Sony is in the headlines now because of a pretty significant leak that just happened. The design for the Sony Xperia 1 V was revealed, but the leaks don’t stop there. Thanks to Kuba Wojciechowski on Twitter, we have a leak of some upcoming Sony headphones and speakers that the company is launching.
This leak looks pretty solid, but as with any leak, you’ll want to take it with a grain of salt. We’ll want to wait on official word from the company to tell for sure. We’re not sure when Sony plans on announcing these products. However, MWC is coming up, so it’s possible that we’ll see these devices there.
New leak shows Sony headphones and speakers
This leak shows us four different products, and some of them come in different colors. Starting off with the Sony headphones, the leak shows us an affordable pair that comes in two colors. They’re called the Sony WH-CH520, and it looks like they’ll be the successor to the Sony WH-CH510 from last year. Those headphones were an affordable pair of headphones that offered some serious bang for your buck.
Looking at the pictures, they seem to be a bit rounder than last year’s iteration, and they lack the distinct texture that they had. We don’t have any specs on these headphones, but we expect similar (and, hopefully, improved) performance.
Next up, we have a some speakers coming from the company. The first is the MagicBucket Bluetooth speaker (HT-AX7). This device has an odd shape, but it seems to work. The MagicBucket has an ovular body that we expect to house some drivers. On top of the device, we see what looks like two more speakers. If anything, this speaker will deliver a big sound.
The Sony SRS-XV500 looks like it will be a relatively large speaker to take to parties or large gatherings. Looking at the model number, it looks like it will be a less-premium version of the SRS-XV900. That speaker is a large and pricey party speaker. So, we expect to see a more affordable price with the SRS-XV500.
Rounding out the list, we have the SRS-XB100 speakers. These are the smallest of the bunch, and the most affordable. These look like they’re meant to be used for personal use. These speakers look like they’ll come in four different colors: White, Black, Orange, and Teal.
As the company notes, “Since the early days of Search, AI has helped us with language understanding, making results more helpful. Over the years, we’ve deepened our investment in AI and can now understand information in its many forms — from language understanding to image understanding, video understanding and even understanding the real world. Today, we’re sharing a few new ways we’re applying our advancements in AI to make exploring information even more natural and intuitive.”
Google Lens will now “search your screen”
So the first Google feature that we will talk about is Google Lens, which is an AI-powered search engine that uses your photos or live camera previews instead of words. Want to be surprised? Lens is used over 10 billion times each month. An update to Lens will be disseminated over the upcoming months that will allow Android users to “search your screen.” After the update, you’ll be able to use Lens to search photos and videos from websites and messaging and video apps without having to leave the app. Cool.
Google Lens will allow Android users to search photos and videos from websites and apps
Google gives an example. “Say your friend sends you a message with a video of them exploring Paris. If you want to learn more about the landmark you spot in the background, you can simply long-press the power or home button on your Android phone (which invokes your Google Assistant) and then tap “search screen. Lens identifies it as Luxembourg Palace and you can click to learn more.”
Google’s multisearch allows users to search with Google Lens using text and pictures at the same time. Say you want to search for a particular item. In the Google app you tap the Lens icon on the right of the search bar located at the top of the display. Let’s say you want to find out where you can buy Lindy’s Homemade Italian Ice. So you take a photo of a container. But suppose you’re looking for a particular flavor. Here’s how you can add this information.
Multisearch will soon be available for local searches “near you”
After you snap the image the results partially appear on the bottom of the screen. Drag the tab holder up and you’ll see the results of your Lens Search with a button on top that says “+Add to your search.” Tap on that button and a field will appear where you can add text. In this case, we want to find Lindy’s watermelon ice, so we type “watermelon” and tap the magnifying glass icon at the bottom right of the QWERTY (where “Enter” would normally be) and you’ll have a more targeted result page.
Multisearch on Google Lens allows you to search images and texts together
Multisearch is available globally on mobile and in all languages and countries where you can use the Google Lens feature. But you can now search locally by adding the words “near me” to a Lens search to find what you want closer to you. This feature is available right now in English for U.S. users and is being added globally in the coming months. And even more exciting, in the coming months you’ll be able to use multisearch on any image found on the mobile Google search results page.
