Critical Microsoft SharePoint Server Flaw (CVE-2023-24955) Actively Exploited! CISA Urges Patch by April 16th. Learn why patching is crucial and how to secure your servers.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging all US federal civilian agencies to patch a critical vulnerability (tracked as CVE-2023-24955) in the Microsoft SharePoint Server by April 16, 2024.
CISA has added CVE-2023-24955 to its Known Exploited Vulnerabilities (KEV) catalogue after confirming its active exploitation in the wild.
For your information CISA’s KEV catalog is designed for US Federal Civilian Executive Branch (FCEB) agencies but can be utilized by all organizations, including private ones, to enhance their vulnerability management efforts.
Vulnerability Details
CVE-2023-24955 (CVSS score 7.2) is a code injection vulnerability allowing remote code execution (RCE) on vulnerable Microsoft SharePoint servers. An authenticated attacker with Site Owner privileges can execute arbitrary code remotely on SharePoint servers. This means attackers could potentially take full control of affected systems, steal data, or launch further attacks within a network. It is a critical flaw already addressed by Microsoft in its May 2023 Patch Tuesday updates.
Why Such Urgency
CISA’s demand for an immediate patch reflects the potential for widespread damage if the vulnerability is not addressed. CISA has warned about two Microsoft SharePoint code injection vulnerabilities, CVE-2023-24955 and CVE-2023-29357 (a privilege escalation flaw in SharePoint Server), being exploited by malicious cyber actors, posing significant risks to federal enterprises. It is worth noting that CVE-2023-29357 was added to CISA’s KEV list in January 2024.
STAR Labs’ security researcher Nguyễn Tiến Giang (Janggggg) exploited both CVE-2023-24955 and CVE-2023-29357 in March 2023 at Pwn2Own Vancouver to achieve pre-authentication RCE on a patched device running SharePoint 2019, earning a $100,000 reward. Giang published a technical analysis and PoC exploit in December 2023 whereas in September 2023, a standalone PoC exploit for CVE-2023-29357 was published on GitHub.
Microsoft released patches in May and June 2023 to address both issues. However, it seems some organizations, including US federal agencies, have not yet applied the patch.
What Should Users Do?
This incident underscores the importance of timely patching for critical vulnerabilities and the potential impact of such vulnerabilities on government agencies.
Microsoft SharePoint Server users, particularly those in high-risk environments such as government agencies, are advised to patch their systems immediately, enable two-factor authentication, and keep software updated to minimize the risk of similar attacks.
Expert Opinion
Cybersecurity expert Ray Kelly from the Synopsys Software Integrity Group emphasizes the importance of patching and updating software regularly, especially for private and public-facing servers handling sensitive data.
“This CISA advisory highlights the importance of patching and updating your software regularly, especially for private and public-facing servers that handle sensitive data. These chained vulnerabilities are very serious because they allow attackers to circumvent authentication and execute code remotely on vulnerable servers,” Ray explained.
“However, it’s important to point out that security patches for these vulnerabilities have been available since last Summer. The fact that CISA is now warning us about active exploitation indicates that many organizations have failed to apply the necessary security updates promptly. Malicious actors will always look for the easy targets and an unpatched server will always be easing pickings for them,” he added.
It seems that Meta is no longer the metaverse company, as it has pivoted towards AI. It’s been ramping up its AI endeavors over the past couple of months. Now, the company wants you to bring its AI out into the real world. According to a new report, Meta will bring AI to its Ray-Ban smart glasses.
The company partnered with Ray-Ban to bring a set of powered smart glasses that come equipped with a microphone and camera. Along with being a fashion statement, these glasses can also take pictures, record videos, and play music. If this is a product that interests you, you can order your pair at Ray-Ban for $299.99.
Meta will add AI to its Ray-Ban smart glasses
At this point, smart glasses are a pretty niche product. However, AI is not. Artificial intelligence has been making the rounds over the past year and a half, and several devices are working on bringing AI into the real world. A few examples of this are the Rabbit R1, and the Humane AI Pin. One is a smartphone-like device that you put in your pocket, and the other one is a pendant you attach to your clothes. So, here comes another form factor.
