Adobe, Cisco IOS, Skype, WordPad, & Rapid Reset Flaws

0
[ad_1]
CISA Known Exploited Vulnerabilities

The US cybersecurity organization CISA has updated its Known Exploited Vulnerabilities catalog to include five new security flaws that are currently being actively exploited.

This means that attackers are using these vulnerabilities to gain unauthorized access to computer systems, steal sensitive data, or cause damage to critical infrastructure.

It is crucial for organizations to be aware of these vulnerabilities and take immediate steps to mitigate the risk of exploitation.

Earlier this year, several vulnerabilities were reported in popular software applications such as Acrobat, Cisco IOS, WordPad, Skype, and HTTP/2 Rapid Reset.

As a precautionary measure, businesses are advised by CISA to be wary of these vulnerabilities and take necessary steps to secure their systems against potential cyber-attacks.

Malicious cyber actors often exploit these vulnerabilities as they are commonly found in the federal enterprise, posing significant threats to their security.

Five Actively Exploited Flaws

A Use After Free vulnerability in Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier), and 20.005.30418 (and earlier) might lead to arbitrary code execution in the context of the current user.

This vulnerability can only be exploited if the victim opens a malicious file that involves user involvement. Adobe patched the vulnerability in January 2023, and the PoC exploit code for this issue is available.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

An authenticated, remote attacker with administrative access to a group member or a key server could exploit a vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software.

A successful exploit might give the attacker complete control of the targeted system and the ability to run arbitrary code, or it could force the target system to reload, resulting in a DoS attack. Cisco fixed the flaw at the end of September.

  • CVE-2023-41763 Microsoft Skype for Business Privilege Escalation Vulnerability

An elevation of privilege vulnerability in Skype for Business is identified as CVE-2023-41763.

“An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an HTTP request made to an arbitrary address. This could disclose IP addresses or port numbers or both to the attacker”, Microsoft warns.

The attacker may obtain certain private, sensitive data, and in some situations, the information that was revealed could provide the attacker access to internal networks. Microsoft patched the flaw in its October Patch Tuesday release.

This is an information disclosure vulnerability in Microsoft WordPad. Because of the flaw, NTLM hashes can be revealed under certain circumstances. 

To exploit the issue, an attacker would need to be able to get into the system, but if a footing is gained, the adversary could then launch a specially crafted application and seize control of an affected machine.

“The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file,” Microsoft said.

Microsoft patched the flaw in its October Patch Tuesday release.

The HTTP/2 protocol flaw CVE-2023-44487 has recently been utilized to execute massive DDoS attacks against several targets. The HTTP/2 protocol’s handling of request cancellations or resets is the source of the issue.

When a client makes a reset for an HTTP/2 request, it consumes server resources by canceling the relevant stream. 

However, the client can start a new stream right away after initiating a reset. The quick opening and closing of HTTP/2 streams brings on the denial of service.

This vulnerability may affect many web platforms because HTTP/2 has been implemented into so many of them.

CISA urges all organizations to prioritize promptly repairing Catalogue vulnerabilities as part of their vulnerability management procedures to reduce their exposure to attacks.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

Stalkerware activity drops as glaring spying problem is revealed

0
[ad_1]

North America has a spying problem. Its perpetrators are everyday people.

North America has a spying problem. Its perpetrators are everyday people.

According to recent research from Malwarebytes, 62 percent of people in the United States and Canada admitted to monitoring their romantic partners online in one form or another, from looking through a spouse’s or significant other’s text messages, to tracking their location, to rifling through their search history, to even installing monitoring software onto their devices.

But while consenting adults can and increasingly do agree to share passwords, locations, and devices with their romantic partners, another statistic deserves scrutiny: 41 percent of the people who admitted to monitoring their partners said they did so without permission.

These numbers are particularly disappointing to report just months after Malwarebytes presented original data at the National Network to End Domestic Violence’s Technology Summit that showed that stalkerware-type activity had dropped significantly from an all-time high three years prior, when shelter-in-place orders were issued to originally limit the spread of COVID-19.

The two issues, while not identical, share an overlap, which is that the non-consensual tracking of another adult is always spying.

It’s spying when governments do it through opaque, mass surveillance regimes, it’s spying when companies do it through shadowy data broker networks that braid together disparate streams of information, and it’s spying when private individuals do it through unseen behavior on personal devices.

Malwarebytes has a firm history in opposing surveillance—in the home, at school, and around the world—and this October, during Domestic Violence Awareness Month, Malwarebytes again commits itself to advocating for user privacy, whether from a person’s government, the corporations they interact with, or from those most capable of abuse.

Monitoring without permission

This month, Malwarebytes released new research into the cybersecurity and online privacy beliefs and behaviors of 1,000 respondents in the United States and Canada. The report, titled “Everyone’s afraid of the internet and no one’s sure what to do about it,” reveals the dismal rates of adoption for antivirus software, two-factor authentication (2FA), password managers, and unique passwords across online accounts.

But the report also explores the methods and stated justifications for individuals who spy on their romantic partners.

