WhatsApp is a popular messaging app that allows users to communicate with their contacts in a convenient and simple manner. Recently, WhatsApp has been experimenting with new useful features that are appearing first for users on the beta version of the application, one of them being the ability to easily manage and edit contacts directly within the Android app.
This new feature enables users to add or edit contact information directly within the WhatsApp application, without having to navigate to their phone’s contact list. This can be especially useful for users who frequently add new contacts or need to update existing ones. The feature is easy to access and simple to use, making it a valuable addition to the WhatsApp experience.
This feature was first reported on by Wabetainfo after some users reported seeing a new contact UI that allows the same customization options as the system’s default Contacts app. This functionality is now available to a subset of users on versions 2.23.8.2, 2.23.8.4, 2.23.8.5, and 2.23.8.6, but it will be rolled out to a larger audience in the near future.
Wabetainfo
To access the feature, users simply need to open the WhatsApp application and navigate to the chat screen. From there, they can tap on the menu icon located in the top right corner of the screen and select the “New Contact” option. This will bring up a form where users can enter the contact’s name, phone number, and any other relevant information. Once the information has been entered, users can save the contact directly within the app.In addition to adding new contacts, users can also edit existing ones within the app. To do so, they simply need to navigate to the contact they wish to edit within the chat screen and tap on the contact’s name. This will bring up a menu of options, including the ability to edit the contact’s information, such as their name or phone number.
The ability to add and edit contacts directly within the WhatsApp application is a useful feature that simplifies the process of managing contacts for Android users. It eliminates the need to navigate to the phone’s contact list, which can be time-consuming and inconvenient. The feature is easy to access and simple to use, making it a valuable addition to the WhatsApp experience. With this new feature, users can easily add and update their contacts directly within the app, ensuring that their communication stays streamlined and efficient.
With improved protocol support, various bug fixes, and several enhancements, Wireshark has released version 4.0.5. On March 3, 2023, the most recent version of Wireshark 4.0.4 was made available; this is the second upgrade of this year.
The open-source packet analyzer Wireshark is free to use. It is employed in developing software and communications protocols, network troubleshooting, analysis, and education.
Wireshark is one of the most extensively used tools for analyzing network protocols and serves a variety of tasks.
According to the Wireshark team, official 32-bit Windows packages are unavailable for Wireshark 4.0 and later.
“We do not ship official 32-bit Windows packages for Wireshark 4.0 and later. If you need to use Wireshark on that platform, we recommend using the latest 3.6 release”, Wireshark.
“If you’re running Wireshark on macOS and upgraded to macOS 13 from an earlier version, you will likely have to open and run the “Uninstall ChmodBPF” package, then open and run “Install ChmodBPF” to reset the ChmodBPF Launch Daemon.”
There are different operating systems for which the Wireshark packet analyzer is accessible, including Windows, Linux, macOS, and BSD.
DIS dissector shows an incorrect state in the packet list info column. Issue 18967.
RTP analysis shows incorrect timestamp error when timestamp is rolled over. Issue 18973.
Asterisk (*) key crash on Endpoint/Conversation dialog. Issue 18975.
The RTP player waveform now synchronizes better with audio.
Vulnerabilities Fixes:
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform.
A list of third-party packages can be found on the download page on the Wireshark website. Wireshark source code and installation packages are available.
Download:
You can Download the latest version of the application from the link here.
In the last 12 months France was one of the most attacked countries in the world, and a favourite target of LockBit, the world’s most dangerous ransomware.
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, “known attacks” are attacks where the victim opted not to pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.
Between April 2022 and March 2023, France was one of the most attacked countries by ransomware gangs. During that period:
France was the fifth most attacked country in the world.
The government sector was attacked more often than in similar countries.
LockBit dominated the last twelve months, being used in 57% of known attacks.
There were almost twice as many LockBit attacks in France than either the UK or Germany.
In July 2022, La Poste Mobile, a mobile carrier owned by French postal company La Poste, suffered a LockBit ransomware attack, severely impacting its administrative and management services. After successfully reducing the ransom demand from $1.4 million to $300,000 in a five day negotiation, La Poste Mobile’s negotiator announced on July 11, “Management doesn’t want to pay anymore … it has reconsidered its decision.” LockBit published the data it had stolen on its leak site, describing it as “the private information of more than a million and a half people in France.”
The La Poste Mobile page on the LockBit leak site
In August 2022, attackers demanded $10 million after a ruthless assault on the Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital near Paris. The disruption to CHSF’s computer systems resulted in patients having to be sent elsewhere, and surgeries having to be postponed.
A few months later, in mid-November, French defense and technology group Thales confirmed a data breach affecting contracts and partnerships in Malaysia and Italy. As with so many attacks in France in the last twelve months, the perpetrators used LockBit ransomware.
