Google shipped “around 10 million” Pixel phones in 2023
Nikkei Asia’s source also said that Google plans to repeat such an “ambitious goal” in 2024 too. So the company hopes to ship at least 10 million Pixel phones once again.
What we do know is that the Pixel 7 and Pixel 7 Pro units made up a bulk of 2023 shipments for Google. The source did not share a breakdown of sales, which would have been good to know.
We presume that the Pixel 6a and Pixel 7a also managed to squeeze themselves in those numbers, and the Pixel 8 and Pixel 8 Pro too, of course. We don’t believe Google sold many Pixel Folds units, simply due to that price, but… that those phones do make up a small piece of the overall sales numbers too.
First Pixel 8 & Pixel 8 Pro will be manufactured in India this year
Nikke Asia also shared more info about Google’s plan to manufacture the Pixel 8 series in India. This was originally announced back in October last year, actually.
In any case, Google is already making Pixel phones in both China and Vietnam. The company wants to diversify more and improve “supply chain resilience” as a result of that.
Google will manufacture its first Pixel 8 Pro devices in India in Q2 this year (April-June), and the Pixel 8 will follow “around the middle of this year”. The company will kick things off with a “mall volume” of devices, though exact numbers were not shared.
The company plans to do just as good this year, if not better
It will be interesting to see if Google can repeat last year’s feat. 2023 marked Google’s best year ever in terms of Pixel phone sales. That will not be easy to match, let alone outdo, but we’ll see what will happen.
The company is planning to offer some interesting devices, including redesigned Pixel 9 and Pixel 9 Pro, and a much-improved Pixel Fold 2.
The US Food and Drug Administration (FDA) has recently issued a caution. It was a caution against using smartwatches to test blood glucose levels. Blood glucose levels may not be reliably or accurately measured by smartwatches despite their popularity and convenience. The rationale for the FDA’s caution will be explained in this article.
Why did the US FDA issue this warning?
The warning was released by the US FDA following a test of many smartwatches. The wearables claimed to be able to assess blood glucose levels. However, the FDA discovered that these devices have not received agency clearance or approval for this particular purpose. People with diabetes who depend on precise measures to control their illness adequately must know this information. It may cause major health effects as a result of inaccurate blood glucose readings.
What are the risks of using smartwatches for blood glucose monitoring?
Smartwatches detect blood oxygen levels and heart rate among other health parameters using optical sensors. When assessing blood glucose levels, these sensors might not be entirely exact or accurate. Variations in mobility, temperature, and skin tone can all have an impact on how accurate these measurements are.
How can individuals monitor their blood glucose levels accurately?
It is crucial to use trustworthy and certified testing procedures. To check blood glucose monitoring, diabetics must check their levels often. For precise readings, conventional blood glucose meters need a small blood sample from a finger prick. This procedure is still the gold standard. People with diabetes also frequently utilize continuous glucose monitors (CGMs), which are worn on the body and offer real-time blood glucose readings to successfully keep an eye on their levels.
To sum up, the US FDA’s advisory against measuring blood glucose levels with smartwatches emphasizes the importance of using precise and trustworthy techniques. Smartwatches are convenient and easily accessible, but they might not be the most dependable choice for diabetics who need accurate measurements to control their health properly. To maintain their health and well-being, people must speak with their healthcare professionals and utilize equipment approved to monitor their blood glucose levels.
In two rounds of job-cutting fiesta, Amazon’s Twitch laid off about a thousand workers in total. By the way, in 2022, Amazon initiated its own workforce reduction, which affected some 27,000 positions across the company, and parallels with the “Red Wedding” episode from “Game of Thrones” were drawn.
Before that, Twitch announced that it was ceasing its operations in Korea (South Korea, not North Korea, duh!) in February 2024.
The Amazon-owned streaming platform says it has been operating at “significant losses” because of high local costs. The company specifically pointed to the high network fees in the country. Korea introduced legislation that would force major content providers to pay to use networks in the country.
Apparently, Twitch has some money problems.
Now, the platform says that “updating prices in several countries” will “help streamer revenue keep pace with rising costs and reflect local currency fluctuations”. The first markets to feel the impact of those changes are the UK, Canada, Australia and Turkey.
As of March 28, Tier 1 subscriptions and gift subs will be more expensive in the UK, Canada and Australia. A base/gift sub is going up from £5 to £6 in the UK, $7 CAD to $8 in Canada and $8 AUD to $9 in Australia. Tier 2 and 3 prices will remain the same in those countries.
