This week marked the scheduled release of monthly security updates from Microsoft. With April 2023 Patch Tuesday updates, Microsoft addressed 97 different security flaws across different products. The most notable fix includes a zero-day patch for a privilege escalation vulnerability that remained unexploited despite disclosure.
Microsoft Patch Tuesday April Updates
As elaborated in Microsoft’s advisory, an important severity privilege escalation flaw affected the Windows Common Log File System Driver. The vulnerability, identified as CVE-2023-28252, could allow an attacker to gain system privileges on the target device.
According to ZDI, fixing a similar vulnerability in a two-months time hints the repatching of the same issue as the previous one didn’t work. However, Microsoft hasn’t officially confirmed anything in this regard. Whether it’s the same issue or not, the fact remains that the Windows CLFS driver developed a zero-day twice within a short time.
Besides this important update, Microsoft patched 96 other vulnerabilities across different products, including 7 critical severity vulnerabilities. All the vulnerabilities could lead to remote code execution when exploited.
Alongside these bug fixes, the tech giant patched 89 other important-severity vulnerabilities, fixing a bunch of security issues in Windows Kernel, Windows DNS Server, Microsoft PostScript and PCL6 Class Printer Driver, and more. The impact of these vulnerabilities following malicious exploitation ranged from remote code execution to privilege escalation and information disclosure.
One of these flaws includes an RCE bug in Microsoft Word. Identified as CVE-2023-28311 (CVSS 7.8), the vulnerability seemed easily exploitable as an adversary could trigger the flaw by merely luring the target user into clicking a maliciously crafted document. Nonetheless, Microsoft confirmed discovering no active exploitation for the flaw before the fix.
Alongside these bug fixes, the April Patch Tuesday also includes patches for some already-known low-severity vulnerabilities in Microsoft Edge.
Although, the entire update bundle would reach Microsoft users automatically. Yet, it’s still safe to ensure updating the systems manually to receive the bug fixes soon and avoid malicious attacks.
The new Python-based Legion malware is being linked to a potential Indonesian developer.
Cloud forensics and incident response platform startup, Cado Security Ltd., has revealed details of a new credential harvester and hacking tool called “Legion.”
According to researchers, Legion is being sold on Telegram and is designed to exploit various services for email abuse. The tool is believed to be linked to the AndroxGh0st malware family which was first reported in December 2022.
The use of Telegram for selling Legion malware should not come as a surprise, as the popular messaging platform has often been associated with illegal activities. In fact, just last week, it was reported that threat actors are leveraging Telegram to automate phishing attacks, highlighting the platform’s role in facilitating cybercriminal activities.
Legion specifically targets web servers running content management systems, PHP or PHP-based frameworks. It has the ability to retrieve credentials for a wide range of web services, including email providers, cloud service providers, server management systems, databases, and payment platforms like Stripe Inc. and PayPal Holdings Inc. Additionally, Legion can hijack SMS messages and compromise Amazon Web Services Inc. credentials.
One notable feature of Legion is its availability of modules that can enumerate vulnerable SMTP servers, conduct remote code execution, exploit vulnerable versions of Apache, and brute-force cPanel and WebHost Manager accounts.
It also interacts with the Shodan Search Engine‘s API to retrieve a target list and has modules focused on abusing AWS services. Researchers have also highlighted Legion’s ability to send SMS spam messages to mobile network users in the United States across all carriers, which sets it apart from other similar tools.
Legion is being sold on various Telegram channels and is being promoted on YouTube through tutorial videos, suggesting that it is widely distributed and likely paid malware.
While the origin of the malware is not confirmed, comments found in Bahasa Indonesia suggest that the developer may be Indonesian or based in Indonesia. A GitHub Gist link leads to a user named “Galeh Rizky” with a profile indicating residence in Indonesia.
As a precaution, Cado Security researchers recommend in their report that users of web server technologies and frameworks like Laravel review their existing security processes and ensure that credentials are appropriately stored.
Ideally, sensitive information such as credentials should be stored in a .env file outside of web server directories to prevent unauthorized access.
Legion splash screen (Cado Labs)
The discovery of Legion highlights the ongoing threat of credential harvesting and hacking tools in the cybersecurity landscape. It serves as a reminder for organizations to prioritize robust security measures and stay vigilant against evolving cyber threats.
On the other hand, the trend of using Telegram as a platform for buying and selling malware is concerning, as it provides a convenient and anonymous means for cybercriminals to conduct illicit activities.
ASUS has returned this year with the ROG Phone 7 and the ROG Phone 7 Ultimate to follow up last year’s ROG Phone 6 and ROG Phone 6 Pro. As one would probably expect, the new device duo from one of gaming’s most premium brands has quite a few improvements. Promising an even better mobile gaming experience than before. But not just a better mobile gaming experience, a better overall phone experience.
That being said, this is still a gaming phone. Most features are going to be gaming-centric. Even the design is tailored to the mobile gamer. While this is a smartphone first, gaming is the main focus. And it shows with the advancements ASUS has made to the device this year. Like past devices though, the ROG Phone 7 and ROG Phone 7 Ultimate are going to be expensive. Are they worth all that money? Is this a device that you should consider buying?
