Samsung’s plans for its upcoming Galaxy S25 series are starting to take shape. It appears the company might be ditching the “Plus” model for 2025. We know Samsung is actively developing the S25 series, with work already underway for the Galaxy S25 Ultra. Our database has revealed details on Samsung’s upcoming devices, revealing the existence of regular Galaxy S25 and Galaxy S25 Ultra, but the S25+ model is notably missing, suggesting Samsung actually ditched the S25+.
The Galaxy S25 series will include two models: Galaxy S25 and S25 Ultra
The Galaxy S25 series is now surfacing. Galaxy S25 is available with the model number SM-S931B/DS in our IMEI database. Galaxy S25 Ultra appears under SM-S938B, SM-S938U, SM-S938N, and SM-S9380 model numbers—where “B” stands for Global, “U” for USA, and “N” for South Korea. Samsung has been usually releasing three models within its Galaxy Slineup since 2021: the regular model, the Plus model, and the Ultra model.
However, our findings on our database reveal 2025 will mark a departure from this tradition. In July 2023, the leaks revealed that Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra were already known to be part of the lineup. Following the leaks, the Galaxy S24 series was indeed officially introduced in January 2024 with three models. We have only two devices among the Galaxy S25 series in our database. We expect that Samsung will launch the Galaxy S25 series in January 2025.
Why did Samsung abandon the Galaxy S25+?
Samsung’s decision to move away from the Plus model isn’t actually a major concern, as previous Plus models have struggled to meet sales expectations. So people are not a fan of the Plus model. In 2020, Samsung introduced the Galaxy S20 and S20+ alongside the Galaxy Note 20 and Note 20 Ultra. That’s actually following a similar strategy in 2019 with the Galaxy S10, Galaxy S10+, Galaxy Note10, and Galaxy Note10+. Samsung used to unveil 4 models in each year. In 2021, Samsung streamlined its lineup to just three models— Galaxy S21, Galaxy S21 Plus, and Galaxy S21 Ultra. They kept the beloved S Pen exclusively for the Ultra model.
Eliminating the Plus model could also simplify Samsung’s lineup and reduce redundancy. In recent years, the difference between Plus and regular models have narrowed. The main differences being battery capacity and screen resolution. For instance, Galaxy S24 and Galaxy S24+ share the same camera specs, making the Plus model less appealing for the price difference. Dropping the Plus model could also be a strategic move to push more consumers towards higher-end Ultra variant. Samsung actually might be hoping that by eliminating the Plus option, they can entice more buyers to invest in the feature-packed Ultra model.
Expected Features & Launch Date
While Galaxy S25 hasn’t launched yet, numerous details have already surfaced online. Regular Galaxy S25 won’t feature a major camera upgrade. S25 is expected to come with a 50 MP main camera and a 12 MP selfie shooter. The selfie camera on Galaxy S25 remains the same as Galaxy S23 and Galaxy S24. If you need a better camera, you might consider buying S25 Ultra. S25 Ultra will feature a 200 MP main camera, a 50 MP ultra-wide-angle camera, and a 50 MP 3x telephoto camera, along with an additional 50 MP 5x telephoto camera.
Earlier details shared by The Financial News suggested that Samsung plans to offer MediaTek chipsets in the Galaxy S series. This means the Galaxy S25 series could come with Snapdragon 8 Gen 4, Exynos 2500, and possibly a MediaTek chipset. Galaxy S25 Ultra will likely come with batteries bearing model numbers EB-BS938ABE and EB-BS938ABY, possibly featuring a 5000 mAh battery capacity. We expect Galaxy S25 to have a 4000 mAh battery. Lastly, Samsung will officially launch the new Galaxy S25 series in January.
The upcoming Android 15 OS update will bring support for a much-awaited audio sharing feature for Android devices. The new functionality will make sharing audio between multiple devices much easier. The new major feature will be based on a new technology called Auracast, which was established by Bluetooth SIG (Special Interest Group).
We already know that it supports the latest Pixel 8 series of smartphones. However, there’s bad news for the recently launched Pixel 8a owners as the phone might not support Android 15’s audio sharing feature. According to Android expert Mishaal Rahman, the code within the Android Open Source Project indicates that Android 15’s new functionality will not work on the Pixel 8a or older Pixel devices.
