iPhone 15 Pro leaks – goodbye mute switch, hello mute button

andreasc
-
0
iPhone 15 Pro leaks – goodbye mute switch, hello mute button
[ad_1]

It was reported not long ago that Apple plans to replace its mute switch with a mute button on the iPhone 15 Pro, and a newly-leaked video and images taken from it confirm that fact. The iPhone 15 Pro and iPhone 15 Pro Max will see this change.

The iPhone 15 Pro series will welcome a mute button, instead of a mute switch

This was confirmed via more CAD images that were shared via TikTok (reshared by ShrimpApplePro). These images not only show the mute button, but a switch to solid-state buttons for the ‘Pro’ series of next-gen iPhones. That is also something we expected.

The video shown below also shows that the iPhone 15 vanilla series will keep the physical buttons, and the mute switch. So, the entire button setup is more or less confirmed for the ‘Pro’ series only at this point.

The iPhone 15 Pro and iPhone 15 Pro Max will include their mute button on the left-hand side, in the upper portion of it. In other words, it will sit in the same spot where you’d find the mute switch.

It will be a physical mute button, not a solid-state one

Unlike the solid-state power/lock and volume rocker buttons, this mute button seems to be a physical one. What we’re wondering is if it will be a regular physical button, like the power/lock key on current-gen iPhones, or perhaps a button that will stay pressed when the phone is muted, and be in its default state when not.

We’ll have to wait and see. Who knows, maybe Apple even adds an indicator in form of a different light or something of the sort, but that’s a long shot. This is Apple we’re talking about after all.

It is worth noting that all iPhone 15 models will include a Dynamic Island setup this time around. That goes for both vanilla and Pro models. They’ll all also include a Type-C port at the bottom, as the Lightning port is finally becoming a thing of the past.


[ad_2]
Source link

A look at a Magecart skimmer using the Hunter obfuscator

andreasc
-
0
A look at a Magecart skimmer using the Hunter obfuscator
[ad_1]

The threat actor behind this operation is using an open-source JavaScript obfuscator to hide its code.

Threat actors are notorious for trying to hide their code in various ways, from binary packers to obfuscators. On their own, these tools are not always malicious as they can also be be used by companies or individuals who wish to keep their work safe from piracy, but overall they tend to be largely abused.

In the case of credit card skimmers in client-side attacks, obfuscators are a common occurrence as they can make code identification more difficult. Defenders typically have the choice to either rely on the browser’s debugger and step through the code, or can statically try to reverse it. The latter tends to be quite time consuming, but the former can often problematic if the malware author adds anti-debugging routines.

Today, we look at a Magecart skimmer that uses Hunter, a PHP Javascript obfuscator. During our investigation, we were able to discover a number of domains all part of the same infrastructure with custom skimmers for several Magento stores.

Initial injection on e-commerce sites

The attack relies on 2 steps: the first one is code injected inside the website’s source that calls out a remote URL. That URL in turn, loads the skimmer within the payment checkout process.

We notice a large blurb of code that contains some static elements and others that are uniquely generated. The ‘eval‘ portion of the code is a clear giveaway that the random looking string is being processed dynamically to return some instructions.

The function (h,u,n,t,e,r) helps us to identify that this obfuscator is called Hunter and available on GitHub. To decode the obfuscated string, we can simply write out the content of eval and we obtain a single line of JavaScript pointing to a URL.

This URL contains code that has been obfuscated with Hunter once again. This time, once we deobfuscate it, we see what appears to be HTML code with forms referring to credit card fields. This is the actual skimmer.

Skimmer at checkout page

When a victim who’s shopping at a compromised online store goes to check out, there will be additional fields injected in the contact form that aren’t normally there. Below is the legitimate checkout page of a store without the skimmer being loaded:

We can see that the payment process is on the bottom right hand side. In contrast, this is what the same page looks like when the skimmer is loaded:

Additional fields were inserted between the shopper’s email address and name. In this case, the threat actor didn’t do a very good job because the fields are in English while the rest is in Spanish.

The credit card data to be stolen is encoded, then stored inside a cookie and subsequently exfiltrated via a POST request.

Infrastructure

The skimmer domains registered with Porkbun all appear to be hosted on the same server at 193.201.9.116 (ASN49505):

We can get any of the currently still resolving domains to show their own version of the skimmer code by crafting a GET request with the proper referer:

The Hunter obfuscator is handy but quite easy to reverse and as such provides minimal stealth capabilities. Based on the skimmer code, this is not a very sophisticated attack probably limited to less than a hundred stores. However, this was the first time we encountered a Magecart skimmer using this kind of obfuscation and most endpoint security products are not detecting the client-side JavaScript.

