Galaxy S24 Ultra leaked in short hands-on video before launch

0
[ad_1]

After countless renders and a few real-life images, we now have a leaked hands-on video of the Galaxy S24 Ultra. A short video posted on X shows the upcoming Samsung flagship’s flat display with AOD (always-on display) enabled. The device launches on January 17 alongside the Galaxy S24 and Galaxy S24+.

Leaked video shows Galaxy S24 Ultra’s flat display

The leaked hands-on video of the Galaxy S24 Ultra was originally posted by noted tipster Ice Universe. The video was later deleted—it was likely a DMCA takedown from Samsung. However, a few other X users re-uploaded it. Unless Samsung strikes again, you can watch it here or a little below in this article.

According to Ice Universe, the video came from a protective film manufacturer. Someone at the firm recorded the video before and after applying the protective film on the Galaxy S24 Ultra and leaked it online. You can see an additional layer of glass on top of the phone’s display toward the end of the video.

This leak doesn’t reveal anything that we don’t already know about the new Samsung flagship. The device sports a flat display, a major design change over the Galaxy S23 Ultra’s curved display. The new model also switches from an Aluminum frame to a Titanium frame. The unit seen in the video appears to be the violet color variant. The Galaxy S24 Ultra will also come in Gray, Black, and Yellow colors.

The other two models will also be available in the same four colors but with an Aluminum frame. As usual, Samsung will offer a few extra colorways exclusively through its official website. It always does that and is already teasing the same for the upcoming flagship lineup. Green, Blue, and Orange could be the three exclusive color options for the Galaxy S24 Ultra.

The new Samsung flagships debut in less than a week

Samsung has already confirmed that the Galaxy S24 lineup will go official on January 17, i.e. the coming Wednesday. The launch event, aka Galaxy Unpacked, will take place in San Jose and will be streamed live on its official website and YouTube channel. The company will open pre-orders for the phones immediately after launch. It will also open temporary Galaxy Experience Spaces in several cities around the world to let fans try the devices in person before buying them. Just a few more days to go now before the official unveiling.


[ad_2]
Source link

WordPress Plugin Flaw Exposes 300,000+ to Hack Attacks

0
[ad_1]

Hackers target vulnerable WordPress plugins as they provide a potential entry point to exploit website security weaknesses. 

These plugins often have outdated code or known vulnerabilities, which make them attractive targets for malicious actors seeking:-

  • Unauthorized access to the websites
  • To inject malicious code into websites

Recently, on December 14th, 2023, during the Bug Bounty Program of Wordfence, which is dubbed “Holiday Bug Extravaganza,” the following cybersecurity researchers reported an “Authorization Bypass” vulnerability in “POST SMTP Mailer.” 

  • Ulyses Saicha
  • Sean Murphy 

This is a WordPress plugin with more than 300,000 active installations, and successfully exploiting this bug could let the hackers reset the API key.

Document
Free Webinar

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

WordPress Plugin SMTP Flaw

Using the vulnerable Mailer plugin on WordPress sites, the vulnerability allows unauthorized threat actors to do the following things:-

  • Reset API keys
  • View logs
  • Access password reset emails
  • Hack sites

A critical vulnerability, identified as CVE-2023-6875 with a VSS Score of 9.8, has been detected. It is highly recommended that users update to the patched version 2.8.8 to address the issue.

Another report unveiled that the POST SMTP Mailer had a Cross-Site Scripting vulnerability that allowed malicious scripts to be injected into websites.

The cybersecurity researchers earned a handsome bounty reward from the Bounty Program Extravaganza, and here below, we have mentioned the reward figures:-

  • Ulyses Saicha earned $4,125
  • Sean Murphy earned $825

On December 8, 2023, the cybersecurity analysts at Wordfence notified WPExperts.io about the vulnerability, and by December 10, 2023, they received the response.

In response, WPExperts[.]io developers acted promptly and issued a patch on January 1, 2024. Not only that, they even urged all the users to immediately update their vulnerable version to the latest patched version, 2.8.8.

Vulnerability in POST SMTP Mailer (up to version 2.8.7) allows unauthorized access and data modification via a type juggling issue in the connect-app REST endpoint.

Stored Cross-Site Scripting risk in POST SMTP Mailer (up to version 2.8.7) arises from inadequate input sanitization in the ‘device’ header, and unauthenticated attackers can inject harmful scripts.

