YouTube is making the Community tab available to more creators

andreasc
-
0
YouTube is making the Community tab available to more creators
[ad_1]
YouTube’s Community tab is now open to all creators, regardless of subscriber count. Previously, this was only available to creators with more than 500 subscribers, but a recent change in policy now makes it possible for all YouTube content creators to enjoy this benefit.
The announcement was made via a post on the YouTube help community where the company encouraged all its creators to take advantage of this once exclusive feature and use it to form closer relationships with their viewers. Community Posts have always been a great way for creators to connect with their subscribers and get feedback on their content. It is also a great way to promote upcoming videos and other projects.
Creators that would like to begin using the Community tab right away will need to first sign up for advanced features by verifying their phone number and ID. This can be done from YouTube Studio’s Settings > Channel > Feature eligibility > Intermediate features > Verify phone number. Once the phone number is verified, creators can then sign up for Advanced features following the same menu prompts. However, the advanced features will require the upload of valid identification or a video to confirm identity.
Once the feature is enabled, creators simply need to go to their YouTube Studio and click on the “Community” tab. They can then start posting content and their subscribers will be able to see the posts in the Community tab on the creator’s channel page.
YouTube is making the Community tab available to more creators

In the announcement, YouTube also mentioned that this feature was highly requested last year by creators using the “Send feedback” link or by tweeting directly at the @TeamYouTube handle. Though not explicitly said, I believe one can assume the decision to open up this feature was largely due to that. The Team YouTube twitter handle has been very responsive with the community and it’s great to see YouTube taking the necessary steps to keep its creators and subscribers more engaged within their respective communities.


[ad_2]
Source link

18-Year-Old Charged in Massive DraftKings Data Breach

andreasc
-
0
18-Year-Old Charged in Massive DraftKings Data Breach
[ad_1]

A Madison, Wisconsin teen has been charged with a massive credential stuffing attack that targeted DraftKings users in November 2022.

Madison, Wisconsin – In December 2022, an in-depth report by Hackread.com shed light on a series of data breaches that had targeted two prominent online casinos, DraftKings and BetMGM. Now, an 18-year-old Wisconsin man has been accused of orchestrating a credential-stuffing campaign that targeted users of the popular US betting platform DraftKings.

Joseph Garrison, hailing from Madison, was charged Thursday, May 18, 2023, with a slew of serious offences, including conspiracy to commit computer intrusions, unauthorized access to a protected computer, wire fraud conspiracy, and aggravated identity theft. If convicted, Garrison could face a maximum sentence of 57 years.

The alleged attack took place on November 18, 2022, of the previous year, when Garrison supposedly initiated his assault on unsuspecting DraftKings customers. Employing classic credential stuffing techniques, the teenager reportedly utilized stolen lists of usernames and password combinations to gain simultaneous access to various online accounts that may have shared identical login credentials.

Garrison’s modus operandi allowed him to breach approximately 60,000 user accounts on the DraftKings platform. Through his unauthorized access, he was able to add new payment methods to targeted accounts, deposit a nominal sum of $5 to verify the validity of the payment method, and subsequently withdraw all available funds.

The extent of the financial damage caused by Garrison and his cohorts is estimated to be around $600,000, affecting approximately 1,600 victim accounts. This figure, as disclosed by the US Attorney’s Office for the Southern District of New York, surpasses initial estimates, which had suggested that only $300,000 was stolen from customer accounts during the incident.

In a startling revelation, law enforcement officers who conducted a search of Garrison’s residence in February discovered incriminating evidence. They stumbled upon credential stuffing software, including 700 “config” files used for dozens of targeted websites, as well as files containing a staggering 40 million login combinations.

Furthermore, Garrison’s smartphone contained conversations with co-conspirators detailing strategies for hacking into DraftKings accounts and extracting funds. In one particularly damning exchange, Garrison allegedly expressed his delight in fraudulent activities, stating, “Fraud is fun… I’m addicted to seeing money in my account.”

Teen Charged with Massive Credential Stuffing Attack on DraftKings Users
DraftKings’ Response to the Breach

The case against Garrison serves as a stark reminder of the growing threat posed by cybercriminals utilizing credential-stuffing techniques. DraftKings, a prominent platform in the online betting industry, was targeted in this sophisticated attack, leading to significant financial losses for numerous users.

