As we know from the news initially shared during CES 2024, and then followed up by the announcement of the January Pixel Feature Drop, Google and Samsung are yet again joining forces for good and bringing clarity to its users by combining Google’s “Nearby Share” and Samsung’s “Quick Share” into one name: Quick Share. This new rebranded product will be present in both Samsung and Pixel devices as a universal file sharing solution that can be used across Android, and soon, Windows.
According to Android Police, Pixel phones seem to already be receiving the new updated app with the rebrand, and other Android devices are likely to follow. However, it is important to note that Google’s Quick Share is not identical to Samsung’s native version. Google’s solution connects with Play Services, allowing for a wider deployment, whereas Samsung’s app is still manufacturer-specific. However, both will receive compatibility updates.
Google may have started rolling out Quick Share to some Android users. One user reports seeing the new Quick Share (formerly called Nearby Share) on their Pixel phone.
Let me know if you see Quick Share on your Android device!
Perhaps in an attempt to minimize confusion, Google’s Quick Share will fully replace Nearby Share on Samsung smartphones. This means that services like temporary link sharing and encrypted file transfer, which are available in Samsung’s Quick Share, will be unavailable in Google’s version. However, a new perk has arrived: nearby Quick Share devices are now displayed right in the share sheet, making file transmission easier, and eliminating the extra step of having to open the full interface.
However, there are some Pixel and OnePlus users reporting that particular perk of seeing their devices in Quick Share is not showing up for them. This suggests a gradual rollout with server-side flags. We will have to wait and see if this added feature sticks as the updated Quick Share rolls out more widely.
New “Quick Share” share sheet showing nearby devices vs old share sheet | Source: Android Police
Regardless of this initial hiccup and confusion, the Quick Share makeover should make file sharing easier across Android. As the rollout progresses, we will definitely be learning more about the specific features and functionalities available to different users and devices.
The Google Pixel Watch and Pixel Watch 2 are some of the most feature-packed and usable smartwatches on the market. One reason is that you can easily use your watch to control certain aspects of your phone’s camera. Well, thanks to a new report, we now know that the Pixel Watch camera app has more controls.
The Google Pixel Watch 2 is the latest smartwatch from the company, and it improved upon what the company brought with the first generation. It comes with up-to-date Wear OS 4, smooth performance, and perfect integration with the Google Pixel ecosystem. If you’re interested in picking up this device, check out the link below.
There are now more controls on the Pixel Watch camera app
Smartwatches are extremely useful, and they provide an avenue for you to move more functionality away from your phone and onto your wrist. This is why there’s a convenient camera app for the Google Pixel Watch. It allows you to take a picture with your phone using the watch as a remote. You can also zoom in and out, turn on/off the self-timer, and switch between the front and back cameras. It eliminates your need to run back and forth between your camera and the spot where you’re taking pictures if you find yourself without a cameraman.
Also, another great feature of this app is the fact that you can see a live preview of the viewfinder right on your watch. So, you’ll know exactly what you’re seeing before you take the picture. Obviously, the viewfinder will be very small, but it still gives you a good idea of what you’re looking at.
As convenient as this is, it’s been pretty limiting in terms of functionality. When you’re taking a picture in the dark, you’re pretty much stuck with the camera’s default mode. Fortunately, after a new update, the Pixel Watch camera app has more controls.
Using the app, you can switch between video, photo, portrait, Night sight, slow-mo, and time-lapse modes. This adds a ton of functionality to the app, and it will spark more people to use it. If you don’t see this feature yet, make sure the camera app on your Pixel Watch is fully up to date.
Generative AI tools like GPT-4 are great for research, creating content, Etc. However, some people using this technology aren’t concerned with creating poems for high school essays. There are some people who will use them to create destructive weapons. A team of scholars and experts have been doing research to see how easy it is to use GPT-4 to create bioweapons. Well, the chances of that are small, but they’re not non-existent. This comes soon after OpenAI signed a contract with the US Department of Defense.
There’s a lot of confusion surrounding the difference between chatbots and LLMs (large language models). For example, that’s the same difference between Google Bard and Gemini. So, it’s important to know why they are different. ChatGPT is the chatbot; the actual user-facing interface with the text box and the results. GPT-4 is the model, or the brain, processing the text prompts and delivering the results to the chatbot to be displayed.
You gain access to the GPT-4 model when you sign up for ChatGPT Plus. If you sign up for a subscription, you’re still using the same ChatGPT that’s present for free users. However, your results are powered by the GPT-4 model, whereas free users’ results are powered by the GPT-3.5 model.
