Bytedance’s earnings leap 60%, TikTok’s divestiture could get a reprieve

andreasc
-
0
Bytedance’s earnings leap 60%, TikTok’s divestiture could get a reprieve
[ad_1]

2023 was a very good year for TikTok’s parent company, ByteDance, which saw its profit jump roughly 60%. The company’s earnings hit more than $40 billion last year, from about $25 billion in 2022.

2024 – now that’s a challenging year for TikTok! On March 13, by a stunningly huge margin, the House passed a bill that could ban TikTok in the U.S.

The goal is ByteDance to sell its interests in the viral short video app, or face a ban in the US. If everything goes to plan (the bill passes the Senate and Joe Biden signs it), ByteDance will have a 165-day deadline to divest from TikTok. Should it not pass the control of TikTok to an American-based company, US app stores (like Apple’s, Google’s and Samsung’s) would be prohibited from offering TikTok in the country.Now, Maria Cantwell, Chair of the U.S. Senate Commerce Committee, says that lawmakers could extend to one year the proposed deadline to force TikTok’s parent company to divest (via Reuters).

According to her, the idea of extending the deadline to one year is okay:

My guess is that would be a good component to guarantee success. We’re talking to our colleagues, people have questions.


The longer deadline would put any potential TikTok ban well into 2025 and beyond the November presidential election. On Monday, Cantwell told reporters she will meet with Senate Democratic Leader Chuck Schumer and Senate Intelligence Committee chair Mark Warner and “then we will have a game plan on how to proceed.”

On Wednesday, Cantwell said it was still “possible” the Senate could take up the House bill but she reiterated that senators want to make the bill stronger and put it on a better legal footing. She noted that attempts by former President Donald Trump’s administration and the state of Montana failed to ban TikTok.

The plan to take on Instagram


Meanwhile, TikTok sticks to the plan to take on Instagram with a new app for sharing photos. It’s going to launch in the not so distant future, and it’d be called Notes, allowing users to share photos much like Instagram.

Judging by teasers, so far TikTok’s Notes seems to offer Polaroid-looking posts featuring a still photo and caption.

“Notes”? Well, it’s hard not to be salty, but… this is as an unimpressive app name as it gets. TikTok should try better, in my personal opinion.


[ad_2]
Source link

Fortra For Windows Vulnerability Let Attackers Escalate Privilege

andreasc
-
0
Fortra For Windows Vulnerability Let Attackers Escalate Privilege
[ad_1]

Fortra’s Robot Schedule Enterprise Agent permits a low-privileged user to elevate privileges to the local system level. 

The problem arises from the agent’s failure to adequately secure its service executable, which an attacker can exploit by swapping out the executable for a malicious one.

As a result, the malicious code will run with elevated privileges when the service restarts, allowing unauthorized access to the system.

In versions of Fortra’s Robot Schedule Enterprise Agent for Windows prior to version 3.04, there is a vulnerability known as CVE-2024-0259 that allows a low-privileged user to overwrite the service executable with their own malicious code and also allows for enhanced privileges. 

It is also crucial since it gives the attacker considerable control over the system.

Upon service restart, the overwritten executable executes with local system privileges, giving the attacker escalated privileges on the system.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Privilege Escalation Vulnerability

An attacker with low privileges can exploit the vulnerability to gain complete control over the system. 

The agent’s service executable is vulnerable to overwriting, which is the source of the vulnerability.

An attacker can deceive the system into executing their code with the highest level of privileges (local system) when the service restarts by substituting a malicious executable for the original one, giving the attacker full access to all of the system’s resources. 

Details of the Vulnerabilities

In Windows versions before 3.04, Fortra’s Robot Schedule Enterprise Agent is susceptible to privilege escalation. This vulnerability enables a user with low privileges to replace the service executable with malicious code. 

When the service restarts, the overwritten program runs with local system privileges, giving the attacker elevated access to the compromised system.

This vulnerability, which falls under CWE-276: Incorrect Default Permissions, underscores the significance of establishing suitable access controls for executables. 

Fortra’s Robot Schedule Enterprise Agent for Windows versions before 3.04 was found to have a critical privilege escalation vulnerability (CVE-2024-0259) on December 7th, 2023. 

The vulnerability has a high exploitability and potential impact, earning it a CVSSv3.1 score of 7.3.