Of all people (which is the General Population of respondents involved in Malwarebytes’ 1,000-person survey) who admitted to monitoring their partners online without permission:

  • 23 percent looked through messages (texts, emails, DMs) on a spouse’s/significant other’s devices and apps.
  • 16 percent tracked a spouse’s/significant other’s location through an app or Bluetooth tracker (like Apple AirTags, Tile, Find My).
  • 22 percent looked at a spouse’s/significant other’s search history on their phone or computer.
  • 13 percent installed monitoring software/apps on spouse’s/significant other’s devices.
  • 17 percent monitored a spouse’s/significant other’s finances.

Respondents who monitored their partners—both with permission and without—were also asked about their own opinions on why they monitor. Half (50 percent) agreed or strongly agreed with the statement that “monitoring my spouse’s/significant other’s online activity and/or location makes me feel they are safer,” while 42 percent agreed or strongly agreed with the statement that “being able to track my spouse’s/significant other’s location when they are away is extremely important to me.”

Statistics on the rate of online monitoring admitted by respondents in the latest research from Malwarebytes

Online monitoring rates for all survey respondents in the latest research from Malwarebytes

These numbers change slightly for members of Generation Z, but in short, Gen Z engages in more non-consensual online monitoring than non-Gen Z in nearly every single circumstance.

Of the Gen Z respondents who digitally monitor their spouses or significant others, more do so non-consensually than non-Gen Z, overall (47 percent compared to 40 percent). Those same Gen Z respondents non-consensually track locations more (19 percent compared to 15 percent), non-consensually read messages like emails, texts, and DMs more (25 percent compared to 23 percent), and non-consensually install monitoring applications on devices more (16 percent compared to 12 percent).

Gen Z even engages in more non-consensual physical surveillance than non-Gen Z, with increased rates of non-consensually reading through a spouse’s or significant other’s diary or journal (17 percent compared to 11 percent), non-consensually reading a personal letter addressed to or from that person (21 percent compared to 17 percent), and even non-consensually searching through that person’s room, backpack, car, purse, or other personal belonging (24 percent compared to 22 percent).

Offline monitoring rates for all participants in the latest research from Malwarebytes

Offline monitoring rates for all survey respondents in the latest research from Malwarebytes

But where Gen Z presents the most novel change is in how they monitor one another with permission. While Gen Z engages in more non-consensual monitoring, they also engage in more consensual monitoring, which is only possible because Gen Z monitors significantly more than non-Gen Z overall

Here, the takeaways are up for interpretation. Perhaps Gen Z is, optimistically, having more open conversations about consensual sharing, both in romantic relationships and friendships. This was anecdotally confirmed last year, when the Lock and Code podcast spoke with a Bay Area teenager about how she and her friends obtain consent before sharing photos on social media.

But one activity that Malwarebytes asked about, even if originally performed with consent, could present a threat to privacy long into the future: Installing monitoring apps on another person’s devices.

Depending of the type of app used, these digital tools can provide access to a person’s location, SMS messages, photos, videos, phone calls, and contacts, while also granting remote access to a device’s camera, microphone, and WiFi functionality. What’s more, some can even do this without any notification or warning to the person being monitored. If such an app is installed on a person’s device with their consent, there is little way of them knowing that it is still on their device, even if they eventually withdraw consent. In other words, the spied-upon have few, basic indicators that they are being spied upon.

According to Malwarebytes’ research, 40 percent of Gen Z have installed monitoring software or apps on a spouse’s or significant other’s devices, compared to 29 percent of non-Gen Z.

These numbers are less open to interpretation. They are deeply concerning.

A drop in stalkerware-type activity

In July, Malwarebytes presented at the National Network to End Domestic Violence’s Technology Summit to offer device security training and updated statistics on a problem that has long plagued survivors of domestic abuse: Stalkerware.

Malwarebytes’ fight against stalkerware is long-documented. For years, the company has detected and helped people remove stalkerware-type applications, while also visiting local domestic abuse shelters and national conferences to share vital information on this pernicious digital threat.

Part of this advocacy has included publishing stalkerware-type detection data with the public, including a dramatic spike in stalkerware-type activity that coincided with shelter-in-place orders mandated near the start of the COVID-19 pandemic, and eventual decreases in that same type of activity one year after.

But that earlier data focused on what are called “detections” on Android devices—moments when Malwarebytes scanned and found apps that could monitor or spy on a user without their knowledge. This year, Malwarebytes has changed its approach to publishing stalkerware-type activity, now incorporating the active user base at any given moment, to show not just raw detection counts, but overall prevalence.

The good news? Stalkerware-type activity is down. A lot.

 Across June, July, and August of 2020, on average, 0.7 percent of all Malwarebytes scans conducted on Android devices resulted in Malwarebytes encountering a stalkerware-type app. Starting in March of 2022, that incident rate dropped to below 0.2 percent. It has remained that low up to June 2023, which is the cutoff date for Malwarebytes’ most recent data.

 For that final month of data, the incident rate was just 0.11 percent—tied for the lowest rate recorded across three years.

Stalkerware-type activity across three years

Stalkerware-type activity across three years’ of Malwarebytes data

Erring towards caution, with good cause

Stalkerware-type activity is down, but in Malwarebytes’ latest survey, a worrying number of individuals admitted to digitally tracking their spouses and significant others, and while fewer admitted to doing this type of tracking without consent, the type of tracking made available by certain monitoring apps could create privacy invasions in the future.