As cybersecurity continues to be a pressing concern, both individuals and organizations must remain vigilant in safeguarding their personal information and employing strong, unique passwords across various online accounts.

  1. Ransomware Group ‘FIN10’ Hacked Casinos
  2. Computer System of Canadian Casino Hacked
  3. Casino Hit by Data Hack, courtesy of Fish Tank
  4. Gambler Hacks Casino Cams To Win $33.2 Million
  5. Casino’s fish tank thermometer hacked to steal data

[ad_2]
Source link

TikTok ban in Montana is already facing a lawsuit from creators

andreasc
-
0
TikTok ban in Montana is already facing a lawsuit from creators
[ad_1]

It didn’t take long for a legal challenge to Montana’s TikTok ban. A day after Governor Greg Gianforte announced a statewide ban on the popular video-based social media app, five TikTok creators have filed a lawsuit challenging the decision. They claim the Montana law, SB 419, is unconstitutional and violates their First Amendment rights. The ban is to take effect on January 1, 2024, but these kinds of legal hurdles may delay it.

TikTok creators file lawsuit calling the ban in Montana unconstitutional

Earlier this week, Montana became the first US state to ban TikTok. The newly-signed law prevents mobile app stores such as the Google Play Store and the Apple App Store from letting users download the app within the territorial jurisdiction of the state. Operators of these stores could face a fine of $10,000 per violation per day, though there’s no penalty for residents who continue to use the app even after the ban is effective.

Montana’s decision came amid a nationwide debate over whether TikTok is a threat to national security. There are concerns that the app’s Chinese owner ByteDance has backdoors for the Chinese Communist Party (CCP), the sole ruling party of the country. It may expose American users’ data to the CCP, thus posing a risk to their privacy. The app is already banned on government-owned devices in most US states over similar concerns.

However, unsurprisingly, TikTok creators in Montana aren’t happy with the decision. Many of them earn their livelihood from the app and have expectedly taken the court’s route to try and block the ban from taking effect at the beginning of the next year. The lawsuit is filed by Davis Wright Tremaine LLP in the United States District Court of Montana on behalf of TikTok creators. Ambika Kumar, who represented other creators in securing an injunction of President Trump’s 2020 ban on the app, is leading the case (via).

“Montana has no authority to enact laws advancing what it believes should be the United States’ foreign policy or its national security interests,” the plaintiffs argue. “SB 419 is unconstitutional and preempted by federal law. The Act violates the First Amendment and the Due Process Clause of the Fourteenth Amendment, as well as the Foreign Affairs and Commerce Clauses of the United States Constitution.”

There may be more legal challenges to this decision

This lawsuit from TikTok creators may just be the beginning. Montana’s statewide ban on the app may face more legal challenges. The state’s Attorney General Austin Knudsen recently said that they were already expecting these lawsuits. “There are some important issues here that I do think we probably need the federal courts to step in and answer for us here,” he said in an interview on Fox News. “That was part of our calculus in bringing this [law].”

As of this writing, TikTok hasn’t announced if it plans to take Montana lawmakers to court over this ban. But the company is likely to bring its litigation over the matter. In a statement following the announcement of the ban, a TikTok spokesperson said that the firm will “defend the rights of our users inside and outside of Montana”. Meanwhile, federal officials are considering a nationwide ban on the app. Time will tell what the future holds for TikTok in the US.


[ad_2]
Source link

Google Bard vs ChatGPT

andreasc
-
0
Google Bard vs ChatGPT
[ad_1]

There’s a war going on between ChatGPT and Google Bard. Both chatbots are insanely powerful, and they’re good enough to really help people out (or help them out of a job). Since Google is positioning Bard strictly against ChatGPT, it was only a matter of time before someone pitted them together. Here’s Google Bard vs. ChatGPT.

In this article, we’re going to compare both of these bots in several areas: Speed, Conversational skills, Information, Tips, Written Content, and Features. These are some of the more important skills that an AI chatbot can possess.

If you’re curious to know more about these chatbots, we have a ton of content that you can read. Firstly, we have everything you need to know about Google Bard (click here) and ChatGPT (click here). If you want to know how to use ChatGPT, click here, and if you want to see a comparison between ChatGPT and Snapchat’s My AI, click here.