France is a prime target
In the 12 months from April 2022 to March 2023, France was a globally significant target for ransomware, and the fifth most attacked country by known attacks.
Known attacks in the ten most attacked countries, April 2022 – March 2023
Given the disparity between the USA and the rest of the world in terms of number of attacks it would be easy to conclude that ransomware is, first-and-foremost, a USA problem. It is not. The size and nature of the US economy means that it has many more targets for ransomware gangs than the other countries in the top ten.
We can account for the difference in the size of countries’ economies by dividing the number of known ransomware attacks by a country’s nominal GDP, which gives us an approximate rate of attacks per $1T of economic output. On that basis, the difference between France and the USA is far smaller than the total number of known attacks would suggest. And while France and Germany suffered nearly identical numbers of known attacks, France appears to suffer a much higher rate of attacks per unit of economic activity than its neighbour.
The ten most attacked countries between April 2022 – March 2023, ordered by attacks per $1T GDP
The size of the countries in the top ten also vary enormously, and we can try to account for that by dividing known attacks by the size of each country’s population. On that measure, again, the differences between countries are far smaller than a simple count of known attacks suggests.
In all the variations of our top ten, English-speaking countries occupy at least three of the top five positions, which suggests that ransomware gangs have a slightly bias for English-speaking targets. France sits just below the Anglosphere in a cluster of four advanced European economies suffering nearly identical rates of attacks per capita.
The ten most attacked countries between April 2022 – March 2023, ordered by attacks per capita
By any measure, France is one of the most attacked countries in the world, and its organisations are prime targets for ransomware gangs. Unusually, government targets accounted for a significant proportion of those organisations in the last twelve months. It was the country’s third most attacked sector, accounting for 9% of known attacks. By comparison, over the same twelve month period, 4% of known attacks in the USA and 3% of known attacks in Germany affected their government sectors, while just 20 miles across the English channel, the UK experienced none at all.
Known ransomware attacks by industry sector in France, April 2022 – March 2023
As is often the case, the reasons for this are not obvious. It is possible that this simply reflects the larger footprint of government in France—government spending accounts for a larger proportion of the economy in France than in either the UK or Germany. However, the difference is only a few percentage points.
Ransomware gangs often operate from the safe havens of Russia and the Commonwealth of Independent states, which can make it tempting to ascribe nationalistic or geopolitical motivations to their activity. However, the truth is they are businesses that choose targets that are easy to infiltrate and likely to pay substantial ransoms.
Unfortunately, the most likely explanation for the high proportion of government sector targets among the known attacks in France is that government institutions were easier targets in France than elsewhere.
LockBit’s hunting ground
The most dangerous ransomware in the world right now, is LockBit, and LockBit loves France.
In 2022, LockBit was used in 31% of known attacks globally, 3.5 times more than its nearest competitor, ALPHV. (You can read much more about why LockBit is the number one threat to your business in our 2023 State of Malware report.) As you’d expect, given its global preeminence, LockBit was also the most widely used ransomware in France, Germany, and the UK in the last twelve months.
However, LockBit dominates in France in a way that it doesn’t in its European neighbours. Between April 2022 and March 2023, LockBit accounted for an absolutely enormous 57% of known attacks in France. Over the same period, it accounted for 20% of known attacks in the UK and about 30% in Germany.
LockBit recorded 62 known attacks in France in the last twelve months, but no other gang registered more than seven. In the same period LockBIt was responsible for 33 known attacks in the UK while six other gangs also got into double digits.
Ransomware with two or more known attacks in France, April 2022 – March 2023
LockBit’s outsized contribution to France’s misery is most clearly seen by highlighting its contribution on a month-by-month basis. The number of monthly attacks in France has been highly volatile, showing far larger variation than the UK, despite its proximity and the similarity of their economies and populations. That volatility is almost entirely down to how many or how few LockBit attacks occurred each month. In the last twelve months only one other gang has registered three known attacks in a single month (Royal in March 2023), while LockBit has matched or exceeded that figure eight times, and exceeded ten attacks in a month twice.
Monthly ransomware attacks in France with LockBit highlighted, April 2022 – March 2023
The reasons for this aren’t clear, but it may simply be that as the 800lb gorilla in the ransomware ecosystem, LockBit is best placed to exploit opportunities outside of the Anglosphere. Like a lot of ransomware, LockBit is sold as a service and attacks are carried out by independent criminal gangs, referred to as “affiliates”, which pay the LockBit gang 20% of the ransoms they extract. The French economy is large enough to provide a fertile hunting ground for cybercriminals. It is possible that some of LockBit’s 100 or so affiliates have decided to specialise there.
Conclusions
In the last 12 months, France was a globally significant hunting ground for ransomware gangs, and the country with the fifth highest total of known attacks. Within France, the government sector was over represented, suffering a higher proportion of known attacks than the government sector in the USA, Germany, and the UK. Much like the education sector in the UK, the French government sector should be alarmed that with an entire world of targets to choose from, it has attracted a disproportionate amount of attention.