Meta will implement AI technology into its Ray-Ban smart glasses. With this functionality added, the smart glasses will be able to use its camera to identify objects and animals. The New York Times was able to get a hands-on with these glasses and test out their capabilities. The glasses struggled to identify animals that were far away or behind cages. Also, the glasses struggled with identifying an exotic fruit. However, it seemed that they still worked pretty fine.
You will also be able to use the AI for speech translation. So, it seems that it will help you have a seamless conversation with another person who speaks a different language. According to the report, it currently supports English, Italian, French, German, and Spanish.
You will be able to access the AI in the glasses by saying the “Hey Meta” hotword.
When will I be able to try this?
Right now, the AI functionality is being tested via a beta program. However, Meta will distribute the AI functionality next month.
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights the growing, widespread use and potential of Web3 user security data to aid in risk management. The findings of the report reveal a clear and growing demand for more advanced security tools that can effectively safeguard digital assets, verify the authenticity of nonfungible tokens (NFTs) and monitor decentralized applications for threats.
The report, “Uncharted Consensus: The Widespread Use and Potential of User Security Data in Web3”, showcases the rapid adoption of GoPlus’s API suite, which provides Web3 industry stakeholders with unparalleled insights into the health and vulnerability of various cryptocurrencies, NFTs and decentralized applications. At the same time, it also underscores the unique role GoPlus plays in addressing Web3’s most pressing security challenges.
GoPlus is the developer of an API suite that’s designed to address the multifaceted challenges of Web3 user security, enabling targeted data analysis across key aspects of the industry. Its modules include a Token RIsk API and NFT Risk API that evaluate the risk associated with different cryptocurrencies and non-fungible tokens; a Malicious address API for monitoring and reporting malicious address; a dApp Security API for real-time monitoring and threat detection in decentralized applications; and an Approval API for checking malicious approval of an address.
The report shows there is rising demand for better Web3 security solutions, with GoPlus revealing that its Token Risk API saw a rapid increase in utilization from November 2023, with some months witnessing peaks of over 20 million calls per day. This suggests that the crypto industry is collectively shifting towards pre-emptive risk identification and mitigation, driven by the evolving and intensifying landscape of security threats.
These increases were mirrored by similar usage spikes in GoPlus’s other API modules. For instance, usage of its NFT API spiked between Dec. 2022 and Feb. 2023, and then several times again between March and May 2023, before stabilizing, followed by a sustained period of much steadier growth. These usage trends mirror the growing adoption of NFTs and the corresponding need for tools that can accurately assess the risks associated with these digital assets.
Evolving Threat Landscape
A closer analysis of the API usage data illustrated a significant fluctuation in the presence of “high-risk” tokens, reflecting a threat landscape that’s just as volatile as the crypto industry itself. The majority of these high-risk tokens were identified as being either “blacklisted” or “honeypots”, although many other kinds of threats were identified, illustrating the evolving tactics used by hackers and scammers in the industry. The report also found an exponential increase in threats associated with NFTs, such as privileged operations (burn and minting), restricted approvals, self-destruct mechanisms and unauthorized transfers.
The threat-related insights demonstrate the need for Web3 projects to employ more dynamic, robust and adaptable security strategies and countermeasures to deal with the evolving threat landscape, as well as the need for education and collaboration to increase awareness of these threats and find better ways to mitigate them.
Top Ecosystems & Threats
The comprehensive study also highlighted the differing levels of user engagement and security concerns across blockchains, providing perspective on the unique challenges and risks faced by each ecosystem.
BNB Chain emerged as the most prominent user of GoPlus’s APIs, being queried more than 92.7 million times during the research period. This reflects Binance’s laudable achievement in fostering a large community that’s united in its determination to identify and proactively mitigate security risks such as token vulnerabilities and scams.
Ethereum was the second-most popular chain to leverage GoPlus, with users querying its APIs 84 million times, highlighting both the extent of its user base and its vigilance against vulnerabilities and scams. Meanwhile, Polygon also stood out with almost 9.8 million queries during the period. This high level of adoption in the much smaller Polygon community illustrates the strong emphasis it places on scaling security solutions for the Web3 industry.
Other insights from the report include the top ten token risks faced by the crypto industry today, with further analysis uncovering ten tokens with characteristics that mark them out as being “particularly malicious”, and also the top ten NFT collections that could be perceived as risky, due to their close association with phishing scams.
