Everything you need to know

0
[ad_1]

On February 1, Samsung announced the next evolution in the Galaxy S series. That’s the Galaxy S23. This new lineup consists of the Galaxy S23, Galaxy S23+ and the Galaxy S23 Ultra. In this article, we are going to share everything you need to know about the Galaxy S23 lineup, and which model is the best option for you.

The Galaxy S23 and Galaxy S23+ are both essentially the same phone, apart from their sizes. The Galaxy S23 Ultra is essentially a merger of the Galaxy S and Note smartphones. So it has a more boxy shape, and of course, the S Pen is built-in.

Samsung Galaxy S23 Specs

Here are the specs for the entire Galaxy S23 lineup.

Galaxy S23 Galaxy S23+ Galaxy S23 Ultra
Display 6.1-inch FHD+
Dynamic AMOLED 2X
Adaptive 120Hz
6.6-inch FHD+
Dynamic AMOLED 2X
Adaptive 120Hz
6.8-inch QHD+
Dynamic AMOLED 2X
Adaptive 120Hz
Processor Snapdragon 8 Gen 2
Mobile Platform for Galaxy
Snapdragon 8 Gen 2
Mobile Platform for Galaxy
Snapdragon 8 Gen 2
Mobile Platform for Galaxy
RAM 8GB 8GB 8GB/12GB
Storage 128GB/256GB 256GB/512GB 256GB/512GB/1TB
Battery Capacity 3900mAh 4700mAh 5000mAh
Charging Speeds Wireless Powershare,
Super Fast Charging,
Fast Wireless Charging
Wireless Powershare,
Super Fast Charging,
Fast Wireless Charging
Wireless Powershare,
Super Fast Charging,
Fast Wireless Charging
Software Android 13, OneUI 5.1 Android 13, OneUI 5.1 Android 13, OneUI 5.1
Rear Cameras 50MP wide
10MP telephoto
12MP ultrawide
50MP wide
10MP telephoto
12MP ultrawide
200MP wide
10MP telephoto1
10MP telephoto2
12MP ultrawide
Front Camera 12MP 12MP 12MP
Dimensions 2.79 x 5.76 x 0.3in 3 x 6.21 x 0.3in 3.07 x 6.43 x 0.35in
Weight 5.93oz 6.91oz 8.25oz
Price $799 $999 $1199
Colors Phantom Black
Cream
Green
Lavender
Phantom Black
Cream
Green
Lavender
Phantom Black
Cream
Green
Lavender
Available February 17 February 17 February 17

How much does the Galaxy S23 series cost?

The Samsung Galaxy S23 series is keeping the same price, in the US at least. So we’re not seeing any price increases here. That means that the following is the pricing for the Galaxy S23 series:

  • Galaxy S23: $799
  • Galaxy S23+: $999
  • Galaxy S23 Ultra: $1,199

To get the higher storage, it’ll be a $50 increase for the Galaxy S23 and S23+, and a $100 increase for the Galaxy S23 Ultra. So a 1TB Galaxy S23 Ultra will cost you $1,399. Quite pricey, but that is still cheaper than a 1TB iPhone 14 Pro Max (by quite a bit actually).

Galaxy S23 l S23 Plus KV Product 2p HI Large

What trade-in offers are available at launch?

Carriers will be offering their own trade-in offers, which you can check out the latest deals for the Galaxy S23 by clicking here.

However, Samsung is going to offer up to $1,000 or the cost of the phone (if you get a Galaxy S23) for a trade-in. Now, depending on what you trade-in, you might get the full $1,000, or it might be less. Typically, the newer the phone, the more you’ll get on trade-in. Samsung.com does allow you to now trade-in multiple devices on a single order. Which makes this even easier.

What pre-order bonuses is Samsung offering?

Samsung typically offers some bonuses for pre-ordering their new phones. Well this year, they have brought back one of their more popular bonuses. And that is a free storage upgrade. Which means that if you pre-order a 128GB Galaxy S23, you’ll get upgraded to the 256GB model for the same price. The same goes for the 256GB models and the 512GB Galaxy S23 Ultra model. So you could actually get the 1TB Ultra for around $1,299. And of course, that is before any sort of discount from trade-ins.

Where can I buy the Galaxy S23 series?