France attracted enormous attention from gangs using LockBit, the most dangerous ransomware in the world. There were almost twice as many known LockBit attacks in France than in either Germany or the UK. In all, LockBit was used in 57% of known attacks in France, while the next most used ransomware, Vice Society, accounted for just 6%.
France does not so much have a ransomware problem as a LockBit problem.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The ASUS ROG Phone 7 and ROG Phone 7 Ultimate are official, with the company having announced the phones on April 13. I’ve spent the last couple of weeks or so using the ROG Phone 7 Ultimate as my daily driver, and if you’d like to see how that panned out you can read about it in my review here.
This is ASUS’s latest and greatest smartphone and it’s an absolutely insane powerhouse of a device. Built around mobile gaming just as all ROG Phones are, complete with the latest specs and features. This post is designed to leave nothing on the table, and tell you all there is to know about the ROG Phone 7 and ROG Phone 7 Ultimate.
Whether you’re considering buying one or not, you’ll know every important detail about this phone. Which might even help you decide if the device is right for you in the first place.
What is the ASUS ROG Phone 7?
It’s ASUS’s latest gaming smartphone. Packed with some of if not the most powerful hardware components of any phone on the market. It’s catered towards gamers, and the features reflect that.
How many models are there?
ASUS has made two models of the device this year. Not too unlike it did with the ROG Phone 6 series. Though it has changed things ever so slightly.
There’s the standard ROG Phone 7 and then the ROG Phone 7 Ultimate which is essentially the Pro model this year. But there’s not really much of a change in terms of specs. The only real difference is the back design. The ROG Phone 7 comes with an RGB ROG Eye logo and the ROG Phone 7 Ultimate replaces that with the ROG Vision display. The Ultimate model also replaces the small light bar that the regular model has with the AeroActive Portal.
There is a chance ASUS will come out with at least one additional model down the line. Officially the company has said it has nothing to share about that at this time. But if it follows last year’s path, we could see something like the ROG Phone 7D.
What are the specs of the ASUS ROG Phone 7?
Usually the specs are different, even if only slightly, on each of the models ASUS ends up launching. But this year, the specs are entirely the same. Right down to storage options. This wasn’t true just a couple generations ago. Where the ROG Phone 5 and ROG Phone 5 Pro had less storage and RAM than the ROG Phone 5 Ultimate.
Here’s what you can look forward to with the ROG Phone 7 and ROG Phone 7 Ultimate:
Platform (Processor): 3.2GHz Qualcomm Snapdragon 8 Gen 2
GPU: Qualcomm Adreno 740
Storage: 512GB of UFS 4.0
RAM: 16GB LPDDR5X
OS & UI: Android 13 with ROG UI and Zen UI
Display: 6.78-inch 1080p (2440 x 1080) 165Hz AMOLED – HDR10+ certified, 720Hz touch sampling rate, 23ms touch latency, peak brightness of 1500 nits, 2.5D Corning Gorilla Glass Victus
IP Rating: IP54
Rear Camera: 50MP Sony IMX766 main sensor, 13MP Ultrawide sensor, 5MP macro sensor
Front Camera: 32MP OV32 Quad Bayer sensor
Back Cover: RGB ROG Eye Logo (ROG Phone 7) / ROG Vision Display (ROG Phone 7 Ultimate)
Speakers: 5-magnet Super Linear front-facing speakers tuned by Dirac
Battery: Dual 3,000mAh batteries for a total capacity of 6,000mAh
Charging: 65W
Colorways: Phantom Black and Storm White (ROG Phone 7) / Storm White (ROG Phone 7 Ultimate)
Dimensions: 173 x 77 x 10.3 mm
Weight: 239g
Does the phone have expandable storage?
The phone does not have expandable storage. And while that might seem like a bad thing to those that are used to having it on phones, it’s not really needed. Both models of the device have 512GB of UFS 4.0 storage. That’s a lot of storage and most people are going to struggle to fill all that. It’s not impossible to use up all that space, but it’s unlikely many users would run out of all that room.
So in the end, expandable storage would just make the phone cost more. And with 512GB at hand, plus all of the other specs that make the phone cost what it will, expandable storage becomes unnecessary.
When does the phone launch?
ASUS hasn’t confirmed a US or North America launch date yet. But it did confirm that it will be sometime in Q2. So you’re probably looking at sometime closer to Summer, perhaps in June or July.
What will the phone cost?
This will obviously depend on which model you go with. The ROG Phone 7 will start at $999. ASUS hasn’t confirmed US or North America pricing on the ROG Phone 7 Ultimate at this time. But with the $999 baseline price for the standard model, the Ultimate is probably going to be somewhere around the realm of $100 to $300 more. This is partially because of the ROG Vision display and the AeroActive Portal, and partially because it comes with the AeroActive Cooler 7 attachment.
