QBot has resurfaced with a new tactic involving a reply-chain phishing email, a fake PDF, and the likely promise of a ransomware infection.
QBot, an infostealer-turned-dropper that aids criminal gangs in their malicious campaigns, is now being distributed as part of a phishing campaign using PDFs and Windows Script Files (WSF), according to recent discoveries by malware hunter Proxylife (@pr0xylife) and the Cryptolaemus group (@Cryptolaemus1).
The last time QBot (aka QakBot) had its modus operandi changed was in November. Campaign operators adopted tactics from Magniber’s playbook to successfully exploit a Mark of the Web (MotW) zero-day flaw to run a JavaScript (JS) that executed QBot.
The latest QBot phishing campaign is illustrated simply in the diagram below:
The QBot campaign illustrated (Source: Jerome Segura | Malwarebytes Labs)
The attack starts with a reply-chain phishing email, when threat actors reply to a chain of emails with a malicious link or attachment. BleepingComputer has noted that these phishing emails use a variety of languages. This means the language barrier is absent in such an attack, so any business from any part of the world could be affected.
A sample reply-chain phishing email in French, carrying a PDF attachment disguised as a cancellation letter. (Source: BleepingComputer)
Once someone in the email chain opens the attached PDF, they see a message saying, “This document contains protected files, to display them, click on the ‘open’ button.” Clicking the button downloads a ZIP file containing the WSF script.
The heavily obfuscated script contains a mix of JS and VBScript code that, when run, triggers a PowerShell that then downloads the QBot DLL from a list of hardcoded URLs. This script tries each URL until a file is downloaded to the Windows Temp folder (%TEMP%) and executed.
Once QBot runs, it issues a PING command to check for an internet connection. It then injects itself into wermgr.exe, a legitimate Windows Error Manager program, to run quietly in the background.
Because QBot is said to be used by operators of ransomware-as-a-service (RaaS) offerings, its presence in company systems could be disastrous. Therefore, any organization must take its QBot-infected systems offline as soon as possible and thoroughly scan and review network logs for unusual behavior.
The DFIR Report in February 2022 showed QBot collecting data from a compromised system 30 minutes after infecting it. Within an hour, QBot can be spread to adjacent systems.
Malwarebytes detects the malicious DLL (QBot).
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The Xiaomi 13 Pro launched earlier this year, and back then, we did not know that the ‘Ultra’ model is coming. The Xiaomi 13 Pro had almost all the bells and whistles you could think of, so the ‘Ultra’ model seemed redundant. Well, Xiaomi opted to announce the ‘Ultra’ model after all, and it found a way to make it even more powerful than the ‘Pro’ iteration. That goes for its cameras, more than anything else, but that’s not the only improvement here. In this article, we’ll compare the Xiaomi 13 Ultra vs Xiaomi 13 Pro, to see what’s what.
I’ve reviewed the Xiaomi 13 Pro back in February, and am currently in the process of doing the same with the ‘Ultra’ model. Do note that the ‘Ultra’ still didn’t launch globally, so I’m using the variant made for China. The global model is coming, though, the company already confirmed that. There’s a lot to talk about here, so, let’s get started. We’ll first compare their specs, and will then move to a number of other categories.
It’s difficult to differentiate between the two phones when you look at them from the front, but flipping them over reveals major differences. Having said that, let’s start with the front. Both phones have curved displays, and a centered display camera hole. The bezels around the display are thin on both, but not uniform. The physical buttons sit on the right side, and they’re basically in the same place.
Now, on the back, there are a ton of differences. First and foremost, the Xiaomi 13 Ultra is made out of metal and vegan leather, while the Xiaomi 13 Pro combines metal and ceramic outside of China, while there is a variant with a vegan leather backplate in China. Still, their backs are entirely different. There is a huge camera oreo on the back of the Xiaomi 13 Ultra, while the ‘Pro’ model has a rectangular camera island. They’re also in different places, as you can see.
