Vivo X Fold 3 Pro specifications & design appear ahead of launch

andreasc
-
0
Vivo X Fold 3 Pro specifications & design appear ahead of launch
[ad_1]

The Vivo X Fold 3 Pro specifications and design have just surfaced ahead of its expected launch. This smartphone is tipped to arrive at some point this month. Vivo still didn’t reveal the launch date, though.

The Vivo X Fold 3 Pro specifications and design have been revealed

The phone’s specifications and design have been shared by Digital Chat Station, a well-known Chinese tipster. The design was shared recently, while the phone’s specifications surfaced today from the same source.

Let’s first check out the schematic that the tipster offered, you can check it out below. It seems like the Vivo X Fold 3 will have a similar form factor to most book-style foldables. It will have a display camera hole on the cover display and three cameras on the back. ZEISS optics will be a part of the package, and so will a periscope telephoto camera.

Vivo X Fold 3 Pro sketch 1

Two 120Hz displays will be on offer, along with the Snapdragon 8 Gen 3 SoC

What about the specs? Well, an 8.03-inch main display is tipped. It’s said to offer a 2480 x 2200 resolution, and it will be an LTPO panel (1-120Hz refresh rate). Dolby Vision and HDR10+ content support are expected. A 6.53-inch 2748 x 1172 AMOLED display is also expected with a 120Hz refresh rate.

The Snapdragon 8 Gen 3 processor will fuel this smartphone, while it will also include 16GB of LPDDR5X RAM. The phone is tipped to offer 1TB of UFS 4.0 flash storage as well. Android 14 will come pre-installed on the device, with Vivo’s OriginOS 4. Do note that this is a Chinese variant we’ll talking about. We’re not sure if the global one will be coming, but Vivo has not launched one of its foldable phones globally just yet.

Vivo plans to utilize a 5,800mAh battery, and offer blazing fast charging

A 5,800mAh battery is also tipped, as is 120W wired, and 50W wireless charging. The device is also said to offer reverse wireless charging. An in-display ultrasonic fingerprint scanner will be located on both the main and cover displays, it has been said, and an IR blaster will also be a part of the package.

A 50-megapixel main camera (OmniVision OV50H sensor, OIS, V3 chip) will be backed by a 50-megapixel ultrawide unit. The third camera on the back will be a 64-megapixel periscope telephoto camera (OmniVision OV64B sensor, 3x optical zoom). The tipster says we can expect a 32-megapixel selfie camera on both of the phone’s displays.

The regular Vivo X Fold 3 could also arrive

Stereo speakers will be a part of the package, as will two SIM card slots. The device will support 5G, Bluetooth 5.4, and Wi-Fi 7 as well, in case you were wondering. This smartphone is tipped to arrive alongside the Vivo Pad 3 tablets, and the vanilla Vivo X Fold 3 could also launch. The Vivo X Fold 3 actually got its 3C certification. That model will offer 80W wired charging.


[ad_2]
Source link

Microsoft released a new update to fix Edge’s previous buggy update

andreasc
-
0
Microsoft released a new update to fix Edge’s previous buggy update
[ad_1]

Microsoft has corrected a prior glitchy update to its Edge browser, which was causing numerous problems for users. The tech giant admitted that many users’ browsing experiences had been negatively impacted by several vulnerabilities that had been unintentionally introduced by the original update.

The buggy update led to complaints from users about slow loading times, frequent crashes, and other performance issues. A user on Neowin was the first to spot the issues and report them to the blog. Other Edge users later raised their voices on Reddit and Microsoft’s support website against the buggy update that turned the browser unfunctional.

You can now get Microsoft Edge’s new update from the company’s download servers.

Following the update, Edge was unable to open webpages. It notified users that “this page is having a problem” or there is “not enough memory to open this page.” The glitchy update even led to the browser’s settings panel and bookmarks stopping working.

The memory error was supposedly due to an Enhanced Web Protection update that Microsoft intended to bring to Edge. Some users reported that they could solve the issue by turning off “Enhance your security on the web” in Edge’s settings.