I’ve spent the past couple of weeks using this phone as my daily driver so I could answer those questions. So let’s dive in see what makes this phone great, and where it can improve.
ASUS made the ROG Phone 7 Ultimate with gaming-centric ergonomics
As with past devices, the design of the ROG Phone 7 and ROG Phone 7 Ultimate features ergonomics that cater to mobile gamers. What I mean by this is that the design moves beyond having those typical “gamer” aesthetics you might expect to see. The gamer aesthetic is definitely still there. An RGB ROG eye logo can be seen on the back of the ROG Phone 7. While the ROG Vision display is on the back ROG Phone 7 Ultimate. Other more subtle details, like the Republic of Gamers branding, are still present as well.
But that’s not what I mostly want to focus on here. It’s the ergonomics. ASUS specifically designed the ergonomics of the ROG Phone 7 and 7 Ultimate to cater to landscape mode. Because most AAA mobile games are designed to be played this way. Big surprise right?
With that in mind, the latest ROG phones continue to offer features and ergonomics that work well with the phone being held this way. For starters, the AirTriggers are still up top for additional controls. Which I find come in really handy when playing Call of Duty: Mobile. I use these as my aim down sight and fire controls. So my thumbs can stay on the movement.
The side-charging USB-C port makes a return as well so you can plug the device in and keep the battery topped up while you play. Or, you can simply use this with bypass charging to power the phone instead of juicing up the battery. You’ll also notice two new magnet connector pins. These are for the AeroActive Cooler 7, which now includes a 5-magnet super linear subwoofer for enhanced audio during gaming. Plus you still have front-facing stereo speakers tuned by Dirac for exceptional audio without the subwoofer.
All of these things might seem small. But when you put them together, they make a really big difference if you play a lot of mobile games. And bigger aspects of that ergonomic design, like the AirTriggers and side-facing USB-C port for charging ensure you can hold the phone as comfortably as possible while you play.
ROG Phone 7 Ultimate design
For the most part, nothing has really changed here. ASUS kept the same design for the ROG Phone 7 Ultimate as it had for the ROG Phone 6 Pro. Save for two things – the new magnet connector pins on the side and the AeroActive Portal on the back. Aside from those two things, the design doesn’t change much.
And that’s a good thing because the design last year was great. You still have the metal frame with rounded corners, bottom-facing off-center USB-C port and bottom-facing 3.5mm audio port. There’s also Gorilla Glass Victus covering the display and Gorilla Glass 3 on the back. Even the colors are the same as last year. Phantom Black and Storm White. Although the Ultimate model only comes in Storm White. There are of course very subtle differences in the design compared to the ROG Phone 6 series.
The back of the ROG Phone 7 Ultimate for instance now has a large ‘ROG’ branding slapped across the bottom edge. ASUS also took away most of the line graphics. Both the ROG Phone 7 and ROG Phone 7 Ultimate now feature a two-toned color scheme as well. The colors are still technically the same, but one side of the back has more of a matte finish while the other side gives off a slight but noticeable sheen.
It’s still very much a gaming-style aesthetic but just a little less loud. Overall it’s a nice design and I hope ASUS continues this trend for future phones. I definitely don’t want to see them going back to style of design that was present on the ROG Phone 2.
The AeroActive Cooler 7 feels less needed than ever, and that’s a good thing
There was a time when the ROG Phones were not only exceptionally powerful mobile gaming devices, but they also became quite hot. To the point that they were uncomfortable to hold after only an hour’s worth of playing games.
Every year ASUS has improved the cooling of its ROG Phones to counteract this. And while they have gotten better, the phones still needed a little extra help. So ASUS began packaging the devices with the AeroActive Cooler. This year’s model, the AeroActive Cooler 7, is the best it’s ever been. Using the same Peltier cooling chip-based design as with the AeroActive Cooler 6 for advanced airflow and cooling.
But, it just doesn’t feel as needed as it used to be. Don’t get me wrong, I still often like using it. Because in the end it cools the phone better than without it. But if you don’t use it, I’ve noticed less heat buildup than on the ROG Phone 6 Pro after longer gaming sessions. And a significant improvement over the ROG Phone 5 Ultimate and previous devices.
This is all thanks to the new GameCool 7 cooling system. ASUS revamped the internal structure so that heat dissipation is more efficient. It also redesigned the ROG Rapid-Cycle vapor chamber with special liquid return channels that help to dissipate heat up to 2.1 times more. This is in addition to using larger graphite sheets to help spread heat more evenly. This way heat doesn’t get trapped in the middle of the phone like it did before.
The end result, is a cooler phone under extended heavy loads with AAA, graphically demanding games. Though as I mentioned before, there are still reasons to use and enjoy the AeroActive Cooler 7 attachment. Even if it isn’t really needed as much as it used to be.
