iPhone 16 Pro & Pro Max display sizes have been revealed

andreasc
-
0
iPhone 16 Pro & Pro Max display sizes have been revealed
[ad_1]

The iPhone 15 series is not official yet, and we’re already getting information regarding the iPhone 16. Ross Young, a well-known display analyst, just revealed the display sizes of the iPhone 16 Pro and Pro Max handsets.

Display sizes of Apple’s iPhone 16 Pro & Pro Max models have been revealed early

He shared, via Twitter, that the official display sizes will be 6.3 and 6.9 inches, respectively. That’s, at least, what Apple will market them at. In fact, they’ll be between 6.2 and 6.3 inches in size on the ‘Pro’, and between 6.8 and 6.9 inches in size on the ‘Pro Max’.

Ross Young promised to reveal the second decimals of both displays in about two weeks. That’s when we’ll know the exact sizes, but for all intents and purposes, these are 6.3 and 6.9-inch displays. So they’ll be bigger than what we’re used to.

That’s not all, though. The source also revealed that the aspect ratios of both displays will “increase slightly”. The iPhone 14 Pro and Pro Max displays have an aspect ratio of 19.5:9. The iPhone 15 series will likely stay in the same lane. What does that mean for the iPhone 16 Pro series? Well, we’ll likely get 20:9 displays.

These two devices will also be the first to rock solid-state buttons

The iPhone 16 Pro and Pro Max models are also expected to include solid-state buttons. Such buttons were expected on the iPhone 15 Pro series, but based on the latest reports, that won’t be happening.

Apple wanted more time to implement them properly. The costs of implementing them in the iPhone 15 Pro series were, allegedly, too high, and the software side of things was also an issue at the time. So Apple decided to push them back to the iPhone 16 Pro series.

That’s pretty much everything we know about the iPhone 16 Pro series, which is understandable. We’re still four months away from the iPhone 15 and 15 Pro series launch event, so… the iPhone 16 phones are not exactly in focus now.


[ad_2]
Source link

Big changes are coming to Twitter including encrypted DMs, in-platform video and voice calls

andreasc
-
0
Big changes are coming to Twitter including encrypted DMs, in-platform video and voice calls
[ad_1]
Elon Musk has absorbed plenty of criticism over the chaos and confusion that has reigned over Twitter since he purchased the platform last October. But now he is looking to clean up the mess he has made and improve the site. Earlier today we told you that Musk said that he will purge inactive accounts. But the blockbuster news came later Tuesday when Musk tweeted that encrypted DMs will debut tomorrow, May 10th. He writes, “This will grow in sophistication rapidly. The acid test is that I could not see your DMs even if there was a gun to my head.”
Musk also says that in the current version of the Twitter app, users can send a DM reply to any message in the thread, not just the most recent message. And any emoji reaction can be used. Even more exciting, Twitter subscribers will soon be able to make voice and video calls using their Twitter handle to anyone on the platform. Since you’re making these calls using your Twitter handle, Musk noted that “you can talk to people anywhere in the world without giving them your phone number.”
Twitter Spaces currently allows users to chat by voice using an audio stream. But those calls are public and are available for group chats. But the new voice and video call capabilities are meant for private conversations between Twitter subscribers.
Elon Musk reveals some interesting new information for Twitter users - Big changes are coming to Twitter including encrypted DMs, in-platform video and voice calls

Elon Musk reveals some interesting new information for Twitter users

But encrypting DMs and allowing users to make video and voice calls using their Twitter handles could just be the start of adding new features to the platform that will reverse the decline in Twitter’s valuation. Musk recently discussed increasing the character cap on tweets to 10,000 and spoke about adding some “simple formatting tools.” At last, Musk seems ready to focus on making the changes to Twitter that are needed to improve the user experience first before growing the bottom line.


[ad_2]
Source link

Brightline breach hits at least 964,000 people, US records show

andreasc
-
0
Brightline breach hits at least 964,000 people, US records show
[ad_1]

Following the Cl0p ransomware gang’s attacks that leveraged Fortra’s GoAnywhereMFT software tool, behavioral health provider Brightline informed customers about a data breach related to the attacks.