These issues were created by the stable version of Edge, 122.0.2365.63. Disabling the add-ons and closing tabs couldn’t solve the problem either.

If you’re an impacted user, the fix has arrived. Microsoft first removed version 122.0.2365.63 from its download servers and then released version 122.0.2365.66 as a fix. You can now update your browser to the latest version to ensure everything works fine.

In February, Microsoft also fixed the automatic import glitch on Edge that imported data and tabs from Google Chrome without user consent. Microsoft claims the issue was due to a software bug. However, some rivals like Mozilla demand an investigation into Microsoft’s tactics for keeping users on its Edge browser.


[ad_2]
Source link

U.S. Charged Iranian Hacker, Rewards up to $10 Million

andreasc
-
0
U.S. Charged Iranian Hacker, Rewards up to $10 Million
[ad_1]

The United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie Nasab, for his alleged involvement in a sophisticated cyber-espionage campaign targeting American entities.

The indictment, unsealed recently, reveals a multi-year operation that compromised governmental and private sector systems, including the U.S. Departments of the Treasury and State, defense contractors, and companies based in New York.

A Persistent Cyber Campaign

Nasab, 39, is accused of working under the guise of a cybersecurity specialist for Mahak Rayan Afraz (MRA), an Iranian company with links to the Islamic Revolutionary Guard Corps (IRGC).

From 2016 through April 2021, the campaign involved spear-phishing and other hacking techniques to infect over 200,000 victim devices, many containing sensitive or classified defense information.

The Rewards for Justice Twitter account recently announced that the U.S. government has pressed charges against a group of Iranian hackers for their involvement in cyber attacks.

The spear-phishing campaigns were meticulously organized using a custom application, allowing Nasab and his co-conspirators to deploy their attacks effectively.

In one instance, they breached an administrator email account at a defense contractor. It was then used to create rogue accounts and send further spear-phishing emails to other defense contractors and a consulting firm.

Social Engineering and Identity Theft

Apart from spear-phishing, the conspirators also engaged in social engineering, often masquerading as women to gain the trust of their victims and deploy malware.

Nasab is believed to have played a crucial role in procuring infrastructure for the campaign, using stolen identities to register servers and email accounts.

Nasab faces multiple charges, including conspiracy to commit computer fraud, wire fraud, and aggravated identity theft.

He could face up to 47 years in prison if convicted on all counts. Despite being at large, the U.S. State Department has announced a reward of up to $10 million for information leading to his identification or location.

Broader Context of U.S.-Iran Relations

The indictment comes amid a backdrop of tense U.S.-Iran relations, with ongoing concerns about Iran’s nuclear program and its support for proxy forces in the Middle East.

The U.S. has been involved in efforts to curb Iran’s nuclear ambitions and has faced various provocations, including the seizure of tankers and military escalations.

The charges against Nasab underscore the global threat posed by state-linked cybercriminals.

The U.S. has taken a firm stance against such activities, offering substantial rewards for information and demonstrating a commitment to pursuing justice, even when the suspects are beyond their immediate reach.

The case against Nasab is a stark reminder of the cybersecurity risks facing nations and the importance of international cooperation in combating cyber threats.

It also highlights the U.S. government’s determination to hold individuals accountable for cyber espionage, regardless of location or affiliations.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter


[ad_2]
Source link

Fashion meets functionality in 2024

andreasc
-
0
Fashion meets functionality in 2024
[ad_1]

Have you ever wondered if your accessories could do more than just complement your outfit? Welcome to 2024, where wearable technology isn’t just about smartwatches or fitness trackers; it’s a fashion statement, a health monitor, and a tech gadget, all rolled into one stylish package.

Trendsetting in Tech and Fashion

This year, we’re seeing an exciting trend where technology meets haute couture. Imagine smart rings that not only track your fitness but are designed as statement pieces that complement your everyday style. These pieces are more than gadgets; they’re part of your personal style. But it’s not all about looks. These gadgets are revolutionizing how we interact with technology. They monitor our health, track our fitness goals, and even help us stay connected in the most unobtrusive way. However, as we embrace these cutting-edge gadgets that seamlessly blend into our lifestyle, it’s crucial to use a CyberGhost VPN to safeguard our personal data and enhance the security of our tech accessories, ensuring our digital interactions remain private and protected.

