Apple’s iPhone starts gaining market share in the US, again

0
[ad_1]

The iPhone has always been pretty strong in the US, compared to other parts of the world. But surprisingly, last year, its market share dropped pretty significantly, compared to 2021. Which in itself was a drop from 2020.

But, the iPhone is back on the upwards trend. Coming in with 39% market share for 2023, according to CIRP. That’s a 2% increase from last year, but still down from its high in 2020 which was 46%.

Now we do have to say that this data needs to be taken with a grain of salt. As this data was sourced from CIRP’s quarterly survey of US mobile phone customers with the last quarter ending in September. Which means that most people were not surveyed here. Nor did CIRP get the data from carriers. So this is really just a small sample size of the US being represented here.

Nearly 40% market share in the third-largest smartphone market

Apple having a nearly 40% market share in the US, which is the world’s third-largest smartphone market, is still quite impressive. Even if this is just from a survey. And it might even grow after this data was collected, as more and more people get their new iPhone 15 models.

As expected, there’s not a lot of change between iOS and Android these days, as both platforms have made it pretty tough to make the switch between each other. The changes usually come from within Android – Samsung to Google or OnePlus to Samsung, etc. Which is why these numbers have not changed all that much. Especially since we are down to just two operating system choices at this point. Android and iOS is a duopoly in he US and probably will remain one.

You can check out CIRP’s full report here. There’s some pretty interesting data in that report, especially showing the fact that Apple had such a huge market share heading into the pandemic.

e085965f af30 4d87 a91e 0800ff187d29 1131x833


[ad_2]
Source link

Your browsing on Google Chrome will soon become easier once these new features roll out

0
[ad_1]

The Chrome address bar is more than just a way to navigate to websites. It’s also a powerful search tool that can help you find information quickly and easily. In a recent update, Google has announced that the address bar will be getting a much-needed makeover in the form of five new features that will make it even more useful.
For those that browse the web regularly from a mobile browser, be it from Android or iOS, you’ll be glad to know that a couple of these improvements will be available to you as well. For those that prefer the use of a desktop or laptop, you’ll be able to enjoy all of the below soon on Google Chrome in order to browse faster and more efficiently:
Automatic typo corrections

Chrome will now automatically correct common typos in the address bar. For example, if a user types “googl” instead of “google,” Chrome will automatically correct the typo. This will help users avoid landing on the wrong websites. This will be available on both mobile and the web.

Searches within bookmark folders

Chrome will now allow users to search within their bookmark folders directly from the address bar. This will help users find their saved websites more easily and will also be available on both mobile and the web.

Smarter autocompletion

Chrome will now suggest more relevant websites and search queries as users type into the address bar. This will help users find the information they need more quickly.

Suggestions for popular sites

When you start typing in a URL, Chrome will suggest websites that you might be interested in based on your browsing history and search history. This can be a great way to find new websites that you might not have otherwise discovered.

Faster response and easier-to-read layout

Chrome’s address bar has been redesigned to be faster and easier to read. The new layout is more streamlined and features larger text and icons.

   
All of these new features are expected to be rolled out to all Chrome users in the coming weeks, hopefully with the upcoming version of the browser.


[ad_2]
Source link

Incredible value for the price

0
[ad_1]

Nacon recently launched the next iteration of its RIG 600 series headsets, the RIG 600 Pro HS and the 600 RIG Pro HX. If you’re unfamiliar with Nacon or its RIG brand, it’s time you change that. Because it makes some pretty good gaming accessories for every platform. And this includes audio. We’ve tried RIG headsets before and have found them to be perfectly suitable for a large majority of gamers. We’ve been testing the RIG 600 Pro HS model for the past few weeks to see if it lives up to those past headsets. Or if they’ve improved on what was offered.

Before we go any further though, it’s important to note that both models of the 600 Pro are exactly the same for the most part. The HS model is geared towards PlayStation users, while the HX model is geared towards Xbox users. Though both headsets will also work with other platforms. Aside from compatibility, every other feature is the same. We tested the HS model with PS5, PC, mobile, and Nintendo Switch.

With that said, how does it stack up? Is the RIG 600 Pro HS (or the HX model) worth your $99 or should you put that money elsewhere? Let’s dig into the review and see if Nacon created a headset that’s worthy of your hard-earned money.