This accessory is optional on the ROG Phone 7 and does not come in the box. Everything else about the two phone models is the same. All of that said, the ROG Phone 6 Pro from last year was $1,299. It’s possible ASUS could keep this price point for the ROG Phone 7 Ultimate this year.
Will the ASUS ROG Phone 7 work on all networks?
In the US it will work on AT&T and T-Mobile. This also means it will work with services like Google Fi. It will not work on Verizon. You’ll need to check the networks in your region to see if the phone is compatible. It’s also worth noting that you may need to do some tweaking to get it working on AT&T. This had to be done with the ROG Phone 6 Pro, which initially worked but then stopped working after a few months.
Are there any accessories for the device this year?
There are a few accessories, but there are technically less than what was available for last year’s models and previous years. There’s no new version of the ROG Kunai gamepad this year. At least not right now. You’ll get a slim shell case in the box with both phones.
And then there’s the AeroActive Cooler 7 as an optional accessory if you don’t have the Ultimate model, which it comes in the box with. Other optional accessories include a tempered glass screen protector and drop protection case from DevilCase which will fit both phones.
And that’s basically it. Keep in mind that if you want a controller, the ROG Kunai 3 will work with this new phone and function as it should. However, it does not quite fit properly since it wasn’t designed for this new phone. You could also use something like the Razer Kishi V2 which is our personal favorite mobile controller.
And as for headphones, there’s loads of options both new and old.
Does the ROG Phone 7 have a 3.5mm audio port?
It does have this port and it’s in the same spot as it’s been on every ROG Phone model over the years. The phone also still comes with the bottom and side-facing USB-C ports. And if you’re using the AeroActive Cooler 7, there’s a 3.5mm audio port on the bottom of that so you can plug your wired headphones into it instead of plugging them into the port on the phone itself. This way the cord for your headphones is facing downwards instead of coming out of the side of the phone while you’re holding it in landscape mode playing games.
Are the AirTriggers still present?
The AirTriggers are still there and honestly, these will likely never go anywhere. It’s been a signature feature of the ROG Phone since the beginning and they work so amazingly well now with all of the ways you can interact with them.
Don’t expect ASUS to ever cut these from the device feature list.
Has the camera improved?
Kind of? This is really a yes and no answer. The sensor for the main camera that ASUS is using in the ROG Phone 7 and ROG Phone 7 Ultimate is the same sensor that was used in the ROG Phone 6 series. But it does come with a few new features for pictures and video recording.
So while the hardware isn’t different, the new features can enhance the experience of using the camera, and the software feels like it’s improved. The photos might look better to you. That being said, the camera is still the same camera. So the experience will be pretty similar.
Overall the photos on the ROG Phone 7 series are just fine. The phone takes decent pictures and you aren’t really buying this phone for the camera quality anyway. ASUS knows this and continues to choose to focus on the gaming-centric features. If you end up buying one of these devices, just go into the purchase knowing that the camera won’t be as good as something like the Google Pixel or Samsung Galaxy flagships. And you’ll be a happy camper.
Is the cooling better than last year?
The cooling is definitely better and has noticeably improved. So much so that in my review I mention that I don’t think the AeroActive Cooler 7 is needed. You can comfortably game on the device for a few hours without the phone getting excessively warm. And this is mostly thanks to the improved vapor chamber compared to last year.
This is a big step up for gaming on the go and it means you can easily leave the AeroActive Cooler 7 at home if you just don’t want to pack it or if you don’t have room.
Although, there are still definite benefits to using the cooler attachment. For one, it drops the temps of your device by a significant amount. And that will help with performance by helping to prevent things like frame rate dips. It also has a built-in subwoofer for enhanced audio. While I wouldn’t call this a true subwoofer, it definitely improves the lows in the audio levels and the sound of your games is noticeably improved.
Plus it has a built-in kickstand if you want to play with a Bluetooth controller.
Samsung may be looking to poach another expert from a rival semiconductor firm. The South Korean tech giant is reportedly in talks with Zhao Guo, co-founder of Chinese fabless semiconductor company Biren Technology, to join its GPU team. It recently hired semiconductor experts who have previously worked with two of its biggest rivals in the industry: Qualcomm and TSMC. Guo has previously worked with Qualcomm too.
Zhao Guo is a senior-level semiconductor talent who has been integral to Qualcomm’s Snapdragon team in the past, particularly in the GPU area. He reportedly led the development of the company’s Adreno GPU architecture for five generations.
Most recently, Guo teamed up with a bunch of like-minded people to found Biren Technology. Founded in 2019, the new company expectedly specializes in GPUs.