Malwarebytes customers are shielded against this campaign via our web protection in End Protection (EP), Endpoint Detection and Response (EDR) and Malwarebytes Premium.

Indicators of Compromise

Host:

193.201.9.116

Skimmer domains:

1537la[.]buzz 

1537li[.]buzz 

1537lx[.]buzz 

1568la[.]buzz 

1568li[.]buzz 

1568lx[.]buzz 

1599la[.]buzz 

1599li[.]buzz 

1599lx[.]buzz 

1599lz[.]buzz 

appcloud1[.]buzz 

appcloud19[.]buzz 

appcloud2[.]buzz 

appcloud20[.]buzz 

appcloud3[.]buzz 

appcloud5[.]buzz 

araboxtv[.]sbs 

blindsmax[.]sbs 

bubapeq[.]quest 

dev-extension[.]cloud 

dev-extension[.]one 

dev-extension[.]us 

hedeya[.]sbs

hedeya[.]sbs 

inspirefitness[.]sbs 

motherearthlabs[.]sbs 

nasaservers[.]sbs 

newarriwal[.]quest 

paramountchemicals[.]sbs 

peqart[.]sbs 

remediadigital[.]sbs 

roboshop[.]sbs 

schmerzfrei-shop[.]sbs 

swsgswsg[.]sbs 

thecornerstoreau[.]sbs 

ultracoolfl[.]sbs


[ad_2]
Source link

I asked Google’s Bard what Phone I Should Buy, Here’s what happened

andreasc
-
0
I asked Google’s Bard what Phone I Should Buy, Here’s what happened
[ad_1]

Google announced today that it was opening the waitlist for Bard. Which is its competitor to ChatGPT. It was initially announced last month, but it was quickly pulled due to it spitting out inaccurate information. But now, it’s back and it’s actually really impressive.

I’ve been messing with it for a good bit, and it’s pretty incredible. One query I asked was, which phone should I buy? I did not give it any options at all. So the possibilities here were endless. And I was actually quite impressed with what it spit out to me.

Screenshot 2023 03 21 at 1 10 54 PM

As you can see in the screenshot above, it says that the best phones will depend on your individual needs and preferences. Something I always stress in our Best Smartphones guides. And then spits out some of the top phones for 2023. Not only did it give out four great phones – Samsung Galaxy S23 Ultra, iPhone 14 Pro Max, Google Pixel 7 Pro and OnePlus 11 – but it also gives you some pros for these phones. Typically talking about the display, chipset, battery and camera. Arguably the four most important features of any phone. You will notice that there are a few mistakes here. For example, it says that the OnePlus 11 has a Snapdragon 8 Gen 1 chip. It’s actually the Snapdragon 8 Gen 2 chip.

Google does have a disclaimer that Bard might display inaccurate or offensive information. So they did cover their butts here. But this is still really impressive.

Bard can also compare these phones

Still not sure which phone you should buy? Bard can compare them for you, in a side-by-side table. Which is pretty mindblowing.

Screenshot 2023 03 21 at 1 17 03 PM

Like with the best phones, it also has some inaccuracies here in this table. For example, the Galaxy S23 Ultra and OnePlus 11 both run the Snapdragon 8 Gen 2, not Gen 1. The Galaxy S23 Ultra does not come in 128GB storage model. While the Pixel 7 Pro does not come in 1TB. And the OnePlus 11 does not have a 512GB or 1TB model. Finally, the OnePlus 11 and Galaxy S23 Ultra both launched with Android 13.

So it’s not always super accurate, but it does paint a pretty good picture of how these phones stack up. Which is beyond impressive, and it will only get better from here, hopefully.


[ad_2]
Source link

iPhone 14 Plus is seemingly more popular than iPhone 13 Mini

andreasc
-
0
iPhone 14 Plus is seemingly more popular than iPhone 13 Mini
[ad_1]

According to a new report, the iPhone 14 Plus seems to be more popular than the iPhone 13 Mini. The iPhone 13 Mini is kind of its predecessor, as the iPhone 14 Plus directly replaced the ‘Mini’.

The iPhone 14 Plus seems to be more popular than the iPhone 13 Mini

This information comes from Display Supply Chain Consultants (DSCC). The report basically shares info on panel shipments for specific Apple models, which gives us an idea of how popular they are.

