149 Security Vulnerabilities & Zero-days

andreasc
-
0
149 Security Vulnerabilities & Zero-days
[ad_1]

On April Patch Tuesday, Microsoft fixed 149 bugs—one of the biggest security update releases in the company’s history. 

Many of its software products, such as Microsoft Office and its SQL Server database package, have fixed vulnerabilities.

The majority of vulnerabilities are in the Windows operating system, and nine CVEs were found in the Azure cloud platform.

Three of the 149 issues are classified as Critical, 142 as Important, three as Moderate, and one as Low in severity.

The update also addresses a vulnerability tracked as CVE-2024-26234, which is currently being exploited.

Details Of The Flaw Exploited In The Wild

CVE-2024-26234 – Proxy Driver Spoofing Vulnerability

Proxy driver spoofing vulnerability is tracked as CVE-2024-26234 and has a CVSS rating 6.7.

An attacker would require high privileges to take over the system, exploit the vulnerability, and spoof the proxy driver.

Document
Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

Microsoft fixed this zero-day vulnerability that impacted Windows desktop and server operating systems and was made public.

Administrators should promptly install the Windows cumulative update on their systems to prevent a security compromise, as this vulnerability is actively exploited in the wild.

Critical Flaws Addressed

CVE-2024-21322 – Microsoft Defender For IoT Remote Code Execution Vulnerability

This vulnerability, which has a CVSS base score of 7.2, is classified as critical for Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

“Successful exploitation of this vulnerability requires the attacker to be an administrator of the web application. As is best practice, regular validation and audits of administrative groups should be conducted”, Microsoft said.

CVE-2024-21323 – Microsoft Defender For IoT Remote Code Execution Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability has a base CVSS score of 8.8.

For the IoT sensor to successfully exploit this issue, the attacker must be able to deliver a malicious update package over the network to the Defender.

The attacker first needs to establish their identity and obtain the required authorization to start the update procedure. 

“Successfully exploiting this path traversal vulnerability would require an attacker to send a tar file to the Defender for IoT sensor.”

Microsoft said that after the extraction process, the attacker could send unsigned update packages and overwrite any file they chose.

CVE-2024-29053 – Microsoft Defender For IoT Remote Code Execution Vulnerability

This is also a critical Microsoft Defender for IoT,  Remote Code Execution Vulnerability, with a CVSS base score of 8.8. 

Any authorized attacker can exploit this vulnerability. Admin or other advanced rights are not needed.

“An authenticated attacker with access to the file upload feature could exploit this path traversal vulnerability by uploading malicious files to sensitive locations on the server,” Microsoft.

Azure Vulnerabilities Addressed

  • CVE-2024-29993 – Azure
  • CVE-2024-29063 – Azure AI Search
  • CVE-2024-28917- Azure Arc
  • CVE-2024-21424 – Azure Compute Gallery
  • CVE-2024-26193 – Azure Migrate
  • CVE-2024-29989 – Azure Monitor
  • CVE-2024-20685- Azure Private 5G Core
  • CVE-2024-29990 – Microsoft Azure Kubernetes Service

Additionally, 41 SQL Server fixes have been released, all of which address issues related to remote code execution.

In addition to the vulnerabilities addressed in this month’s Patch Tuesday release, Microsoft has republished six CVEs.

It is recommended that users upgrade the impacted products to prevent threat actors from exploiting these vulnerabilities.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.


[ad_2]
Source link

New ransomware group demands Change Healthcare ransom

andreasc
-
0
New ransomware group demands Change Healthcare ransom
[ad_1]

The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of “highly selective data,” which relates to “all Change Health clients that have sensitive data being processed by the company.”

The announcement follows a series of events that require some unpacking.

Change Healthcare is one of the largest healthcare technology companies in the USA, responsible for the flow of payments between payers, providers, and patients. It was attacked on Wednesday February 21, 2024, by a criminal “affiliate” working with the ALPHV ransomware group, which led to huge disruptions in healthcare payments. Patients were left facing enormous pharmacy bills, small medical providers teetered on the edge of insolvency, and the government scrambled to keep the money flowing and the lights on.

American Hospital Association (AHA) President and CEO Rick Pollack described the attack as “the most significant and consequential incident of its kind against the US health care system in history.”