A pediatric behavioral health startup called Brightline informed its customers that their protected health data may have been stolen as part of a separate ransomware attack on a Brightline third-party service provider. 

“Based on the investigation, we identified a limited amount of protected health information/personal information in the files that the unauthorized party acquired, potentially including some combination of the following data elements: individuals’ names, addresses, dates of birth, member identification numbers, date of health plan coverage, and/or employer names,” wrote Brightline in its public notice online.

Though Brightline did not disclose the number of affected customers, recently updated records with the US Department of Health and Humans Services Office of Civil Rights showed that at least 964,301 people were impacted. 

The third-party service provider at the heart of the data breach is Fortra, which was recently targeted by the Cl0p ransomware gang in a string of attacks that leveraged an undisclosed vulnerability in the file transfer software called GoAnywhereMFT, which Fortra develops and which is used by businesses worldwide. Malwarebytes Labs reported on the vulnerability in February, urging users to deploy a patch

GoAnywhere MFT, which stands for managed file transfer, allows businesses to manage and exchange files in a secure and compliant way. According to its website, it caters to more than 3,000 organizations, predominantly ones with over 10,000 employees and 1B USD in revenue.

Brightline was just one of the many victims on the list that Cl0p made using the same vulnerability. The day after the release of the GoAnywhere patch, the Clop ransomware gang contacted BleepingComputer and said they had used the flaw over ten days to steal data from 130 companies.

For many organizations, Brightline offers virtual behavioral and mental health services for the children of benefits-eligible employees. In this light, Brightline has published a list of covered entities impacted by the breach.

Interestingly, the 964,000 number released by the US government may not be complete. 

According to the online resource Databreaches.net, by the end of May 3, 2023, the subtotal number of Brightline patients affected by the GoAnywhere incident stood at 1,081,716.

Another remarkable fact Databreaches.net disclosed is that the listing for Brightline on Cl0p’s leak site has disappeared. This is usually an indicator that the victim has paid, but there might be something else going on in this case, since Brightline has been exemplary at providing public information and details about the breach.

Data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

According to the information provided by Brightline, no Social Security numbers or financial accounts were stolen, nor did the stolen files contain anything related to medical services, conditions, diagnoses, or claims for the plan participant or their dependent.

If you are affected by this data security incident, you should have received or will receive a letter (or letters, if you have dependents) from Brightline. Each letter will have a unique code for the member and/or dependent to register for free identity theft and credit monitoring. Brightline will also have a call center available to answer questions. More information, including frequently asked questions, is available on Brightline’s website.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

The Best MicroSD Cards For The Steam Deck

andreasc
-
0
The Best MicroSD Cards For The Steam Deck
[ad_1]

The Steam Deck so far has proven to be a wonderful little machine for playing games, but one thing you’ll want is at least one microSD card for storage, and we thought we’d round up the best ones to consider.

Now, if you ended up with the 512GB version of the Steam Deck you may have just enough storage for games you plan to play. 512GB isn’t a lot of storage especially for how big games are these days, but if you’re the type to juggle your installs when you need to make room for something, then it might suffice.

If you’re like us and don’t want to deal with that kind of hassle, then a microSD card for the Steam Deck is definitely the way to go. It’s easier than replacing the internal SSD and if you aren’t sure how to do it, then chances are you might have to pay to have someone do it for you. Making the microSD option cheaper as well.

In short, for the majority of users, a microSD card is going to be the best way to get more game storage on the Steam Deck. But, which ones should you be looking at? You shouldn’t just use any old microSD card. You can, but you shouldn’t, as you want one with optimal speeds for loading games. So here’s our list of the best microSD cards for the Steam Deck that will meet those standards.