The display shipments for the iPhone 14 Plus are up by 59% compared to the iPhone 13 Mini. The iPhone 14 Plus is still the company’s least popular iPhone 14 model, however, so keep that in mind.

In addition to this, the report shared all kinds of other interesting tidbits. The iPhone 14 lineup seems to be more popular than iPhone 13 models, though only slightly. The report claims we’re looking at a 2% improvement. This is based on info for April 2023, compared to the same period last year, of course.

The company’s ‘Pro’ models are still outselling the vanilla models

Now, the iPhone 14 Pro models are more popular than vanilla units. That is not surprising, as the same has been the case in previous years too. The sales of vanilla models are actually down by 36%, while the Pro and Pro Max sales are up by 22% and 23%, respectively.

It will be interesting to see how well will the iPhone 15 series do. All iPhone 15 models will include a Dynamic Island, and also Type-C ports. So the vanilla models will get a visual improvement compared to the iPhone 14 and 14 Plus, which was not really the case last year.

Apple is expected to replace the physical buttons on the iPhone 15 Pro series with solid-state buttons. That won’t be the case with the vanilla models, however, they’ll keep their physical buttons for at least one more year.


[ad_2]
Source link

The NBA tells fans about data breach

andreasc
-
0
The NBA tells fans about data breach
[ad_1]

The NBA is warning fans of a data breach at a third-party newsletter service which could result in targeted phishing attempts

The National Basketball Association (NBA) has notified its fans they may be affected by a data breach in a third-party service the organization uses.

For now, it is safe to assume that the attacker only obtained names and email addresses, but the NBA has hired the services of external cybersecurity experts to analyze the scope of the impact.

The NBA is a global sports and media organization most famous for its annual mens basketball league in the USA. The organization is actually built around five professional sports leagues: the NBA, WNBA, NBA G League, NBA 2K League and Basketball Africa League.

The NBA sent out emails to a number of its followers noting that while names and email addresses have been compromised, no other personally identifiable information was breached.

According to BleepingComputer the email read:

We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA.

The email also warned about possible phishing attempts appearing to come from organizations associated with the NBA or basketball in general. It urges fans to treat any links and attachments, even if they appear to come from a legitimate @nba.com email address, with extra caution.

We know that newsletter services are high on the target list of cybercriminals. In January of 2023, Mailchimp fell victim for the second time in a year to a social engineering attack. Getting your hands on a list of email addresses that share a common interest is a golden opportunity for scammers.

Data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication. Where possible, use a FIDO2 2FA device. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

YouTube Music adds auto-downloading of recently played songs

andreasc
-
0
YouTube Music adds auto-downloading of recently played songs
[ad_1]

YouTube Music is adding the ability to automatically download recently played songs on Android. It is an optional feature available for Premium subscribers. An official support page says the feature was released in January but it recently started showing up for more people. The latest update for the YouTube Music app should bring it to you. The feature doesn’t seem to be unavailable on the iOS app.

YouTube Music can now automatically download your recently played songs

Automatic downloading is available as an optional toggle in the Downloads & storage settings. “We’ll download up to 200 of your recently played songs,” the description reads. There’s no dedicated playlist for these songs in the Library tab. You will only find them in the Downloads section of the app, which you can access by long-pressing the homescreen icon.

According to 9to5Google, which first reported this rollout, this toggle seemingly comes enabled by default. The publication checked several devices and found it turned on. It seemingly works independently of the existing Smart downloads feature. The latter downloads up to 500 songs that YouTube Music deems to be your “favorites”. Songs are downloaded when you’re connected to Wi-Fi and have sufficient battery.

As said earlier, automatic downloading of recently played songs isn’t available on YouTube Music for iOS. However, the aforementioned official document confirms that Smart downloads are rolling out to the iPhone and iPad. It notes that “if you explicitly delete a Smart Downloads recommended playlist, our systems should make note of this feedback so that we do not recommend the same music to you in future playlists.”

YouTube Music has also recently added Live, Cover, and Remix labels “under Other Performances in the Related tab of Now Playing”. These labels appear in search results as well, the publication confirms. All of these changes should be available to everyone in the coming days.

YouTube Music recently played songs auto download

Update the YouTube Music app now

As said earlier, YouTube Music added this feature in January. But the initial rollout doesn’t seem to have been widespread. Automatic downloading of recently played songs is finally reaching users around the world.

If you’re a Premium subscriber and haven’t received this feature yet, you might want to check for an update for the app on your Android smartphone. You can click the button below to download the latest version of the YouTube Music app from the Google Play Store.

