MirrorFace threat actors have been targeting media, political organizations, and academic institutions since 2022, shifting focus to manufacturers and research institutions in 2023.
The attack method evolved from spear phishing to exploiting vulnerabilities in external assets, specifically in Array AG and FortiGate products, while the actors deploy NOOPDOOR malware and use various tools to exfiltrate data, including file listing and content review, after gaining network access.
MirrorFace attack activities timeline
NOOPDOOR, a shellcode, injects itself into legitimate applications through two methods, where Type1 utilizes an XML file containing obfuscated C# code, which is compiled using MSBuild and executed by NOOPLDR.
NOOPDOOR launched by an XML file (Type1)
Type2 employs a DLL file, loading NOOPLDR into a legitimate application via DLL side-loading. Both types retrieve encrypted data from specific files or registry entries, decrypt using AES-CBC based on system information, and inject the code into a target application.
NOOPDOOR launched by a DLL file (Type2)
After the code has been executed, it is encrypted and then saved in a specific registry location so that it can be used during subsequent operations.
NOOPLDR samples manifest in XML and DLL formats, leveraging various Windows processes for injection. XML-based NOOPLDRs primarily use legitimate services for execution and store encrypted payloads in specific registry locations.
DLL variants exhibit more complex behaviors, including service installation and potential hiding, employing registry keys for payload storage.
According to JPCERT/CC, some samples utilize `wuauclt.exe` for both XML and DLL injection, while others rely on processes like `lsass.exe`, `svchost.exe`, and `vdsldr.exe`.
Type 2 employs Control Flow Flattening (CFF) to obfuscate its code, making analysis difficult. While tools like D810 can partially deobfuscate CFF, JPCERT/CC offers a dedicated Python script (Deob_NOOPLDR.py) on GitHub for further deobfuscation.
CFF obfuscated function (Left) and deobfuscated function (Right)
It can communicate over port 443 using a Domain Generation Algorithm (DGA) and receive commands via port 47000.
Beyond standard malware actions like file transfer and execution, NOOPDOOR can manipulate file timestamps, potentially hindering forensic investigations.
Threat actors are actively trying to get Windows network credentials by looking for them in the memory dumps of processes that are running Lsass, the NTDS.dit database for the domain controller, and sensitive registry hives (SYSTEM, SAM, SECURITY) that allow access to the SAM database.
sample event log
The activities, indicative of credential theft, may be detectable through security solutions like Microsoft Defender and EDR products, while access to NTDS.dit is explicitly logged and analyzed by external resources.
Attackers leveraged Windows network admin privileges to spread malware via SMB and scheduled tasks, targeting file servers, AD, and anti-virus management servers, which were logged as Event IDs 4698 and 5145.
Post-intrusion, attackers conducted reconnaissance using uncommon commands like auditpol, bitsadmin, and dfsutil by exfiltrating data using WinRAR and SFTP after enumerating files with dir /s and commands targeting OneDrive, Teams, IIS, and other locations.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The Eureka E10s, a top-selling robot vacuum on Amazon, is now more affordable than ever thanks to a Prime Day discount. With a whopping 50% off its regular price, the E10s is currently available for just $349, making it a smart and cost-effective investment for your home.
The E10s is not just a robot vacuum; it’s a unique and innovative cleaning solution. Its dock, with a bagless design, automatically empties the dirt and dust from the robot vacuum, a feature that sets it apart from other robot vacuums. This unique design is sure to pique your interest and make cleaning a breeze.
Eureka is leveraging advanced technology usually found in premium vacuums
Eureka also uses Multi-Cyclonic Separation Technology to efficiently separate dust and fine particles from the air that enters the collection station. This technology helps to ensure strong and consistent suction power. In contrast, traditional dust collection systems lose suction power over time as dust accumulates on the filter and eventually clogs it. This is why some docks aren’t able to empty the dustbin in the robot vacuum fully. An added benefit of Eureka’s Multi-Cyclonic Separation Technology is the prolonged life of the filter.
