Samsung’s next Unpacked event is only two days away, and we’re all super excited for the new Galaxy S24 phones. Well, it appears that some people are more excited than others, as we’re still getting leaks of these devices. We just got some new leaked unboxing videos of the Galaxy S24 Ultra, and they confirm some leaked and rumored information.
If you’re excited about seeing the next unpacked event, it will be happening at 1:00 p.m. EST on Wednesday, January 17th. You’ll be able to catch it on Samsung’s official YouTube channel. We expect the company to announce several AI features because AI is now the big thing in Tech. And we all know that Samsung is always looking for the “Next Big Thing.” Along with AI enhancements, these phones are expected to come with the typical slew of hardware improvements.
We have new unboxing videos of the Galaxy S24 Ultra
A new post on X just spilled the beans on this upcoming phone. The account posted three different videos; each video showcases the unboxing of one color of the Galaxy S24 Ultra. As if this was a great big mystery, the Galaxy S24 Ultra closely resembles the Galaxy S23 Ultra, which resembles the Galaxy S22 Ultra… and, well, those devices resemble the later Galaxy Note devices. So, it has a familiar design. It’s large, it’s boxy, and it has the camera sensors jutting from the body individually.
What sets this model apart from previous models is the fact that it has a flat display. This marks the first time in nearly a decade that Samsung has released a full line of Galaxy S phones with flat displays.
In the videos, we see that the person is unboxing the videos and what looks like a store. So, it appears that the S24 has arrived at stores in preparation for retail sales, and an employee wanted to showcase these devices early.
unboxing of 3 different colours of the S24 Ultra has leaked.
In any case, we see how the phone looks and its Titanium Yellow, Titanium Violet, and Titanium Gray colors. These were the rumored colors for the device, so these unboxing videos just pretty much confirm these colors. There’s not much else that we can glean from the videos that we haven’t already discovered. There are also rumors that Samsung is going to offer some Samsung-exclusive colors that you can only buy from Samsung’s site.
Days after increasing its subscription fee, fuboTV has announced its plans to increase the monthly subscription charges again. fuboTV’s new pricing reflects a $5 increase in the monthly subscription fees, effective from January 10, 2024, for both new and returning customers. If you signed up on or before that date, your new pricing will kick in on your billing cycle from February 1, 2024. However, there’s a good part: subscribers also get unlimited cloud DVR with these new rates.
fuboTV increased prices for new and returning customers.
fuboTV has notified all users about this change via email. In case you missed the email, the streaming platform recommends checking your spam or junk folders. It noted that it has more than 70 channels in its basic package, including 10 radio channels in 2023.
You’d wonder why fuboTV has increased subscription fees. Well, it explains that this is primarily due to the costs associated with acquiring and maintaining high-quality content. The statement suggests that, occasionally, programming partners raise the prices they charge the streaming service for the content. These increases in licensing fees, production costs, and other related expenses can contribute to the overall operational expenses of the platform.
fuboTV’s available plans — and what’s changed.
fuboTV’s basic “Pro” package now costs $79.99 per month. There are fancier options too – the “Elite” one is $89.99, the “Premier” is $99.99, and the “Ultimate” is $104.99. But you can’t sign up for the “Ultimate” one if you’re a new subscriber. Also, fuboTV is adding $1 more each month for local live sports, which also applies to the Starz add-on.
The major highlight of fuboTV’s price hike is that it has eliminated DVR recording limits for all plans. So, everyone can enjoy unlimited recordings. This is a significant advantage similar to YouTube TV, but Google‘s service still provides this DVR benefit at a lower cost, as YouTube TV begins at $72.99 per month. We don’t know yet when fuboTV customers will get unlimited DVR recording, though.
In November 2023, real estate services company Fidelity National Financial (FNF) got its systems knocked offline for a week after a cyberincident.
As is often the case these days, it turns out that the cyberincident was very likely a ransomware attack that included a data breach. Ransomware operators typically steal data from the compromised systems to use as extra leverage against the victim.