DOWNLOAD YOUTUBE MUSIC


[ad_2]
Source link

Text-to-video just took a leap forward

andreasc
-
0
Text-to-video just took a leap forward
[ad_1]

Text-to-image AI has been a pain in artists’ necks, now it’s time for filmmakers to feel the sting. A company called Runway Research introduced us to Gen-2 (via Tom’s Guide). This is an AI-powered text-to-video bot that looks pretty good… scary good.

OpenAI is a rockstar in the AI industry, churning out hits like DALL-E and ChatGPT. However, the company hasn’t given us a taste of text-to-video capabilities. With GPT-4, we thought we’d see something like that; however, it’s proven to be ChatGPT-3 on steroids.

Runway Research pushes Gen-2 down the “runway”

So, text-to-image technology is already labor-intensive. Generating that picture of a warrior princess with messed up hands takes a metric ton of information and processing power. So, bringing that over to full-motion video seemed like something out of a Sci-fi film. However, it’s happening.

Named Gen-2, this is the second generation of Runway Research’s brainchild, and the company showcased how it improved over Gen-1. You can view some examples of what Gen-2 can do here.

Now, there are a few things to know before you get excited. For starters, this tool is not available just yet. We don’t know when it will hit the public, but the company says “Soon”.

Also, don’t start planning your next short film. So far, Gen-2 can only produce 3-second video loops. So, it will basically make GIFs for the time being. In any case, it’s still impressive.

You’ll be able to generate short video clips from text prompts, but you’ll also be able to use video input as well. There’s one clip with a man turning his head toward the camera. That’s the input video. The output shows a creature (based on source images) turning its head. There’s another example where Gen-2 took a source video of a golden retriever and added dalmatian spots.

This is something that’s going to bring Runway further into the spotlight. Right now, OpenAI is leading the AI race, as far as the public is concerned, with Google trailing behind. Another company further adding fuel to the fire will make things interesting in the AI race.


[ad_2]
Source link

Malware creator who compromised 10,000 computers arrested

andreasc
-
0
Malware creator who compromised 10,000 computers arrested
[ad_1]

We take a look at news of an arrest in Ukraine regarding the creator of a remote access trojan.

The creator of a Remote Access Trojan (RAT), responsible for compromising more than 10,000 computers, has been arrested by law enforcement in Ukraine.

At the time of the arrest, the developer still had real-time access to 600 PCs. According to the announcement, the RAT could tell infected devices to:

  • Download and upload files
  • Install and uninstall programs
  • Take screenshots
  • Capture sound from microphones
  • Capture video from cameras

Once data was harvested by the RAT, some of it was put to further use: Account theft and withdrawal of electronic funds contained in compromised balances are both mentioned in the police release.

Unfortunately, the release makes no mention as to how the file was distributed other than as “applications for computer games”. Bleeping Computer suggests that the campaign resembles malware distribution involving bogus YouTube videos promoting game cheats and modifications.

With this in mind, what can you do to try and avoid rogue files such as these?

Steering clear of bogus applications

Be careful of YouTube promotions. Avoid downloading newly advertised apps via sites such as YouTube. Genuine files are distributed in one of a handful of generally trusted locations, and not a video clip sharing platform. Anyone can upload a YouTube video and claim that it links to a genuine file. If the download is located on free file hosting services, that’s a good sign to steer clear too.

Be wary of sponsored search engine results. Anything at all can be lurking in paid-for links sitting at the top of your search results. Imitation sites are a huge problem, not just for fake gaming mods and applications but all manner of other software too. Those sites may direct you to fake adverts, survey scams, or even rogue installers filled with malware. Games and other popular forms of software are prime targets for these kinds of attacks.

Stick to trusted sources. If it’s a PC gaming mod you’re after, you’ll likely obtain it from the Steam Workshop page associated with the game’s Steam page. Otherwise, it’ll be located on Nexus Mods which performs some degree of virus checking and has a large community which quickly flags rogue files.

Scan your files. It’s always worth taking a few moments to see if anything bad is lurking in a download with the assistance of your trusted security tools. Many game related infections often make use of older, identifiable components so the odds are in your favour.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Leak reveals what could be the Garmin Instinct 2 Solar successor

andreasc
-
0
Leak reveals what could be the Garmin Instinct 2 Solar successor
[ad_1]

If you are a fan of big smartwatches, then this Garmin Instinct 2 Solar successor might catch your fancy. A recent leak shows that the smartwatch brand Garmin is planning on launching a new product. The exact product to be launched is not yet known, but sources say that it will succeed the Instinct 2 Solar.