The Best microSD cards for the Steam Deck

microSD card Cost Where To Buy
SanDisk Extreme Pro microSDXC UHS-I (128GB – 1TB) From $21 Amazon
PNY XLR8 Gaming Class microSDXC UHS-I (128GB – 512GB) From $14.99 Amazon
Samsung Evo Select microSDXc UHS-I (512GB) From $123 Amazon
Lexar microSDXC UHS-I 512GB $49.99 Amazon
SanDisk Extreme microSDXC UHS-I 1TB From $164.99 Amazon, B&H, Newegg
Lexar Play microSDXC UHS-I (256GGB – 1TB) From $29.99 Amazon, B&H, Newegg, Adorama, Buydig
Lexar Professional 1066x microSDXC UHS-I 512GB $94.61 Amazon
Samsung Evo Plus microSDXC UHS-I 512GB $81.68 Amazon, B&H, Newegg

SanDisk Extreme Pro microSDXC UHS-I (128GB – 1TB)

SanDisk Extreme Pro

  • Price: From $21
  • Where To Buy: Amazon

Kicking things off we’re suggesting the SanDisk Extreme Pro card for a few reasons. For starters, it comes from Western Digital’s SanDisk brand which has been around forever and is a trusted name in storage products. For another, the Extreme Pro is one of its newer cards and comes in a variety of sizes. Though we wouldn’t suggest anything under a 128GB and for our own purposes, we’d probably go higher than that. Because as noted above, many AAA games these days are insanely large.

More importantly though, this card in particular will give you fast read and write speeds. Which is going to help with load times. In general you want to be looking at something that offers a read/write speed of around 100MB/s. This card has a read speed of up to 170MB/s and a write speed of up to 90MB/s. So it fits right in with you should be looking for.

The only downside to this card is that the 1TB and even the 512GB are a little expensive. That being said, there are other options on this list that cost less and will give you the same amount of storage. For us though, this has performed really well during our testing so far.

PNY XLR8 Gaming Class microSDXC UHS-I (128GB – 512GB)

PNY XLR8 Gaming

  • Price: From $14.99
  • Where To Buy: Amazon

This is actually the first card we started using with the Steam Deck and like the SanDisk Extreme Pro, it has fast read and write speeds. It also comes in up to 512GB in size. We have the 512GB model in our Steam Deck, and it’s been a real boon for allowing us to install more games.

Since we went with the 256GB version of the Steam Deck, storage began to fill up fast with games like Elden Ring and Final Fantasy XIV. So a larger size card was definitely needed. PNY also designed this card specifically to be used for gaming in devices like the Nintendo Switch, mobile devices, and the Steam Deck. That doesn’t mean it can only be used for those devices. But it does help that PNY had portable gaming in mind when making this product.

As for read and write speeds, you’re looking at up to 100MB/s for read and up to 90MB/s for write. Putting it mostly on par with the card above. And easily making this one of the best microSD cards for the Steam Deck.

PNY XLR8 Gaming 128GB – 512GB

Samsung Evo Select microSDXc UHS-I (256Gb & 512GB)

Samsung Evo Select

  • Price: From $123
  • Where To Buy: Amazon

Samsung is another trusted brand in memory and storage so naturally we’d suggest the Evo Select card as an option. It has the same read and write speeds as the PNY XLR8 Gaming class card, but you’re looking at over twice the price for it right now on Amazon. Normally it retails for $69.99 which is only $10 more than the 512GB PNY card above.

But all of the 512GB models seem to be from third-party resellers. Unfortunately, Samsung’s website is out of stock on this one so Amazon is probably your best bet if you want this particular card. We would suggest the PNY though since you’ll spend less.

That being said, you can also pick up the Evo Select in a 256GB for $29.99 which is pretty affordable.

Samsung Evo Select 256GB & 512GB

Lexar microSDXC UHS-I 512GB

Lexar microSDXC 512GB

  • Price: $49.99
  • Where To Buy: Amazon

Another good option is this Lexar card which comes in 128GB, 256GB, and 512GB storage sizes. It’s also a high-speed card with read speeds of up to 100MB/s. The one downside is that the write speeds are a bit slower at up to 30MB/s. So in comparison to any of the other cards so far, it loses out there.

