Announcing NEW Malwarebytes Identity Theft Protection

0
[ad_1]

In today’s hyper-connected world, Malwarebytes now protects your identity, reputation, and credit all in one place, so you can focus on living your life.

We’ve always been committed to keeping you safe and secure online. But these days, cybersecurity isn’t just about defending you from malware; it’s about protecting your—and your family’s—entire digital identity.

We know that people are worried. In fact, in our latest report, titled “Everyone’s afraid of the internet and no one’s sure what to do about it,” we found that 79% of internet users are “very concerned” about online privacy and security risks.

More specifically, we found that 81% worry that identity theft and fraud could happen to them, and 71% say that having their data leaked and identity stolen is one of their biggest fears.

So today, I’m excited to announce we’re extending our product offering to introduce Malwarebytes Identity Theft Protection. Our comprehensive solution scours the dark web for your personal information, prevents your social media account from being hacked, and even keeps an eye on your credit1 —and it’s all backed by an up-to-$2 million identity theft insurance2.

Here’s what you get (based on your selected plan):

  • Ongoing monitoring: Peace of mind that we are actively working in the background to keep you safe
  • Real-time alerts: Immediate notifications if we identify suspicious activity
  • Recommendations and best practices: Advice on how to prevent identity theft, and help if it happens
  • Identity restoration helpline and top-notch customer support.

It’s not easy being online today, but our coverage helps keep your digital identity safe, giving you the confidence to scroll, swipe, click, and post in peace.

Learn more

Existing customers

Already a Malwarebytes customer and want to add Malwarebytes Identity Theft Protection to your subscription? Log into your account at my.malwarebytes.com and go to your subscription page. Click Upgrade, make the selection, and choose Submit Order. You’ll then receive your activation email.


1 Credit scores provided are based on the VantageScore ® 3.0 model (likely to be different than what lenders may use to assess your credit worthiness).  Credit monitoring is US only.

2 $1 or 2 million (based on selected plan). $2 million is US only.

Note: Malwarebytes Identity Theft Protection is not available in all regions.

 


[ad_2]
Source link

Xiaomi 14 series announced with Snapdragon 8 Gen 3, Leica Summilux lens & more

0
[ad_1]

Xiaomi has announced its new flagship smartphones, the Xiaomi 14 and Xiaomi 14 Pro. The company announced them in China, during a dedicated press event. The global launch will follow either later this year or in Q1 next year.

Having said that, you may notice that the Xiaomi 14 Ultra was not mentioned here. That handset will likely arrive at a later date. The Xiaomi 14 and Xiaomi 14 Pro did surface several times prior to launch, and Xiaomi even shared their official renders. So we knew what to expect.

Xiaomi’s new flagship are here with the brand new Snapdragon 8 Gen 3 SoC

First and foremost, these two phones do look very similar. They have the same design language, but there are some differences. The Xiaomi 14 comes with a flat display, while the ‘Pro’ model includes a curved display. Both have very thin bezels, and a centered display camera hole.

They are made out of metal and glass, well, most models, anyway. The pink Xiaomi 14 model has vegan leather on the back. In regards to the Xiaomi 14 Pro, three out of four variants are also glass+metal, the same three as for the Xiaomi 14. Those are the black, green, and white models. The fourth Xiaomi 14 Pro model is called ‘Titanium Special Edition’, and as you can guess, it has a frame made out of titanium.

The Xiaomi 14 Pro is also larger than the Xiaomi 14. Both have flat sides, and a square camera island on the back. Each phone has three cameras on the back, but there are some differences. We’ll talk about that next.

Xiaomi 14 specifications

The Xiaomi 14 features a 6.36-inch 1.5K (2670 x 1200) display with a 120Hz refresh rate. It is an LTPO display, and a refresh rate goes down to 1Hz. That panel is flat, and can go up to 3,000 nits when brightness is concerned.

The Snapdragon 8 Gen 3 fuels the phone, while 8GB, 12GB, and 16GB LPDDR5X RAM models are available. Those three models come with 256GB, 512GB, and 1TB of UFS 4.0 flash storage, respectively.

Xiaomi 14 all colors image 2

A 4,610mAh battery is included here, and 90W wired charging is supported. 50W wireless charging is also on offer, not to mention that the charger is included in the box. 10W reverse wireless charging is also on offer.

A 50-megapixel main camera (f/1.6 aperture, 23mm lens, OIS) is backed by a 50-megapixel ultrawide camera (115-degree FoV, f/2.2 aperture). A third camera is also a 50-megapixel unit, a telephoto camera (f/2.0 aperture, OIS, 3.2x optical zoom). All three cameras have Leica lenses, and the main one includes the new Leica Summilux unit.

