The OnePlus Nord N30 is a great smartphone, and now you can pick it up for just $249. That’s going to save you $50 off of its regular price. That is not quite an all-time low, but it’s pretty close. And the OnePlus Nord N30 will also work on AT&T and T-Mobile here in the US.
For a sub-$300 phone, the OnePlus Nord N30 has just about everything you could want. That includes a 6.7-inch FHD+ 120Hz display powered by the Qualcomm Snapdragon 695 5G processor, with 8GB of RAM and 128GB of storage. It is powered by a 5000mAh capacity battery that should get you through a full day and then some. Especially given the processor inside.
What’s absurd about this phone is that you’re getting a 108-megapixel camera here. On a $250 phone, that is pretty crazy. But it doesn’t stop there. It also has a 2-megapixel macro and a 2-megapixel depth sensor available too. And on the front, there’s a 16-megapixel selfie cam.
You can pick up your own OnePlus Nord N30 from Amazon today by clicking the link below.
Apple’s new second-generation AirPods Pro with USB-C is still available at Best Buy for only $189. That is a really good price since Apple products rarely get discounted anyway. Best Buy will also let you trade in your old headphones for up to $80 off. Which can help bring down the price of the AirPods Pro even more.
Perhaps more importantly, you can still get them in time for the holidays. Best Buy has them available in-store, so you can purchase them online and pick them up later today. Or you can have them shipped to your home and have them arrive tomorrow. That’s some pretty fast shipping for Best Buy. But keep in mind that we are approaching the cut-off for Christmas.
These new AirPods Pro really don’t have much else new other than switching from Lightning to USB-C. However, if you are picking up the iPhone 15, this might be a good purchase. So you can completely ditch Lightning altogether.
Now, these do bring a new feature for Vision Pro, with Lossless audio for the Vision Pro. Unfortunately, no one outside of Apple can actually test that right now. However, the Vision Pro is expected to be released later this month.
You can pick up the new USB-C AirPods Pro from Best Buy today by clicking the link below.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent notice to federal agencies, setting a deadline of January 23 for mitigation efforts.
The Cybersecurity and Infrastructure Security Agency (CISA) has identified and added two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalogue. The vulnerabilities in question involve a recently patched flaw within Google Chrome and a bug affecting the open-source Perl library “Spreadsheet::ParseExcel,” designed for reading information in Excel files.
The specific vulnerabilities are as follows:
CVE-2023-7024: Google Chromium WebRTC Heap Buffer Overflow Vulnerability
CVE-2023-7024 was a critical vulnerability in the WebRTC component of Google Chrome, discovered in December 2023. It allowed attackers to potentially exploit a heap buffer overflow via a specially crafted HTML page, ultimately gaining control of a victim’s computer.
Google patched the security vulnerability in December 2023 and is no longer considered a threat for users who have updated their Chrome browser to the patched version. However, it’s important to keep your browser and other software up to date to protect yourself from future vulnerabilities.
CVE-2023-7101
CVE-2023-7101 is a critical vulnerability affecting Spreadsheet::ParseExcel, a Perl module used for parsing Excel files. It exposes a remote code execution (RCE) risk, allowing attackers to potentially take control of a vulnerable system through specially crafted Excel files.
The vulnerability allows attackers to upload a malicious Excel file to a vulnerable system. The vulnerability can also be exploited via the evaluation of Number format strings, leading to arbitrary code execution on the system. This could allow attackers to steal sensitive data (passwords, personal information, etc.), install malware, disrupt system operations and take complete control of the affected system.
Users operating systems with software dependent on Spreadsheet::ParseExcel version 0.65 are currently exposed to this security risk. This vulnerability extends its reach to various applications and frameworks developed with Perl, thereby potentially affecting a broad spectrum of systems.
A patched version, 0.66, has been released by Metacpan to address the identified vulnerability. As a precautionary measure, users are strongly advised to promptly update to this patched version. In cases where immediate updating is not feasible, it is recommended to implement mitigating measures such as restricting file uploads or disabling the functionality associated with Spreadsheet::ParseExcel.
CISA has issued an urgent notice to federal agencies, setting a deadline of January 23 for mitigation efforts. Agencies are instructed to follow vendor guidelines for resolving these vulnerabilities promptly or cease the use of the affected products.