Android 15’s audio sharing might not work on the Pixel 8a or older Pixel devices
According to the source, while the Pixel 8a supports Bluetooth LE Audio, it might not offer the upcoming audio sharing feature. Even, the Pixel 7 series of devices also support this technology. However, they might share the same fate as the Pixel 8a. It appears that Google doesn’t seem to have any plans to “enable the requisite broadcasting rules” on these Pixels yet.
As far as the latest Pixel 8 and Pixel 8 Pro are concerned, they will let you share content across multiple audio devices at the same time. Android 15 will certainly bring the Auracast functionality to more and more devices in near future.
The latest Android 15 betas don’t have support for the feature on the Pixel 8a
The source claims that he was able to enable LE Audio broadcast support on his Pixel 8 Pro. The support for this functionality was already there, and he just had to enable it by modifying the code. Google hasn’t yet enabled this system property by default on any Pixel phones right now, including the Pixel 8 Pro. However, as far as the Pixel 8a is concerned, the firmware is missing the conditional statements to enable audio sharing.
As of now, it looks like the Pixel 8a or the older Pixel devices might miss out on the audio sharing feature. However, there’s a possibility that the search engine giant could include support for it in the final build of Android 15. Only time will tell.
The road to being an audiophile is paved with money…. A LOT of money. You have to shell out for expensive equipment like DACs, amps, audio streamers, fancy microphones, thousand-dollar headphones, etc. Before you start selling organs to afford all of that, the first step is to find the right streaming service. Tidal is one of them. What is Tidal?
That’s what we’re here to explain. If you have questions about this service and what it has to offer, then you’ve come to the right place.
Since Tidal is an ever-evolving platform, we can expect changes to happen as time goes on. As such, we’ll update this piece as the platform makes changes. So, be sure to check back every now and then to see what’s new with this service.
What is Tidal?
Tidal is a music streaming service that gives you on-demand access to millions of music tracks. What makes Tidal stand out is its focus on streaming high-quality audio.
What most people don’t know is that several music streaming services don’t offer high-quality music streaming. That’s the case for YouTube Music and Spotify. So, if you’re a person who likes their ears, then you might not enjoy these services. Services like Apple Music and Amazon Music HD offer the ability to stream high-quality music.
However, Tidal has a primary focus on delivering high-quality music rather than offering you a limited collection of high-quality audio tracks. So, it’s the go-to service for people who want bit-perfect audio.
Does Tidal cost money?
It’s a high-quality music streaming service, so that’s a no-brainer. There are three payment tiers to choose from. These prices are for the U.S. market. Prices will vary depending on your region.
The standard single-user payment tier costs $10.99/month + tax. There’s also the option to add the DJ Extension (an additional $9/month). This will give users access to the individual stems for tracks to use for DJing. So, if you’re DJ, then you’ll love that.
The next payment tier is the Family plan. This costs $16.99/month. You’re able to share your account with up to five additional users. With this payment tier, you’ll also gain access to clean playlists and curated content for kids.
Lastly, there’s the Student tier which costs $4.99/month. You get the same perks as the single-user tier. With this one, you’ll also gain access to curated study playlists.
Is there a free tier?
Unfortunately, no. If you want access to the platform at all, you’ll need to pay for a subscription.
How many tracks does Tidal have?
The platform boasts more than 110 million tracks. If you’re looking to hear the latest and greatest music from today’s top artists, then you shouldn’t have to worry. On the other hand, if you’re looking for more obscure music, then you might have some trouble. For example, the selection of classical music isn’t quite the best.
What audio formats does Tidal support?
Currently, Tidal supports both FLAC and MQA lossless platforms. These guarantee some of the best audio quality. However, there are a few things to note.
Firstly, not every track will be completely lossless. There’s a chance that some of the tracks might have been mastered and compressed by the platform. Also, it’s important to know that the platform automatically compresses music when streaming through Bluetooth.