Samsung will have the Galaxy S23 available at all of the usual retailers and carriers. These include:

  • Amazon
  • AT&T
  • Best Buy
  • Samsung.com
  • T-Mobile
  • Verizon

And many more. Keep in mind that Samsung’s pre-order bonuses are available everywhere. However, BOGO’s and trade-ins may differ by retailer and carrier.

What carriers support the Galaxy S23?

The Samsung Galaxy S23 will be supported by AT&T, T-Mobile and Verizon, along with any MVNO that runs on their networks. That includes Boost Mobile, Cricket, MetroPCS, Straight Talk and many others.

Galaxy S23 Plus Image 06 HI Large

What colors is Samsung selling the Galaxy S23 in?

This year, Samsung is keeping it simple. Offering the Galaxy S23 models in all of the same, four colors. Those are:

  • Phantom Black
  • Cream
  • Green
  • Lavender

Now, Samsung will offer its own exclusive colors for these phones as well. Which those colors are listed below:

  • Lime
  • Graphite
  • Sky Blue
  • Red

What new features does the Galaxy S23 sport?

Samsung is bringing some new features to the Galaxy S23 this year. Which includes a new 200MP camera on the Galaxy S23 Ultra. As well as some new gaming features. And of course, the entire lineup has been better optimized for video and social media apps.

Worlds-first 200MP camera

On the Galaxy S23 Ultra, Samsung has included a 200-megapixel main sensor for the camera. This is a world’s-first, but likely won’t be the only one with it this year. Thanks to this new high-resolution sensor, a new AI-powered image signal processor, and some other software tweaks, the Galaxy S23 Ultra is going to take some very detailed images. Virtual noise has been reduced as well. This 200MP sensor won’t really be taking 200MP pictures. Instead, it will be binned down to 12.5-megapixels. So basically every 16 megapixels is one, with this sensor.

Samsung has also doubled optical image stabilizer so that videos are even more stable on the Ultra. There’s also enhanced 8K video recording available, with 30fps. For an even wider angle. Along with advanced object-based AI.

The future of mobile gaming

The Galaxy S23 Ultra has some new enhancements for gaming, this year. For instance, it is now running on the Snapdragon 8 Gen 2 for Galaxy, which allows the Ultra to last about 20% longer when gaming. While the graphics performance is about 40% better, and its AI performance is also optimized by than 40%.

This is all going to work to give you a better gaming experience on the Galaxy S23 Ultra. Along with that impressive 6.8-inch QHD+ 120Hz display that’s on-board.

Better optimized for video and social media apps

One of the big things that people complain about on Android is how laggy some social media apps are. Like Snapchat, which makes it very obvious that you’re using an Android smartphone. That’s because Snapchat doesn’t use the camera API, instead it takes a screen recording of your camera. But with the Galaxy S23 series, that’s not an issue anymore.

For a few years now, Samsung has been touting that it is optimizing its phones for video and social media apps. Like Snapchat, Twitter, Instagram, YouTube and others. So you’ll experience a much better experience there.

Galaxy S23 Ultra Image 06 HI Large

What software updates has it received?

The Samsung Galaxy S23 series has received quite a few updates since releasing in February 2023. Here’s the full list:

What cases are available?

There’s plenty of cases available for the Galaxy S23 series, which we have a roundup for each model. You can check those out here:

  • Galaxy S23 cases
  • Galaxy S23 Plus cases
  • Galaxy S23 Ultra cases

But we are also listing a few popular cases here, one for each model.

Samsung Silicon Cover

Costing $30, the Silicon Cover is a good option for a lot of people, even though it is rather expensive. It’s a pretty simple case for most people. It’s just a Silicon cover for your Galaxy S23, but Samsung does offer it in a lot of colors, which is really nice to see.

Samsung Leather Cover

The Leather Cover is similar to the Silicon Cover, but more expensive and in leather. It’s a really good feeling case in the hand. And the big thing it has over the Silicon Cover here is that it is not a soft-touch material. So it won’t attract dirt and dust as much as the silicon model does.

Samsung Rugged Case

Now this is a new case this year. But it’s a rugged case, and it appears to only be available on the Galaxy S23 Ultra. It has a built-in kickstand, as well as reinforced edges and corners. So it can take a drop or two, without damaging your phone.

Which Galaxy S23 model should I buy?

More than ever before, Samsung is really trying to differentiate the three models. With the small Galaxy S23 only coming with 128GB of storage, and the others with 256GB at the base. Along with the Ultra getting a 1TB model, and of course the S Pen. Our recommendation would be the Galaxy S23 Ultra. Since it does have the S Pen, as well as a larger battery and an incredible display. It also has the best camera setup of any smartphone right now.