Health at Your Fingertips

One of the most significant aspects of wearable tech in 2024 is its focus on health and wellness. With advanced sensors, these fashionable gadgets keep an eye on your vital signs, encourage you to stay active, and even help manage stress. It’s like having a personal wellness coach always with you.

The Oura Ring: Wellness on Your Finger

Take the Oura Ring, for instance. This elegant piece of jewelry is more than just a ring; it’s a sophisticated health tracker. It monitors your sleep, activity, and even your body temperature, providing insights into your overall well-being, all while looking like a stylish accessory that complements any outfit. One of the standout features of the Oura Ring is its sleep analysis. It doesn’t just track the duration of your sleep; it analyzes the quality, including REM and deep sleep stages. By understanding your sleep patterns, you can make adjustments to improve your sleep quality, which is essential for overall well-being.

Apple’s Vision Pro Headset: A New Frontier

The imminent release of Apple’s Vision Pro headset has everyone talking. This device is not just a step forward in wearable tech; it’s a leap into the future. At the heart of the Vision Pro headset are its advanced Augmented Reality (AR) capabilities. Imagine overlaying digital information onto the physical world — from immersive gaming experiences to real-time navigation overlays and interactive learning environments. Whether it’s for professional use, like virtual meetings and 3D design visualization, or personal use, like interactive fitness sessions and social media browsing, the headset is versatile. Its applications are diverse, catering to both the tech-savvy and those new to AR technology.

Smart Glasses Showdown at CES 2024

The wearable tech spotlight was on smart glasses at CES (the Consumer Electronics Show) 2024. Companies like Xreal and RayNeo stole the show with their cutting-edge designs. Xreal teamed up with Qualcomm to enhance the tech behind their glasses, offering consumers high-quality, immersive augmented reality experiences and seamless connectivity, transforming how users interact with the digital world. RayNeo’s ultralight smart glasses combine comfort with functionality, providing users with a stylish, wearable tech experience that integrates digital information into their daily lives.

Garmin Lily 2: Elegance Meets Tech

The Garmin Lily 2 builds upon its predecessor, the original Garmin Lily, with several key enhancements. While retaining its “petite and fashionable” design, the Lily 2 introduces advanced health and connectivity features, catering to users who seek both style and increased functionality in their wearable tech. This evolution makes the Lily 2 a more versatile and user-friendly smartwatch, blending fashion with new, sophisticated technological capabilities.

Mojawa’s Bone Conduction Headphones: A Personal AI Trainer

Mojawa is taking fitness tech to the next level with their new bone-conduction headphones. These aren’t just for listening to music; they come with an AI sports trainer designed to enhance your training sessions. This personal trainer in your ear provides real-time feedback and motivation, pushing you to achieve your fitness goals.

GyroGlove: A Beacon of Hope

Perhaps one of the most heartwarming advancements in wearable tech is the GyroGlove. Designed for individuals suffering from Parkinson’s, this glove offers a chance to regain some independence. Its innovative technology stabilizes hand tremors, allowing users to perform daily tasks with greater ease and confidence.

The Future is Wearable

As we look ahead, the possibilities are endless. We’re on the brink of seeing tech and fashion merge in ways we’ve never imagined. From smart fabrics that change color based on your mood to holographic accessories, the future of wearable tech is not just functional; it’s fabulous.

So, whether you’re a tech enthusiast, a fashionista, or just someone who loves the idea of smart living, wearable tech in 2024 offers something for everyone. Stay tuned because the fusion of fashion and functionality is just getting started.


[ad_2]
Source link

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

andreasc
-
0
New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID
[ad_1]

SolarWinds cyberattack was one of the largest attacks of the century in which attackers used the Golden SAML attack in post-breach exploitation to affect thousands of organizations all over the world including the United States government for deploying malicious code into Orion IT management and monitoring software. 

