Galaxy Z Fold 4, Flip 4 & Tab S9 get February update in the US

0
[ad_1]

Another day, another batch of Samsung devices gets the February update. The company has released the latest security patch for the Galaxy Z Fold 4 and Galaxy Z Flip 4 globally, including in the US. The Galaxy Tab S9 series is also picking up the new SMR (Security Maintenance Release) stateside.

Galaxy Z Fold 4 and Flip 4 grab Samsung’s February update

Earlier today, Samsung released the much-awaited first update for the Galaxy S24 series. It brought the February security patch, bug fixes, and performance improvements. While this update has yet to reach the US, we can confirm the availability of the latest SMR for the Galaxy Z Fold 4 and Galaxy Z Flip 4 here.

As of this writing, the new security patch is rolling out to the factory-unlocked variants of the 2022 foldable duo. The new firmware build number for the Fold model is F936U1UES4EXAD, while that for the Flip is F721U1UES4EXAD. The update should soon be available for carrier-locked variants in the US.

The Galaxy Z Fold 4 and Galaxy Z Flip 4 are also picking up the February security patch in other markets. The build numbers for Korean versions are F936NKSS2EXAF and F721NKSS2EXAF, respectively. For the rest of the world (excluding China and Canada), they are F936BXXS5EXAB and F721BXXS5EXAB, respectively.

Regardless of the build number, the changelog for the update is the same globally. “The security of your device has been improved,” the only entry in Samsung’s official release notes states. This means the devices aren’t getting anything more than this month’s security patch. The February SMR fixes 69 vulnerabilities across all Galaxy devices.

Note that Samsung has already pushed the February update to its third-gen and fifth-gen foldables globally. This leaves the original Flip and the Fold 2 as the only Galaxy foldables left to update. Since these devices are no longer eligible for monthly security patches, they may or may not pick up the latest release.

The new security patch is available for the Galaxy Tab S9 series

The Galaxy Tab S9 series joins the Galaxy Tab S6 Lite in Samsung’s February update party, which already includes dozens of smartphones. Both the flagship lineup and the FE (Fan Edition) models are picking up the latest security patch in the US. The build numbers for the new tablets end with “BXA8”. A global rollout should be just around the corner. Like Galaxy phones, these tablets are also only getting this month’s security fixes with this update.


[ad_2]
Source link

New York City files a lawsuit against social media platforms over youth mental health crisis

0
[ad_1]

New York City Mayor Eric Adams announced on Wednesday that the city filed a lawsuit against TikTok, Instagram, Facebook, Snapchat, and YouTube for their “damaging influence on the mental health of children.”

The City of New York, the New York Department of Education, and the New York City Health and Hospitals Corporation have jointly filed the lawsuit with the California Superior Court. The lawsuit alleges that social media companies intentionally design their apps to be as addictive as possible to teens. The city officials also blame social platforms for children’s poor school performance.

“Our city is built on innovation and technology,” said Mayor Adams. “But many social media platforms end up endangering our children’s mental health, promoting addiction, and encouraging unsafe behavior.”

The plaintiffs also demand that social platforms change their behavior and compensate for their damaging impact on public health. The state of New York claims it spends over $100 million on youth mental health programs and services a year.

Social platforms respond to the New York City allegations

Meanwhile, all social platforms in the New York City lawsuit responded to the allegations and emphasized their firm will to protect children. Meta spokesperson Andy Stone told Axios that the company has “spent a decade working on these issues and hiring people who have dedicated their careers to keeping young people safe and supported online.”

Google spokesperson José Castañeda said the tech firm is working with youth, mental health, and parenting experts to provide its youth users with age-appropriate experiences. TikTok and Snapchat also alluded to their parental tools and procedures to keep children safe.

US might need federal laws to protect public mental health on social media

The declining youth mental health and social media’s impact on making it worse is a hot topic of debate among US lawmakers. Back in November, the Senate Judiciary Committee held a hearing to assess the impact of social media on teen mental health. The Senate also held a hearing for Meta, TikTok, Snap, Discord, and X (formerly Twitter) CEOs in January to discuss kids’ mental health on social media.