Google once again gives an example. “For example, you might be searching for “modern living room ideas” and see a coffee table that you love, but you’d prefer it in another shape — say, a rectangle instead of a circle. You’ll be able to use multisearch to add the text “rectangle” to find the style you’re looking for. We’re creating search experiences that are more natural and visual — but we’ve only scratched the surface. In the future, with the help of AI, the possibilities will be endless.”
In this article, Cyber Security Hub explores the best ways to educate employees on email-based cyber attacks and how to ensure they follow cyber security safety practices.
When surveyed by Cyber Security Hub for its Mid-Year Market report 2022, three in four cyber security experts said email-based threat vectors social engineering and phishing attacks were ‘the most dangerous threat’ to cyber security.
One of the reasons why these threats are so dangerous is because of how widespread these attacks are. International consortium and fraud prevention group the Anti-Phishing Working Group (APWG) recording a total of 3,394,662 phishing attacks in the first three quarters of 2022. The APWG noted that each quarter broke the record as the worst quarter the organization had ever observed, with 1,025,968 attacks in Q1, 1,097,811 attacks in Q2 and 1,270,883 attacks in Q3.
As these attacks specifically target employees, it places the responsibility for ensuring the attack does not progress in the employee’s hands. If employees are unsure of what to do in the event of a cyber attack, which a reported 56 percent of Americans are, then this can have devastating consequences.
Ensuring good cyber security within businesses requires employees to be engaged with their training so they are better able to retain the information and use it at a later date when they do come across cyber security threats.
If employees are not engaged, they may miss information that may be vital in the case of an actual cyber attack. With the World Economic Forum finding that 95 percent of cyber security issues can be linked to human error, businesses cannot afford this risk.
Below, Cyber Security Hub explores the tactics companies can use to better engage their employees during cyber security training.
Link bonuses to performance in security training exercises
In a discussion between Cyber Security Hub’s Advisory Board, one member suggested linking cyber security to a company’s universal goals. This helps employees understand that they are all responsible for cyber security.
The board member explained that to do this, their company will conduct multiple phishing tests throughout the year, with the score of said tests affecting employee’s bonuses. This is because phishing attacks have an indirect influence on a company’s bottom line. Cyber attacks cost a lot of money, meaning if a cyber attack occurs, companies will lose money in operations costs. Additionally, cyber attacks may lead customers to lose trust in a company and take their business elsewhere, leading to an overall drop in profits.
With bonuses directly linked to profit, financially motivated employees will be encouraged to be more diligent in not clicking on potentially dangerous links, as their good behavior is reinforced and rewarded.
Simulated phishing attacks can also be used to ensure employees are engaged with the subject matter, both as it requires hands-on learning and can demonstrate to employees the risks of not properly evaluating emails in real time. They can also be gamified to avoid employees ‘turning off’ during training as one in three employees report increased learning engagement when using gamified learning techniques.
Use video content to share case studies
Companies can also better engage their employees through the use of short-form video content. Studies have shown that the use of eLearning techniques like video content can increase information retention rates by up to 60 percent. With employees on the front line of defense against social engineering attacks, this retention increase can really make a difference.
Video-based training content can include a number of different things, including real-life case studies performed by actors as video testimonials. An example of this is a video shared to multiple social media sites entitled ‘My LinkedIn post cost my company a fortune’.
In the testimonial, an actor shares the story of an employee who was directly involved in a cyber attack. He explains that someone posing as a recruiter enticed him into communicating with them first through comments on his LinkedIn posts, then via messages with a lucrative job offer.
He shares that the faux recruiter built a relationship with him and finally sent him a PDF which, supposedly, contained the job offer. Instead, upon downloading and opening it, the victim found that it contained only a cover letter and two blank pages. When they reached out to the supposed recruiter, the recruiter explained that it was a secure file, and prompted him to download and install a secure PDF reader to view it properly. When this still did not work, the victim contacted the recruiter again, but the recruiter did not respond to any of his messages. He dismissed this, but weeks later there was a data breach at his company that cost the company millions of dollars. The breach was traced back to him, as the PDF reader had actually contained malware that was used to level an attack against the company.