An attacker with low privileges could use it to overwrite a legitimate service executable and then run arbitrary code with system privileges. 

Fortra released version 3.04 on March 20th, 2024, which addresses this vulnerability.

To mitigate the risk, system administrators should update all vulnerable agents to version 3.04 or higher as soon as possible. 

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free 


[ad_2]
Source link

New Harry Potter smartphone just got announced by Xiaomi

andreasc
-
0
New Harry Potter smartphone just got announced by Xiaomi
[ad_1]

Xiaomi has announced yet another Redmi smartphone, the Redmi Turbo 3, which comes in a Harry Potter variant too. More on the Harry Potter model later on. This handset has been rumored lately, and it has been made official in the company’s homeland.

The Redmi Turbo 3 come with a flat display, two rear cameras & thin bezels

The Redmi Turbo 3 is made out of metal and glass, and it boasts a flat display with thin bezels and a centered display camera hole. There are two cameras on its back, and they’re located in the top-left corner.

The phone’s sides are flat, with chamfered edges. Its cameras on the back do protrude a bit, and the Redmi logo sits in the bottom-left corner of the phone’s back side.

There is a 6.7-inch 2712 x 1220 OLED display included on this phone. It offers a 120Hz refresh rate, and a 480Hz touch sampling rate. The brightness goes up to 2,499 nits at its peak. HDR10+ is also supported, as is Dolby Vision.

The Snapdragon 8s Gen 3 fuels this handset

The Snapdragon 8s Gen 3 fuels this smartphone. The Redmi Turbo 3 got announced in both 12GB and 16GB LPDDR5X RAM variants. You can also choose between 256GB, 512GB, and 1TB UFS 4.0 flash storage options.

There are two SIM card slots available here, both of which accept nano SIM cards. Xiaomi’s HyperOS comes pre-installed on top of Android, and the phone is IP64 certified (splash resistant).

A 50-megapixel main camera (Sony’s LYT-600 sensor, f/1.59 aperture, OIS) is backed by an 8-megapixel ultrawide camera (f/2.2 aperture, Sony IMX355 sensor). On the front, you’ll find a 20-megapixel OmniVision unit.

The phone has an infrared sensor at the top, and an in-display fingerprint scanner too (optical). A 5,000mAh battery is also a part of the package. The phone supports 90W wired charging, and a charger is included in the package.

A Harry Potter variant of the Xiaomi Redmi Turbo 3 includes added goodies in the box

Xiaomi also announced a Harry Potter variant of this smartphone. The full name is the Redmi Turbo 3 Harry Potter Limited Edition. You can check out that model below this paragraph. Xiaomi says that this variant is inspired by the ‘Seven Horcruxes’. In the second picture, you can see what sits inside the package, as there are a number of goodies included.


[ad_2]
Source link

The Google Maps custom share sheet is replaced by the native Android 14 version

andreasc
-
0
The Google Maps custom share sheet is replaced by the native Android 14 version
[ad_1]

Now Google Maps, that Swiss Army Knife of an app for global travelers, has become the latest Google app to swap its custom share sheet with the native Android share sheet. The old custom version of the Google Maps share sheet had a space to type in the name or phone number of the person you wanted to share something with and icons on the bottom allowed you to share with someone that you speak with on Google Messages or Telegram. You could also add what you wanted to add to your clipboard or see what was in the three-dot “More” icon.

Old version of Google Maps share sheet on left, new native Android 14 version on the right. Image credit-9to5Google - The Google Maps custom share sheet is replaced by the native Android 14 version

Old version of Google Maps share sheet on left, new native Android 14 version on the right. Image credit-9to5Google

The new Google Maps share sheet includes a sharing link and one-row containing images of people that the user shares with the most. Those who receive shared images over social media will have a small icon attached to their photo showing the social media platform associated with that person. In one example shared by 9to5Google, we can see that some of these recipients are getting these images through Google Messages while others receive shared images over Slack.
The row directly below that one includes icons of apps that the user shares to the most. In this example, we can see that the user favors Nearby Share, Google Messages, Gmail, Telegram, and Drive. The new Google Maps share sheet has yet to appear on my Pixel 6 Pro running Google Maps version 11.124.0101. The phone is running Android 14 QPR3 Beta 2.1. Still, it’s possible that you have the new version. Check it out by sharing something from Google Maps.