Why you should consider using the AeroActive Cooler 7
Even though the phone doesn’t get as hot without this excellent accessory as past devices did, you should still consider using it. The phone doesn’t feel as hot to the touch anymore. But that doesn’t mean that heat is not still impacting the device in other ways. The most significant of these is performance. The hotter the chip gets, the likelier it is you’ll see dips in performance over time. Which isn’t what you want if you’re in the thick of a gaming session. Especially if those games are competitive in nature.
Aside from helping the phone stay cool more efficiently, it also has the added back buttons you can map to on-screen touch controls. Plus, this new model includes the subwoofer for enhanced audio. It doesn’t make a massive difference to the sound. But it does improve it and it just makes the experience better. In addition to these things it also includes a bottom-facing 3.5mm audio port. So if you decide to use wired headphones, you can plug them in on the bottom instead of on the side.
It’s definitely a bigger cooler attachment than last year’s. But definitely worth carrying around with you if you have a bag or sling to slip it into.
Stellar battery life as expected
One of the best things about ASUS’s ROG Phone series is the battery life. Both the ROG Phone 7 Ultimate and the ROG Phone 7 feature the same 6,000mAh capacity battery as past devices. Letting you game for hours upon hours or just have a phone that lasts for literal days.
There’s not really a whole lot to say about the battery here since it’s the same battery as the ROG Phone 6 series. Which is a 6,000mAh dual-cell battery module that supports 65w Hyper Charging. Basically the battery is just as good as last year’s and once again makes the ROG Phone a standout device when it comes to how long the battery lasts.
There is one notable improvement though. It charges up faster than before. According to ASUS, the ROG Phone 7 series will charge from 0% to 100% in just 42 minutes. Which is about 10 minutes faster than the ROG Phone 6 series. That might not make a huge difference for every user. But faster charging is faster charging. And I certainly did appreciate the phone getting back to full quicker than I was used to.
Near stock Android software with that gamer touch
The software experience on ASUS’s ROG Phone series has always been pretty decent, and the same is true with the ROG Phone 7 and ROG Phone 7 Ultimate. You get your choice of the ROG UI or the updated Zen UI. The two are pretty similar but the Zen UI has a more stock Android look and feel.
Which is what I personally prefer and have used on this device throughout my time with it so far. The device comes with Android 13 out of the box so you get all the benefits of that as well.
But where the software really shines in my opinion is with the Game Genie. While the Game Genie isn’t new there are some new features being added to it this year. X Sense and X Capture are two that could end up being pretty cool for some gamers. With X Sense, it lets the software detect key moments throughout your game. It can then use those detections to aid you with what to do next. X Capture meanwhile also detects key moments, but instead of assisting with decision making it saves clips for you to share.
The only problem is that right now the support for these seems to be limited to a very small number of games. X Capture for instance only seems to support the Garena version of Arena of Valor. And I suspect X Sense is the same way. There’s also Background Mode, which simply keeps the game running in the background.
The most interesting is the new Vibration Mapping feature. With this you can set zones on the device where the haptics will come into play so the vibration interacts with what’s happening in your game at certain moments. This can give your games a more immersive feel and I think it’s probably the best of the new features. All-in-all the software is good just like it was last year.
Should you buy the ROG Phone 7 or ROG Phone 7 Ultimate?
ASUS has outdone itself once again when it comes to making what really does feel like the best phone available for mobile gaming. With a few key improvements to the cooling, and updated hardware for even better performance, the ROG Phone 7 and ROG Phone 7 Ultimate are the cream of the crop in this small niche of the smartphone market.
But neither phone is perfect and they won’t be for everyone. No matter how good the device is, there are simply going to be more suitable options for some users. And that’s ok. Not everyone is into mobile gaming or into it enough to warrant spending the higher price that ASUS demands. Not to mention the camera definitely takes a backseat to all the gaming features. While more than fine for my personal needs, there are better smartphone cameras out there. And you may be a user that values that more than what ASUS is offering here.
ASUS plans to launch the ROG Phone 7 and ROG Phone 7 Ultimate in the US sometime in late Q2. Which probably puts the official US release closer to Summertime. As for pricing, the phone will start at $999.99 for the ROG Phone 7. Pricing for the Ultimate model hasn’t been confirmed yet. If you don’t want to wait for the new model, ASUS is still selling it’s excellent ROG Phone 6 and ROG Phone 6 Pro devices.
Buy the ASUS ROG Phone 7 or ROG Phone 7 Ultimate if:
You want the best mobile gaming phone there is
Battery life is important to you
You want the extra features and accessories geared towards gamers
Don’t buy the ASUS ROG Phone 7 or ROG Phone 7 Ultimate if:
Apple rumors have been a real rollercoaster lately. The iPhone 15 Pro drama surrounding solid-state buttons is currently in, and now we have some iPhone SE 4 info to share. The iPhone SE 4 won’t arrive before 2025, if the latest rumor is to be believed.
The iPhone SE 4 may not launch before 2025
This information comes from a well-known analyst, Jeff Pu (via MacRumors). The analyst says that the iPhone SE 4 will launch “with a custom-designed 5G modem in 2025”.