RIG 600 Pro HS review: Hardware and design

Two of the biggest parts of the RIG 600 Pro HS are the design and the hardware used. While many headsets might be content to have a mix of metal and plastic, or all metal and more premium materials, Nacon has made the 600 Pro HS with all plastic for the headset frame. What this does for the headset is help with its weight and its durability.

In fact I’d be willing to go out on a limb and say the 600 Pro HS is one of the most durable gaming headsets I’ve ever tested. Nacon itself advertises the RIG 600 Pro HS as a headset that can stand up to everyday abuse. Though I don’t recommend actively trying to damage it, you won’t have to worry about it snapping or breaking when you rip it off your head or stuff it in a drawer that might be a bit overcrowded.

The interesting thing is that at $99 RIG 600 Pro HS rides that line on being just inexpensive enough to be less concerned if it did break. But still enough money out of pocket that you don’t want it to break. Nacon is also using soft and plush earpads to keep your ears comfortable and insulated while you wear the headset. And the result is a headset you can wear for hours. A big change that I really liked was the change to a flip-to-mute microphone. On past RIG headsets I’ve tried they all use a detachable mic. And there’s nothing wrong with this as I like those too.

But there’s just something about a flip-to-mute mic. The other part of this is the mic now blends seamlessly into the headset’s left ear when you flip it up. And a tiny notch allows you to easily push in to flip it back down. Mic audio quality is another thing entirely but we’ll get into that later.

A lightweight build for longer-lasting comfort

I mentioned earlier that the use of plastic for the entirety of the headset frame was a huge factor on weight. And it is. At just 240 grams, the RIG 600 Pro HS is a really lightweight headset. I could feel the moment I put it on that I was going to have no issues with it weighing me down and feeling heavy after wearing it for a few hours. Which isn’t the case with some of the headsets I tend to use more often. And this was a nice change of pace.

With less weight in the headset it puts less stress on my neck and the top of my head, as well as on my ears. You might not think it makes a big difference but I can assure you. Long hours of use with a heavy headset most days throughout the week will begin to take its toll. And that is never going to be an issue with the RIG 600 Pro HS. There’s something to be said for that. I feel like brands make a concerted effort to focus on this aspect of the headset design. Yet a majority of consumers who buy gaming headsets wouldn’t think twice about how much it weighs. They should though.

Even if a headset that’s more lightweight wouldn’t be a major factor in the decision, it should be considered. And Nacon deserves applause for making a lightweight headset that’s as durable as the RIG 600 Pro HS is.

RIG 600 Pro HS review: Battery life

Right off the bat, I’m just going to put it out there that battery life is nothing to write home about here. But I want to clarify that this doesn’t mean it’s bad. Not by a longshot. The battery life is however, “just fine.” And what I mean by that is it’s decent enough for most users whether you consider yourself a hardcore or casual gamer.

You’ll get up to 18 hours of battery life when using the 2.4GHz low-latency USB-C adapter. Or up to 24 hours of battery life when using Bluetooth. If you’re using a combination of the two and swapping back and forth between sources, expect that battery life to drop. I didn’t see a huge variance but I did notice that when I had the headset connected to both connections and flipped back and forth, the battery didn’t seem to last as long as usual.

On average I found Nacon’s claims of 18 hours and 24 hours to be pretty accurate and was getting pretty close to right on the money for either connection type. Give or take 10 or 20 minutes. Overall the battery life is on par with other headsets in this price bracket and beyond. In fact there are more expensive headsets with worse battery life because they have more features to drain it. So if you don’t need something super fancy and just want something that’s good quality that works, the RIG 600 Pro HS definitely serves that purpose. And you won’t have to worry about it dying on you in half a day before needing to plug it in.

Having said that, I certainly wouldn’t hate if Nacon extended the battery life on the next version of this headset in the future. As more battery life is never a bad thing. Especially if you’re like me and you loathe having to plug in your devices often.