In a final statement, the actor warns watchers that job scam attacks are becoming more prevalent as people are frequently expected to communicate with strangers and download the attachments sent to them.
By using these eLearning techniques, companies can reaffirm the position of employees in protecting the business from cyber attacks, as well as offering them a framework of what to do during a cyber security incident. It can also provide them with tips of what to look for in potentially malicious communications.
Good cyber security relies on employee knowledge
Companies can ensure that their employees are more engaged with cyber security training by showing them that cyber security is inherently tied into their role, even if they do not have a security-based role.
By using training techniques that are designed to boost employee concentration, information retention and understanding, businesses can help strengthen themselves against future cyber attacks by best equipping their employees with key knowledge.
The XGIMI Aura is billed as one of the best ultra-short throw projectors on the market. With pretty good specs, and a pretty low price (in the world of UST projectors). The Aura is priced at $2,499, which is pretty affordable, and it’s also fairly bright at 2,400 ANSI Lumens. So the real question here is, is it worth the money? Let’s find out in our full review.
XGIMI Aura Review: Setup
Setting up the XGIMI Aura is pretty simple actually. Just take it out of the box, and set it where you want to place your projector. Plug it into the wall, and turn it on. During initial setup, you’ll be asked to sign into your Google account and adding the apps you use on Android TV.
XGIMI will also have you adjust the picture size during setup. This is so that it is not warped, and is straight on all of the sides. Now, you can of course do that, though I prefer to adjust the feet on the bottom of the Aura. All four feet are adjustable. So if your floors or the surface it is sitting on is not flat, you can still get a flat picture.
And that’s really all there is to setting up the XGIMI Aura, it’s pretty easy to do.
XGIMI Aura Review: Hardware
The Aura is probably the best built UST projector I’ve ever reviewed. While most of the competitors use plastic, XGIMI went for metal here, with some plastic too. Now, I definitely would have rather XGIMI go with an all black look here, so it doesn’t stand out as much, the look is rather unique though. Since the top is not flat, and kind of curves like a crescent.
It’s mostly the top that made of metal, while the rest of it is plastic. There’s also a nice speaker cover over the front that is for, well the speakers. I do wish it had an exposed speaker grille, as I think that looks better. But this is likely better for catching dust and such. Which, if you keep the Aura in your home for many months or even years, it’s going to get dusty. Speaking of which, it’s a good idea to dust the top of the Aura from time to time, so that the picture quality doesn’t suffer.
On the back of the Aura, you’ll find the ports. Which, I kind of like the layout of these ports. They are lined up across the entire back of the projector, instead of all in one corner. Making cable management a bit easier to handle.
As far as ports go, XGIMI was quite generous here. Providing 3 HDMI ports (with one being ARC), though none of them are HDMI 2.1. There’s also two USB-A ports here, an audio port, optical, Ethernet and a service port available. The port selection isn’t perfect, but having three HDMI ports is really nice to have. During my time with it, I had a Sonos Beam Gen 2 connected to the first HDMI port, and a Fire TV Cube connected to the second one.
XGIMI Aura Review: Sound quality
XGIMI has four 15W speakers inside, that are tuned by Harman Kardon. And they sound good. But I still prefer to use my Sonos Beam Gen 2 and Sub Mini setup with this projector. And luckily, you can do that, or stick with the built-in speakers. The built-in speakers are big enough to fill and entire room with sound, with ease.
You can also adjust the audio in the settings, if you want more bass, or less. Also depending on what you’re playing on the projector at the time.
XGIMI Aura Review: Picture quality
What really matters here is the picture quality. It’s the only thing you can’t fix, with products you might already have. You can fix the software by plugging in a streaming device. You can fix the audio by using a soundbar. But the picture quality, can’t be fixed that way. The good news is, it’s pretty darn good.