In Turkey, Twitch is significantly increasing the price of all three tiers. For instance, a Tier 1 sub will soon cost 43.90 lira ($1.42) instead of 9.90 (32 cents). Don’t be shocked by these figures – the value of the Turkish lira has plummeted over the last decade. However, a 343% jump isn’t funny if you’re the one paying for it.
Existing subscriptions will automatically renew at the new price – no action needed. Existing subscribers will be notified via email one month prior to this price change taking effect. We are not changing the price of Tier 2 or Tier 3 subscriptions or gift subs in Australia, Canada, or the UK. These updates apply only to subscriptions purchased on desktop or mobile web. We’ll be updating prices on mobile apps in the coming months.
Hackers target Apex code vulnerabilities in Salesforce to exploit security weaknesses, gain unauthorized access to sensitive data, or manipulate the system.
Apex is a powerful language that enables the customization of Salesforce with Java-like syntax. It executes logic, controls transactions, and responds to system events.
This is primarily used for business logic and is triggered by web services and object events.
Cybersecurity researchers at Varonis Threat Labs recently discovered serious Apex vulnerabilities in multiple Fortune 500 companies and government agencies.
While researchers promptly reported and alerted the affected companies, the vulnerabilities were marked with high and critical severity tags.
DocumentLive Account Takeover Attack Simulation
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.
‘Without sharing’ in Apex disregards user permissions, which grants unrestricted access and modification.
‘With sharing’ respects record-level permissions while overlooking object and field-level restrictions.
Running Apex classes ‘without sharing’ grants powerful capabilities but raises risks. It can lead to insecure data access (IDOR) and vulnerabilities like SOQL injection, Varonis said.
Besides this, the misuse by external users or guests poses data integrity threats. VTL demonstrates exploiting Apex vulnerabilities to access user data without permission.
Using a Salesforce environment with real code issues, the instance shows how attackers can abuse aura methods for reconnaissance.
This enables the extraction of sensitive data like phone or social security numbers.
Using the aura method (Source – Varonis)
Despite a custom field ‘VerySecretFlag__c,’ users can’t access others’ data. Even ‘CreatedBy.VerySecretFlag__c’ fails, and guests also lack access.
To bypass this, researchers exploited the ‘apex://CaseCreationController/ACTION$createCaseR’ via a custom Apex class, which is callable with Aura, specifying desired field returns.
The case retrieved solely via Apex is inaccessible by other means that hint at ‘without sharing’ mode. To access ‘VerySecretFlag,’ an attacker exploits this by specifying desired fields, like ‘CreatedBy.VerySecretFlag__c,’ via an over-permissive class by accessing data from other objects.
Apex is essential in Salesforce, but reviewing classes, especially ‘without sharing,’ boosts security as manual checks are time-consuming.
Both the Profiles and Permission Sets need to be examined to determine access. Access setup through Salesforce setup and then navigate to the Profiles.
Besides this, review each profile’s ‘Enabled Apex Class Access’ section.
Enabled Apex Class Access (Source – Varonis)
To verify the access, check Permissions Sets for each entry. Review users assigned to Profiles and Permission Sets. Examine class source code for the ‘without sharing’ declaration.
With Event Monitoring, track user calls and adjust permissions. Ensure safe coding practices, like using ‘:queryName’ syntax in SOQL to prevent injection.
Moreover, consider adding “WITH SHARING_ENFORCED” to your queries to enforce object- and field-level permissions. Adding “WITH SHARING_ENFORCED” only affects SELECT clauses and not WHERE clauses.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The Xiaomi 14 Ultra is now official. Xiaomi announced the phone in its homeland, China, only a couple of days before it arrived to global markets. As a reminder, the Xiaomi 14 Ultra will launch globally on February 25 in Barcelona. That launch will come as part of MWC 2024.
Having said that, the leaks were spot on when it comes to the design of the phone. Some of its specs were also accurately leaked. Just like its predecessor, this phone is heavily focused on the cameras, though it’s premium all around.
The Xiaomi 14 Ultra looks very similar to its predecessor, with two major differences
In terms of the design, it’s quite similar to the Xiaomi 13 Ultra, with two major changes. This device has a flat display, and it doesn’t have different heights in different parts of its backplate. In other words, the height of the phone doesn’t rise gradually towards the camera island, even though the camera island does protrude. More on that soon.
The Xiaomi 14 Ultra is made either out of aluminum and vegan leather, or titanium and glass, it all depends on the variant. Chances are that the titanium variant will stay exclusive to China, though, we’ll see.
In any case, the vegan leather models come in black and white colors, while the ceramic variant is blue-colored. There is also a gray (special edition) titanium model. The Xiaomi 14 Ultra has a flat frame all around, which curves towards the edges, for comfort’s sake.