Like many other Chinese tech companies, including Huawei and ZTE, Biren Technology was also severely affected by the recent US sanctions. It had to modify its products and make them less powerful to ensure continued business with some of its partners, including the manufacturer SMC.
It Looks like some of the co-founders of the company are now considering leaving for other opportunities. And, Zhao Guo may be headed to Samsung.
Samsung may soon add another expert to its semiconductor talent pool
Samsung hasn’t been as successful in the non-memory semiconductor business as in some other areas. Qualcomm’s Snapdragon processors have historically performed better than its Exynos solutions. Its chip fabrication process has also been inferior to TSMC’s.
The company tried developing its own custom Mongoose CPU cores but that didn’t work. It is now using stock ARM CPU cores but has teamed up with AMD to bring Radeon graphics to mobile.
Last year’s Exynos 2200 is the only Samsung processor to feature AMD graphics so far (Xclipse 920 GPU). However, the two companies recently extended their partnership, so they are just getting started. In the meantime, the Korean firm is bolstering its semiconductor talent pool with the strategic hiring of industry experts.
Last month, it roped in a veteran semiconductor engineer who worked for TSMC for almost two decades. It is now looking to hire another semiconductor expert.
All of this is coming at a time when Samsung’s quarterly profits have declined a staggering 96% to hit a 14-year low. The company is on its way to registering its first loss from the semiconductor business since 2008. But, despite these difficulties, it doesn’t plan to scale back investments.
It wants to continue the planned investments in the semiconductor business in the coming years. These hirings are likely part of the plans. Hopefully, Samsung will be able to turn the tide soon.
Google Chrome is one of the most popular web browsers in the world, and the team behind it is committed to continually improving its performance. In a recent blog post, they outlined several ways in which they’re making Chrome faster than ever before.
Google states that the improvements to Chrome’s performance have been achieved through a number of optimizations made to the browser’s underlying code. These optimizations include enhancements to the way Chrome handles JavaScript, which is a programming language commonly used on the web. Google claims that these enhancements have made JavaScript run up to 30% faster on Mac and Android devices.In addition to the JavaScript optimizations, Google has also made changes to how Chrome manages its memory usage. According to the company, these changes have resulted in a substantial reduction in memory usage on Mac and Android platforms. This means that Chrome should now run more smoothly on devices with limited RAM, such as older smartphones or low-end computers. This is evidenced by the results of Apple’s Speedometer 2.1 browser benchmark which saw saw a 10% increase over the course of three months, thanks to improved features and efficient pointer compression.
Google
These performance improvements have been made possible by advancements in hardware and software technology, which have allowed the company to optimize Chrome’s code more effectively. The company also claims that it will continue to work on improving Chrome’s performance in the future, with the goal of providing users with the best possible browsing experience.
The improvements to Chrome’s performance on Mac and Android devices are a significant step forward for the popular web browser. By reducing page load times and memory usage, Google has made Chrome a more efficient and effective tool for users who rely on it for their daily browsing needs. With further improvements planned for the future, it is clear that Google is committed to maintaining Chrome’s position as one of the top web browsers available today.
WhatsApp recently announced a set of new security features that are intended to ensure more robust privacy and safety for its users.
The security policy of WhatsApp is based on the principle that the user’s messages will be protected with default end-to-end encryption, as WhatsApp believes that is the most secure method of protected communications.
However, they do not seem to stop working on adding new features to their product line to give users more control over their messages, as well as additional layers of privacy and security.
New Security Features
Here below, we have mentioned all the new security features that Meta recently introduced for WhatsApp:-
Account Protect
Device Verification
Automatic Security Codes
Registration Check
While before going further, let’s know about these key security features in short:-
Account Protect
To ensure security when switching to a new device on WhatsApp, they may ask you to verify on your old device that it’s you making the switch. Since this will help prevent unauthorized access to your account.
Device Verification
Mobile device malware is a significant security threat as it can exploit your device without your permission or any prompt and send unwanted messages through WhatsApp.
So, to tackle this, WhatsApp has added authentication checks to protect you better if your device is compromised. In short, you can continue using WhatsApp without any interruptions.
Automatic Security Codes
WhatsApp’s security code verification feature has always been available for security-conscious users to ensure they’re chatting with the right person.
While now, they have made it much easier for everyone by introducing a new feature based on “Key Transparency.”
This will automatically verify that you have a secure connection when you check the encryption tab, giving you peace of mind that your conversation is secure.
With the addition of these three new features, WhatsApp has taken a step further to enhance its users’ account security and privacy.
The following security features, on the other hand, can only be activated by users:-
Two-step verification
Use of end-to-end encrypted backups
In addition, end-to-end encryption, which relies on public key cryptography to maintain its encryption strength, is one of the most commonly deployed security mechanisms.