Second, As of the writing of this article, Tidal supports both FLAC and MQA files. However, on July 24th, 2024, the company will no longer support MQA files. FLAC will be the platform’s primary lossless format. There are FLAC copies of most of the MQA files on the platform. However, users might find some of their favorite files gone.
Along with MQA files, the company is also getting rid of Sony’s 360 Reality audio. This standard will be replaced with Dolby Atmos.
How can I tell what audio quality I’m listening to?
While you’re able to set the default audio quality across the platform, you’re able to see the quality of each track you’re listening to. Each track comes with a badge telling you the quality.
If you’re using the app, you’ll see it right under the timeline; if you’re on the website or desktop client, it will be on the right side of the screen right next to the volume. It will tell you the audio quality (Low, High, or Max) and it will tell you what format it’s in (FLAC or MQA). When you tap/click on the badge, you’ll see a little popup appear with the option to choose the audio quality.
Changing the quality across the platform
If you want to change the quality of the entire platform, you’ll need to go to the system settings. In the app, tap on the gear icon in the top right corner. On the resulting page, tap on the Audio & playback button. This will bring up the settings page for the audio quality.
You’ll be able to choose the maximum audio quality for when you’re streaming via mobile data and through Wi-Fi.
For desktop, click on the three-dot menu right next to your profile name. Click on the Settings button in the dropdown menu, and you’ll see the general settings page pop up. Up top, you’ll be able to choose your audio quality there.
Audio quality
Tidal is a platform all about audio quality. While most platforms only offer audio quality that’s good enough, Tidal has a range of standards to choose from. There are three audio settings to choose from.
Low gives you the most modest quality, and it’s best for people who want to save on data. Low is a special setting, as it gives you the choice between different bit rates. When you choose Low, you’ll be able to choose between 96kbps and 320kbps. The former is the best option if you don’t want to run out of your data.
High gives you CD-quality audio at 16-bit, 44.1kHz. You’re getting a bit rate of 1,411.2kbps. It’s more than 4x the quality of 320kbps and 14.7x the quality of 96kbps. This is what you’ll choose if you want the best of both worlds between audio quality and data savings.
Max is the highest quality. As you can guess, this is the highest and most data-hungry setting. You won’t want to use it if you’re on a limited plan. With it, you’re getting audio at 24-bit, 192kHz (9216kbps).
Remember, if you’re using Bluetooth headphones, the audio will be compressed, so you won’t be hearing bit-perfect audio.
Android has an audio quality limitation. Does Tidal get past it?
As many people might not know, Android has a pretty bad audio limitation. While iPhones cap out at a sample rate of 192kHz, the Android operating system caps out at 48kHz. All of the audio you hear is just 44.1kHz content resampled to 48kHz. As such, there’s not much point in listening to higher-quality music.
Fortunately, there are exceptions. Very fortunately, Tidal is one of them. This app gets past that audio limitation.
Can you download tracks using Tidal?
Yes. As always, you’ll need to connect to the internet every once in a while so that the platform can check if you’re still subscribed.
How to download tracks
This is a little counterintuitive. There’s no direct way to download a track on the platform. If you’re looking for a straightforward Download button, you’ll only see it for albums.
If you want to download individual tracks, it’ll take a few steps. Firstly, you need to go to a track and tap on the heart icon to add it to your collection.
Then, tap on the profile icon on the right side of the bottom bar. This will take you to your collection. Tap on the Tracks button to go to your saved tracks. Right under the Shuffle button, you’ll want to flip the toggle to have the tracks download automatically when added to your collection.
As you can tell, this will be inconvenient for people who don’t want to have a collection and a library of downloaded content. However, that’s just how it goes.
What other content is there besides music?
Tidal isn’t a be-all-end-all platform, so you won’t have access to podcasts and audiobooks. However, Tidal does let you view videos. You’ll see music videos from all the top artists. You’ll also see music videos of old classics.
What are radio stations?
If you’re listening to Tidal, you’re likely to have your own collection of music that you go back to from time to time. However, there are times when you want to let fate take the wheel. This is where radio stations come in.
These are randomly curated playlists full of a mix based on your listening habits. When you listen to a track, Tidal will find other songs similar to that one and create a radio station based on it. On your home screen, you’ll see a carousel of radio stations based on the most recent tracks you listened to.
