It’s now easier to access your passwords on your Pixel phone

0
[ad_1]

Owning a Google Pixel device has its own benefits, and one of them is having quick access to all the saved passwords on your Google account. Once you sign into your Google account, you’ll see that all of your passwords are readily available right on the phone. However, getting to your passwords can be a bit of a tedious task. So, the company thought that it would rectify this. According to a new report, it’s now easier to access the password manager on your Pixel phone.

Getting into your password manager on your Pixel phone was always pretty tedious. Not only that, but it was rather counter-intuitive. It wasn’t as in-your-face as most other features. So, people who aren’t quite tech-savvy may not even know that the feature exists. You have to go to the settings, tap on the Google button, go to Autofill, go to Autofill With Google, and then tap on Google Password Manager. That’s about as tedious as it gets.

Thankfully, Google added a new Password Manager shortcut for Pixel phones

This is another example of why the system search feature in stock Android comes in handy. All you have to do is tap on the Google search bar on the home screen or in the app drawer and start typing in what you want to search for. You will find results from online sources, but you’ll also see results of apps and services locally on your device.

Well, on the most recent version of Android 14, it looks like Google added a shortcut for the Password Manager. Instead of navigating to your settings and jumping through all of the Hoops, all you have to do is open the search bar and start typing in the word “password.”

Google password manager new shortcut

When you do that, you will see a new Google password manager icon pop up. It will be at the top of the results. Just tap on the icon, and you’ll be able to access your passwords. This is an excellent solution for people who constantly want to keep an eye on their passwords but don’t want to constantly navigate through the settings


[ad_2]
Source link

Elon Musk-owned X’s valuation drops by 71%, reveals investor

0
[ad_1]

Once Twitter, now X, is losing its value. Since Elon Musk acquired Twitter and rebranded it as X, its valuation has plummeted by 71%, according to investment firm Fidelity. Billionaire Elon Musk bought Twitter for $44 billion in 2022, and the venture, once valued at $44 billion, now stands at an estimated $12.5 billion.

The valuation of Twitter/X has dropped by 71%.

The financial firm that assisted Musk’s acquisition disclosed that X’s value declined by over 10.7% in just November, following Musk’s controversial remarks that dissuaded key advertisers. Fidelity had previously devalued its X holdings during Musk’s leadership.

Axios was the first to report on this matter, noting that the 10.7% drop in November was a result of Musk’s “Go f**k yourself” comment during an interview with the New York Times. Furthermore, more than 200 companies withdrew their ads from the platform, leading to a decline in X’s ad revenue.

Notably, Fidelity did not disclose the size of its current X stake, valued at $5.6 billion. The rationale behind Fidelity’s revised valuation remains unclear, leaving it uncertain if they have access to undisclosed information from the company.

It appears that X is making efforts to regain momentum. Recently, the platform reintroduced headlines to link previews, reversing one of its most unpopular changes. Only time will tell whether this move helps improve the company’s finances. But it sure will have a say because X is largely a platform for sharing information. And headlines play a major role, here.

Despite X’s deteriorating condition, Elon Musk remains the world’s richest person

Despite encountering economic challenges and personal controversies, Elon Musk continues to reign as the world’s financial leader. He has reclaimed his position as the wealthiest individual globally. His net worth is valued at $229 billion, according to a Bloomberg report. In 2023, Musk’s wealth surged by an astounding $92 billion, marking a 67.2% increase. This substantial growth primarily stemmed from the appreciation of Tesla, his electric car company. Its shares rose by an impressive 129.8%. In addition to Tesla, Musk also owns SpaceX and, notably, X.


[ad_2]
Source link

Cookies Exploit Allows Persistent Access After Password Reset

0
[ad_1]

A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts. 

Hackers exploit this illicit mechanism to:-

  • Impersonate users
  • Hijack sessions
  • Gain control over sensitive information
  • Gain unauthorized access to websites 
  • Gain unauthorized access to applications

A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that allows persistent access post-password reset. A threat actor later integrated it into Lumma Infostealer, causing a ripple effect across malware groups.

Cybersecurity researchers at Cloudsek recently identified a new critical Google Cookies exploit that enables threat actors to persistently gain Google access after a password reset.

While researchers discovered this critical flaw by using “HUMINT,” and the root of the exploit has been discovered at “MultiLogin,” it’s an undocumented Google OAuth endpoint.

Google Cookies Exploit

On Oct 20, 2023, CloudSEK’s XVigil found ‘PRISMA’ unveiling a potent 0-day solution for Google accounts on Telegram:

  • Session Persistence: Stays valid after a password change, bypassing security.
  • Cookie Generation: Creates valid cookies for uninterrupted access.