The Importance Of User Security Insights
The GoPlus report provides valuable insights into aspects such as user engagement, preferences and the nature of the evolving threats in Web3, which can be essential for stakeholders to make more informed decisions and mitigate the risks they face.
Perhaps the most significant finding is that the report underlines the critical importance Web3 security data can play in helping the industry to address the evolving risk landscape. As the Web3 ecosystem grows and evolves, the need for comprehensive security data will become all the more vital, helping dApp developers protect their users, while educating users on how to protect themselves.
About GoPlus Labs
GoPlus Labs is revolutionizing Web3 security by offering a transparent, User Security Network with permissionless security data. It provides User Security Module as a Service to any blockchain, utilizing advanced AI for comprehensive threat detection.
Notably, its security data infrastructure has seen a massive usage increase, the user security data usage has grown 5000x from 2022 to now, with daily data API calls 21M.
SecwareX, launched in March 2024, quickly gained significant traction, showcasing high user trust. Within its first two weeks, it attracted over 400,000 users, including more than 30,000 premium (paid) users, highlighting its immediate impact and user trust.
GoPlus enhances Web3 user security through broad support for over 20 chains, collaboration with RaaS and Layer2 partners like Altlayer, zkSync, and Manta, and the introduction of innovative products like the “Secscan” security engine and Secware Middleware. These advancements facilitate a more open data and computing layer, moving towards gradual decentralization.
GoPlus enhances Web3 user security and promotes decentralization by motivating user participation with its token system. The GoPlus Token will act as a “gas fee,” necessary to reinforce the user security network and expand its utility. Moreover, it encourages users to become SecWare Service Providers, Data Providers, and Computing Node Providers. By contributing to the network, these participants can earn GoPlus Tokens.
Wilder World, a massively multiplayer online metaverse, is now available for wishlisting on the Epic Games Store, a digital distribution platform launched by the studio behind Unreal Engine. Players will soon be invited to explore Wiami, a virtual city where ancient wisdom meets futuristic innovation.
As a decentralized virtual world, Wilder World challenges players to defy the authoritarian FORUM and shape their destiny by defending Wiami. Experience the fusion of stunning visuals and rich storytelling in Wilder World, where your legacy begins. Wishlist Wilder World on the Epic Games Store and be the first to craft a new era of freedom and innovation.
Wilder World is a free-roam virtual world that begins in Wiami, a metaverse city to explore, race, socialize, and much more. With an order of magnitude more surface area than traditional MMOs, Wiami offers a rich environment for players to connect and enjoy a Web3-enabled gaming experience. Wilder World’s first experience, a competitive racing game set within the expansive landscape of Wiami, is currently in an alpha testing phase and scheduled for a broader release later in 2024.
In development since early 2021, Wilder World is a next-gen AAA game built on Unreal Engine. The game features the latest in photorealistic graphics and true in-game AI to offer a next-gen gaming experience while enabling a full-scale economy. All items, equipment, land and avatars exist as tradable digital assets on the Wilder World marketplace, which players can own and earn real value by participating in the economy, trading equipment, winning races, exploring the world and more to come.
The listing on the Epic Games Store, one of the largest digital delivery platforms in the world with over 270M total users and 75M monthly active users as of December 2023, will boost visibility for Wilder World among active and dedicated PC gamers. Working with Epic Games is the perfect match for Wilder World, both because of the unrivalled quality of the Unreal Engine, and the strong alignment in ethos and values — given Epic Games’ strive to fight against aggressive middlemen.
“We’re honoured to be listed on the Epic Games store, setting the pace for next-gen gaming in the metaverse,” said Frank Wilder, Co-founder of Wilder World. “Our mission is to create a novel experience using cutting-edge technology, offering players a virtual space for gaming, socializing, and earning.”
Wilder World is for all, letting players across the entire world join in on the fun. Thanks to key partnerships including Nvidia’s GeForce Now and SuperVerse, Wilder World has expanded its reach to both Web2 and Web3 gamer communities. It has also chosen to focus on utmost scalability to power its massive world, working with Polygon and Celestia to build a custom, scalable blockchain to keep its fees low; as well as working with Metagravity to power virtual worlds with thousands of players.