Malwarebytes will always caution against a world that grows comfortable with surveillance, even if the surveillance is initially conducted “with consent.” Consent shifts with time—it can be removed, narrowed, and tailored to specific situations. But the type of access that some monitoring apps provide, particularly those with stalkerware-type capabilities, are entirely incompatible with consent. They are built to collect as much information as possible and to even hide that data collection from view.

Remember that 50 percent of all respondents who admitted to monitoring their spouses or significant others agreed or strongly agreed with the statement: “Monitoring my spouse’s/significant other’s online activity and/or location makes me feel they are safer.” (Emphasis added).

This Domestic Violence Awareness Month, perhaps we remember that adults can determine their own safety—and privacy.

Read the report


If you are currently facing domestic violence, you can call the National Domestic Violence Hotline at 1-800-799-7233.

If you are currently concerned about stalkerware-type monitoring of your device, or other possible forms of technology-enabled surveillance and abuse, you can visit the National Network to End Domestic Violence’s Safety Net Project here.


[ad_2]
Source link

Deca-core custom Exynos 2500 rumored for Samsung Galaxy S25

0
[ad_1]

Samsung recently announced the Exynos 2400 chipset that will power the Galaxy S24 series. It was more of a teaser than an announcement as the company didn’t go into spec details. However, leaks and benchmark listings have already revealed plenty about it. We know that the new chip will be a deca-core solution, i.e. it will feature ten CPU cores. A fresh rumor says that Samsung’s Exynos 2500 chip for the Galaxy S25 will keep this CPU configuration.

Galaxy S25’s Exynos 2500 to be a deca-core chip

Samsung has been making Exynos-branded smartphone chips for a long time, but those solutions have historically underperformed compared to competing Snapdragon chips from Qualcomm. The performance gap got so wide a couple of years back that the company ditched Exynos and shipped the Galaxy S23 series with Snapdragon processors globally. While everyone appreciated this move, it caused a massive loss of revenue for the firm’s semiconductor business.

For the Galaxy S24 series, Samsung is now going back to its usual dual-chip strategy. Unsurprisingly, fans aren’t happy, as the Exynos 2400 appears to lag behind the Snapdragon 8 Gen 3. The company plans to fix this seemingly never-ending problem with custom processors. Its smartphone division is working on making custom chips for flagship Galaxy models, rather than buying Exynos chips from the semiconductor division.

The first custom Galaxy processor is expected to arrive in 2025 with the Galaxy S25 series. It’s unclear whether Samsung will call the chip the Exynos 2500 or give it some other name (let’s call it by that name for the time being). X tipster @OreXda has been sharing details about the Korean firm’s work on the project since the early days. They recently claimed that the upcoming chip will feature a deca-core CPU configuration in a 1+3+2+4 setup.

It should be Samsung’s first 3nm processor

The Exynos 2500 is expected to be the first Samsung chip built on a 3nm process node. It should also use ARM’s next-gen CPU cores. We should get one Cortex-X5 prime core, three Cortex-A730 mid-cores at a higher speed, two Cortex-A730 mid-cores at a lower speed, and four Cortex-A520 efficiency cores. The Exynos 2400 uses the latest ARM CPUs in a 1+2+3+4 setup, so the Exynos 2500 will have an additional faster mid-core.

The precise clock speeds of the CPUs are currently missing. The Exynos 2400 has its Cortex-X4 prime core clocked at 3.21GHz, two Cortex-A720 cores at 2.90GHz, three more Cortex-A720 cores at 2.59GHz, and four Cortex-A520 cores at 1.96GHz. The next-gen solution may have a little faster prime core. It remains to be seen whether finally fixes those power and performance issues Exynos chips have had for years.


[ad_2]
Source link

Microsoft receives IRS notices for $28.9 billion in back taxes

0
[ad_1]

The Internal Revenue Service (IRS) has sent notices to Microsoft stating that the company owes it $28.9 billion in back taxes, excluding penalties and interest. The Notices of Proposed Adjustment (NOPAs) from the IRS are for the tax years 2004 to 2013, the tech giant revealed in a Securities and Exchange Commission (SEC) filing on Wednesday.

Microsoft served notices by the IRS over billions of unpaid taxes

According to the official filing, Microsoft received the NOPAs on September 26, 2023. The notices show that the IRS is seeking an additional tax payment following an audit of the Windows maker’s intercompany transfer pricing, an accounting and taxation practice employed by multinational companies. It legally allows companies to establish prices for the goods and services exchanged between their multiple divisions or business units.

Microsoft says that the IRS has “established regulations that allow companies to use a specific arrangement for transfer pricing, called cost-sharing.” Many companies use cost-sharing because “it reflects the global nature of their business,” the tech biggie’s Corporate Vice President of Worldwide Tax and Customs, Daniel Goff, wrote in a blog post providing an update on the firm’s ongoing audit with the IRS.

Goff added that Microsoft’s subsidiaries “shared in the costs of developing certain intellectual property, under those IRS cost-sharing regulations.” As such, “the subsidiaries were also entitled to the related profits.” However, the IRS seemingly doesn’t agree with the way the company allocated profits across its operations in different regions between 2004 and 2013. Microsoft changed its corporate structure and practices after that, Goff confirmed.