This phone is IP68 certified, and Android comes pre-installed on it, with Xiaomi’s new HyperOS skin. There are two SIM card slots included here. The phone includes stereo speakers, and its colors are officially called Midnight Black, White, Rock Green, and Snow Mountain Pink.

The Xiaomi 14 measures 152.8 x 71.5 x 8.20mm / 8.28mm (vegan leather model). It weighs 193 grams (glass version) / 188 grams (vegan leather model).

Xiaomi 14 Pro specifications

The Xiaomi 14 Pro includes a 6.73-inch 2K (3200 x 1440) AMOLED display. That is also a 120Hz LTPO panel, and its refresh rate goes down to 1Hz. Its brightness can reach 3,000 nits at its peak, and this panel is curved.

The Snapdragon 8 Gen 3 fuels the device, while variants with 12GB and 16GB of LPDDR5X RAM are on offer. Depending on the model, you can get 256GB, 512GB, or 1TB of UFS 4.0 flash storage.

Xiaomi 14 Pro all colors image 2

A 4,880mAh battery is included in the package. The phone supports 120W wired, 50W wireless, and 10W reverse wireless charging. Xiaomi also includes a 120W charger in the box.

A 50-megapixel main camera (f/1.42-f/4.0 variable aperture, OIS, 2.4um pixel size) is backed by a 50-megapixel ultrawide unit (f/2.2 aperture, 115-degree FoV). The third camera on the back is a 50-megapixel telephoto unit (f/2.0 aperture, 75mm lens, OIS). All three cameras include Leica lenses, and the main one comes with a Leica Summilux lens.

This device is also IP68 certified, and comes with HyperOS on top of Android. It has two nano SIM card slots, stereo speakers, and it officially launched in Midnight Black, White, Rock Green, and Titanium Special Edition models.

The Xiaomi 14 Pro measures 161.4 x 75.3 x 8.49mm, and weighs 223 grams (glass version) / 230 grams (Titanium Special Edition model).

Pricing & availability

These phones are already available to pre-order in China, the global event will come later this year, or in Q1 next year. The Xiaomi 14 starts at CNY3,999 ($546), and goes up to CNY 4,999 ($683). The Xiaomi 14 Pro starts at CNY ($), and goes up to CNY ($).


[ad_2]
Source link

Microsoft CEO explains how central Co-Pilot will be to the Windows experience

0
[ad_1]

Of the major trillion-dollar companies governing our lives nowadays (Amazon, Google, Microsoft, Meta, and Apple), only Google had a strong focus on AI over the years. However, with the generative AI craze going on, that’s changed. Microsoft has made a hard pivot toward AI since ChatGPT broke the internet. The company’s CEO, Satya Nadella, said that Co-Pilot (Microsoft’s AI model) is like a start button.

That comment might seem pretty tame if you take it at face value. However, think about the prominent computer operating systems and what idiosyncrasies characterize each one. The start button has been one of the defining attributes of the Windows operating system for nearly 30 years. It even made a comeback after Microsoft axed it with Windows 8.

Co-Pilot is like a start button, says Microsoft CEO

Nadella spoke with Qualcomm’s CEO Cristiano Amon about Windows and Co-Pilot. Nadella explained what AI means for Windows in the future and how Co-Pilot will positively impact the experience, according to PCWorld. During the conversation, he mentioned how central Co-Pilot will be to the Windows experience.

“The Copilot is like the Start button,” he said, “…I just go there and express my intent and it either navigates me to an application or it brings the application to the Copilot…” He’s talking about the Co-Pilot test that’s available now on Windows 11, which is still pretty out of the way.

However, we’re starting to turn our attention to Windows 12. With all of the effort that Microsoft is putting into AI, we know that Windows 12 will be inundated with it. This could mean that Co-Pilot will take the place of the start button. Instead of having the start button being the center of your experience, it could be an ever-learning and ever-evolving AI assistant.

We don’t know what the company has planned, but we do know that changes are definitely on the way for the operating system for better… or worse. Would people like an operating system built with AI in mind? Only time will tell.

What we know now is that AI is on Microsoft’s mind, and that’s not going to change any time soon.


[ad_2]
Source link

PoC Released Citrix NetScaler Zero-Day Vulnerability

0
[ad_1]

Two vulnerabilities were disclosed by Citrix, which were CVE-2023-4966 and CVE-2023-4967, with critical and high severities, respectively. Of these two, CVE-2023-4966 has been released with a publicly available PoC. This vulnerability is associated with a sensitive information disclosure score of 9.4 (Critical).