Tidal will also develop radio stations based on the artists you listen to. Those stations won’t only be filled with music from that artist. They will also have music from other artists.
Since these are just like typical playlists, you’re allowed to skip tracks and pick and choose which ones to hear. You’re also able to add radio stations to your collection and download them. When you add them to your collection, you’ll see them under the Mixes & Radio section.
How do you manage playlists?
Just like other music streaming services, you’re able to make and manage playlists on Tidal. The process of creating a playlist is simple. If you’re using the mobile app, go to a track, album, or radio station. Then, tap on the three-dot button to bring up the menu.
There, tap on the Add to playlist button. On the resulting page, tap on the Create playlist button to name your new playlist.
On desktop, the three-dot menu will be on the right side of the track you want to add. The process is the same after that.
Editing your playlist
If you want to make changes to your playlists, it’s easy to do so. On the mobile app, go to your collection and tap on the Playlists button. Tap on the playlist you want to edit and you’ll be taken to its info page. Right under the Play button, you’ll see the Edit Playlist button.
When you do that, you’ll see the UI change to the editor. You’re able to select multiple tracks by tapping on the circles on the left of each track. When you select a track, you’ll see a small panel appear at the bottom of the screen. Tap on the Remove button to delete them from the playlist and tap on the three-dot menu if you want to either add them to another playlist or move them to another playlist.
On desktop, click on the Playlists button on the left side panel and click on the playlist you want to edit. There’s an Edit playlist button on the right side of the screen on level with the Play and Shuffle button. However, clicking that won’t let you select and move tracks. You’ll only want to click on it if you want to change the name, write a description, or change the visibility.
If you want to move tracks, you’ll just need to click on them. Hover over the track and click on it anywhere that’s not the Play button. This will highlight it. Drag it to move.
Tidal is one of the few (VERY few) streaming services that allow you to move multiple tracks at once. Selecting multiple tracks is just like anything else. If you want to select multiple consecutive tracks, click on the first track and click the last track in the selection range while holding the Shift key. So, if you want to move tracks 1 through 5, click on #1 then click on #5 while holding the Shift key.
If the tracks you want to select aren’t next to one another, click on all of the tracks you want to select while holding the Control/Command key. When you do that, just drag and drop to the position in the playlist you want them to go.
Playlist visibility
Tidal gives you the option to either make your playlist public or private. If you want other people to see and listen to your playlist, then you’ll mark it public. However, if you only want it to be visible to you, then you can mark it private.
Your playlists are set to private by default. If you want them public, you have the option to make them public when creating them. Just flip the toggle on the playlist creation screen.
If you want to change the visibility after the fact, it’s easy to do. Using the mobile app, go to the playlist and tap on the Private button right under the Shuffle button. The app will ask you to confirm that you want to make the playlist public.
On desktop, go to the playlist and click on the Edit button. After that, click on the toggle under the name text field.
Last month, there were rumors that WhatsApp is working on a new feature that will allow you to make AI-generated profile photos. The company is now getting closer to launching the new functionality for the popular instant messaging app. According to a report by WABetaInfo, WhatsApp will soon let users use different Meta AI language models for their AI-generated images.
WhatsApp’s support for different Meta AI language models was spotted in the latest beta version
According to the source, WhatsApp users can soon choose between two different Meta AI Llama LLM models for their AI-generated photos. The publication has found references to the two different models in the latest beta version of WhatsApp for Android. The report has found the new functionality in the 2.24.14.13 beta version of the app.
This feature will allow you to generate images of yourself using Meta AI. This functionality will be available in a future public version of the app. The feature seems to be under development, so it’s still not ready for beta testers. However, WABetaInfo discovered a preview of the new functionality in the latest beta version of the app.
In the new feature, the users will be able to choose between the default Llama 3-70B model for faster and simpler prompts. There will also be an option to choose the Llama 3-405B LLM model, which will handle more complex queries.