This is a result of the leak that reveals the size of this coming smartwatch. Although the Instinct 2 Solar smartwatch isn’t the largest from the company, sources claim that it’d receive a large successor. The largest options from Garmin are both in the Fenix series, so it might make sense that this coming entry should fit in there.

But that might not be the case because the Instinct 2 Solar is due for an upgrade. This smartwatch launched about a year ago and is more than ready to receive an upgrade. Well, the Fenix 7x also launched last year and the details of its successor are also creeping around the internet.

Some details on the possible Garmin Instinct 2 Solar successor

According to the FCC filing, this coming Garmin smartwatch (A04600) is the biggest ever made. It is said to come with a 57mm case, which is a size that not many people are used to. The Samsung Galaxy Watch 5 Pro, for instance, comes with a 45mm case, which is a bit smaller than the 49mm case Apple Watch Ultra.

At 57mm many might wonder which smartwatches this coming Garmin product will compete with. Garmin builds most of its smartwatches with durability in mind, and this coming option won’t be left out. Its sheer size will also enable it to pack a ton of outdoor features that most other smartwatches lack.

Take into consideration the 51mm case option for the Garmin Fenix 7X solar smartwatches. Unlike the 42mm and 47mm options, this entry comes with a built-in flashlight and other outdoor features useful to hikers and explorers. This joins the regular smart features that the smaller options come with, making it the best pick for certain people.

The coming smartwatch which sources believe to be the Garmin Instinct 2 Solar successor (A04600) will also pack similar features. It might even improve on certain other things available on the 51mm case Fenix 7X option. Having a large protective case might also protect it from damage if it falls to the ground.

Details about this rugged smartwatch are still meagre at this point. Having passed the FCC filing, this smartwatch will be making a global debut anytime soon. Before its launch, more information about its design, specification, and actual series will become available.


[ad_2]
Source link

As possible ban looms, TikTok CEO addresses the platform’s users

andreasc
-
0
As possible ban looms, TikTok CEO addresses the platform’s users
[ad_1]

Ahead of the congress hearing, TikTok CEO Shou Zi Chew has taken to the platform to share updates on the issues his company faces. This is in light of the US’s threats to ban the video-sharing platform in its region. These are really hard times for TikTok as they fight to clear their name of the mud and save their business in the US.

Recently, the video-sharing platform has come under various accusations from members of the US parliament. They accuse the platform of having ties with the Chinese government, labelling them a security threat. Already, the app has been banned on government-issued devices in various states around the country.

The US government is now moving to ban the video-sharing platform in the country. TikTok’s parent company ByteDance is under pressure to sell the company and evade the US ban. A court hearing on this case will take place on the 23rd of March and the TikTok CEO Shou Zi Chew seems to be ready.

TikTok CEO Shou Zi Chew beckons on US citizens using the video-sharing platform ahead of the hearing

As the hearing date draws closer, TikTok CEO Shou Zi Chew has proceeded to appeal to users in the US. To do this, TikTok posted a video on its official channel that highlights certain facts. This video aims to gather support from US citizens in the fight against the ban.

In the one-minute-long video, Shou highlights how TikTok is put to use by millions of US citizens. He also points out that he is in Washington, D.C. ahead of the hearing, where he will defend his company. Prepping up for the hearing, he now beckons to US citizens using TikTok, highlighting how this platform helps them.

In the video, Shou points out that over 150 million people use TikTok monthly. Making up this huge number are over 5 million businesses that use the platform to promote their products and services. Shou goes on to point out that “the majority of these are small and medium businesses.”

Additionally, TikTok CEO Shou Zi Chew points out that his company has over 7000 employees in the US alone. By highlighting these facts, Shou aims to bring to mind all that is at stake to not only his business but also millions of users around the country. If the usage of this video-sharing platform gets forbidden by law in the US, lots of businesses will fall apart.

Over 5 million small and medium businesses will lose a core publicity tool for their products and services. Additionally, over 7000 people will also lose their jobs in an uncertain economy. Lastly, a whopping 150 million US citizens will also lose a platform that brings smiles to their faces.

These might be points that TikTok CEO Shou Zi Chew will highlight during the hearing. This will bring to light what millions of US citizens will lose if the platform is banned. More details on the hearing will roll out in the coming days.


[ad_2]
Source link
1...1,3701,3711,372...1,474Page 1,371 of 1,474