Research shows only a slight chance for GPT-4 to be used to make bioweapons
Not too long ago, the Biden Administration signed an executive order targeted at the Department of Energy to make sure that AI tools cannot be used to make any dangerous nuclear, biological, or chemical weapons. OpenAI, being one step ahead of the game, put together its own safety precautions on this subject. It constructed a preparedness team. This is a team of people tasked with eliminating certain threats like these.
This team of people gathered 100 people consisting of biology experts and biology college students to force GPT-4’s capacity for giving people instructions on creating bioweapons. One half of the team was given basic access to the internet. The other half was given a specialized version of GPT-4 along with access to the internet. This version of GPT-4 had no restrictions placed on it.
The two groups of people basically did red-teaming duties to try to get GPT-4 to slip up and give them the tools and knowledge to create extremely deadly weapons. One example was taking it to give them a way to synthesize the ebola virus. They’re also told you try to create weapons targeted at specific groups of people.
What were the results?
Well, this might be just a little bit worrying. The group with internet access was able to find some methods of doing so. However, the results for people with GPT-4 showed increased “accuracy and completeness.”; that’s scary. Moreover, the researchers said that using GPT-4 “provides at most a mild uplift in information acquisition for biological threat creation.”
At this point, this is extremely important research. Going through and figuring out how to eliminate as many threats as possible is what all AI companies should be doing. It’s bad enough that we have people making AI art, music, books, Etc. The last thing we need is for people to do actual harm to human life using the technology.
Three Samsung foldables are on the way, including a budget offering
WinFuture managed to get information from some import/export documents that confirmed limited component production quantities for the aforementioned devices. Those devices are codenamed Q6, B6, and Q6A.
Now, the Q6 and B6 are probably the Galaxy Z Fold 6 and Galaxy Z Flip 6. The third one, the Q6A, is likely the more affordable variant of the Galaxy Z Fold 6. We’re still not sure what will it be called, though. Samsung could use the ‘Lite’ naming, which would be per course for the company. That model also won’t include an S Pen, in case you were wondering.
A recent report indicated one way Samsung is trying to save money on that foldable so that it can offer it at a lower price tag. The company is said to be using inkjet printing for the bezels in order to do that.
Not much is known about the company’s budget foldable smartphone
When it comes to the phone’s design and specs, well, we still don’t have much to go on. All we know is that the phone will be a book-style foldable, and chances are it will resemble the Galaxy Z Fold lineup.
I wouldn’t be surprised if it looked very similar to the Galaxy Z Fold 5, or even the upcoming Galaxy Z Fold 6. Samsung will likely use inferior hardware, both on the outside and on the inside… well, compared to the upcoming Galaxy Z Fold 6, of course.
That phone is expected to be quite powerful still. The company may reach for last year’s flagship SoC, or perhaps a truly powerful mid-range chip. We’re still expecting to see 120Hz displays on the phone, and rather capable cameras.
More information will likely arrive fast. The company’s more affordable foldable could launch alongside the Galaxy Z Fold 6 and Galaxy Z Flip 6 handsets. In other words, it could arrive in August.
Twelve malicious Android espionage applications have been discovered by researchers, with all of them executing a remote access trojan (RAT) code known as VajraSpy.
Six of them were discovered to be available on Google Play Store, whereas the other six were discovered with VirusTotal.
All of these applications share several similarities, such as messaging platform bundled with VajraSpy RAT code and developer certificate.
The date of upload of these applications was between April 2021 and March 2023. Among these applications, only one was found to be a new application that differed from the rest.
DocumentRun Free ThreatScan on Your Mailbox
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
The earliest app was discovered to be Privee Talk, uploaded on April 1st, 2021, and the latest app was Wave Chat, which appeared in September 2023.
All of these applications combined had nearly 1400 installations. The list of malicious applications is as follows:
According to the reports shared with Cyber Security News, VajraSpy is a customizable trojan that can be used to exfiltrate user data that uses the same class names on all malicious applications.
Same malicious application classes (Source: ESET)
Additionally, all observed applications shared the same worker classes for data exfiltration. However, the trojanized applications can be split into three groups as
Trojanized messaging applications with basic functionalities
Trojanized messaging applications with advanced functionalities
Non-Messaging applications
Timeline of Applications (Source: ESET)
Trojanized Messaging Applications
This group consists of malicious applications that were available on Google Play, such as MeetMe, Privee Talk, Let’s Chat, Quick Chat, GlowChat, and Chit Chat. It also includes Hello Chat, which wasn’t available on Google Play.