[ad_2]
Source link

Samsung’s new Odyssey Ark supports four simultaneous inputs

0
[ad_1]

Samsung is launching its 2nd Gen Odyssey Ark gaming monitor and it comes with a few awesome upgrades over the original. It also launches at a noticeably lower cost compared to the first time around. When Samsung initially launched the Odyssey Ark back in 2022 it had a retail price of $3,499.99. It steadily dropped in price throughout the following year and you can currently find it for around $1,799.99. The 2nd Gen Odyssey Ark launches at a price of $2,999.99. And that’s both $500 cheaper than the launch price of the 1st Gen model and considerably more expensive now that the 1st Gen is on sale.

That might be a hard sell for anyone looking to get into a premium gaming monitor. But Samsung is hoping the new features will give consumers incentives to at least consider the new model. For instance, there’s a new and improved multi-view feature. And this might be the single biggest change, though not the only one. Samsung also now adds a KVM switch for controlling multiple inputs with a single control station. And there’s now one DisplayPort 1.4 port and two HDMI 2.1 ports on the monitor itself.

A lot of features have stayed the same too. The new version of the monitor still comes with a 165Hz refresh rate and has a display size of 55-inches. And of course there’s its signature Cockpit Mode that lets you enjoy content vertically as opposed to horizontally.

The 2nd Gen Odyssey Ark now lets you run up to four inputs at once

Have you ever wanted to play a game on your PS5 and your Nintendo Switch but also have your PC running for videos and have it all on the same screen simultaneously? The Odyssey Ark 2nd Gen is making that more possible than ever thanks to the enhanced Multi-View feature. The monitor will now support up to four simultaneous multi-inputs. Which means if you had a PS5, an Xbox Series X, a Nintendo Switch, and a PC connected to the monitor you could have them all up and running and visible on the display at the same time.

You likely wouldn’t find much use in playing four games across four different platforms simultaneously. But a great use case would be hooking up four of the same console for a LAN party with friends. Or allowing each person to play something different on one screen. Samsung’s new Odyssey Ark monitor goes on sale today and you can pick it up directly from Samsung’s online store.


[ad_2]
Source link

Critical PHPFox RCE Vulnerability Risked Social Networks

0
[ad_1]

Heads up, phpFox users! A critical remote code execution vulnerability existed in the phpFox service that allowed community takeovers. Following the bug report, phpFox patched the flaw with the latest service version to which, the researcher urges to update.

Remote Code Execution Vulnerability Riddled phpFox

Security researcher Egidio Romano discovered a critical security flaw in phpFox that threatened numerous social networks.

phpFox is a dedicated community-building platform facilitating users in creating interactive social networks. The service offers numerous free and paid features that let the users engage with their communities, alongside providing monetization options to the users.

According to the vulnerability description shared in the post from Karma(in)Security, exploiting the vulnerability could let an unauthenticated attacker inject PHP objects to the target application. This, in turn, could let the adversary compromise the targeted social network and the underlying system.

User input passed through the “url” request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.

The vulnerability received the CVE ID CVE-2023-46817 and a critical severity rating.

Bug Fixed (Reluctantly!)

Following this discovery, Romano reported the vulnerability to the vendors. However, the vendors didn’t seem to realize the gravity of the matter. At first, they simply tried to brush off the matter by stating, “We currently do not have such security requirements,” later assuring a fix released with an earlier version not actually patched (4.8.13).

Commenting about this interaction, Romano shared his thoughts with LHN,

Specifically, with regards to this phpFox case, even though they say they don’t have specific security requirements, I would suggest them to be more kind with and trust security researchers who report them security issues in their products, without questioning the real existence of such security vulnerabilities and their impact, like they did with regards to CVE-2023-46817.

The researcher, as evident through the timeline shared, had to urge the vendors to deem the vulnerability important.

Eventually, the vendors patched the vulnerability with phpFox version 4.8.14, albeit without disclosing the specific security fix(es) in the release update.

According to Romano, this sort of response from a vendor like phpFox is disappointing, showing how the vendors try to deceive customers with a false sense of security.

Unfortunately, sometimes software vendors – like phpFox – are willing to hide and/or underestimate security bugs reported in their products, probably following a principle called Security Through Obscurity (STO)… I truly believe this principle is terribly wrong, giving to the software users a false sense of security, while there is no software bugs-free!

