPU.
The Geekbench listing doesn’t tell us anything else, at least not notable. We can see the device boasts 8GB of RAM and runs Android 13. But the identity of the device isn’t revealed. There haven’t been any rumors about an SM-S919*. The Galaxy S23 Ultra bears the model number SM-S918*.
Could this be the Galaxy S23 FE?
Shortly after this Geekbench entry went live, the blogosphere went abuzz with rumors that the mysterious device in question could be the Galaxy S23 FE. Samsung is gearing up to launch a new FE model later this year, equipping it with an Exynos chip globally. But this may not be the phone we are expecting. Here’s why.
For one, the Galaxy S23 FE is rumored to bear the model number SM-S711*. Of course, Samsung could change the model number ahead of launch, or even use a fake one to hide the identity during early test runs. But then, the device we see in this Geekbench listing is running firmware version S919OXXU0AVI1. That’s a build from September 2022. For the uninitiated, the second to last character indicates the month (I=September), while the third to last character indicates the year (V=2022).
It’s unusual for a company to test a new device running a several months old software build. Samsung’s Android 13 update wasn’t official back then. So that’s another red flag. On top of this, rumors have suggested that the Galaxy S23 FE will get Samsung’s Exynos 2200 chip globally. Joining all the dots together, it appears highly unlikely that we are looking at Samsung’s new FE phone here. However, nothing is set in stone as yet, so things may still take a more favorable turn in the coming months.
But as things stand, this mystery of the unreleased Samsung phone seen on Geekbench remains unsolved. Perhaps this might be the right time to remember that it isn’t impossible to spoof Geekbench entries. Any device can be passed through the site as something different. Most of these entries are usually legitimate, but there have been cases of fake Geekbench runs in the past. So bear that in mind and wait for more details about the Galaxy S23 FE and the next-gen flagship Samsung Exynos processor.
The days of having to give out your phone number in order to be added as a contact on WhatsApp may soon be over. In the latest beta version of the app, WhatsApp is laying the groundwork on a new feature that may allow you to set a username instead, among other new features
The information comes to us from wabetainfo where it was discovered that the newest version of WhatsApp for those enrolled in the beta program included a username option. This feature is not yet live to users, even those in beta, but in development. The option will be available within the Settings menu under Profile for all platforms.
Currently, users can only change their profile picture and status, so having the ability to also set up a username will definitely make it easier for users to identify one another both in individual and in group chats. Additionally, this opens up the possibility that you may no longer need to reveal your phone number to contacts within WhatsApp, making this a much more secure way to communicate.
Image Source – WABetaInfo
Although not as popular in the U.S. as it is in other countries, WhatsApp is widely used in the U.S. to communicate with international users as well as within certain demographics that are already used to using the app rather than the built-in messaging app on their devices. The one caveat to this is that, just as with messaging, your username is your phone number, which you may or may not want to reveal to certain parties. However, with this promising feature, those days may soon be a thing of the past.
In addition to adding usernames, it was discovered in the latest WhatsApp Beta for Android, version 2.23.11.19, that the company is also testing a new feature that allows users to share their screen during voice and video calls. The feature is still in development and is not yet available to all beta users. The screen sharing feature is expected to be available for both one-on-one and group calls.
The immediate consequence was that the price of the native token of the Jimbos Protocol, Jimbo (JIMBO), plummeted by 40%.
In the ever-evolving world of decentralized finance (DeFi), security remains a persistent challenge. The latest victim of a protocol hack is Jimbos Protocol, a decentralized liquidity platform operating on the Arbitrum system. The attack resulted in a loss of 4,000 Ether (ETH), valued at around $7.5 million during the incident.
The attack on Jimbos Protocol exploited a critical vulnerability related to the lack of slippage control on liquidity conversions. While slippage typically refers to price discrepancies during volatile market conditions, this particular vulnerability allowed liquidity to be invested at inconsistent or distorted prices. Attackers took advantage of this loophole by executing reverse swap orders, manipulating the price range to their advantage.
It appears today’s @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).
This hack is due to the lack of slippage control of liquidity-shifting operation — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojzpic.twitter.com/TPlqNlvnZD
The immediate consequence was that the price of the native token of the Jimbos Protocol, Jimbo (JIMBO), plummeted by 40%. However, despite the hack, the broader cryptocurrency markets remained resilient, indicating investors’ confidence in distinguishing protocol-specific vulnerabilities from wider market instability.
The Jimbos Protocol hack joins a growing list of DeFi protocol breaches, emphasizing the persistent need for enhanced security measures. This incident further highlights the importance of integrating robust slippage-controlled procedures into DeFi protocols to deter price manipulations and protect user funds.