The Xiaomi 13 Ultra is thicker in the upper portion of its back, that’s also where its backplate is raised a bit, so that the camera doesn’t protrude too much. That’s not a bad solution by Xiaomi, not at all. The Xiaomi 13 Ultra is considerably more grippy than the Xiaomi 13 Pro, not only because of its backplate but because of its flattish sides. The Xiaomi 13 Pro’s sides are anything but flat, so… there you have it. The ceramic model we reviewed is also truly slippery. They do feel entirely different in the hand.
They’re almost the same height, and identical in terms of width. The Xiaomi 13 Ultra is a bit thicker than the Xiaomi 13 Pro. It weighs 2 grams less than the ceramic Xiaomi 13 Pro (global model), and it’s heavier than the vegan leather Xiaomi 13 Pro variant that is exclusive to China. Both phones do look and feel premium, albeit feel entirely different to handle.
Xiaomi 13 Ultra vs Xiaomi 13 Pro: Display
At first glance, it may seem like these two phones have the same display. Well, that’s not exactly the case, even though they’re very similar in many ways. They both include a 6.73-inch QHD+ (3200 x 1440) LTPO3 AMOLED display. Both phones have a refresh rate of up to 120Hz, and support up to 1 billion colors. They also support Dolby Vision, and get truly bright. That brightness is the difference between them, actually.
The Xiaomi 13 Ultra goes up to 2,600 nits of peak brightness, which technically makes it a smartphone with the brightest display. The Xiaomi 13 Pro can reach 1,900 nits, which is also immensely bright. You can easily see what’s on the display on both phones, even under direct sunlight. Now, both displays are protected by the Gorilla Glass Victus, in case you were wondering.
Both of these panels are truly excellent. The colors are vivid, the viewing angles great, and their touch response is also quite good. The Xiaomi 13 Ultra’s panel does technically get a bit brighter, but truth be said, you won’t really notice that difference all that much. Both displays do get immensely bright, and I do believe you’ll be happy with either one, so don’t base your purchasing decision based on brightness numbers.
Xiaomi 13 Ultra vs Xiaomi 13 Pro: Performance
The Snapdragon 8 Gen 2 fuels both of these smartphones. On top of that, you’ll find up to 16GB of LPDDR5X RAM inside the Xiaomi 13 Ultra, and up to 12GB of LPDDR5X RAM inside the ‘Pro’ model. UFS 4.0 flash storage is included in both smartphones, except the 128GB storage variant of the ‘Pro’ model, that one has UFS 3.1 storage. So, they have very similar performance-related specs. Does that result in similar performance, considering that they’re sister phones, on top of everything?
Well, yes… it does, at least when it comes to smoothness and overall performance. They’re both extremely snappy in day-to-day tasks, and can handle the most demanding games with ease. I did notice that the Xiaomi 13 Ultra heats up a bit less in my initial testing, but I have to test it out more to confirm. Neither phone gets too hot while gaming, or anything like that, they’re both great at it.
What I did notice is more bugs and annoyances in MIUI 14 on the Xiaomi 13 Ultra. It’s worth saying that the phone goes on sale on April 21 in China, and that this is a build of MIUI 14 made for China. I’ve tested the global variant of the Xiaomi 13 Pro, not one made for the Chinese market. Those annoyances I’ve mentioned are mostly related to aspects of the software not made for global markets, so they won’t be a factor once the global model arrives. I’d urge you to wait for the global variant.
Xiaomi 13 Ultra vs Xiaomi 13 Pro: Battery
The Xiaomi 13 Ultra comes with a 5,000mAh battery, while the ‘Pro’ model has a 4,820mAh unit. That’s not exactly a big difference between them. Can you feel it in day-to-day use? Well, I’ve only experienced one full day’s worth of usage with the ‘Ultra’, and all I can say at this point is that the battery life does seem promising. The global model may offer different results due to different software, though.
With the Xiaomi 13 Pro, I was able to hit the 8-hour screen-on-time mark consistently, with a bit of juice left in the tank. This Xiaomi 13 Ultra model could even go beyond that, actually, at least based on the first impressions. I’ll have to further test this and report back in a full review, of course. Once again, though, the global model may offer different results.
When it comes to charging, they both offer 50W wireless charging and 10W reverse wireless charging. The Xiaomi 13 Ultra does support 90W wired charging, while the Xiaomi 13 Pro offers 120W wired charging. Yes, the Xiaomi 13 Pro will charge faster because of this, but the Xiaomi 13 Ultra charges extremely fast too, so… there you have it. Also, there is a charger included in the retail box with both phones.