RIG 600 Pro HS review: Sound quality

For $99, you might expect the sound quality on the RIG 600 Pro HS to be mediocre or worse. But long gone are the days where you need to spend a larger sum of money to get a good sounding gaming headset. The RIG 600 Pro HS helps continue to prove that with its decent audio quality for gaming regardless of the platform. However I have no illusions here. This is definitely not the best sounding gaming headset I have. Nor would I expect it to be for $99. But there shouldn’t be a misconception that you won’t get good sound with something like this on your head.

On the contrary, I very rarely had issues with audio in any games I was playing. If there were any complaints to make at all about the audio quality it’s that I just couldn’t get as crisp of an output for certain types of sounds. Such as footsteps and gunfire in Call of Duty: Modern Warfare II. I’m not saying these were nonexistent, just that they were more clear on other headsets I use often for gaming. And depending on how much this matters to you, it’s a factor worth mentioning so you can consider it in your own decision to buy this headset or not.

Outside of directional audio which needs to be as precise as possible, the RIG 600 Pro HS was enjoyable to use for audio in basically any other game I booted up. Which mostly consisted of Destiny 2, Final Fantasy XIV, Tears of the Kingdom, and the occasional romp in Final Fantasy VII: Ever Crisis on my phone. The short of it, the sound quality is decent and I don’t expect many consumers to complain about it.

Customize the sound experience with the app

RIG 600 Pro HS Review (1)

Like most gaming headsets these days the RIG 600 Pro comes with optional software that you can use to enhance the sound experience. To access this, you’ll need to download the RIG 600 Pro app on your phone or tablet. Once that’s installed, open the app and connect your headset to it.

This was an easy enough process and took only a couple minutes to get it set up. Although I generally prefer PC software for this kind of thing, the mobile app route has its advantages. For one, this makes it easy to change the sound profiles and make adjustments at any time. Even if you’re using the headset with your PS5. If this were a PC app, then you’d have to have the headset connected to the PC to do any tuning at all.

But this way you can connect the headset to any of the supported platforms and make adjustments as needed.

The app offers plenty of features

As for what you can tweak, there’s quite a few options. There’s an EQ with preconfigured profiles for things like first-person shooters, bass-heavy sound, clarity, and one that boosts the audio for voice-heavy game dialogue. Of course you can create your own custom EQ profiles as well. There’s also an ‘Expert Mode’ toggle that lets you tune the microphone gain and turn on mic monitoring.

If you’re not sure what mic monitoring is, it’s so you can hear yourself while you speak. You can leave this on all the time if you want, but it’s intended more for optimizing the sound of the mic. So for example, you turn on mic monitoring, then make adjustments to where you think your voice sounds the best. Then you turn it back off. This way people you’re in chat with hear the optimized voice sound you just set up.

Additionally, the app is where you can swap between the different start modes for when you power the headset up. It’s default to Dual mode which automatically enables Bluetooth and connects it to any paired source in addition to the 2.4GHz adapter. You can also set it to be only Game or only Bluetooth. Should you want it connected to only one source at startup. You might also be happy to know that the app lets you change the voice prompt language and supports English, Spanish, German, French, Italian, and Dutch. Plus you can change the auto power-off time, with as little as 15 minutes and all the way up to 2 hours. You can also disable this so it never turns off automatically.

The microphone is just ok

RIG 600 Pro HS Review (7)

I really wanted to love this microphone. I really did. Unfortunately, the mic is just ok and if exceptional mic audio is what you’re after, this headset doesn’t provide it. During my initial testing I was told by more than a few people I was in Discord with that I sounded really quiet and my voice wasn’t really clear. After a software update through the app the mic did get better. I was more easily heard and I took a more focused approach to the mic monitoring to really make sure my voice would sound as good as this mic would allow.

The results were good but in the end it still wasn’t as good as other headsets. Some even in the same price range. I suspect this might be partially due to the size of the boom mic. I talked about it earlier and how it flips up to mute. And when in this state it stores in the left ear cup and seamlessly fits in with it so it’s out of sight. I love this design choice. However, the mic is a tad short and therefore is a little further away from your mouth when you talk. And although I have no way to know for sure if this is the reason, I think this might cause it to have the lower quality sound.

All of this being said, I want to clarify that the mic is not bad. It’s perfectly fine and people will still be able to hear you ok. It won’t be the most clear or the best sounding voice when you’re in chat. But it will work and at the end of the day that’s more important. The ironic thing is that I think the old mic design on other RIG headsets was louder and more clear. But this new design is certainly more stylish and honestly, more convenient. That’s the tradeoff you have to be ok with.