[ad_2]
Source link

Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities

andreasc
-
0
Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
[ad_1]

The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by researchers that have found it to be used in the wild.

Let’s first have a look at the two zero-days. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs for these two vulnerabilities are:

CVE-2024-26234 (CVSS score 6.7 out of 10): a proxy driver spoofing vulnerability that Microsoft listed as “Exploitation detected” hours after it initially listed it as non-exploited.

In fact, the patch is a revocation of a Microsoft Windows Hardware Compatibility Publisher signature that was used to sign a file which contained a backdoor using an embedded proxy server to monitor and intercept network traffic on an infected Windows machine. Apparently, the software, designed to remote-control phones, was used to make them act like online bots, collectively liking posts, following people on social media, and posting comments.

CVE-2024-29988 (CVSS score 8.8 out of 10): a SmartScreen prompt security feature bypass vulnerability. Microsoft still has this listed as “Exploitation More Likely” and acknowledges the fact that functional exploit code is available. Which means that the exploit code works in most situations where the vulnerability exists.

One reason for the contradiction could be that the exploitation requires some form of user interaction. It requires an attacker to get the victim to click on a link or open a file. If the victim falls for that, the bug allows the attacker to bypass the SmartScreen security feature in Windows that’s supposed to alert users to any untrusted websites or other threats.

Researchers said that attackers are using the weakness to send targets exploits in a zipped file which bypasses the Mark of the Web (MotW) warnings, a warning message users should see when trying to open a file downloaded from the internet.

The exploit for the vulnerability was called “trivial” and “embarrassingly easy” by the researchers that wrote about it.

A few applications that deserve some of your attention if you’re using them are SQL Server (38 vulnerabilities), and Windows Remote Access Connection Manager (9).

Other vendors

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.

The Android Security Bulletin for April 2024 contains details of security vulnerabilities for patch level 2024-04-05 or later.

Google also updated Chrome to patch a zero-day vulnerability.

SAP has released its April 2024 Patch Day updates.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.


[ad_2]
Source link

Senator Wyden proposes Teams and Slack to work together (and encrypted)

andreasc
-
0
Senator Wyden proposes Teams and Slack to work together (and encrypted)
[ad_1]

The Secure and Interoperable Government Collaboration Technology Act will enhance national security, improve government efficiency, and save taxpayer dollars by requiring the government to purchase collaboration technology that is interoperable, end-to-end encrypted, and built on open standards. Collaboration technology includes tools for text-based messaging, voice and video calling, and live document editing like Microsoft Teams, Slack, and Google Docs.

That’s what the Secure and Interoperable Government Collaboration Technology Act draft, proposed by Senator Ron Wyden, reads.

In other words, Senator Wyden wants to see the popular platforms in an “interoperability” mode.

Interoperability stands for “the ability to work together with other systems or pieces of equipment”, as put by the Cambridge Dictionary. Applied to the mobile tech world, that means it enables cross-platform communication and data exchange between two different apps.

In even simpler terms, interoperability is when Person 1 (a Facebook Messenger user) texts Person 2 (a Telegram user) directly. There’s no need for Person 1 to download and use Person 2’s app of choice (in this example – Telegram).

More about the bill


As reported by The Verge, the newly-introduced idea is aimed at improving how the federal government uses technology for meetings and messages. Senator Wyden’s proposal suggests that all communication tools the government uses, like video calls and messaging apps (from different companies), should work together seamlessly. Apart from allowing users to interconnect between apps easily, under the Act these tools would have to meet strict security measures, including end-to-end encryption, to keep conversations private and safe from unwanted spying.

While the proposed idea would only apply to government tools for now, it might encourage similar changes in the wider tech industry, making it easier for everyone to connect regardless of the app they use.

To make this happen, the proposal instructs the General Services Administration (GSA) to list important features needed for government work, like video calls, messaging, sharing files, scheduling, and editing documents together in real time.

The National Institute of Standards and Technology (NIST) would then set up rules to ensure these tools can work together, focusing on strong encryption to protect the data and making sure these systems keep proper records as required by law.

Companies making these tech tools would have four years to update their products to meet these new standards if they want to keep selling to the government.

Additionally, the proposal calls for regular check-ups on the tech used by the government to suggest any needed updates and for the Department of Homeland Security to conduct security reviews on these tools.