Xiaomi 13 Ultra vs Xiaomi 13 Pro: Cameras
The Xiaomi 13 Ultra has four 50-megapixel cameras on the back. Its main camera is a 1-inch unit from Sony (IM989), with variable aperture. A 50-megapixel telephoto camera (3.2x optical zoom) is also included, as is a 50-megapixel ultrawide camera (122-degree FoV). On top of that, you’re also getting a 50-megapixel “super-telephoto” camera here, aka a periscope camera.
The Xiaomi 13 Pro, on the other hand, also has a 50-megapixel 1-inch main camera, with the same sensor, but without variable aperture. A 50-megapixel telephoto camera (3.2x optical zoom) also sits on the back, as does a 50-megapixel ultrawide unit (115-degree FoV). Do note that the telephoto and ultrawide cameras are not the same on the two phones either. The Xiaomi 13 Ultra offers improvements across the board. Both phones include Leica lenses, though.
So, are there are any differences between them, performance-wise? Well, yes, though you’ll have to wait for the full review to get a detailed look at that. Based on my usage thus far, I’ve noticed that the Xiaomi 13 Ultra adapts to various lighting situations more easily, and it also balances images a bit better when HDR conditions are in question. I’m also enjoying using that periscope telephoto camera on the phone, which was not even present on the ‘Pro’. I can already say that the ‘Ultra’ offers more in the camera department, but we’ll get into details in a full review.
Audio
You will find a set of stereo speakers on both phones. Their positioning is a bit different, though. The main speaker is located at the bottom of both phones, but the secondary one is placed differently. On the ‘Ultra’, it sits at the top of the phone, while the ‘Pro’ model has it under its earpiece grille. Speakers on both phones sound great, to be quite honest. They’re not only loud, but also quite detailed, and even carry over some bass. I’m very happy with the performance of both sets, and they do sound similar.
A 3.5mm audio jack is not present on either phone, so you’ll have to use the Type-C port if you’d like to connect your wired headphones. For wireless connections, do note that both smartphones offer Bluetooth 5.3.
Among the latest gaming products shown off by Acer at today’s summit, is a brand new gaming desktop called the Predator Orion X. A powerful pre-built-rig with a space capsule design and a unique, albeit a tad weird, robotic-like arm with a very functional purpose.
If you’re into futuristic themes and adore space, and just so happen to be looking for a desktop, the Acer Predator Orion X might just be for you. If you’re ok with the high price. As with many of Acer’s top Predator machines, the Orion X will feature high-end components. Such as the Intel Core i9-13900KS CPU. But you can also get it with a range of GPU options. With the biggest and baddest of them all being a liquid cooled GeForce RTX 4090. As one would expect, those components are going to keep the price on this rig pretty high.
Acer says that it plans to launch the desktop in September with a starting price of $2,999. In addition to the CPU and GPU, you can configure this PC with up to 32GB of DDR5-5600 RAM, and two M.2 SSDs with up to 1TB each for storage. There’s also an additional M.2 NVMe drive bay for even more storage. And Acer made it illuminated with some RGB LEDs to keep with the space capsule theme. And to top it all off, the rig was built with DIY in mind for simple upgrades.
The robotic-like arm on the Acer Predator Orion X isn’t just a show piece
Of all the unique features I’ve seen on desktops, the robotic-like arm on the Orion X is one of the more out there additions. But as strange as it may seem, it only seems that way because it’s something I’ve never really thought of before.
Imagine, if you will, you have limited space on your desk. Assuming you pick up this PC, you might need somewhere to store your headphones. Well, say hello to your own little rotatable robot arm, affixed to the top of the PC case. It can extend upward and rotate to the right or left. Giving you a place to hang the headphones. Now you don’t need a headphone stand taking up more desk space. You have one built into your PC.
And that’s precisely the idea. A functional design element that looks kind of cool and also serves a real purpose. Alienware implemented a similar tactic in one of its more recent monitors with a headphone hook that could extend out from the side.