The backplate is mostly flat, but it does curve quite a bit towards the edges. The display has a display camera hole that is centered up top, and even though the display is flat, there are curves towards the edges, where the bezels begin.
The camera island hosts four 50-megapixel cameras with Leica optics
The camera island does look very similar to the one on the Xiaomi 13 Ultra, especially when it comes to the arrangement of camera sensors inside it. You’ll also notice an easy-to-notice Leica branding in that camera module.
With that out of the way, let’s get down to the specs. The phone features a 6.73-inch QHD+ (3200 x 1440) AMOLED display. This is an LTPO panel, which offers an adaptive refresh rate of 1-120Hz. This panel also supports HDR10+ content and can reach a max theoretical brightness of 3,000 nits.
The Snapdragon 8 Gen 3 fuels this smartphone (an overclocked version), Qualcomm’s most powerful SoC to date. Xiaomi included 12GB or 16GB of LPDDR5X RAM inside of this phone, depending on the variant you choose. The 12GB RAM model comes with 256GB of UFS 4.0 flash storage, while the 16GB RAM variant is available in both 512GB and 1TB of UFS 4.0 flash storage. The titanium model comes with the highest possible combo possible.
There are four 50-megapixel cameras included on the back of this phone, along with Leica optics. The main camera is a 50-megapixel unit with variable aperture. That is Sony’s LYT-900 sensor, and OIS is supported here. The variable aperture goes from f/1.63 to f/4.0 here.
Two periscope telephoto cameras are used by Xiaomi
The second camera is a 50-megapixel ultrawide unit with a 12mm focal length and a 122-degree FoV. There are two periscope telephoto units here, both are 50-megapixel ones. The first one utilizes Sony’s IMX858 sensor, and has an f/1.8 aperture, while it offers a 75mm focal length. This camera offers 3.2x optical zoom.
The second periscope telephoto camera also uses Sony’s IMX858 sensor, but it has an f/2.5 aperture and a 120mm focal length. This camera supports 5x optical zoom. On the front, you’ll find a 32-megapixel camera (OmniVision OV32B sensor).
A 5,300mAh battery sits inside the phone, while 90W wired charging is supported here. The phone also supports 80W wireless charging, and reverse wireless charging too. Wi-Fi 7 is also supported, as is Bluetooth 5.4. The device has two nano SIM card slots and an optical in-display fingerprint scanner. Android 14 comes pre-installed, with Xiaomi’s HyperOS included on top of it.
It’s almost as thick as the world’s thinnest book-style foldable
This smartphone comes with an IP68 certification for water and dust resistance. It is 9.2mm thick, not counting the camera bump. So it’s almost as thick as the HONOR Magic V2, which is the thinnest book-style foldable on the market. Do note that a Leica Pro Kit/Case has also been announced, and it will be available globally. It does come with new functionality, and it even adds satellite communication to the phone (at least in China).
The Xiaomi 14 Ultra is 9.2mm thick, and it weighs 224 grams. The Blue ceramic model weighs 229 grams. The pricing for the Xiaomi 14 Ultra, in China, starts at CNY6,499 ($904) for the 12GB RAM model and goes all the way up to CNY8,799 ($1,224) for the titanium model.
It seems like everything at Google has been doing in regard to generative AI has been rushed. One example is how Google is hastily replacing Assistant with Gemini. This is the main reason why the Gemini has a low Play Store rating. Well, here’s how to switch back to Google Assistant from Gemini.
The Google Gemini app is a good app, but the company has been trying to switch out Google Assistant for it. This wouldn’t be such a huge issue if Gemini had the same functionalities as Assistant. However, it doesn’t. This is one reason why the Gemini app has a 3.2-star rating on the Google Play Store. this is a huge fall from the 4.2-star rating that it had when it first launched.
How to switch back to Google Assistant from Gemini
There are two ways for you to use Gemini as the default assistant. The first way is by getting the Gemini app. When you do so, it will automatically take over as the assistant. The other way is to summon Google Assistant and opt to try out Gemini as the assistant. This doesn’t really require you to have the Gemini app. In any case, switching back to Google Assistant is easy for both cases.
With the app
If you have the app, open it, and tap on your profile picture at the top right corner. When the little pop-up window appears, tap on the Settings button. At the bottom of the resulting page, you will see a button called Digital assistants from Google.
When you tap on it, you’ll see a page giving you the choice to switch between Google Assistant and Gemini as the default assistant on your phone. Choose Google Assistant. This way, you can have Google Assistant as your default assistant without having to uninstall the Gemini app.