The attack on FNF was claimed by ransomware group ALPHV/BlackCat on its leak site. ALPHV is typically in the top five most active ransomware gangs in our monthly ransomware reviews and is one of the most dangerous ransomware groups in the world.
The listing on ALPHV’s leak site has since been removed which might indicate that the ransom was paid. But it could also be another reason: In December 2023, the gang’s infrastructure was taken down by law enforcement. Unfortunately the gang did re-appear soon after.
In a form 8-K, FNF said it had notified applicable state attorneys general and regulators, and approximately 1.3 million potentially impacted consumers. Form 8-K is known as a “current report” and it is the report that companies must file with the SEC to announce major events that shareholders should know about.
The company has not so far specified the type of data that may have been stolen. FNF is providing credit monitoring and identity theft services to affected customers.
Data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Set up identity monitoring.Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.
In October 2023, Samsung launched two new affordable Android tablets, the Galaxy Tab A9 and Galaxy Tab A9+. The devices were first released in India. The Plus model is now available in the US too. Priced at $220 and above, the tablet can be bought directly from Samsung’s official website. It is also available on Amazon and Best Buy.
Samsung’s Galaxy Tab A9+ affordable tablet is now available in the US
The Galaxy Tab A9+ is an affordable tablet powered by Qualcomm’s two-year-old Snapdragon 695 processor. It is available in 4GB and 8GB RAM variants paired with 64GB and 128GB storage, respectively. The device supports microSD cards for expandable storage. Samsung has equipped the tablet with an 11-inch LCD screen featuring a Full HD+ resolution (1,920 x 1,200 pixels) and a 90Hz refresh rate.
A 7,040mAh battery fuels the Galaxy Tab A9+ with 15W charging support via a USB Type-C port. You won’t get a charger in the box, though. Samsung has long stopped providing one with its products. There is an 8MP camera at the back and a 5MP camera at the front with no LED flash. You can record 1080p videos with both cameras. The tablet offers AKG-tuned quad stereo speakers, making it ideal for media consumption.
Samsung is selling the device in Wi-Fi and cellular (5G) models with support for a physical nano-SIM and an eSIM. Other known specs of the Galaxy Tab A9+ include built-in GPS, Wi-Fi 5, Bluetooth 5.0, and a 3.5mm headphone jack. The tablet ships out of the box with Android 13-based One UI 5.1.1. Samsung will push at least two major Android OS updates, i.e., up to Android 15, to the device, if not more.
Detailed pricing structure and
The base variant of the Galaxy Tab A9+ costs $219.99. It is the 4GB+64GB model without cellular connectivity. The same model can be purchased with 5G connectivity at $269.99. Carrier options include AT&T, T-Mobile, US Cellular, and Verizon. Unfortunately, you won’t get 5G connectivity if you grab the 8GB+128GB model. It only comes in a Wi-Fi option and costs $269.99. Color options include Silver, Graphite, and Navy.
For a limited time—until January 28— you get a black-colored Book Cover worth $49.99 free with every Galaxy Tab A9+ purchase. It gives extra protection to your tablet. If you want to get Samsung Care+, a subscription service that covers theft, loss, and damage, it is available at $8 a month or $129 for two years. Samsung is also offering up to $170 instant trade-in credit with the new tablet.
China-backed hackers caused a lot of trouble for US companies in 2023. And they’re expected to continue their aggressive behavior in 2024- especially due to the upcoming presidential election. While cybersecurity experts have already warned hackers are using AI and machine learning to bypass firewalls, the US National Security Agency (NSA) believes AI could also be used as a tool to hunt down bad actors.
Speaking at Fordham University in New York on Tuesday, the NSA director of cybersecurity, Rob Joyce, confirmed state-backed hackers utilize AI to level up their attacks and target high-profile companies. As Techcrunch reports, Joyce added AI is helping them find and hunt down hackers. “…AI, machine learning [and] deep learning is absolutely making us better at finding malicious activity,” he noted.