On the spec sheet, the Aura is rated at 2400 ANSI Lumens. Which, I’m not all that sure how accurate that rating is, as the last projector I reviewed was a bit dimmer at 2200ANSI Lumens, but it seemed brighter and clearer. However, if you are using an ALR screen for your projector, then you’ll be just fine here. It’ll be plenty bright in bright rooms.
This is a 4K projector, with support for HDR10 and HLG. It does not have Dolby Vision support here, which is a bit of a bummer, but likely another way that Aura was able to sell this projector for under $2500.
The colors are pretty accurate here. Fortunately, they are not super washed out, even at the brightest settings. It’s not as sharp as I would have expected from a 4K laser projector. But to be honest, if I had not used other projectors recently, I likely wouldn’t notice the difference.
All in all, the picture quality is quite good. Not perfect, but given the price here, it’s good.
XGIMI Aura Review: Software
There’s not a lot to say about the software here. It’s Android TV. If you’ve used Android TV, then you know what to expect from this. That means that there’s a ton of great apps available – YouTube, Hulu, Disney+ and much more. As well as Google Assistant and Cast available.
The biggest caveat here is that, Netflix is not available. This is something we’ve run into virtually every projector that we’ve reviewed over the last few years. And it’s not the manufacturer’s fault, it’s Netflix’s. To go a bit behind-the-scenes with how these things work, Netflix needs to certify devices for its app to work. Even though Netflix is on Android TV and this runs on Android TV, Netflix still needs to certify it. But here’s where things get tricky, Netflix won’t certify it until it has sold a million units. And most projectors aren’t going to sell that many units. So there’s workarounds for it.
XGIMI doesn’t actually provide a workaround here, while others will. Instead, XGIMI recommends using a streaming device to connect to Netflix. Which is why I have a Fire TV Cube connected here. It’s rather unfortunate, but on the flip side, it’s good that XGIMI did provide three HDMI ports here. So you can plug in a streaming device, a soundbar and a gaming system.
Should I buy the XGIMI Aura?
The XGIMI Aura is one of my favorite UST projectors I’ve used this year. The only real downside here is the size and the lack of HDMI 2.1. But of course, adding in HDMI 2.1 would definitely raise the price here. So I think XGIMI found the right balance for the Aura.
Google’s upcoming Android 14 will include enhanced security features to block Android malware. As reported, Android 14 will block malicious apps from accessing and exploiting sensitive permissions.
Android 14 To Block Malware From Accessing Sensitive Permissions
According to the details shared on the official Android 14 Developer version release page, the OS will prevent malware from abusing permissions access on the device, alleviating infection risks.
Google has mentioned this change in the “Behavior changes” section. Specifically, Android 14 will block malicious apps from exploiting permissions by deploying restrictions to implicit and pending intents. As stated,
For apps targeting Android 14, Android restricts apps from sending implicit intents to internal app components.
The release page also explains the changes that the OS will apply to stop malicious apps from abusing permissions on Android 14 and higher versions.
Other Android 14 Security Changes
Alongside this change, the new Android 14 also includes other behavior changes that Dave Burke, VP of Engineering, has explained simply in a post.
Some noteworthy changes regarding malware protection include,
Runtime receivers – apps must declare if they need to use “dynamic Context.registerReceiver() as exported or unexported” – that is, if they need to access information from other apps or should remain confined to broadcasts only.
Safer dynamic code loading (DCL) – since dynamically loaded executables may result in code injections, apps must mark dynamically loaded files as “read-only.”
Blocking app installations – apps must have a targetSdkVersion 23 or higher since most malicious apps use targetSdkVersion 22 to evade the runtime permissions model.
For now, the first developer preview of Android 14 is available for the users’ testing and feedback. Google is working to improve the new OS to ensure better support, compatibility, and security across the different devices it will support.
According to Google’s timeline, the tech giant will roll out bet releases over the next few months, whereas the stable release will appear around July 2023.
The malware features also include file transfer, keylogging, stealing passwords stored in the browser, clipboard data stealing, cookies exfiltration and more.
Threat analysis firm Securonix’s cybersecurity researchers have discovered a new malware dubbed PY#RATION allowing attackers to steal sensitive files and log keystrokes from impacted devices.