After training Meta AI, you can “Imagine yourself as anything” for a perfect AI photo
The screenshots shared by the source suggest that to use the new AI-generated profile feature the users will need to provide a set of photos to train Meta AI. Users must first take a single set of pictures, which Meta AI will then utilize to generate AI images. The photos captured in the setup process will be analyzed to create the AI images with accuracy. The users will have complete control over the functionality, as they will be able to delete their setup photos at any time.
Once done with the setup process, users can type “Imagine me” in Meta AI conversations to create AI images of themselves. Notably, this feature will also be available in individual and group chats. You will be able to type “@Meta AI imagine me” in these chats to generate your AI images. You can “Imagine yourself as anything” using the upcoming feature.
WhatsApp is currently testing the upcoming AI-generated profile photo feature. It is expected to be available globally in the upcoming WhatsApp updates. We will let you know as soon as it becomes widely available, so stay tuned for regular updates.
TeamViewer, the renowned remote access software company, has officially confirmed that the recent cyberattack on its internal corporate IT environment was orchestrated by the Russian state-sponsored hacking group APT29, known as Midnight Blizzard or Cozy Bear.
The attack, detected on June 26, 2024, has been attributed to the same group implicated in several high-profile cyber incidents, including the 2020 SolarWinds hack and the 2016 Democratic National Committee breach.
In a series of statements released on their Trust Center, TeamViewer detailed the timeline and nature of the breach.
The company’s security team identified suspicious activity tied to the credentials of a standard employee account within their corporate IT environment.
Incident & Response
Immediate incident response measures were enacted, and investigations commenced in collaboration with globally renowned cybersecurity experts and relevant authorities.
TeamViewer has emphasized that the breach was contained within its corporate IT environment and did not extend to its product environment, connectivity platform, or any customer data.
The investigation, supported by continuous security monitoring and external incident response teams, led to the attribution of the attack to APT29.
This group, allegedly linked to Russia’s Foreign Intelligence Service (SVR), is known for its sophisticated cyber-espionage campaigns targeting government, military, and technology sectors worldwide.
TeamViewer has reiterated its commitment to transparency and security. “Security is of utmost importance for us, it is deeply rooted in our DNA,” the company stated.
They assured stakeholders that the product environment remains secure and that there is no evidence of compromised customer data.
The company continues working closely with cybersecurity experts and authorities to investigate further and mitigate potential risks.
The cybersecurity community has responded with heightened vigilance. Experts have advised organizations using TeamViewer to review their security measures and monitor for any unusual activity.
Matt Hull, global head of threat intelligence at NCC Group, recommended removing TeamViewer software as a precaution until more details about the compromise are known.
TeamViewer’s prompt response and transparent communication have been crucial in managing the incident and maintaining stakeholder trust.
For a change, Google rolled out the July security patch to the Pixel Watch lineup before Pixel phones. While both watches have already received the update, it has yet to arrive on phones, including foldables. In the meantime, the company has published the content of the July 2024 security update for Pixels and other Android products. Samsung has also revealed the Galaxy-specific patches it will bundle with the July patch.
Google’s July 2024 Android security update patches 27 vulnerabilities
Every month, Google releases a new security patch for Android devices. It contains fixes for various bugs and security flaws in Android OS components and other partner components in Android OS. Device makers roll out these patches to their eligible products, often adding fixes for vulnerabilities exclusive to their devices. It’s no different this month. Google’s July 2024 ASB (Android Security Bulletin) fixes 27 security issues in Android products.
Among those are four critical vulnerabilities potentially causing severe damage to affected devices if threat experts exploited the flaws. According to Google, the most severe issues patched this month “could lead to local escalation of privilege with no additional execution privileges needed.” The rest are all high-severity vulnerabilities affecting Android versions from 12 to 14, including Android 12L, a special build for foldables and tablets.
As usual, Google has grouped these patches under two different security patch levels: 2024-07-01 and 2024-07-05. Vendors can roll out either patch level to their Android devices. Samsung, the biggest name in the Android smartphone space, always pushes the former build. Its updates also contain dozens of additional security fixes. Called Samsung Vulnerabilities and Exposures (SVE) items, these issues don’t exist on Android products from other brands.