NSA oversees and hunts down China state-backed hackers with AI
The NSA official didn’t mention which cyber attacks on the US were state-backed and which one of them involved AI. However, he alluded to the recent China-based hacker attacks as an example of how artificial intelligence is helping the US to repel cyber attacks on its infrastructures.
“They’re in places like electric, transportation pipelines, and courts, trying to hack in so that they can cause societal disruption and panic at the time in place of their choosing,” Joyce noted.
According to Joyce, Chinese hackers exploit vulnerabilities to access a system and pretend to be an authorized user. Meanwhile, the US uses machine learning, big data, and AI to detect and monitor malicious activities. This is mainly because bad actors don’t behave like regular operators. Joyce says this gives the upper hand to the US. The NSA official says AI won’t be a magical tool. But it makes “those that use AI more effective and more dangerous.”
Joyce also noted that less capable hackers utilize AI to overcome their technical weaknesses. Additionally, AI is helping hackers craft more professional English text in cases like phishing emails.
If you’re a HelloFresh customer, you’ll likely receive fewer marketing emails and texts due to the fine imposed by the UK’s Information Commissioner’s Office (ICO).
Key Points
Customers were bombarded with unwanted emails and texts.
HelloFresh fined £140,000 for sending 80 million spam messages.
ICO found HelloFresh’s opt-in processes were misleading and confusing.
Case highlights the importance of data protection and obtaining informed consent.
Recipe kit delivery service HelloFresh has been slapped with a hefty £140,000 fine by the UK’s Information Commissioner’s Office (ICO) for bombarding customers with a staggering 80 million spam messages.
The fine follows a year-long investigation triggered by a flood of complaints from customers who were fed up with the constant barrage of unwanted marketing emails and texts.
The ICO found that HelloFresh’s marketing practices were a clear violation of UK data protection regulations. Between August 2022 and February 2023, the company sent out a mind-boggling 79 million emails and 1 million text messages without obtaining proper consent from its customers. This included bombarding customers who had signed up for the service solely to receive recipe kits, with irrelevant offers and promotions.
“This was a clear case of a company putting its own commercial interests ahead of the privacy and rights of its customers,” said Andy Curry, Head of Investigations at the ICO. “Customers were not given a clear choice about receiving marketing messages, and many were left feeling harassed and frustrated by the constant bombardment.”
The ICO’s investigation revealed that HelloFresh’s opt-in processes were designed to be confusing and misleading. Customers were often pre-checked into marketing lists without their knowledge, and the wording of opt-in boxes was unclear, making it difficult for customers to understand what they were agreeing to.
“We take our data protection obligations very seriously and have made changes to our email and text marketing policy in response to the ICO’s findings,” said a spokesperson for HelloFresh. However, the company’s apology and belated changes to its marketing practices may not be enough to appease customers who feel they have been taken advantage of.
The HelloFresh case highlights the importance of data protection and the need for businesses to obtain clear and informed consent from customers before sending them marketing messages. Companies that fail to comply with data protection regulations face not only hefty fines but also reputational damage and the potential loss of customer trust.
Not long ago, we informed you about Google’s efforts to introduce a convenient “unsubscribe” button in Gmail for Android. Surprisingly, this feature was initially made available to iOS users. However, now, the wait is over, as Android users can also benefit from this quick method to stop receiving those pesky emails you might have accidentally subscribed to.As spotted by Android Police, the new unsubscribe button in Gmail for Android is rolling out, strategically located at the email’s top section. Clicking on it will either request confirmation through a popup dialog or direct users to the newsletter’s unsubscribe website. The actual process varies based on how the newsletter publisher has integrated the unsubscribe option.