Cl0p was the most used ransomware in March 2023, dethroning the usual frontrunner LockBit, after breaching over 104 organizations with a zero-day vulnerability.
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim didn’t pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.
In a surprising turn of events for the ransomware landscape, Cl0p has emerged as the most used ransomware in March 2023, dethroning the usual frontrunner, LockBit. Indeed, while LockBit was still used in 93 successful attacks last month, it couldn’t quite match the sheer force of Cl0p’s sudden resurgence.
Contributing to Cl0p’s rise to the number one spot was its extensive GoAnywhere campaign. The group successfully breached over 104 organizations by taking advantage of a zero-day vulnerability in the widely-used managed file transfer software, GoAnywhere MFT.
March has also seen some intriguing activity from other ransomware gangs like DarkPower, which appeared to be turning on and off throughout the month, as well as BianLian, which has shifted its focus from encrypting files altogether to pure data-leak extortion.
Known ransomware attacks by gang, March 2023Known ransomware attacks by country, March 2023Known ransomware attacks by industry sector, March 2023
Recent research by Malwarebytes highlighted the bias that ransomware gangs have for attacking English-speaking countries, and the Cl0p campaign follows the same trend. Between them, the Anglosphere countries of the USA, Canada, UK, and Australia accounted for 69% of known Cl0p attacks, with Canada and Australia suffering more attacks than countries with bigger populations and economies, like Germany and France.
Known ransomware attacks by Cl0p, March 2023
Cl0p’s ability to exploit a zero-day to such effect is akin only in recent memory to the Kaseya VSA ransomware incident in July 2022. The Kaseya attack involved a malicious auto-update that pushed the REvil ransomware onto victims’ machines, primarily targeting Managed Service Providers (MSPs), causing widespread downtime for over 1,000 companies.
The successful use of zero-day vulnerabilities by ransomware gangs like Cl0p and REvil is, thankfully, relatively rare. However, when it happens it can be devastating. Ransomware gangs are always looking for new tactics to help them maximize the impact of their attacks and, rare or not, we should all be concerned about the example Cl0p has set for weaponizing a newly discovered vulnerability and exploiting it before a patch is released or applied.
Known Cl0p victims include Rubrik, Hatch Bank and Community Health Systems (CHS).
Cl0p wasn’t the only gang we saw last month experiencing an unexpected surge in activity.
BlackBasta and LockBit
In January 2023, we noted a complete absence of activity from BlackBasta, a group which up to that point had usually ranked highly on our monthly charts. That trend continued into February, but in March it returned with a vengeance with over 40 known victims. It’s hard to tell why BlackBasta went underground for two months only to eventually burst back onto the scene, but it’s possible that the group was working on developing new attack techniques or evading detection. Other possibilities are a sudden change in leadership, that the group wanted to lay low to avoid the attention of law enforcement, or it simply wanted a break. This kind of thing isn’t unusual and the group’s sudden re-emergence highlights the unpredictable nature of ransomware gangs and the need for constantly monitoring the latest threat intelligence. Just because a group is gone today doesn’t mean it won’t be back tomorrow.
Meanwhile, LockBit’s activity in March was headlined by a major ransomware attack on Essendant, a US-based distributor of office products. This attack, which is said to have begun on or around March 6, created severe ramifications for the organization, disrupting freight carrier pickups, online orders, and access to customer support.
In other LockBit news, a CISA advisory on LockBit 3.0 ransomware was released on March 16, 2023. LockBit 3.0, also called LockBit Black, was discovered in June 2022. While many of LockBit 3.0’s TTPs remain consistent with previous versions, the advisory sheds light on the updated and enhanced features in LockBit 3.0. These improvements include more advanced detection evasion methods and customization options that enable affiliates to modify the ransomware’s behavior according to their requirements, making the ransomware harder to detect and counter.
Dark Power
March saw the rise of Dark Power, a new ransomware group that tallied 10 victims. Dark Power’s ransomware is interesting in that it is written in the relatively obscure Nim programming language.
Dark Power’s approach to ransomware, despite being relatively basic, manages to create unique encryption keys for each targeted machine, making it difficult to develop a generic decryption tool. The ransomware effectively stops services and terminates processes, ensuring the encryption process is unhindered. It also clears logs, making it harder for analysts to investigate an attack.
The effectiveness of Dark Power ransomware underlines the fact that attackers do not always need advanced, novel techniques to succeed. A basic approach, executed well and combined with an adaptable programming language, can prove to be just as effective.
BianLian
BianLian, a ransomware gang that first appeared in July 2022 and has consistently hovered near the top of our monthly charts, has shifted its focus from encrypting files to data-leaks. The group’s shift in focus can be attributed to the release of a decryption tool by Avast, which made encrypting files less effective for BianLian. Consequently, the group now focuses on threatening to leak stolen data to extort payments from victims instead.