Unsurprisingly, Microsoft disagrees with the IRS’ audit. The company says the revenue department didn’t take into account the taxes it paid under the Tax Cuts and Jobs Act (TCJA). This would reduce the total outstanding taxes under the audit by about $10 billion. It’s not like Microsoft plans to pay the rest, though. It will challenge the proposed adjustments and pursue an appeal within the IRS.

Microsoft says it has always followed rules and regulations

In his blog post, Goff stated that Microsoft has always acted per the rules and regulations set by the IRS. He says the company is one of the top corporate income taxpayers in the US. The firm has paid over $67 billion in taxes to the nation since 2004. Microsoft believes its position is “supported by case law.” So if the two parties don’t come to a direct agreement on the matter, the company will take the case to court. The whole process may take several years.


[ad_2]
Source link

Google debuts its eSIM transfer and conversion tool with the Pixel 8 series

0
[ad_1]
Apple set a precedent last year when it completely removed the SIM card slot from the iPhone 14 and going eSIM only. eSIMs are digital SIM cards that are embedded into a device, which can offer a number of advantages over physical SIM cards, such as security and flexibility. However, this change prompted justified concerns among Android users who now feared their favorite smartphone OEMs would follow suit.
As many iPhone users painfully discovered, transferring an eSIM between devices could become a convoluted process that involved deactivating the eSIM profile on the old phone and re-activating it on the new phone. It became obvious that while eSIM was destined to become the new standard, and pretty much the only option, the process needed to be refined and many cell phone carriers needed to get on board. 
In light of the ongoing struggles, companies like Samsung and Google began to work on solutions. Samsung began the rollout of its fix last month with the release of One UI 5.1, which included an SIM to eSIM transfer and conversion tool among a small subset of its devices. Google stated back in February that it was working on its own eSIM transfer tool which we expected to debut widely with the public release of Android 14.
Thankfully, we are already seeing results. As reported by Android Police, based on findings by Mishaal Rahman, Google’s promised eSIM transfer solution has arrived with the launch of the Pixel 8 series. This was spotted when a user came across the option to transfer an existing eSIM profile from an old Pixel phone to a new Pixel 8 Pro during the initial setup process.

Additionally, the tool was found to include an option to convert a physical SIM card into an eSIM. This can be a huge convenience, especially if you are traveling or switching carriers.

Google’s new eSIM migration tool simplifies the process by allowing users to directly transfer their eSIM profile from one Pixel phone to another, without having to contact their carrier. However, it is important to note that the tool may not work with all devices or carriers. For now, it has been reported to work between Pixel devices on T-Mobile in the U.S. and Deutsche Telekom in Europe, though this may not work as intended every single time. 

Google’s eSIM transfer tool is a positive step towards making eSIM migration on Android easier and more convenient. Hopefully, the obvious next steps to expand carrier and device support, follow without delay.


[ad_2]
Source link

The Best Camera Flip Phone

0
[ad_1]

The OPPO Find N3 Flip is a rather interesting phone. Perhaps more interesting because it’s not coming to the OnePlus brand, unlike OPPO’s other foldable. It’s also perhaps the best flip phone on the market (or soon to be on the market). It seems to check just about every box that most other flip phones neglect. Including the camera, battery life, charging speed, and the display brightness.

But the real question is going to be, how well does it perform in the real world? Is it worth buying in Europe and Asia? Well, that’s what we are here to find out in our full review of the OPPO Find N3 Flip.

OPPO Find N3 Flip Review: Hardware and Design

To be honest, I have not reviewed an OPPO phone in quite a few years, largely because they are not compatible with US networks. But OPPO has always had really great hardware. They’ve always gone the extra mile to make their phones look unique and distinguishable from the competition. And the first thing that makes the Find N3 Flip identifiable is definitely the front display.

While other companies like Samsung and Motorola have opted for square displays on the front, and using as much space as possible, OPPO has opted for a different approach. Giving us a 17:9 aspect ratio display on the front of the phone, to the left of the camera. So it’s similar to what is on the inside of the phone. This allows the display to run full Android apps too. But not quite everything, like the Motorola Razr+ allows you to do.

OPPO Find N3 Flip AM AH 01

Another big thing here is the camera module. It’s pretty similar to any recent OnePlus smartphone. Which should come as no surprise, seeing as the two companies recently merged. And that’s not the only OnePlus feature on this phone – the Alert Slider is here too. OPPO was able to cram three cameras into that small section of the Find N3 Flip. Which is honestly really impressive. Sporting a wide, ultrawide and telephoto camera all on a flip phone, is definitely a first.

The Alert Slider is really great to see on this phone. It’s a feature that I really wish more phones would adopt, and now even the iPhone is getting rid of it for an Action Button. But the ability to quickly slide my phone into mute or vibrate, is really useful when walking into a meeting or starting a new Zoom Meeting, so that I don’t get interrupted.

Then there’s the smaller stuff that you’ll really only notice on the phone without the case. The color we have here is the Cream Gold, so that’s what we’ll be talking about. Since each color has a slightly different design. This has a flowing wave texture around the outside of the phone that “dances as light falls on this elegant, subtly standout color” according to OPPO. It does look rather cool, and the matte finish on the hinge is also a nice touch. This does make the phone pretty slippery though, so much that I had to use a case with this phone during the review process. Luckily, there is a nice plastic hard case included in the box.