About Wilder World
Wilder World is a massive multiplayer metaverse, launched in closed-alpha in December 2023 after 2.5 years of active development. As a free-roam metaverse, Wilder World leverages the latest in blockchain and AI to give a truly unique experience for players, while also enabling massive photorealistic environments. Wilder World focuses on creating a space in the metaverse for everyone, no matter their financial status, hardware or location. It has amassed a team of over 100 seasoned industry veterans to realize this vision.
Learn more about Wilder World on their website and stay up to date with the latest releases by following the X account and clicking here to wishlist Wilder World on the Epic Games Store
Do you often find yourself overwhelmed by hundreds of open tabs in Chrome on your Android phone? While Chrome allows you to surf the internet on different topics simultaneously by opening multiple tabs, having multiple tabs open can sometimes cause confusion, especially if you’re looking for a particular tab. Well, this is about to change with the upcoming “Tab Declutter” feature which will archive inactive tabs in Chrome.
What is the Tab Declutter feature?
It’s common to forget to close the tab in Chrome after you’re done accessing the information present on it. While keeping a few tabs open is perfectly fine, problems arise when you accumulate a large number. And that’s where the Tabs Declutter feature will come into play.
As the name itself suggests, this feature will help declutter the tabs open in Chrome. It’ll automatically archive tabs that you haven’t used in a while. This way, you’ll not only have a clutter-free environment in Chrome, but it’ll also help to speed up Chrome’s performance. And don’t worry, you’ll have the option to retrieve those tabs if you need them later.
One thing that’s still unclear is how long of inactivity will trigger Chrome to archive a tab. In addition to that, it will be interesting to see how Chrome implements this feature, as there’s a fine line between closing unused tabs to save memory and closing a tab you might still need but haven’t accessed in a while.
When will the Tab Declutter feature be released?
The feature is still under development, and there’s no official word yet on its release date. Like most Chrome features, it will likely be introduced as an experimental option in Chrome Flags first.
As of now, you can access it in Chrome Canary, but it’s not fully functional yet. You can only enable or disable it from the Chrome Flags menu.
As per 9to5Google, you can expect it to be released in Chrome 125, which is scheduled for May. However, take this information with a grain of salt as the feature is still in development, so it wouldn’t be surprising if Chrome delays its release or cancels it altogether.
This isn’t the first time Chrome has tried to declutter tabs
In early 2020, Chrome for Android was working on a similar feature aimed at helping users with the issue of multiple background tabs. It was supposed to prompt users about tabs they hadn’t used in a long time and ask them to close them. Unfortunately, that feature never made it to the stable release.
It’ll be interesting to see how Chrome approaches this new Tab Declutter feature and whether it will be available in the stable release.
Smartphone manufacturers employ various tactics to sell more devices to customers. One of the oldest tactics is making devices unrepairable or slower with software updates to encourage the owner to buy a new device.
In recent years, California and Minnesota have introduced bills dubbed “Right to Repair” to protect customer’s right to repair their damaged devices. Oregon is now joining the list by introducing the “strongest Right to Repair law to date.”
Oregon Governor Tina Kotek signed the Right to Repair bill on Wednesday. The SB 1596 bill passed the state legislature a few weeks ago and will affect next year. It covers consumer electronics, including appliances, laptops and smartphones.
Oregon’s introduction of the Right to Repair bill marks a significant milestone. It’s the fourth state in the United States to take a stand on this issue
As the name implies, the bill requires manufacturers to respect the buyer’s right to repair their damaged device by buying the necessary parts and equipment. While this might seem like a fundamental human right, many manufacturers don’t allow customers to perform repairs themselves or third-party repair shops. Doing so might result in warranty termination.
“The legislation requires manufacturers to make repair more accessible by providing open access to the parts, tools, and information used to fix devices, which manufacturers are currently restricting to “authorized” service centers.” the legislation reads.
One key provision that sets Oregon’s bill apart is the ban on “parts pairing.” This term refers to a company’s software needing to approve a third-party component to function perfectly in a device. This restriction can prevent repairmen from using components not from the device manufacturer, potentially limiting repair options.
Apple warns about security risks of installing unauthorized parts
Additionally, manufacturers are prohibited from using parts pairing to downgrade a device’s performance or showing related warnings to customers. All devices used by Oregonians starting in 2025 must meet these requirements. The bill also encourages manufacturers to make necessary documentation, tools, parts, and software available to consumers and repair shops without overcharging.