Acer has two new gaming monitors coming this year
Speaking of monitors, Acer has two new ones coming, both of which were announced today.
The Nitro XZ452CU V, and the Predator X34 V. The Nitro XZ452CU V is a 44.5-inch ultrawide with a 1500R curve and a 5,120 x 1,440 resolution and 32:9 aspect ratio. It features a 165Hz refresh rate, DisplayHDR 400, and FreeSync Premium Pro support.
The Predator X34 V meanwhile is a 34-inch OLED panel display with a 3,440 x 1,440 resolution. This is a curved monitor as well but it’s not as defined, sitting at a rating of 1800R. It also comes with a bumped up refresh rate of 175Hz, as well as DisplayHDR TrueBlack 400, and a 0.1ms response time.
Acer plans to launch both monitors sometime in Q3 of this year. The Nitro XZ452CU V will retail for $999, and the Predator X34 V will retail for $1,299. You can read more details about each monitor and the Predator Orion X in the official blog post.
The idea for Bluesky was initially proposed by Twitter CEO Jack Dorsey in 2019. Dorsey had expressed his desire to develop a decentralized social media platform that would be community-driven and open source. The project is currently being led by a team of developers and engineers, who are working to build the underlying infrastructure that will support the platform.
As it is still in closed beta, the application can be downloaded and installed, but an invite code will be required in order to register an account. This means that you will be required to either sign up for the waitlist or ask a friend for an invite code in order to have any chance of gaining access to the service.
According to The Verge, those that have been able to get an invite code and try out the service, state that it is a pretty good Twitter clone, even though it is still missing basic features such as Direct Messages. Other than that, reports are that, since it’s a pretty small community at this point, the environment tends to be more on the friendly side.
Bluesky aims to create a social media platform that is free from centralized control, allowing users to interact with one another without the intervention of a central authority. This would mean that the platform would be less prone to censorship, and users would have greater control over their data and how it is shared. This has become an especially important issue since Elon Musk acquired Twitter last year and has dramatically changed the way the platform fundamentally operates.
Bluesky represents a promising development in the world of social media. By providing a decentralized alternative to Twitter, similar to the way Mastodon has done so far, it has the potential to give users more control over their online experience and create a more open and democratic platform for communication and interaction.
On April 18, 2023, Google released a new update for Chrome Desktop versions with security updates for actively exploited second Chrome zero-day vulnerability that allows attackers to execute an arbitrary code to take complete control of the system remotely.
CVE-2023-2136 is an integer overflow bug that threat actors have now exploited in the wild.
Google recently released an update for the first Chrome zero-day this year. A week later, the second zero-day was discovered, fixed, and released the patch for the same.
Stable Update Channel Release
Google has released a fixed version of Chrome on the below platforms.
Windows version: 112.0.5615.137/138
Mac version: 112.0.5615.137
Linux version: 112.0.5615.165
Clément Lecigne, who works in Google’s Threat Analysis Group (TAG), reported the first zero-day of Google on 11th April 2023.
He reported the second zero-day on 12th April 2023, one day before the first zero-day.
The patched version comes with an overwhelming 8 bug fixes, as mentioned by Google.
High CVE-2023-2133: Out-of-bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30.
High CVE-2023-2134: Out-of-bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30.
High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14.
High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-12 (Exploited in the wild).
Medium CVE-2023-2137: Heap buffer overflow in SQLite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05.
Rewards have been given for the above security researchers, ranging between $3000 and $8000. Google has not published any other details on this vulnerability.
“Google is aware that an exploit for CVE-2023-2136 exists in the wild. Access to bug details and links may be restricted until most users are updated with a fix.
We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” Google Says.
This new zero-day is exploited in the Skia, a 2-D Graphics library that most web developers use for creating great high-quality web experiences and graphics.
Update Now
To address the actively exploited security issue, the following are the steps that you need to follow to start the manual process of updating Chrome to the latest version:-
Google Chrome 112.0
First of all, open the Chrome settings menu in the upper right corner.
Then you have to select the “Help” option.
Now select the “About Google Chrome” option.
Now, your Chrome will check for the latest available update and download it.