Samsung’s updated security bulletin says the July SMR (Security Maintenance Release) for Galaxy devices contains 33 SVE patches. These include at least two critical vulnerabilities allowing remote attackers to execute arbitrary code with system privilege with the help of user interaction. This month’s security update for Galaxy devices also patches two high-severity Samsung Semiconductor issues. These issues exist on Exynos-powered devices.
These patches will soon reach millions of Android devices
Google, Samsung, and other brands will soon start pushing the July security update to their respective Android products. The exact number of patches will vary by device—not every Galaxy device is vulnerable to all 62 issues discussed above. Watch out for an update on your Android phone, tablet, or Wear OS smartwatch in the coming days. Most devices allow you to manually check for updates from the Settings app.
The advent of blockchain technology and smart contracts has opened new avenues for handling transactions across various industries. In the realm of personal injury law, these innovations are starting to significantly alter how settlements are managed. Blockchain’s inherent characteristics of transparency, security, and immutability, coupled with smart contracts’ ability to execute agreements automatically, pave the way for a more streamlined and efficient settlement process. The potential for reducing the time and resources currently required for dispute resolution and payment distribution is considerable.
Smart contracts, self-executing contracts with the terms directly written into code, offer a transformative approach to managing and enforcing settlements. They work by automating the release of funds when certain predefined conditions are met, minimizing the need for intermediaries typically involved in the settlement process. This automation can greatly reduce administrative overhead and the risk of human error, leading to faster and more reliable resolution of claims for all parties involved.
Blockchain Technology in Personal Injury Settlements
Blockchain technology introduces a transformative approach to handling settlements in personal injury cases, particularly within the scopes of medical malpractice and products liability. It offers a secure, transparent, and efficient method of managing transactions and contractual obligations.
Understanding Blockchain Basics
Blockchain is a digitally distributed ledger that records transactions across many computers. Its primary features include immutability and decentralization, which assure that once information is recorded, it cannot be altered retroactively. This is particularly relevant for an Aurora personal injury lawyer, who can ensure the integrity of evidence and transaction records in personal injury cases.
The Role of Smart Contracts
Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller directly written into lines of code. They run on blockchain, and their execution is automatic when certain conditions are met. This means, for personal injury claims in Aurora, settlements can be dispensed swiftly and without bias upon meeting predefined criteria, reducing the time and complications often associated with such legal proceedings.
Advantages for Legal Practitioners:
– Automatic enforcement of contract terms – Reduction in the likelihood of disputes – Streamlining of case management processes
Implications for Medical Malpractice and Products Liability Cases
In the context of medical malpractice, blockchain can seamlessly integrate with electronic health records to securely and permanently document patient care transactions, ensuring that all information pertaining to a case is unalterable and transparent. For products liability cases, blockchain can track a product’s lifecycle from production to sale, which aids in pinpointing responsibility in the event of a claim.
Benefits for Stakeholders:
– Clients: Empowers them with definitive evidence in cases. – Lawyers: Facilitates a higher trust level in the case’s documentation. – Healthcare Providers and Manufacturers: Encourages accountability and improvements in patient care and product quality.
Blockchain technology stands to make substantial improvements over traditional methods of managing personal injury cases, lending assuredness and precision to the intricate legal processes.
Enhancing Legal Practice with Smart Contracts
Smart contracts are transforming the traditional legal practice by automating and enforcing the settlement process in litigation, particularly in personal injury cases. This technology offers a distinct advantage for an injury attorney and their firms, streamlining operations and ensuring transparency.
Smart Contracts in Litigation Processes
Smart contracts can significantly reduce the time and resources required during litigation by automating the settlement agreement terms. They function as self-executing contracts with the terms of the agreement written into code and existing on a blockchain. This means that once the prescribed conditions are met, the smart contract executes the relevant actions automatically.
Injury attorneys can leverage smart contracts to handle escrow arrangements, where settlement amounts are released only after specified conditions are met. For example, payments can be contingent upon the client’s receipt of medical treatment or submission of necessary documentation, with each step verifiably recorded on the blockchain.
Benefits for Injury Attorneys and Law Firms
Law firms that adopt smart contracts in their legal processes can benefit in several ways:
– Automation: Reducing the need for manual oversight in the execution of agreements.