BianLian’s shift toward data-leak extortion demonstrates that RaaS gangs can be highly adaptable to changing circumstances, such as the emergence of decryption tools that undermine encryption-based ransomware. This strategic shift allows them to maintain a steady income stream, even as traditional methods lose their effectiveness.
As organizations face the daunting prospect of sensitive data leaks or security breach exposure, they are more likely to pay ransoms to avoid legal, financial, and reputational repercussions. Furthermore, the lingering threat of leaked data, even after recovering encrypted files, makes it harder for victims to resist paying ransoms.
Our Ransomware Emergency Kit contains the information you need to defend against ransomware-as-a-service (RaaS) gangs.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The Samsung Galaxy S23+ is one of the company’s flagship smartphones at the moment. It’s the middle-of-the-road model, between the Galaxy S23 and Galaxy S23 Ultra. This handset basically lives in the Galaxy S23 Ultra shadow, even though it’s a great phone, as we were able to find out during our time with the device. That being said, we will compare it to its predecessor here, just to see how they compare, and if it’s worth upgrading. We’ll compare the Samsung Galaxy S23+ vs Samsung Galaxy S22+.
These two phones are very similar, in a lot of ways. There are some differences worth noting, though, and we’ll try to do that here. We’ll first list their specifications, side-by-side, and will then move to compare them across a number of other categories. We’ll talk about their designs, displays, performance, battery life, cameras, and audio performance. So, let’s get started, shall we?
Samsung Galaxy S23+ vs Samsung Galaxy S22+: Design
These two phones are quite similar design-wise. In fact, it would be difficult to set them apart if not for the rear camera differences. They both have three cameras, and they’re placed in the same spot, but the setups look different. The Galaxy S23+ has three cameras that protrude directly from the backplate. The Galaxy S22+, on the other hand, has a dedicated camera island, which connects to the phone’s frame.
From the front, the two phones look very similar. They both have curved corners, and rounded display corners. The bezels are very thin all around, on both phones, while a display camera hole sits up top. Even the buttons are on the same side. Both phones have a frame made out of aluminum, though they do come with different glass on the back. The Galaxy S23+ has Gorilla Glass Victus 2 on the back, while the Galaxy S22+ includes Gorilla Glass Victus+.
The two phones are almost identical in terms of height, and the same goes for width. Well, the Galaxy S23+ is technically a bit taller and wider, but the difference is so small, you won’t even notice it. They’re both 7.6mm thick, and weigh the same. They weigh 196 grams. IP68 certification is also included with both phones, while both devices are quite slippery. Using a case may not be a bad idea, at all. They are definitely premium-feeling phones, that’s for sure.
Samsung Galaxy S23+ vs Samsung Galaxy S22+: Display
The displays on these two phones are basically identical, right down to their peak brightness. They both feature a 6.6-inch fullHD+ (2340 x 1080) Dynamic AMOLED 2X display. That is a 120Hz panel that supports HDR10+ content. It gets up to 1,750 nits of peak brightness, though do note you can reach that only via the automatic brightness setting. The manual slider will get you up to 1,200 nits.
Galaxy S23+
This display has a 19.5:9 aspect ratio, and we’re looking at a 393 ppi, in both cases. The Galaxy S23+ does have better display protection, as it includes Gorilla Glass Victus 2. The Galaxy S22+ features Gorilla Glass Victus+. The difference here is really small. Both devices have flat displays, by the way, unlike their ‘Ultra’ siblings.
That display looks the same on both phones, though that’s not a bad thing, as it looks great. It’s more than bright enough, and the viewing angles are great. It is quite vivid, and more than sharp enough, even though we’re looking at “only” fullHD+ resolution here. The blacks are deep, and the touch response is also great. Scrolling is quite smooth, and we don’t really have any major complaints here. You can even fine-tune both displays via the phone settings.
Samsung Galaxy S23+ vs Samsung Galaxy S22+: Performance
The Galaxy S23+ is fueled by the Snapdragon 8 Gen 2 for Galaxy processor. It includes 8GB of LPDDR5X RAM and utilizes UFS 4.0 flash storage. The Galaxy S22+ comes with the Snapdragon 8 Gen 1 SoC, and includes 8GB of LPDDR5 RAM, along with UFS 3.1 flash storage. The Galaxy S23+ definitely has the advantage in this regard, in every way imaginable. Does that mean it’s utterly superior performance-wise? Well, no, not really.
Both phones perform really well. The Galaxy S22+ is immensely powerful too, and you won’t really see a great difference in day-to-day performance. The processor inside the Galaxy S23 is not only more powerful, but better with power consumption, and it also gets less hot during intense tasks. The Galaxy S23+ also has the advantage in the RAM and storage departments, so it’s more future-proof, in case you’re worried about that sort of thing.