The notorious ALPHV ransomware group claimed responsibility, chalking up Change Healthcare as one of a raft of healthcare victims in what looked like a deliberate campaign against the sector at the start of 2024.

ALPHV used the ransomware-as-a-service (RaaS) business model, selling the software and infrastructure used to carry out ransomware attacks to criminal gangs known as affiliates, in return for a share of the ransoms they extorted.

On March 3, a user on the RAMP dark web forum claimed they were the affiliate behind the attack, and that ALPHV had stolen the entirety of a $22 million ransom paid by Change Healthcare. Shortly after, the ALPHV group disappeared in an unconvincing exit scam designed to make it look as if the group’s website had been seized by the FBI.

ALPHV’s exit left Change Healthcare with nothing to show for its $22 million payment, a disgruntled affiliate looking for a ransom, and very possibly two different criminal gangs—ALPHV and its affiliate—in possession of a huge trove of stolen data.

Now, a month later, a newcomer ransomware group, RansomHub has listed Change Healthcare as a victim on its website.

Change Healthcare is listed as a victim on the RansomHub dark web leak site
Change Healthcare is listed as a victim on the RansomHub dark web leak site

While some have speculated that Change Healthcare has suffered a second attack, the RansomHub site itself makes the connection to the events surrounding February 21 quite clear:

As an introduction we will give everyone a fast update on what happened previously and on the current situation.

ALPHV stole the ransom payment (22 Million USD) that Change Healthcare and United Health payed in order to restore their systems and prevent the data leak.

HOWEVER we have the data and not ALPHV.

RansomHub first appeared in late February and its arrival dovetails neatly with ALPHV’s disappearance in very early March, leading some to think they are the same group under two different names.

The statement also pours water on the idea that RansomHub is a rebrand of the ALPHV group with its suggestion that “we have the data and not ALPHV.” However, any public statement like this has to be tempered by the fact that ransomware groups are prolific liars.

It’s not uncommon for affiliates to work with multiple RaaS providers, so the most likely explanation is that having lost its money to ALPHV, the affiliate that ransacked Change Healthcare has paired up with a different ransomware group.

Whatever the reason, there is no comfort in it for Change Healthcare. Having apparently already paid a ransom thirty times greater than the average demand, it now has to decide whether it’s going to pay out again.

For everyone else, it’s a lesson in how devastating ransomware can be, and how badly things can go even when you pay a ransom.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.


[ad_2]
Source link

RUBYCARP the SSH Brute Botnet Resurfaces With New Tools

andreasc
-
0
RUBYCARP the SSH Brute Botnet Resurfaces With New Tools
[ad_1]

The cybersecurity community is again on high alert as the notorious botnet group RUBYCARP, known for its SSH brute force attacks, has resurfaced with new tools and tactics.

The Sysdig Threat Research Team (Sysdig TRT) has been closely monitoring the activities of this Romanian threat actor group, which has been active for over a decade and has recently uncovered significant developments in its operations.

At the heart of RUBYCARP’s resurgence is exploiting a critical vulnerability in Laravel applications, CVE-2021-3129.

This vulnerability has been a focal point for the group’s targeting and exploitation efforts, allowing them to gain unauthorized access to systems and expand their botnet.

In addition to exploiting CVE-2021-3129, RUBYCARP has been using SSH brute force attacks to enter target networks.

Document
Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

The group’s persistence and evolution of tactics underscore the importance of patching known vulnerabilities and strengthening SSH security measures to thwart such attacks.

The latest findings from Sysdig TRT indicate that RUBYCARP has not only continued its traditional brute force and exploitation activities but also added new techniques to its repertoire.

The group now utilizes a backdoor based on the popular Perl Shellbot, connecting victim servers to an IRC server that acts as command and control, thereby joining the more giant botnet.

RUBYCARP continues to add new exploitation techniques to its arsenal to build its botnets
RUBYCARP continues to add new exploitation techniques to its arsenal to build its botnets

RUBYCARP’s toolset has expanded, with the discovery of 39 Perl file (shellbot) variants, although only eight were previously detected by VirusTotal.

The group’s communication strategies have also evolved. They use public and private IRC networks to manage their botnets and coordinate crypto-mining campaigns.

The group has been actively involved in crypto mining operations, using its pools hosted on the exact domains as their IRC servers.