Malware Distribution Technique
The malware is distributed through a conventional phishing mechanism in which the email contains a password-protected ZIP archive. When it is unpacked, two shortcut image files appear, titled front.jpg.lkn and back.jpg.lnk. When launched, these files display the front and back of a driver’s license that doesn’t exist.
Images used in the scam (Credit: Securonix)
With this, the malicious code is also executed, leading to two new files being downloaded from the internet. These files are titled front.txt and back.txt, later renamed to .bat docs and executed. The malware disguises itself as Cortana virtual assistant to ensure persistence on the system.
What is PY#RATION
PY#RATION is a Python-based malware that displays a RAT (remote access trojan) like behaviour to sustain control over the affected host. The malware has various capabilities and functionalities, such as keylogging and data exfiltration.
However, the unique aspect is that it uses WebSocket for exfiltration and C2 communication, and evades detection from network security solutions and antivirus programs. Leveraging Python’s built-in Socket.IO framework that facilitates client and server WebSocket communications, the malware pulls data and gets commands over a single TCP connection through open ports simultaneously.
Moreover, according to a blog post published by Securonix, the attackers use the same C2 address, which the IPVoid checking system is yet to block. Researchers believe this malware is still under active development as they have detected multiple versions since August 2022. The malware receives instructions from the operations through WebSocket and obtains sensitive data.
Potential Dangers
This Python RAT is packed into an executable that uses automated packers such as ‘pyinstaller’ and ‘py2exe’ to convert Python code into Windows executables. This helps inflate payload size (The first detected version 1.0 being 14MB and the last detected version 1.6.0 being 32 MB containing 1000+ lines and additional code).
Infection chain of the PY#RATION python malware (Credit: Securonix)
Researchers claim that the latest version of the payload remains undetected by all except for one antivirus engine listed on VirusTotal.
The malware features include file transfer to and from the C2 server, network enumeration, shell command execution, keylogging, stealing passwords stored in the browser, host enumeration, clipboard data stealing, and cookies exfiltration. Who’s behind this campaign, the distribution volume, and campaign objectives are still unclear.
The OnePlus 11 just went official this week, and Amazon is already discounting it. You can currently pre-order it from Amazon for $799 (this is the 16GB/256GB model). But, Amazon is tossing in a $100 gift card with your pre-order. So this is technically the regular price, but you do get $100 from Amazon for it. This is a pre-order, so it will still ship on February 16.
OnePlus 11 is a pretty impressive phone, with a starting price of $699 for the 8GB/128GB model and $799 for the 16GB/256GB model. It comes with a 6.7-inch QHD+ 120Hz Adaptive AMOLED display, powered by the Qualcomm Snapdragon 8 Gen 2 processor, with a 5,000mAh capacity battery. That’s quite impressive for the price, and the battery is pretty powerful too.
In our review, we were able to get about 10 hours of on screen time over and over again on the OnePlus 11. So it’s going to get you through the day and then some. Additionally, with the 80W charging (and the charger is in the box!), you won’t really need to worry about battery life. As the battery is going to fully charge in less than an hour.
The camera is also improved this year on the OnePlus 11. It has a 50-megapixel main sensor, 32-megapixel telephoto and 48-megapixel ultrawide. OnePlus is also using Hasselblad once again here. Giving you a great looking image every time you take a photo. Which is not something we typically say about the OnePlus 11. So that’s definitely a good thing here.
You can pick up the OnePlus 11 from Amazon today by clicking here. This deal is likely only good during the pre-order process, which will end on February 15. Additionally, this is only available on the 16GB/256GB model. And not on the cheaper 8GB/128GB model. Though we would recommend you get the higher-end model anyways. As it is worth the cash.
Since YouTube was announced as the winner of the rights for the NFL Sunday Ticket package, many have been clamoring for more details. YouTube did release a bit more details yesterday during the Super Bowl. But more specifics won’t be released until this Summer, as we get closer to the 2023 season.
