Google will delay December 2023 Google Play System Update

0
[ad_1]

Google has decided to skip the December 2023 Google Play System update. These updates might not be something you’re familiar with, but they play an important role in keeping your phone running smoothly and fixing bugs, even if your device isn’t getting a major Android update. While these updates typically roll out every month, Google is taking a break this December. Don’t worry, though! The next update is right around the corner, arriving in January 2024.

Google Play System’s next update will fix app crashing issue

Android expert Mishaal Rahman shared some news. He pointed out that Google employees have mentioned that there won’t be a December 2023 Google Play System update. But the January update will bring a fix for a pesky issue that causes certain apps to crash. So, if you’ve already received the November 2023 update, you’re good to go until then!

Why these updates are a big deal?

Remember the early days of Android? Those updates were frequent, but they weren’t always delivered quickly or consistently. In some cases, some devices never received updates at all. To fix this, Google introduced Project Treble. This helped phone makers deliver updates to their devices without having to wait for everyone else.

Then came Project Mainline with Android 10, built on the foundation laid by Treble. Mainline took things a step further by making it easier to update critical parts of the Android system. This means Google could, then, fix bugs and improve performance without relying on phone manufacturers to push out updates.

Project Mainline works through special components called Mainline modules. These modules are delivered to your phone through Google Play Services, not the traditional Play Store app. There are 25 modules in total, and ART is one of them. It stands for Android Runtime and is a crucial tool in Android that helps apps run smoothly. With Android 12, ART received a significant upgrade, making it even easier for Google to send updates and improvements.


[ad_2]
Source link

Navigating eSIM Policies and Regulations

0
[ad_1]

As eSIM technology becomes more widely adopted, we can expect to see even more devices and carriers offering support for this new generation of SIM cards.

eSIM, which stands for embedded SIM, is a new generation of SIM card technology that’s soldered directly onto the motherboard of your device, like a smartphone or smartwatch. Unlike traditional SIM cards, which are removable plastic cards with a gold chip, eSIMs are permanent fixtures within your device.

As the adoption of eSIM technology, such as the Global YO eSIM App, continues to grow, it’s essential to understand the policies and regulations that govern its use. Navigating the legal landscape ensures that businesses and consumers can fully leverage the benefits of eSIM while staying compliant.

The Evolution of eSIM Policies

eSIM technology has evolved rapidly in recent years, and so have the regulations surrounding its deployment and usage. Governments and regulatory bodies are keen on ensuring that eSIM adoption (PDF) aligns with legal and security standards.

Benefits of eSIM technology:

  • Convenience: eSIMs eliminate the need to physically swap SIM cards when switching carriers or plans. You can simply download a new carrier profile onto your device through software updates.
  • Security: eSIMs are more secure than traditional SIM cards as they’re soldered onto the device and cannot be easily removed. This makes them less vulnerable to loss or theft.
  • Flexibility: eSIMs allow you to have multiple carrier profiles stored on your device at the same time. This is useful for travellers who want to use a local SIM card when abroad, or for businesses that want to manage multiple lines on one device.
  • Environmental impact: eSIMs eliminate the need for plastic SIM cards, which reduces e-waste.

Key Aspects of eSIM Regulations

1. SIM Card Registration

Some countries require mandatory registration of eSIMs to track ownership and prevent fraudulent activities. Compliance with these regulations is essential to avoid legal complications.

2. Data Privacy

eSIMs often store sensitive data, including user credentials. Regulations like GDPR in Europe emphasize data protection and privacy, making it crucial for eSIM providers to comply with these standards.

3. Mobile Network Regulations

Regulations governing mobile network operators also impact eSIM usage. Ensuring that eSIM technology complies with these regulations is vital for seamless connectivity.

Staying Compliant with eSIM Regulations

To navigate eSIM policies and regulations effectively, consider the following:

1. Choose a Reputable eSIM Provider

Opt for eSIM providers like Global Yo, which prioritize compliance with regional regulations, ensuring a smooth and lawful user experience.

2. Understand Local Laws

Before deploying eSIM technology in a specific region, thoroughly research and understand the local eSIM regulations to ensure compliance.

3. Data Protection Measures

Implement robust data protection measures to safeguard user information, aligning with privacy regulations.