Should you buy the RIG 600 Pro HS or RIG 600 Pro HX?

There’s a lot of good reasons to buy this headset and some reasons not to. Ultimately the choice is yours and this review isn’t a definitive yes or no on whether you should or shouldn’t buy it. But it does serve as a nice explainer on why you might want to consider it and what’s good and not good about it. So you can make an informed decision on whether or not it’s worth your hard-earned money.

I’m happy to say that Nacon has done a good job here with the 600 Pro HS and 600 Pro HX. While I wouldn’t venture to say it’s the company’s best headset (we’ll be reviewing the RIG 900 Max HX next and I think that will surpass this one), it’s a decent headset and especially so because of the price. So, it is a good value and might just be right up your alley.

You should buy the RIG 600 Pro HS or RIG 600 Pro HX if:

  • You want a low-priced headset with decent sound quality
  • You need a durable headset that you won’t have to worry about breaking
  • Dual sound mode is an important feature
  • You like multi-platform compatibility

You shouldn’t buy the RIG 600 Pro HS or the RIG 600 Pro HX if:

  • You want really good mic quality
  • You want something that feels more luxury or premium
  • Exceptionally long battery life is important to you

[ad_2]
Source link

3 crucial security steps people should do, but don’t

0
[ad_1]

Cybersecurity could be as easy as 1-2-3. The problem, though, is that people have to want it.

Cybersecurity could be as easy as 1-2-3.

The problem, though, is that people have to want it.

In new research conducted by Malwarebytes, internet users across the United States and Canada admitted to dismal cybersecurity practices, failing to adopt some of the most basic defenses for staying safe online. And while some of the fault lies with the public, some also lies with the cybersecurity industry, which, according to the same research, has released products that people do not understand, do not trust, and, most concerningly, do not use for their intended benefits.

For our latest report, “Everyone’s afraid of the internet and no one’s sure what to do about it,” we surveyed 1,000 people, aged 13 to 77, about their cybersecurity and online privacy beliefs and behaviors. When asked specifically about the tools and methods that people use to protect themselves online, we found, disappointingly, that:

  • Just 35 percent of people use antivirus software.
  • Just 24 percent of people use multi-factor authentication.
  • Just 15 percent of people use a password manager.
  • Just 35 percent of people have unique passwords for most or all of their accounts.

There’s no denying the ugly truth here: These numbers are too low.

Optimistic interpretations do exist—perhaps some members of the public unknowingly have antivirus protections on their devices or they perhaps use device-provided password managers without knowing the name of the technology behind it—but other statistics point to a lack of trust and a high rate of apathy towards cybersecurity defenses overall.

For everyone interested in meaningful, simple cybersecurity, here are three things you can do right now.

1. Create and store unique passwords for each account with the help of a password manager

Strong passwords are a two-part problem: They must be unique for every online account, and they must be remembered.

Creating strong, unique passwords is simple enough, as any person can throw a cat at a keyboard and likely fulfill the password requirements for most online accounts. Uppercase and lowercase letters? Special characters? Numbers? No addresses, pet names, or usernames? These specifications are no match for “vn;aeo&d8ey38dD” (No cats were harmed in the creation of this password).

But remembering that password—and remembering every password like it—is physically impossible, as the number of online accounts and associated passwords that the average person can recall from memory is just a handful. 

In fact, there is plenty of research that shows that people have trouble remembering unique passwords for just 13 separate accounts, and that the people have far more trouble remembering 4 – 6 passwords compared to 1 – 3.

But the modern internet doesn’t care about mental limitations. Instead, it demands an increasing number of accounts and passwords to manage for each person. According to research from the password manager LastPass, the average small business user has 85 passwords, and according to older research in 2015 from another password manager, Dashlane, an average user then had at least 90 accounts.

The results of this constant tension are reflected in Malwarebytes’ latest report:

  • 24 percent use the same password, if possible, across all or most accounts
  • 41 percent have a few passwords they use across accounts

The most obvious solution to this first part of the password problem, then, is a password manager. Password managers can create and store strong, unique passwords for all your accounts, and they can interact directly with web browsers so that you don’t need to individually open the password manager app every time you log into a service.