By observing the trend of increasing attacks against DeFi protocols, we can recognize the need of conducting comprehensive security audits and testing before launching new protocols. While Jimbos Protocol aimed to address liquidity and volatile token prices through a novel testing approach, the inadequately developed mechanism left the protocol vulnerable to logical exploits.
In response to the attack, Jimbos Protocol promptly acknowledged the incident and announced a collaboration with law enforcement agencies and cybersecurity professionals. Such collaborative efforts are vital to mitigating the impact of security breaches and recovering stolen funds.
Quick update:
We are already working with multiple security researchers and on-chain analysts who helped with both the Euler Finance and Sentiment exploits.
We will start working with law enforcement agencies tomorrow by 4PM UTC if this isn’t sorted out by then.
— Jimbos Protocol (v2, soon) (@jimbosprotocol) May 28, 2023
Samsung may offer the Galaxy Z Flip 5 in a host of colors. Early rumors have named at least eight color variants for the upcoming clamshell foldable. The Galaxy Z Fold 5 may come in at least five colorways. The two foldables are expected to arrive in late July.
Noted industry insider Ross Young, who is also the CEO of Display Supply Chain Consultants (DSCC), revealed early last month that Samsung is readying the Galaxy Z Flip 5 in Beige, Gray, Light Green, and Light Pink colors. The Galaxy Z Fold 5, on the other hand, was in development in Beige, Black, and Light Blue colors. Young said that the Korean firm may develop more color variants of the two foldables down the line.
Sure enough, the same source has now confirmed that the Galaxy Z Flip 5 is getting Blue, Green, Platinum, and Yellow color options. Likewise, the Galaxy Z Fold 5 will come in Blue and Platinum colors as well. As usual, Samsung would give some fancy names to all or some of these colorways. It may also keep a few of those colors exclusive to its online store while offering the others through most of its global retail channel partners.
Samsung may offer the Galaxy Z Flip 5 in Bespoke Edition
If history is any indication, the Galaxy Z Flip 5 should be available in Bespoke Edition as well. It lets buyers choose their preferred color combination for the phone’s external components. They have to select one of the provided color options for the two back plates and the frame. Last year’s mode was available in a total of 75 color combinations, while the Flip 3 before it came in 49 different colorways (Bespoke Edition).
That said, the top half of the Galaxy Z Flip 5’s backside will mostly be a screen. Samsung is fitting the new clamshell foldable with a much bigger cover display than its predecessors. We are talking about a 3.4-inch square-ish display on the outside, with is notably bigger than the 1.9-inch rectangular panel found on the Flip 4 and Flip 3. So things could work a little differently this time around.
Thankfully, we may not have to wait much longer for more details. The new foldables aren’t too far off now. Rumors are that Samsung will unveil the Galaxy Z Flip 5 and Galaxy Z Fold 5 in late July. The company is planning to hold its next Galaxy Unpacked event on July 26. We should hear more about the new foldables ahead of that, including the total possible color combinations for the Bespoke Edition Galaxy Z Flip 5.
The iPhone 15 Pro Max won’t get a new main camera sensor, or display, it seems. The device is tipped to retain the same main camera and display as its predecessor, the iPhone 14 Pro Max.
The iPhone 15 Pro Max won’t include a new main camera sensor
That information comes from Revegnus, a tipster. To be more accurate, the iPhone 15 Pro Max will feature a 48-megapixel main camera (Sony’s IMX803 sensor), and an M12 panel.
On top of that, the tipster said that the Apple A17 Bionic will fuel the phone, which is Apple’s upcoming 3nm processor. On top of all that, he confirmed that the device will include 8GB of LPDDR5 RAM.
It’s not exactly a secret that Apple doesn’t always go for the latest components available. That will be the case with RAM inside of this phone. LPDDR5X RAM has been available out there for a while now, and pretty much every mainstream Android flagship already uses it. Apple’s upcoming flagship will not, however.
It’s not exactly surprising that Apple will stick with the same main camera and display, however. The company doesn’t have a tendency to replace such components frequently, so… there you have it.
We do expect to see improvements in the camera department, however. Android flagships have been knocking it out of the park in the camera department, so Apple will have to step up this year.
The device will get a periscope camera, finally
It is worth noting that Apple does plan to include a periscope camera inside the iPhone 15 Pro Max. The regular ‘Pro’ model won’t get it (until next year), but the Pro Max will. That will be the first time Apple offers a periscope camera in one of its smartphones.
The entire iPhone 15 series will feature Type-C USB ports for the first time ever. All phones will also include a Dynamic Island this time around, even the non-Pro models.