So, to prevent further exploitation, it’s strongly recommended that users apply the available update as soon as they become available.
Google has requested its users to update the Chrome version as soon as possible.
#1 in Endpoint Protection, #1 ROI for EDR, #1 for EDR implementation.
Navigating the world of endpoint security is challenging, with numerous vendors stoking FUD and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams.
Enter G2, an industry-leading peer-to-peer review site. Each quarter, G2 releases reports highlighting the products with the highest customer satisfaction and strongest market presence.
In the G2 Spring 2023 Grid Reports, Malwarebytes earned the title of ‘Leader’ in 24 categories, including the #1 spot in Endpoint Protection, the Best ROI for EDR, and #1 for EDR implementation in the mid-market segment.
Let’s take a closer look at how organizations evaluated solutions and what they said about using Malwarebytes.
#1 Endpoint Protection: Highest Rated for Results, Relationship, and More
Malwarebytes Endpoint Protection (EP), the essential foundation of our EDR and MDR offerings, won dozens of awards based on receiving the highest customer satisfaction score across a range of areas, including “Ease of setup,” “Ease of admin,” “Quality of support”, and more.
Dashboard for Nebula, the cloud-hosted security platform for EP and EDR
For example, Malwarebytes EP won the “Best Results” badge (highest overall Results score) by having the highest combination of estimated ROI, meets requirements, and likelihood to recommend scores. What some of our customers had to say:
“Malwarebytes is easy to install and configure. It integrates with Windows 10 and runs silently in the background. Infection rate of Malware has dropped dramatically. If I run across a machine that has Malware, installing it cleans it up almost 100% of the time.”
“I consider myself faithful to this software because Malwarebytes has taken me out of problems that other antivirus programs have not been able to solve. It is not a very heavy software and can run in the background without even noticing it thanks to the updates.”
Customers also praised Malwarebytes for its friendly staff and exceptional support, for which we won the “Best Relationship” badge by having the highest combination of “Likely to Recommend” , “Ease of business,” and “Quality of Support” ratings. Here’s what some of our customers had to say:
“The support team started us off on the right track by getting us up and running in no time. Any questions I had before and after setup were answered quickly and thoroughly.”
Our EDR solution delivers an impressive return on investment by quickly enhancing your organization’s security posture. Malwarebytes EDR is designed to be both efficient and cost-effective, allowing your team to see the benefits of your investment immediately.
By focusing on ease of use, quick implementation, and powerful security features without requiring an IT security army, Malwarebytes ensures that your organization is maximizing resources and receiving the best ROI in the industry.
Malwarebytes had the best estimated ROI (payback period in months) on the Enterprise Grid® Report for Endpoint Detection & Response (EDR) at just 14 months, compared to Crowdstrike at 22 months.
“The best part about Malwarebytes is the set it and forget it. It has saved us so much time on deployment and remediation that it pays for itself in no time at all.”
“It keeps our working environment much more secure than our previous solution. Much easier to manage in real time. This thing is a money saver and pays for itself.”
Most Implementable EDR: Seamless Setup and User-Friendly Experience
On the Mid-Market Implementation Index for Endpoint Detection & Response (EDR) Malwarebytes EDR clutched the #1 spot. With a seamless setup process, your team can spend more time focusing on what matters most: protecting your organization from cyber threats. Here’s how we won:
Malwarebytes EDR has an Implementation Score of 89%, which is higher than the industry average of 82%.
Ease of Setup: Malwarebytes EDR scores 95% in ease of setup, compared to the industry average of 90%.
Average User Adoption: Malwarebytes EDR has an average user adoption rate of 91%, surpassing the industry average of 85%.
Time to Go Live (Months): The average time it takes for Malwarebytes EDR to become fully operational is just 0.49 months, over 2X shorter than the industry average of 1.41 months.
“If you are purchasing Malwarebytes, then you have made the correct choice. You will quickly see how easy it is to implement, and how great their support is.”
“Easy to use and implement, along with great support and support tools at your disposal, along with courses to help you become more familiar with the inner workings.”