YouTube has again confirmed that NFL Sunday Ticket will be available included in YouTube TV and YouTube Primetime channels, as well as available as a standalone package. So you can subscribe to only the NFL Sunday Ticket. YouTube has also confirmed that YouTube TV subscribers will get a discount on NFL Sunday Ticket. Though, we don’t know what the pricing is going to be just yet. When it was with DIRECTV, it was running about $300 for the season. So expect it to be that much and potentially more.
NFL Sunday Ticket without a satellite dish
YouTube did run quite a few promos during the Super Bowl last night about NFL Sunday Ticket. And how you no longer need a satellite dish to get it. Before, you had to be a DIRECTV customer to get it. Which was a satellite TV provider. Now, you just need a decent internet connection.
The NFL Sunday Ticket is going to be available with and without the NFL RedZone. So we could see some different pricing here. YouTube has said that they will be announcing the packages for NFL Sunday Ticket in the Spring. So that customers can start signing up ahead of the 2023 season. So we should know more in the coming months about how much this will cost, and when you can start signing up.
It’s a big get for YouTube to get NFL Sunday Ticket. Of course, YouTube did pay a pretty fortune for it. The deal is worth about $2 billion per season, which is around $500 million more than what DIRECTV was paying for it.
Twitter Blue just got even cooler with a new feature that lets US members post tweets up to 4,000 characters long. No need to write a bunch of tweets just to share your thoughts—just write one long one! If this sounds familiar, it’s because such features have been proposed many times over the years.The new character limit is now live for Blue subscribers in the US , and even if you’re not a Twitter Blue member, you can still reply to and quote these long tweets. But don’t worry, if a tweet is longer than 280 characters, you won’t get overwhelmed; you can just hit the “show more” prompt to see the rest.
Twitter Blue costs $8 a month or $84 a year, and while it might not make you switch from other social networks like Facebook or Mastodon that already have long posts, it could be a lifesaver if you want to share the same post on multiple platforms without having to shorten it.
Twitter needs to step up its game to make Twitter Blue more appealing. With only 180,000 subscribers in the US and about 290,000 worldwide as of mid-January, the platform needs to attract more enthusiastic users if it wants to reach Elon Musk’s goal.
The aforementioned goal is to generate half of Twitter’s revenue from subscriptions, but with Twitter Blue bringing in an estimated $27.8 million per year, it falls way short of the target. Musk is reportedly thinking about adding a higher membership level that would let people browse without seeing ads. This would help the network make more money from subscriptions.
The Twitter saga is now longer and more sophisticated than a fantasy novel by George R.R. Martin, and if you want to get the whole picture, just dive in following the links below:
The US and Britain have sanctioned seven members of the notorious Trickbot gang, which, according to authorities, is based in Russia.
The Trickbot ransomware bot was dismantled by cybersecurity companies in 2022, but somehow it managed to re-emerge. Now, the United States and the United Kingdom have come together for historic joint cyber sanctions against seven members of the notorious Russian hacking group known as Trickbot, officials announced on Friday.
These sanctions are the first for the UK, with officials stating that it was just the first wave of new, coordinated action against cyber criminals.
Malicious emails used in one of the Trickbot attacks
“The United States is taking action today in partnership with the United Kingdom because international cooperation is key to addressing Russian cybercrime,” U.S. Secretary of State Antony Blinken said in a statement on February 9th, 2023.
It is worth noting that, despite Trickbot’s absence in the past couple of years, the individuals behind it remain active and coordinate other attacks. According to experts, Trickbot’s operations were taken over by another ransomware gang known as Conti. The group was first identified in the latter half of December 2019 using TrickBot to drop its payload.
U.S. and British authorities have accused Trickbot and Conti of being associated with Russian intelligence services. Not only that, but the leak of Conti gang chats also revealed its soft corner for Russia. Additionally, Conti declared its support for Russia soon after the country sent its troops to Ukraine on February 28th,2022.
“During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centres, launching a wave of ransomware attacks against hospitals across the United States,” read the announcement by the U.S. Department of the Treasury.
Along with other major ransomware attacks orchestrated by the Trickbot gang, the press release gives details, including their names, involvement with the Trickbot gang, and online monikers, regarding the seven individuals designated by the U.S.