[Disclaimer, this was written after Google unveiled additional features for Google Bard during Google I/O. There are features still on the way, and this article will be updated to reflect them. Also, I’m comparing Bard to ChatGPT version 3.5 updated on the May 12 2023 release. This is the version that is available to the general public at no charge.]

Google Bard vs. ChatGPT: Speed

When it comes to speed, both chatbots are about neck and neck. Before, ChatGPT lagged behind the competition when it came to speed, but OpenAI sent an update to the chatbot that gave it a notable speed boost.

You still see ChatGPT type out its responses word by word, but it’s much quicker than before. Having both of the chatbots generate responses with 100, 200, and 300 words, they were never more than about a second off from each other. There was one exception where Bard generated a response in five seconds, and ChatGPT took eight seconds.

Google Bard vs ChatGPT: Conversational Skills

The goal of chatbots is to give you responses that come off as human as possible. In terms of how conversational these bots are, they’re both very similar and very different at the same time.

Both bots are heavy on the tips and information. I typed in “My cat died”, and both of them offered condolences followed by a bunch of tips on how to deal with grief. When I typed in “I’m thinking of picking up a hobby”, they both delivered lengthy lists of potential hobbies that I could get into. I typed that I was getting into astrology, and both chatbots explained what it is and some of its history.

Between both chatbots, Google Bard was more succinct with its responses. ChatGPT’s responses are more long-winded, which isn’t really a bad thing; you can’t argue with more information. If you’re looking for more of a straight-to-the-point answer, then you’d want to use Bard. If you want a more fleshed-out answer, then ChatGPT is the one for you.

Google Bard vs ChatGPT: Information

This one is a bit complicated because of where these two chatbots are in their development. Ostensibly, Google should take the crown on this one. ChatGPT, notoriously, doesn’t have access to the internet, and its knowledge of the world stops at 2021. However, as of May 2023, the beta version of ChatGPT is looking to implement a plugin to surf the internet. As it stands, that functionality isn’t available to the public, however.

As stated above, these chatbots are engineered to serve you useful information. They’re like teachers who try to squeeze a lesson into every casual conversation. Bard and ChatGPT are both pretty thorough in their responses, and they sometimes produce responses with comparable information.

But, ChatGPT is often more thorough with its responses. As said before, Bard is more succinct. Its paragraphs and bullet points often contain less information. ChatGPT really drives home the point and expands on the information it offers.

Google Bard vs ChatGPT: Tips/Advice

When it comes to giving tips and advice, the two chatbots take different approaches. ChatGPT is more straightforward with its responses. If you ask for tips or advice, it’ll start you off with a quick introduction, and then it will give you a list of the tips with a closing paragraph- plain and simple.

Bard’s responses are more well-rounded. It will still start you off with an intro and it will still give you a list of tips. However, Bard will provide additional information. It would tell you additional things to keep in mind and give you examples of what you should and shouldn’t do. It focuses on the information and gives you extra.

Google Bard vs ChatGPT: Written content

Aside from being your friend and your encyclopedia, these chatbots are good authors. They can produce original written content based on your input. The story with written content continues the theme established earlier on. Bard’s content is shorter. I asked both of them to generate eulogies, stories, scripts, and other content, and each time, ChatGPT’s responses were longer and more fleshed out.

Scripts are more detailed with ChatGPT, stories are more descriptive, eulogies try more to add emotion and substance, and so on. If you’re looking to create content, you won’t really go wrong with either, but ChatGPT will definitely give you more satisfying results.

Google Bard vs ChatGPT: Features

Being powerful and generating responses are great, but what about the extra goodies? This is where Google takes the cake, and it’s not hard to see why. When ChatGPT first launched, it seemed like it had Google in a headlock, and Bard didn’t do much to turn people away from ChatGPT. However, after Google I/O 2023, it seemed that the search giant brought out the big guns.

The one feature that ChatGPT has over Bard is the chat history feature. You’re able to go back to older conversations and pick up where you left off.

In the case of Bard, Google used its available services to deliver some amazing features. Some of these features are in the process of rolling out, so you won’t be able to use some of them at the moment.

Google can scan images using Lens, give you image results, generate code and tell you why it works, export directly to Docs and Gmail, let you type prompts using your voice, use plugins to integrate with different services, generate three responses at a time, give you SEO advice on websites, and more.

Google has built an empire of services that can benefit from Bard, so it’s no shocker that ChatGPT can’t keep up in that regard. If you’re looking for robust features that will increase your workflow or just make life easier, Bard is the bot for you.