Looking for cost-effective penetration testing services? Try Kelltron’s to assess and evaluate the security posture of digital systems – Free Demo


[ad_2]
Source link

Samsung’s January 2024 update is rolling out to Galaxy S21

0
[ad_1]

Samsung‘s January 2024 update is available for a few more Galaxy devices. It is rolling out to the three Galaxy S21 series flagships. The Galaxy S21 FE, which isn’t a true blue flagship, picked up the new security patch a few days back. Samsung has also rolled out the January SMR (Security Maintenance Release) to several other models, including the Galaxy S23, Galaxy S22, and all recent foldables.

Galaxy S21 series joins Samsung’s January 2024 update party

The latest security update for the Galaxy S21 trio is currently rolling out in Europe. More precisely, it is available for users in Switzerland with the firmware build number G99*BXXS9FWL9. A wider rollout, covering the entire lineup in other European countries as well as the rest of the world, should follow shortly. The build number may vary depending on your region but everyone will get the same update.

As Samsung’s official changelog confirms, the latest firmware release for the Galaxy S21, Galaxy S21+, and Galaxy S21 Ultra is all about this month’s security fixes. There aren’t any new features or functional improvements here, which isn’t surprising. Just two months back, the devices received the Android 14-based One UI 6.0 update with tons of goodies, including some UI changes.

The new update still has a lot to talk about on the security side of things. Rolling out with an OTA (over the air) file size of about 400MB, it brings as many as 80 vulnerability patches. Samsung is pushing 75 Android OS patches and 5 Galaxy-specific patches to Galaxy devices with the January SMR. One of these vulnerabilities is labeled “critical,” potentially allowing attackers to gain remote access to affected devices.

If you are using a Galaxy S21 or any other Samsung phone, you can go to Settings > Software update >Download and install to check for new updates. Note that updates are released in batches and may not be available to everyone at the same time. So, if you don’t see a pending update today, you can always check back later. You may also get a notification once the OTA rollout hits your Galaxy device.

The Galaxy S21 series will get Android 15

The Galaxy S21 phones turn three years old next week but they still have plenty of life left in them. Samsung will push four major Android OS updates to the lineup, meaning that they will get Android 15. The devices should also pick up One UI 6.1, which debuts with the Galaxy S24 series next week. If you plan to upgrade to the new flagship, you can pre-reserve it now with no commitment and get a $50 credit from Samsung when you pre-order.


[ad_2]
Source link

Splunk Patched Critical Vulnerabilities in Enterprise Security

0
[ad_1]

Several vulnerabilities have been discovered in Splunk Enterprise Security and Splunk User Behavior Analytics (UBA), which existed in several third-party packages.

The third-party package includes Splunk, which includes babel/traverse, handsontable, semver, loader-utils, json5, socket.io-parser, protobuf, and Guava.

However, Splunk has acted swiftly upon these vulnerabilities and patched them accordingly. The severity for these vulnerabilities ranges between 7.1 (High) and 9.8 (Critical).

Document
Free Webinar

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Technical Analysis

According to the reports shared with Cyber Security News, there were 13 vulnerabilities patched as per Splunk’s security advisories.

protobuf package had the highest number of vulnerabilities at 4 compared to other packages. 

The CVEs were CVE-2015-5237 (8.8), CVE-2022-3171 (7.5), CVE-2022-3509 (7.5), CVE-2022-3510 (7.5). With 3 vulnerabilities, loader-utils became the second package with the highest number of vulnerabilities with one critical vulnerability.

The CVEs of loader-utils package vulnerabilities were CVE-2022-37599 (7.5), CVE-2022-37603 (7.5), and CVE-2022-37601 (9.8).

Other third-party packages like babel/traverse, handsontable, semver, json5, socket.io-parser, and Guava had one high severity vulnerability each. The CVEs were as follows.

  • babel/traverse (CVE-2023-45133 – 8.8)
  • handsontable (CVE-2021-23446 – 7.5)
  • semver (CVE-2022-25883 – 7.5)
  • json5 (CVE-2022-46175 – 8.8)
  • socket.io-parser (CVE-2023-32695 – 7.5)
  • Guava (CVE-2023-2976 – 7.1)

Affected Products and Fixed in Version

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise Security (ES)7.37.3.0
Splunk Enterprise Security (ES)7.27.2.0
Splunk Enterprise Security (ES)7.1Below 7.1.27.1.2
Splunk User Behavior Analytics (UBA)Below 5.3.05.3.0
Splunk User Behavior Analytics (UBA)Below 5.2.15.2.1

It is recommended for users of these products to upgrade to the mentioned versions or higher to prevent these vulnerabilities from getting exploited by threat actors.