The sides are slightly curved here, which does make it feel much nicer in the hands, especially if you’re used to a smaller phone. It almost feels like a piece of jewelry, something that Apple typically takes pride in with their iPhones. It’s a stunning smartphone, and is definitely identifiable as an OPPO smartphone.

In the box, the OPPO Find N3 Flip includes a few things that other smartphones in the West don’t. One is the SUPERVOOC charger, capable of charging the Find N3 Flip at 44W, and the other is a case. OPPO has included a plastic case that is pretty much the same color as the phone. It’s not to bad of a case, and definitely one you’ll be using.

OPPO Find N3 Flip Review: Displays

There are two displays on this phone, that includes a 3.26-inch cover display that is 720×382 for a 17:9 aspect ratio. And then there’s the main display which is a 6.8-inch AMOLED display at 2520×1080 resolution, giving it a 21:9 aspect ratio. Let’s start with that cover screen though.

When I was first briefed by OPPO about the Find N3 Flip, I thought this style cover screen was pretty cool. The ability to run full apps like X, TikTok, and other things without opening the phone. Seemed like a good idea. Now after using the phone for a few weeks, I’m not as sold on it. There’s two main reasons, the size and the resolution.

OPPO Find N3 Flip AM AH 17

This is a pretty small display, so running apps like Gmail or X here aren’t the best experience. And with the low resolution, you can really see the pixels here. It is good for getting rid of spam email really quickly, but I wouldn’t spend more than a few minutes on this outer display, to be quite honest.

However, it does have Game Snacks. Which is Google’s small game product. It has a number of great games included that you can play, and it’s great to play on the go, while you’re at the doctor’s office or something.

The stunning main display

Then there’s the main display. This display is really incredible. As mentioned, it’s a 6.8-inch AMOLED with LTPO display here. So that means it is a variable refresh rate display from 1 to 120Hz. It’s a great display to use for watching video, whether that be YouTube, TikTok or something else. It’s very vibrant and reproduces colors really well.

Despite the pretty low peak brightness, just 500 nits, and a 1600 nits peak brightness rating, this display is actually very visible outdoors. It definitely feels like it gets brighter than 500 nits, especially for a foldables. Typically, foldables are very reflective because of the plastic screens and plastic screen protectors. But that is not the case here. And the reason for that is, OPPO has dropped the polarizer. This reduces display power consumption by as much as 20%. Which does make a huge difference here.

OPPO Find N3 Flip AM AH 24

Then there’s the crease. Or is there? The crease is here. It’s not as deep as say the Galaxy Z Flip 5, so it doesn’t look like there’s much crease, but you can definitely feel it. This crease, I actually don’t mind as much as I do on the Flip 5.

The displays here are pretty good, there’s definitely room for improvement on both displays, but both are quite good. In fact the main display might be the best I’ve seen on a flip-style foldable.

OPPO Find N3 Flip Review: Performance

When it comes to performance, it’s been a bit of a mixed bag for me, while using the Find N3 Flip. In the beginning, the phone was quite slow. With some apps lagging a bit, which I figured was due to the MediaTek Dimensity 9200, but then things got better after a software update. And now it’s been pretty much on-par with a Snapdragon 8 Gen 2 phone like the Galaxy S23 series.

This is a second-generation 4nm chipset that OPPO is using here, and it is actually pretty good, outside of those first impressions. Most apps were running pretty well, some were a bit slow, like Amazon. But I’d chop that up to the October Prime Day event happening right now. Other than that, everything’s been pretty good here, in terms of performance.

The Dimensity 9200 is paired with 12GB of LPDDR5X RAM and 256GB of UFS 4.0 storage. So it’s quite the beast on paper, and in real world use, it does seem to step up to the challenge. Now the phone did get hot after a bit of time watching video, or using the camera. Which is to be expected. So nothing out of the ordinary, to be quite honest.

OPPO Find N3 Flip AM AH 10

Fingerprint and Face Unlock are also available

The fingerprint sensor is side-mounted here on the OPPO Find N3 Flip. Which is pretty much the way all foldables do it. Since you don’t want to apply pressure to the folding display. And let’s face it, a power-button fingerprint sensor is the best fingerprint sensor. This sensor is a bit more sensitive compared to some of the others on other foldables that we have reviewed in recent months. But once you get used to that, it’s pretty easy to use. And works quite well. There is also Face Unlock available, but it’s not as secure, since it is using just that front-facing camera.

OPPO Find N3 Flip Review: Battery life and Charging

Battery life on the Find N3 Flip is pretty good. It’s about what I’d expect from a flip-style foldable with a smaller battery (but still the largest for a Flip phone at 4300mAh). I was able to get about 8 hours of screen on time here. Which isn’t the best for smartphones in general, but when you look at flip-style foldables, it’s actually quite good. For comparison, on the Galaxy Z Flip 5 I was getting 7 hours of screen-on time. While the Razr+ was getting me 8 hours pretty consistently. Keep in mind those both use the Snapdragon 8 Gen 2, which is known to be a beast for battery performance.

Basically, the OPPO Find N3 Flip should get you through a full day, with some juice left. Since it has been lasting me well over 24 hours usually. And that’s with pushing it pretty hard. So that’s really good to see.

