Pixel 8 Pro could get two promised camera features soon

0
[ad_1]

During the Pixel 8 Pro launch, Google showed off two camera features that were shown off, but were not available from the get-go. We’re talking about Zoom Enhance (though the tipster referred to it as ‘AI Super Zoom’) and Video Boost here.

Google promised two additional Pixel 8 Pro camera features during launch, and they’re coming this month, it seems

Those features were expected to arrive at a later date, during a Pixel Feature Drop or something of the sort. Well, it seems like they’re coming this month, at least according to info shared by Max Weinbach.

He seems to hint that the features will roll out with the Pixel Feature Drop, as expected. The Pixel 8 series is very into AI features as is, and these two features will make that even more true for the ‘Pro’ model.

What are these two features about? Well, the Zoom Enhance will basically use generative AI to sharpen the details in the zoomed-in version of photos you’ve taken beforehand. Video Boost, on the other hand, will basically send a copy of your video to the cloud, where Google will use computational photography models to improve it. It aims to improve the lighting, colors, reduce grain, and so forth.

These two features will be exclusive to the ‘Pro’ model

These two features will, for whatever reason, be exclusive to the Pixel 8 Pro. The regular Pixel 8 model will not get them, unfortunately. There seems to be no reason for that, at least looking at its hardware. Google seemingly decided that the ‘Pro’ model will get those features, and that’s it. The company probably wanted to further differentiate it.

Now, do note that Google did not mention anything about a December availability. During the Pixel 8 launch event, the company simply said that they’re “coming later”. A December Pixel Feature Drop seems to be the perfect time for that, however, and the tipster seems to know something we don’t.


[ad_2]
Source link

Hackers Install Antivirus to Install RedLine Malware

0
[ad_1]

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer malware, and its new variant was being marketed in underground communities.

Threat actors use the ScrubCrypt obfuscation tool to help them avoid detection by antivirus software and initiate attacks that might otherwise be stopped.

RedLine Stealer is a well-known malware that can exfiltrate cryptocurrency wallets and credentials to attack users’ accounts through account takeover and fraud.

This malware aims to compromise accounts by stealing cookies, browser login information, and locally stored login credentials from users.

Document
Protect Your Storage With SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

The New Build of ScrubCrypt

Through the creation of batch files, ScrubCrypt’s “marketing” presents the add-on to threat actors as a simple means of obfuscating executable files.

Banner ad promoting ScrubCrypt
Banner ad promoting ScrubCrypt

“This conversion from the executable file into a batch file—enables threat actors to slip attacks past many preventative measures that might otherwise identify them,” HUMAN’s Satori Threat Intelligence Team shared in a report with Cyber Security News.

Safeguards used by numerous email providers and messaging platforms prevent executable files from appearing as attachments in a primary (non-spam) mailbox. Furthermore, unlike executable files, bat files don’t trigger antivirus software’s detection.

The new build of ScrubCrypt build was offered to threat actors on a few dark web marketplaces, including Nulled Forum, Cracked Forum, and Hack Forums.

ScrubCrypt sold on a dark web marketplace
ScrubCrypt sold on a dark web marketplace

The website that is selling and hosting this new build of ScrubCrypt is registered and hosted in Russia, placing it out of the control of US and EU agencies in an attempt to elude law enforcement.

Details of one registrar for the new ScrubCrypt build
Details of one registrar for the new ScrubCrypt build

One HUMAN customer was reportedly the subject of this attack via its direct messaging platform. Threat actors had previously used RedLine Stealer to target this platform, but this was the first time they used this particular ScrubCrypt build.

Recommendation

Therefore, it is advised that companies implement safeguards that identify and prevent cookie-stealing attacks and alert users whose credentials have been compromised or stolen by other threats, especially those whose user platforms include direct or private messaging capabilities.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


[ad_2]
Source link

OnePlus 12 cooling, fingerprint scanner & vibration motor detailed

0
[ad_1]

The OnePlus 12 launch is right around the corner, and OnePlus continues to share the details about the phone. This time around, OnePlus talked about the OnePlus 12 cooling, fingerprint scanner, and vibration motor.