For insights into the CVE-2023-7101 vulnerability, we reached out to Mr. Aubrey Perin, Lead Threat Intelligence Analyst at Qualys Threat Research Unit who told Hackread.com that, “CVE-2023-7101 is a Perl library vulnerability that has gained notable traction, evidenced by its usage in appliances by network and email security firm Barracuda.”
“Businesses are advised to thoroughly assess their environments for instances of ‘Spreadsheet::ParseExcel’ requiring updates or removal,” Aubrey advised. “Barracuda’s observations indicate that Chinese threat actors utilized this vulnerability to deploy malware. With the vulnerability now public, there is a heightened risk of ransomware threat actors leveraging it for their malicious tooling,” Aubrey warned.
Samsung is less than two weeks away from unveiling the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra. The flagship trio will break cover on January 17 at the Unpacked in San Jose, USA. However, there isn’t much that leaks haven’t already revealed. We know everything from the design and specs to key features and alleged prices. And if you think leaks can’t disclose more, think again. We now have details about the Galaxy S24’s official protective cases too.
Galaxy S24 official protective cases revealed
Samsung usually offers a wide range of official protective cases for its flagship phone. It will be no different this time around. According to the UK-based accessory retailer MobileFun, the company has prepared eight different cases for the Galaxy S24 series. There are a couple of transparent cases, a Shield Case, a Silicone Case, a Smart View Wallet Case, a Vegan Leather Case, a Standing Grip Case, and a Suit Case.
Apart from the transparent cases, of course, all other official Galaxy S24 cases will be available in multiple colors, with some getting as many as five different shades. The retailer hasn’t shared images to show the design of the new accessories. However, Samsung may not tinker much with the design from previous generations. Most of these covers are also available for the Galaxy S23 lineup, though the color options may vary.
The Suit Case appears to be a new addition, though. It could be something similar to the Galaxy Z Flip 5’s Flipsuit case. It is a transparent cover with swappable interactive cards, allowing for extensive customizations. However, the retailer has mentioned White and Yellow color options for the Galaxy S24’s Suit Case. It is unclear whether it will offer similar functionality as the foldable’s Flipsuit case or if it is something completely different.
Samsung will also offer an anti-reflective screen protector and S Pen
The report confirms that Samsung will also offer an Anti-Reflective Screen Protector for the Galaxy S24 lineup. The Ultra model’s S Pen, which comes built-in with the device, will also be available as a separate purchase in Black, Gray, and Yellow colors. The Korean firm is matching the stylus pen’s color with the handset. All of these accessories should be available from Samsung’s website and third-party retailers. The company will open pre-orders for the new flagships immediately after launch in most countries. General sales are expected to begin on January 30.
A couple of days back, we exclusively leaked the official renders of Samsung’s upcoming premium mid-range smartphone, the Galaxy A55. The company will also launch an M series equivalent of the device. Aptly called the Galaxy M55, it will be a less premium model aimed at price-sensitive markets. While details are scarce, the phone has recently picked up the Wi-FI certification on its way to launch.
Samsung is preparing the Galaxy M55 for market release
The Wi-FI Alliance certified the Samsung Galaxy M55 with the model number SM-M556B (the Galaxy A55 is SM-A556B). The listing reveals that the device will boast Wi-Fi 6 with support for 2.4GHz and 5GHz frequency bands and WPA3 security. There’s no Wi-Fi 6E, let alone Wi-Fi 7. Since it’s a mid-range phone, we don’t blame Samsung for not equipping it with the latest Wi-Fi standard.
This certification also confirms that the Galaxy M55 will be available in a dual-SIM variant. However, that is all we can make from the document published on the Wi-Fi Alliance’s website earlier today. Thankfully, we have seen the phone in several benchmark entries on Geekbench in the past. Those entries hint at Qualcomm’s Snapdragon 7 Gen 1 chipset for the upcoming Samsung mid-ranger.
The Korean firm will pair the chipset with 8GB of RAM, though there could be a 6GB RAM variant as well. Unsurprisingly, Samsung will ship the Galaxy M55 with Android 14 out of the box, likely with One UI 6.1 on top. The rest of the specs are still under wraps. If history is any indication, it will feature a large display, a big battery, and a high-resolution primary rear camera.