However, this might not make that much of a difference to you. And if that’s the case you can’t go wrong here. We still think the PNY is a better value though with higher write speeds and the same amount of storage for a lower price.

Nevertheless, this is still one of the best microSD cards for the Steam Deck.

Lexar microSDXC 512GB

SanDisk Extreme microSDXC UHS-I 1TB

SanDisk Extreme

If you really prefer a SanDisk card but don’t want to pay as much, then you might want to consider the SanDisk Extreme as opposed to the Extreme Pro. You can pick up this model of microSD card in a 1TB storage size for $167.71 on Amazon at the time of writing. Which is a fraction of the $399.99 price of the Pro model at 1TB.

As for read and write speeds, you’re looking at up to 160MB/s for read and up to 90MB/s for write. So really, you’re not losing much by not getting the Extreme Pro, and you still get a SanDisk card with 1TB of storage for all those games.

SanDisk Extreme 1TB

Lexar Play microSDXC UHS-I (256GGB – 1TB)

Lexar Play

Another one of the best cards is the Lexar Play card, which can come in up to 1TB and has read speeds up to 150MB/s. And, the 1TB model only costs $133.99 at the time of writing so this is a pretty good deal compared to other 1TB cards on this list. This was also designed with gaming in mind and works great in devices like the Nintendo Switch. So naturally it’ll be a great option for the Steam Deck too.

If you don’t need a whole lot of extra space, a 128GB version of this card is only $16.99. Not bad, not bad at all.

Lexar Play 256GB – 1TB

Lexar Professional 1066x microSDXC UHS-I 512GB

Lexar Professional 1066x

  • Price: $94.61
  • Where To Buy: Amazon

One last option from Lexar is the Professional 1066x card. This comes in up to 512GB in size and for under $100 you get a pretty decent card with some fast read and write speeds. Specifically, read speeds are up to 160MB/s and write speeds are up to 120MB/s.

It’s not the cheapest 512GB model card on this list but it definitely has faster write speeds than any other option on it. So make of that what you will.

Lexar Professional 1066x 512GB

Samsung Evo Plus microSDXC UHS-I 512GB

Samsung Evo Plus

Rounding out this list is the Samsung Evo Plus in a 512GB model card. It’s available at a slightly cheaper price than the Lexar card above and it comes from Samsung so it’s a well-known brand. Read and write speeds aren’t as fast as some of the other options though.

Value-wise, we’d lean towards one of the earlier options, but this is still one of the best microSD cards for the Steam Deck and it isn’t too expensive. Again though, the 512GB card from PNY is the cheapest 512GB option available that’s in this list. And for the combination of read and write speeds and price, plus it being a card that was designed for portable gaming devices, we think it’s a better option.

That being said, all the cards listed should work great for the Steam Deck. So it really comes down to what you want.

Samsung Evo Plus 512GB


[ad_2]
Source link

Periscope camera will be exclusive to the iPhone 15 Pro Max

andreasc
-
0
Periscope camera will be exclusive to the iPhone 15 Pro Max
[ad_1]

Yet another source has confirmed that a periscope camera will be exclusive to the iPhone 15 Pro Max model. In other words, the iPhone 15 Pro will not feature it, and neither will any other iPhone 15 handset.

Apple will use a periscope camera exclusively on the iPhone 15 Pro Max model

This info comes from Unknown21 also known as @URedditor, a tipster. He says that he “received independent confirmation” for this information. He doesn’t have any additional details, but he’s certain this will be the case.

Now, some of you probably know that this rumor has been going around for quite some time now. Considering the level of confidence Unknown21 showed here, we do consider this to be a shoo-in.

The rumors started back in January-February, when a report stated that only the ‘Pro Max’ model will get a periscope camera. That info came from Ming-Chi Kuo, a well-known Apple analyst. In March, he changed the story, as he seemingly suggested the iPhone 15 Pro will also get it. Then, last month, Ice Universe said that only the ‘Pro Max’ is getting it, once again reversing the story.