The researcher urged all phpFox users to update to the latest phpFox release (version 4.8.14 or later) to receive the security fix.

Let us know your thoughts in the comments.


[ad_2]
Source link

Unpacking Facts and Safeguarding from Cybersecurity Threats

0
[ad_1]

Delve into the mesmerizing world of 3D printing, from its historical roots to its revolutionary impact across industries. While its wonders captivate, it’s essential to understand the lurking cybersecurity threats.

Like our universe, technology has always been dynamic, shifting, and adapting to the demands and curiosities of humanity. Among these advancements, 3D printing stands out as a beacon of modern innovation. As we delve into some of the most captivating 3D printing facts, we must also understand the potential risks this technology poses when falling prey to hackers. Here’s a deep dive into the awe-inspiring world of 3D printing and the necessary steps to secure it.

Historical Context

When discussing facts about 3D printing, it’s pivotal to recognize its roots. While today’s generation might perceive it as a recent breakthrough, the foundation of 3D printing was laid in the 1980s by Chuck Hull. Over the decades, what started as an experimental concept has metamorphosed into a technological marvel, revolutionizing sectors from automotive design to healthcare.

The Materials Beyond the Expected

A prevalent 3D printer fact that many are familiar with is the use of plastic in 3D printing. However, the scope of 3D printing materials extends beyond just plastic. Today, sophisticated printers have the capability to print using metals, ceramics, and even organic materials like human tissues. This versatility underscores the technology’s potential in diverse applications – be it constructing a building or crafting a piece of jewellery.

The Economics of 3D Printing

One of the more enlightening industrial-quality resin 3D printer facts pertains to its cost-efficiency. Traditional manufacturing methods often involve mass production, which can lead to excess waste and unused products.

In contrast, 3D printing follows a ‘make as needed’ model. This not only minimizes waste but can also substantially reduce production costs, making it a favoured choice for businesses and hobbyists alike.

A World of Customization

Among the interesting facts about 3D printing is its unparalleled potential for personalization. Unlike conventional production lines that churn out identical items, 3D printers cater to individualized designs. This has profound implications, from creating bespoke jewellery pieces to developing prosthetics tailored for individual patients, ensuring comfort and functionality.

Eco-friendly Manufacturing

While discussing 3D printing fun facts, it’s hard to overlook its environmental implications. As a method that inherently reduces waste by design, 3D printing promises a greener approach to production. With increasing global concerns about the environment, this manufacturing process offers a beacon of hope for sustainability.

However, technological marvels often attract unsolicited attention. In the case of 3D printing, hackers see potential opportunities to exploit. What are these vulnerabilities, and how do they manifest?

How Hackers Engage with 3D Printers

Blueprint Tampering: A hacker with malicious intent can infiltrate the system and modify the design blueprints. This compromise can lead to defective outputs, which, depending on the application, can range from minor nuisances to catastrophic failures, especially in industries like aviation or healthcare.

Unauthorized Prints: With unauthorized access to a 3D printer, hackers might produce items for their benefit, leading to undue wear and tear, and the depletion of printing resources.

Intellectual Property Theft: One of the most significant risks involves hackers stealing proprietary design templates. With access to these blueprints, counterfeit items can flood the market, causing immense financial and reputational harm to the original creators.

Safeguarding Your 3D Printing World

Robust Password Protection: It’s fundamental to protect your 3D printing info with strong and frequently changed passwords. This primary step can deter a significant portion of potential breaches.

Timely Software Updates

Manufacturers often roll out software patches to address known vulnerabilities. Ensuring your 3D printer is running the latest software version can be the first line of defence against hackers.

Secured Networks

Connecting your 3D printer to a secure, encrypted network can substantially reduce intrusion risks. Using VPNs or dedicated isolated networks can further fortify this security.

Access Limitation

Restricting access to the 3D printer and its associated facts about 3D printing to a handful of trusted individuals can drastically reduce vulnerabilities.

Constant Monitoring

Keeping a vigilant eye on the printer’s logs can help identify and address any unauthorized or suspicious activities in their nascent stages.

To Sum Up

To conclude, 3D printing, with its vast potential and transformative capabilities, holds a promising future. But with great power comes the necessity for great responsibility. As we marvel at the wonders of 3D printing, it’s equally crucial to be proactive and knowledgeable about its vulnerabilities. By adopting a vigilant approach, we can enjoy the myriad benefits of this technology while safeguarding it from potential threats.