As revealed in our exclusive leak, the Galaxy A55 will feature a metallic frame, probably made of aluminum. We don’t expect Samsung to equip the Galaxy M55 with an aluminum frame, though. The M series has always been about affordability with beefy specs and fewer premium extras. A metallic build is something of a premium more than a necessity, so the company might overlook it for the Galaxy M55.
The device may still be several months away
Samsung launched the Galaxy M54 in March last year, a week after the Galaxy A54. Rumors are that the Galaxy A55 will be delayed until April this year. This likely means a delay for the Galaxy M55 too. We expect more leaks and rumors about the new mid-range phones in the coming months, particularly after the release of the Galaxy S24 series. Samsung will unveil the new flagships on January 17, with a market release expected on January 30.
Four Chinese cybercriminals were taken into custody after using ChatGPT to create ransomware. The lawsuit is the first of its sort in China, where OpenAI’s popular chatbot is not legally available, and Beijing has been tightening down on foreign AI.
On Thursday, the state-run Xinhua News Agency said that the attack was first reported by an unnamed company in Hangzhou, the capital of the province of eastern Zhejiang, whose systems had been blocked by ransomware.
For access to be restored, the hackers wanted 20,000 Tether, a cryptocurrency stablecoin correlated one-to-one with the US dollar.
The suspects confessed to “writing versions of ransomware, optimizing the program with the help of ChatGPT, conducting vulnerability scans, gaining access through infiltration, implanting ransomware, and carrying out extortion” when the police apprehended them in late November in Beijing and two other locations in Inner Mongolia.
The report did not specify if the use of ChatGPT was included in the charges. Due to Beijing’s efforts to restrict access to foreign generative artificial intelligence technologies, it operates in a legal gray area in China.
Generative AI Stirred Up Multiple Challenges
Chinese users became interested in ChatGPT and related products after OpenAI launched its chatbot at the end of 2022. However, in sanctioned markets like North Korea and Iran, as well as in China and Hong Kong, OpenAI has blocked internet protocol addresses.
Using virtual private networks (VPNs) and a phone number from a supported region, some users circumvent restrictions.
According to a legal firm, King & Wood Mallesons report, there are “compliance risks” for domestic businesses that construct or rent VPNs to access OpenAI’s services, such as ChatGPT and text-to-image generator Dall-E.
Given the popularity of generative AI, the number of legal issues concerning the technology has skyrocketed. Beijing police warned about ChatGPT’s potential to “commit crimes and spread rumors” in February.
This year, the US Federal Trade Commission released a warning regarding scammers using artificial intelligence (AI) clone voices to deceive consumers into real people. This may be done with just a brief audio sample of a person’s voice.
This week, the New York Times filed a lawsuit against OpenAI and Microsoft, the company’s primary investor, claiming that the firms’ potent models were improperly trained on millions of articles. The case is expected to be keenly monitored for its potential legal ramifications.
Recently, concerns about cybersecurity and intellectual property have increased due to generative AI, prompting policymakers to consider how to respond.
The attacker utilized the compromised Mandiant account to promote a cryptocurrency scam by posing as the Phantom crypto wallet and luring users with a fake airdrop.
On Wednesday, January 3, 2024, at approximately 8:00 PM, Google’s Mandiant cybersecurity firm experienced a security breach in its X account (formerly known as Twitter).
Following the breach, unidentified hackers, (crypto scammers), exploited the compromised account by carrying out a cryptocurrency scam to the firm’s extensive follower base, which exceeded 122,000 users.
Mandiant, which was acquired by Google for $5.4 billion in September 2022, was observed sending out tweets to unsuspecting users that contained links to Phantom, a cryptocurrency wallet.
The attacker utilized the account to promote a cryptocurrency scam, posing as the Phantom crypto wallet and luring users with a fake airdrop. Additionally, the hackers changed Mandiant’s Twitter handle from “@Mandiant” to “@phantomsolw.”
Although Mandiant managed to regain control of the account, restoring it to its original state proved challenging due to Twitter’s restrictions on frequent name changes. However, at the time of writing, Mandiant’s Twitter account was successfully restored, and the malicious links from the scammers were removed from its timeline.
Screenshots: Hackread.com
The hacking of Mandiant’s Twitter account should not be viewed as a surprising incident. Scammers are notorious for compromising and taking control of high-profile accounts, often by exploiting 0-day vulnerabilities or leaked credentials from past data breaches and leaks.