Nothing is set in stone just yet, but this info seems to be accurate

Nothing is set in stone just yet, of course. This is still a rumor, albeit seemingly a reliable one. Apple tends to offer the same camera hardware on both its ‘Pro’ models, so this comes as a surprise. The iPhone 15 Pro Max will not only be larger and have a larger battery, it will also have an advantage in the camera department.

The iPhone 15 Pro and Pro Max will launch in September, alongside the iPhone 15 and iPhone 15 Plus. The two phones were tipped to include solid-state buttons, but that won’t be happening, it seems. Apple decided to push back that feature to the iPhone 16 Pro series.

All four iPhone 15 models will include a Type-C port at the bottom, and also a Dynamic Island cutout at the top of the display. The bezels on the iPhone 15 Pro and Pro Max will be considerably thinner compared to current-gen devices. In fact, they’ll allegedly be the thinnest on the market.


[ad_2]
Source link

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

andreasc
-
0
Ransomware attack on MSI led to compromised Intel Boot Guard private keys
[ad_1]

The leaked data after the ransomware attack on MSI includes private keys which could be used to bypass Intel Boot Guard

On April 7, 2023 MSI (Micro-Star International) released a statement confirming a cyberattack on part of its information systems. While the statement does not reveal a lot of tangible information, this snippet is important:

“MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.”

As we mentioned in our May ransomware review, Taiwanese PC parts maker MSI fell victim to ransomware gang Money Message. Money Message is a new ransomware which targets both Windows and Linux systems. In April, criminals used Money Message to hit at least 10 victims, mostly in the US, and from various industries, including MSI.

The Money Message gang claimed to have stolen 1.5TB of data during the attack, including firmware, source code, and databases.

Money Message leak site showing countdown for MSI

Image courtesy of BleepingComputer

When the $4 million ransom demand was not met, Money Message began leaking the MSI data on its data leak site.

According to BleepingComputer, a Money Message operator said in a chat with an MSI agent:

“Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios.”

Researchers are now starting to unravel the significance of the stolen data.

tweets by researchers

The leaked data includes private keys, some of which appear to be Intel Boot Guard keys. Having the signing keys potentially allows an attacker to create fake firmware updates that would bypass Intel Boot Guard. Intel Boot Guard is a hardware-based technology intended to protect personal computers against executing fake UEFI (Unified Extensible Firmware Interface) firmware.

A bypass could provide an attacker with full access to a system, access secure data or use it for any number of malicious purposes. Boot Guard is a key element of hardware-based boot integrity that meets the Microsoft Windows requirements for UEFI Secure Boot. Secure Boot is an option in UEFI that allows you to make sure that your PC boots using only software that is trusted by the PC manufacturer.

Binarly compiled a list of 57 MSI PC systems which have had firmware keys leaked, and 166 systems which have had Intel Boot Guard BPM/KM keys leaked. Among them are household names like Lenovo and HP.

Update from vendor websites

Although no attacks of this kind have been found in the wild and Binarly, after a lengthy and detailed analysis, states that “the leaked Boot Guard keys are intended for debug building lines and most likely we will never see such devices in the wild,” the advice to obtain firmware/BIOS updates only from official vendor’s websites is solid.

Also watch out for phishing emails claiming that you need new firmware for whatever reason. They are likely from sources that are trying to trick you into installing malware. As a PC user there is not much you can do about this incident, but be prudent. We will keep you posted here in case there are any developments or more news becomes available.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Users complain about Pixel 7 Pro volume buttons falling apart

andreasc
-
0
Users complain about Pixel 7 Pro volume buttons falling apart
[ad_1]

The Google Pixel 7 Pro is one of the year’s most anticipated smartphones. It has been praised for its sleek design, high-quality camera, and powerful processor. However, some users have reported a problem with the volume buttons falling apart.

The issue seems to be affecting a few users, but it is still a cause for concern. According to Android Central, the volume buttons on the Pixel 7 Pro are not holding up well over time. Users on Reddit and Google Support page have also reported that the buttons have become loose or have fallen off completely.