This strategy allows them to evade detection from IP-based blocklists and utilize standard and random ports for further stealth.

Diversified Cryptocurrency Mining

The group has not limited itself to a single cryptocurrency; instead, it engages in mining operations for Monero, Ethereum, and Ravencoin.

The Ravencoin wallet associated with RUBYCARP has been particularly active, with over $22,800 received in transactions.

user “porno” claimed to have gained 0.00514903 BTC, around USD 360, within 24 hours
user “porno” claimed to have gained 0.00514903 BTC, around USD 360, within 24 hours

Beyond crypto mining, RUBYCARP has been executing sophisticated phishing operations to steal financially valuable assets, such as credit card numbers.

Evidence suggests that the group uses these stolen assets to fund its infrastructure and possibly for resale.

Phishing templates impersonating legitimate European companies, such as the Danish logistics company “Bring,” have been identified in RUBYCARP’s attacks.

Identified a phishing template (letter.html) targeting Danish users and impersonating the Danish logistics company “Bring.”
Identified a phishing template (letter.html) targeting Danish users and impersonating the Danish logistics company “Bring.”

The group targets European entities, including banks and logistics companies, to collect payment information.

The resurgence of RUBYCARP with new tools and techniques is a stark reminder of the persistent threat posed by sophisticated cybercriminal groups.

Defending against such actors requires a proactive approach to vulnerability management, robust security postures, and advanced runtime threat detection capabilities.

As the cybersecurity community continues to grapple with the challenges posed by groups like RUBYCARP, organizations must remain vigilant and prepared to respond to the evolving threat landscape.

For more information on RUBYCARP and to stay updated on the latest cybersecurity threats, follow our dedicated news coverage and expert analysis. Stay safe and informed in the digital age.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.


[ad_2]
Source link

Moto g04s is Motorola’s new extremely affordable smartphone

andreasc
-
0
Moto g04s is Motorola’s new extremely affordable smartphone
[ad_1]

Motorola has announced a new smartphone, the Moto g04s. This is the company’s new budget smartphone. As you can see in the provided images, the device has a flat display and a centered display camera hole.

You’ll also notice that its bottom bezel is considerably thicker than the rest of them. All the physical buttons sit on the right-hand side, while the phone has a single camera on the back. There are two cutouts, but the bottom one is reserved for an LED flash. Motorola’s logo also sits on the back.

The Motorola Moto g04s is the company’s new budget offering

The device is fueled by the Unisoc T606 processor. It offers 4GB or 6GB of LPDDR4X RAM, and 64GB of UFS 2.2 flash storage. Do note that the storage is expandable up to 1TB via a microSD card.

A 5,000mAh battery sits inside the phone, while 15W wired charging is supported. The phone has a 6.6-inch HD+ (1612 x 720) IPS display with a 90Hz refresh rate. The maximum brightness it can reach is 537 nits. The Panda glass protects this panel.

Android 14 comes pre-installed on the phone, with My UX skin on top of it. There is an audio jack included on the phone, while Dolby Atmos is supported. A side-facing fingerprint scanner is also included in the package.

The device is water-repellent, and it offers storage expansion

The Motorola Moto g04s is IP52 certified, in other words, it has a water-repellent design. There are also two SIM card slots included here, and the microSD card slot is separate.

A 50-megapixel main camera (f/1.8 aperture) sits on the back, while a 5-megapixel unit (f/2.2 aperture) can be found on the front side of the phone. Bluetooth 5.0 is also supported, and there’s a Type-C port at the bottom.

The Motorola Moto g04s measures 163.49 x 74.53 x 7.99mm, while it weighs 178.8 grams. The phone comes in Concord Black, Satin Blue, Sea Green, and Sunrise Orange color variants.

Motorola’s new budget offering is priced at €119 ($129), and it is now available in Europe. It is coming to Latin America, the Middle East, Africa, and Asia soon, though.


[ad_2]
Source link

Critical Rust Flaw Let Attackers Inject Commands on Windows

andreasc
-
0
Critical Rust Flaw Let Attackers Inject Commands on Windows
[ad_1]

A new critical vulnerability has been discovered in two of the Rust standard libraries, which could allow a threat actor to execute shell commands on vulnerable versions.

This vulnerability has been assigned CVE-2024-24576, and its severity has been given as 10.0 (Critical).