Then we have the charging. OPPO does include a charger in the box, which is able to charge the Find N3 Flip at 44W. That’s the fastest charging available for a Flip phone right now. And given the small-ish 4300mAh battery here, it does charge quite quickly. There’s no wireless charging here, which OPPO felt that it was better to include a bigger battery and faster wired charging, versus adding in wireless charging. Which I kind of agree, but wireless charging is still a “nice to have” feature.

OPPO Find N3 Flip Review: Software

The OPPO Find N3 Flip is running on Android 13 with ColorOS 13.2, that is a pretty recent version of Android and the latest version of ColorOS. OPPO is in a weird spot here, since Android 14 just dropped last week, and here they are launching a phone with Android 13. But it will get Android 14, the only question is when. Which we aren’t too sure at this point. It should be before the end of the year though.

OPPO Find N3 Flip AM AH 02

ColorOS 13.2 runs really well on this hardware. And has some pretty nifty features, particularly for that cover screen. As mentioned already, the cover screen is able to run full apps, but not all are compatible right now. Some that are include the phone app, camera, timer/clock, X, Reddit, and TikTok. It’s a pretty neat way to watch TikTok and such, as well as getting stuff done on your phone without having to unlock it. Not all apps are available for the cover screen, and you do need to add them to the cover screen. Just head into Settings > Foldable Features > Mini Apps and you’ll see the apps available, and you can move them around to your liking.

Also on the cover screen, you can choose which style you want to use. You can also use the interactive pets on the cover screen, which are pretty fun to interact with. You can also choose static and live wallpapers, or the current weather. OPPO does let you change out the widgets on the main cover screen too. But when you’re using the interactive pets style, you’re limited to just one widget. There are a good amount of widgets, including some in labs like Gmail, Google Maps and Messages.

Now since this is an Android phone, there are plenty of ways to mulit-task. That includes the ability to jump into Split View. Using a three-finger swipe up, you can quickly jump into split view, allowing for one app at the top and another at the bottom. You can also have floating windows, which makes more sense on a phone like the Find N2, with the much larger display, but it is good to see it here.

ColorOS did adopt a few of my favorite features from OxygenOS over the years too. And this includes the ability to add and remove icons from the status bar. So I’ve added the real-time network speed, and you can also change up the battery icon style. I’ve found that having the percentage inside the battery is a bit tough to read, so you can opt to have it next to the battery, or have it not show at all.

OPPO has added quite a few features to ColorOS 13.2 to help take full advantage of this form factor. And we’ll likely see more coming in the next few updates. Especially now that ColorOS and OxygenOS has merged into a single operating system across OPPO and OnePlus smartphones.

OPPO Find N3 Flip Review: Camera

The camera on the OPPO Find N3 Flip is something that I was really excited for. That’s because OPPO has crammed some pretty good sensors into such a small space. We’re looking at a 50-megapixel main sensor, 48-megapixel ultra wide and a 32-megapixel portrait camera. The portrait camera is basically a telephoto portrait camera, think of the 5x portraits on the iPhone 15 Pro Max. These are actually fairly small sensors, compared to what we’re seeing on other foldables and what’s rumored on the OnePlus Open. But they get the job done.

OPPO Find N3 Flip AM AH 20

The main camera sensor has been upgraded with OIS, and it is also roughly 30% larger than competing flip phone cameras. Making it a pretty good sensor. And the pictures from this lens are actually really good. I’ve been quite impressed with what this camera can provide. But then again, most smartphones in 2023 are able to take really good photos, when given a good amount of light.

The ultrawide was also upgraded, and now captures a 115-degree field of view, with a f/2.2 aperture. This sensor is apparently over 100% larger than the flip phone competition. Which allows it to bring in more light, and work better for macro shots.

Finally, we have that Portrait camera. It’s a rather interesting move to add a camera specifically for taking portraits to a flip phone, over a dedicated telephoto camera. But that high-megapixel main sensor does quite well with zoom. This is the Sony IMX709 sensor, which has a f/2 aperture, and is able to take great portraits at night, and during the day.

Here are some photos taken with the OPPO Find N3 Flip.

A few things help to make the OPPO Find N3 Flip an even more impressive camera flip phone however. And one of those is FlexForm Capture. As with a lot of other flip phones, you are able to set the phone at a specific angle to take a photo or record video. And you can use any of the three outer cameras to record and take photos. Making this a really great camera for vlogging. Especially with that portrait camera. OPPO also lets you you use the viewfinder on the outer display and the inner display at the same time. So if someone wants you to take a photo of them, you can show them what they look like, in real time. On albeit, a much smaller display, but it is available.

OPPO is really touting their computational photography on the Find N3 Flip, and you can really notice a big difference here. It’s able to capture the original brightness information from when the photo was taken and then fine-tune the HDR photo pixel by pixel. Giving you a much better photo than what the camera would have normally have taken.

There’s also ProXDR. Available in the Gallery app on the Find N3 Flip, you can use the very bright peak brightness on this display to show you what it would look like on an XDR display. It’s a great way to enjo your selfies, parties, pets and so much more on the OPPO Find N3 Flip.

OPPO Find N3 Flip AM AH 22

Should you buy the OPPO Find N3 Flip?