4. Regular Updates

Stay informed about changes in eSIM policies and regulations, as they can evolve. Keep your eSIM technology up to date to remain compliant.

Conclusion

Navigating eSIM policies and regulations is crucial for the successful adoption and use of this technology. As governments and regulatory bodies continue to address the challenges posed by eSIM, businesses and consumers need to stay informed and compliant.

With a reliable eSIM provider like Global Yo and a commitment to understanding and adhering to local regulations, you can harness the benefits of eSIM technology while ensuring that your usage remains lawful and secure.

For more information and to explore eSIM solutions that align with regulations, visit the Global Yo eSIM App (iOS) and Global Yo eSIM App (Android).

If you have any questions or concerns about eSIM policies and regulations, feel free to reach out. Compliance is key to enjoying the advantages of eSIM while staying on the right side of the law.

  1. How to Obtain a Virtual Phone Number and Why You Need One
  2. The Top Mobile Security Considerations for Business Travelers
  3. Use Internet anonymously through Tor-enabled SIM card Onion3G

[ad_2]
Source link

OnePlus 12R will launch in both Europe & North America

0
[ad_1]

OnePlus has confirmed that the upcoming OnePlus 12R handset will launch in both Europe and North America. The company confirmed as much during the ‘fireside chat’ on YouTube.

Before we continue, do note that the OnePlus R series was exclusive to India thus far. That same series launched in China under the ‘Ace’ brand, though. Those are the only two markets the devices were made available.

The OnePlus 12R will launch in Europe and North America, it’s official

That will be changing, however, on January 23. That is the global launch date for the OnePlus 12 series, as confirmed recently. OnePlus’ President, Kinder Liu, flat-out said: “Yes, in addition to India, this time we will launch the OnePlus 12R in North America, Europe, and other parts of the world as well”.

The OnePlus 12R will be quite powerful in its own right, at least based on the rumored specs. Previous OnePlus R phones were rather powerful as well, so this is not surprising. It will, however, be inferior to the OnePlus 12, of course.

The phone is expected to include a 6.7-inch OLED display with a 120Hz refresh rate. The Snapdragon 8 Gen 2 will likely fuel the device, while a 5,500mAh battery is also rumored. 100W wired charging is also expected, and the charger will be included in the package.

The OnePlus 12R will include three cameras on the back, and Android 14 out of the box

A 50-megapixel main camera will be backed by a 32-megapixel telephoto camera, and an 8-megapixel ultrawide camera. Android 14 will come pre-installed on the phone, along with OxygenOS 14.

The OnePlus 12 will include a more powerful processor, a slightly larger display, a more powerful camera setup, and so on. It will still clearly be the flagship smartphone, but the OnePlus 12R could attract some people.

If OnePlus manages to get the price tag right for the OnePlus 12R, that phone could prove to be quite popular. The price tag will be extremely important.


[ad_2]
Source link

AI-enhanced low-light photography coming to Galaxy S24 Ultra

0
[ad_1]

Samsung‘s Galaxy S24 series may use artificial intelligence (AI) to improve low-light photography, at least the Ultra model. The phone can reportedly identify a dozen different kinds of objects in Night Mode images captured with the 200MP primary camera and optimize them for better quality. It is unclear whether the company will offer the same AI optimization capabilities on the other two Galaxy S24 models.

Galaxy S24 Ultra uses AI to improve low-light images

The Galaxy S23 Ultra is one of the best camera phones you can buy today. It delivers excellent overall camera performance, including low-light photography. Samsung is keeping the 200MP camera unchanged on the 2024 model. Coupled with improved software processing, the new Ultra flagship is already expected to go up a notch over its predecessor with its image quality.

It appears the Korean firm will add AI to the mix. Noted Samsung insider Ice Universe says the Galaxy S24 Ultra will use AI to detect 12 kinds of objects in a scene when capturing photos in low-light environments. It will then optimize the scene to add more details and make the image look better. The phone will likely enhance colors, tone, and dynamic range to improve the overall quality of the photo.

