OnePlus 11 flagship can be yours for only $570, if you hurry up

0
[ad_1]

The OnePlus 11 is the company’s most powerful smartphone, and it’s now discounted to $570. This deal comes as part of the Amazon Prime Big Deal Days sale. The phone is now discounted by 19%, as its original price tag is $699.99. You can basically save $130 if you get it while this deal is available.

Having said that, you can save up even more cash if you opt for the 16GB RAM model of the phone. The variant we talked about in the first paragraph is an 8GB RAM model, with 128GB of storage. The 16GB RAM variant includes 256GB of storage, and it’s priced at $649.99 at the moment. It’s discounted by 19% as well, as it usually costs $799.99. You can save $150 if you opt to get it.

The Titan Black model of the phone is available in both 8GB and 16GB RAM flavors, while the Eternal Green variant comes in a 16GB RAM option only. This phone is fueled by the Snapdragon 8 Gen 2 SoC, while it includes a large LTPO AMOLED display with a 120Hz refresh rate. A 5,000mAh battery is also included in the package, and 80W wired charging is supported.

If you’re interested in this phone, you’ll need a Prime membership in order to get the deal. If you don’t already have it, you can grab a free trial by clicking here.

OnePlus 11 (Titan Black, 8GB RAM) – Amazon

OnePlus 11 (Titan Black, 16GB RAM) – Amazon

OnePlus 11 (Eternal Green, 16GB RAM) – Amazon


[ad_2]
Source link

Save $450 on this epic LG gaming monitor for Amazon Prime Day

0
[ad_1]

There are people who need the best gaming monitors, so they turn to LG. This company makes amazing displays, and the LG Ultragear DQHD display is one of the best that you can get. It’s now a deep $450 off for Amazon Prime Day, which is a great deal.

This is for the true gamers, the people who want the most out of their gaming monitors. The model on sale is the 49-inch model. It has a giant curved display with a 5120 x 1440 resolution. Since it’s a curved display, you will have a more natural viewing experience. You’ll have a more immersive experience with this display.

With the 1440p resolution, you’ll see the game you’re playing in great detail. This is great, as there are so many games coming out with incredibly detailed graphics. So, this display will make everything you’re playing just pop.

Speaking of the visuals, there are a ton of visual features that this monitor has that will augment your gaming experience. For starters, it has a fluid 240Hz refresh rate. It’s not quite the 144Hz refresh rate, but it’s still amazing.

This is an HDR display. It supports Vesa DisplayHDR 1000. It offers an incredible peak brightness as well. This comes in handy with most modern games. Another great visual feature is the AMD Freesync Premium Pro. This means that you won’t see any tears in the screen.

With the on-screen controls, you’ll be able to configure your monitor settings easily. This is important, as you’ll have a ton of settings and tools that you can use to personalize your experience. Along with that, there’s PiP (picture-in-picture) mode.

This is a monitor for people who want the most out of their games, and you can bet that the $450 discount makes it that much better.

LG 49-inch Ultragear DQHD


[ad_2]
Source link

Cobalt Strike 4.9 Released: What’s New!

0
[ad_1]

The latest version of Cobalt Strike 4.9 is now available. This release includes improvements to Cobalt Strike’s post-exploitation capabilities, including the ability to export Beacon without a reflective loader, which adds official support for prepend-style URLs, support for callbacks in many built-in functions, a new in-Beacon data store, and more.

Users who have a valid license can obtain the latest Version 4.9 of the software by either downloading it from the official website or using the update program. It is recommended to read the release notes before installing the update.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

What’s New in Cobalt Strike 4.9?

Update to post-exploitation capabilities of Cobalt Strike

The post-exploitation capabilities of Cobalt Strike have been updated, and the following post-exploitation DLLs now support prepend-style User Defined Reflective Loaders:

  • browserpivot 
  • hashdump 
  • invokeassembly 
  • keylogger 
  • mimikatz 
  • netview 
  • portscan 
  • powershell 
  • screenshot 
  • sshagent

To execute this modification and replace the default reflective loader with a UDRL, a new Aggressor Script hook called POSTEX_RDLL_GENERATE has been introduced.

Export Beacon Without A Reflective Loader

When utilizing UDRLs, Beacon may now be utilized without the exporting reflective loader function. Additionally, this change enhances support for prepend-style UDRLs.  

Callback Support

“We have had a number of requests from our users to make it easier to process the results of certain function calls. This is challenging due to the asynchronous nature of Cobalt Strike’s communications, but this has been addressed in this release by adding callbacks for several built-in functions, ” the company said in its blog.