In July 2020, the world witnessed a series of high-profile Twitter account hacks, orchestrated to execute cryptocurrency scams. Among the compromised accounts were those belonging to prominent figures and companies, such as Barack Obama, Joe Biden, Bill Gates, Elon Musk, Justin Sun, Apple, Uber, Coinbase, Gemini, Kanye West, Jeff Bezos, Kim Kardashian, and others.
In September 2020 and December 2021, the Twitter account of the Indian Prime Minister, Narendra Modi, fell victim to hacking incidents where the attackers exploited the compromised account to promote Bitcoin scams.
Additionally, in June 2022, the Twitter account of the British Military was compromised, and the hackers utilized the breach to push a cryptocurrency scam.
In September 2023, the Twitter account of ETH founder Vitalik Buterin experienced a security breach, resulting not only in unauthorized access but also in the theft of $700,000 by scammers.
Nevertheless, the hacking of a cybersecurity company is a matter that cannot be overlooked. The situation is further complicated by the sale of Twitter accounts with the Gold checkmark by scammers, intensifying challenges in addressing phishing and disinformation on the platform.
If you use social media or are involved in cryptocurrency investment, follow these simple yet vital tips to keep your accounts secure:
Never share your private keys or passwords with anyone.
Be wary of any investment that seems too good to be true.
Use a strong password manager to keep your passwords safe.
Only invest in cryptocurrencies that you understand and that have a good reputation.
Be careful about clicking on links in emails or social media posts, especially if they promise free money or tokens.
The OnePlus 12R twin has just been announced in China. The device in question is, of course, the OnePlus Ace 3. The OnePlus 12R will be the same as the OnePlus Ace 3, but ship with software for global markets. That’s the only expected difference, in addition to perhaps different RAM + storage combinations. That being said, let’s see what the OnePlus Ace 3 has to offer.
The OnePlus Ace 3 is is now official, the OnePlus 12R twin
The rumors and leaks were more or less accurate. The OnePlus Ace 3 looks very similar to the OnePlus 12. You can notice the difference if you focus on the camera island on the back, but it’s not instantly obvious.
The phone features a curved display, with thin bezels, and a centered display camera hole. There are three cameras included on the back, inside a circular camera island, which is connected to the frame via a piece of metal.
A 6.78-inch 2780 x 1264 LTPO AMOLED panel sits on the front here. That panel goes from 1-120Hz as needed, and the peak brightness is set at 4,500 nits. This panel also offers a 2,160Hz high-frequency PWM dimming, and a 360Hz touch sampling rate. A 2,160Hz instant touch sampling rate is also in effect. The Gorilla Glass Victus 2 protects this panel.
The Snapdragon 8 Gen 2 fuels this smartphone, while 100W charging is supported too
OnePlus’ new smartphone is fueled by the Snapdragon 8 Gen 2, Qualcomm’s flagship SoC for last year. The phone was announced in 12GB and 16GB LPDDR5X RAM variants. 256GB, 512GB, and 1TB UFS 4.0 storage options are available.
Android 14 comes pre-installed on the OnePlus Ace 3, along with ColorOS 14. A 5,500mAh battery is also included here, while the phone supports 100W wired charging. SuperVOOC charging is in effect here, and the charger is included in the package.
The OnePlus Ace 3 also includes stereo speakers and supports Dolby Atmos. It has an infrared sensor at the top, and an in-display fingerprint scanner as well. Bluetooth 5.3 is supported here, as is Wi-Fi 7. There are also two SIM card slots included (2x nano SIM).
There are three cameras on the back, with the emphasis on the main one
A 50-megapixel main camera (Sony’s IMX890 sensor, f/1.8 aperture, OIS) is backed by an 8-megapixel ultrawide camera (Sony’s IMX355 sensor, f/2.2 aperture), and a 2-megapixel macro camera (Howe OV02B sensor, f/2.4 aperture). A 16-megapixel selfie camera (Samsung’s S5K3P9 sensor, f/2.4 aperture) is also included.
The phone also includes a Tiangong cooling system with 9,140mm² VC vapor chamber. That should help the phone to stay cool at all times, even during gaming.
The OnePlus Ace 3 measures 163.3 x 75.3 x 8.8mm, and it weighs 207 grams. The device comes in Cool Blue, Gold, and Iron Gray color variants. The pricing starts at CNY2,599 ($365), and goes up to CNY3,499 ($492) in China. OnePlus will start selling this handset in China on January 8. The OnePlus 12R will launch on January 23 for global markets.