Looking for cost-effective penetration testing services? Try Kelltron’s to assess and evaluate the security posture of digital systems – Free Demo


[ad_2]
Source link

Hackers can hijack your Bosch Thermostat and Install Malware

0
[ad_1]

Bitdefender Labs has discovered that the popular Bosch thermostat model BCC100 is vulnerable to cybersecurity threats. This vulnerability could allow a remote attacker to manipulate settings and install malware on the device.

Researchers have discovered vulnerabilities in the Bosch BCC100 thermostat, which could compromise users’ privacy and comfort. The vulnerabilities, discovered by Bitdefender Labs, allow attackers to access thermostat settings and data, manipulate settings remotely, and install malware.

The latest revelations regarding the vulnerable state of IoT devices should not be surprising. From electronic skateboards to coffee machines, from treadmills to security cameras in your room, everything connected to the internet is susceptible to potential threats.

As for the latest development, Bitdefender Labs, creator of the first smart home cybersecurity hub, regularly audits popular IoT hardware for vulnerabilities. Its latest research has revealed vulnerabilities in the Bosch BCC100 thermostat, affecting versions 1.7.0 – HD Version 4.13.22.

Bitdefender researchers discovered the vulnerability on August 29, 2023, but the details of it were only published on January 11, 2024. The vulnerability allows attackers to replace device firmware with a rogue version (CVE-2023-49722). The vulnerability was confirmed and triaged in October 2023, and Bosch started working on a fix immediately. Bitdefender responsibly disclosed the flaw on January 11, 2024.

To understand the flaw, it is essential to know how the BCC100 thermostat works. The thermostat uses two microcontrollers: a Hi-Flying chip (HF-LPT230) for Wi-Fi functionality and an STMicroelectronics chip (STM32F103) for implementing the main logic.

The STM chip lacks networking capabilities and relies on the Wi-Fi chip for communication. The Wi-Fi chip listens on TCP port 8899 on the LAN and, via the UART data bus, it mirrors any message received directly to the main microcontroller.

However, if properly formatted, the microcontroller cannot differentiate between malicious and genuine messages sent by the cloud server. An attacker can exploit this to send commands to the thermostat, including malicious updates.

The thermostat communicates with the connect.boschconnectedcontrol.com server via JSON-encoded payloads over a WebSocket, which are unmasked, and easy to imitate. The device initiates the “device/update” command on port 8899, triggering the thermostat to request details from the cloud server.

Despite an error code, the device accepts a forged response with the firmware update details, including the URL, size, MD5 checksum, and version. The device then requests the cloud server to download the firmware and send it through the WebSocket, ensuring the URL is accessible. Once the device receives the file, it performs the upgrade, finalizing the compromise.

According to Bitdefender Labs’ blog post, users are advised to follow necessary security practices. This includes updating the thermostat firmware, changing the default administrative password, avoiding connecting the thermostat to the internet unnecessarily, and using a firewall to restrict access from unauthorized devices.

Bitdefender Labs emphasized the importance of choosing secure smart home devices and keeping them updated with the latest security patches. This research highlights that even seemingly innocuous smart devices can pose security risks. As the smart home market continues to grow, manufacturers must prioritize security and ensure a safe and reliable connected environment.

  1. The Pros and Cons of Smart Homes
  2. Are Smart Home Devices Invading Your Privacy?
  3. White hat hacker infects smart coffee machine with ransowmare
  4. AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities
  5. Controller-level flaws can let hackers physically damage moving bridges
  6. Power Grids to Airports: TETRA Radio Hacking Risks Global Infrastructure

[ad_2]
Source link

Galaxy S23 & Galaxy A54 get January 2024 update in the US

0
[ad_1]

Samsung‘s Galaxy S23 phones are receiving their first software update of the new year. The company is pushing the January 2024 Android security patch to the devices. The update is available globally, including in the US. The Galaxy A54 is also picking up the latest security update stateside.

Galaxy S23 and Galaxy A54 receive Samsung’s January update in the US

As of this writing, the January 2024 SMR (Security Maintenance Release) is rolling out to the carrier-locked units of the Galaxy S23, Galaxy S23+, and Galaxy S23 Ultra in the US. The devices are getting the update with the firmware build number S91*USQS2BWL7. The new build number for the flagship trio’s global versions is S91*BXXS3BWL3. The update is live at least in Europe. A wider rollout, also covering unlocked units in the US, should follow soon.