Image Credit–TheSpAndroid
The unsubscribe button has been a feature of the Gmail web experience for some time, positioned at the top of emails for user convenience in unsubscribing from unwanted emails. Clicking on this button may lead you directly to the sender’s website for the unsubscribe process, or in many cases, it functions automatically, offering a confirmation of the unsubscribed status.
Up until now, the Gmail mobile app didn’t make things as easy. While you could find options for blocking and reporting spam hidden in the 3-dot menu, there was no straightforward button for unsubscribing. Android mobile app users had to manually scroll through the email content to find the unsubscribe link, which was a bit more time-consuming and effortful, given that these links are usually tucked away in a small font.
You can still mark emails as spam or phishing using the three dots on the top right of the email. Just be sure it’s really spam, or you might accidentally make your spam filter too strict and miss important messages. Not everyone has access to the unsubscribe button yet, so you might need to wait a bit longer for it to show up on your device.
The potential involvement of Sandworm, the wider threat beyond attribution, the vulnerability of Zyxel firewalls and the focus on European energy firms call for improved cybersecurity posture and threat intelligence.
Forescout, a global cybersecurity leader, has provided new evidence about two attacks on the Danish energy sector in May 2023 (PDF). Their report, ‘Clearing the Fog of War,’ highlights the need for better network monitoring and incident response plans and analyzes the potential involvement of an advanced persistent threat (APT) group called Sandworm.
For your information, SektorCERT, Denmark’s critical infrastructure CERT, reported a significant cyber-related attack on 22 Danish energy sector companies between May 11-30, 2023. The attacks, linked to Russian APT Sandworm, exploited vulnerabilities in Zyxel firewalls. Despite SektorCERT’s swift response, some companies were forced into island mode, allowing attackers to access industrial control systems.
Forescout Research-Vedere Labs report shed light on this incident. Reportedly, the first wave of attacks started on May 11, 2023, exploiting CVE-2023-28771, a pre-authentication OS command injection vulnerability in unpatched Zyxel firewalls.
A second wave occurred on May 22, 2023, where attackers downloaded MIPS binaries from 45.89.106147 to Zyxel firewalls in an energy sector organization containing Mirai variants with Moobot flavour indicators. The firewalls participated in DDoS and SSH brute-force attacks against targets in Hong Kong, the U.S., and Canada.
Zyxel firewalls at other SektorCERT member organizations were also observed downloading Mirai variants from staging servers, historically associated with malware distribution, adware, ransomware, and Log4j exploitation attempts.
“After the second incident, further attacks targeted exposed devices within critical infrastructure worldwide in the ensuing months,” the report read.
Researchers couldn’t fully attribute the attacks to Sandworm given the difference between the two waves. The first wave targeted a limited number of targets using a PoC-less n-day while the second wave involved Zyxel firewalls infected by staging servers with a history of mass exploitation and crimeware, explained Elisa Costante, VP of Research at Forescout Research–Vedere Labs.
The study found numerous IP addresses exploiting the Zyxel vulnerability CVE-2023-28771, first reported by TRAPA Security in June 2023 and added to the CISA KEV catalogue in May 2023 with a 9.8 severity rating.
In April 2023, Zyxel announced patches for impacted firewalls, including USG Flex, ATP, ZyWALL/USG, and VPN. However, FortiGuard Labs reported a rise in DDoS botnets exploiting the Zyxel vulnerability, which persisted as late as October 2023 and spread across various devices, including Zyxel firewalls.
In May 2023, Hackread reported how a variant of the Mirai botnet, IZ1H9, successfully hacked Zyxel Firewalls using a patched command injection vulnerability, potentially leading to DDoS attacks. Researchers from Palo Alto Networks’ Unit 42 identified it as the most active Mirai variant.
Europe faces high exploitation attempts, with 80% of publicly identifiable and potentially vulnerable firewalls located there. Six European power companies are at risk of exploitation by malicious actors due to their use of Zyxel firewalls, highlighting the need for prioritizing threat intelligence in the energy sector.