Tech companies have no choice but to comply with the new law. Meanwhile, Apple warns that installing unauthorized parts, like biometric sensors, could result in security flaws. In February, John Perry, Apple’s senior manager of Secure System Design, testified to state lawmakers that the company approves the “majority” of Senate Bill 1596.
Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information and grant unauthorized access.
It’s an effective social engineering technique that can bypass even robust technical security measures.
Phishing kits and services provide a low-cost, low-effort way to conduct widespread attacks, which makes them attractive options for threat actors seeking financial gains and access to valuable data.
Recently, cybersecurity analysts at Netcraft discovered that threat actors are actively exploiting the Dracula phishing service to attack USPS and global postal services via iMessage.
iPhone Darcula Phishing Attack
‘Dracula’ is a sophisticated Phishing-as-a-Service (PhaaS) platform leveraging modern web technologies like JavaScript, React, Docker, and Harbor.
It has been used for over 20,000 phishing domains conducting high-profile campaigns.
A key tactic is using iMessage and RCS instead of SMS to bypass filters and leverage user trust for “smishing” attacks impersonating postal services across more than 100 countries.
This enables uniquely effective data extraction by exploiting messaging platforms’ perceived legitimacy and evading typical SMS-based scam defenses.
The Dracula platform was developed by a Telegram user and it offers easy deployment of constantly updatable phishing sites with hundreds of templates targeting global brands.
Phishing landing pages (Source – Netcraft)
Unlike typical phishing kits, darcula websites can update in-place with new features and anti-detection measures like changing malicious content paths for obfuscation.
The group monetizes through paid monthly subscriptions for other threat actors, reads the report.
The Darcula PhaaS offers around 200 phishing templates targeting over 100 brands across more than 100 countries, primarily postal services and trusted institutions like utilities, banks, and governments.
Phishing landing pages targeting postal services (Source – Netcraft)
It uses purpose-registered domains spoofing brand names, favoring .top, .com, and other low-cost TLDs, with 32% on Cloudflare. Over 20,000 darcula domains across 11,000 IPs have been detected, with 120 new ones daily in 2024.
Front pages cloaked with fake domain sale pages, previously redirecting bots to cat breed searches – aligning with darcula’s cat-themed branding.
Anti-detection tactics demonstrate the platform’s sophistication.
darcula anti-monitoring redirecting site crawlers to a cat breed (Source – Netcraft)
Unlike traditional SMS phishing, darcula leverages the encrypted messaging platforms RCS (on Android) and iMessage (Apple) to bypass spam filters and leverage user trust.
RCS/iMessage provides encryption bypassing recent anti-SMS spam legislation, incurs no per-message costs, and overcomes platform security controls through tactics like reply-prompting and device farms.
While aiding user privacy, end-to-end encryption obfuscates message content from network-level filtering.
Threat actors exploit these advantages for widespread “smishing” campaigns impersonating trusted brands while evading typical SMS defenses.
Researchers urged users to stay vigilant against unsolicited messages from unrecognized senders and said that anti-phishing tools remain key protection measures.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
PyPI hit by malware attack! Malicious packages targeting crypto wallets & browser data. Platform suspends new users & projects. Learn how to stay safe and what you should do.
This article has been updated with new information.
In a move to combat a large-scale malware campaign, the Python Package Index (PyPI), the official repository for third-party Python software, has suspended new user registration and project creation. This critical action comes after security researchers at Checkmarx identified a series of malicious packages targeting unsuspecting developers.
According to PyPI’s official update released on March 28th, 2024, at 2:16 UTC, the platform is taking proactive measures to “mitigate an ongoing malware upload campaign.” This suspension aims to disrupt the attackers’ efforts and protect the vast Python developer community.
Checkmarx Discovers Deceptive Software
The security team at Checkmarx identified a coordinated effort by threat actors to upload malicious packages onto PyPI. These packages are designed to exploit a common vulnerability known as typosquatting. Typosquatting tricks users into installing malware by using names and website addresses that closely resemble those of legitimate software.