After the massive cyberattack, CISA recommended hybrid environment organizations to move to a cloud identity system such as Entra ID.

However, a new technique dubbed Silver SAML has been discovered which could bypass security recommendations and exploit Entra ID using applications.

Though this vulnerability has been rated as MODERATE risk to organizations, depending upon the compromised system, this Silver SAML authentication can be used to gain unauthorized access to business-critical applications that pose a SEVERE risk.

Silver SAML Attack

According to the reports shared with Cyber Security News, Entra ID is used by several organizations that use SAML for authenticating into applications.

However, this Entra ID uses a self-signed certificate for SAML response signing. Additionally, organizations can also use externally generated certificates to sign the SAML.

Silver SAML attack workflow (Source: Semperis)

Golden SAML authentication is well-known for its extraction of signing certificates from Active Directory Federation Services and using them to forge SAML authentication responses.

The Silver SAML attack does not use the ADFS in Microsoft Entra ID.

Suppose an attacker obtains the private key of an externally generated certificate. In that case, the attacker can forge any SAML response as they please and sign the response with the same private key that Entra ID holds.

If this attack is successful, the attacker can gain access to the application as any user.

Issue Behind SAML And Signing Certificates

The main issue with the SAML and signing certificates is that most of the organizations do not correctly manage signing certificates.

Additionally, the SAML security is weakened as they use externally signed certificates.

In addition to this, these externally signed certificates are also used to send certificate PFX files and passwords using insecure channels like Teams or Slack.

Even for organizations that use Azure Key Vault, a secure place to store self-signed certificates can also be infiltrated and extracted the keys.

Apart from this, organizations also manage SAML signing certificates externally instead of using the Entra ID.

Performing A Silver SAML Attack

To launch the attack in a Service Provided initiated flow, a threat actor needs to intercept the SAML request and replace the contents of the SAML response with a forged SAML response which could be done using an intercepting proxy such as Burp Suite.

An example of this attack was demonstrated with the test flow by researchers. The SAML response for a user [email protected] was intercepted.

For exploitation, some of the SAML claims information such as UPN (User Principal Name), surname, firstname, displayName, and objectID need to be collected, which can be done using the Entra admin center or Microsoft Graph API.

Intercepting the SAML response (Source: Semperis)

With the researchers created tool “SilverSAMLForger”, the required parameters are generated as a base64 and URL encoded output string.

This forged SAML response can then be used to replace the SAML response in the intercepted response, making the application log in as a targeted user.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter


[ad_2]
Source link

Apple reportedly tells support staff not to speculate on iPhone sideloading in other markets

andreasc
-
0
Apple reportedly tells support staff not to speculate on iPhone sideloading in other markets
[ad_1]
The impending release of iOS 17.4 is bringing new features to the iPhone that are unique to the 27 member EU states. That’s thanks to the EU’s Digital Market Act (DMA) which has pressured Apple to make several changes. One big change will allow iPhone users in the EU to sideload apps which is just a fancy way of saying that they can install apps from third-party app stores. The changes must take place on or before March 7th.
Everywhere else, Apple maintains its walled garden approach which allows it to keep control over the apps listed in the App Store so that iPhone users don’t download malware-laden apps on their handsets. This is a valid point although malicious apps sometimes do make it through Apple’s security system. It might not be a good look to be an Apple apologist, but the truth is that iPhone users would not want to install any app that could access their financial apps and steal their money, slow down their phone, and reduce the battery life.
According to Bloomberg’s Mark Gurman, writing in his weekly Power On newsletter, Apple is telling its AppleCare support staff not to speculate to customers about whether Apple will offer sideloading and third-party app store support in other countries. Gurman points out that Apple is expecting its customers to flood support staff with such questions considering that many iPhone owners want the freedom to install apps from outside of Apple’s App Store.
Big changes are coming to the iPhone in the EU next week with the release of iOS 17.4 - Apple reportedly tells support staff not to speculate on iPhone sideloading in other markets

Big changes are coming to the iPhone in the EU next week with the release of iOS 17.4

The argument over sideloading can be boiled down to two different ways of thinking about it. Apple, as we noted above, has long felt that it was doing iPhone owners a favor by preventing them from installing apps that they haven’t checked out first. But there are iPhone owners who argue that they spent the money to purchase an iPhone and what they do with it should be entirely up to them.