The Eureka E10s not only features a convenient self-emptying dock but also boasts impressive cleaning capabilities. Its powerful 4,000Pa suction easily removes the most stubborn debris from floors. Additionally, the E10s includes a mop lifting feature that raises the mop 10mm to prevent carpets from getting wet during cleaning. This versatile robot vacuum can even vacuum and mop simultaneously, providing efficient and thorough cleaning in one pass.
Why should you buy the Eureka E10s? Simply put, robot vacuums can be expensive to maintain. Not only do you have the initial purchase price, but also the ongoing cost of replacement parts. Eureka eliminates one of those recurring costs: dust bags. If you typically empty your dust bag monthly, you’re spending around $6 per bag, which comes out to around $70 per year. The E10s does away with that expense entirely.
Eureka is offering major discounts on other products for Amazon Prime Day
Eureka’s Prime Day deals extend beyond the E10s robot vacuum. The popular NEW400 wet-dry vacuum will be available for $129, while the Eureka RapidWash, offering extended runtime and superior suction, will be discounted to $229.
If you’re in the market for a new upright vacuum, Eureka has you covered this Prime Day as well. The Eureka OmniVerse is going to be on sale for $199. The OmniVerse does feature tangle-free technology, making it an excellent purchase for pet owners.
The popular Eureka Spot Cleaner is also on sale for Prime Day, with a price of $89.99, bringing it down to an all-time low price. This is a great vacuum for cleaning upholstery, spot cleaning, and so much more.
And last but not least, the Eureka RapidClean Pro is on sale for $109. This is a cordless stick vacuum that is perfect for complementing a robot vacuum like the E10s.
In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware doesn’t use leak sites or double extortion.
Their tactics include data theft, encryption, and ransom requests with threats of other attacks.
Cybersecurity researchers at Cybereason identified that HardBit ransomware has been actively using Passphrase protection to evade security measures.
HardBit Ransomware & Passphrase Protection
They talk through TOX which is a peer-to-peer messaging system. Although it is unknown what their initial infection method is, they seem to resemble LockBit Ransomware in some ways.
Their observed TTPs consist of RDP and SMB brute-forcing, credential theft utilizing Mimikatz NLBrute, and possible utilization LaZagne NirSoft tools.
HardBit ransomware necessitates the input of an authorization ID and encryption key. It also turns off Windows Defender, stops services, and prevents system recovery by using BCDEdit, Vssadmin, WBAdmin, and WMIC in advance of file encryption.
Binary unpacking is part of the complex ransomware process that includes file infection as well as manipulation of systems to ensure successful execution and prevent recovery.
HardBit ransomware selectively encrypts files, updates infected machines, and uses encrypted email contacts. It’s obfuscated with Ryan-_-Borland_Protector Cracked v1.0, a modified ConfuserEx.
The GUI version offers ransom and wiper modes, with wiper mode requiring additional authorization. Configuration file hard.txt can enable wiper mode.
HardBit has evolved through versions 2.0, 3.0, and 4.0, with increasing sophistication in functionality and obfuscation techniques.
Recommendations
Here below we have mentioned all the recommendations:-
Enable Application Control to block execution of malicious files.
Activate Predictive Ransomware Protection.
If Predictive Ransomware Protection is unavailable, enable Anti-Ransomware.
Enable Variant Payload Prevention on your security solution with Prevent mode.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails from the internet[.]ru domain.
PDF links trigger exe payload downloads, which encrypt files with the “.shadowroot” extension, which is actively compromising various global organizations, including healthcare and e-commerce sectors.
PDF attachment
A PDF attachment containing a malicious URL linking to a compromised GitHub account has been identified as the initial access vector, which downloads an executable payload named “PDF.FaturaDetay_202407.exe,” suggesting potential malware delivery and subsequent system compromise.
The analyzed 32-bit Borland Delphi 4.0 executable deploys secondary payloads, RootDesign.exe, Uninstall.exe, and Uninstall.ini, to the “C:\TheDream” directory.