This is a pretty loaded question, especially for someone that lives in the US. I really like the Find N3 Flip, which is saying a lot, since I’m not a big fan of the flip phones out there. I just prefer the more book-style foldables that are on the market, like the upcoming OnePlus foldable. There’s a lot going for the OPPO Find N3 Flip here, and if it is sold and supported in your country, it’s definitely worth checking out.

You should buy the OPPO Find N3 Flip if:

You are looking for a foldable with a big battery.

You want a flip phone with the best cameras available.

You want fast charging.

You want a foldable with a very minimal crease.

You should not buy the OPPO Find N3 Flip if:

You live in the US, unfortunately this won’t work with most of the carriers.

You prefer a larger display foldable.


[ad_2]
Source link

Stayin’ Alive Hacking Teleco & Government Organizations

0
[ad_1]

Threat actors target telecoms and government ministries because they house valuable data and infrastructure. 

Telecoms hold sensitive communication records and can disrupt essential services, while government ministries contain classified information, making them attractive targets for the following illicit purposes:-

  • Espionage
  • Financial gain
  • Cyber warfare

Cybersecurity researchers at Check Point have monitored ‘Stayin’ Alive,’ an ongoing campaign since at least 2021, primarily in Asia targeting Telecom and government sectors. 

The campaign deploys downloaders and loaders, with one called CurKeep targeting multiple countries, revealing its broader regional focus.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

The campaign’s simple, diverse tools appear disposable for downloading payloads. They lack code similarities but connect to ToddyCat, a Chinese-affiliated threat actor in the region.

Infrastructure Analysis

The investigation began with a September 2022 email to a Vietnamese telecom company uploaded to VirusTotal. 

The email contained a ZIP attachment with legitimate and side-loaded files. Execution involves a simple backdoor called ‘CurKeep,’ maintaining persistence via a scheduled task.

CurKeep infection chain
CurKeep infection chain (Source – CheckPoint)

CurKeep samples used C&C servers with a shared TLS certificate (fd31ea84894d933af323fd64d36910ca0c92af99) across multiple IP addresses, likely tied to the same actor.

Stayin’ Alive shared certificate among IP addresses
Stayin’ Alive shared certificate among IP addresses (Source – CheckPoint)

Additional tools used

Here below, we have mentioned all the additional tools that the threat actors use:-

  • CurLu Loader
  • CurCore
  • CurCore Payload
  • CurLog Loader
  • Old Vietnam Lure

The newly discovered StylerServ sample serves files over high ports using passive listening. Five threads monitor specific ports and, if conditions are met, serve encrypted files like ‘stylers.bin’ during remote connections.

These files appear to include a configuration of several file formats and unidentified DWORDs.

Encrypted and decrypted configs
Encrypted and decrypted configs (Source – CheckPoint)

Countries targeted

Here below, we have mentioned all the countries that the threat actors target:-

  • Vietnam
  • Pakistan
  • Uzbekistan
  • Kazakhstan

The following domains are used by CurLog and CurLu loaders that were previously linked to ToddyCat’s infrastructure, with shared connections to 149.28.28[.]159:-

  • fopingu[.]com
  • rtmcsync[.]com

Sophisticated actors increasingly rely on disposable loaders and downloaders to evade detection and attribution. ‘Stayin’ Alive’ demonstrates this trend, targeting high-profile organizations with basic backdoors.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

EMPACT Hackathon Targets Online Human Traffickers

0
[ad_1]

A recent EMPACT hackathon, organized by Europol, gathered experts and law enforcement officers to develop tools for identifying and tracking human traffickers recruiting victims online.

A recent hackathon organized by Europol, in conjunction with the EMPACT project, brought together over 100 law enforcement officers, data scientists, and other experts from across Europe to develop and test innovative tools and solutions to help identify and track human traffickers who are using online platforms to recruit victims.

The 2023 EMPACT Hackathon took place from 18 to 22 September in Apeldoorn, the Netherlands. The hackathon focused on filling intelligence gaps in the recruitment of victims of the most frequently reported forms of human trafficking, namely sexual and labour exploitation.

Participants were able to access and analyze large datasets of information from social media platforms, dating apps, and other online sources to develop new insights into how traffickers are operating online and how to identify potential victims.

One of the key developments from the hackathon was the creation of a new tool that can automatically identify and track human trafficking victims on social media platforms. The tool uses machine learning to identify patterns in the behaviour and language of traffickers and their victims. It can also be used to track the movement of traffickers and victims across different social media platforms.

Another key development from the hackathon was the creation of a new database of human trafficking victims and suspects. The database is searchable by a variety of criteria, including name, age, nationality, and the type of trafficking involved. It can be used by law enforcement agencies to identify potential victims and suspects and to track the movement of trafficking networks.

In-Depth Scan – Scary Figures!

In their extensive investigation, authorities examined a total of 85 people’s usernames, delving into the intricacies of 371 platforms, encompassing a wide spectrum of online spaces, from social media and dating platforms to web forums, marketplaces, and online applications.

Additionally, they scrutinized 325 communication devices, which included phone numbers, mobile apps, email addresses, and fax numbers. As part of their commitment to combating human trafficking, authorities focused their attention on 26 online platforms that were suspected of involvement in this illicit activity.

Furthermore, the participants were able to identify and verify that 5 online platforms were indeed engaged in human trafficking. Similarly, the investigation extended to the digital domain of child protection, where authorities inspected 10 online platforms associated with child sexual abuse (CSAM) to ensure the safety of online communities.