This effort comes after concerns about the risks of relying too heavily on single tech vendors, highlighted by a security mishap involving Microsoft that could have been prevented. Senator Wyden argues that it’s time to reduce the reliance on big tech firms by encouraging competition and setting higher security standards.

This move is supported by various groups advocating for digital rights and secure communication technologies.


[ad_2]
Source link

Ulefone Armor 23 Ultra is a rugged phone with blazing fast charging

andreasc
-
0
Ulefone Armor 23 Ultra is a rugged phone with blazing fast charging
[ad_1]

The Ulefone Armor 23 Ultra is a rugged smartphone that offers blazing-fast charging. We’ve reviewed this handset recently, and Ulefone just published a new video in which it demonstrates the phone’s charging capabilities.

The Ulefone Armor 23 Ultra supports blazing fast chargin

The Armor 23 Ultra not only supports 120W wired charging, but 50W wireless charging too. Do note that a 120W charger is included in the box too, so you don’t have to buy it separately.

In addition to such fast charging, the phone also includes a 5,280mAh battery on the inside. Now, you can get from 0 to 100% in around 30 minutes with that 120W charger. So even if you forget to charge the phone, you can quickly top it off.

Getting to a 100% takes the phone a bit over 30 minutes

In order to reach a 30% charge, it’ll take you around 10 minutes, while reaching 61% takes 20 minutes. Getting to 93% is possible in 30 minutes, so a full charge takes just a little bit more than that.

That’s not all, though. The phone also supports 50W wireless charging. You will need a compatible charger in order to take full advantage of it. This charging tech will take 130 minutes to reach a full charge, Ulefone noted.

It is also water and dust resistant, and it can take a hit too

The Ulefone Armor 23 Ultra is also MIL-STD-810H and IP68/IP69K certified. Not only can it take a hit, but it’s also water and dust-resistant. The MediaTek Dimensity 8020 fuels the device, while you’re getting 12GB of RAM here. You can expand that up to 24GB via virtual RAM. Ulefone also offers 512GB of UFS 3.1 flash storage too.

There is a 6.78-inch fullHD+ display used here, and it offers a 120Hz refresh rate. This is an IPS panel, by the way. A 50-megapixel main camera is backed by a 50-megapixel ultrawide camera on the back. A 64-megapixel ‘Night Vision’ camera is also in use.

If you’d like to check out Ulefone’s promo video, or get more information about the device, check out the content below.

Ulefone Armor 23 Ultra (more info)


[ad_2]
Source link

Fitbit completely redesigns the sleep experience in its mobile app

andreasc
-
0
Fitbit completely redesigns the sleep experience in its mobile app
[ad_1]

Fitbit has lost just about every ounce of independence the company had even after being acquired by Google. While the brand still exists, it’s unclear how long it will take Google to completely erase it from existence.

Until that time comes, if you’re still using a Fitbit product, we have some good news. The Fitbit app has just received some important updates that completely redesign the Sleep experience.

Fitbit announced today that the new look of the Sleep experience in the mobile app should offer simpler navigation. This means that you’ll have an easier time seeing all the info needed. Details like sleep duration, sleep score and sleep timeline are all shown on one page now.

Additionally, you can now press and hold on the sleep timeline chart to find out what time you woke up last night or when your deep sleep ended.

Another interesting change to the app involves sleep patterns. You can now use the week, month and year views to see how your sleep patterns have changed over time.

The update that adds the new sleep UI is rolling out starting today, so make sure to check for a newer version of the Fitbit app in the Google Play Store.


[ad_2]
Source link

The cheapest foldable smartphone is available to pre-order in the US

andreasc
-
0
The cheapest foldable smartphone is available to pre-order in the US
[ad_1]

The cheapest foldable smartphone is now available to pre-order in the US. We’re talking about the Nubia Flip 5G, a device that was presented to global users during the Mobile World Congress (MWC) in Barcelona.

The Nubia Flip 5G went on pre-order in a number of countries, including the US. It comes in 8GB RAM and 12GB RAM models. Those two variants include 256GB and 512GB of storage, respectively.

The cheapest foldable smartphone is now available in the US, starting at $499

The two aforementioned variants of the phone will set you back $499 and $699, respectively. The Nubia Flip 5G is available in Cosmic Black, Sunshine Gold, and Flowing Lilac color variants.