Users that utilize their device’s volume buttons to regulate the sound will find this annoying. Changing the volume or turning off the sound entirely without working volume buttons can be challenging. Users were also concerned that the warranty might not cover the problem because some Google reps claim that the problem results from the “mishandling” of the phones.

Pixel 7 Pro volume buttons are falling off

It’s unclear what is causing the volume buttons to fall apart on the Pixel 7 Pro. Some speculate that it may be due to a manufacturing defect, while others believe it may be related to the device’s design.

Most complaints about Pixel 7 Pro buttons are submitted in the new year. Which shows users bought devices for Christmas, but they’re now dealing with loose buttons after just a few months.

A user wrote, “It’s been less than a week since I got my Pixel 7 Pro, and already the volume button has fallen off, and I’ve lost it! Where can I get a replacement from? I can’t find anywhere online.”

Google has acknowledged the problem and stated that the “team is aware of the issue.” However, this is not something you expect to see in a $900 smartphone, and Google certainly needs to address it in the upcoming Pixel 7 Pro devices.


[ad_2]
Source link

Privoro SafeCase for Galaxy S22 can remotely disable cameras/mics

andreasc
-
0
Privoro SafeCase for Galaxy S22 can remotely disable cameras/mics
[ad_1]

US-based tech company Privoro has launched a special protective case for the Samsung Galaxy S22. In addition to protecting the phone from cracks and breaks during falls, it offers hardware-level protection from spyware as well. Called SafeCase, it lets you remotely disable cameras, microphones, and all wireless connections to prevent attackers from spying on you.

The Privoro SafeCase is a unique protective cover for the Galaxy S22. It is a bulky case that makes the device a lot thicker and taller. The company has fitted it with a security system that protects the phone from dangerous security attacks. Along with remotely disabling cameras and microphones, you can also disconnect the cellular network, Wi-Fi, Bluetooth, and NFC to prevent or stop attacks.

This case has a hardware-to-hardware integration between its security system and the Galaxy S22’s Hardware Device Manager (HDM). The latter is an additional security layer on the Samsung smartphone that doesn’t rely on the operating system (OS). Unlike most other security features, HDM doesn’t fail even if the OS is compromised. It can bypass the OS to keep the hardware peripherals of the device safe.

Privoro is leveraging this hardware-level security to give users peace of mind. Its SafeCase for the Galaxy S22 doesn’t allow attackers to access the phone’s cameras, microphones, and other hardware peripherals even if they gain OS-level access to those device components. It can also stop “radio-specific location tracking with high certainty while still using other capabilities on their phone.”

The Privoro SafeCase draws power from the Galaxy S22

According to Privoro, the SafeCase communicates with the Galaxy S22’s HDM over Bluetooth Low Energy (BLE). It promises a secure Bluetooth connection in all scenarios. Even if the connection is compromised, the case can create a “secure tunnel” to keep everything safe (via). The case’s security system seemingly draws power from the phone. It has a USB Type-C connector at the bottom that plugs into the device’s charging port.

The security features offered by the Privoro SafeCase make it an ideal solution for government agencies and organizations more than individuals. The company will seemingly make this case available for more devices in the future. It says it is just “starting with the Galaxy S22”. Unfortunately, it hasn’t even shared the price and availability details of the case for the Galaxy S22. It’s also unclear if Privoro will offer the SafeCase for only the base Galaxy S22 model or the Galaxy S22+ and Galaxy S22 Ultra as well.

Samsung Galaxy S22 Privoro SafeCase 2


[ad_2]
Source link

Elon Musk says Twitter will start purging inactive accounts and follower counts will drop

andreasc
-
0
Elon Musk says Twitter will start purging inactive accounts and follower counts will drop
[ad_1]

Twitter has announced that it will soon begin purging inactive accounts on the platform. This move is part of Twitter’s efforts to free up usernames that have been taken up by inactive accounts.
The announcement was made by Twitter CEO, Elon Musk, via a tweet yesterday while also confirming that this action may cause a dip in follower count. However, the decision is sparking a conversation on whether this is a good idea or not. 
One of the main concerns is the question of what exactly constitutes “several years” as the requirement to have an old Twitter account deactivated. There are several accounts on Twitter that haven’t been active in a long time, however, they include tweets that have been shared extensively and removing the account would most likely cause broken links.
Although having an accurate count of how many real users follow you is important, some are concerned that this move will undoubtedly start a “land grab” for old and desirable usernames, such as those that are shorter in length or represent real names.
When challenged on the above issues, Musk responded by assuring that old accounts will indeed be archived, preserving old tweets. This solves one of the issues raised but there are still many details about this new policy that have not been shared yet or made public on Twitter’s inactive account policy help page.