  1. Injured Turtle Gets 1st 3D Printed Titanium Jaw Implant
  2. Miracle Miracle! A woman’s kidney tumor cured by 3D printing
  3. Crashing a $1,000 Drone by Hacking the 3D Manufacturing System
  4. Here’s a 3D Printed Remaking of ‘Ear of Hell’ Classic Audio Speakers
  5. 3D printed fingerprints can unlock your device with 80% success rate

[ad_2]
Source link

Best Early Deals available now

0
[ad_1]

Black Friday is a great time to buy a new TV. Unless you’re looking for something super specific, you’re going to get an insane deal during this time of the year. Much like the last two years, retailers are starting their Black Friday sales earlier than usual. So right now you can get a Black Friday “price” about 4 weeks ahead of Black Friday. Which isn’t too shabby.

In this post, we will be continuously updating with the best early Black Friday TV deals this year. That will range from the cheap TVs that are 720p or even 1080p. All the way up to the most expensive TVs like those with an 8K resolution.

What’s a good deal on a TV?

As someone who watches prices year round on TVs and many other products, it’s pretty easy to find something that is actually a good deal, and not just appearing to be cheaper because it is the holiday season. So here’s how we break it down.

  • Up to 55-inch TVs: Prices of $200 or less for house brand TVs like the Amazon Fire TVs. And you can expect to find them for under $400 for larger brands like LG and Samsung.
  • 65-inch LED TVs: Typically prices will be under $500 for house brands, and under $1,000 for the larger names.
  • 65-inch OLED: Typically, if you can find anything under $1,500 it’s a good deal. You might see some mid-range OLED TVs out there, and those under $1,200 is a good deal.
  • 75-inch and larger LED TVs: For the house brands like Amazon, TCL, Insignia, etc., anything under $600 would be a good deal. While under $1,000 for the mid-range TVs from LG, Samsung and Sony would be a good deal. For the high-end TVs, expect anything under $1,500 to be good.
  • 75-inch and larger OLED TVs: For mid-range OLED TVs, anything under $1,600 is a good deal. For the higher-end and premium OLED TVs, anything under $2,000 is a good deal.

Now that we’ve got that out of the way, let’s check out the best early Black Friday TV deals that are available right now.


[ad_2]
Source link

A new neural network could make AI chatbots a thing of the past

0
[ad_1]

Right now, the technology powering the AI chatbots currently on the web is scary, to say the least. It’s immensely powerful, but there was a breakthrough that might leave chatbots like ChatGPT and Google Bard in the dust. This involves neural network technology and how it can improve AI technology.

AI chatbots use neural network technology to deliver their results, but scientists have created a neural network with the ability to make generalizations about language. What does that mean, and why is it significant?

A new neural network is a breakthrough in AI technology

A large part of basic human learning is in adapting new words. When you learn a new word, you’re likely to understand it and induct it into your lexicon to use in your own conversations. This is something that chatbots can do, albeit at an undesirable pace. That doesn’t seem to be a massive issue, as no chatbot you’ve interacted with seemed to be at a loss for words.

However, as Nature reports, scientists have made a breakthrough that might leave current chatbots in the dust. They developed a neural network that uses a new technology called Meta-learning for Compositionality (MLC). With this technology, the neural network is able to learn new words at a much quicker pace than ChatGPT. We’re not only talking about learning the new words but also adding them to its vocabulary for general use.

Along with that, the neural network demonstrated something that could solve one of the major issues facing generative AI today. While testing the neural network, scientists made it so that it would learn from its mistakes. This is huge, as modern chatbots don’t really have the ability.

This means that it could potentially learn from any inaccurate information that it generates. Right now, chatbots struggle with AI hallucinations. This neural network might be the end of those issues. Only time will tell if this is truly the next revolution in AI technology


[ad_2]
Source link

The Risk of RBAC Vulnerabilities and How to Prevent Them

0
[ad_1]

Role-Based Access Control (RBAC) is a security paradigm focused on assigning system access to users based on their organizational role. It’s a sophisticated approach of ensuring that only the right people can access the right information at the right time. RBAC is not about individual permissions for each user; instead, permissions are associated with roles, and users are assigned roles.