Two options to easily begin deployment with your endpoint users in Nebula
Experience Malwarebytes for Business: Award-winning ROI, user-friendly, and effective threat defense
Malwarebytes provides IT staff with award-winning business solutions, offering unmatched threat protection, a lightning-fast return on investment, and a smooth, speedy implementation.
Try Malwarebytes EDR today and join the ranks of those who have already discovered the amazing results, support, ROI, and more of our exceptional endpoint security solutions.
Samsung has updated the Galaxy A51 5G to the April security patch. The rollout began recently in Europe but has already reached most countries in the region. The latest security update is also available for the 2020 premium mid-range model in Taiwan. A global rollout, including in the US, should follow in the coming days. The 4G version of the phone has yet to pick up the April SMR (Security Maintenance Release).
First reported by SamMobile, the April 2023 security update for the Galaxy A51 5G comes with the firmware build number A516BXXS6FWC1. The build number may vary in the US and some other markets but the content of the update should remain unchanged. Speaking of content, Samsung’s official changelog doesn’t mention anything apart from this month’s security fixes. So don’t go deep looking for new features or changes.
As far as the security fixes are concerned, the April SMR contains more than 70 patches. As usual, this is the combined total of Galaxy-specific patches from Samsung and Android OS patches from Google and other partners. The Korean firm patched 23 issues in Galaxy devices this month. At least one of those was a critical flaw that allowed local attackers to access protected data. The 50-odd Android OS patches included four critical flaws, some of which allowed remote code execution.
If you’re using a Galaxy A51 5G, these security fixes should soon be available for you. As usual, you can check for updates from the Settings app. Go to the Software update section and tap on Download and install. If you don’t see any OTA (over the air) update, wait a few days and check again. As said earlier, this update doesn’t bring any new features. The Galaxy A51 5G is done getting feature updates. The One UI 5.1 update was the last one. It debuted with Android 10 and isn’t eligible for Android 14.
Galaxy A52 is widely getting the April security patch
Along with the Galaxy A51 5G, Samsung has also widely released the April SMR for the Galaxy A52. Both 4G and 5G versions of the 2021 model are picking up the latest security patch. The update is available in most markets around the world, including the US. As of this writing, only the factory-unlocked units of the Galaxy A51 5G are getting the April SMR stateside but Samsung should soon cover carrier-locked variants as well. This phone also isn’t getting anything more than the latest security fixes.
The Netflix ad-supported plan became available to the public sometime last year, and it is now getting better. This subscription tier makes the streaming platform more affordable for users around the world. So, instead of asking friends for their password to stream a movie everyone can own an active Netflix account.
Previously, this plan only offered users the opportunity to stream movies in 720p resolution. If you stream a lot of movies and shows, you will agree that this is a poor resolution for user experience. Since Netflix offers up to 4K Ultra-HD video streaming for its users, those on the ad-supported plan are at the bottom of the ‘streaming chain.’
But all of that is coming to an end as Netflix is currently stepping up the experience for users on the ad-supported plan. This is coming in light of the performance of this subscription tier that became available in 2022. Users can now stream with higher resolutions other than 720p which was the only available option.
Those subscribed to the Netflix ad-supported plan can now stream at 1080p
With the launch of the Netflix ad-supported plan, the streaming platform kept things down to 720p resolution. This was in addition to the fact that streamers subscribed to this plan will get constant ads while streaming. Bringing these two factors together might have been a dealbreaker for many Netflix users.
Regardless, this didn’t stop many from subscribing to the new ad-supported plan. Based on the performance of this new subscription tier, Netflix is proud to announce that they are 1080p resolution streaming to this plan. This announcement was in the firm’s Q1 2023 letter to its investors and shareholders.
From this report, it is clear that Netflix kicked off business this year on a good foot. Currently, the Netflix ad-supported plan is available in a total of 12 markets around the world. Whilst it might still expand access to other regions, the performance of this plan in its markets is better than the standard plan.
This means that more people in the markets where the Netflix ad-supported plan is available prefer it to the standard plan. A major factor that contributes to this is the fact that this ad-supported plan is more affordable. Now, subscribers to the ad-supported plan in these markets will be able to stream movies and series at 1080p resolution.