In this report, Rust Security Response stated that they have not identified a solution yet but have created a workaround to mitigate this vulnerability.

This vulnerability was credited to RyotaK and Simon Sawicki (Grub4K) for helping them fix it.

Critical Rust Vulnerability

According to the reports shared with Cyber Security News, this vulnerability exists due to insufficient validation of arguments passed to Command::arg and Command::args APIs. 

The documentation of these two APIs states that the arguments passed to the APIs directly to the spawned process, and it will not be evaluated by a shell.

In addition, the implementation of these two APIs is complicated due to the fact that the Windows API passes all of the provided arguments as a single string, leaving the splitting process with the spawned process.

Document
Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

However, the cmd.exe process has a different splitting logic in Windows as it forces the standard library to perform the escaping for the arguments.

Nevertheless, this escaping sequence was not sufficiently validated, making it easier for threat actors to pass malicious arguments to the spawned process to execute arbitrary shell code. 

As a means of mitigating this vulnerability, Rust Security response team improved the escaping code with strong implementations and has made the Command API to return an InvalidInput error if it cannot safely escape any argument. 

Moreover, this error will be thrown during the process of spawning. For Windows users, the CommandExt::raw_arg method can be used to bypass the standard library’s escaping logic used by the cmd.exe process. 

Affected Versions And Fix

This vulnerability affects all the Rust versions earlier than 1.77.2 on Windows if any code or dependencies execute batch files with untrusted arguments.

Other platforms are not affected by this vulnerability.

To fix this, the Rust Security response team has recommended upgrading Rust to the latest version, 1.77.2, to prevent any unauthorized malicious threat actors from exploiting this vulnerability.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.


[ad_2]
Source link

New SharePoint Technique Lets Hackers Bypass Security

andreasc
-
0
New SharePoint Technique Lets Hackers Bypass Security
[ad_1]

Two new techniques uncovered in SharePoint enable malicious actors to bypass traditional security measures and exfiltrate sensitive data without triggering standard detection mechanisms.

Illicit file downloads can be disguised as harmless activities, making it difficult for cybersecurity defenses to detect them. To accomplish this, the system’s features are manipulated in various ways.

Security researchers from Varonis Threat Labs discovered two SharePoint techniques.

Open-in-App Method

The first technique dubbed the “Open in App Method,” takes advantage of the SharePoint feature, which allows users to open documents directly in their associated applications.

While this feature is designed for user convenience, it has inadvertently created a loophole for data breaches.

Attackers can use this feature’s underlying code to access and download files, leaving behind only an access event in the file’s audit log.

Document
Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

This subtle footprint can easily be overlooked, as it does not resemble a typical download event.

The exploitation of this method can be carried out manually or automated through a PowerShell script.

When automated, the script can rapidly exfiltrate many files, significantly amplifying the potential damage.

The script leverages the SharePoint client object model (CSOM) to fetch files from the cloud and save them to a local computer, avoiding creating a download log entry.

SkyDriveSync User-Agent

The second technique involves the manipulation of the User-Agent string for Microsoft SkyDriveSync, now known as OneDrive, Varonis said.

By masquerading as the sync client, attackers can download files or even entire SharePoint sites.

These downloads are mislabeled as file synchronization events rather than actual downloads, thus slipping past security measures that are designed to detect and log file downloads.

This method is particularly insidious because it can be used to exfiltrate data on a massive scale, and the sync disguise makes it even harder for security tools to distinguish between legitimate and malicious activities.

The use of this technique suggests a sophisticated understanding of SharePoint and OneDrive’s synchronization mechanisms, which could be exploited to systematically drain data from an organization without raising alarms.

Microsoft’s Response and Security Patch Backlog

Upon discovery, Varonis researchers promptly reported these vulnerabilities to Microsoft in November 2023. Microsoft has acknowledged the issue and categorized these vulnerabilities as “moderate” security risks.

They have been added to Microsoft’s patch backlog program, indicating that a fix is in the pipeline but may not be immediately available.

The discovery of these techniques underscores the risks associated with SharePoint and OneDrive, especially when permissions are misconfigured or overly permissive.

Organizations relying on these services for file sharing and collaboration must be vigilant and proactive in managing access rights to minimize the risk of unauthorized data access.