OnePlus talked about the OnePlus 12 colling, fingerprint scanner & vibration motor

All of this happened on the company’s Weibo page, and OnePlus China President’s Weibo page. OnePlus confirms that the OnePlus 12 will feature the industry’s first 9,140mm² vapor chamber, which will cover an area of 38,547mm². The phone will utilize the “world’s first integrated dual-cycle heat dissipation system”. There will be two heat dissipation cavities included.

In addition to that, OnePlus talked briefly about the phone’s fingerprint scanner. The company said that the OnePlus 12 will feature an “ultra-thin under-screen fingerprint scanner”. Li Jie promises reliable and fast performance from that fingerprint scanner, which is the most important thing.

The device will include the “Bionic Vibration Motor Turbo”

On top of all that, OnePlus also mentioned something called the “Bionic Vibration Motor Turbo”. Do note that this is machine translation, so it may be inaccurate. Also, OnePlus may have a different name for that globally.

The gist is, the phone will come with an upgraded vibration motor. That will result in better haptics, which is always great to hear. OnePlus says that this will be noticeable throughout the system, and that includes games.

The device will launch in China early next week, global launch coming in January.

OnePlus seems to be pulling all the stops here. The Snapdragon 8 Gen 3 was confirmed earlier, and the same goes for the phone’s design. Also, the launch date is on December 5 in China, while the phone will launch globally in January. January 23 is the most likely launch date.

OnePlus also confirmed that the OnePlus Open cameras will be in use on the OnePlus 12, which is mostly a good thing. Wireless charging is coming back too, 50W wireless charging, most likely.


[ad_2]
Source link

Telegram expands voice transcription to free users and adds new features

0
[ad_1]
Telegram is keeping pace with technological advancements, whether by developing an app specifically for Apple’s AR/VR headset, the Vision Pro, or introducing new features. In its latest move, the messaging app released an update that brings numerous new features and grants free users access to features previously reserved for Premium users.In an official blog post, the company announced an update is available for all iOS users and those who downloaded Telegram for Android directly from telegram.org/android. The Google Play version is still under review and will be accessible later. With this update, free users can now enjoy the voice transcription feature, previously exclusive to Telegram Premium users, with a small catch.

The platform had introduced an audio transcription feature akin to Google Messages in 2022, limited to Premium users. This feature allows users to receive transcriptions of voice or video messages, which could be quite useful, especially when you cannot listen to audio out loud.

Telegram’s voice transcription feature goes the extra mile by translating audio into different languages before providing a transcript. However, the broader availability of the feature comes with a limitation for non-premium users—they can only convert up to two messages per week into text. Telegram Premium members retain the privilege of unlimited voice-to-text conversion.

The company mentions that the feature will roll out gradually and may not be immediately available everywhere. Beyond expanding the availability of this feature, the latest update introduces more enhancements. Users can now discover channels more easily, as joining a channel reveals a list of similar public channels.

Additionally, users can repost stories from friends and favorite channels to their pages, boosting their audience in just two taps. Reposting allows you to add extra content like text, audio, or video comments, with a separate visibility setting for the repost. To repost a story, users can tap the share arrow and select ‘Repost Story’—only stories visible to ‘Everyone’ can be reposted to protect privacy.

Posting a story now includes the option to add a video message for commentary or fun. Video messages are customizable, allowing resizing and movement across the screen, along with adjustments along the time axis. Stories that are reposted also support video messages, enabling users to share thoughts on trending topics.

For Premium users, Telegram introduces the ability to set a unique color combination with logos for their profiles and apply wallpaper for both sides, maintaining a consistent appearance for both themselves and their chat partner.

Furthermore, channels with story-posting capabilities can now access statistics for story views, shares, and reactions, along with detailed graphs to monitor reach and performance. Channel admins also gain a new interface for managing reactions, enabling adding or removing specific emojis.


[ad_2]
Source link

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

0
[ad_1]

According to a recent report by Secureworks, a well-planned and advanced phishing attack was carried out, specifically targeting hotels and their guests, through the popular website Booking.com.

The attackers utilized a sophisticated phishing campaign to lure unsuspecting victims into providing their personal information, including payment card data.

The attack highlights the growing threat of cybercrime in the hospitality industry and the need for stronger security measures to safeguard sensitive customer data.