The source didn’t specify what objects the Galaxy S24 Ultra’s camera AI can identify. However, we should be talking about stuff like humans, animals, vehicles, buildings, nature, food, etc. If the phone also reduces the noise in dark areas, it will address one of the few complaints about the current Ultra model’s low-light images. Hopefully, Samsung will lend some of these improvements to the Galaxy S24 and Galaxy S24+ too.

The new Ultra may capture 24MP images by default

Samsung’s 200MP cameras capture 12MP photos by default. They use pixel binning to merge neighboring pixels and capture more light. If the conditions are bright enough, you can manually switch to 50MP or 200MP modes for that extra bit of detail in photos. This has worked perfectly on the Galaxy S23 Ultra but the company will seemingly improve the implementation of pixel binning next year.

The Galaxy S24 Ultra is said to capture photos in a 24MP resolution by default. The information comes from X tipster Ahmed Qwaider. If true, the new Ultra will give you more details in images. Rumors say Samsung will unveil its 2024 flagship lineup on January 17. The launch event, which the company calls Galaxy Unpacked, will take place in San Jose, USA. The phones may arrive in stores at the end of January 2024.


[ad_2]
Source link

Sidewinder Hackers Using Weaponized Docs to Install Malware

0
[ad_1]

Sidewinder APT group’s sophisticated threat landscape reveals a skilled and persistent threat targeting the Nepalese Government entities. 

Their focus extends to South Asian governments, with researchers also identifying a recent complex attack on Bhutan.

Cybersecurity researchers at Cyfirma recently identified that the operators of the Sidewinder hacker group are actively using weaponized documents to deliver backdoors.

Here below we have mentioned all the other names of the Sidewinder APT group:-

  • Rattlesnake
  • Hardcore Nationalist
  • HN2
  • APT Q4
  • RAZOR Tiger
  • APT Q39
  • BabyElephant
  • GroupA21

Sidewinder Hacker Group

Using decoy documents resembling Nepalese Prime Minister’s Office communications, the group employs advanced tactics like email spear-phishing and malicious macros. 

That’s why urgent attention and coordinated action from the stakeholders are crucial.

In the main payload “conhost.exe” (Nim Backdoor), all the URLs are hardcoded, and they are settled to the following IP address:-

Here below, we have mentioned all the URLs:-

  • http[:]//mail[.]mofa[.]govnp[.]org/mail/AFA/
  • http[:]//nitc[.]govnp[.]org/mail/AFA/
  • http[:]//dns[.]govnp[.]org/mail/AFA/
  • http[:]//mx1[.]Nepal[.]govnp[.]org/mail/AFA/

Spear-phished email delivers a malicious document, triggering an embedded macro upon opening. The victim is manipulated as the document prompts them to enable editing.

Malicious document
Malicious document (Source – Cyfirma)

The deceptive content hints at targeting Nepalese government officials. The document’s embedded macro, part of a multi-stage attack, establishes persistence and executes payloads. 

The opening of the document triggers the macro and creates a VBScript file for persistence. It introduces delays and checks internet connectivity before executing encoded batch files. 

The batch script directs the execution of VBScript and other batch files, creating scheduled tasks and self-deleting files. Functions like read_shell write binary data to a file, while hide_cons hide the console window. 

The vb_chain function coordinates various actions, including creating and executing scripts and scheduling tasks to establish a chain of events on the infected system.

The VBScript file unzFile.vbs extracts contents from conhost.zip. The following batch file executes scripts, creates tasks, and handles cleanup:-

  • 2L7uuZQboJBhTERK.bat
  • 2BYretPBD4iSQKYS.bat
  • d.bat
  • e.bat 

The macro exhibits advanced evasion with obfuscation by leveraging the following elements:-

  • VBScript
  • Batch files
  • Scheduled tasks

Besides this, its multi-stage execution makes the complete analysis more challenging and complex. 

Enabling macros triggers the deployment of scripts and the Nim backdoor-like conhost.exe. This executable aims to connect to the threat actors’ C2 server for unauthorized access, indicating an ongoing campaign since September.

The reverse shell sample enables threat actor access through a reverse shell, providing control over the compromised system. Trojan.khalesi obstructs dynamic analysis, detecting and exiting if tools are found. 

The binary targets various monitoring and analysis tools. The process tree reveals the periodic use of cmd.exe to execute tasklist.exe, which is likely for information gathering or system monitoring.