Why is this odd? Well, for one, the phone was previously rumored to launch next year, in 2024. The source of that info was probably the best-known Apple tipster, Ming-Chi Kuo. The same source said that Apple canceled the iPhone SE 4, which was back in December. Since then, the company obviously changed its mind.
In any case, if Jeff Pu is to be believed, the iPhone SE 4 won’t arrive as soon as we thought. A 2025 launch is what he thinks we’ll see. It remains to be seen if Ming-Chi Kuo will have a response to this.
In any case, the phone is also expected to get a custom-designed 5G modem, as Apple will sort of test it via that phone. The company is probably looking to move further away from Qualcomm.
It will be the first ‘SE’ device to feature a different design
The iPhone SE 4 will be a rather interesting launch, as it will be the first ‘SE’ device from the company to feature a different design. The first three models offered the iPhone 8 design, so it’s time for Apple to change things up.
The iPhone SE 4 is expected to look more like the iPhone 14, than the iPhone 8. It may not be the same chassis, Apple may use chassis from one of the previous iPhones, as they’re all very similar. It remains to be seen.
That means it will be considerably larger than the previous iPhone SE models. It likely won’t have a horrible battery life, though, and will finally adopt an OLED display.
Cybercriminals are hijacking Facebook pages and using sponsored posts to offer downloads of ChatGPT and Google Bard AI, which in reality spread RedLine Stealer malware.
According to a report from security automation startup Veriti, threat actors are attempting to exploit the popularity of OpenAI’s chatbot ChatGPT and Google Bard to distribute malware and steal sensitive data. These attempts underscore the risks associated with generative AI platforms.
It should come as no surprise that ChatGPT’s popularity has been exploited for malicious purposes since its launch. As a result, OpenAI, ChatGPT’s parent company, recently introduced its first-ever bug bounty program.
Attack Mechanism
Veriti researchers have observed that attackers first hijack Facebook business or community pages, carefully selecting pages with thousands of followers. They then post seemingly legitimate sponsored ads on these pages, offering free downloads of ChatGPT and Google Bard. Unsuspecting visitors fall into the trap and download the malicious files, which then unleash the RedLine information-stealing malware on their devices.
“These posts are designed to appear legitimate, using the buzz around OpenAI language models to deceive unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the RedLine Stealer malware is activated and can steal passwords and download further malware onto the user’s device,” reads Veriti’s report.
For reference, RedLine Stealer is sold on online hacker forums as a malware-as-a-service (MaaS) platform, with a primary focus on targeting browsers to collect users’ data. This commoditized malware is often favoured by cybercriminals due to its low cost, priced at $100 to $150.
What are the Dangers?
When a victim installs the malicious file from one of these sponsored ads, their device is hijacked by the RedLine infostealer, which can then steal confidential data, disrupt critical infrastructure, and compromise financial accounts.
By targeting web browsers on the infected device, RedLine Stealer can steal credentials, credit card information, or other payment card details, as well as conduct system inventory to identify vulnerabilities for further attacks.
Furthermore, RedLine Stealer has the capability to upload/download files and execute commands, providing even novice hackers with extensive opportunities to carry out various types of cyberattacks.
Who are the Targets?
Researchers detected this campaign in January 2023 and observed a peak in March. So far, dozens of Facebook accounts have been hijacked across ten countries to distribute RedLine Stealer through malicious ads.
The highest number of victims were identified in Greece, followed by India, Mexico, the USA, and Bangladesh. Approximately 77% of the attacks were observed in the USA, with Canada at 9%, Mexico at 6%, India at 4%, and Portugal at 2%.
This campaign serves as an early warning of what may lie ahead, as the soaring popularity of AI-based chatbots has made them lucrative targets for threat actors. They can exploit the versatility of these products, which can be packaged in different forms such as open source or mobile applications, allowing them to create trojanized downloads.
The potential impact is significant, as attackers can steal anything from private to financial data and target critical infrastructure.
Researchers suggest that enterprises should upgrade their cybersecurity practices, educate employees about the risks associated with downloading files from unauthenticated or unknown sources, and ensure strong security configurations to prevent system compromise.
Limiting the downloading of executables and implementing sandboxing of executables before downloading can also reduce the risk of infecting corporate IT infrastructure.
The ASUS ZenFone 10 has surfaced on Geekbench, and some of its specs got confirmed that way. The phone appeared on the benchmarking platform under the ‘ASUS_AI2302’ model.
Some ZenFone 10 specs got revealed by Geekbench
First and foremost, let’s just say that the phone managed to score 2,008 points in the single-core test, and 5,454 points in the multi-core test. Those are excellent results, though unsurprising, as the device will be fueled by the Snapdragon 8 Gen 2 SoC. Keep in mind this is not a final unit, though, so don’t pay much attention to those benchmarking scores.
That is actually one detail that this benchmarking site revealed, the phone’s SoC. Another detail that popped up is its RAM count. The ZenFone 10 will include 16GB of RAM in one of its models. That will probably be the highest-end offering, as the ZenFone 9 also offered up to 16GB of RAM.