Once installed, these malicious packages unleash a multi-stage attack. The initial payload targets a user’s cryptocurrency wallets, aiming to steal valuable digital assets. The attackers further expand their reach by scraping sensitive data from browsers, including cookies and extension information. Additionally, the malware attempts to steal various login credentials, potentially compromising a user’s entire digital ecosystem.
According to Checkmarx’s research shared with Hackread.com ahead of publication on Thursday, the most concerning aspect of this attack is the malware’s persistence mechanism. This mechanism allows the malware to survive system reboots, ensuring its continued operation even after a restart. This persistence significantly increases the difficulty of detection and eradication.
PyPI Fights Back
PyPI’s quick suspension of new user registration and project creation shows the platform’s commitment to user safety. This action also potentially disrupts the attackers’ ability to upload new malicious packages and provides PyPI with time to implement more robust security measures.
What Developers Should Do
While PyPI works to address the situation, developers are advised to exercise extreme caution when installing Python packages. Here are some essential security practices:
Double-check package names and sources: Meticulously verify the spelling and origin of any package before installation. Typosquatting relies on tricking users into installing the wrong software.
Verify publisher reputation: Research the publisher behind a package before trusting it. Look for established developers with a history of creating reliable software.
Read reviews and ratings: User reviews and ratings can offer valuable insights into a package’s legitimacy and functionality.
Stay informed: Keep yourself updated on the latest security threats targeting PyPI and the Python community.
The Future of PyPI Security
The PyPI security team is working to identify and remove all malicious packages from the platform. Additionally, they will be implementing tougher measures to prevent similar attacks in the future. Developers can expect further announcements from PyPI regarding the timeline for resuming new user registration and project creation.
This incident goes on to show how sophisticated cyberattacks have become especially when targeting the software development community. By working together, developers, security researchers, and platform operators like PyPI can create a safer and more secure environment for everyone.
UPDATE Mar 28, 2024 – 12:56 UTC
As of March 28, 2024, 12:56 UTC, PyPI’s official website states, “This incident has been resolved,” indicating that the registration of new projects and users is now enabled again.
If you’ve ever used a mapping system on either Android or iOS, chances are it comes from Google. Google Maps is the name of the service, and it’s available in both mobile and desktop formats. There are not many people who don’t know about Google Maps. We’re here to take a closer look at the platform. In other words, we’re here to give you as much information as possible about Google Maps, while also keeping things in the realm of general information. Let’s hope this will give you a better grasp of the service.
What are Google Maps?
We touched upon this in the intro, but let’s delve deeper. Google Maps is a service provided by the American tech giant Google. It has been around since 2005, as it launched in February of that year. Google Maps have evolved quite a bit since then, and in this day and age, it’s the most recognizable mapping/navigation. The vast majority of people who use smartphones these days have Google Maps installed and use them. That goes for both Android and iOS. The app does come pre-installed on a ton of Android smartphones with Google services.
What platforms are Google Maps available on?
You can use Google Maps on both your desktop computer and your smartphone. When it comes to desktop computers, you simply type in maps.google.com in your navigation bar, and you’re good to go. Once you do that, you’ll be able to search anything you want on Google Maps. Alternatively, they’re available on mobile platforms too, both Android and iOS. Those are the two major platforms out there these days. The Google Maps app is free on both of them. It comes pre-installed on many Android smartphones as well. It does not come pre-installed on iOS, but you can easily get the app from the App Store.
On top of desktop computers and smartphone platforms, you can also use Google Maps on your in-car systems, well, some of them. If you have Android Auto in your car, as your OS of choice, or Apple’s CarPlay, perhaps, you can easily use Google Maps for your navigation needs. Those are actually some of the best-use scenarios for this navigation system.
Are there smartphone platforms that Google Maps are not available on?
Yes, there are. Android and iOS are by far the biggest platforms out there. The app is not accessible on all Android smartphones, though. Huawei’s smartphones are exceptions, for example. Why? Well, they don’t come with Google services pre-installed due to the US ban. Huawei’s devices come with HMS, Huawei’s own services. It is possible to sideload Google Maps on Huawei phones. You will, however, need to use an emulator in order to use them, such as GSpace. Simply pre-installing them won’t do you much good, as they won’t run without an emulator.
What are Google Maps’ competitors/alternatives?