If you’re wondering about the phone’s availability in Europe, well, you may be disappointed. It’s no longer available to pre-order, and Nubia didn’t mention the EU or UK countries at this point in time. That’s odd considering that’s what was expected to happen.

The phone has been made available in a number of countries, but not in Europe

The initial countries where the phone is available in (to pre-order) are: Australia, Chile, Egypt, Hong Kong SAR, Indonesia, Israel, Kuwait, Laos, Malaysia, New Zealand, Pakistan, Philippines, Qatar, Saudi Arabia, Singapore, Thailand, United Arab Emirates, the United States, and Vietnam.

Another thing to note is that the Nubia Flip 5G will go on sale on April 23. So the pre-orders are valid until then. To be more accurate, you can pre-order the Nubia Flip 5G until April 23 at 8 AM EDT. You can do that via the link provided below the article.

Nubia Flip 5G image 2

The Nubia Flip 5G has a circular cover display on the back, and other than that, it’s pretty much what you’d expect out of a clamshell foldable in terms of the design. It folds right down the middle, and the main display has a display camera hole at the top.

The phone has been tested for over 200,000 folds, and it’s fueled by the Snapdragon 7 Gen 1 SoC. This is a budget smartphone, kind of, which is why its specifications are not high-end.

It has a 120Hz display, round cover display, and more

The main display measures 6.9 inches, and it offers a 2790 x 1188 resolution. That panel also offers a 120Hz refresh rate, and it’s an AMOLED display. It also has high PWM dimming to protect your eyes. The cover display, on the other hand, measures 1.43 inches, and it’s an OLED panel too.

A 4,310mAh battery sits inside the phone, while the device supports 33W wired charging. Stereo speakers are included, and Android 13 comes pre-installed on the device, with MyOS 13.

A 50-megapixel main camera is backed by a 2-megapixel depth sensor. On the front, you’ll find a 16-megapixel selfie camera, that snapper is placed on the main display.

Pre-order the Nubia Flip 5G (Nubia)

Nubia Flip 5G image 72


[ad_2]
Source link

Galaxy S20 gets extended update support, continuing into fifth year

andreasc
-
0
Galaxy S20 gets extended update support, continuing into fifth year
[ad_1]

Samsung offers one of the best software update support in the Android space. Its latest flagship phones will get OS updates for seven years, while enterprise models are eligible for up to eight years of support. Testament to its commitment, the company has extended support for the Galaxy S20 series. Originally slated to receive updates for four years, the 2020 flagships are enjoying an additional year of updates.

The Galaxy S20 series is getting a fifth year of update support

Samsung launched the Galaxy S20 series in early 2020 with Android 10 onboard. Later that year, the company announced that its flagship devices would get three major OS updates and four years of security patches. As promised, it delivered Android 11, Android 12, and Android 13 to the phones. The Korean firm also pushed monthly security patches to the devices for four years, all the way up to early 2024.

As per its support policy, Samsung should have ended update support for the Galaxy S20, Galaxy S20+, and Galaxy S20 Ultra this month. However, it didn’t. Instead, the company only dropped the phones from monthly to quarterly security patches. The 2020 flagships are now in their fifth year and still getting updates. While it is unclear whether the extended support will last a full year, these are bonus updates for the phones.

Interestingly, the original Galaxy Z Flip also arrived around the same time as the Galaxy S20 series but it didn’t get extended support. Samsung has ended updates for the first-gen clamshell foldable. That said, as promised by the company, it received three major Android OS updates and four years of security patches, so we can’t complain. The Galaxy Z Flip 5G arrived in mid-2020, so it still has some life left in it.

The last Note phones are currently getting monthly updates

Earlier this month, Samsung dropped the Galaxy Note 20, Galaxy Note 20 Ultra, and Galaxy S20 FE to quarterly updates. It came as a surprise because these phones arrived between August and September 2020 and are yet to turn four. It turned out to be an error from the company. The tech biggie has since restored the phones to monthly updates.

Time will tell whether Samsung will offer updates to the Galaxy Note 20 series and the Galaxy S20 FE beyond four years. Flagship Galaxy smartphones and tablets launched in 2021 and beyond, meanwhile, are eligible for four major OS updates and five years of security patches. Some mid-range models will also enjoy the same support. Seven years of support only applies to the Galaxy S24 series.


[ad_2]
Source link
1...191192193...1,452Page 192 of 1,452