Without the app
If you don’t have to Gemini app, then this just requires a few extra steps. Go to your home screen and summon the Gemini assistant. At the top right corner of the panel, tap on the expand icon (the little box with the arrow).
This will take you to the Google Gemini interface through the Google app. Once you’re in there, the process is the exact same. All you have to do is go to your settings and switch the assistant.
An updated version of the ObserverStealer known as AsukaStealer was observed to be advertised as malware-as-a-service that was capable of collecting data from desktop screenshots, Steam Desktop Authenticator application, FileZilla sessions, Telegram sessions, Discord tokens, browser extensions, and cryptocurrency wallets.
This year, on a Russian-language forum, the threat actor advertised AsukaStealer as a MaaS (Malware-as-a-service), providing an extensive list of features meant to steal confidential data from the targets.
AsukaStealer malware is written in C++ and has flexible options and a web-based control panel. The malware authors or developers used the same C&C infrastructure to host AsukaStealer and ObserverStealer.
DocumentLive Account Takeover Attack Simulation
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.
Notable Features of AsukaStealer
Cyble Research & Intelligence Labs (CRIL) discovered a malware-as-a-service (MaaS) known as “AsukaStealer” on February 2, 2024.
The malware was sold on a Russian-language cybercrime forum, with the web panel version 0.9.7 being offered for USD 80 per month.
On January 24, 2024, the AsukaStealer was marketed on another famous Russian forum under an alternate pseudonym.
Advertisement of AsukaStealer on the forum
The stealer had certain noteworthy features, such as:
Functional features:
The native styler is written in C++ and is 280 kb.
Collects browser data (Cookies, Passwords, AccountsSync, Extensions) on Chromium (Edge, Google, OperaGX) and Gecko (Firefox, Waterfox) engines.
There is functionality for uploading a file after collecting the log (Loader).
Ability to install custom proxies.
Ability to send logs to telegram.
Collects a screenshot from the desktop.
Collecting maFiles from the Steam Desktop Authenticator application (ProcessGrabber|Standard config).
An anti-duplicate system.
Total information collected by the malware
Configuration setup:
Customizable list of browsers [Chromium, Gecko].
Customizable FileGrabber/crypto wallet files.
Customizable list of extensions.
Customizable ProcessGrabber.
Customizable Loader.
Customizable Discord clients.
Multiple files that were interacting with the IP address “5.42.66.25” were discovered by researchers; VirusTotal had identified and flagged these files as ObserverStealer.
The AsukaStealer and ObserverStealer’s C&C panels have remarkably similar features.
The promoters of AsukaStealer MaaS also announced the termination of MaaS activities for ObserverStealer, which researchers noticed during the study in July 2023.
This suggests that the same threat actors created and managed both stealer malware.
ObserverStealer on offer and announcement of its closure
Notably, this threat was classified by Symantec as File-based (Infostealer Trojan.Gen.MBT), Machine Learning-based (Heur.AdvML.B), and Web-based.
All products with WebPulse enabled covered the observed domains and IPs under security categories.
“Threat actors who are proficient in malware development and capable of hosting a sizable C&C infrastructure, continue to seize opportunities to offer malware-as-a-service (MaaS) to cater to underground communities and make profits within a short period of time”, researchers said.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Chat app Signal will shield user’s phone numbers by default from now on. And, it will no longer be necessary to exchange phone numbers when people want to connect through the app.
In November, we reported that Signal was testing usernames to eliminate the need to share your phone number. Signal has now announced that these options are live, and will be rolled out to everyone in the coming weeks.
So, what exactly has changed?
Your phone number will no longer be visible to everyone you chat with by default. People who already have your number saved in their phone’s contacts will still see it.
In case you don’t want to hand out your phone number to connect with someone on Signal, you can now create a unique username that you can use instead.
If you don’t want people to be able to find you by searching for your phone number on Signal, you can now enable a new, optional privacy setting.
Note that the unique username is not your profile name which is displayed in chats, it’s not a permanent handle, and not even visible to the people you’re connected with in Signal.
The optional privacy setting will only allow people that have your exact unique username to start a conversation, even if they have your phone number.
During the transition, it is important to realize that both you and the people you are chatting with on Signal will need to be using the updated version of the app to take advantage of them.
The changes are optional. You are not required to create a username and you have full control over whether you want to enable people to find you by your phone number or not.
If you’d still like everyone to see your phone number when messaging them, you can change the default by going to Settings > Privacy > Phone Number > Who can see my number. You can either choose to have your phone number visible to Everyone you message on Signal or Nobody. If you select Nobody, the only people who will see your phone number in Signal are people who already have it saved to their phone’s contacts.