– Efficiency: Streamlining the settlement process can lead to faster resolutions.
– Transparency: Immutable record-keeping on a blockchain provides clear evidence of executed terms.
Injury attorneys, in particular, will find that the technology enables them to focus more on case strategies and client interaction, rather than administrative tasks.
Case Study: Agruss Law Firm’s Innovative Approach
Agruss Law Firm, known for its personal injury advocacy, has implemented smart contracts to better serve its clients. The firm has developed a system where settlements are handled through smart contracts, allowing for prompt and undisputed distribution of funds.
The firm’s use of smart contracts presents:
– Client Satisfaction: Clients enjoy the speedy receipt of funds without the usual bureaucratic delays.
– Operational Efficiency: The firm saves on administrative costs, passing savings to clients and investing more in case preparation.
By adopting smart contracts, Agruss Law Firm has set a precedent for how personal injury settlements can be managed effectively in the digital age.
Cisco has disclosed a critical vulnerability in its widely-used NX-OS network operating system that could allow attackers to execute arbitrary commands with root privileges on affected devices.
The company urges customers to upgrade to patched versions as soon as possible.
The vulnerability tracked as CVE-2024-20399 exists in the command-line interface (CLI) of NX-OS due to insufficient validation of arguments passed to specific configuration commands.
An authenticated local attacker with administrator credentials could exploit this flaw by entering crafted input as an argument.
Successful exploitation would allow the attacker to run commands on the underlying operating system as the root user, enabling full device compromise.
Cisco notes that the vulnerability is being actively exploited in the wild as of April 2024.
A wide range of Cisco data center and networking products are impacted if running vulnerable NX-OS versions, including:
MDS 9000 Series Multilayer Switches
Nexus 3000, 5500, 5600, 6000, 7000, and 9000 Series Switches
However, with some exceptions, Nexus 9000 Series switches are unaffected on releases 9.3 and later.
Devices with the bash-shell feature available, such as Nexus 3000 and 9000 switches and Nexus 7000 on release 8.1+, do not grant extra privileges but still allow an admin to hide the execution of shell commands.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
Attacks & Mitigation
In April 2024, the Cisco Product Security Incident Response Team (PSIRT) identified active exploitation of this vulnerability.
Cybersecurity firm Sygnia attributed these attacks to Velvet Ant, a Chinese state-sponsored threat actor, which used the flaw to deploy custom malware on compromised devices.
The malware enables remote connection, file upload, and malicious code execution without triggering system syslog messages, effectively concealing the attack.
Cisco offers the Cisco Software Checker tool to determine exposure and find the appropriate software updates.
This tool identifies impacted software releases and the earliest fixed versions, accessible on the Cisco Software Checker page.
Organizations using affected Cisco products should prioritize applying the necessary patches and continuously monitor their network for any signs of compromise.
Cisco has released patched NX-OS versions addressing the vulnerability and advises customers to upgrade as soon as possible.
No workarounds are available—the company credits cybersecurity firm Sygnia for reporting the flaw.
Network administrators should review the detailed advisory, determine their exposure via the Cisco Software Checker tool, and plan their upgrades as there is no workaround for this vulnerability.
Regularly changing admin credentials is also recommended as a best practice. Cisco TAC and support partners are available to assist customers as needed.
If you think Google’s AI implementation in Android was cool, well the company has yet to take off its weighted training clothes. The company has a lot to fear with Apple Intelligence looming over the horizon. Thanks to an exclusive report from Android Authority, we have information on what the company calls Google AI, and it’s coming to the Pixel 9.
This is Google AI, and it’s going to make the Pixel 9 awesome!
While this news came from a reputable source, you’ll still want to take it with a grain of salt. We’re still dealing with early information. So there’s the chance that some of the potential features could be taken away.
From Android Authority
Add Me
First on the list, there’s a feature called Add Me. Right now, we don’t really know what the feature will do. However, the description reads “Make sure everyone’s included in a group photo”. That’s pretty vague. There’s a chance that it’s a tool to warn you if someone in a group photo could be cut off before taking a picture.