Conclusion

So, which bot should you use? Both chatbots are great at the basics, and they manage to bring their own flavor to their responses.

You should use Bard if:

  • You want a more robust and integrated experience
  • You want more short and to-the-point responses
  • You want more well-rounded advice and tips

You should use ChatGPT if:

  • You want more fleshed-out responses
  • You’re going to be generating more written content

[ad_2]
Source link

Data of two million Toyota customers exposed

andreasc
-
0
Data of two million Toyota customers exposed
[ad_1]

A cloud misconfiguration in car manufacturer Toyota’s servers may have leaked sensitive information belonging to more than two million customers.

The cloud misconfiguration meant that sensitive information for those who subscribed to Toyota services T-Connect, G-Link, G-Link Lite and/or G-BOOK between January 2, 2012 to April 17, 2023 was accessible to unauthorized parties from November 6, 2013 to April 17, 2023.

The data includes location information for impacted vehicles andthe time the vehicle was at said locations, as well as the in-vehicle terminal ID and Vehicle Identification Number (VIN).

Unauthorized parties may have also been able to access “video taken outside the vehicle with a drive recorder collected from corporate services provided [Toyota]” between November 14, 2016 and  April 4, 2023.

Toyota cited an “insufficient explanation and thoroughness of data handling rules” as the reason for the cloud misconfiguration. To prevent further leaks, the company has said it will be “thoroughly educating employees and working to prevent recurrence”, as well as introducing “a system to audit cloud settings, conduct a setting survey of the cloud environment and build a system to monitor the setting status on an ongoing basis”.

Toyota has said that once the misconfiguration was discovered, processes were implemented to prevent further data leaks. The company has also said that it will be investigating all cloud environments managed by Toyota to prevent further cloud misconfigurations and leaks.

The car manufacturer will be contacting all those affected by the leaks in addition to setting up a dedicated call center to “answer questions and concerns” from customers.

Unfortunately, this is not the first time that Toyota T-Connect has been involved in a data leak.

Toyota T-Connect source code posted to GitHub

On October 7, 2022, Japanese car manufacturer Toyota issued an apology after it was discovered that third parties may have gained unauthorized access to customer details between December 2017 and September 2022. 

The breach occurred because a section of the source code for T-Connect, an app which allows customers to connect their phone to their car, had been posted on source code repository GitHub in December 2017. As the source code contained an access key for the server, this may have allowed unauthorized access to customer data for five years.

Any customers who registered for the app from December 2017 to September 2022 were at risk of having their data accessed, meaning the data for a potential 296,019 customers may have been leaked. The information available included email addresses and customer management numbers. Personal or sensitive information including payment card information, name and address were not leaked.

Following a security investigation, Toyota said that while it “cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored, at the same time [it] cannot completely deny it”.

Toyota also said that it would individually notify all those who were affected by the breach. 


[ad_2]
Source link

Keeper Password Vulnerability Let Hackers Gain Master Password

andreasc
-
0
Keeper Password Vulnerability Let Hackers Gain Master Password
[ad_1]
Keeper Password Vulnerability

KeePass, a widely used password manager application, is vulnerable to a security flaw that gives the threat actors ability to extract the master password from the memory of the app.

This vulnerability poses a significant risk as attackers can retrieve the password even when the database is locked, putting user data at risk if a device is compromised.

A security researcher named ‘vdohney’ identified the vulnerability and tracked the flaw as “CVE-2023-3278.” While apart from this, the researcher also developed a proof-of-concept tool (KeePass Master Password Dumper) to demonstrate how attackers can extract the KeePass master password from memory.

Keeper Password Vulnerability

Password managers eliminate the need to memorize multiple passwords for every account by generating distinct or unique passwords for each and storing them securely.

To ensure the security of the password vault, users need to remember a single master password that encrypts the KeePass database, restricting access to stored credentials.

If the master password is compromised, then unauthorized individuals could gain unrestricted access to all the credentials stored within the database, posing a serious threat.

To ensure robust security for a password manager, users must prioritize safeguarding their master password and refrain from sharing it with others.

The vulnerability, CVE-2023-3278, allows for retrieving the KeePass master password in clear text form, except for the first few characters, regardless of the locked workspace, enabling the recovery of most of the passwords in plaintext form.