For instance, an employee in the finance department may have a role that allows them to view and edit financial data, while an HR representative may have a role that gives them access to employee records. By assigning roles to users, the system can control who has access to what information, reducing the risk of unauthorized access.

RBAC is a flexible and scalable system suitable for both small and large organizations. Its flexibility lies in that roles can be easily created, changed, or removed as the organization evolves. This ease of use makes RBAC a popular choice among organizations seeking to improve their security posture.

Common Use-Cases and Industries That Heavily Rely on RBAC 

RBAC has a broad range of applications across numerous industries. Here are some of the most common use-cases and industries that heavily rely on RBAC.

Healthcare

Medical facilities often have to manage complex and sensitive data ranging from patient records to drug inventories. RBAC helps ensure that only authorized personnel have access to specific types of information. For instance, a nurse might have access to a patient’s medical history, but not their billing information, while a billing clerk would have the opposite set of permissions.

Finance and Banking

In the finance and banking sector, RBAC is used to control access to sensitive financial data and systems. For example, a bank teller might have access to account information and transaction capabilities, while a loan officer has access to credit reports and loan approval capabilities. RBAC helps prevent unauthorized access, which can result in financial loss or regulatory penalties.

eCommerce

eCommerce platforms are another area where RBAC is frequently used. An eCommerce platform might have a variety of roles, such as customer service representatives, logistics managers, and product managers, each requiring access to different data within the system. RBAC ensures that each user has access only to the data they need to perform their job function, enhancing security and efficiency.

Government

Government agencies also benefit from the use of RBAC. With large amounts of sensitive and classified information, it’s crucial to control who has access to what data. RBAC can be used to assign roles based on job function, department, or clearance level, ensuring that sensitive information is only accessible to those with the appropriate authority.

Common RBAC Vulnerabilities 

Here are some common security issues that can arise when implementing RBAC:

Excessive Permissions

One common vulnerability with RBAC is the issue of excessive permissions. This occurs when a user is given more access rights than they need to perform their job. Excessive permissions can lead to unauthorized access to sensitive information, either intentionally or unintentionally. To prevent this, organizations should implement the principle of least privilege (PoLP), which states that a user should be given the minimum levels of access necessary to complete their job functions.

Stale Roles

Stale roles are another common vulnerability in RBAC. This happens when a user’s role is not updated when their job function changes, leading to them retaining access rights that they no longer need. Regular audits of user roles and access rights can help prevent this issue, ensuring that users only have access to the data and systems that are relevant to their current role.

Permission Creep

Permission Creep is one of the most common vulnerabilities faced in Role-Based Access Control (RBAC) systems. It occurs when users accumulate more permissions than they require to perform their jobs effectively. This usually happens over time as employees transition between roles, gain additional responsibilities, or when temporary access is granted but not revoked.

The danger with permission creep is that it increases the potential attack surface for malicious actors. If a user’s account is compromised, the attacker can exploit the excess permissions to access sensitive areas of the system. Moreover, permission creep can also lead to situations where users unintentionally cause harm.

Inadequate Auditing

Inadequate auditing is another major vulnerability in RBAC systems. Auditing refers to the process of reviewing and analyzing system logs to identify any unusual or suspicious activity. It’s a crucial part of maintaining security, as it allows you to detect and respond to potential threats in a timely manner.

However, due to the sheer volume of data generated in a typical business environment, effective auditing can be a daunting task. Without a robust auditing strategy, you may miss critical signs of a security breach, such as multiple failed login attempts or unauthorized access to sensitive data.

Insecure APIs

APIs, or Application Programming Interfaces, are a crucial part of modern software systems, enabling different software components to communicate and interact with each other. In systems protected by RBAC, APIs are often used to manage users and their permissions.

Therefore, insecure APIs are a major vulnerability in RBAC systems. If an API is not properly secured, it can serve as an entry point for attackers to manipulate permissions or gain unauthorized access to sensitive data.

How to Prevent RBAC Vulnerabilities 

Least Privilege Principle

One of the most effective ways to mitigate the risk of permission creep is by adhering to the principle of least privilege. This principle dictates that users should only be granted the minimum permissions necessary to perform their jobs.

By strictly enforcing this principle, you can significantly reduce the potential attack surface for malicious actors. At the same time, you can also prevent situations where users unintentionally cause harm due to their lack of familiarity with certain areas of the system.

To effectively implement the principle of least privilege, it’s important to have a clear understanding of your users’ roles and responsibilities. You should regularly review and update user permissions to ensure that they align with their current job requirements.