Users will agree that this is a step in the right direction as the movie streaming industry gets more competitive. This improvement on Netflix’s part will help them retain customers and attract others from other streaming platforms as well. So now streamers using the ad-supported tier will only have to worry about seeing ads while they stream and not the picture resolution.
Twitter’s legacy users are in for a rude awakening today as the company is following through on its promise to strip the coveted blue checkmark from legacy verified accounts that are not subscribed to Twitter Blue. This was originally supposed to happen at the beginning of the month, but the plans had apparently been postponed.
The company made the announcement via a tweet yesterday, confirming that today would be the day that the process begins. Already you can see that many celebrities and notable accounts on Twitter no longer have the blue checkmark.
That said, there are other legacy verified accounts, such as that of famous author Stephen King, who are still showing a checkmark with a description stating that the account is verified due to a Twitter Blue subscription, even though no subscription actually exists as per the author. It is unclear if this is a bug as the company continues the blue checkmark purge.
Users that wish to keep or obtain a verified blue checkmark will have to pay a fee to access the platform’s premium service, Twitter Blue. This move could potentially create a divide between paying and non-paying users, with the former receiving exclusive benefits. However, some users have expressed concern that this could lead to a disregard for non-paying users’ contributions to the platform.Despite the fact that business and government organizations are still eligible to apply for verified status, it’s important to acknowledge that the ultimate decision-making power lies in the hands of Elon Musk. In recent times, Musk has taken to labeling newsrooms such as BBC and NPR as compromised propaganda outlets, which has raised concerns about his unpredictable behavior.
Elon Musk’s relationship with journalists has also been fraught with tension, and his recent decision to eliminate legacy verification can be seen as a retaliatory move against those who have been critical of his business ventures. This move has been viewed by some as a deliberate attempt to undermine and discredit those who question the actions of the billionaire.
In the past, the implementation of paid verification on Twitter has resulted in disastrous consequences, as evidenced by the influx of impersonation cases. However, now that some time has passed and lessons have been learned, it remains to be seen how this latest change will affect the platform and its users.
Following a high-severity zero-day fix, Google has patched another severe zero-day vulnerability in its Chrome browser. Users should update their respective devices to receive the fix.
Another Google Chrome Zero-Day Received A Fix
Google has just released another major Chrome update carrying multiple security fixes days after fixing the type-confusion bug under attack. With the latest Chrome version 112.0.5615.137, Google has also rolled out a zero-day fix alongside other patches.
As mentioned in its advisory, the latest Chrome release includes eight different security patches. From these, the zero-day vulnerability includes a high-severity integer overflow in Chrome’s Skia – a 2D graphics library that serves as the graphics engine for the browser.
Although Google has not disclosed explicit details about the flaw to avoid potential exploits. Yet it did confirm to have detected active exploitation of the flaw CVE-2023-2136.
This zero-day vulnerability first caught the attention of Clément Lecigne of Google’s Threat Analysis Group.
Besides this vulnerability, Google has patched three other high-severity vulnerabilities. Of these, two include out-of-bounds memory access in the Service Worker API (CVE-2023-2133 and CVE-2023-2134). These vulnerabilities caught the attention of the researcher Rong Jian of VRI, each winning an $8000 bounty for the report.
The third vulnerability fix addressed a use-after-free flaw in Chrome DevTools (CVE-2023-2135). This vulnerability caught the attention of Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. Reporting this vulnerability won Kim a $4000 bounty.
Alongside these three important bugs, the latest Chrome release also addressed a medium-severity heap buffer overflow in Chrome SQLite. Reporting this flaw made the researchers, Nan Wang and Guang Gong of 360 Vulnerability Research Institute, win a $1000 bounty.
Google has not elaborated on the other four vulnerability fixes included in this Chrome update. Instead, the one-line statement in its advisory simply directed towards some fixes as a result of internal security work.
The tech giant has automatically rolled out these security fixes with the Chrome stable and extended stable channel 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac, pledging a patched release for Linux users soon.
Also, it has fixed the same security vulnerabilities with Google Chrome for Android version 112 (112.0.5615.135/.136), as confirmed via another advisory. Android users will receive this update from the official Play Store.
The QBot campaign illustrated (Source: Jerome Segura | Malwarebytes Labs)