To combat these vulnerabilities, organizations are advised to implement additional detection strategies.

Monitoring for unusual patterns of access events, especially those that could indicate the use of the “Open in App Method,” is crucial.

Similarly, keeping an eye on sync activities and verifying that they match expected user behavior can help identify misuse of the SkyDriveSync User-Agent technique.

Furthermore, organizations should prioritize the review and tightening of permissions across their SharePoint and OneDrive environments.

Regular audits and updates to security policies can help prevent threat actors from exploiting such vulnerabilities in the first place.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.


[ad_2]
Source link

Facebook Messenger major update adds support for HD photos, shared albums, more

andreasc
-
0
Facebook Messenger major update adds support for HD photos, shared albums, more
[ad_1]
Messenger is getting a bunch of important new features this week, including the option to send photos in high-definition, something that WhatsApp only recently introduced.

In addition to being able to send HD photos, Messenger is also allowing users to send larger files up to 100MB in their chats. Shared albums and the ability to add new connections with a QR code are two other new features coming to Messenger this week.

But let’s start with the new option to send photos in high-definition. To fully take advantage of your camera, you can now send an HD photo by selecting an image from your chat composes, then turning the HD toggle on. You can even tap on additional photos to send multiple in HD.
Facebook Messenger major update adds support for HD photos, shared albums, more

The same simple procedure must be followed if you want to send larger files. Simply tap the + button when you’re in a Messenger chat, then select a file up to 100MB. According to Facebook, a wide range of popular file formats are supported, including Word, PDF and Excel.

Furthermore, the latest Facebook Messenger update adds so-called shared albums. To create a new album in a group chat simply follow the process below:
  • Select multiple photos from your chat composer
  • Tap Create album (you can also long press a photo in the chat and tap Create album)
  • To add to an existing album, tap Add to album

Facebook Messenger major update adds support for HD photos, shared albums, more

You can even rename the album from the three dot menu. Simply choose the Edit Name option and confirm the album’s new name. Keep in mind that everyone in the chat can view, add, delete and download pictures and videos from the album. The shared album feature will be rolled out over the coming weeks, so be patient if you don’t see it right away.

Finally, Messenger users can connect with other users by scanning their QR code or sharing theirs via a link. Simply start a message thread with a new connection, head to Settings and tap the QR code icon at the top. That way they will be able to scan your code using their device’s camera, or you can share a link using the Share option.


[ad_2]
Source link

A bug affecting the Google Play Store makes a very useful shortcut disappear

andreasc
-
0
A bug affecting the Google Play Store makes a very useful shortcut disappear
[ad_1]

There’s a software bug that has infested the Google Play Store and thanks to this issue, a useful feature that delivers a shortcut to users has disappeared. This feature, when available, was the fastest way for you to check to see whether you have any updates for your Android apps. Before the infestation, if you long-pressed on the Google Play Store icon on the homescreen, you’d see shortcuts including one that said “My apps” and “App info.”

Pressing on “App info” opens the page that goes by the same name and allows you to manage notifications coming from the Play Store, manage permissions for the app, clear the storage and cache memory on the app, and see other data such as the number of minutes of screen time that the Play Store managed to tally today, and the version of the app that is installed on your Android device is on the bottom.

The other option you might see when long-pressing the Play Store icon on your homescreen says “My apps,” and this is the important option because tapping on it takes you directly to the “Manage apps & device” page from where you can see how many app updates you have in queue and you can tap once to have these updates completed. This is the fastest way to get this done except for one tiny, little problem.

At left, a bug erases the option that provides Android users with the fastest way to update the apps on their phones - A bug affecting the Google Play Store makes a very useful shortcut disappear

At left, a bug erases the option that provides Android users with the fastest way to update the apps on their phones

A bug is keeping many Android users from seeing the “My apps” option when they long-press the Play Store icon. The long-press reveals only the “App info” option. It genuinely does not seem like Google has removed this feature (which many would see as a typical Google move). While the bug has circulated for a few weeks now, my Pixel 6 Pro running Android 14 QPR3 Beta 2.1 still shows “My apps” when I long-press on the Play Store icon on the homescreen.