Twitter’s inactive account purge is part of a larger effort by the company to streamline its platform and reduce the number of bots. That said, the timing for this new policy is also consistent with a Twitter executive allegedly reaching out to NRP to reportedly “threaten” with reassigning its handle now that the news organization stopped posting less than a month ago.

It remains to be seen how this will play out and we will hopefully be getting more details soon. I imagine there are plenty of users that have been waiting on the opportunity to grab a better handle, and this may just be the best time to do that.


[ad_2]
Source link

Fake system update drops Aurora stealer via Invalid Printer loader

andreasc
-
0
Fake system update drops Aurora stealer via Invalid Printer loader
[ad_1]

Not all system updates mean well, and some will even trick you into installing malware.

Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or via popular websites. Because browsers are more secure today than they were 5 or 10 years ago, the attacks that we are seeing all involve some form of social engineering.

A threat actor is using malicious ads to redirect users to what looks like a Windows security update. The scheme is very well designed as it relies on the web browser to display a full screen animation that very much resembles what you’d expect from Microsoft.

The fake security update is using a newly identified loader that at the time of the campaign was oblivious to malware sandboxes and bypassed practically all antivirus engines. We wrote a tool to ‘patch’ this loader and identified its actual payload as Aurora stealer. In this blog post, we detail our findings and how this campaign is connected to other attacks.

A convincing “system update”

Windows users are quite familiar with system updates, often interrupting hours of work or popping up in the middle of an intense game. When that happens, they just want to install whatever needs to be installed and get on with their day.

A threat actor is buying popunder ads targeting adult traffic and tricking victims with what appears to a system security update.

Figure 1: A fake system update hijacks the screen

As convincing as it looks, what you see above is actually a browser window that is rendered in full screen. This becomes more obvious when downloading the update file named ChromeUpdate.exe.

Figure 2: The ‘Chrome update’ downloaded from the web browser

Fully Undetectable (FUD) malware

While the file name appears as ChromeUpdate.exe, it uses the Cyrillic alphabet such that certain characters look similar but are different on disk. Its hex representation is %D0%A1hr%D0%BEm%D0%B5U%D1%80d%D0%B0t%D0%B5.exe as can be seen in the image below:

Figure 3: Hex encoding and Cyrillic alphabet

When we first ran the sample into a sandbox, we could not see anything obvious or that it was even malicious. The file would simply run and exit quickly. Over a couple of weeks, we collected nine different samples that looked more or less the same.

We also noticed that the threat actor was uploading each of his new builds to VirusTotal, a service owned by Google, to check if they were being detected by antivirus engines. The first user to submit each new sample always uploaded them from Turkey (country code TR) and in many instances the file name looked like it had come fresh from the compiler (i.e. build1_enc_s.exe).

Figure 4: User submissions to VirusTotal

While VirusTotal is no replacement for a full endpoint security product, with its 70 AV engines it is usually a good indicator to quickly check if a file is malicious or not. For more than 2 weeks, the samples had 0 detection on VT and it wasn’t until a blog post by Morphisec that detections started to appear. This new loader is called Invalid Printer and so far appears to have been used exclusively by this threat actor to bypass security products.

Figure 5: VirusTotal detections coincide with blog release

We actually stumbled upon Morphisec’s blog thanks to Threatray which identified similarities with a file we submitted to their sandbox. The service’s built-in OSINT identified similar samples and linked them with security articles. 