Android 13 is listed here for the device, and that’s the OS it will run once it launches, as it’s expected to arrive in the summer. The ZenFone 9 launched in July last year, so the ZenFone 10 is expected around that time this year. ASUS may, of course, change its release cycle, but that’s not as likely.
It will be considerably larger than its predecessor, allegedly
Now, based on previous leaks, the ZenFone 10 will be larger than its predecessor. The phone is tipped to include a 6.3-inch panel. The ZenFone 9 arrived with a 5.9-inch display, that’s quite a change, needless to say.
The device will feature a 120Hz display, and offer 256GB/512GB of internal storage. A 200-megapixel main camera with OIS support was also mentioned, as was IP68 certification. Take that info with a grain of salt, though, of course.
We are only a couple of months away from the launch event, so more info should start coming in soon, including the phone’s design.
The Huawei FreeBuds 5 truly wireless earbuds are now official. The company announced a new pair of its open-fit earbuds. These are the company’s flagship open-fit earbuds, by the way. The ‘Pro’ series has a silicone seal, these ones do not.
The Huawei FreeBuds 5 are official with a rather odd design, and various improvements
The FreeBuds 5 have changed quite a bit compared to the FreeBuds 4. If you check out the images below, you’ll notice how odd these look. Huawei refers to this design as the “droplet-shaped design”.
The company claims that it is a result of “tens of thousands of ergonomic simulations and hundreds of optimizations”. It is supposed to ensure that the double-C curves fit the contours of the ears.
This design is essentially expected to reduce strain, and ensure a breathable wearing experience, according to Huawei. The arc-shaped stem is here to ensure that the pressure is evenly distributed when you tap an earbud. We cannot confirm this just yet, but a review unit should be in soon.
The frequency response is 50% higher compared to the FreeBuds 4
The Huawei FreeBuds 5 comes with an ultra-magnet dynamic driver, which is equipped with bass turbo technology. That tech produces bass tones that drop as low as 16Hz. The frequency response is 50% higher than the FreeBuds 4, thanks to the dual circuit magnets, says Huawei.
The triple adaptive EQ is also included. It is supposed to optimize sound quality in real time, from 100Hz to 2,000Hz. The FreeBuds 5 also support the L2HC and LDAC codecs. These earbuds got certified by both HWA and Hi-Res Audio Wireless, in case you were wondering.
Huawei also said that the audio transmission rate on the FreeBuds 5 is up to 990 kbps and 96kHz/24-bit HD audio is supported here. On top of everything, you’ll also find an adaptive tri-mic hybrid noise cancellation here, with “intelligent dynamic ANC”.
They offer a 200% faster charging rate than the previous model
The company also enhanced the battery life of these earbuds. Huawei claims you can get 30 hours of use on a full charge. A 5-minute charge can provide up to 2 hours of listening time. The FreeBuds 5 also have a 200% faster charging rate than the FreeBuds 4.
The Huawei FreeBuds 5 come in Ceramic White, Coral Orange, and Silver Frost colors. The case has also been changed, it’s now egg-shaped, it reminds us of the Pixel Buds case.
These earbuds will go on sale on April 17 in Europe. They’ll be priced at €159/£139.99, and available from the Huawei Store and selected retailers.
The FBI warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers to infect devices with malware.
In a recent tweet, the FBI office in Denver warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers with the objective of infecting devices with malware or other software that can give hackers access to your phone, tablet or computer.
“Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead.”
When asked, the FBI’s Denver field office said the message was meant as an advisory, and that there was no specific case that prompted it. The method the FBI is referring to is often referred to as “juice jacking.”
Imagine that the battery of your phone is dying and you’re nowhere near a power outlet, would you connect your phone to any old USB port? A juice jacking attack uses a charging port or infected cable to exfiltrate data from the connected device or upload malware onto it. The term was first used by Brian Krebs in 2011 after a proof of concept was conducted at DEF CON by Wall of Sheep. When users plugged their phones into a free charging station, a message appeared on the kiosk screen saying:
“You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!”
While there are no known, recent cases of juice jacking, it’s best to be aware of potential cyberattacks—you never know what will trigger the transformation of the hypothetical to the real. To avoid inadvertently infecting your mobile device while charging your phone in public, learn more about how these attacks could happen and what you can do to prevent them.
How would juice jacking work?
As you may have noticed, when you charge your phone through the USB port of your computer or laptop, you are also able to move files back and forth between the two systems. That’s because a USB port is not simply a power socket. A regular USB connector has five pins, where only one is needed to charge the receiving end. Two of the others are used by default for data transfers.
USB connection table courtesy of Sunrom
Unless you have made changes in your settings, the data transfer mode is disabled by default, except on devices running older Android versions. The connection is only visible on the end that provides the power, which in the case of juice jacking is typically not the device owner. That means, any time a user connects to a USB port for a charge, they could also be opening up a pathway to move data between devices, with the following consequences:
Data theft: during the charge, data is stolen from the connected device.
Malware installation: as soon as the connection is established, malware is dropped on the connected device. The malware remains on the device until it is detected and removed by the user.