Despite varying build numbers, the changelog for this update remains the same globally. Samsung is only pushing the latest security fixes to the Galaxy S23 trio. “The security of your device has been improved,” the changelog for the US and Europe states. This month’s SMR patches 80 vulnerabilities in Galaxy devices, 75 of which are Android OS issues patched by Google. The remaining five are Galaxy-specific vulnerabilities.

These security fixes are also rolling out to the Galaxy A54 in the US. The 2023 premium mid-range phone is receiving the new SMR with firmware version A546USQS6BWL7. Once again, Samsung is first updating carrier-locked units. Hopefully, it won’t keep users with unlocked units waiting for much longer. International versions of the device should also soon pick up Samsung’s January 2024 security update with 80 vulnerability patches.

If you are using any of these Samsung phones, watch out for an update in the coming days. You can manually check for security updates from the Settings app. The January SMR is also available for the past three generations of Galaxy foldables, as well as the Galaxy S23 FE, Galaxy S22 series, Galaxy Note 20 series, Galaxy S21 FE, and Galaxy A52. Availability varies, but it is just a matter of time before Samsung updates all eligible units globally.

One UI 6.1 is on the way for these Samsung phones

The Galaxy S23 series and Galaxy A54 aren’t getting additional goodies with the January update, and that was expected. It hasn’t been long since they picked up the Android 14-based One UI 6.0 update with tons of new features, UI changes, and functional improvements. The devices will also get One UI 6.1 shortly. Based on Android 14, the new One UI version will debut with the Galaxy S24 lineup. The new flagships arrive on January 17.


[ad_2]
Source link

Rabbit R1 is a dedicated AI companion device shown off at CES 2024

0
[ad_1]

A lot of innovative tech announcements have been leaping in at the ongoing CES 2024 over the last few days. A new AI startup called Rabbit also announced a dedicated AI companion device called Rabbit R1. It doesn’t aim to replace smartphones but can run apps on the user’s behalf. Its primary goal is to act as a bridge between users and their smartphones. Rabbit says that the R1 is quite similar to AI-based voice assistants but the main difference is that it can learn intricate tasks and do them for the user.

Rabbit R1 is a dedicated AI companion device with a retro look

While smartphones and voice assistants can do a lot of tasks, Rabbit CEO Jesse Lyu says that the apps and functions have stripped away their simplicity. The R1 is pretty straightforward and a simple device. It has an Orange-colored retro look that weaves nostalgia. The device is half the size of a smartphone. It features a 2.88-inch touchscreen display, a unique rotatable camera eye, and a side button for navigation and interaction. There are also far-field microphones for voice command input. The physical button is used to talk to the built-in assistant similar to a walkie-talkie.

Although the Rabbit R1 is not a smartphone, under the hood, it is powered by a 2.3GHz MediaTek Helio P35 processor paired with 4GB RAM and 128GB storage. Users can also initiate phone calls with WiFi and cellular connectivity via the SIM card slot.

The R1 runs on the LAM model

Rabbit R1

The Rabbit R1 runs on the company’s Rabbit OS. The software is based on the Large Action Model (LAM) compared to ChatGPT’s large language model. It does not come with built-in apps but instead connects to services to carry out requests. This is because the device is only meant to serve as an assistant and help you get things done. Users need to authorize the R1 to access apps on their behalf. This happens through a web portal called Rabbit Hole where users can log in to their services. Rabbit says that it does not store any user data and authentication happens on the device. Users can unlink accounts and delete stored data at any time.

The Rabbit R1 can control music playback, book a cab, buy groceries, and do some more tasks. The device also comes with a dedicated training mode which allows users to train the AI to get specific tasks done. Lyu demonstrated this by teaching the R1 how to use Photoshop and said that it takes the Rabbit OS 30 seconds to process.

Rabbit R1 is already sold out showing strong interest in the device

The Rabbit R1 carries a price tag of $199 in the US with the pre-orders currently live. It is expected to start shipping in March. The company on January 12 announced that two batches of 10,000 R1 have been sold out. The third batch is now available with expected delivery date between May and June. This shows that the AI companion device has garnered a strong interest.

With the Rabbit R1 and Humane’s AI Pin, it’s likely that we will see new gadgets built around AI.


[ad_2]
Source link

Vivo X Fold 3 could become the lightest book-style foldable

0
[ad_1]

HONOR currently has the lightest book-style foldable smartphone on the market, the HONOR Magic V2. Do note that both glass and vegan leather models are lighter than 240 grams, but the vegan leather model is lighter at 231 grams. With that in mind, it seems like Vivo could take the crown. Based on a new rumor, the Vivo X Fold 3 could become the world’s lightest book-style foldable.