Malware reverses to target Chrome’s WebData token_service table that helps in extracting:-

Structure of the token_service table
Structure of the token_service table (Source – Cloudsek)

Besides this, the table holds crucial columns like:-

  • GAIA ID (service)
  • Encrypted_token

Decryption uses Chrome’s Local State encryption key that is stored in the “UserData directory,” which mirrors the password encryption.

Chromium’s source code unveils the MultiLogin endpoint, an internal sync mechanism for Google accounts. 

Google’s chromium source code reveals parameter format, Data Format, and purpose
Google’s chromium source code reveals parameter format, Data Format, and purpose (Source – Cloudsek)

It aligns browser account states with Google’s authentication cookies for a consistent user experience. Besides this, several attempts were made to locate it using Google Dork, but all of them were unsuccessful.

The MultiLogin endpoint manages simultaneous sessions by accepting account IDs and auth-login tokens.

This undocumented MultiLogin endpoint, a crucial part of Google’s OAuth system, allows for the regeneration of cookies. 

Lumma’s sophisticated approach involves encrypting the token: GAIA ID pair, blackboxing the exploit and adding secrecy to its core mechanics.

Black boxing serves two purposes, and here we have mentioned them:-

  • Protection of the Exploit Technique
  • Evasion of Detection

Lumma’s sophisticated exploit manipulates the token: GAIA ID pair, enabling continuous cookie regeneration for Google services. Alarming is its persistence post-password reset, which allows:-

  • Prolonged account exploitation
  • Unnoticed account exploitation

Encrypting the key component signals a shift towards advanced, stealth-focused cyber threats, highlighting the stealth and protection of exploit methodologies in malware development.


[ad_2]
Source link

Galaxy Xcover 7 price revealed in new leak, it’s rugged & affordable

0
[ad_1]

A couple of weeks back, we got word from an industry insider that Samsung would price the Galaxy Xcover 7 at under €400 in Europe. We now have a more precise price tag for the upcoming rugged device. The device will retail for €379 in the region, the same source claims. A launch date is still missing, though.

Galaxy Xcover 7 price revealed in new leak

The Galaxy Xcover 7 is Samsung‘s next rugged Android smartphone. While it follows up the Galaxy Xcover 6 Pro from 2022, the new device is more of a sequel to the Galaxy Xcover 5 from 2021. As the “Pro” branding suggests, the 2022 model was a premium offering. It was priced at €599 in Europe at launch. The 2021 model, on the other hand, debuted with a price tag of €289.

With a sub-€400 price, the upcoming Xcover phone qualifies as an affordable rugged offering from Samsung. Of course, you get a modest set of specs too. Leaks have revealed that the Galaxy Xcover 7 (model number SM-G556B) will sport a 6.6-inch display with an FHD+ resolution. More details are not available, but we expect it to be an LCD panel with a 120Hz refresh rate and a Corning Gorilla Glass Victus+ protective layer on top.

Samsung is rumored to ship the device with MediaTek’s Dimensity 6100+ processor. This chipset has a peak clock speed of 2.2GHz, so you know it isn’t the best performer. However, it comes with an integrated 5G modem. It’s unclear if the Galaxy Xcover 7 will have multiple storage options but the base model will come with 6GB RAM and 128GB storage. The aforementioned pricing is for this variant.

Earlier leaks have also hinted at a 3,950mAh battery for the Galaxy Xcover 7. Samsung will offer 25W wired charging here. Even its flagships feature 25W charging (looking at you, Galaxy S24). Other leaked specs include NFC, Wi-Fi 5, Bluetooth 5.3, and Android 14. Since it is a rugged phone, you can expect strong build quality with IP68 water and dust resistance and drop-to-concrete resistance. We exclusively leaked its official renders in early November.

Samsung also has a rugged tablet in the pipeline

Samsung might launch the Galaxy Xcover 7 alongside the Galaxy Tab Active 5. The latter is the company’s next rugged Android tablet. It will also be an affordable offering, succeeding the Galaxy Tab Active 3 from 2020 rather than 2022’s Galaxy Tab Active 4 Pro. The tablet will be available in Wi-Fi and 5G versions. We expect the Korean firm to unveil the devices within the next few months.


[ad_2]
Source link

GE Profile’s new Revolutionary Smart Indoor Smoker belongs in everyone’s kitchen

0
[ad_1]

GE Profile, which is the brand that GE uses for all of its appliances, has just announced a new Smart Indoor Smoker that will be showing off at CES 2024 next week.