A memory dump from various sources, such as process dump, swap file, hibernation file, or RAM dump, can be utilized without requiring code execution on the target system.

The flaw stems from KeePass 2.X’s usage of a custom password entry box called “SecureTextBoxEx,” which inadvertently stores traces of user-typed characters in memory, posing a risk for recovering passwords not only for the master password but also for other password edit boxes within KeePass.

The vulnerability, CVE-2023-32784, affects KeePass 2.53.1 and potentially its forks. However, it seems that the flaw doesn’t affect the:-

  • KeePassXC
  • Strongbox
  • KeePass 1.X

While the exploit is not limited to Windows and can be adapted for Linux and macOS, as it stems from how KeePass handles user input rather than being OS-specific.

Recommendation

Here below, we have mentioned all the security steps that the expert offers to secure your app:-

  • Make sure to change your master password immediately.
  • Delete the hibernation file.
  • Make sure also to delete the pagefile/swapfile.
  • To prevent carving, overwrite the deleted data on the HDD.
  • Lastly, restart your system.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

EHA

[ad_2]
Source link

KeePass vulnerability allows attackers to access the master password

andreasc
-
0
KeePass vulnerability allows attackers to access the master password
[ad_1]

There is a Proof-of-Concept available for an unpatched vulnerability in KeePass that allows attackers to dump the master password.

KeePass is a free open source password manager, which helps you to manage your passwords and stores them in encrypted form. In fact, KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc.

That encrypted database can only be opened with the master password. You absolutely do not want an attacker to get hold of your master password, since that is basically the key to your kingdom—aka “all your passwords are belong to us.”

However, a researcher has worked out a way to recover a master password, and has posted KeePass 2.X Master Password Dumper on GitHub.

The description of the vulnerability (CVE-2023-32784) says:

“In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.”

The issue was reported to the developer of KeePass on May 1, 2023 and relies on the way that Windows processes the input of a text box. 

Since the developer has fixed the issue, this would normally be the place where we tell you to update KeePass. Unfortunately, a release for the new update (2.54) is not expected for a few months, since the developer is still working on a few other security related features.

However, there is no reason for most KeePass users to immediately panic and switch to a different password manager, because it would be very difficult for an attacker to get their hands on a memory dump of your system without you noticing. That being said, the gravity of the situation is different for people that are afraid their system might be confiscated and submitted to forensic analysis.

Protection

There are a few things you can do if you’re worried about this vulnerability.

  • KeePass can be used with YubiKey. A YubiKey is a USB stick which, when inserted into a USB slot of your computer, allows you to press the button and the YubiKey will enter the password for you. This keeps the password out of the text box and it doesn’t end up in the system memory.
  • Scan your system for malware. It is feasible that malware could be used to remotely fetch a memory dump from an infected system.
  • Turn on device encryption to keep unauthorized users from accessing your system.

For those with the more serious threat model of system confiscation that we mentioned earlier, the researcher that found the issue posted the advice to follow these steps:

  • Change your master password
  • Delete hibernation file
  • Delete pagefile/swapfile
  • Overwrite deleted data on the HDD to prevent carving (e.g. Cipher with /w on Windows)
  • Restart your computer

Or just overwrite your hard disk drive (HDD) and do a fresh install of your operating system (OS).

That looks a bit over the top for most users, and most will not need to do it. However we do advise all KeePass users to keep an eye out and to update to KeePass 2.54 or higher once it is available.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.


[ad_2]
Source link

OnePlus Nord 3 5G specs surface, along with real-life images

andreasc
-
0
OnePlus Nord 3 5G specs surface, along with real-life images
[ad_1]

The OnePlus Nord 3 5G is coming, and its specs and real-life images have just surfaced. These have been shared by a tipster from China, who shared the info via Twitter.

You can check out the phone’s design via the gallery below. As you can see, it will utilize a flat display, with a centered display camera hole. Two camera islands will be located on the back, in the top-left corner.

The OnePlus Nord 3 5G specs and images have appeared online ahead of launch

This will essentially be a rebranded version of the OnePlus Ace 2V, which got announced back in March, in China. It will utilize the same design, and quite probably the same set of specs too.

The tipster claims that the phone’s codename is ‘Vitamin’, and that there are two model numbers coming ‘CPH2493’ and ‘CPH2491’. These two variants are meant to be sold in Europe and India.