As for what it could do to a picture after the fact, we have no idea. Maybe the company will use Generative AI to reconstruct a person who was cut off in a picture. Say, if you take a picture, and your friend’s head is cut off. Well, Google could use Generative AI to zoom out of the image and reconstruct the rest of your friend. That’s only speculation.
Studio
Next up, there’s a feature called Studio. Again, information about this feature is still pretty scarce. The description reads “You imagine it. Pixel creates it.” This is also vague, but there’s information we can glean from it. It seems like a one-stop shop for you to generate content right on your phone.
We’re sure that you’ll be able to generate images and edit them all in one place. You might be able to catalog your generations and share them. Android Authority also mentioned that you might be able to generate stickers. That all remains to be seen.
Screenshots
This next feature will let Gemini glean information from an unexpected source, your screenshots. When you take a screenshot, the system will automatically apply metadata tags to it. This will have information like the links, app names, etc. Then, the information will be stored and processed locally. So, if you need to recall information about what you screenshotted, ask questions about them, or recall specific screenshots, you’ll be able to.
This calls to mind Microsoft’s Windows Recall feature. It also let you recall information from screenshots taken on your device. However, Google AI’s take won’t automatically take screenshots on your phone. Rather, it will only use screenshots that you willingly take. That’s good because Google doesn’t need any more controversy surrounding its AI.
Still outmatched
Guys, let’s be realistic, Apple blew away the tech community with Apple Intelligence. The features that the company announced will make using future iPhones much better. The AI in these phones will be super integrated with the software.
Hearing the news about Google AI, we all thought that we were going to see some comparable and powerful AI chops from Google. Queue the articles with thumbnails depicting an iPhone 16 Pro and Pixel 9 on a boxing ring background and PNG images of boxing gloves pasted over them. We were hoping to see a smackdown.
However, it seems that Google AI won’t be the competitor that Apple Intelligence needs and deserves. Google AI just looks like a couple of features tossed on top of Android rather than a marriage of software and AI. Let’s hope that Google will bring more features and integration in the near future.
Hackers often mimic penetration testing services to disguise their malicious activities as legitimate security assessments.
By imitating authorized security testing, attackers can exploit the trust and access typically granted to legitimate penetration testers, allowing them to move more freely within networks and systems while avoiding immediate suspicion.
While the Israeli government investigated possible threats, it discovered an infection chain using a suspicious domain as a command and control server.
Public malware and custom components are mixed in this attack.
Grasshopperas Pen Test Services
Late 2023 saw targeted attacks launched against private companies that used common techniques, target-specific infrastructure, and custom WordPress sites for payload delivery.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
These campaigns affect diverse entities across unrelated sectors.
However, since it may not be a genuine security firm, this information should have been shared with the cybersecurity community without linking to recognized security firms or legitimate penetration testing operations.
The infection chain, probably targeting an Israeli government entity, begins with a VHD file, a pretty custom WordPress website.
It’s a VHD that comes with all the hidden files, like the HTA file, which has an image as the decoy and transfers malware components to the %TEMP% folder, followed by launching a first-stage Nim downloader.
Decoy image displayed when the HTA is executed (Source – Harfanglab)
This downloader retrieves a second-stage payload from a controlled server. The final payload combines Donut, a shellcode generation framework, with Sliver, an open-source Golang trojan.
Donut disables security measures such as AMSI and WLDP before running Sliver, which gives the attacker full control of the victim’s machine through a specified command and control server.
More investigations revealed another infrastructure the operators probably used for such attack campaigns.
Infection chain (Source – Harfanglab)
These domains are fakes corresponding to popular brands such as Carlsberg and SintecMedia, although some may not have been related to intelligence gathering in general.
One of these campaigns posed as the Israeli government intending to aim at individuals or local businesses.
A famous WordPress site connected a VHD file and URL that was once redirected to a “rickroll” video, perhaps part of geofencing techniques.
The targets do not seem to have any common pattern, as the fake brand identities could mean different things.
This campaign’s intriguing aspects include its narrow scope, targeted approach, and use of mostly open-source tools.
However, the commonly available tools could be employed for conducting sophisticated operations, making it difficult for threat researchers to analyze these attacks.
.webp)
.webp)
.webp)