The Smart Indoor Smoker is the “first and only indoor electric smoker with Active Smoke Filtration.” GE Profile has also included connected, industry-first features, innovative technology, and countertop convenience, making it a huge revolution for smoking food.

The Active Smoke Filtration system uses heat and a highly engineered catalyst system to turn real-wood smoke into warm air packed with flavor. It is designed for optimal smoke with custom controls and maximum flavor; this unique airflow system, along with tight gaskets and seals, keeps the smoke in the appliance and not in the kitchen. Making it so that you can actually use this indoors.

GE Profile has added five adjustable smoke settings which will allow users to control the smoke levels until they find their ideal flavor. The customization will allow cooks to explore barbeque favorites and new recipes with ease. There are also six preset food options that will provide amazing results for brisket, pork ribs, pork butt, chicken wings, chicken breast, and salmon, using a heat source at the bottom of the appliance. Users are also able to customize their food and smoke settings for other foods of choice.

Best of all, the Smart Indoor Smoker is dishwasher-safe. So you can remove the racks and drip trays and place them in the dishwasher to cook.

When can you buy the GE Profile Smart Indoor Smoker?

This is one of those CES products that you’d expect to be launching many months from now, if at all. But that’s not the case here. GE Profile Smart Indoor Smoker will be available nationwide in early January, with a suggested retail price of $999.

That’s some pretty quick availability, and it might be the only CES product to launch in the same month as CES.


[ad_2]
Source link

Facebook will make it easier to keep track of the links you open

0
[ad_1]

Facebook turns 20 years old in just over a month, and it’s still unveiling new features to the public. Until now, there wasn’t really a way for you to keep track of the links you open on Facebook. This hasn’t been a big problem, but that’s not stopping the company from making changes. Today, Facebook just introduced us to the link history feature.

Keep track of your links on Facebook

The Facebook help page explains how this feature works, and it’s pretty straightforward. When you view the page with your history, you’ll see a log of the links that you followed. So, you’ll be able to see all of the links that you recently visited on the app.

Not having a history of your links isn’t quite a big issue. Most people go onto Facebook to check up on their friends and post their status, not to browse the internet. So, a link history feature isn’t as crucial to Facebook as it is with Google Chrome or Safari.

However, that is not to say that this feature is useless. If you spend enough time on Facebook, you’re bound to open a handful of links before you call it a day. Tracking down those links on an ever-changing and scrolling feed is nearly impossible. So, if you happen to stumble across a link that lights up your night, you’ll have a way to find it again.

What else should I know about Facebook link history?

There are a few things to note before you try to access your history. Firstly, this feature is still rolling out at the moment. So, there’s a chance that you won’t see it. It might not be available in your area just yet. If you don’t see it, then you’ll want to wait and check back every now and then.

If you’re planning on looking for a link you visited a while back, you’ll be disappointed. This feature will only save your history from the past 30 days. So, if you come across a great link, you’ll only have a month to revisit it.

There are going to be people who don’t like this feature. For those people, there’s a way for you to disable it. Just know that this feature will be enabled by default, so if you don’t like the thought of it, we’ll go over how to disable it later on in the article.

One important thing to know is that (surprising no one) Facebook will use the links in your history to refine its ads for you. So, this is another way for the company to obtain information on you to target its ads. This will be the motivation for more people to disable this feature.

Lastly, Facebook link history is only for people using the mobile app on Android and iOS.

How to disable Facebook link history

It’s pretty easy to disable this feature. Firstly, tap on the three-dot menu at the top right of the screen. There, tap on the Go to Settings button. You’ll see a list of services and features that you can enable/disable. Look for the Allow link history option. Tap on the switch next to it to turn it off. You’ll then get a confirmation popup.

Once you disable it, your link history up to that point will be deleted, so make sure you save any links that you don’t want to lose.


[ad_2]
Source link

This iPhone 15 Pro Case is $2,130

0
[ad_1]

Over the years, we’ve seen some pretty out-there cases for different phones. Typically, the uber-expensive ones are available for the iPhone because, for some reason, there’s the misconception that poor people buy Android and rich people have the iPhone. Even though many Android phones cost more than the iPhone, but I digress.

Yesterday, while surfing on Twitter or X, I saw someone posting about this alternative to Apple’s own FineWoven case. It looked pretty nice, but the post listed the price as $2,130. I thought it had to be a typo for sure until I saw it was Cavier.