Unfortunately, Malwarebytes’ research shows that password manager use is exceedingly low:

  • 15 percent of all respondents use a password manager
  • 9 percent of Gen Z respondents use a password manager
  • 18 percent of non-Gen Z respondents use a password manager

Get a password manager and start using it specifically to create and store unique passwords across all your accounts. You physically cannot practice strong password security without one (unless you go the paper-and-pencil route, which is an entirely different conversation).

But once you have a password manager, don’t stop there…

2. Use multi-factor authentication (MFA)

There are two statistics that matter for multi-factor authentication (MFA).

The first statistic was released in 2019, when Microsoft’s Group Program Manager for Identity Security and Protection Alex Weinert said: “Based on our studies, your account is more than 99.9 percent less likely to be compromised if you use MFA.”

The second statistic was released this month, when Malwarebytes found that only 24 percent of people use MFA. That number drops to 16 percent for Gen Z.

MFA tackles the problem of password abuse in a very different way than password managers and password creation.

MFA does not care if your password sucks. MFA will not make you use any special characters or numbers or uppercase or lowercase letters. MFA doesn’t require you to “remember” anything.

Instead, MFA stands between your account and the abuse of your password by requiring you to enter another form of authentication—other than a password—to log in. That means that even if a cybercriminal has your login information for your bank, that alone would not be enough to gain access. Instead, your bank would ask for a second form of authentication, which is typically a six-digit passcode that is sent to your device through a text message or email, or it is generated by your device with a separate app.  Once you enter that passcode, only then are you allowed entry.

MFA is available on nearly every single critical type of online account today, and it should be used for the services that hold your most sensitive information, including your email, social media, and online banking.

3. Use antivirus

Ask a cybersecurity writer (me) how it feels to learn that just 35 percent of people use antivirus and you’ll hear an answer: “Not great.”

Ask the same cybersecurity writer how it feels to learn that just 17 percent of Gen Z use antivirus and you’ll hear a different answer: “Ah, sh*t.”

The public are not entirely to blame. As Malwarebytes discovered in its latest report, it is not that the public do not care about cybersecurity and online threats—it is that they do not know entirely how to stay safe, or how cybersecurity tools protect them.

As Malwarebytes found:

  • 41 percent agreed or strongly agreed with the statement: “I don’t fully understand how different cybersecurity products can protect me.”
  • 37 percent agreed or strongly agreed with the statement: “Cybersecurity products only really help with things like viruses and malware.”
  • 25 percent agreed or strongly agreed with the statement “There’s no point in using cybersecurity products since there are too many online threats.”

The cybersecurity industry should learn from this. We are failing to speak plainly about security tools, failing to explain how malware can be detected through its delivery in malicious websites that are blocked by online tools like BrowserGuard, and failing to show how digital consequences, like account compromise, identity theft, and credit card fraud, are strictly connected to well-known threats like credential stuffing and data theft. 

Particularly upsetting is that sometimes, even the users of online security and privacy tools have the wrong impression about those tools.

As Malwarebytes found, 22 percent of people use a VPN specifically to “help stop viruses/malware from getting on my device”—a function that VPNs do not provide. (In rare circumstances, some malware avoids detonation based solely on IP addresses, but that is an exception for the average user.)

Antivirus works. We know you may consider Malwarebytes a biased speaker, but the fact still stands. Every year, Malwarebytes detects and removes millions of viruses, Trojans, adware infections, monitoring tools, and more from user devices around the world. Importantly, behind nearly every detection is an attempt to harm you, the user. 

Don’t fall for the easy path of apathy. Take three simple steps to stay safe.

Read the report


[ad_2]
Source link

X (Twitter) Lost Over 600 Million visitors in September

0
[ad_1]

Wondering how many people are ditching X (Twitter) in favor of another service? Well, some new data has just surfaced showing just how many people have left the site.

According to data from SimilarWeb, which is a company that tracks visits for most websites, X (Twitter) lost about 600 million visitors in September alone. It dropped from 6.4 billion in August to 5.8 billion in September. This is about a 10% decrease.