This vulnerability existed in the Citrix Netscaler ADC and Netscaler Gateway versions before their latest release. However, Citrix has fixed this vulnerability, and patches have been issued.

CVE-2023-4966 – Proof of Concept

For diving deep, the vulnerable devices were looked upon inside the /netscaler/nsppe, the Netscaler packet processing engine containing the complete TCP/IP network stack and multiple HTTP services.

Additionally, the Ghidra tool was used to decompile the nsppe, and BinExport to create a BinDiff file. Comparing the compiled BinDiff file of two vulnerable devices, there were more than 50 different functions.

Two functions, ns_aaa_oauth_send_openid_config and ns_aaa_oauthrp_send_openid_config, were found to perform the same function to implement the OpenID Connect Discovery endpoint. Both of these functions are accessible without authentication.

Exploitation

The vulnerability existed on the return value of snprintf, which determines the number of bytes to send for the ns_vpn_send_response. As part of exploitation, snprintf is supplied with an exceeded buffer size of 0x20000 bytes.

Furthermore, a complete Proof of Concept report has been published by AssetNote, providing detailed information on the exploitation methods, detailed steps, and others.

Affected Products

CVE IDAffected ProductsFixed in Version
CVE-2023-4966NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
NetScaler ADC 13.1-FIPS before 13.1-37.164NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS before 12.1-55.300NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP before 12.1-55.300NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.


[ad_2]
Source link

Face search engine PimEyes stops searches of children’s faces

0
[ad_1]

PimEyes says it has taken technical measures to block searches for children’s faces as part of a “no harm” policy.

In what may come as a surprise, subscription-based face search engine PimEyes seems to have realized that their service can be used for nefarious purposes.

PimEyes’ CEO Giorgi Gobronidze told the New York Times that it has taken technical measures to block such searches as part of a “no harm policy.”

PimEyes is a search service that uses facial recognition technology to find online photos of people. The company says it has a database of nearly three billion faces, and it enables about 118,000 searches per day.

We have previously reported about PimEyes being accused of “surveillance and stalking on a scale previously unimaginable” after privacy campaign group Big Brother Watch filed a complaint in 2022 with the UK’s Information Commissioner’s Office (ICO), claiming that PimEyes facilitates stalking.

Facial recognition technology already represents an invasion of privacy. While the service says you can look for your own face, there is nothing to stop you from searching based on someone else’s photo.

The measures to limit searches for minors was a work in progress, but seems to have been accelerated due to an earlier article in the New York Times on AI-based threats to children.

Facial recognition has been a controversial topic right from the start. Because of the privacy implications, some tech giants have backed away from the technology, and halted their development. A major concern is that some organizations have built large databases just from harvesting pictures from social media. You might be amazed about what a simple reverse image search could bring up, let alone one backed by Arificial Intelligence (AI).

As with most tools, the user decides whether it’s used for good or bad reasons. Parents have used the search engine to find pictures of their children that they were unaware off, for example. But it’s clear that individuals with a twisted moral compass might use the service for undesirable purposes. For that reason PimEyes already banned over 200 accounts for inappropriate searches of children’s faces.

PimEyes will still allow searches of minors’ faces by human rights organizations that work on children’s rights issues. It also admitted having some accuracy issues with the AI that is used to determine whether the requested photo belongs to a minor, especially teenagers. Testing by the New York Times showed that the accuracy also depends on the angle the picture was taken from.

Meanwhile PimEyes, and other similar search engines, keep collecting photos of people’s faces without their awareness or consent and making them searchable. And since a PimEyes subscription allows you to follow links to any website on which a matching picture was found, anyone could  piece together all the information associated with these images, for example the text of a blog post, or a photo on a workplace website. Allowing a stalker to work out a person’s place of work, or indications of the area in which the person lives.

Don’t get us wrong, we’re glad PimEyes is taking these steps to protect our young ones—better late than never.

Opt out

PimEyes does allow people to opt out of their image appearing in results. To do so, go to the PimEyes website and fill in the Opt-Out Request Form. If not for yourself, do it for your children. Not only to keep the predators at bay, but also to protect them against identity theft.


We don’t just report on threats – we help safeguard your entire digital identity.

Cybersecurity risks should never spread beyond a headline. Protect your and your family’s personal information by using Malwarebytes Identity Theft Protection.


[ad_2]
Source link

OnePlus Open is now available for purchase with some incredible offers

0
[ad_1]

Last week, OnePlus announced its first foldable, and now that foldable is available for sale. The OnePlus Open is a fantastic smartphone, never mind the fact that it is actually a foldable (in fact, we said this in our OnePlus Open Review).