If you do not have the “My apps” shortcut anymore, you can long-press the Play Store icon from your homescreen, tap on “App info” and Clear storage. This will eliminate some recent data and force you to reset purchase authentication preferences. However, it might exterminate the bug. There is also another possible fix that might work and that is installing the next update for the Play Store. To see if one is available, open the Google Play Store app and tap the Profile icon in the upper right corner of the screen. Tap on Settings > About > Update Play Store and see if this brings back the shortcut.


[ad_2]
Source link

Polls arrive on Discord as a new non-Nitro feature

andreasc
-
0
Polls arrive on Discord as a new non-Nitro feature
[ad_1]
Video Thumbnail
The lines between social media apps keep getting blurrier, and features that were once niche are becoming mainstream. Remember when short-form video was TikTok’s thing? Or how Snapchat owned disappearing messages? But even in spite of the tidal wave of features, some platforms, like Reddit, Discord, and Telegram, have stubbornly clung to their identities. Discord, in particular, has been measured about adding new bells and whistles, so when it finally unveiled native polls, it felt like a long-overdue move.Discord, just like Reddit, is a playground for online communities. Servers filled with channels are the backbone, like a wilder version of Subreddits. Polling fits this model well – Reddit rolled out polls back in 2020, and Telegram even earlier in January of that year. Even WhatsApp is getting into the community game, adding polls to announcement groups just last year.

Until now, Discord users relied on a workaround for polls: pinning a message and tallying emoji reactions. It was clunky, and results easily disappeared into the depths of a chat history. As you can see above, even Discord’s own official video introducing polls hilariously pokes fun at this makeshift system.

However, now with the introduction of official polls, this method of using emoji reactions can be a thing of the past. Creating a poll will be very simple: Tap that familiar plus icon next to the chat bar, select “Poll,” and done! You can title your poll, add up to 10 options, and even set a duration. Want a multiple-choice format? That’s an option too. No more worrying if seeing the results will skew your vote, as Discord will have a dedicated “Show Results” button.


Right now, there are some limitations to the feature. Slash commands won’t magically create polls, and there’s no anonymous voting. But hey, you can change your vote while the poll’s live, and anyone can create polls. Polls are slowly rolling out to all users in the next couple of days, so if you don’t see the feature show up now, sit tight as it will eventually get to you.

[ad_2]
Source link

Pixel 9 name surfaces on hidden files found inside latest Google app beta

andreasc
-
0
Pixel 9 name surfaces on hidden files found inside latest Google app beta
[ad_1]
There is no question that the Pixel 9 series is coming this year, although the exact number of phones in the line is not clear. The last we heard, Google might release three Pixel 9 handsets this October, the Pixel 9, Pixel 9 Pro, and the Pixel 9 Pro XL. Similar to how Apple does things, the Pixel 9 Pro will be a smaller “Pro” version while the Pixel 9 Pro XL will be the larger-screened “Pro” model. The Pixel 9 Pro could sport a 6.1-inch display while a 6.8-inch screen should adorn the Pixel 9 Pro XL.
On “X,” AssembleDebug (via AndroidCentral) did what he does best and discovered some code in the beta version of the Google app (15.14.34.29.arm64) related to the Pixel 9 series. These files are actually connected to the Google Assistant setup wizard which users will see when they first turn on their new Pixel 9 series device to set up the phone. There are also rumors that the Pixel line might include a new “Pixie” digital assistant.
Frame from animation connected to the Pixel 9 Google Assistant setup wizard - Pixel 9 name surfaces on hidden files found inside latest Google app beta

Frame from animation connected to the Pixel 9 Google Assistant setup wizard

Two Pixel 9 files that AssembleDebug discovered in the Google app beta include assistant_robin_suw_pixel9_fragment.xml which appears to be related to the Google Assistant setup wizard (SUW) page. The second file, assistant_robin_suw_pixel9.json, is an animation that is also related to setting up the phone. Note the reference to the Pixel 9 in the name of both files. There has been no indication that Google will release an assistant named Pixie for Pixel models, but come on now. It sounds too good for this not to be a real thing. 

Google has been working to make Assistant a thing of the past and while the Google app tries to get users to switch from Assistant to Gemini, so far I haven’t been too impressed using the latter instead of Assistant. Android users might end up with a brand new digital assistant, not Gemini, replacing Google Assistant.


[ad_2]
Source link
1...197198199...1,452Page 198 of 1,452