.exe files
.exe files (Source – Cyfirma)

Recommendations

Here below, we have mentioned all the recommendations provided by the security analysts:-

  • Use robust endpoint security.
  • Employ reputable antivirus and anti-malware.
  • Regularly update OS, applications, and security software.
  • Segregate the network into segments.
  • Educate and train employees on phishing and social engineering dangers.
  • Configure firewalls to block outbound communication.
  • Deploy behavior-based monitoring.
  • Establish application whitelisting policies.
  • Monitor network traffic closely.
  • Create a comprehensive incident response plan.
  • Stay updated on threat intelligence and IOCs.
  • Maintain regular backups of critical data.
  • Implement safeguarding measures.
  • Restrict user permissions.

IOCs

IOCs
IOCs (Source – Cyfirma)

[ad_2]
Source link

FBI Seizes Dark Web Domain of Blackcat

0
[ad_1]

Although the main dark web domain of the ALPHV Ransomware has been seized, the blog remains online.

The official website of the notorious ALPHV (aka Blackcat) has been seized by law enforcement authorities, including the FBI, the US DoJ, and several European security agencies under Europol.

The latest development should not come as a surprise, as a few days ago, the ALPHV gang went offline amid rumours that it had been taken down by law enforcement. These claims were categorically denied by the gang; however, today’s seizure confirms the previous rumours.

As seen by Hackread.com, the homepage of the ALPHV ransomware website was defaced with a banner announcing the seizure. However, the blog on which the ransomware gang advertised their hacks is still online and no seizure notice is seen at the time of writing.

FBI Seizes Dark Web Domain of Blackcat - ALPHV Ransomware
The banner that the ALPHV Ransomware gang’s domain currently shows (Screenshot credit: Hackread.com)

“This website has been seized – The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware.

This action has been taken in coordination with the United States Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol and Zentrale Kriminalinspektion Göttingen.

If you have information about Blackcat, their affiliates, or activities, you may be eligible for a reward through the Department of State’s Rewards for Justice program.”

It’s safe to say that ALPHV ransomware has targeted a wide range of organizations across various industries, including critical infrastructure, finance, education, and manufacturing. However, the exact number of victims and the full extent of the damage remains unknown. The ALPHV gang’s known victims include MGM Resorts, NCR Data Center, Amazon’s Ring, and several others, among which are the following:

  • Seiko
  • Motel One
  • Swissport
  • Western Digital
  • NCAT State University
  • NJVC (US defence contractor)
  • Bet9ja (Nigerian betting platform)
  • SOLAR INDUSTRIES INDIA (industrial explosives manufacturer)
  • Creos Luxembourg S.A. (gas pipeline and electricity network operator).

So What Not?

Although the FBI has not officially announced the seizure, it appears that no arrests were made, and only the domain was taken offline. In a tweet, the online malware repository Vx-Underground claimed that they were contacted by the gang’s team, revealing that they have already moved their server to a new domain.

Random Facts About ALPHV ransomware

  • Emerged in December 2021: This relatively new ransomware group quickly gained notoriety for its sophisticated tactics and aggressive targeting.
  • BlackCat alias: ALPHV is also known as BlackCat, often used interchangeably.
  • Targets: Primarily attacks high-profile organizations across various sectors like finance, healthcare, critical infrastructure, and manufacturing.
  • Tactics: Employs double extortion tactics, stealing victim data before encrypting it, and threatening to leak it if ransom demands are not met.
  • Technical sophistication: Known for using advanced encryption algorithms and evasion techniques to avoid detection.

As of now, attributing ALPHV to a specific group or country with certainty is difficult due to the nature of cybercrime and the group’s efforts to remain anonymous. Nevertheless, this article will be updated with additional information. So keep visiting Hackread.com!

  1. Finnish Dark Web Marketplace PIILOPUOTI Seized
  2. NetWire Malware Site and Server Seized, Admin Arrested
  3. Genesis Market’s Clearnet domain seized; Dark Web site still online
  4. Ragnar Locker Ransomware Gang Dismantled, Key Suspect Arrested
  5. Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

[ad_2]
Source link

Google to bring remote uninstallation to the Play Store

0
[ad_1]

Most Android users rely on the Play Store to install their apps and games. The venue currently lets users remotely install apps on all of their connected devices. However, remote uninstallation is a feature that Google hasn’t yet brought to the Play Store. But soon, this might change.