This group of applications has a standard messaging functionality and initially requires the creation of an account.
In addition, mobile number verification is also performed using OTP SMS codes. However, this is an irrelevant step as the VajraSpy is already running regardless of this step’s success.
Moreover, phone number verification is speculated to be performed by threat actors as a means of learning the victim’s country code.
All of the applications categorized under this group are capable of performing exfiltrating the following data.
Contacts,
SMS messages,
call logs,
device location,
a list of installed apps, and
files with specific extensions (.pdf, .doc, .docx, .txt, .ppt, .pptx, .xls, .xlsx, .jpg, .jpeg, .png, .mp3, .Om4a, .aac, and .opus).
Trojanized Messaging Applications
Trojanized messaging applications with advanced functionalities
This group consists of TikTalk, Nidus, YohooTalk, Crazy Talk, and Wave Chat applications. These applications perform extended capabilities such as intercepting WhatsApp, WhatsApp Business, and signal communication.
Moreover, VajraSpy also logs any visible communications from these apps in the console and in the local database, which are uploaded to the Firebase-hosted C&C server. Apart from this, these applications can also intercept any device notifications.
One of the applications inside the group, Wave Chat, was found to have additional capabilities, such as:
record phone calls,
record calls from WhatsApp, WhatsApp Business, Signal, and Telegram,
log keystrokes,
take pictures using the camera,
record surrounding audio, and
scan for Wi-Fi networks.
Non-Messaging applications
As mentioned earlier, only the Rafaqat رفاقت application belongs to this group, which is the only non-chat application. Though this application asks for a phone number, no verification is performed.
This application was also found to be capable of intercepting notifications and exfiltrateContacts and files with Specific extensions such as .pdf, .doc, .docx, .txt, .ppt, .pptx, .xls, .xlsx, .jpg, .jpeg, .png, .mp3, .Om4a, .aac, and .opus.
ESET reported that these applications have been published, providing detailed information about the source code, application analysis, malware analysis, and other information.
In an emergency directive, the Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024.
CISA has taken this drastic step after noticing widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Policy Secure solutions with severe consequences:
“Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems.”
Based on that, CISA determined that these conditions pose an unacceptable risk to Federal Civilian Executive Branch (FCEB) agencies and requires emergency action.
These actions include threat hunting on any systems connected to—or recently connected to—the affected Ivanti device. CISA notes that agencies running the affected products must assume domain accounts associated with the affected products have been compromised.
Agencies have permission to reconnect devices only if they’ve been factory reset and updated according to Ivanti’s instructions.
How did it come this far?
On January 10, 2024 Ivanti released advisories about two actively exploited vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways. Active exploitation dates back as far as December 3, 2023. These vulnerabilities were listed as CVE-2023-46805 and CVE-2024-21887.
Ivanti provided a workaround and said patches would be released on a schedule based on versions, with the first coming out in the week of January 22. The last version will come out the week of February 19.
Soon after, reports started surfacing about several groups exploiting the vulnerabilities amassing as many as 1,700 compromised devices, with 7,000 more that remained vulnerable. Also, some security firms noticed a Chinese APT was able to bypass the mitigations.
New vulnerabilities came to light on January 31, 2024 listed as CVE-2024-21888 and CVE-2024-21893 where Ivanti remarked that it was aware of “a small number of customers who have been impacted by CVE-2024-21893 at this time.” Customers can read this KB article for detailed instructions on how to apply the new mitigation and how to apply the patch as each version becomes available.
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Samsung‘s Galaxy S24 Ultra has a camera hardware issue, in at least some units. The images on the screen shift abnormally when switching between 1x, 3x, and 5x lenses. X user @smasithick first spotted and reported the issue, which has been confirmed to be a hardware problem by a Samsung service center official. We can confirm the same issue on one of our retail units.
The Galaxy S24 Ultra has a camera hardware issue
The Galaxy S24 Ultra features four cameras at the back. There’s a 200MP primary camera, a 12MP ultrawide lens, a 10MP 3x optical zoom camera, and a 50MP 5x optical zoom camera. When capturing photos and videos, it can automatically switch to the right lens based on the zoom, lighting, and distance to the subject. You can also manually select the lens you want to capture a shot with.