As if that wasn’t enough, of the 176 countries that accessed Twitter in September, about 83% of them saw a decline in traffic, month-to-month to X. On top of that, Google Trends data shows that searches for Twitter have dropped pretty consistently since Elon Musk’s takeover about a year ago. From around 14 million monthly searches to about 11 million a year later.

Is X (Twitter) in trouble?

As much as Musk likes to claim that traffic is better than ever on X (Twitter), it’s clear that they are losing users and visitors pretty quickly. While some advertisers have come back to the platform, many have not. Which is definitely affecting the revenue that X (Twitter) is getting here. This might have something to do with why Musk wants everyone to pay for X (Twitter). Just this week, the company announced they were starting a pilot program in New Zealand and the Philippines where new users would need to do pay $1 per year to use basic functions like posting.

Of course, many believe that the real reason for that is, Musk wants credit card numbers. Not so much so he can steal identities, but so he can build the “everything app” that he wants X to be. Which includes a payment app. But at just $1 for the whole year, most of that cost is going to go to credit card processors like Stripe – which is what X(Twitter) uses in the US for payments.

unnamed (1)


[ad_2]
Source link

Amazon expands its Prime Air drone delivery program to the UK and Italy

0
[ad_1]

Drones delivering our parcels have been part of our fictional stories for the better part of a decade. Now, despite facing challenges in the United States, Amazon has announced the expansion of its Prime Air drone delivery program to Italy and the United Kingdom, starting in late 2024.

According to a report, Amazon has collaborated with the UK’s Civil Aviation Authority and Italy’s National Civil Aviation Authority to ensure the safe and efficient expansion of its drone delivery service. However, it is important to note that these autonomous aerial vehicles can carry packages weighing up to five pounds.

When talking about the expansion, Baroness Vere, the UK’s Aviation Minister, emphasized the potential economic and environmental benefits of this initiative, stating, “It will also build our understanding of how to best use the new technology safely and securely.”

However, to make these deliveries possible, the company is introducing a new MK30 drone design, which is capable of covering twice the distance of its predecessors, thus reaching customers in faraway locations. Additionally, the new MK30 drone is not only quieter but can also operate in various weather conditions, including light rain and different temperatures. Moreover, the drone comes equipped with “sense and avoid” technology, preventing collisions with pets, people, and property.

Amazon’s journey with drone deliveries

Originally started in 2016, Amazon’s journey with drone deliveries has been rocky, to say the least. This is because the company faced a slew of problems after the launch, including operational limitations due to stringent Federal Aviation Administration (FAA) restrictions in the United States, that require the company to accumulate hundreds of hours of incident-free flights to receive extended approval. As a result, the service currently only operates in two locations, namely College Station, Texas, and Lockeford, California, from 8 AM to 3:30 PM daily.

“We’ve also taken great care to ensure that our drones’ design philosophy and demonstrated levels of safety are setting a higher bar for safety across the commercial drone delivery industry, working closely with regulators to design to the highest standard set within those regulations,” reads Amazon’s blog post.


[ad_2]
Source link

You can now have custom action buttons on Wear OS with a new Google Assistant tile

0
[ad_1]
You can now have custom action buttons on your smartwatch with a new Google Assistant tile that is rolling out to Wear OS. The tile can be set up as a shortcut to do pretty much any action the Google Assistant on Wear OS can do, opening up tons of possibilities.
As spotted by 9to5Google, the new Google Assistant tile is available on both Wear OS 3 and Wear OS 4 and facilitates the use of the Assistant on smartwatches, such as the Pixel or Galaxy Watch. Previously, you had to either use a dedicated hardware button or add a complication in order to engage with the assistant on Wear OS watches. Now, once set up, you can just swipe left or right to access the dedicated tile.
Perhaps the best part about this new tile is the customization options it brings. On the Pixel Watch, upon adding the complication using the Watch app, you get a new tile that includes two buttons ready for your customizable Assistant actions.

How does it work?

When you first open the tile, you are prompted to set up actions by either creating your own or choosing from a list of suggestions. If you choose to create your own, you can then speak your request just as if you were asking the assistant, and a new action button gets created with it. You can have up to two of these customizable buttons.