Data theft
In the first type of juice-jacking attack, cybercriminals could steal any and all data from mobile devices connected to charging stations through their USB ports. But there’s no hoodie-wearing hacker sitting behind the controls of the kiosk, so how would they get all your data from your phone to the charging station to their own servers? And if you charge for only a couple minutes, does that save you from losing everything?
Make no mistake, data theft can be fully automated. A cybercriminal could breach an unsecured kiosk using malware, then steal the information from connected devices. There are crawlers that can search your phone for personally identifiable information (PII), account credentials, banking-related or credit card data in seconds. There are also many malicious apps that can clone all of one phone’s data to another phone, using a Windows or Mac computer as a middleman. So, if that’s what hiding on the other end of the USB port, an attacker could get all they need to impersonate you.
Cybercriminals are not necessarily targeting specific, high-profile users for data theft, either—though a threat actor would be extremely happy (and lucky) to fool a potential executive or government target into using a rigged charging station. However, the chances of that happening are rather slim. Instead, hackers know that our mobile devices store a lot of PII, which can be sold on the dark web for profit or re-used in social engineering campaigns.
Malware installation
The second type of juice-jacking attack would involve installing malware onto a user’s device through the same USB connection. This time, data theft isn’t always the end goal, though it often takes place in the service of other criminal activities. If threat actors were to steal data through malware installed on a mobile device, it wouldn’t happen upon USB connection but instead take place over time. This way, hackers could gather more and varied data, such as GPS locations, purchases made, social media interactions, photos, call logs, and other ongoing processes.
There are many categories of malware that cybercriminals could install through juice jacking, including adware, cryptominers, ransomware, spyware, or Trojans. In fact, Android malware nowadays is as versatile as malware aimed at Windows systems. While cryptominers mine a mobile phone’s CPU/GPU for cryptocurrency and drain its battery, ransomware freezes devices or encrypts files for ransom. Spyware allows for long-term monitoring and tracking of a target, and Trojans can hide in the background and serve up any number of other infections at will.
Many of today’s malware families are designed to hide from sight, so it’s possible users could be infected for a long time and not know it. Symptoms of a mobile phone infection include a quickly-draining battery life, random icons appearing on your screen of apps you didn’t download, advertisements popping up in browsers or notification centers, or an unusually large cell phone bill. But sometimes infections leave no trace at all, which means prevention is all the more important.
How to avoid juice jacking
The first and most obvious way to avoid juice jacking is to stay away from public charging stations or portable wall chargers. Don’t let the panic of an almost drained battery get the best of you. I’m probably showing my age here, but I can keep going without my phone for hours. I’d rather not see the latest kitty meme if it means compromising the data on my phone.
If you feel going through a part of your life without a phone is crazy talk and a battery charge is necessary to get you through the next leg of your travels, using a good old-fashioned AC socket (plug and outlet) will do the trick. No data transfer can take place while you charge—though it may be hard to find an empty outlet. While traveling, make sure you have the correct adapter for the various power outlet systems along your route. Note there are 15 major types of electrical outlet plugs in use today around the globe.
Other non-USB options include external batteries, wireless charging stations, and power banks, which are devices that can be charged to hold enough power for several recharges of your phone. Depending on the type and brand of power bank, they can hold between two and eight full charges. Power banks with a high capacity are known to cost more than US$100, but offer the option to charge multiple devices without having to look for a suitable power outlet.
If you still want the option to connect via USB, USB condoms are adaptors that allow the power transfer but don’t connect the data transfer pins. You can attach them to your charging cable as an “always on” protection. Using such a USB data blocker or “juice-jack defender” as they are sometimes called will always prevent accidental data exchange when your device is plugged into another device with a USB cable. This makes it a welcome travel companion, and will only set you back US$10–$20.
Checking your phones’ USB preference settings may help, but it’s not a foolproof solution. There have been cases where data transfers took place despite the “no data transfer” setting.
Finally, avoid using any charging cables and power banks that seem to be left behind. You can compare this trick to the “lost USB stick” in the parking lot. You know you shouldn’t connect those to your computer, right? Consider any random technology left behind as suspect. Your phone will thank you for it.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Now that the PS5 is out, you might be one of the individuals that’s on the hunt for the best headsets to pair with the console. Since the PS5 doesn’t support Bluetooth audio, that limits you a little bit in which headsets you can use, but not to worry because we’ve rounded up some of the best options.
This guide aims to save you time in finding the perfect headset to use for your PS5 gaming sessions. All of these are top-tier headsets for one reason or another, but that doesn’t mean that all of them will be expensive. In fact some of them are really rather affordable.
Not everyone likes using headsets while they’re gaming, which is understandable. But there are plenty of benefits to using one. Especially on the PS5. For example, you can’t take advantage of the 3D audio on the PS5 without using a headset.
It can also be hugely beneficial if you end playing games late at night. As the headset can help things stay quiet without you having to sacrifice hearing the game audio. If you’re searching for headsets for PS5, you can find all of our selections for the best headsets in the table below.