Active Directory infiltration methods exploit vulnerabilities or weaknesses in Microsoft’s Active Directory to gain unauthorized access.
Active Directory is a central component in many organizations, making it a valuable target for attackers seeking access to:-
Sensitive information
User accounts
Network resources
While successful infiltration allows threat actors to:-
Establish persistence
Exfiltrate data
Disrupt operations
Cybersecurity researchers at ASEC recently discovered that threat actors are actively exploiting Microsoft’s Active Directory infiltration methods.
DocumentFree Webinar
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Active Directory Infiltration Methods
Active Directory (AD) in Windows manages user and resource data in a network. Domain Controllers control domains in AD, and compromising one means the entire domain is at risk.
In short, the domain Admins have ultimate control, and this ability makes them prime targets for threat actors aiming to exploit the entire domain.
To achieve this, threat actors seeking vulnerabilities first analyze the domain structure using tools like:-
Port scanning extracts network info, including running services and port numbers from a target domain. Threat actors use it to uncover network structure, subnet, and host details.
Cobalt Strike’s default port scanning aids reconnaissance. The tool checks security vulnerabilities in company networks. It encompasses features like:-
Internal reconnaissance
Privilege escalation
Lateral movement
Command and control
Log detecting a port scanning tool (Source – ASEC)
Default in Windows the net commands manage network resources that is useful for user and network data lookup, especially in Active Directory.
Threat actors seize control and then deploy net commands for basic network info collection. While the main net commands were used in attacks on Active Directory environments.
Here below, we have mentioned all the commands:-
net time
net user
net group /domain
net group /domain “Domain Admins”
net group /domain “Enterprise Admins”
net group /domain “Domain Computers”
net group /domain “Domain Controllers”
net localgroup Administrators
PowerView in PowerSploit gathers and displays Windows domain info that helps threat actors in:-
Understanding the network structure
Targeting for privilege escalation
AdFind is also similar to PowerView, which is a command line tool for Active Directory info that offers a stealthier approach.
Besides this, the BloodHound maps attack paths for privilege escalation in Active Directory, utilizing SharpHound for info collection through executable or PowerShell script formats.
Result of parsing the collected information through BloodHound (Source – ASEC)
Infiltrators in Active Directory environments deploy tools like PowerView and AdFind for:-
Reconnaissance
Targeting domain admin privileges
While the BloodHound optimizes lateral movement paths, traditional security software may miss these threats.
The HONOR Magic6 Pro launch is right around the corner. That phone has been surfacing for quite some time now, and it will launch alongside the vanilla Magic6. As we’re waiting for the January 10 launch event, the HONOR Magic6 Pro just surfaced in real-life images. These images come from Digital Chat Station, a well-known tipster. Do note that it’s not the first time we’re seeing a live image of the device, as one appeared last month.
The HONOR Magic6 Pro has surfaced in two real-life images, revealing new details
If you check out the images below this paragraph, you’ll see the phone in two of them. One is showing the device from the front, and the other from the back. The first thing that I noticed is that the sides of the phone seem to be flat.
That was not the case with the HONOR Magic5 Pro, so it’s interesting. The HONOR Magic6 Pro will retain a curved display, though, while its pill-shaped camera hole will move to the central position. That camera island will also be thinner, and wider, it seems.
As you can see in the first image, the bezels on this phone are very thin all around. The frame will be flat around the phone, but it will have slightly curved edges, so that it’s more comfortable to hold.
The second image shows us the phone’s backside
The second image in the gallery gives us a look at the phone’s backside. Truth be said, this image is not of the best quality, which is a shame. Still, we do get to see the phone’s back side, which surfaced several times thus far.
This is the green model of the phone, and it’s made out of metal and glass. You can clearly see the triple camera setup on the back. It looks similar to what the HONOR Magic5 Pro offered, but it’s tweaked a bit.
You’ll notice that the top camera seems to be larger than the rest. That is allegedly a 200-megapixel periscope telephoto camera that HONOR decided to utilize here. The other two cameras are the main shooter and the ultrawide camera.
The Snapdragon 8 Gen 3 is expected to fuel the HONOR Magic6 Pro, while the device will have top-of-the-line specs through and through.