There is no federal law yet to protect children’s mental health in online environments. As a result, filing lawsuits is the only remaining way for states to keep social media companies accountable.


[ad_2]
Source link

This Google Pixel Fold 2 concept looks great & is based on a leak

0
[ad_1]

The Google Pixel Fold 2 appeared in a leaked image quite recently. That image did cover the phone’s backplate, so the vast majority of details were hidden. The shape of the rear cameras and the front side design were shown, though. Well, a Google Pixel Fold 2 concept has just appeared, and it actually looks great.

A Google Pixel Fold 2 concept is here, and it’s based on a recently leaked image

This concept is obviously based on that leaked image of the phone. You’ll notice that the camera shape is the same, but the designer had to fill in the gaps. Some really nice shots are shown in the video embedded below the article, while we also took some screenshots for your viewing pleasure. Those are also included below.

You’ll immediately notice that the entire shape of the device is different compared to the original Pixel Fold. The original Pixel Fold was quite wide and short, while this phone is narrower and taller, like most other book-style foldables in the market. That’s what’s expected out of the actual Pixel Fold 2, by the way.

In any case, the phone is shown in black and blue colors here, inspired by Google’s actual phone colors. On the back, you’ll notice an oval camera island, with two pill-shaped cutouts for the phone’s rear cameras and sensors.

The camera is not visible on the main display, and the bezels are very thin

Three cameras seem to be included on the back, and one selfie camera on the cover display. There doesn’t seem to be a camera included on the main display, or it sits under it. In any case, it’s not visible in these renders.

The bezels around both the main and cover displays are quite thin, which is nice to see, as the Pixel Fold was rather weird when it comes to bezels, especially around its main display.

Google is expected to announce the Pixel Fold 2 later this year. The device will most likely arrive in May, as that’s when the first-gen model launched last year. We’re only guessing, as Google could change its plans and push back the launch.


[ad_2]
Source link

Microsoft is bringing four Xbox-exclusive games to rival consoles

0
[ad_1]

Microsoft is bringing Xbox-exclusive games to its rival consoles. The Redmond-based company’s Gaming CEO Phil Spencer revealed that they have made the decision to release four games on Sony’s PlayStation 5 and Nintendo Switch. This announcement was shared in an official Xbox podcast. The development could turn out to be big in the gaming industry with the days of console wars about to be over from Xbox’s side. This is because video game players are attached to their specific consoles.

Microsoft confirms that it will release Xbox-exclusive games to other consoles

The decision to bring games exclusive to Xbox on other consoles is said to be a part of a broader strategy shift inside Microsoft’s gaming business. Spencer believes that over the next five or ten years games exclusive to one piece of hardware will be a smaller and smaller part of the game industry.

Spencer refrains from revealing the names of the four titles that will be released. However, Microsoft says that two are community-driven games while the other two are smaller titles. Citing sources familiar with Microsoft’s plans, The Verge reports that the first two games could be Hi-Fi Rush and Pentiment. They will be followed by Sea of Thieves and Grounded. Furthermore, the executive confirms that Starfield and Indiana Jones are not a part of the list. However, their potential arrival on PS5 in the future is not ruled out. Both games were previously rumored for Sony’s console and indicated Microsoft’s ambitious plans for multiplatform games.

More exclusive titles could make their way to other consoles in the future

For years Microsoft has been releasing games across platforms and consoles. In the podcast, Head of Xbox Game Studios Matt Booty revealed the cross-platform success of Fortnite and Roblox. In an interview with The Verge, Spencer says that the video game industry should not rule out a game going to another platform. Microsoft is focused on the aforementioned four games and learning from the experience.

It seems that Microsoft wants to make its games available for as many players as possible. However, not every Xbox-exclusive game will suddenly make its way to rival consoles. Spencer did seemingly confirm the possibility of more multiplatform games with the Bethesda and Activision Blizzard lineup.

Meanwhile, the podcast also teased the arrival of the next-gen Xbox with the largest technical leap.