Setting up the Assistant tile and Assistant actions on Wear OS

From that point on, in order to trigger these actions without having to speak to the watch, you can simply press these buttons and let the assistant work its magic. I find this particularly helpful for smart home actions like turning lights off or for setting quick reminders. This is also helpful if you want to keep the conversation between you and the Assistant quiet, but just remember that if you don’t want the assistant to audibly speak back to you, you must turn off the “Speech output” toggle on your watch’s Assistant settings menu.


[ad_2]
Source link

APTs Exploiting WinRAR 0day Flaw Despite Patch Availability

0
[ad_1]

According to Google’s Threat Analysis Group (TAG), the group exploiting the vulnerability comprises Sandworm, Fancy Bear, and APT40, all associated with the Russian government and military.

KEY FINDINGS

Google’s TAG researchers have found that government-sponsored hackers are actively exploiting an already discovered WinRAR vulnerability.

This vulnerability lets hackers execute arbitrary code on the targeted device.

Attackers can steal sensitive data, hijack the victim’s computer, and install malware.

State-sponsored actors from a number of countries are exploiting this vulnerability in their malicious operations.

Google has urged users to immediately apply the latest WinRAR patch to prevent their devices from being invaded by state-backed actors.

Organizations must protect their networks by implementing a robust vulnerability management program and deploying endpoint security solutions.

On August 25, 2023, Hackread.com reported a 0-day vulnerability in WinRAR, which was actively exploited worldwide, targeting 130 traders to successfully steal funds. It has now come to light that the vulnerability continues to be exploited, despite the availability of a security patch.

Google’s Threat Analysis Group (TAG) has discovered that state-backed threat actors are continuously exploiting a known vulnerability in the popular file archiver tool for Windows, WinRAR. The vulnerability is tracked as CVE-2023-38831, and it was exploited for the first time in early 2023 by cybercrime groups before it was identified by defenders. Now state-backed actors are exploiting it. Until August, this bug was exploited as zero-day. It was first reported by Group-IB researchers.

TAG’s Kate Morgan wrote in the report published on 18 October that despite that a patch was released soon after it was discovered, many devices remain unpatched and are vulnerable to exploitation. This is probably because the WinRAR tool doesn’t have an auto-update feature. It was fixed in WinRAR versions 6.24 and 6.23. Users have to download the patch manually.

Regarding the state-sponsored actors exploiting the WinRAR bug, TAG noted that three different clusters of attackers are involved. These include Sandworm aka FROZENBARENTS, Russian APT28 aka Fancy Bear or FROZENLAKE, and APT40 aka ISLANDDREAMS

For your information, Sandworm is affiliated with the Russian Armed Forces’ Main Directorate of the General Staff Unit 74455 and likes to target the energy sector. The Ukrainian drone-based email campaign Sandworm launched on September 6th exploits this bug to deliver a ZIP archive file

APT28 is also linked to the same unit but focuses on targeting Ukrainian government entities with a spearphishing campaign. APT40 is associated with the Chinese government and exploited this bug in late August to launch a phishing campaign targeting Papua New Guinea.

APTs Exploiting WinRAR 0day Falw Despite Patch Availability

This vulnerability lets attackers execute arbitrary code on their targeted device by tricking the victim into opening a specially designed PNG file with a ZIP archive, leading to the stealing of sensitive data, installation of malware, or hijacking of the infected device. Since April 2023, cybercriminals have actively used this bug to target cryptocurrency trading accounts. 

APTs Exploiting WinRAR 0day Falw Despite Patch Availability

“A logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows’ ShellExecute when attempting to open a file with an extension containing spaces.”

Google’s Threat Analysis Group (TAG)

This widespread exploitation highlights that “exploits for known vulnerabilities can be highly effective, despite a patch being available” and indicates the importance of prompt application of security patches. 

Update Your WinRAR Installer to the Latest Version

To safeguard your system and personal data from potential threats, it’s crucial to keep your WinRAR installer up-to-date with the latest version. Updating your WinRAR software ensures that you have the latest security patches and enhancements, significantly reducing the risk of falling victim to cyberattacks.

You can get WinRaR’s latest version on its official website. Don’t wait – stay protected by regularly checking for updates and applying them as soon as they become available. Your digital security depends on it.