You’ll also find brief descriptions of each headset further down in the guide. And if you’re looking for other PS5 accessories, check out our guide on that for some top suggestions. Also if you’re looking for gaming headsets but not necessarily for the PS5, you can check our guide here.
There are some major benefits to the Pulse 3D Wireless Headset over other options. For one, Sony designed this specifically for use with the PS5.
So you can bet that it was developed to take the utmost advantage of the console’s 3D audio features. Beyond the obvious reasons for considering this headset, the audio, the Pulse 3D Wireless Headset is also stylish and designed to match the aesthetic of the console.
It’s also cheaper than some of the other options on here, and of course it’s a wireless option. Which means you can kick back and play without having something tethered to your DualSense controller.
The only issue with the Pulse 3D Wireless Headset right now is that it’s out of stock many places. So it’ll be a little hard to get probably for the next few weeks or more. That being said, it’s still one of the best PS5 headsets to have, so it’s worth keeping an eye out to ensure you can snag it once it’s available.
Next up is one of the clear contenders for the best overall headset. The SteelSeries Arctis Nova Pro Wireless. As the successor to the Arctis Pro Wireless, the Nova Pro Wireless has a lot to live up to. But it seems that it manages to surpass the older model with some pretty great upgrades.
For starters, it now comes with Active Noise Cancellation and a transparency mode. So you can either choose to block out anything but your game or let a little bit more sound in. The retractable mic also now sits flush with the headset earcup.
SteelSeries also got rid of the ski goggle headband and has made the headset extendable. It even comes with a slightly smaller gaming DAC than the last model. Which still lets you connect to two devices at once. So you can plug it into your PS5 and your PC. Best of all, it comes with two hot-swappable batteries so you can always keep one charged and never have to worry about the headset battery dying on you in the middle of a game.
All that said, the headset is certainly pricey. But you get what you pay for. And you’re paying for quality here. If you want one headset for basically everything, this should do the trick. You can also pick up the wired model for Xbox and save $100. Whether you go with wireless or wired, this is one of the best PS5 gaming headsets out there.
Xbox Series X|S has the Beoplay Portal headset, and now PS5 has its own luxury gaming headset in the Master & Dynamic MG20. While pricey at $449, you’re paying a premium for a super high-quality gaming headset that comes with just the right features. And trust us, you’re getting every single damn thing you pay for here.
For starters, Master & Dynamic is using materials like magnesium earcups, lambskin leather earpads, and an Alcantara and canvas-coated headband. Additionally, it comes with a detachable boom mic which comes with a pop filter, and it has a second built-in mic for voice calls or chat in a more casual setting.
It also comes with a low-latency adaptor, a premium carry pouch, and it uses USB-C for charging. There’s 7.1 surround sound onboard as well, and it comes with up to 22 hours of battery life. I could go on. As there are many more features that make this headset worth it. Sure, it’s $50 less than the Disc Edition of the PS5 console itself. But, you’ll be glad you picked it up if you want a more premium experience in your games.
Razer is a tested name in gaming audio and has been for a long time. Starting with PC gaming, Razer has branched out into console and mobile gaming over the years, and the Nari Ultimate is one of the best PS5 headsets available because it’s one of the best PS4 headsets available. And all PS4 headsets will work with the PS5 wirelessly if they connect through USB dongles. Which the Razer Nari Ultimate does.
At $179.99 (down from $199.99), this headset is a definite bargain because it has loads of features to enhance your PS5 gaming sessions. Like the cooling gel-infused earpads to help keep you comfortable during longer sessions. The cooling gel also keeps your ears from sweating, or at least sweating too much.
It comes with a retractable mic with an easy-access mute button, as well as THX spatial audio for some great immersion in your games. And of course it can also be used with PS4, as well as PC. In addition to all these great features, the mic is noise cancelling so it only picks up your voice, and the headset has a 16-hour battery life on a single charge.
It also comes with Razer HyperSense, an advanced audio haptics feature that Razer announced alongside the Kraken V3 Pro.
As they say, go big or go home. And if you want to go big, go for the EPOS | Sennheiser GSP 670 wireless gaming headset. This is a bit pricey, but it’s the cream of the crop of wireless gaming headsets.
With not only the ease of use of wireless play, but the top-tier quality for audio that Sennheiser provides and is hard to beat.
Some of the key highlights include an adjustable headband to fit just about anyone, and the headband even has tension adjustment up on top for an even better fit. It has a flip up boom mic too that auto mutes when you flip it up, and unmutes when you flip it back down. I can’t stress how awesome and convenient this is.
One of the best features though is the separate dials for game and chat volume that let you independently adjust both of them. So you get the absolute perfect balance of both. This headset works extremely well on PS5. But you can also use it on PC, PS4, and there’s a Bluetooth option for mobile or other devices that support Bluetooth.
If you’re using it on PC, then you can even connect the headset to the companion software to increase the audio features and finely tune your sound to just the way you like it with different game and entertainment profiles.
Razer is back on this list with another awesome headset that works great for PS5, as well as the PS4, PC, Xbox One, and Xbox Series X and Xbox Series S. This is a very versatile headset that you want to heavily consider if you need something that works with multiple platforms.