According to Assemble Debug (via AndroidPolice), Google was spotted working on remote app uninstallation in the Play Store v38.3 update. While this version was rolled out in November, the remote uninstallation was first seen in September. Back then, Google said the feature would land on Android devices with Play Store v38.3. After postponing the launch for unknown reasons, the company has now revealed the feature with Play Store version 38.8.

As the official changelog states, users on Google Play Store v38.8 can remotely uninstall apps on connected devices. The feature supports Android Auto, PCs, Smartphones, TVs, and wearables. This update isn’t yet widely available, and Google is busy fine-tuning it. But you can expect to have remote app uninstallation on your device soon.

How remote app uninstallation will work on Play Store

Once the update is available, you can find the app uninstallation feature in the “Manage” tab on the “Manage apps & devices” page. By tapping “✓ This device,” a sheet containing all your connected devices appears at the bottom of the page. After choosing the device, you can access the apps that are already installed on it. Then, you just need to select the apps you want to uninstall and tap the delete icon on the top right. In the final step, a popup appears that wants you to confirm or cancel the process on the selected device.

You can also sort your apps based on name and size on the related page. Additionally, it is worth noting that the Play Store app list might not be complete, and some apps might be missing. This could be due to a glitch in the update, and Google might fix it prior to the official launch.

Remote app uninstallation is a welcome addition to the Play Store and makes it much easier to handle multiple devices through only one device. Before this, users had to go through a complicated process to uninstall an app remotely. With the Play Store’s latest update, it just takes a few taps.


[ad_2]
Source link

Apple Rushes for Software Solution to Prevent U.S Apple Watch Import Ban

0
[ad_1]

On Monday, it was announced that Apple would halt sales of its Watch Series 9 and Watch Ultra 2 products later this week. This is due to an imminent import ban coming from the patent dispute with medical device company Masimo over the blood oxygen sensor on the Apple Watch.

Now according to Bloomberg, engineers are “racing” to adjust how the oxygen saturation is determined and how the data is provided to consumers. This is an update that would presumably remove the technology that is allegedly violating Masimo’s patents. This is in line with what Apple stated, that it is “pursuing a range of legal and technical options” to make sure that the Apple Watch sales are able to resume as soon as possible.

Masimo told the publication that “the hardware needs to change.” This is because the patent is related to the hardware that powers the Apple Watch blood oxygen sensor, and Masimo believes that a software change would not be enough to address the allegations.

Apple is preemptively complying with the sales ban

In October, the ITC ordered a ban on some Apple Watch exports – mainly those that Apple currently sells that have the blood oxygen sensor. The US President could review the court’s order and veto the ban ahead of when Apple would need to stop selling the watch, which would be 60 days after the ban was ordered. Meaning that The White House has until December 25 to make a decision.

However, Apple has decided to comply with the ban preemptively. This is likely because a President very rarely vetoes an ITC sales ban. Apple has announced that they will stop selling the Apple Watch Series 9 and Watch Ultra 2 in the US at retail stores on December 21 at 12 PM PT/3 PM ET. And online sales will stop after December 24.

Keep in mind however, that the ITC sales ban only affects banning Apple from selling these products, and not other retailers like Best Buy, Amazon, and even the carriers. So there will be other places to get a new Apple Watch. Additionally, the Apple Watch SE will remain on sale since it is not affected, as it does not have a blood oxygen sensor.


[ad_2]
Source link

Tech Device Manufacturers Urged by CISA to Remove Passwords

0
[ad_1]

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) has requested technology device manufacturers to take measures to eliminate default passwords due to the threats posed by IRGC actors.

This step has been taken to ensure the security of tech devices and prevent unauthorized access by malicious actors.

The use of default passwords makes it easier for hackers to gain access to devices and exploit them for nefarious purposes.

It’s important to be aware that malicious cyber actors often use default passwords (such as “1234”, “default,” or “password”) to gain initial access and move laterally within businesses. This is especially true for systems that are exposed to the internet.

It’s crucial to implement strong and unique passwords to protect your systems and sensitive data from unauthorized access.