Living off the land (LotL) attacks offer stealth benefits, allowing attackers to abstract away from legacy/proprietary protocols. Energy firms and critical infrastructure organizations must remain alert to attacks on unpatched network infrastructure devices.
Exposed Zyxel firewalls
Expert Opinions
For insight into the new development, we reached out to John Gallagher, Vice President of Viakoo Labs at Viakoo who praised Forescout for “digging deeper into exploits against critical infrastructure, and getting closer to the truth of what is behind these attacks.”
“Getting a more accurate assessment of these attack vectors, and getting to that truth more quickly as Forescout has provided, is crucial in protecting these critical assets. Disrupting cyber adversaries in their efforts is one form of defence; that’s why getting specific as to who is the threat actor is critical to defending ICS infrastructure,” he said.
“Forescout’s analysis points to the spillover from nation-state-directed cyber exploits to mass exploitation campaigns, which is an alarming trend. As “mass market” threat actors become more skilled at working within the unique languages and protocols of ICS systems it dramatically increases the risk of non-affiliated threat actors providing “as a service” ICS exploitation,” John added.
“In addition, this means organizations who depend on IoT/OT/ISC systems will be direct targets at some point to the same threats being launched against national critical infrastructure.”
Jose Seara, CEO and founder at DeNexus emphasizes the need for companies to “strengthen their cybersecurity posture” by understanding their cyber risks, identifying them, and quantifying them in monetary terms.
“Critical infrastructure and industrial sites have been increasingly targeted by threat actors and they all need to strengthen their cybersecurity posture. It is imperative for these companies to better understand their cyber risks, identify them and quantify them in monetary terms to drive data-driven decisions on cybersecurity investments,” said Jose.
“Additionally, new SEC regulations on cybersecurity reporting in the U.S. and the NIS2 in Europe are mandating the reporting cyber risk management, expanding the associated consequences of attacks beyond standard security concerns and putting organizations who do not comply at risk of potential legal and financial implications,” he added.
In the fast-moving tech scene, meeting users’ demands is no walk in the park, as many startups can attest. Now, a once-promising app that kicked off nearly a year ago is saying its farewells to users.
Engadget shares that Artifact, the news app from Instagram co-founders Kevin Systrom and Mike Krieger, is calling it quits, not even a year after its debut. According to a note on Medium from Systrom, the app’s essential news reading features will stick around until the end of February, but commenting and posting will be taken offline immediately.
Artifact is a news aggregator app that was launched in 2023. The app’s goal is to provide users with a personalized and engaging news experience. Artifact uses artificial intelligence to analyze user behavior and interests and then recommends articles that are tailored to each individual’s preferences.
The app also features social discussion forums, where users can share their thoughts on the news and connect with other people who share their interests. Artifact has been praised for its innovative approach to news consumption. However, the app has also faced criticism for its lack of transparency about its algorithms and its reliance on user data.
Despite a year of dedicated effort, Systrom and Krieger ran into familiar challenges faced by founders of other noteworthy news apps. Systrom acknowledged, “We have built something that a core group of users love, but we have concluded that the market opportunity isn’t big enough to warrant continued investment in this way.”
On a different note, video-sharing apps like TikTok and YouTube are flourishing, reaching unprecedented levels of user engagement and revenue. For a detailed overview of the apps that dominated the time and spending habits of US residents in 2023, feel free to explore our dedicated article.
January 12, 2024 – The FCC wants car makers and wireless providers to make it harder for stalkers to use your car against you.
January 12, 2024 – A vulnerability in the popular Joomla! CMS has been added to CISA’s known exploited vulnerabilities catalog.
January 11, 2024 – Several international security agencies are echoing a warning by Ivanti about actively exploited vulnerabilities in its VPN solution.
January 11, 2024 – This month in ransomware: ALPHV and LockBit joining forces?
January 11, 2024 – Several info-stealers have incorporated an exploit that allows them to gain permanent access to your Google account