  1. The Best Way to Install and Set-Up WinRAR 64-bit
  2. WinRAR vulnerability allowed attackers to remotely hijack systems
  3. Hackers are using 19-year-old WinRAR bug to install nasty malware

[ad_2]
Source link

Galaxy Tab S8 & Tab S7 get Samsung’s October update

0
[ad_1]

After updating its eligible flagships and mid-range phones to the October security patch, Samsung has now turned to flagship tablets. It has released the latest security update for the Galaxy Tab S8 and Galaxy Tab S7 lineups. The Galaxy Tab S9 series is still awaiting the update but the company should soon cover it too.

Samsung pushes October update to the Galaxy Tab S8 and Tab S7

As of this writing, the October SMR (Security Maintenance Release) is available for the 5G models of the Galaxy Tab S8, Galaxy Tab S8+, and Galaxy Tab S8 Ultra. The update comes with firmware version BWI1 (last four characters) and is rolling out widely in Europe, Asia, and Africa. The latest security patch should reach the Wi-Fi models in the coming days, alongside a global rollout for the 5G models.

Samsung’s changelog confirms that this update doesn’t bring anything more than the October SMR to the Galaxy Tab S8 series. This month’s security patch contains fixes for 46 vulnerabilities. The Korean firm revealed earlier this month that 12 of those are security flaws specific to Galaxy devices. The rest are Android OS issues, two of which are critical ones.

These security patches are also rolling out to the Galaxy Tab S7 and Galaxy Tab S7+. Both Wi-Fi and 4G models appear to be getting the update with the build number DWJ1. Once again, Samsung is only pushing the October SMR. There aren’t any new features or improvements to look forward to. These tablets may no longer get feature updates.

Nonetheless, if you’re using a Galaxy Tab S7 or Galaxy Tab S8, watch out for a new update. You should get a notification once the OTA (over-the-air) rollout hits your unit. You can also check for updates manually from the Settings app on your Samsung tablet. Navigate to the Software update menu and tap on Download and install.

The Galaxy Tab S7 series won’t get Android 14

Galaxy users are eagerly waiting for Samsung’s Android 14-based One UI 6.0 update. The big new update is expected to roll out later this month, starting with the Galaxy S23 series. Other models, including the Galaxy Tab S8, will follow soon after the new flagships.

However, for Galaxy Tab S7 and Galaxy Tab S7+ users, this road has already ended. These tablets came with Android 10 onboard and received updates until Android 13. Samsung recently pushed One UI 5.1.1 to them and that was the last major feature update. The duo will not get Android 14. Security updates will come until at least August 2024.


[ad_2]
Source link

YouTube will promote news from “authoritative sources” to curb misinformation

0
[ad_1]

In this day and age, where bad actors are using misinformation and hate speech to garner support for particular causes, as seen during the ongoing Israel and Hamas conflict, obtaining news from credible sources has become more critical than ever. Now, as part of these efforts, YouTube has introduced a new news-watching experience in 40 countries, with the goal of helping users access the latest information from “authoritative sources.”

According to the report, YouTube’s homepage for mobile users will feature an “immersive watch page experience,” offering additional news content while users are watching news videos. Identified by a newspaper icon, this new watch page will provide a curated selection of long videos, livestreams, podcasts, and Shorts videos that are relevant to the currently viewed content.

“We believe this updated news experience will empower viewers to access a diverse array of credible voices when exploring a news topic,” reads Google’s blog post.

Furthermore, the company is also launching a Shorts Innovation Program, which aims to bring concise and condensed news content to viewers by collaborating with over 20 organizations across 10 countries. This program not only supports news publishers in embracing short-form news but also empowers users with accurate information.

A different direction from other apps

While YouTube’s move to provide news from credible sources represents a significant step forward, it’s surprisingly the only app doing so. This is because other apps, such as Meta’s Threads, have consistently refrained from promoting news content, stating that their app’s primary objective is to create a “public square for communities.”

Additionally, Elon Musk’s X, formerly Twitter, has also taken a strict stance on traditional news outlets, since the app does not display headlines on shared articles and has dismantled the journalist verification system. However, this strict approach to traditional media has drawn the attention of the European Union (EU), which is currently investigating the app’s content moderation practices.

youtube news


[ad_2]
Source link