The OnePlus Open has an MSRP of $1,699, which is $100 cheaper than other foldables available in the US. But you likely won’t be paying that much. As OnePlus has a slew of great offers that you can choose from, for your new Open.

Over at OnePlus’ website, you can buy the OnePlus Open in Voyager Black or Emerald Green and get $200 off any trade-in in any condition. If it is a newer phone, you can get up to $1,000 off of your new OnePlus Open. OnePlus is also offering 12-month financing with 0% APR, and a 15% student and employee discount.

Amazon is also selling the OnePlus Open in both colors, and will offer up a $200 gift card when you purchase your device. Effectively making the phone just $1,499. Best Buy has an even sweeter deal though. You can buy through Best Buy and get $300 off when you activate it today, along with up to $800 trade-in. Which means you could get the phone for as low as $599 (plus taxes). That’s a pretty incredible deal here.

OnePlus Open is a foldable that you need to experience

The OnePlus Open is a pretty remarkable foldable, and really seems like a return to form for OnePlus. It does so many things right. It sports better specs than most other foldables, including the Snapdragon 8 Gen 2, 16GB of RAM and 512GB of storage. It also has a 6.3-inch cover display and a 7.8-inch main display, both of which are able to get up to 2,800 nits of peak brightness. Meaning, you won’t have any trouble using it outside.

Even the software is a home run for OnePlus, again as we mentioned in our review. OnePlus thought outside of the box, quite literally, with Open Canvas. Allowing you to use more screen real estate than you actually have.

OnePlus Open – Amazon

OnePlus Open – Best Buy


[ad_2]
Source link

iPhone 15 Pro has the worst user reviews out of all ‘Pro’ iPhones

0
[ad_1]

The launch of the iPhone 15 series hasn’t been smooth sailing, considering the phones have experienced numerous software and hardware issues. However, despite Apple addressing most of these problems with software updates, user reviews of the iPhone 15 Pro suggest that buyers are still not happy.

According to a report from PerfectRec (via PhoneArena), the iPhone 15 Pro has over 690,000 user reviews and is the worst-rated when compared to its premium predecessors, with only 73% of reviews giving it a 5-star rating. To put things into perspective, users awarded the iPhone 14 Pro a 5-star rating in 76% of its reviews, while an impressive 84% of reviews for the iPhone 13 Pro gave it five stars.

While the Pro series this year has failed to impress many, the non-Pro phones have performed exceptionally well, with 78% of the reviews giving them 5-star ratings. This may be attributed to the fact that Apple has introduced a slew of new features, including the Dynamic Island, a beefed-up 48MP image sensor for the rear main camera, and the transition to USB-C.

Why does the Pro series have bad reviews?

Despite the negative reviews, the iPhone 15 Pro series represents one of the most significant upgrades in recent times since Apple has finally made compelling changes, including the introduction of USB-C, which allows for high-speed data transfer with USB 3 (regular iPhone 15s use USB 2 technology). Additionally, the phone also features a 3nm A17 Pro SoC, capable of playing console-level games, and much-improved cameras.

However, if Apple has made such substantial improvements, why does the phone still receive negative reviews? The answer lies in the software issues that plagued the iPhone 15 Pro series shortly after its launch, including the infamous heating problem. Although Apple has largely addressed these software bugs through updates, users continue to face problems, particularly with everyday tasks such as Wi-Fi. Many have reported that their phones cannot download anything on Wi-Fi, even when other devices on the network work fine.


[ad_2]
Source link

Google Maps update brings Immersive View for routes to select cities

0
[ad_1]

Google continues to upgrade key features of its app with the help of the AI. Previously announced at Google I/O this year, the AI-powered feature called “Immersive View for routes” is now available in select cities on both Android and iOS devices.

With Immersive View for routes, Google Maps users will be able to see every segment of a route before they start driving, walking or cycling. Google’s new feature uses AI “to fuse billions of Street View and aerial images together to create a rich, digital model of the world.”

Instead of seeing a flat route on your screen, you’re now immersed in a multidimensional experience that not only allows you visualize every segment of a route, but also bike lanes, sidewalks, intersections, as well as parking.

Starting today, Immersive View routes is available in the following cities around the world: Amsterdam, Berlin, Dublin, Florence, Las Vegas, London, Los Angeles, New York, Miami, Paris, Seattle, San Francisco, San Jose, Tokyo, and Venice.

In addition to bringing Immersive View for routes to select cities, Google announced deeper Lens integration for more accurate navigation. Maps users can now tap the Lens icon in the search bar and lift their phone to find information about nearby ATMs, transit station, restaurants, coffee shops and stores.