Normally, this switching happens smoothly like you are zooming in and out with the same lens. However, X user @smasithick recently noticed that switching between the main shooter and the two zoom cameras causes the image to shift on their Galaxy S24 Ultra. The phone doesn’t smoothly zoom into the subject. The issue is particularly noticeable when focusing on nearby objects.
The affected consumer visited a nearby Samsung service center and demonstrated the issue to the officials there. They initially denied any issue and said it was within normal functioning for the Galaxy S24 Ultra. The service center personnel flashed the phone (the user had already performed a factory reset to no gain) but the image shift issue persisted. After a long discussion, they eventually approved a replacement the next day.
Anybody is facing image shift issue while zooming from 1x to 5x in #GalaxyS24Ultra?
The Galaxy S24 Ultra in question here was purchased in India. It was manufactured in the country in December 2023. While Samsung agreed to replace the defective unit, that isn’t the end of the story. The service center manager told the user that the company was already aware of the issue. It identified the “hardware issue” during the first batch of production in India. The issue exists on many devices from the first batch, the manager suggested.
They added that Samsung fixed it in the second batch. However, it still decided to sell the faulty units, which is unethical and extremely disappointing, to say the least. The same X user confirmed the issue on a couple more Galaxy S24 Ultra units, while the service center personnel showed a video of the issue on another unit from a different Samsung showroom. It also exists on our Indian retail unit of the Galaxy S24 Ultra.
Put simply, this is a fairly widespread hardware issue with Samsung’s best flagship smartphone that the company was aware of even before it started selling the device. The firm could have easily avoided it. Worst yet, it may not be limited to Indian retail units, as there are reports of the same issue from Thailand and Spain as well. It remains to be seen how the Korean firm handles it all.
As of this writing, Samsung has yet to acknowledge the issue, though it expressed concern about the X user’s posts saying that they had negatively impacted its reputation. Maybe you should make customer experience of paramount importance for a positive word of mouth, Samsung. We will keep a close eye on this matter and let you know when we have more information. If you have a Galaxy S24 Ultra, make sure to check for the issue.
The FritzFrog botnet, originally identified in 2020, is an advanced peer-to-peer botnet built in Golang that can operate on both AMD and ARM-based devices. With constant updates, the malware has developed over time, adding and enhancing features.
A new strain of the FritzFrog botnet was discovered exploiting the Log4Shell vulnerability to target all hosts in the internal network.
Additionally, by using weak SSH credentials, the malware attacks servers that are accessible over the internet.
“Newer variants now read several system files on compromised hosts to detect potential targets for this attack that have a high likelihood of being vulnerable,” Akamai shared with Cyber Security News.
The Exploitation Chain
The only infection vector used by FritzFrog was SSH brute force; however, more recent iterations of the malware have added the Log4Shell exploitation dubbed “Frog4Shell”.
DocumentRun Free ThreatScan on Your Mailbox
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
A vulnerability called Log4Shell was found in the popular open-source Log4j web tool in 2021. Governments and security firms carried out a global initiative to patch the technology.
Presently, the malware targets every host on the internal network as part of its routine for spreading. The malware is attempting to connect to every address on the local network to accomplish this.
According to the researchers, internal computers, which were less likely to be exploited, were frequently overlooked and went unpatched—a situation that FritzFrog takes advantage of.
FritzFrog scanning the local network to identify targets
“This means that even if the “high-profile” internet-facing applications have been patched, a breach of any asset in the network by FritzFrog can expose unpatched internal assets to exploitation,” researchers said.
FritzFrog searches for HTTP servers on ports 8080, 8090, 8888, and 9000 to find possible Log4Shell targets. The malware is currently targeting as many vulnerable Java applications as possible.
Log4Shell exploitation flow
Additionally, FritzFrog enhanced its capacity to identify targets for SSH brute force, which is its primary infection vector.
FritzFrog will now attempt to identify specific SSH targets by counting multiple system logs on each of its victims, in addition to targeting randomly generated IP addresses.
The malware now includes a module that exploits CVE-2021-4034, a privilege escalation in the polkit Linux component. On susceptible servers, this module allows the malware to operate as root.
“Since it is installed by default on most Linux distributions, many unpatched machines are still vulnerable to this CVE today,” researchers said.
Recommendation
The network segmentation can stop the lateral movement of the malware. Software-based segmentation has the potential to be a long-lasting protective measure that is comparatively easy to implement.