RootDesign.exe uses randomized class names, special characters, and obfuscated function names protected by DotNet Confuser Core 1.6 obfuscation to avoid detection.
The primary executable utilizes PowerShell to stealthily execute RootDesign.exe, which indicates possible malicious activity.
Obfuscated function and class name
The command executes a hidden PowerShell script from “C:\TheDream\RootDesign.exe”, spawning multiple child processes and creating mutexes “Local\ZonesCacheCounterMutex”, “Local\ZonesLockedCacheCounterMutex”, and “_SHuassist.mtx”.
These processes use memory to replicate themselves recursively, consuming an increasing amount of system resources.
Simultaneously, they encrypt various non-PE and office files, replacing their extensions with “.ShadowRoot” and logging their actions in “C:\TheDream\log.txt” with the marker “ApproveExit.dot.”.
Encrypted files with the ShadowRoot extension
According to ForcePoint, the ransomware employs the.NET AES cryptographic library for file encryption, repeatedly encrypting files via recursive self-propagation using RootDesign.exe, leading to excessive resource consumption and multiple encrypted file copies.
It displays ransom notes in Turkish, demands cryptocurrency payment through an email-based contact mechanism, and exfiltrates system information to a command-and-control server via SMTP on smtp[.]mail[.]ru, port 587, using a compromised email account.
C2 connection
A novice attacker targets Turkish businesses with a rudimentary ransomware campaign, where the malicious PDF invoices with links prompt the download of a Delphi payload and the execution of a dotnet confuser-obfuscated binary.
The ransomware encrypts files with the “.ShadowRoot” extension and communicates with a Russian SMTP server, suggesting limited capabilities and potential inexperience.
Threat actors are distributing malware via email using the email addresses Kurumsal[.]tasilat[@]internet[.]ru, ran_master_som[@]proton[.]me, and lasmuruk[@]mailfence[.]com.
The malware payload, with hashes CD8FBF0DCDD429C06C80B124CAF574334504E99A and 1C9629AEB0E6DBE48F9965D87C64A7B8750BBF93, is hosted on hxxps://raw[.]githubusercontent[.]com/kurumsaltahsilat/detayfatura/main/PDF.FaturaDetay_202407.exe.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The hackers weaponize 7zip files to pass through security measures and deliver malware effectively.
These archived files can hide malicious content, which makes it more difficult for antivirus programs to identify threats.
In early 2024, Cofense researchers discovered a new kind of malware known as Poco RAT that mainly targeted individuals who spoke Spanish and were employed in the Mining industry.
At first, it was delivered through a Google Drive-hosted 7zip archive focusing on file execution, anti-analysis, and C2 communication.
By Q2 2024, four sectors had been reached by Poco RAT; however, mining (67% of campaigns targeting one company) still remains its major objective.
The malware is characterized by its custom code that’s narrow in scope and more focused on basic RAT functionality rather than extensive monitoring or credential harvesting. Besides this, the Poco RAT attacks maintain consistency in their TTPs.
Sectors targeted by email volume (Source – Cofense)
Here below, we have mentioned all the email features:-
Finance-themed content
Spanish language used
Links to Google Drive-hosted 7zip archives
Either direct links or embedded links in attached files
Email seen delivering Poco RAT via a Google Drive link (Source – Cofense)
Poco RAT is distributed through 7zip archives containing executables, delivered via three methods. Here below we have mentioned them:-
Direct Google Drive URLs in emails (53%)
Links embedded in HTML files (40%)
Links within attached PDFs (7%)
These tactics exploit legitimate file hosting services to bypass Secure Email Gateways (SEGs).
The HTML method adds an extra layer of obfuscation by first downloading an HTML file that then links to the malware and reads the report.
Although the PDF method is the rarest, it’s potentially the most effective at evading detection, as SEGs often consider PDFs non-malicious and may miss embedded URLs.
This multi-layered approach demonstrates the threat actors’ sophistication in leveraging various file types and hosting services to maximize successful malware delivery.
Poco RAT uses POCO C++ libraries, a Delphi-based malware that arrives as an executable.