For those unaware, Cavier is known for making interestingly expensive custom phones. In fact, they currently have a custom iPhone 15 Pro for $9,410. This one, in particular, has a bas-relief of a miniature “Colt 1911” on the back. The frame is made of 24k gold plating with double electroplated technology. And it even comes in a briefcase. My question has always been, how many of these does Cavier actually sell?

These “updated FineWoven cases” use Hermos Togo and Epsom Leather

Technically, these are not “FineWoven” since they are still leather. However, they do look really nice. They come in three colors: Fine Orange, Fine Blue, and Fine Brown. They are pretty clean, minus the Cavier logo in the middle.

Cavier is using the same leather that is used in the production of Birkin bags. So this is much more high-end than the leather cases you can get from Nomad Goods or Andar. Cavier also says that these are limited, with only 999 made. And I can assure you, they won’t sell out fast.

So why is the price such a big deal? Well, let’s put things into perspective. The Cavier Fine Orange case is $2,130. The iPhone 15 Pro starts at $999, while the iPhone 15 Pro Max starts at $1099. So you could literally buy two iPhone 15 Pro’s and have money left over, even after paying taxes. And nearly two iPhone 15 Pro Max’s. So there’s that. But obviously someone is buying these, otherwise Cavier wouldn’t continue making them.


[ad_2]
Source link

New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices

0
[ad_1]

The Xamalicious Backdoor can gain complete control over a targeted Android device without detection by the device’s security solution.

McAfee’s Mobile Research Team has uncovered a widespread Android backdoor threat, dubbed Xamalicious, showing sophisticated tactics to compromise user devices. The malware has exploited the Xamarin framework, employing its capabilities to hide malicious code within the APK file build process, enabling it to operate undetected.

This threat aims to gain accessibility privileges through social engineering, communicating with a command-and-control server to download a second-stage payload injected at runtime.

Once installed, the malware takes full control of the device, enabling various fraudulent actions such as clicking on ads, installing apps, and other financially motivated activities without user consent.

Financial Motivation Unveiled:

What sets Xamalicious backdoor apart is its direct connection to the notorious ad-fraud app, “Cash Magnet.” This link exposes a financially motivated agenda behind the attacks, as Cash Magnet engages in automated ad clicks, app installations, and other actions to generate fraudulent revenue.

Ubiquitous Distribution and Persistent Threat:

According to the McAfee Mobile Research Team’s blog post, approximately 25 malicious apps carrying Xamalicious backdoor have been identified, some of which infiltrated Google Play since mid-2020. Despite Google’s proactive removal of these apps, the threat persists through third-party markets, compromising over 327,000 devices.

The impact of this threat is far-reaching, affecting users across continents. The most significant activities have been observed in the USA, Brazil, Argentina, the UK, Spain, and Germany.

New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices
Countries targeted by Xamalicious Backdoor (Screenshot: McAfee Mobile Research Team)

Some of the affected apps that McAfee is urging users to delete are:

  • LetterLink
  • Logo Maker Pro
  • Track Your Sleep
  • Auto Click Repeater
  • Universal Calculator
  • Sound Volume Booster
  • Sound Volume Extender
  • Count Easy Calorie Calculator
  • Step Keeper: Easy Pedometer
  • 3D Skin Editor for PE Minecraft
  • Essential Horoscope for Android
  • Astrological Navigator: Daily Horoscope & Tarot
  • NUMEROLOGY: PERSONAL HOROSCOPE & NUMBER PREDICTIONS.

Dynamic Second-Stage Payload Raises Alarms:

Once installed, the second-stage payload of the Xamalicious backdoor grants the malware full control over the device. This capability allows the malware to self-update the main APK and execute various activities, from acting as spyware to potentially operating as a banking trojan, all without requiring user interaction.

Exploitation of Accessibility Services:

The modus operandi of the Xamalicious backdoor involves tricking users into granting accessibility service permissions. Exploiting vulnerabilities and prompting users to activate these services despite OS warnings manually, the malware gains a foothold on the device.

New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices
Malware asking for Invasive permissions (Screenshot: McAfee Mobile Research Team)

Stealthy Data Collection and Encryption:

Xamalicious backdoor goes beyond typical malware by collecting extensive device information and communicating with a command-and-control server. The communication is safeguarded through the use of JSON Web Encryption (JWE) tokens. The malware’s DLL contains hardcoded RSA key values, opening the door for potential decryption during analysis.