As for the question that Apple doesn’t want support staff to speculate about, considering that it took a set of regulations backed with the threat of big money penalties to get Apple to allow sideloading in the EU, it probably will take regulations or legislation similar to the DMA to get Apple to offer sideloading in other markets.

[ad_2]
Source link

Google Password manager on Android could soon allow you to safely share passwords with your family

andreasc
-
0
Google Password manager on Android could soon allow you to safely share passwords with your family
[ad_1]
If you use Google Chrome’s password manager and manage some online accounts that you share with a family member, there may be a new feature in the works that will make your life much easier. The potential new feature would allow members of Google Family Groups to easily and securely share passwords within the group.Sharing passwords with family members can be a headache — especially when you’re in a rush and don’t know the login details for a shared account. Thankfully, TheSPAndroid has noticed that Android may soon add the ability to share passwords within a family group. This was found first in Google Chrome’s desktop version and then subsequently within the latest version of Google Play Services (version 24.09.12 190400–610662703). This suggests that Google won’t be leaving Android devices behind when it comes to this functionality.In the screenshots shared below, you can see that a new “Share” button will appear underneath a saved account and beside the “Edit” and “Delete” options. Once tapped, you then see an additional message to confirm that you want to share the password and to advise you that this is only for members of your family group, which you can manage in your Google account settings.

Image Credit: @AssembleDebut (TheSPAndroid)

While the feature is still under development, the screenshots suggest that the process could be quite simple for the receiving end as well. After sharing a password, the recipient may see a tooltip when visiting the website on their own device, letting them know credentials are available. The feature, in its current form, seems designed for passwords only and not passkeys.It’s important to note that Google is likely still refining the system, and the procedure may change before the official release. However, should this feature be rolled out officially, it will likely eliminate the need to share passwords via unsafe methods, such as unencrypted text messages or via email.

[ad_2]
Source link

New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain

andreasc
-
0
New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
[ad_1]

The latest version of Bifrost RAT employs sophisticated techniques including typosquatting, to avoid detection and complicate efforts to trace its origins.

Cybersecurity experts at Palo Alto Networks’ Unit 42 have uncovered a new cybersecurity threat: a new variant of the Bifrost RAT (also known as Bifrose) targeting Linux systems. This variant, utilizing a tricky domain named download.vmfare(.)com, is designed to evade detection and compromise targeted systems.

The malicious domain bears a not-so-easy-to-distinguish resemblance to a legitimate VMware domain, with the only difference being the substitution of the letter “F” for the “W” in the domain: VMware becomes VMfare. For your information, VMware is a leading provider of virtualization and cloud computing software and services.

This type of attack is called a typosquatting attack in which malicious actors register domain names similar to popular ones, relying on users making typing errors to visit their sites, often for phishing or malware distribution purposes. For example, “It’s Google.com, not ɢoogle.com.”

New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
VirusTotal score for the malicious domain (screenshot: Palo Alto Networks’ Unit 42)

Bifrost, a remote access Trojan (RAT) dating back to 2004, is notorious for its ability to hide within systems, inject malicious code into legitimate processes, and establish covert communication channels with external servers. This allows attackers to steal sensitive data with ease.

The latest version of Bifrost, as detailed by researchers in their technical blog post, employs sophisticated techniques to avoid detection and complicate efforts to trace its origins. By encrypting collected data using RC4 encryption, and the aforementioned domain with a deceptive name, the malware makes it challenging for security experts to thwart its activities.

Additionally, the malware’s recent deployment on a server hosting an ARM version hints at an expansion of its targets.

Analysis of the malware’s code reveals intricate manoeuvres to establish connections and gather data, showcasing its advanced capabilities in evading detection. Palo Alto Networks detected over 100 instances of Bifrost activity in recent months, signalling a critical need for enhanced security measures.