[ad_2]
Source link

iOS Facebook, Instagram apps to charge Apple service fee for boosted posts

0
[ad_1]

Meta is about to implement a 30% fee for those who wish to boost (enhance) the visibility of their posts on the Facebook and Instagram iOS apps, a response to Apple’s 2022 App Store update that mandates a 30% cut from such digital transactions.

This charge targets ads or “boosted posts” designed to expand content reach, necessitating that boosts purchased on iOS be processed through Apple, thereby incurring the 30% service charge before taxes.

“The change, which goes into effect later this month, stems from a 2022 App Store update where Apple extended its typical 30 percent cut of digital purchases to boosted posts, which are essentially ads. The change particularly targeted Meta and other social apps that let people pay in-app to increase the reach of their content”, reads a report by The Verge and adds that Meta notes in a statement that small business owners and influencers who want to purchase a boost on iOS will now be billed through Apple, “which retains a 30% service charge on the total ad payment, before any applicable taxes.”Meta says purchasing boosts via Facebook and Instagram’s desktop or mobile websites is how to get around the Apple fee that is being passed on to iOS users. The alternative imposes significant constraints on iOS app users, who must now preload funds with an additional 30% fee to cover Apple’s transaction costs. This new payment method will debut in the US, with plans to expand to other markets later.

“We are required to either comply with Apple’s guidelines or remove boosted posts from our apps,” Meta says. “We do not want to remove the ability to boost posts, as this would hurt small businesses by making the feature less discoverable and potentially deprive them of a valuable way to promote their business.”

Meanwhile, Apple defends its policy, asserting that digital goods and services within apps must utilize In-App Purchase, including boosted posts.


[ad_2]
Source link

1000+ JetBrains TeamCity Instances Vulnerable to RCE Attacks

0
[ad_1]

A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8.

An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity server if the vulnerability is exploited.

TeamCity is a building management and continuous integration server developed by JetBrains that can be installed on-premises or used as a cloud service.

Document
Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

This attack, identified as an Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288), carries a high risk of damage and exploitability. 

Remote code execution (RCE) attacks that do not require user input can exploit this vulnerability.

All TeamCity On-Premises versions from 2017.1 through 2023.11.2 are vulnerable.

TeamCity Cloud servers have already been patched and verified not to be compromised.

Instances Exposed to the Internet

Shadowserver has observed that 1052 vulnerable JetBrains TeamCity Instances were exposed to the Internet.

Most exposed instances are found in the US 332 instances & Germany 120 instances.

The issue has been patched in version 2023.11.3, and JetBrains has notified its customers.

“We strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability,” JetBrains said.

If you are unable to update your server to version 2023.11.3, JetBrains has released a security patch plugin that allows you to continue patching your environment.

Security patch plugin: TeamCity 2018.2+ | TeamCity 2017.1, 2017.2, and 2018.1

“If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed,” the company said.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

New Samsung Galaxy Fit 3 leak leaves little to the imagination

0
[ad_1]

The Samsung Galaxy Fit 3 is one of the worst-kept secret products from the company to date. The wearable has already been the subject of several leaks ahead of the official launch. We already know the key specs and have seen many photos & a video of the fitness tracker. Now, a fresh leak has left nothing to the imagination.

The gadget tipster Roland Quandt has posted complete information and press images of the Fit 3 on the German website WinFuture.

Galaxy Fit 3 will be a basic fitness tracker dressed like a smartwatch

The Galaxy Fit 3 will be arriving as the successor to the Fit 2, which was introduced way back in 2020. While the Fit 2 features a square-shaped display, the Fit 3 will be sporting a bigger smartwatch-like screen. Essentially, the Fit 3 will be a basic fitness tracker that will be dressed like a smartwatch. Despite the low price tag, the new fitness-centric accessory from the brand will flaunt a housing made of aluminum.

Samsung Galaxy Fit 3 design colors

Furthermore, the source suggests that the Fit 3 will be sporting the 5ATM and IP68 certifications for dust and water resistance. Similar to its predecessor, the wearable will be available with a silicone strap in multiple color options.

Of course, the heart rate and SpO2 health sensors will be onboard the new Samsung fitness tracker in years. It will also have other fitness features like sleep monitoring, step counting, stress monitoring, and various workout modes. The Fit 3 will have all the key specs of the expensive Galaxy Watch devices but at an affordable price tag.