Time-Based Roles

Another effective way to mitigate the risk of permission creep is by implementing time-based roles. This involves granting certain permissions on a temporary basis and automatically revoking them after a specified period of time.

By implementing time-based roles, you can ensure that users do not retain unnecessary permissions indefinitely. This can be particularly useful in situations where users need temporary access to certain areas of the system, such as during system maintenance or when covering for a colleague.

Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is a security measure that requires users to provide multiple forms of identification before they can access the system. This can significantly enhance the security of your RBAC system, especially when it comes to sensitive roles.

By requiring MFA for sensitive roles, you can add an additional layer of security that helps to prevent unauthorized access. Even if an attacker manages to obtain a user’s login credentials, they would still need to bypass the MFA process in order to access the system.

Conclusion

In conclusion, while RBAC systems have their vulnerabilities, these can be effectively mitigated through a combination of good practices and robust security measures. By adhering to the principle of least privilege, implementing time-based roles, and requiring MFA for sensitive roles, you can maximize the security of your RBAC system.


[ad_2]
Source link

Hamas Hackers Targeting Israelis with New BiBi-Linux Wiper Malware

0
[ad_1]

The BiBi-Linux Wiper malware damages files and operating systems by overwriting data with useless information, rendering the affected files unusable.

Cybersecurity experts from Security Joes’ Incident Response team recently stepped forward to aid Israeli companies amid the conflict between Israel and Hamas. During their investigations, they uncovered a concerning discovery: a new type of malware known as the BiBi-Linux Wiper.

This malicious software, designed for Linux systems, poses a significant threat. It is a powerful executable file that, if granted root access, can potentially wipe out an entire operating system. What sets it apart is its ability to target specific folders, overwrite files, and concurrently corrupt data using multiple threads, significantly amplifying its impact and speed.

Unlike other malware types that aim to steal data or demand ransom payments, the BiBi-Linux Wiper takes a different approach. It damages files and operating systems by overwriting data with useless information, rendering the affected files unusable. This kind of destructive software, often termed a “Wiper,” is not entirely new but remains a menacing cybersecurity threat against companies, businesses and unsuspecting users.

According to the company’s blog post, one noteworthy detail is the naming convention used in the malware—each infected file is titled bibi-linux.out. This name, seemingly random, actually holds a political undertone, as “bibi” is a common nickname for the current Israeli Prime Minister, Benjamin Netanyahu. Further exploration into the malware’s inner workings revealed this string hardcoded within its structure, used to generate identifiers for corrupted files.

The researchers noted the rarity of this malware; at the time of their investigation, it had only received two detections on VirusTotal, suggesting its newness and limited distribution.

The malware, upon execution, produces an excessive amount of output, revealing details about its progress and actions. To address this, threat actors use the “nohup” command, redirecting output to a file and preventing the wiping process from halting even if the console is closed.

Its use of multiple threads and system calls enables it to corrupt files rapidly and efficiently. The malware follows a pattern, overwriting files with random data, renaming them with a ‘BiBi’ extension, and excluding certain file types crucial for the operating system’s function.

Sophisticated Cyber Attacks Linked to Hamas and Pro-Palestinian Groups Target Israel

Hamas has displayed a surprising level of sophistication in its cyber warfare tactics, as demonstrated by several incidents in recent years. In 2014, Hamas not only breached the live transmission of Israel’s Channel 10 TV station but also defaced the broadcast by displaying distressing images of Palestinian civilians affected by Israeli airstrikes in Gaza.

In July 2018, Israel accused Hamas of spying on IDF soldiers using malicious World Cup and dating apps. The group reportedly exploited hundreds of IDF Android devices by luring users with images of attractive women.

By February 2020, reports surfaced that Hamas hackers masqueraded as women to deceive IDF personnel into downloading malware. These hackers, posing as women, sent out malware to gather critical information and gain control over the soldiers’ phone functions.

Despite these cyberattacks attributed to Hamas, other groups have also targeted Israel’s critical infrastructure. AnonGhost, a pro-Palestinian group, not only hacked the Red Alert App, an Israeli rocket alert app but also sent fabricated missile, rocket, and nuclear bomb alerts to Israeli citizens.

On October 16th, 2023, researchers identified a fraudulent rocket alert app hosted on a malicious website, distributing malware onto the smartphones of unsuspecting Israeli citizens.