I’m not sure when the digital age started, but I’m certain that we’re all living in it today. Most of us are carrying pocket PCs in the form of some of the best smartphones out there and we’re almost terminally online.
While that certainly has its advantages, one of the biggest disadvantages — which in recent years has gathered even more traction, thanks to the rise of AI — is disinformation. What may start out as a little joke or white lie may grow into a monster of its own online that is severely difficult to combat.
But us humans, we’re good at regulating things! So institutions like the EU stepped in with things such as the Code of Practice against disinformation as a tool for self-regulation for those, who are especially vulnerable to disinformation, such as social media platforms.
But what happens when one of the biggest players like Twitter outright leaves the pact?
Twitter leaves EU voluntary Code of Practice against disinformation.
But obligations remain. You can run but you can’t hide.
Beyond voluntary commitments, fighting disinformation will be legal obligation under #DSA as of August 25.
Well, you get a Tweet from Thierry Breton – EU commissioner extraordinaire – stating “You can run, but you can’t hide”. Said Tweet was first spotted by TechCrunch and serves to say that even if Twitter has officially fled from the Pact, that doesn’t remove its obligations to it.
As Engadget details, a key part of this story is that Twitter signed the EU’s pact before Musk’s takeover last year. But here’s the thing: while the EU can’t force you to join the pact, it can punish you for leaving it.
This can lead to fines up to 10% of Twitter’s global annual turnover for infractions with an additional 20% for repeat instances for not sticking to the agreement. And by the looks of things, Mr. Breton certainly sees these fines as part of Twitter’s possible future.
Of course, nothing is final yet. Given that Twitter is one of the largest online platforms — and the first to step out of the pact — it will be interesting to see how things play out. As of now, Musk hasn’t commented on the situation, but we’re eager to hear out his motivation for this as well.
Bandit Stealer, a recently discovered information stealer by Trend Micro, effectively targets cryptocurrency wallets and web browsers while skillfully avoiding detection.
The malware prioritizes Windows as its target and leverages the legitimate command-line tool runas[.]exe to execute programs under different user permissions.
The objective is to elevate privileges, gain administrative access, and bypass security measures to collect extensive user data efficiently.
Evasionof Antivirus
Due to its use of the Go programming language, the malware exhibits cross-platform compatibility, enabling it to expand its impact to various platforms.
Bandit Stealer employs sandbox detection mechanisms to adapt its behavior and evade detection or analysis based on specific indicators it checks for:-
container
jail
KVM
QEMU
sandbox
Virtual Machine
VirtualBox
VMware
Xen
Including a Linux-specific command in the malware suggests that it may be designed to infect Linux machines and is likely undergoing testing, as accessing the “/proc/self/status” file path on a Windows system would lead to an error.
The malware retrieves and saves the content from a Pastebin link (hxxps[:]//pastebin[.]com/raw/3fS0MSjN) in the AppData folder, as a file called “blacklist.txt.”
Here below, we have mentioned all the details that this list contains:-
Hardware IDs
IP addresses
MAC addresses
Usernames
Hostnames
Process names
While all these details primarily serve the purpose of identifying whether the malware is operating within a sandbox or undergoing testing.
Distributionof the Malware
The malware spreads via phishing emails, disguising itself as a harmless MS Word attachment that distracts the user while initiating the infection process in the background.
Microsoft’s access control mechanism runs malware as an administrator with credentials, useful when the user lacks sufficient privileges for program execution.
The malware modifies the Windows Registry, persists, and collects personal and financial data from crypto wallets and web browsers.
Bandit Stealer steals Telegram sessions
Bandit Stealer steals Telegram sessions for unauthorized access, enabling impersonation and malicious actions like accessing private messages and data.
Browsers & Wallets Scanned
Here below, we have mentioned the browsers:-
7Star
YandexBrowser
Brave-Browser
Amigo
Torch
Google Chrome Canary
Google Chrome
Cent Browser
Sputnik
Iridium
Orbitum
UCozMedia
Epic Privacy Browser
Microsoft Edge
Kometa
Here below, we have mentioned all the wallets that are scanned:-
Clover Wallet
Jaxx Liberty
Wombat
TronLink
Trust Wallet
Crypto.com
BitKeep: Crypto & NFT Wallet
Here below, we have mentioned the types of data that are stolen from the victim’s browser:-
Stolen information from Bandit Stealer and similar stealers enables attackers to engage in identity theft, data breaches, financial gain, account hijacking, credential-stuffing, selling to other cybercriminals, and conducting follow-on attacks like double extortion and ransomware.