Document
Protect Your Storage With SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Vidar Infostealer Deployed to Steal Credentials

The attackers employed the Vidar info stealer to pilfer Booking.com credentials from hotel staff, showcasing a growing demand for such data on underground forums.

Spearphishing email socially engineering a hotel employee. (Source: Secureworks)
Spearphishing email socially engineering a hotel employee. (Source: Secureworks)

The phishing emails, posing as former guests, strategically deceived employees, leading them to click a Google Drive link containing malware. 

Once credentials were compromised, the attackers exploited the hotel’s Booking.com portal to directly target guests, posing as official communication to defraud unsuspecting victims.

Message used to defraud hotel customers in August 2023. (Source: Secureworks)
The message was used to defraud hotel customers in August 2023. (Source: Secureworks)

The prevalence of Booking.com credentials on underground forums underscores the thriving market for such data, amplifying the frequency and impact of these attacks. 

Recommendations for Organizations and Customers

Secureworks recommends organizations educate employees to identify and thwart phishing attempts, implement multi-factor authentication for Booking.com accounts, and scrutinize access controls. 

Customers are advised to verify requests for payment details, especially through emails or app messages, and report suspicious activity promptly.

Organizations and individuals should remain vigilant to mitigate the risk, understanding evolving cyber threats and implementing appropriate security measures.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


[ad_2]
Source link

WhatsApp enables hiding chats behind a secret code

0
[ad_1]

Another neat feature has arrived to WhatsApp. This is another security feature, actually. You can now hide your WhatsApp chats behind a secret code. This basically enables you to hide chats separately, instead of having them all in your locked chats folder.

WhatsApp introduces ‘Secret Code’ feature for keeping your chats away from prying eyes

If you check out the image below, you’ll know exactly what this is. This is an example provided by the company. You can basically use whatever combination of letters, numbers, special signs, and even emoji to lock your chats.

WhatsApp Secret Code feature

In order to quickly find your locked chats, all you have to do is type in that password in the search bar, and… voila. Thanks to this new feature, people won’t even know you have some locked chats if they look at your WhatsApp, as there’s no locked chat folder to be found.

There is an option for locked chats to be visible in your chat list, though, keep that in mind. So those of you who prefer it that way, you can use it that way. They’ll still be locked, but they’ll be visible.

‘Chat Lock’ feature was announced earlier this year, and it’s a bit different

Do note that the ‘Chat Lock’ feature was presented back in May. That feature is different than ‘Secret Code’. That basically puts a folder at the top of your chat list, which you can then access by using a password, a fingerprint, or a face scan.

Having said that, in addition to introducing ‘Secret Code’, WhatsApp now also allows you to long-press on a conversation in order to lock it. Prior to this update, you had to go to the settings to do the same thing.

The ‘Secret Code’ feature is rolling out to WhatsApp as we speak. Do note that the full rollout won’t be completed immediately, though. The company said that it will take a couple of months for the feature to arrive to everyone. It seems like it’s either regional, or WhatsApp is pushing the feature to random users for testing purposes. Either way, it’s coming.


[ad_2]
Source link

Critical Zoom Vulnerability Let Attackers Take Over Meetings

0
[ad_1]

Zoom, the most widely used video conferencing platform has been discovered with a critical vulnerability that threat actors could potentially exploit for various malicious purposes.

This vulnerability was reported as part of the H1-4420 Hacking event conducted in June 2023.

This vulnerability existed in Zoom rooms, a system developed by Zoom to allow team members from different locations to work together over Zoom.

A threat actor could potentially exploit this vulnerability and gain access to the victim organization’s tenant.

Document
Protect Your Storage With SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Vulnerability Analysis

For setting up Zoom rooms, the Zoom Rooms application is installed on a device such as an iPad, mobile, etc which acts as a terminal for people in the Zoom room.

Whenever a Zoom room is created within the Zoom platform, a service account is created with licenses for meetings and Whiteboards.

This service account is assigned an email address by Zoom, which has the format rooms_<account ID>@companydomain.com. In certain cases, organizations prefer to use the Outlook domain for their email accounts instead of their company domain.

As Outlook is public and anyone can create an email address, the service account email address can be created and claimed by a threat actor.