A large 1.6-inch AMOLED screen and up to 14 days of battery life

As per the source, the Galaxy Fit 3 will feature a 1.6-inch square-shaped display. The screen will have a resolution of 402×256 pixels and an AMOLED panel, which should be easy to read even outdoors. Software-wise, the device will boot a custom lightweight OS and will come with over 100 preloaded watch faces. The wearable is said to come with 16MB of RAM and 256MB of storage.

Samsung Galaxy Fit 3 white

The Galaxy Fit 3 will pair with the host device via Bluetooth 5.3. Unfortunately, it won’t be featuring support for GPS or NFC connectivity options. Lastly, the latest leak suggests that the fitness tracker will have a 208mAh battery under the helm. It is said to last for up to 14 days under regular use circumstances.

If the reports are to be believed, the Galaxy Fit 3 will be offered for around $75-$100. While the brand is yet to officially confirm, the wearable is expected to be launched by the end of this month. We will know more in the coming days, so stay tuned for regular updates.


[ad_2]
Source link

New Android & iOS malware that wants to steal your face

0
[ad_1]

A new malware has appeared on both Android and iOS, and it wants to steal your face for fraud purposes. The name of this malware is ‘GoldPickaxe’, and it uses a social engineering scheme to trick you into allowing it to scan your face.

New Android & iOS malware wants to steal your face

Once it does that, it uses the scan to generate deepfakes to get access to your bank account. It’s a part of a malware suit developed by the Chinese threat group known as ‘GoldFactory’. That group is behind ‘GoldDigger’, ‘GoldDiggerPlus’, and ‘GoldKefu’ malware.

‘GoldPickaxe’ was spotted by Group-IB, and the company says that the attacks mostly targeted the Asia-Pacific region. They did so on both Android and iOS, though. Thailand and Vietnam were the most targeted, but not the only two countries.

The fear is that this malware could spread like wildfire. The tactics it uses could easily be effective on a global scale. Users do need to allow for such face scans in order to be in danger, but not everyone is tech-savvy and many people would not recognize the threat.

‘GoldPickaxe’ distribution started in October 2023

The distribution of ‘GoldPickaxe’ allegedly started in October 2023. It’s simply a continuation of the three previous malware that we’ve mentioned. It works differently, but it has similar nefarious goals.

GoldPickaxe timeline

How does this malware work exactly? Well, users are approaches to phishing or smishing messages on the LINE app. They’re approached in their own language, and the messages represent themselves as government bodies.

Those messages are trying to get users to install specific apps, such as the ‘Digital Pension’ app. That app is not available via the Google Play Store, but the listing does impersonate the Google Play Store, that’s how users get tricked. That app then scans your face, and the problems begin.

Digital Pension fradulent app

Both Android & iOS users are in danger, but the approach is different

The process is a bit different for iOS users. It was first conducted via the malicious ‘TestFlight’ app, but then Apple removed that app. From that point on, the attackers switched to a malicious Mobile Device Management (MDM) profile, as they are trying to lure people into installing it.

MDM Profile GoldPickaxe

As per usual, please be careful what apps you download, and from where. Don’t let unknown apps scan your face, and be sure you get apps from official stores. Don’t believe fraudulent messages from instant messaging services, and so on. You can never be too careful.


[ad_2]
Source link

Apple readies AI tool to help you code iOS apps, while Google presents turbocharged Gemini 1.5

0
[ad_1]

Welcome to today’s obligatory, inevitable, inescapable Two Minute AI. Just joking – that’s far from the last time you’ll be hearing about AI today (or on any given day in the near future).

Apple, which is way behind the rest of the gang in the AI race, is reportedly set to introduce an artificial intelligence tool designed to assist in software development by auto-completing lines of code, akin to Microsoft’s Copilot (via Reuters).

This feature is expected to be incorporated into Apple’s Xcode development software possibly within the year. Xcode is Apple’s IDE (Integrated Development Environment), designed for creating software on Mac for various Apple platforms, including iOS, iPadOS, macOS, tvOS, and watchOS.