The Vivo X Fold 3 could become the lightest book-style foldable around

This information comes from Digital Chat Station, one of the best-known and most accurate Chinese tipsters. Considering the source, it’s not difficult to believe it. The tipster not only revealed the weight range in his post but also the thickness. Do note that he didn’t specifically mention the Vivo X Fold 3, but he did recently mention that phone and claimed that it will be very light for what it is, so that’s where GizmoChina’s assumption is coming from.

In any case, the Vivo X Fold 3 will weigh 22x grams. In other words, it will weigh under 230 grams, and thus be lighter than the HONOR Magic V2. It will be 5mm thick when unfolded, and 10.5mm thick when folded.

It won’t be thinner than the HONOR Magic V2, though

The thinnest Magic V2 model is 4.7mm thick when unfolded, and 9.9mm when folded. So HONOR’s handset will retain the crown in the thickness department, it seems.

The Vivo X Fold 2 arrived in April last year. We’re not sure if Vivo will wait as long to release its successor, but it’s possible. The Vivo X Fold 3 is either coming towards the end of Q1 or in early Q2 this year.

The phone will likely be fueled by the Snapdragon 8 Gen 3, but nothing has been confirmed thus far. Some rumors even stated that we may get two Vivo X Fold 3 devices this year, a regular one and a ‘Pro’ one.

The Vivo X Fold 3 could remain exclusive to China

Do note that the Vivo X Fold and Vivo X Fold 2 didn’t reach global markets. Both smartphones remained exclusive to China. We’re hoping that will change with the Vivo X Fold 3, but let’s wait and see.


[ad_2]
Source link

Nuclear battery aims to make smartphone charging obsolete

0
[ad_1]

Some of you may think that the title of this article is clickbait, but it’s not. A Chinese company called ‘Betavolt Technology’ is working on a nuclear battery that may make smartphone charging obsolete.

This nuclear battery could make smartphone charging obsolete

The company is actually working on a nuclear battery for various devices, not just smartphones. Various miniature batteries are planned. These batteries could hold a charge for 50, yes FIFTY years.

This company says that it pioneered the “miniaturization of atomic energy batteries”. To give you more insight, Betavolt Technology actually stuffed 63 nuclear isotopes into a module smaller than a coin. That model is called BV100, and it can produce 100 microwatts of electricity.

Furthermore, this nuclear battery can provide a voltage of 3V, and it measures only 15 x 15 x 5mm. If you need more than one, the company says that they can be joined together. So if we’re talking about devices that need more of them.

Betavolt nuclear battery 1

These batteries use radioactive decay to produce electricity

These batteries actually use radioactive decay in order to generate electricity. It’s similar tech to those used in pacemakers and spacecrafts. Companies stayed away from this tech due to radioactive elements, such as plutonium.

In order to appease such concerns, Betavolt opted to build a version of the battery with a diamond semiconductor layer and a decaying nickel isotope. Betavolt Technology claims that there’s absolutely zero radiation leaking out, and that there are no toxic elements in the mix. This approach will also make sure they don’t explode, and they can operate in extreme temperatures from -60 to 120 degrees Celsius.

Betavolt Technology does hope that its batteries could make charging smartphones obsolete. Needless to say, that would be a huge step forward. By 2025 Betavolt Technology wants to make tiny batteries that are capable of producing one watt.

These batteries are about ready for mass production

Do note that the prototype of the company’s battery has graduated to the pilot stage, and could hit mass production soon. The dream could be closer than we thought.


[ad_2]
Source link

WhatsApp to bring additional text formatting tools, including bullets and quotes

0
[ad_1]
WhatsApp is always working on new features, some that we only learn about when the company releases them to the public. However, more often than not we do have information about what’s coming to WhatsApp thanks to the beta program that the app has been running for a very long time.

If you’re not running the beta version of WhatsApp, we have the latest news about what’s expected to come to the app in the not-so-distant future. Thanks to the fine folks at WabetaInfo, we now know that WhatsApp plans to add new text formatting tools.

The report mentions additional options such as bullets, code, quote, and lists. As you take advantage of these new options, the text will be formatted as you type in the chat bar.

The new text formatting tools have been rolled out in the beta version of WhatsApp, but only on Android. It’s yet unclear if these will be made available on both iOS and Android platforms at launch, nor when exactly WhatsApp will finish testing them.


[ad_2]
Source link