This provides complete access to the threat actor over the service account which can be utilized to gather information laterally across the tenant.

In addition to this, a service account has at least two licenses and is also treated as a normal team member. This provides considerable access to the threat actor, like contacts, or hijack the meeting itself. 

Zoom Chat Channel

Zoom provides a new feature called “Channels,” which is a system of text channels that are open by default to tenant employees.

Since the threat actor has access to the service account, he has access to view the contents of any channel which also includes confidential information and has complete invisibility.

Moreover, room users cannot be removed from the channel by any administrator or even the owner. A complete detailed report has been published, which provides additional information about this vulnerability.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


[ad_2]
Source link

Meizu 21 is here with Snapdragon 8 Gen 3, 200MP camera & uniform bezels

0
[ad_1]

Meizu is a company we don’t hear all that much these days, but the company is still in the smartphone business. In fact, Meizu just announced a new high-end smartphone, the Meizu 21. That was kind of expected as the phone was teased quite a bit recently, and we knew the launch date.

The Meizu 21 is official, the company’s new flagship handset

This smartphone launched in China, and it seemingly does have a lot to offer. Let’s delve into the design first, though, shall we? This phone is made out of metal and glass. Its front and back sides are flat.

You will notice a display camera hole that is centered, and three separate camera islands on the back. Each of those islands incorporates a camera on the inside. The sides of this smartphone are flat, while the phone’s bezels are uniform. All of its buttons sit on the right-hand side.

Meizu opted for the most powerful SoC from Qualcomm

The Meizu 21 is fueled by the Snapdragon 8 Gen 3 SoC, the best Qualcomm has to offer. This phone includes 8GB/12GB of LPDDR5X RAM and 256GB/512GB of UFS 4.0 flash storage. It also has two nano SIM card slots.

A 6.55-inch fullHD+ (2340 x 1080) OLED display is used here. It is flat, and has a 120Hz refresh rate. Its brightness peaks at 1,800 nits, and the display has a 1,920Hz high-frequency PWM dimming.

It comes with Android 14 and supports 80W wired charging

Android 14 comes pre-installed on the device, along with FlymeOS 10.5. It has a set of stereo speakers, and a 3D Sonic ultrasonic fingerprint scanner. It also comes with Ice World Cooling Technology, Game Mode 6.0, and mEngine Ultra haptic engine. The phone is also IP54 certified.

The Meizu 21 features a 4,800mAh battery, and supports 80W wired charging. Yes, a charger is included in the box, by the way. Bluetooth 5.4 is also on offer here, and 5G connectivity is included in the package, along with Wi-Fi 6E.

A 200-megapixel main camera is included here

A 200-megapixel main camera (f/1.7 aperture, OIS) sits on the back of the phone. A 13-megapixel ultrawide camera (f/2.4 aperture, 2.5cm macro) is also included, as is a 5-megapixel depth camera (f/2.4 aperture, 8K video recording support). You’ll also find a 32-megapixel unit (f/2.4 aperture) on the front.

The Meizu 21 measures 156.7 x 75.3 x 7.9mm, while it weighs 198 grams. The Meizu 21 was announced in Black, Green, Purple, and White color options. The phone’s pricing starts at CNY3,399 ($479) in China, and it’s already available to pre-order. Chances are this phone won’t make it to global markets, but Meizu could surprise us.


[ad_2]
Source link

Google Message Router is overloaded leading Gmail to go down on Thursday

0
[ad_1]
Google first alerted Workspace users Thursday at 11:30 am ET that some Gmail users might see a delay in receiving emails. On DownDetector, the number of reports about Gmail went from 33 at 11:25 am ET to 761 by 1:55 pm. At 5:03 pm ET, Google issued an update that said, “the issue with email delays was mitigated for the majority of affected users at 2:45 PM” and “a few users may have observed delays until the full mitigation was done at 4:15 PM ET.”
70% of those submitting a report on DownDetector said that the problem was receiving their email in a timely manner. 16% complained about sending email on the platform and 14% said that they could not connect with the Gmail server. One Gmail user on DownDetector with the username “Elizabeth” wrote, “Ah, glad to know that it’s Gmail and it’s not me, I was scared and lost why I couldn’t make one, so I guess I’ll wait whenever Gmail is back working again.”