Despite extensive metadata attempts to evade detection, it faces average detection rates of 38% for executables and 29% for archives.
The malware establishes persistence via registry keys, injects into the legitimate grpconv.exe process, and communicates with a C2 server at 94.131.119.126 on specific ports.
While its primary functions include gathering environment information, it can also download and execute additional malware, potentially leading to more severe compromises.
The malware’s use of popular open-source libraries and legitimate processes demonstrates its attempt to blend in with normal system operations.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the upcoming Paris Olympics.
On June 23, 2024, a Russian hacktivist group known as the “People’s Cyber Army” (Народная Cyber Армия) and their allies, HackNeT, announced their intentions to launch Distributed Denial of Service (DDoS) attacks on multiple French websites.
This announcement has raised concerns about the cybersecurity of the Summer Olympics, which is set to take place in Paris.
Figure 1: Official Telegram channel of People’s Cyber Army
The Announcement and Initial Attacks
According to the Cyble Research & Intelligence Labs (CRIL) researchers, the People’s Cyber Army made its first post regarding its campaign to target the Paris Olympics on its Telegram channel on June 23, 2024, at 0840 hours UTC.
This post was followed by a claim of a successful DDoS attack on the website of Festival La Rochelle Cinéma (Fema) (festival-larochelle.org) at approximately 0830 hours UTC.
They supported their claim with a link to a domain downtime monitoring website, ‘check-host.net.’
HackNeT joined the campaign three hours later by forwarding the same post from the People’s Cyber Army’s Telegram channel.
Shortly after, HackNeT claimed to have successfully DDoSed the website of the French palace cum cultural and exhibition center, Grand Palais (Paris) (grandpalais.fr).
Second post from HackNeT Telegram Channel
Overview of Threat Actor’s Activities
The People’s Cyber Army is a notorious hacktivist group with a history of high-profile cyberattacks. One of their most significant attacks was on Ukraine’s nuclear agency. The group is linked to APT44, Sandworm, FROZENBARENTS, and Seashell Blizzard.
Their first mention dates back to March 2022, and since then, they have amassed a significant following on their Telegram channel, currently known as CyberArmyofRussia_Reborn, with 51,000 subscribers.
The People’s Cyber Army regularly collaborates with other pro-Russian hackers, including NoName057(16), HackNeT, CyberDragon, and UserSec Collective.
They are politically motivated and often publish justifications for their attacks on their Telegram channel.
The People’s Cyber Army’s DDoS tool is coded in Python and features various techniques for carrying out Layer 4 and Layer 7 attacks.
The tool utilizes both multithreading and multiprocessing to send requests simultaneously, increasing the effectiveness of the attack. It also has proxy support to hide the attacker’s IP address, making it harder to track the attack.
The group encourages its Telegram subscribers to use these tools by posting brief tutorials on how to install and use them.
Telegram Post describing the use of DDoS tools
HackNeT: An Emerging Threat
HackNeT is a pro-Russian group that began operations in February 2023. It should not be confused with the Xaknet group, which has been inactive since November 2023.
HackNeT conducts politically motivated attacks and often collaborates with other pro-Russian hacktivist groups, including NoName057(16), People’s Cyber Army, CyberDragon, 22C, and UserSec Collective.
The People’s Cyber Army’s connection with APT44 underscores the seriousness of the threat. Given the group’s consistency in statements and history of attacks, it is crucial to investigate this incident thoroughly.
The announcement of these “training DDoS attacks” suggests that the group is preparing for larger-scale attacks during the Summer Olympics in Paris.
The cyber threat posed by the People’s Cyber Army and HackNeT is a significant concern for the upcoming Paris Olympics.
The international community and cybersecurity experts must remain vigilant and take proactive measures to safeguard the event’s digital infrastructure.
As the Olympics draw closer, the potential for more sophisticated and large-scale cyberattacks looms, necessitating a coordinated and robust defense strategy.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
A new feature coming to the Photos app in iOS 18, iPadOS 18 and macOS Sequoia will help users fix and recover lost and damaged photos and videos. A “Recovered” album in the Photos app appears in the Utilities section of the app. You’ll see it if there are photos and videos that are not part of the Photos app. The “Recovered” album, if it appears in your Photos app, can be used to permanently delete or restore images and videos stored in the album.