Nonetheless, cybersecurity experts persist in monitoring and analyzing these threats. The readiness of companies to defend against evolving cyber risks remains of utmost importance.

  1. Gaza Cybergang targeting Palestinian authority figures
  2. US seizes official website of Iranian state-owned Press TV
  3. Israeli Spyware Vendor Uses Chrome 0day to Target Journalists
  4. Israel claims to bomb Hamas’s cyber Ops HQ amidst uncertainties
  5. Android malware on Play Store targeting Palestinians on Facebook

[ad_2]
Source link

OnePlus 12 moniker and model number leaked by IMDA certification

0
[ad_1]

The OnePlus 12 has recently appeared on the IMDA certification website, which shows the phone’s moniker and model number.

The OnePlus 12 is a flagship device from the Chinese manufacturer that’s scheduled for early 2024. According to the latest speculations, the phone will cover all the shortcomings of its predecessor while offering some new features to challenge the iPhone 15 series, Pixel 8, or Samsung Galaxy S24.

As we get closer to the launch date, more details about the OnePlus 12 surface online. Thanks to the IMDA certification website, we know that the phone’s model number is CPH2581. As expected, the phone also supports 5G connectivity.

The OnePlus 12 would be a high-end device to battle other flagships

These are all details IMDA certification reveals about the upcoming OnePlus phone. However, more specifications have already been leaked by AnTuTu and the Geekbench benchmark database. The device was also first spotted in China with the BOE X1 OLED display. The display size is said to be 6.82-inch with support for 120Hz refresh rate.

According to Geekbench 6 benchmark results, the OnePlus 12 scored 2169 points in the single-core round of the benchmark test. In the multi-core test, it could score 6501 points. The benchmark listing further revealed the phone is powered by the Qualcomm Snapdragon 8 Gen 3 processor.

This SoC was revealed just last week at the Snapdragon Summit. The company claims Snapdragon 8 Gen 3 offers up to 98% faster Hexagon NPU performance and 40% better performance per watt.

The OnePlus 12 may launch with two memory options, one with 16GB of RAM and another with 12GB of RAM. Android 14 is pre-installed on the device, and the company promises four Android version upgrades.

The latest rumors suggest that the OnePlus 12 features a 5,400 mAh battery with support for 100W wired charging. As for the rear camera, a 50MP primary sensor, a 50MP ultrawide, and a 64MP 3x telephoto lens are there to capture your moments. A 32MP selfie camera is also at the front.

The OnePlus 12 global launch may start from January 2024. However, Chinese customers may be able to get their hands on the phone in December 2023. The starting price is reportedly $699, which is a very competitive price compared to most flagships with over $900 price tags.


[ad_2]
Source link

Google researchers can make any ANC earbuds into heart rate trackers

0
[ad_1]

In the aftermath of a global pandemic, keeping an eye on our health metrics, like heart rates and blood oxygen levels, has become more important than ever. But this usually requires users to wear smartwatches or bands, which many do not prefer since they are bulky and do not last long on a charge. However, all this could change, as a recent study from Google on audioplethysmography (APG) technology suggests that they can convert any active noise-cancelling (ANC) earbuds into heart rate trackers via a software update.

How does this whole system work?

Unlike traditional smartwatches, which mostly rely on photoplethysmography (PPG) to detect heart rates, Google’s APG technology, when used in ANC earbuds, uses low-intensity ultrasound signals emitted by the earbuds’ speakers. These signals are then captured by onboard ANC mics, enabling the detection of subtle changes in the skin and heartbeat due to their proximity to the vessels in the ear canal, particularly the deep ear artery.

However, what makes this development even more exciting is the fact that the technology functions across various ear sizes, ear seals, different skin tones, and even during music playback.

Challenges and accuracy of the technology

While this technology could change the way people test their heart rates, Google did come across some major challenges in noisy environments. However, through experimenting with multiple frequencies, the company eventually identified the most accurate signal.

In terms of accuracy, Google’s testing, which involved 153 people, showed promising results, as the technology had a median error of 3.21% for heart rate and 2.70% for heart rate variability measurements across various scenarios.

However, despite these advancements, it’s important to note that this research is in its early stages, and although Google theoretically can release an update to earbuds, there’s no confirmation about the company implementing the APG technology in consumer products.

“APG represents new knowledge in biomedical and mobile research and unlocks new possibilities for low-cost health sensing,” said Google.


[ad_2]
Source link