Another subscriber to the platform named Michael Hubert wrote, “My emails are not being delivered. it says they are sent but no one is receiving them.” As bad as this sounds, it appears that the issue was limited in scope. After all, 761 reports on DownDetector, while a decent jump from the 33 reports submitted two and a half hours before the peak number, indicates that most people weren’t affected or didn’t know that Gmail was having problems.

Officially, Google says that the incident started at 11:30 am ET and ended at 4:15 pm ET. The issue lasted for 4 hours and 45 minutes. On the Google Workspace Status Dashboard, the company wrote, “Some Gmail users experienced a delay in sending emails globally for a duration of 4 hours and 45 minutes. Any emails that were delayed after entering our system were auto retried and should have been delivered within a couple of hours after mitigation.”

As for the cause of the issue, Google wrote, “From preliminary analysis, the root cause of the issue appears to be an overload in Google Message Router (GMR). Google will complete a full incident report in the following days that will provide a detailed root cause.”


[ad_2]
Source link

Rhysida ransomware behind British Library attack

0
[ad_1]

Rhysida ransomware operators have claimed responsibility for a highly disruptive cyber attack on the British Library. The group shared a low-res image on its leak site that appears to show a snippet of data stolen from the famous library. Meanwhile, the library’s website remains down, with services experiencing outages and interruption that could go on for weeks or even months, the library said.

The British Library notified the public last month about a “major technology outage” due to a cyber incident. Last week, the library confirmed the incident was the result of a ransomware attack launched “by a group known” for such criminal activity. The Rhysida gang seems to be the culprit with the group opening an auction for the stolen data with a deadline for bids ending on November 27.

Last week, a new cyber security advisory warned of the threats posed by emerging ransomware variant Rhysida. The advisory, published jointly by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), disseminated the known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) of the ransomware operators. Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology and government sectors.

British Library continues to experience major tech outage due to cyber attack

In a recent update, the British Library said it is continuing to experience a major technology outage as a result of the cyber attack. “The outage is still affecting our website, online systems and services, as well as some onsite services including Wi-Fi. We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.”

The library said it is aware that some data has been leaked which appears to be from its internal HR files. “We have no evidence that data of our users has been compromised. However, if you have a British Library login and your password is used elsewhere, we recommend changing it as a precautionary measure,” it stated.

In the meantime, the library has taken “targeted protective measures” to ensure the integrity of its systems, and it is continuing to investigate the attack with the support of the UK National Cyber Security Centre (NCSC), the Metropolitan Police and cybersecurity specialists.

Rhysida ransomware group known to engage in double-extortion

Rhysida operators are known to engage in “double extortion” – demanding a ransom payment to decrypt victim data and threatening to publish the sensitive exfiltrated data unless the ransom is paid. “Rhysida actors direct victims to send ransom payments in Bitcoin to cryptocurrency wallet addresses provided by the threat actors. Rhysida ransomware drops a ransom note named “CriticalBreachDetected” as a PDF file – the note provides each company with a unique code and instructions to contact the group via a Tor-based portal,” read the recent cyber security advisory.

The contents of the ransom note are embedded as plain-text in the ransom binary, offering network defenders an opportunity to deploy string-based detection for alerting on evidence of the ransom note. “Rhysida threat actors may target systems that do not use command-line operating systems. The format of the PDF ransom notes could indicate that Rhysida actors only target systems that are compatible with handling PDF documents,” the advisory added. Known Rhysida IoCs include Onion Mail email accounts rhysidaeverywhere@onionmail[.]org and rhysidaofficial@onionmail[.]org for services or victim communication.

Update (11/29/2023): In Late November, Rhysida published most of the data it claimed to have stolen from the British Library with the group’s website indicating that 490,191 files are included in the leak, totaling 573 GB. Renowned security researcher and creator of Have I Been Pwned? Troy Hunt said the dump looks “rather substantial” in a post on X (formerly Twitter).

Meanwhile, the British Library has confirmed claims that data had been stolen and advised customers to change passwords if they have reused them elsewhere.

Cyber Security Hub’s All Access: Malware and Ransomware event provides actionable insights on how to detect, deflect and defend against rising ransomware challenges.



[ad_2]
Source link