It also features Razer’s special cooling gel-infused earpads, and THX spatial audio for full gaming immersion. Beyond that, it comes with a detachable boom mic so it’s there when you need it, and it’s not when you don’t.
The Black Shark V2 Pro is also heavily used by Esports pros and competitive streamers. If you fall into that category of gamer, this might be the headset for you. Even if you don’t play at a pro level but you do play competitively, this is a headset to keep an eye on.
These two closed-back headsets from Beyerdynamic are some of the best you can get for around their price point. Which is $150 for the MMX 150 and $99.99 for the MMX 100. Fitting, we know.
Both come with detachable META Voice cardioid condenser microphones for vocal clarity, as well as an impedance of 32 ohms, dedicated volume dials for precise audio adjustment and more. And if you go with the MMX 150 you get the benefit of the augmented mode. Turning this on enables sounds from outside the headset to filter in some. So you can hear both the game audio and what’s around you.
Both headsets are wired so you’ll not have the freedom of a wireless headset here. But the comfort and sound quality are awesome and they’re both relatively affordable.
The Beoplay Portal is another high-priced headset for the PS5, but after spending a couple of weeks with it it definitely feels worthy of a high price. $499 might be a bit much, but that doesn’t take away from how good this headset is. While it was initially designed with Xbox in mind, Bang & Olufsen finally released a PS4/PS5 compatible version earlier this year, and it’s still compatible with PC and mobile too.
The design of its virtual boom mics makes it fairly discrete in terms of a gaming headset. Making it easy to transition from a gaming headset to your everyday driver for audio and media.
If you like having one headset for all things, this is another good option. Provided you’re willing to spend the money. The Beoplay Portal also comes built with premium materials for that ultra-luxury feel. It’s also fairly lightweight, comes with Active Noise Cancellation, and is pretty easy to connect and setup.
This model also comes with improved battery life. Bang & Olufsen rates it at up to 42 hours. The dongle is also now USB-C for a faster connection across devices.
There’s a lot of good things about the Astro A20, but one feature that stands out is the 15-foot wireless range. This is excellent if you need to get up from the couch and run to the fridge for a bottle of water or some snacks. Provided the console isn’t too far from where your you’re trying to get to.
Like the GSP 670 it has the flip up boom mic that mutes automatically when you flip it up. As well as on-ear controls for volume and power. One thing that it offers that some of the others don’t though is the 3 different EQ presets. With these you can tweak the audio to be a better fit for the type of game you’re playing.
It has a 15-hour battery life, which is not bad but not the longest of all the options on here. So if you want something with more longevity, you might consider something like the Black Shark V2 Pro or the Pulse 3D Wireless Headset.
You can also use this headset with PC, and Astro boasts that it stays comfortable even after a long day of gaming.
Rounding out our list is the most affordable option, but also still one of the best PS5 headsets. The Razer Kraken X for console was designed for use on consoles just like the name suggests.
And this one in particular has the black and blue color scheme of the PlayStation 4 as well as the PlayStation branding. This is a wired headset, so that is a big part of why it’s only $50. But if you don’t need anything fancy or you don’t mind plugging the headset into your DualSense controller, you can’t go wrong here.
It comes with 7.1 surround sound for positional audio during games, and a bendable noise cancelling mic for good placement and clear voice for your teammates. Worth noting though is that the 7.1 surround sound positional audio is only available when using this headset with PC because it needs the companion software to enable that. It still does offer great audio with the PS5 though. And did we mention it’s only $50?
Lastly, it comes with on-ear controls for volume and muting the mic.
Spam calls are one of the biggest things plaguing tech owners, and Google is looking to cure it. According to 9To5Google, Jonathan Eccles stated that Google wants to take its AI spam calling even further this year.
In case you don’t know, Google has a podcast called the Made By Google Podcast. It’s a show where Google execs can discuss what the company is planning on doing and its products. It started with the unveiling of the Pixel 7. If you’re interested, you can check it out.
Google will take its AI call blocking to the next level
One of the reasons that people like to use Pixel phones is the call blocking. Pixel phones are great when it comes to filtering spam calls and silencing ones it’s iffy on. Along with that, there’s the call screening feature. This will have the Assistant pick up the phone for you and it will dictate what the caller says in real-time.
For as effective as Google’s efforts are on this front, the company wants to take this even further. During the podcast episode, Eccles talked about what the company wants to do as far as spam calls are concerned. Google wants a “future where you should never ever, ever be annoyed at the thought of your phone ringing.”
It seems that Google might implement Bard or its Large Language Model into its call blocking. During the podcast, Eccles mentioned that “multi-step, multi-turn conversational AI could open a lot of interesting doors in terms of creating this protective and helpful layer at the front of every incoming call.”
At this point, we’re unsure what the company is planning on doing, but anything sort of improvement is welcome. Millions of spam calls are sent out on the daily, and it’s a huge headache. They slow down productivity, offer scams, and generally annoy people. Hopefully, Google will bring some useful changes.