For use on SSH servers, a FritzFrog detection script is given that searches for the following FritzFrog indicators:
a. Running processes named nginx, ifconfig, php-fpm, apache2, or libexec, whose executable file no longer exists on the file system (as seen below)
The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection.
The routers are malware-infected NetGear and Cisco small office/home office (SOHO) devices that no longer receive updates because they have reached their End-of-Life.
The FBI did this because it believed the threat actor behind the botnet of routers is an Advanced Persistent Threat (APT) group known as “Volt Typhoon.”
The US Cybersecurity and Infrastructure Security Agency (CISA) warned US businesses in May, 2023 about Volt Typhoon, an elite squadron of hackers with ties to the Chinese government, that targets high-value entities like governments, large corporations, and critical infrastructure.
On January 31, 2024, FBI director Christopher Wray warned in a House committee hearing that “cyber hackers working for the Chinese government are preparing to wreak havoc on the US.”
To stop this from happening, the FBI used court-authorized operations to take control of hundreds of routers that Volt Typhoon had been using as gateways to get inside sensitive infrastructure. They used the routers to hide the actual origin of malicious attempts to reach inside the utilities and other targets.
The FBI says it tested the malware removal extensively on the relevant Cisco and NetGear routers, as specified in the court documents, to avoid any impact on the legitimate functions of the hacked routers.
The FBI will inform owners of the affected routers, or their providers if the owner’s contact information is not available.
A router’s owner can reverse these mitigation steps by restarting the router. However, a restart that is not accompanied by mitigation steps similar to those the court order authorized will make the router vulnerable to reinfection.
The FBI warns that:
“The remediated routers remain vulnerable to future exploitation by Volt Typhoon and other hackers, and the FBI strongly encourages router owners to remove and replace any end-of-life SOHO router currently in their networks.”
At the same time, Wray let the House committee know that US cyberdefense is badly outnumbered.
“If you took every single one of the FBI cyber agents, intelligence analysts and focused them exclusively on the China threat, China’s hackers would still outnumber FBI cyber-personnel by at least 50 to 1.”
According to CISA Director Jen Easterly, who also testified before the House select committee on the Chinese Communist Party, it’s likely we’re only seeing the tip of the iceberg.
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The Samsung Galaxy S24 Ultra has the best display of all smartphones ever, the display experts at DXOMARK determined. The phone excelled in the firm’s rigorous display test suite, which measured its performance across six criteria, to achieve an all-time high score of 155. The Google Pixel 8 and Pixel 8 Pro, which also feature a Samsung-made display, previously led the chart with a score of 154.
Galaxy S24 Ultra excels in the DXOMARK display test
Samsung has equipped the Galaxy S24 Ultra with a 6.8-inch Dynamic AMOLED 2X featuring a 1440 x 3120 pixels resolution, 505 ppi pixel density, and a 120.Hz variable refresh rate in a 19.5:9 aspect ratio. The device boasts a peak brightness of 2,600 nits and comes with Corning Gorilla Glass Armor protection that has enhanced anti-reflective properties. During our Galaxy S24 Ultra review, we found that it is a highly underrated feature of the phone.
However, it’s not all sunshine and roses for the new Samsung flagship’s display. The phone has a weird bug causing a color accuracy issue. While colors seem fine in the natural mode, switching to the vivid color profile doesn’t produce the expected level of saturation. It hardly sees any changes over the natural mode. The good thing is that Samsung is aware of the issue and plans to fix it with a software update.
This didn’t stop the Galaxy S24 Ultra from securing the top position in DXOMARK’s evaluation, though. The phone exhibited excellent readability in all lighting conditions and angles. It also has great luminance uniformity and accurate color rendering in most environments. The new Samsung flagship delivered excellent management of frame mismatches when watching videos or playing video games.
DXOMARK also noted the phone’s reduced screen reflections. The areas where the Galaxy S24 Ultra’s display performed below expectations include brightness levels in videos and dimming in low-light environments. The firm found the display to be excessively bright during video performance, while it didn’t get as dim as expected in indoor lighting. The phone was also poor at managing involuntary touches.
Samsung reserved the best for itself
Samsung is one of the most renowned display makers globally. It supplied OLED displays to many smartphone companies, including Apple and Google. As said earlier, the Pixel 8 series features Samsung displays, and so does the iPhone 15 series. However, as we see in DXOMARK’s display test, the Korean firm reserved the best for itself. You can read the firm’s full report on the Galaxy S24 Ultra’s display performance here.