There are reasons why photos and videos can get lost. One reason is a data corruption issue similar to the one that caused photos that had been deleted to return to the Photos app. Or some images just might not correctly get saved to the Photos library. Third party apps with permission to access and manage your Photos library can also cause photos to go lost or become damaged.
The “Recovered” album will appear on the Photos app if and only if there are damaged or lost photos or videos on your iPhone. You can check by following these directions:
Open the Photos app.
Scroll down and find “Utilities.”
Tap on “Recovered” and verify your identity using Face ID or Touch ID.
Tap on a photo or video and choose to “Permanently Delete” or “Restore to library.”
When upgrading to iOS 18, iPadOS 18, or macOS Sequoia, your device will scan automatically for damaged or lost images or videos that can be recovered. To reiterate, if your device doesn’t have any lost or damaged images or videos, you will not see the “Recovered” album on your phone. This should prevent that earlier issue where previously deleted images started surfacing again on the Photos app.
Apple releases iOS 18 Public Beta 1. | Image credit-PhoneArena
Apple today released iOS 18 public beta 1 which is actually the same version as iOS developer beta 3. Usually, the developer beta is released first and Apple goes through feedback from developers looking for big issues to patch before releasing the next version of the public beta.
To install iOS 18 developer beta 3 or iOS 18 beta, go to Settings > General > Software Update. At the top of the screen, tap on Beta Updates and choose the option you want ranging from off (no iOS 18 betas will appear), iOS 18 Developer Beta, or iOS 18 Public Beta. To repeat, from this moment on, the developer beta and public betas will be the same except that the developer betas will arrive a little earlier.
After making your choice, hit the back button in the upper left corner and you will see an invite to install the iOS 18 beta version you picked. Follow the directions to install it on your phone. Before you install any beta, make sure that you recently backed up your phone on iCloud.
The Samsung Galaxy Z Fold 6 might look like a pretty minor upgrade on paper, but as I’ve found out in the time I’ve been using it since Unpacked, it’s much more than that. The Galaxy Z Fold 6 is more durable this year, and it even has a dust rating this time around. However, it’s still smart to pick up a case or two for your new Galaxy Z Fold 6, so that if you do drop it, it’s not destroyed. Luckily, we have scoured the internet for some of the best Galaxy Z Fold 6 cases around and have listed them here.
Best S Pen Case
Right off the top, we have the Galaxy Z Fold 6 S Pen Case. Now we believe that this is the best case available for the Galaxy Z Fold 6, since so many people love the S Pen. And this case gives you a place to store it when you’re not using it. This case does start at $99 but keep in mind that you are getting an S Pen here, which is typically priced around $50-$60 by itself. However, right now, this is priced at just $49, which is an absolute steal for this case.
Samsung is offering the S Pen Case in three colors this year, gray, navy, and pink, to match the three main colors of the Galaxy Z Fold 6. While we have not tested this newer version of the S Pen Case, we did use last year’s version quite a bit with the Galaxy Z Fold 5. And this year it is even thinner, which we did get to check out at hands on ahead of Unpacked. It’s a really nice silicon case that protects the back, sides, and front of the phone while also giving you a slot for the S Pen. It also prevents the phone from wobbling as much.
When it comes to the best slim case for the Galaxy Z Fold 6, look no further than Spigen. With the new Slim Armor Pro, we have an impressive case for the Galaxy Z Fold 6, which even includes protection for the hinge. Most foldable cases forget about the hinge, but not the Slim Armor Pro. It does have a nice part that covers the hinge, though we would definitely prefer this to be a kickstand.
Spigen is generally pretty inexpensive, but this is actually one of the more expensive cases on this list, coming in at $74.99 (however, at the time of writing this, there is a 5% off coupon you can clip). It’s available in black, gray, and blue. It mostly matches the colors of the Galaxy Z Fold 6, but it leaves out the pink.