How to create a username on Signal
To create a username, go to Settings > Profile. A username on Signal (unlike a profile name) must be unique and must have two or more numbers at the end of it. This choice was made with the intention to help keep usernames egalitarian and minimize spoofing. Usernames can be changed as often as you like, and you can delete your username entirely if you prefer to no longer have one.
You will still have to have a phone number in order to create a Signal account as they act as a unique identification and anti-spam measure.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.
It’s not exactly a secret that the Samsung Galaxy Z Fold 5 is not a slim phone. Its predecessors weren’t either. That is kind of a problem these days, as other companies have considerably slimmer book-style foldables. Well, according to a new report, the Galaxy Z Fold 6 will be the company’s thinnest foldable yet, and by quite a margin.
The Galaxy Z Fold 6 looks set to become Samsung’s thinnest foldable yet
This is the phone’s thickness when folded, of course. If this ends up being true, the Galaxy Z Fold 6 will be thinner than the OnePlus Open, which is 11.7mm thick when folded, and it feels thin compared to the Galaxy Z Fold 5.
The HONOR Magic V2 will still lead the pack, however. That device is either 9.9mm or 10.1mm thick when folded, depending on the variant. The Xiaomi MIX Fold 3 will also remain slightly thinner than the Galaxy Z Fold 6 with 10.9mm thickness.
Do note that Rjey is not exactly a tipster, so take this information with a grain of salt. It would be great to see a thinner ‘Fold’ device from Samsung, that’s for sure. Samsung is playing catchup at this point.
Let’s hope that the crease will be less noticeable too
What we also want to see is a less noticeable crease. The Galaxy Z Fold 5 finally folds flat, like its competitors, but the crease is still too noticeable, both when you look at it, and to the touch. That’s not the issue the OnePlus Open and HONOR Magic V2 have, though.
The Galaxy Z Fold 6 will become official later this year, most likely in August. It will launch alongside the Galaxy Z Flip 6, while the Galaxy Ring could also become official during that event.
Users report significant losses due to the fake Rabby Wallet app, including one reporting a $5000 loss, another experiencing a 10% portfolio loss, and an NFT collector reporting $40,000 worth of ETH drained from their wallet.
A fake version of the Rabby Wallet app, a popular crypto wallet developed by DeBank Global Pte Ltd., was tricking users and stealing their funds on the Apple App Store. DeBank’s team confirmed that any app available on the store currently is fake, as its official app is still under review and yet to be approved by Apple.
For your information, Rabby Wallet’s mobile app’s beta version was announced on 16 February by team DeBank. However, scammers acted quickly and uploaded the app’s fake version to the iOS App Store, which was a wallet drainer and had no connection with the real app.
Interestingly, this fake version was approved by Apple before the actual wallet app, prompting users to download the drainer and get scammed.
The fake Rabby Wallet app, created by a developer called “Solution Development,” appeared on the App Store under the name “Rabby Wallet & Crypto Solution” and was detected after four days. A thread warning others about the fake app was posted on Rabby Wallet’s Apple discussion board and Discord channel with screenshots from scammed users.
The fake Rabby App on the Apple App Store
Affected users have also created a thread on Reddit to warn others about the fake app. One user claimed that a fake app by “VIET LONG FINANCIAL INVESTMENT JOINT STOCK COMPANY” has been approved, causing users to lose cryptocurrencies, with a user losing around 14 ETH.
“This scammer’s approved AppStore App called “Rabby Wallet & Crypto Solution” is tricking people into thinking it is the genuine one, they enter the seed phrase or private key, and moments later all of their life savings, crypto belongings are GONE!” a user u/CryptoCurrency wrote on Reddit.
Rabby Wallet team posted a statement on X to notify users about the presence of a fake app and to avoid downloading it. The fake app has now been removed by Apple.
However, this isn’t the first instance where fake apps appeared on a credible platform like the Apple App Store and deceived users. On February 7, 2024, Hackread.com published a warning from LastPass, urging users to avoid downloading fraudulent applications and remain cautious after a fake app was uploaded to the Apple App Store, posing as the legitimate LastPass Password Manager app. The app was developed by Parvati Patel and closely resembled LastPass’ branding and user interface.
In July 2023, Apple approved a fake THREADS app, which subsequently ranked first on the European Apple Store, despite the original app being launched by META just days before and wasn’t available in Europe. Nevertheless, such incidents are steadily rising, making Apple’s app review and approval process doubtful and questionable.