Figure 6: Threatray analysis page

Patching the loader

Invalid Printer performs a check on the computer’s graphic card and specifically its vendor ID which it compares against known manufacturers such as AMD, NVidia. Virtual machines and sandboxes in general do not use real hardware and will fail to pass the check.

We were able to patch the samples we had collected and identify their payload. The patch consists of replacing the graphics card check with a random number and always returning true, therefore allowing the file to run in any sandbox.

Figure 7: Python script to patch loader

The automated malware unpacking service from OpenAnalysis UnpacMe now supports properly unpacking samples using the Invalid Printer loader. It allowed us to determine what malware family is being distributed as well as indicators of compromise. For example, one of our samples (31c425510fe7f353002b7eb9d101408dde0065b160b089095a2178d1904f3434) has the same command and control server (94.142.138[.]218) as one mentioned in Morphisec’s blog.

Figure 8: UnpacMe results page

In this specific malvertising campaign, the payload used was the Aurora Stealer, a popular piece of malware that is designed to harvest credentials from systems.

Campaign stats

The threat actor is using a panel to track high level stats about visitors to the fake system update web page. Based on the numbers from this panel, there were 27,146 potential unique victims and 585 of them downloaded the malware during the past 49 days.

Figure 9: Panel showing browser visits and downloads

Figure 10: Browser user-agents, IP addresses and geolocation

War and Russia references

We believe there is a single threat actor behind this malvertising campaign and others such as the one Morphisec uncovered. The malware author seems to take a very high interest in creating FUD malware and constantly uploads it to VirusTotal to verify, always using the same submitter profile.

We couldn’t help but notice a possible reference to the war in Ukraine left within the fake Chrome Update page and commented out:

Figure 11: Commented HTML code

Some of the websites belonging to this threat actor were not loading malware but instead had a single YouTube video promoting the cities and landscapes of Russia:

Figure 12: YouTube video about Russia in 12K HDR 

Additionally, we found some connections with tech support scams and even an Amadey panel that also appears to belong to the threat actor.

Protection

Malwarebytes already protected users from this malvertising campaign by blocking the malicious ads involved. We detect the payloads as Spyware.Aurora.

Special thanks to Roberto Santos for help with the sample and binary patching.

Indicators of Compromise

Malvertising gate

qqtube[.]ru
194.58.112[.]173

Fake system update page

activessd[.]ru
chistauyavoda[.]ru
xxxxxxxxxxxxxxx[.]ru
activehdd[.]ru
oled8kultra[.]ru
xhamster-18[.]ru
oled8kultra[.]site
activessd6[.]ru
activedebian[.]ru
shluhapizdec[.]ru
04042023[.]ru
clickaineasdfer[.]ru
moskovpizda[.]ru
pochelvpizdy[.]ru
evatds[.]ru
click7adilla[.]ru
grhfgetraeg6yrt[.]site
92.53.96[.]119

Invalid Printer samples

d29f4ffcc9e2164800dcf5605668bdd4298bcd6e75b58bed9c42196b4225d590
5a07e02aec263f0c3e3a958f2b3c3d65a55240e5da30bbe77c60dba49d953b2c
193cec31ea298103fe55164ff6270a2adf70248b3a4d05127414d6981f72cef4
dac1bd40799564288bf55874543196c4ef6265d89e3228864be4d475258b9062
40b8acc3560ac0e1825755b3b05ef01c46bdbd184f35a15d0dc84ab44fa99061
31c425510fe7f353002b7eb9d101408dde0065b160b089095a2178d1904f3434
398faa3aab8cce7a12e3e3f698bc29514c5b10a4369cc386421913e31f95cfdc
93b9199ca9e1ee0afbe7cf6acccedd39f37f2dd603a3b1ea05084ab29ff79df7
4c80bd604ae430864c507d723c6a8c66f4f5e9ba246983c833870d05219bd3e5

Aurora Stealer C2

103.195.103[.]54:443
94.142.138[.]218:4561

Amadey Stealer panel

193.233.20[.]29/games/category/Login.php

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link
1...1,2401,2411,242...1,452Page 1,241 of 1,452