There are a lot of great navigation systems available out there. Not a single one of them has the ease of access of Google Maps, though, and chances are people are most familiar with Google Maps. Still, these competitors are more than worth mentioning. The first that comes to mind is Apple Maps. This app is limited to Apple’s own platforms, but considering the grasp of those platforms, it’s more than worth noting. It comes pre-installed on every iPhone, and if you have CarPlay in your car, it will be there too, just to name a few.
Waze is another service worth noting, even though that’s not exactly a competitor to Google, considering that Google owns the app. Sygic is another noteworthy service, and the same goes for TomTom. HERE WeGo is another appealing navigation system that many people rely on. Also, it would be a mistake not to mention Garmin’s navigation suite. Garmin is still amongst the most popular navigation solutions as people seem to love the dedicated hardware and software combo that they sell. There are plenty of choices out there, but Google Maps are still the easiest to get ahold of and use and offer a ton of functionality.
What are the first things you should do in Google Maps before you start using navigation?
This will be different for different people, of course. So, keep in mind these are only our quick recommendations to get you going. The very first thing we’d recommend is for you to get familiar with the interface. Things of this app as being separated into three parts, the top bar, the bottom bar, and the body (map). The top bar is where you type in (or speak it) the location you’re interested in, and access your Google settings (tap your profile picture). In the bottom bar, you’ll see your saved locations, updates that Google Maps sent you, and more.
Once you get familiar with the interface, it may be a good idea to type in your home and work addresses. That way Google will know them and will be able to send recommendations your way and prompt you to tap them without you doing a thing. Following that, I like to set up my light / dark mode/theme preferences. You can choose whether you’d like to use light mode all the time, dark mode all the time, or for the app to follow your general device settings. Unfortunately, you cannot schedule it separately, but it will follow your device settings, so… there you go. You’ll find those options under ‘Theme’ in Google Maps options. Those are basically some initial steps, you’re now ready to go at it.
Can I use Google Maps if I’m not connected to the Internet?
The answer to that question is yes but with a caveat. While some mapping services simply work when you don’t have an Internet connection, as long as you download maps for specific countries, that’s not the case here. Google Maps has plenty of data to process and it’s generally meant to be used as a service that has constant connection to the Internet. If you do need to use it without an Internet connection at some point, you’ll need to make sure you make preparations for it while you do have an Internet connection. What do I mean by that? Well, you’ll need to download a section of the map that you’ll need. You can easily type in your destination, see what part of the map you need, highlight it, and download it. When Google Maps app realizes it has no Internet connection, it’ll still work, as long as you’re in the downloaded part of the map.
Are Google Maps free to use?
Yes, Google Maps are completely free to use, you don’t have to worry about subscriptions or anything like that. This is the way it has been from day one, and Google hasn’t changed anything since then. Google is well-known for its free services, even though some of them are plagued with ads if you don’t pay up, like YouTube. That’s not the case here, though. As long as you download the app, you can use it free of charge. The same goes for the online client too, it’s completely free.
What are the very best features of Google Maps?
At this day and age, Google Maps service has plenty of truly useful features. With that in mind, we’ll list some of the ones that we found most useful. We’ll do it in no particular order. So, let’s get to it.
Offline use
We’ve already talked about this in a separate section, kind of. If you know you’ll be without an Internet connection on a part of your journey, or you simply want to prepare in general, you can download parts of Google Maps for offline use. Google allows you to download considerable chunks, though, so you can make sure you have everything you need on your journey. You can simply tap your profile image in the top-right corner, hit the ‘Offline maps’ feature, and you’ll be able to select what you need from there.
Live View
Google is offering something called ‘Live View’. Those are basically walking directions that will make sure you’re walking in the right direction. All you have to do is search for your destination, and then tap ‘Directions’. Above the map, in the travel mode toolbar, select the icon that indicates walking, and in the bottom center hit the ‘Live View’ option. This can also be helpful indoors, where supported.
Save places you’re interested in
Google Maps allow you the opportunity to bookmark spots on the map, basically. If you’ve stumbled upon a really cool restaurant on the highway recently, you can bookmark it. The same goes for various landmarks, cool landscapes for taking pictures, or anything else you’re interested in. All that will appear in your ‘Saved’ tab in the bottom toolbar. Mine is packed with stuff, and if you use Google Maps often, and move around a lot, I’m sure yours will be too.