It has been reported that the critical infrastructure of the United States was recently targeted by threat actors who were successful in their attempts to exploit it.

The attackers were able to gain access to the infrastructure by exploiting static default passwords, which were found to be malfunctioning.

This incident highlights the importance of maintaining strong security measures and regularly updating passwords to prevent unauthorized access to critical infrastructure systems.

Based on recent and continuing threat activity, CISA is issuing this alert to require all technology manufacturers to remove default passwords from all product designs, releases, and updates.

Evidence has been mounting for years, showing that it is insufficient to rely on thousands of consumers to change their passwords.

Instead, serious action by technology manufacturers is the only way to effectively address the serious threats that critical infrastructure organizations confront. 

Notably, It is unacceptable to utilize default passwords that are generally known in the present threat environment.

Additionally, the hackers targeting programmable logic controllers (PLCs) hardcoded with a four-digit password demonstrate the significant potential for real-world harm caused by manufacturers distributing products with static default passwords.

The default password was easily accessed by actors with IRGC (Iranian Government’s Islamic Revolutionary Guard Corp) ties, giving them access to vital services that are provided to communities all around the nation.

The recent security breach has highlighted some important lessons for the Cybersecurity and Infrastructure Security Agency (CISA).

Despite the attack, the agency is determined to learn from these compromises and implement more robust security measures to prevent future incidents.

 Take Ownership of Customer Security Outcomes

In this principle, attention is given to the key security areas that manufacturers should protect, such as public safety and health. It includes:

  • Provide instance-unique setup passwords with the product.
  • Establish time-limited setup passwords that require activation of more secure authentication methods, including phishing-resistant MFA, and disable themselves after the setup process.
  • The purpose of the initial setup and the specification of instance-unique credentials require physical access.

Build Organizational Structure and Leadership

Product and public safety concerns are fundamentally at the core of cybersecurity issues; thus, manufacturers should make sure that business units in charge of product and service design, development, and delivery understand this.

Manufacturers should ensure that design and development teams engineer products with built-in security and safety by default.


[ad_2]
Source link

Third OnePlus 12R camera won’t be as useful as it should be

0
[ad_1]

The OnePlus 12R is coming next month, as it was confirmed recently. The company confirmed that it will launch alongside the OnePlus 12 on January 23. That will be their global launch, as the OnePlus 12 already launched in China. Having said that, more OnePlus 12R info just surfaced, as it seems like its third camera on the back won’t be as useful as we’ve hoped it will.

The third OnePlus 12R camera on the back won’t be what we hoped for

A lot of OnePlus 12R information already surfaced. We have almost all of its specifications at this point. Some details are missing, and Max Jambor, a well-known tipster, has just decided to fill in one of those gaps.

The third camera on the back of the OnePlus 12R will be a 2-megapixel unit, as rumored, unfortunately. It will be a 2-megapixel macro camera, the tipster has confirmed. Initially, it was rumored to be a 32-megapixel telephoto camera with 2x optical zoom.

Needless to say, that telephoto camera would be far more useful. A 2-megapixel camera is generally not great, especially when it comes to a macro camera. Chances are you’ll stay away from it in general, and use the main or ultrawide shooters for macros.

2-megapixel macro cameras usually end up being underwhelming

Not a single phone I’ve tested, that contained a 2-megapixel macro camera, was supposed to have it. The images taken with it don’t look great in basically any condition. You can get somewhat usable shots in great lighting, but only barely.

It is understandable that OnePlus had to cut costs, however. The OnePlus 12R will have a great set of specs in general, and presumably a great price tag, so something had to go. It would maybe be a better idea to omit the third camera altogether than to use this one.

Either way, we’ll see what exactly we’ll get. The other two cameras do look good on paper. A 50-megapixel main camera (Sony’s IMX890 sensor), and an 8-megapixel ultrawide camera. Those are not the very best camera specs out there, but… you can’t expect that considering this will technically be a mid-range device. The OnePlus 12 will be an entirely different story.

The Snapdragon 8 Gen 2 will fuel the OnePlus 12R, allegedly. The phone is said to include a 5,500mAh battery, and support 100W charging. A large 120Hz display will also be in use, by the way.


[ad_2]
Source link