Protective Measures for Users:

If you are using Android devices, it is crucial to protect them from the Xamalicious malware and other emerging Android threats. Users are strongly advised to exercise caution when granting accessibility service permissions, particularly when an app does not have a legitimate need.

Installing reputable security software, such as McAfee Mobile Security, is recommended to mitigate the risks associated with malware infections. Regular updates are crucial to ensure ongoing protection against evolving threats in the mobile landscape. Stay informed, stay protected.

  1. Fake YouTube Android Apps Used to Distribute CapraRAT
  2. Android Malware FjordPhantom Steals Funds Via Virtualization
  3. Amazon, eBay and Afterpay as Top Android User Data Collectors
  4. New MMRat Android Trojan Uses Fake App Stores for Bank Fraud
  5. Android TV Boxes Infected with Backdoors, Hacking Home Networks

[ad_2]
Source link

Galaxy S24 to feature Browsing Assist AI, advanced video editor

0
[ad_1]

It is now official. Samsung has confirmed that it will unveil the Galaxy S24 series on January 17. The company has started hyping up the phones. Its teasers particularly highlight the AI capabilities of the new flagships. Leaks have already revealed many AI features the Korean firm will introduce with the Galaxy S24 lineup. A new leak says the phones will feature Browsing Assist AI and a built-in video slo-mo tool.

Galaxy S24 to get AI-powered browsing assistance and video editing tools

According to X tipster Ahmed Qwaider, the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra will introduce a feature called Browsing Assist AI. It appears to be an AI-powered tool that can enhance your internet browsing experience, particularly when reading articles. The tool offers three features. Firstly, it can highlight the important parts of an article. If you want a shorter summary with key points, it can generate that too.

Additionally, if the article is in a foreign language, Browsing Assist AI can quickly translate it to a language of your choice. The best thing about this tool is that it is built into the system, i.e. One UI 6.1. You don’t need a separate app or anything. You can pull up the tool whenever needed. Previous leaks and Samsung’s official teasers suggest some AI features will work offline on the device while others will require an internet connection.

The same X post by Ahmed Qwaider says you will be able to compress a video directly from the built-in video player without requiring a separate app. You can also select a portion of the video and quickly create a slow-motion version of it, all within the Gallery. It is unclear whether this works offline. Fine prints on Samsung’s Galaxy S24 teasers have confirmed that the AI-powered photo and video editing tools won’t be available offline.

Samsung’s One UI 6.1 brings more AI features

The Galaxy S24 series will arrive with One UI 6.1, the latest iteration of Samsung’s Android-based custom software. Leaks have already revealed that the new One UI version will bring tons of AI features. The company is using AI to enhance the Galaxy experience. AI features are found everywhere from cameras and the gallery to settings and other system apps. It remains to be seen if older Galaxy flagships will get these features. Samsung will push the One UI 6.1 update to the likes of the Galaxy S23 following the Galaxy S24 launch.


[ad_2]
Source link

X finally brings back headlines in link previews

0
[ad_1]

Since Elon Musk took over Twitter and moved it to X, the platform has undergone several changes. These changes included introducing paid verification badges and removing headlines from link previews, among others. However, X, formerly Twitter, is bringing back headlines to link previews. Interestingly, this change only impacted iOS and web users, leaving Android users unaffected. Musk initially removed the headlines to enhance the platform’s “esthetics”, but his decision may have been influenced by a Reuters article he shared without context in November.

X, formerly Twitter, shines again with headlines in link previews

Musk had hinted about this move so it doesn’t come unexpected. In November, as we reported, he called for headlines in posts. He had briefed about the change that the title will be in the “upper po[r]tion (sic).” However, he maintained his stance on “esthetics” and said, “I hate those giant, ugly URL cards.”

Finally, as we enter 2024, the link previews now offer more details than just an image and the website name. These previews now present the article headline or webpage title in a compact format. However, quite contrary to previous hinting, the headline appears in the bottom left corner as white text against a black backdrop. Folks at 9to5Google noted that the condensed format of the headline can pose readability challenges for longer titles. The default display size truncates headlines that exceed a few words, and this problem worsens on narrower screens.

The change is available on the web version, coming to iOS soon

So far, the latest update is available only on the web version, but it’s anticipated to roll out to the iOS app shortly. And Android users? Well, they were lucky enough to never go through this transition for undisclosed reasons.

This update coincides with X receiving another valuation reduction, this time from its investor, Fidelity. Fidelity, which invested $300 million in X during Musk’s $44 billion buyout in 2022, now believes X is worth 71.5% less than what it was then, as shown in recent SEC filings.


[ad_2]
Source link