With this case, Spigen is making it easier to hold onto your Galaxy Z Fold 6, so that you are less likely to drop it. And that is definitely important for a $1,899 phone.
When it comes to leather cases for foldables, the pickings are pretty slim. But, Samsung is offering its own leather case once again, called the Kindsuit Case. This case looks and feels like leather, but Samsung never mentions leather at all when it comes to this case. I checked it out in person at hands-on with Samsung ahead of Unpacked, and it is definitely vegan leather. So it won’t patina as nicely as most of those iPhone cases, unfortunately.
Samsung does offer the Kindsuit Case in two colors: brown and black. Though it’s worth mentioning that the black case is sold out for quite some time. These are priced at $89.99, and is usually on sale for under $70.
This is a stunning case for your Galaxy Z Fold 6, especially if you’re not into the bold and bright colors of some other cases. This keeps your phone looking professional, but unique. Samsung says that this case is stylish and fashionable, while highlighting the cameras bold design. It also sports a soft inner lining that will help provide additional protection for your phone.
As someone that does use an iPhone, MagSafe cases like this one from TORRAS always catch my eye. This has the magnetic ring on the back, so you can pop on a MagSafe battery pack or any other accessory for your Galaxy Z Fold 6. It also includes a slot for your S Pen, making it a really great case for everything you might need.
TORRAS is selling this case for $79.99, and it only comes in a translucent black color, unfortunately. So you can’t match it up with the Silver Shadow or Midnight colors of the Galaxy Z Fold 6.
This case does also have a raised lip for the screen and camera, to keep either one from getting scratched. As mentioned, it doe have a dedicated holder for the S Pen too, instead of having to make the case thicker, it’s simply wider.
TORRAS has also rigorously tested this case, and it is 3x military shockproof protection, so you can drop your phone in this case and not be worried about it shattering. Which is definitely a good thing, after all this is a $1899+ smartphone.
Samsung also makes the best-rugged case for the Galaxy Z Fold 6, and surprisingly, it’s cheaper than most other cases here. This one is the SHLDAir Rugged Case and it goes for $69.99.
This case is a pretty popular one, and it’s already sold out at Samsung, but it should be back pretty soon. Samsung says that there is 3.4mm padding on all four corners here based on SHLDAir technology, providing strong protection that has passed the military standard test MIL-STD-810G. So you can rest assured that your new Galaxy Z Fold 6 is nice and safe inside this case.
Like a lot of other cases, the SHLDAir Rugged Case does have a raised edge, which will protect the screens and the cameras from any drops. However, one thing that many people usually worry about with these cases are, wireless charging. Don’t worry, wireless charging still works with the SHLDAir Rugged Case, while also adding a nice secure grip to your phone.
Samsung does indeed make some really good cases, and this Silicon case is no different. Instead of just being a silicon case, Samsung has also added more functionality. So, there is a kickstand on the right side of the back portion, which is near the center when the phone is unfolded. There is also a strap on the left side, which makes it easier to hold onto your new Galaxy Z Fold 6. Some people think this makes the case look cheap, but I really like the functionality of this silicon case. It makes the $84.99 MSRP a bit easier to stomach.
The Silicone Case is available in both white and gray, and there is also a version that is clear (though that is not “silicone” obviously) without the kickstand. It’s a great looking case, in fact the picture at the very top of this article is of the clear version of this case on the pink Galaxy Z Fold 6. I got a chance to spend some time with it ahead of Unpacked, and I actually really liked it, and I’m not a big clear-case person. However, the only downside is that the clear version does not have a kickstand.
If you’re looking for a good silicone case for your Galaxy Z Fold 6 that can do more than just protect your phone, then this is the case to get.
The best clear case available right now for the Galaxy Z Fold 6 is actually the Guflire Clear Case with S Pen holder. This case is also pretty cheap, coming in at $34.99. However, that does make me think that this is going to yellow pretty quickly. Unfortuantely, Samsung’s own clear case is out of stock so we can’t list that, and there aren’t many other options.