We did notice fewer stutters on the Galaxy S23+ during intense gaming sessions, with graphically-intensive games. It also did get slightly less warm during strained usage, but the difference wasn’t that big, to be quite honest. The Galaxy S23+ will stay fluid for longer, though, of course. It may be worth getting over the Galaxy S22+ just for the sake of its upgraded performance-related components.
Samsung Galaxy S23+ vs Samsung Galaxy S22+: Battery
The Samsung Galaxy S23+ features a 4,700mAh battery on the inside. The Galaxy S22+ has a 4,500mAh battery included. So, the Galaxy S23+ not only has a larger battery, but better power consumption in general. That has to mean it offers better battery life, right? Well, yes, it does. We were able to push the Galaxy S23+ over the 8-hour screen-on-time mark, while the Galaxy S23+ always lingered between 6 and 6.5 hours.
Do note that your mileage may vary, however. Another thing to note is that this does not include gaming, we only played games for testing purposes. The Galaxy S23 Ultra does offer a lot more in the battery life department, even though the Galaxy S23+ should be able to match that, based on specs alone. So, that’s a bit weird. Still, the Galaxy S23+ does offer noticeably better battery life than its predecessor.
When it comes to charging, they’re identical. Both phones support 45W wired, 15W wireless, and 4.5W reverse wireless charging. Do note that you won’t get a charger in the box, though. So, if you’d like to take full advantage of what either phone has to offer, charging-wise, you’ll need to get a proper PD3.0 charging brick separately.
Samsung Galaxy S23+ vs Samsung Galaxy S22+: Cameras
Both of these phones feature a 50-megapixel main camera, a 12-megapixel ultrawide unit (120-degree FoV), and a 10-megapixel telephoto camera (3x optical zoom). Are the sensors here the same? Yes. Is the performance identical? No. The Galaxy S23+ does offer better camera performance in a number of ways. We did notice some improvements in the HDR department, and also in low light.
Galaxy S22+
Low-light images do churn out more details more often than not. They’re also better balanced in general. You’ll hardly be able to see a difference during the day, however, as both phones do a great job. Both devices tend to provide vivid photos, which do look slightly processed, but in a good way. Not many people love bland, close-to-real-life images. So, this is what most users will prefer.
The Galaxy S23+ also offers better selfie camera performance. The video recording didn’t change much, but the footage from the Galaxy S23+ does seem to be slightly more stable during harsher shaking. The difference is so small, though, that it’s not even worth noting. They’re both quite good in that regard, but not to the level of the Galaxy S23 Ultra.
Audio
Both phones feature a set of stereo speakers tuned by AKG. Speakers on both phones are very, very good. They are loud enough, and also detailed enough. There’s even some bass in both cases, and the sound is well-balanced. The difference between them is very small, but the Galaxy S23+ does seem to provide slightly clearer sound with slightly more powerful bass. It could be just a placebo effect, though.
You will not find an audio jack on either phone. There is a Type-C port on each of them, so you can connect your wired headphones that way. If you opt for Bluetooth, however, do note that the Galaxy S23+ supports Bluetooth 5.3, while the Galaxy S22+ has support for Bluetooth 5.2.
The Biden administration is asking people to share their input on regulating AI and holding AI creators accountable. The National Telecommunications and Information Administration (NTIA) has launched a request for comment (RFC) that allows you to share your input with the government.
Artificial intelligence is becoming a source of concern for governments globally. Goldman Sachs has recently reported that AI can endanger 300 million full-time jobs. Likewise, world tech leaders like Elon Musk warned that the AI race has become out of control and that all related experiments should be halted for six months. They also asked for more strict regulations for keeping AI under control.
The Biden administration is now seeking public input to enact a set of rules to mitigate AI risks. According to NTIA, the goal is to ensure that AI systems work as claimed and do not cause any harm. The agency continues that there are a “growing number of incidents” that AI caused harmful outcomes.
“The insights gathered through this RFC will inform the Biden Administration’s ongoing work to ensure a cohesive and comprehensive federal government approach to AI-related risks and opportunities,” NTIA added.
Biden administration wants public input for regulating AI
The NTIA is open to accepting any input from people until June 10th. Of course, the agency has specific topics that people can comment on, including the safety testing procedures that every AI developer should follow, the data access requirements to conduct audits, and the methods for checking the credibility of an AI system. The NTIA also wants to know whether different approaches might be needed for specific industries like healthcare.
Governments around the world are still evaluating AI and how it can affect their society and economy. However, some governments, like Italy, have taken a harsh approach and completely banned ChatGPT, which led to a 400% increase in downing VPNs in the country.
Despite the numerous benefits of generative AI, its risks should be mitigated to reduce the possible harm. AI modes like ChatGPT are also making the headlines for copyright infringement cases and copying artists’ work. Just recently, we reported that Samsung semiconductor secrets are leaking through ChatGPT.