The live shots you can see in the gallery below actually show the European variant of the phone. The device will feature a 6.74-inch 2772 x 1240 AMOLED display. That will be a 120Hz display, by the way.

It will basically include the same specs as the OnePlus Ace 2V, but different software

The MediaTek Dimensity 9000 processor will fuel this smartphone, while the device will include 16GB of RAM. The tipster also mentioned 256GB of internal storage.

A 50-megapixel main camera will sit on the back of this smartphone. It will be backed by an 8-megapixel unit, and a 2-megapixel camera. Android 13 will come pre-installed on the device, along with OxygenOS 13.

A 5,000mAh is expected to power the phone, while the OnePlus Nord 2 will support 80W wired charging. Wireless charging probably won’t be a part of the package.

The OnePlus Nord 2 is expected to launch either at the end of June, or in July.


[ad_2]
Source link

5 best Android phones for gaming in 2023

andreasc
-
0
5 best Android phones for gaming in 2023
[ad_1]

For high-powered gaming, you need to have an Android phone that’s top of the line with serious internals. Most phones can handle casual games, for sure – but if you want to get into the more graphically-demanding ones, you need a piece of tech with some extra characteristics, lots of RAM and one of those high refresh rate displays, for example.

Believe it or not, but gaming on your mobile just gets way better with these top-notch Androids. If you’re looking for a powerhouse to run the latest games smoothly, check out our list of five must-have Android phones for gamers in 2023.

Nubia Redmagic 7S Pro

Not everyone has the luxury of spending a hefty amount of dough on a smartphone, especially for something like gaming, which usually requires some pretty powerful specs. Sure, you can get away with games like crypto casino or Subway Surfers. But if you’re looking to get your gaming fix with something more demanding – like Questland or COD – then you’ll need one of the top Android phones for gamers out there.

So, if you are looking for something that won’t break the bank but still offers bang-for-your-buck performance, enter the Red Magic 7S Pro. It is a real winner, significantly cheaper than the flagships listed here with impressive results to match.

Pros

  • Exceptionally smooth and notch-less display + 120Hz AMOLED panel
  • Robust cooling system best for intense gaming sessions
  • Fast Snapdragon 8 Gen 2 processor
  • Equipped with ample RAM for multitasking capabilities
  • The addition of the Red Core 2 co-processor
  • Built-in trigger buttons for extra precision

Cons

  • Design may not appeal to everyone’s taste
  • Front camera leaves much to be desired in terms of quality
  • Lacks an IP rating for water and dust resistance

ASUS ROG Phone 6

When it comes to the Asus ROG 6, it may not be a superstar in the phone game – its cameras are underwhelming and software updates won’t always keep you up-to-date. But for a gaming device, it’s pretty on-point delivering top specs: an impressive chip, generous RAM and all-round reliable battery power. The real selling point here is the screen – no teardrop notches, pinholes or hole punch cutouts will impede your gaming experience.

Woman smartphone image 8394834983

Luckily, Asus is no stranger to gaming and they’ve really gone all out with their tailored software. Gamers will love the performance widget on their screens, complete control over their frame rates, ensuring a seamless gaming experience.

Pros

  • Truly remarkable AMOLED display on this device
  • An impressive 165Hz refresh rate and support of HDR10+
  • Snapdragon 8+ Gen 1 chipset and up to 18GB of RAM
  • A massive 6,000mAh battery designed for extended usage
  • IPX4 splash resistance rating for protection against water splashes

Cons

  • IP rating falls short of expectations (water and dust resistance)
  • No option for expandable storage
  • Absent wireless charging functionality
  • More challenging to grip and hold securely

Xiaomi Black Shark 5 Pro

Black Shark 5 Pro from Xiaomi has made a real splash in the gaming world. Packing a powerhouse Snapdragon 8th Gen chip, between 8-16GB RAM and 128-356GB storage, you know you will get your money’s worth with this device. Its nine-layer extreme cooling system keeps your phone running as smooth as butter and its jaw-dropping 720Hz touch response rate will make sure gaming is seamless.

The 6.67-inch AMOLED display with 144Hz refresh rate impresses, while the customizable RGB light adds style. To top everything up, fast charging with Xiaomi’s 120W HyperCharge technology keeps you gaming longer. Overall, the Black Shark 5 Pro offers an affordable yet powerful option for mobile gamers seeking a competitive edge.