This almost looks like a clear version of Samsung’s S Pen case for the Galaxy Z Fold 6, where it has a slot on the backside of the case to hold your S Pen. It’s a great option, since Samsung still has not added an S Pen silo to the Galaxy Z Fold 6 – this is likely down to the amount of space available inside the phone.
Samsung was expected to introduce its new S series tablets at the recent Unpacked event. Unfortunately, it didn’t happen. However, the company did reveal that the Galaxy Tab S10 series of slates will be available before the end of 2024. Now, Max Jambor, a reliable Samsung tipster, suggests that the Samsung Galaxy Tab S10 series will launch in October.
Samsung could first introduce the higher-end Galaxy Tab S10 Ultra variant in October
According to the source, Samsung will first launch the higher-end Galaxy Tab S10 Ultra variant in October. Reiterating to a previous post on Allround-PC, the tipster claims that the Tab S10+ model would not “be unveiled together” with the Ultra variant. Some reports indicate that Samsung will not launch a base model of the Tab S10 series at all this year.
The last two generations of the Galaxy Tab S series arrived in three models. However, this year, the company is going for a dual-variant lineup. There’s a possibility that Samsung will launch the Galaxy Tab S10 Ultra alongside its Android XR headset.
Both the products in these categories could go official at the upcoming Samsung Developers Conference on October 3. Notably, some previous reports suggested that Samsung will launch the Tab S10 series alongside the Galaxy S24 FE. It is merely speculation at the moment, so take this information with a grain of salt.
The Galaxy Tab S10 Ultra will be virtually identical to the Tab S9 Ultra in terms of design
Notably, we published a batch of renders of the Galaxy Tab S10 Ultra in collaboration with OnLeaks. The Galaxy Tab S10 Ultra will be virtually identical to the Tab S9 Ultra in terms of design. It will offer a large 14.6-inch display and a slim waistline. The Snapdragon 8 Gen 3 processor will power the top-tier Android tablet.
The Galaxy Tab S10+ will go on a different route with its SoC by opting for the MediaTek Dimensity 9300+ chipset, paired with 12GB of RAM. Sadly, no more details regarding their other specifications and pricing are available at the moment.
AT&T, one of the largest mobile carriers in the US, suffered a data breach earlier this year. A group of hackers managed to access the sensitive data of many company clients. Now, a new report claims that AT&T paid the hackers to delete the stolen data.
According to Wired, AT&T paid around $370,000 to hackers from the ShinyHunters group to delete the compromised data. The report indicates that, after payment, the group sent a video showing that it actually deleted the data. Initially, ShinyHunters asked for up to 1 million dollars, but after a stage of negotiations, both parties settled on a lower figure.
ShinyHunters reportedly got $370,000 from AT&T to delete compromised customer data
The negotiation between AT&T and ShinyHunters would have been carried out through an intermediary known as Reddington. The report indicates that the same intermediary has already worked for ShinyHunters in negotiations with other affected companies. The script used for the breach had the potential to compromise the data of more than 160 brands. It is known that big names such as Ticketmaster and Santander Bank are on the list.
Going back to AT&T, the stolen data included up to 6 months of user text and call records. The affected records were those made between May and October 2022. The company had already admitted this year that it suffered a previous hack in 2021, impacting user data from 2019. When news of the latest hack became known, AT&T attempted to calm the waters by claiming that data such as names, Social Security numbers, or dates of birth had not been compromised. However, the info obtained by hackers could be used to track the identities of those affected using online tools.
Reddington claimed that the ShinyHunters group deleted the only existing complete copy of the data. However, the negotiator also warned that there may be excerpts remaining. AT&T would have paid the “fee” in Bitcoin on May 17.
Other big companies were affected
It’s noteworthy that the data breach did not directly attack AT&T. Instead, it attacked Snowflake, a third-party cloud storage company trusted by other large companies. The ShinyHunters group managed to obtain the login credentials of a Snowflake employee. From there, they managed to access private data from third parties.
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