To safeguard against Bifrost attacks, Unit 42 researchers recommend a multi-faceted approach including regular system updates, strong access controls, deployment of endpoint security solutions, and vigilant monitoring of network activity.

  1. New Linux Malware “Migo” Exploits Redis for Cryptojacking
  2. Free Download Manager Site Pushed Linux Password Stealer
  3. Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack
  4. Hamas Hackers Hit Israelis with New BiBi-Linux Wiper Malware
  5. Mirai-based NoaBot Botnet Hits Linux Systems with Cryptominer

[ad_2]
Source link

Google Drive updated with important playback and search improvements

andreasc
-
0
Google Drive updated with important playback and search improvements
[ad_1]

Google Drive has just gained a couple of new features and improvements in just one week. Playback and search enhancements are part of Google Drive’s latest two updates, so expect some of them to pop up in your app very soon.

Among the most important changes added to the app, the improvements to Google Drive’s search experience consists of three key aspects:

  • Simplifying how you access query filters by introducing filter categories that are accessible directly below the search bar and include filters for File Type, Owners and Last modified.
  • Showing you relevant query filters as you type your query, enabling you to easily select a filter and saving you the time and effort of typing out the full search.
  • Adding the option to further refine your search after reaching the search results page.

The bad news is these improvements are only rolling out to iOS devices, although Google did say that Android users will be getting these very soon too. More importantly, these changes are already available to Google Workspace customers, Google Workspace Individual subscribers, as well as users with personal Google accounts.In addition to search improvements, Google Drive is also getting some new playback features. Basically, Google is adding the ability to generate and playback Dynamic Adaptive Streaming over HTTP (DASH) video transcodes for all videos uploaded to Drive.

What this means is users will get higher or lower resolution playback based on the quality of their local network. Following this update, Google Drive users should notice improvements to the time it takes from clicking play to actually starting playback, and a reduction in re-buffering in normal playback and during playback at higher speeds.

This specific update is rolling out now to all Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. It’s worth mentioning that these playback improvements only apply to new videos uploaded to Drive for the moment, but existing videos will be updated by the end of the year, Google says.


[ad_2]
Source link

Google makes Photomath acquisition official on Play Store

andreasc
-
0
Google makes Photomath acquisition official on Play Store
[ad_1]

Google has officially brought the AI-based math-solving app Photomath under its banner on the Play Store. This comes more than a year after the company announced its acquisition of the popular app. Photomath allows users to take pictures of math problems and get step-by-step solutions. It launched in 2014 and has been downloaded more than 100 million times on iOS and Android.

The deal last year signaled Google’s intent to bolster its AI capabilities for math. Photomath’s AI is adept at recognizing handwritten text, diagrams, and symbols commonly found in math questions. It can interpret problems, provide step-by-step instructions, and offer visual explanations through animated videos.

Photomath will likely continue to offer its Photomath Plus subscription service within the app. For $9.99 per month or $69.99 annually, users can unlock additional features such as full textbook solutions, step-by-step animated tutorials, and more in-depth problem explanations. This could also provide an ongoing revenue stream as Google looks to monetize the app.

Photomath is now under the wing of Google

It seems that Google will look to integrate Photomath’s specialized math-solving capabilities into its products. Some Google services already offer math support, such as Google Lens and Gemini. For example, the Homework filter in Lens allows you to photograph problems, but the solutions are sometimes limited. Integrating Photomath could greatly improve Lens and Search’s ability to understand complex math concepts and provide more comprehensive answers.

Google will maintain Photomath as a separate app, giving it its own place in the educational technology market. Meanwhile, it will also reach a much broader audience by embedding the technology behind it into core Google experiences.

Google had previously acquired another educational app, Socratic. It also helps users solve math and other subject questions using their mobile cameras. However, Socratic hasn’t seen any updates since 2020, suggesting that Google may now be shifting its focus to Photomath.


[ad_2]
Source link
1...360361362...1,476Page 361 of 1,476