Pros

  • Stunning 144Hz AMOLED display + RGB lighting on the back
  • An enhanced cooling system for during sessions
  • Robust internals for a seamless playing experience
  • The inclusion of a 120W fast charging brick in the box
  • Presence of outstanding speakers

Cons

  • Somewhat loaded with excessive bloatware
  • Lacks a headphone jack
  • No waterproofing or wireless charging capabilities

Samsung Galaxy S23 Ultra

Samsung’s Galaxy S23 Ultra is the must-have flagship phone this year. While it does come with a substantial price tag, starting at $1,200, its stellar OLED screen and smooth high-frame rate plus a jaw-dropping Snapdragon 8 Gen 2 chipset powering it all.

Train smartphone image 8398349834

These components give the phone serious gaming cred, ensuring it easily powers through any Android game and shows off awe striking visuals. Boasting outstanding performance, this smartphone will have you immersed in high-quality graphics so much that it’ll feel like the very essence of a typical gaming experience.

Pros

  • QHD+ display + a refresh rate of 120Hz
  • Capable internals of providing a smooth gameplay
  • S Pen functionality for an extra layer of versatility
  • IP68 rating for water and dust resistance
  • Fantastic haptics on this device to top everything up
  • Exceptional cameras and battery life alike

Cons

  • Challenging to operate with just one hand
  • Lacks a headphone jack and a microSD card slot

OnePlus Nord 2T

The performance of the OnePlus Nord 2T is very good, mainly thanks to the Oxygen OS system, which is still very well optimized (despite getting closer every time more to Color OS).

The photographic section remains the same as in the Nord 2, with sharp photos and almost perfect balances. Like the video recordings, which give very good results, with an optical stabilization superior to that seen in other similar mobiles. The only thing we can mention is that you cannot record in 4K at 60 FPS with the rear camera, nor in 4K with the selfie camera, something that you could with the Nord.

Pros

  • Oxygen OS system for producing strong performance
  • The inclusion of a 80W fast charging brick in the box
  • Competitive pricing
  • Video recordings for superior optical stabilization
  • Robust internals for a seamless playing experience

Cons

  • Lacks 4K recording at 60 FPS
  • Absence of features like waterproofing or wireless charging

[ad_2]
Source link

Critical Cisco Switch Vulnerabilities Allow Remote Exploitation

andreasc
-
0
Critical Cisco Switch Vulnerabilities Allow Remote Exploitation
[ad_1]
Cisco Switch Vulnerabilities

The web-based user interface of some Cisco Small Business Series Switches contains multiple vulnerabilities, according to a warning from Cisco.

Cisco lists four critical remote code execution flaws with public exploit code. With CVSS base scores of 9.8/10, all four security issues obtained the highest severity ratings possible.

On compromised devices, successful exploitation enables unauthenticated attackers to run arbitrary code with root access.

“Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device”, Cisco.

The flaws tracked as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 are due to improper validation of requests made to the targeted switches’ web interfaces.

Particularly, the web-based user interface might be used by an attacker to send a specially crafted request and take advantage of this vulnerability.

“The vulnerabilities are not dependent on one another. The exploitation of one of the vulnerabilities is not required to exploit another vulnerability,” Cisco.

“In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.”

Vulnerable Products

The following Cisco Small Business Switches are affected:

  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches
  • Business 250 Series Smart Switches
  • Business 350 Series Managed Switches
  • Small Business 200 Series Smart Switches
  • Small Business 300 Series Managed Switches
  • Small Business 500 Series Stackable Managed Switches

The following Cisco products are not impacted by these vulnerabilities:

  • 220 Series Smart Switches
  • Business 220 Series Smart Switches

Fixed Software Release

250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, and 550X Series Stackable Managed Switches

Business 250 Series Smart Switches and Business 350 Series Managed Switches

Cisco claims that because the 200, 300, and 500 Series Small Business Switches have already begun the end-of-life process, the software for these devices won’t be patched.

A proof-of-concept attack code is available for these security issues, according to the Cisco Product Security Incident Response Team (PSIRT), which might result in active exploitation if motivated threat actors develop their own.

EHA

Cisco advised customers to update to the relevant patched software release as noted.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus


[ad_2]
Source link
1...1,2351,2361,237...1,467Page 1,236 of 1,467