A Success!

Overall, according to Europol’s press release, the EMPACT hackathon was a success, and the solutions developed at the hackathon are now being evaluated by Europol and its member states. Some of the solutions may be deployed in the future to help law enforcement agencies combat human trafficking.

The hackathon is one of many initiatives that Europol is undertaking to combat human trafficking online. Europol also works closely with its member states to develop and implement policies and strategies to prevent and prosecute human trafficking.

EMPACT Hackathon Targets Online Human Traffickers
EMPACT Hackathon in place – Image credit: Europol

Human Trafficking Online: A Growing Problem

Human trafficking is a global crime that affects millions of people every year. Traffickers exploit vulnerable people for sexual exploitation, forced labour, and other forms of abuse.

Traffickers increasingly use online platforms to recruit victims. Online platforms can be used to target potential victims with false promises of jobs, education, or relationships. Traffickers can also use online platforms to control and manipulate their victims.

The Role of Technology in Combating Human Trafficking

Technology can play a vital role in combating human trafficking. Law enforcement agencies can use technology to identify and track traffickers and victims, and to gather evidence of trafficking crimes.

Technology can also be used to develop tools and solutions to help prevent human trafficking. For example, social media platforms can use technology to identify and remove posts from traffickers.

The EMPACT hackathon is a positive example of how technology can be used to combat human trafficking. The solutions developed at the hackathon have the potential to make a real difference in the fight against this heinous crime.

  1. Thailand Senate Website Hacked Against Human Trafficking
  2. US government seizes classified advertising website Backpage
  3. Utilizing Programmatic Advertising to Locate Abducted Children
  4. Operation Narsil – INTERPOL Busts Decade-Old Child Abuse Network
  5. DARPA Builds ‘Memex’ Deep Web Search Engine to Track Sex Traffickers

[ad_2]
Source link

Grab the LG 65-inch QNED85 Mini-LED 4K TV for only $1,196

0
[ad_1]

Amazon has discounted LG’s QNED85 series of Mini-LED TVs, after Prime Day. Making the 65-inch model just $1,196. That’s a savings of about $600. Definitely worth picking up. The 75-inch is also on sale but not by a lot. It’s $1,696 which is only a $100 savings here.

The QNED85 is a Mini-LED TV from LG, which is going to provide you with one of the best looking TVs out there right now. Mini-LED has a lot of the advantages of OLED, but without the burn-in and it’s a lot brighter. Which explains why the industry is really starting to embrace Mini-LED. That means those dark shows will look incredible on this TV. And as it so happens, it’s still a bit cheaper than OLED right now.

On top of that, LG has included Dolby Vision IQ and HDR10 here. Giving you a really great experience when watching TV or a movie. It also has Dolby Atmos, which is rather surprising in a TV like this, since most TV makers are focused on making it as thin as possible and thus not much space for speakers.

LG also runs webOS on its TVs. Which is a pretty intuitive software approach on TVs, and it does come with all of your favorite apps here. That includes Netflix, Hulu, YouTube, Discovery+, Paramount+ and so much more.

You can pick up the LG QNED85 Mini-LED TV from Amazon today at the link below.

LG 65-inch QNED85 Mini-LED 4K TV – Amazon


[ad_2]
Source link

California allows users to request data brokers to delete their data

0
[ad_1]

In this day and age, where every website and app uses cookies to track our movements and habits, data brokers have gained unprecedented access to our personal data. However, this vast amount of data poses a serious privacy concern, as malicious entities can exploit it for identity theft. Now, in an effort to address this issue, California Governor Gavin Newsom has recently enacted new legislation known as the Delete Act, allowing users to request data brokers to either delete their data or prevent its sale and sharing—all through a single, comprehensive request.

Senator Josh Becker pointed out the critical flaw in the existing system, referring to it as a “loophole big enough to drive a few million stolen identities through.” Furthermore, he emphasized that data brokers have been selling consumers’ data, including details on reproductive healthcare, geolocation, and purchasing behaviour, to the highest bidder without ever obtaining the user’s consent.

Making a new system

To make this system possible, the California Privacy Protection Agency (CPPA) will create a user-friendly mechanism for Californians to submit data deletion requests by January 1, 2026. Additionally, data brokers will need to regularly check and honour new data privacy requests every 45 days, and the government will conduct audits every three years, starting in 2028, to ensure compliance.

Furthermore, with over 500 data brokers in California, the Delete Act mandates these entities to disclose information regarding the types of data they possess and even obligates them to delete the data obtained from third-party sources. Finally, brokers failing to comply with the act may face civil penalties and administrative fines.

“The law is the most decisive step we’ve seen lawmakers take to rein in the shadowy business of data brokers. It rejects the idea that companies should be able to commercially exploit the most sensitive details of lives with impunity,” said John Davisson, Director of Litigation and Senior Counsel at the Electronic Privacy Information Center (EPIC).

Concerns surrounding the new legislation

While California’s new Delete Act represents a significant step forward in data privacy, Justin Hakes, VP of Communications for the Consumer Data Industry Association, voiced his concerns, stating that it could undermine fraud protections and hinder small businesses’ ability to compete with data giants.


[ad_2]
Source link