While Xcode is provided free to developers, Apple imposes a $99 annual fee for app submissions to its app stores. Additionally, Apple is exploring further AI integrations, including automated creation of Apple Music playlists and business presentation slide decks, as well as an enhanced “Spotlight” search function capable of deeper app interactions.

What about Google?


Meanwhile, Google is not letting go of the plan to eclipse ChatGPT as the go-to AI solution. The search engine giant has just presented Gemini 1.5 Pro that’s said to be so much more powerful than the Gemini 1.0 Pro. The Gemini Pro is Google’s general-purpose AI model (via The Verge) and the new 1.5 Version bested Gemini 1.0 Pro on “87% of benchmark tests”.

On a side note: Sam Altman’s prodigy platform is not sitting idle. OpenAI seeks ways to pull the plug on Google and occupy its search engine throne, as we reported mere hours ago.

Back to the new Gemini 1.5 Pro: what got Google CEO Sundar Pichai and the rest of the team extremely excited was the updated model’s “enormous context window”. This means that the Gemini 1.5 Pro can handle “much larger queries”, meaning it can check much more information at once.

“That window is a whopping 1 million tokens, compared to 128,000 for OpenAI’s GPT-4 and 32,000 for the current Gemini Pro”, the report reads and continues, stating that 1 million tokens are equal to “about 10 or 11 hours of video, tens of thousands of lines of code”, as Sundar Pichai explained. The context window means you can ask the AI bot about all of that content at once.

Google’s CEO has another idea for the new model (it’s now available to developers and enterprise users ahead of a full consumer rollout coming soon) and imagines movie directors and producers who could upload their entire movie and ask Gemini what reviewers might say; he sees companies using Gemini to look over masses of financial records. “I view it as one of the bigger breakthroughs we have done”, he says.

We might feed the Gemini 1.5 Pro model news from the last 10 years and see if things really started going south after that Harambe gorilla killing in May 2016. It will be an interesting analysis!


[ad_2]
Source link

Ukrainian Pleads Guilty for Leading Zeus & IcedID Malware Attacks

0
[ad_1]

Vyacheslav Igorevich Penchukov, a 37-year-old resident of Donetsk, Ukraine, has pleaded guilty to his key role in developing and deploying the notorious Zeus and IcedID malware attacks. 

In 2022, he was apprehended in Switzerland and extradited to the United States in 2023.

These two malware gangs are notorious for their ability to infect thousands of computers and steal millions of dollars from their victims. 

This group has become infamous for its highly effective cyber attacks on prominent healthcare facilities, government entities, and various private sector enterprises.

Document
Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

Roles in Zeus

In 2009, a member of the Zeus threat actor group named Vyacheslav compromised thousands of business computers. Once the computer was infected, they stole sensitive information such as bank account details, passwords, and personal identification numbers required for online banking.

Penchukov and his associates posed as victims’ employees and tricked banks into making unauthorized transfers from the victims’ accounts.

As a result of his actions, Penchukov was added to the FBI’s Cyber Most Wanted List. Despite this, he continued to collaborate with the IcedID malware operators.

Roles in IcedID

Vyacheslav was involved in working with IcedID between November 2018 and February 2021, a banking malware that surfaced in 2017. The malware is designed to extract sensitive personal information, including banking account credentials, from its victims. 

In addition to this, IcedID malware can install other malware and ransomware on the infected systems. One notable incident involving IcedID was the attack on Vermont Medical Center, which resulted in the crippling of more than 1,300 servers.

“Core to the FBI’s cyber strategy is our willingness to play the long game and take players off the field. Vyacheslav Penchukov was a prolific criminal for over a decade and his criminal activities caused millions in damages,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

Penchukov pleaded guilty to one count of conspiracy to commit a racketeer-influenced and corrupt organization (RICO) act offense for his leadership role in the “Zeus” enterprise. Penchukov (as Andreev) also pleaded guilty to one count of conspiracy to commit wire fraud for his leadership role in the IcedID malware group, reads DOJ press release.

The defendant’s sentencing is set for May 9th, with a potential maximum sentence of 20 years in prison for each charge.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link