See how crowded a specific spot is
If you’re planning to go to a specific shop, let’s say you’re buying some clothes in a mall, you can use Google Maps to see when it’s best to arrive in order to avoid crowds. Google Maps will show you ‘Popular times’ in a day. So, for example, it may say that 1 PM – 5 PM is busy, but everything after that is not. I found this feature to be immensely useful at times.
Reviews
If you’re planning a trip, you’ll likely need to go to get some groceries, or perhaps grab a bite to eat. You can easily check the best spots to visit, thanks to Google Maps. The service has an elaborate reviews section, in which people who visited the location share their experiences. So regardless if you’re visiting a bar, a restaurant, or a beach, you’ll know what to expect. This can save you a lot of time and nerves on your trips.
Multiple destinations option
This is an option that many navigation services still don’t have. Google Maps allows you to add multiple destinations to your directions. So if you need to pick up a friend along the way, or several of them, you can easily add their locations to your trip. Once you choose your main destination, and tap ‘Directions’, select the three dots menu in the top-right corner. There, simply tap ‘Add stop’, and search for another destination, the one that you need to incorporate in your journey.
Fuel-efficient routes
Google Maps allows you to find the most fuel-efficient route imaginable, as long as you’re driving around the US, Canada, or Europe. This is quite important nowadays as the prices of gas have skyrocketed. Simply tap the route with the leaf icon, and you’ll see how much fuel you’ll save by taking the eco-friendly path.
Sharing trips with friends & family
You can share your location with your friends and family, but you can also share entire trips if you want. Needless to say, this is very useful if someone is traveling with you. They can see exactly what is planned, and also help out if needed. You can share your location via the ‘Location sharing’ option in your profile. In regards to trip sharing, you’ll need to start the navigation, swipe up from the bottom of the screen, and open the navigation bar. From there, tap the ‘Share trip progress’ option.
Samsung introduced the Galaxy Tab S6 Lite’s 2024 variant a few days ago in its home market of South Korea. While the brand revealed the specs of the new tablet at the time, it didn’t announce the pricing details. However, the company has now revealed the Galaxy Tab S6 Lite (2024) price, at least for the European market.
The Galaxy Tab S6 Lite (2024) will be available starting from £349
As per Samsung UK’s website, the Galaxy Tab S6 Lite (2024)’s Wi-Fi-only base variant with 64GB of storage costs £349. The higher-end model with 128GB of native storage will set the consumers back by £379.
The slate was announced in Oxford Gray, Chiffon Pink, and Mint color variants. However, only, the Oxford Gray hue is up for grabs in the UK at the moment. Notably, Samsung UK is offering a 15% discount on Galaxy Buds till April 23, when you purchase it with the tablet.
In the US, the slate is expected to cost around $440 and $480 for the 64GB and 128GB variants respectively. Unfortunately, Samsung hasn’t yet revealed the pricing of the Galaxy Tab S6 Lite (2024)’s LTE-enabled variant at the moment. This model will be available in select markets, so we’ll get to know its pricing at some point in April.
The Galaxy Tab S6 Lite is a mid-range Android tablet with the S-Pen stylus support
The Galaxy Tab S6 Lite (2024) is the third generation of the same mid-range Android tablet. The original version saw the light of the day in 2020, while its successor was released in 2022. Now, there’s a new 2024 variant with minor changes (mostly a more powerful chipset). Similar to its predecessors, the 2024 model supports the S-Pen stylus and comes bundled with the note-taking accessory.
As for the other specs, the Galaxy Tab S6 Lite (2024) has a 10.4-inch TFT display. The screen provides a resolution of 2,000 x 1,200 pixels. At the helm, the slate has an unspecified octa-core processor with a maximum clock speed of 2.4GHz. Previous reports have indicated that the tablet has an Exynos 1280 processor. The device is fitted with 4GB of RAM and supports microSD cards up to 1TB in size.
In the camera department, the Galaxy Tab S6 Lite (2024) offers an 8MP primary snapper and a 5MP selfie shooter. Software-wise, the device boots Android 14 out-of-the-box, but there’s no word regarding which version of One UI it offers. Lastly, a beefy 7,040mAh battery, dual speakers by AKG, and Dolby Atmos complete the list of the specs.
.webp)
.webp)
.webp)
.webp)