Starting this week, deeper Lens integration is coming to more than 50 new cities including Austin, Las Vegas, Rome, Sao Paolo and Taipei.

Last but not least, EV drivers on Android and iOS will now see more helpful charging station information starting this week. That includes whether a charger is compatible with their vehicle and whether available chargers are fast, medium, or slow. This feature will start rolling out globally on Android and iOS this week wherever EV charging station info is available.


[ad_2]
Source link

DUCKTAIL Malware employs LinkedIn messages Execute Attacks

0
[ad_1]

LinkedIn messages were used as a way to launch identity theft attacks in a malicious campaign that Cluster25 detected. 

They send messages from hacked accounts with PDF files that look like job offers. But these files have links to dangerous websites that can steal your data.

Cluster25 is a cybersecurity firm that specializes in threat intelligence and incident response. They discovered this campaign by analyzing the malicious domains and URLs used by the attackers. 

The hackers are using a type of malware called DuckTail, which can also take over your Facebook Business account. 

They are mainly targeting people who work in sales and finance in Italy.

How the Scam Works

The hackers send you a message from a hacked LinkedIn account with a PDF file with a job offer. For example, they might offer you a Senior Manager position at Electronic Arts (EA).

The PDF file has two links. One link takes you to a fake website that looks like EA’s website. It asks you to upload your resume and cover letter. 

The other link downloads a ZIP file from Microsoft OneDrive. The ZIP file has some video files and two files that look like Word documents but are malware.

malware files
malware files

The malware files are very hard to detect by antivirus software because they use a special technique called single-file application. They hide the malicious code inside other files of the application.

If you run the malware files, they will infect your computer and try to steal your information, such as cookies, session data, and browser credentials. 

They will also try accessing your Facebook Business account using the linked email.

Some hackers have made a fake DLL file that can spy on your web browser and send your data to them through Telegram. 

They trick you into running this file by sending you a PDF with a LinkedIn job offer.

The DLL file is made with Microsoft .NET and was created on September 18, 2023. It checks if there is another copy of itself running on your computer. 

If not, it makes a file with information about your computer, like your GUID and IP address. It also opens a PDF file with a job description to make you think everything is normal.

The DLL file then contacts the hackers through Telegram, using a BOT ID 6263348871. It sends them a message with your ChatID and some text. 

Then, it sends them ZIP files with your data using the /sendDocument API. The hackers have a configuration file with encryption keys, the Telegram Bot’s Token, the ChatID, and some email addresses.

The DLL file can steal cookies, session information, and saved credentials from web browsers like Microsoft Edge, Google Chrome, Brave Browser, and Mozilla Firefox. 

The hackers can use this data to pretend to be you online and access your accounts.

The DLL file also keeps running in the background, sending more data to hackers. 

It can also try to take over your Facebook Business account by sending links to email addresses from the configuration file. 

If you click on these links, the hackers might get access to your Facebook Business account.

This very dangerous and clever attack targets professionals who use LinkedIn. 

You should be careful about opening files or links from unknown sources and always use antivirus software to protect your computer.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.


[ad_2]
Source link

Cyberattack hits 5 hospitals

0
[ad_1]

A cyberattack on shared service provider TransForm has impacted operations in five Canadian hospitals.

Canadian health service provider TransForm has published an update about the cyberattack at its member hospitals.

TransForm is a not-for-profit, shared service organization founded by the five hospitals in Erie St. Clair to manage their hospital IT, supply chain, and accounts payable needs.

The five affected hospitals, Bluewater Health, Chatham Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, have had to reschedule appointments with their patients due to the attack.

On October 23, 2023, Transform released news that its member hospitals and Windsor-Essex Hospice were experiencing a systems outage, including email. In an update later that day it said that the incident is impacting the hospitals’ provision of care in various ways.

“For those patients who have care scheduled in the next few days, the hospitals will contact you directly, if possible, to reschedule or provide alternate arrangements.”

Even though TransForm does not provide any more details about the nature of the attack, it’s highly likely that this is a supply chain attack since all member hospitals are experiencing problems.

In a media release, the affected hospitals asked patients to reduce the impact by only visiting the hospitals if they need emergency care.

Because there is no clarity about the nature of the attack, it’s hard to say what other consequences it may have on the hospitals and their patients.

“We are investigating the cause and scope of incident, including whether any patient information was affected. Our investigation is ongoing and we will provide further updates, as appropriate.“

All parties have declined to comment until more information becomes available.

The risks of compromised supply chains keeps growing, and as long as organizations continue to rely on them without fully understanding the implications the risks are here to stay. It is essential for businesses and their suppliers to work together to harden their defenses, to minimize the risk of having their supply chain compromised.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link