The following Aggressor Script functions now support callbacks:

  • bnet 
  • beacon_inline_execute 
  • binline_execute 
  • bdllspawn 
  • bexecute_assembly 
  • bhashdump 
  • bmimikatz 
  • bmimikatz_small 
  • bportscan 
  • bpowerpick 
  • bpowershell 
  • bpsinject

Beacon Data Store

Further, in this new release, the company introduced a Beacon Data store that lets you save BOFs and .NET assemblies in Beacon’s memory, enabling the stored items to be run several times without transmitting the item.

Beacon User Data

Beacon User Data is a C structure that allows Reflective Loaders to pass additional data to Beacons. It also enables a Reflective Loader to resolve and provide system call information to Beacon, bypassing the normal system call resolver. BOFs can retrieve a pointer to this data with the BeaconGetCustomUserData function.  

WinHTTP Support

Beacon’s HTTP(S) listener has previously relied on the WinInet library by default. Support for the WinHTTP library has been implemented in response to user input.  

“A new Malleable C2 group, .http-beacon, has been created. Additionally, a .http-beacon.library option has been added to allow you to set the default library used when creating a new HTTP(S) listener”, the company explains.

Host Profile Support for HTTP(S) Listeners

When the Beacon payload is generated, callback host names are given to a single URI, and HTTP(S) parameters and headers are set at the profile or variant level. This implies that all HTTP(S) traffic to that host appears to be extremely similar.  

“We have addressed these limitations by adding a new Malleable C2 profile group – http-host-profiles. This allows you to define HTTP characteristics (URI, headers, and parameters) that will be used for HTTP(S) communications for a specific hostname”, the company said.

Inter-Client Communications

Three new Aggressor Script methods have been introduced to make firing and consuming custom events easier:  custom_event, custom_event_private, and custom_event_<topic-name>.

BOF Updates

Three new APIs have been added to Beacon to support this key/value store:  

BeaconAddValue(const char * key, void * ptr) allows you to add a memory address to a key. 

BeaconGetValue(const char * key) allows you to retrieve the memory address associated with a key. 

BeaconRemoveValue(const char * key) allows you to remove the key.

Sleep Mask Update

The sleep mask processing has been modified to mask Beacon’s patched sleep mask code. 

System Call Updates 

Support for direct and indirect system calls has been added for DuplicateHandle, ReadProcessMemory, and WriteProcessMemory.

Product Security Updates

“A change has been made to authorization files so that they are no longer backward compatible with older versions of Cobalt Strike. This means that the authorization file generated when you update to or install the 4.9 release will not work with any 4.8 versions that you may also need to use”, the company said.

The company also assured that the minimum supported Java version will be updated from Java 8 to Java 11 in the upcoming release.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

Google Makes Passkeys Default for All Users

0
[ad_1]

Google is making passkeys the default option, aiming to replace passwords altogether.

Google announced today that it is making passkeys the default option for users. Passkeys are a new, more secure way to sign in to online accounts that is phishing resistant.

Passkeys use public-key cryptography to authenticate users without the need for passwords. When a user creates a passkey, a public and private key pair is generated. The public key is stored on the website or app that the user is signing in to, and the private key is stored securely on the user’s device.

To sign in with a passkey, the user simply selects the passkey they want to use and authenticates it with their device’s biometric sensor or PIN. This eliminates the need to remember or type in a password.

Google Makes Passkeys Default for All Users
Passkeys UI

Google has been supporting passkeys since May 2022, and the company says that it has received positive feedback from users. The company is now making passkeys the default option in order to encourage more people to use them.

Benefits of passkeys

Passkeys offer a number of benefits over passwords, including:

  • Security: Passkeys are more secure than passwords because they are phishing-resistant and cannot be easily cracked.
  • Convenience: Passkeys are easier to use than passwords because users do not have to remember or type them in.
  • Privacy: Passkeys are more private than passwords because they do not require users to share their personal information with websites and apps.

Timothy Morris, Chief Security Advisor at Tanium, a Kirkland, Washington-based provider of converged endpoint management (XEM) thinks it is a positive development and it will play a vital role in securing user accounts without the complication of remembering long and complex passwords.

“This news is a positive development because you can authenticate faster and you don’t have to remember complex passwords,” Timothy said. However, he argued how users will react to the recovery process of a passkey.

“You can’t just recover your passkey like you can a password. The reason we’re now at this point is because there’s enough resiliency so the recovery key process is much smoother, Timothy added.

How to use passkeys

To use passkeys, you will need to have a device that supports them. Most modern smartphones and computers support passkeys.

To create a passkey, you will need to visit the website or app that you want to sign in to and follow the instructions. Once you have created a passkey, you will be able to use it to sign in to the website or app on any device that supports a passkey.

Takeaway

Google’s decision to make passkeys the default option for users is a welcome one. Passkeys are a more secure, convenient, and private way to sign in to online accounts. I hope that more companies will follow suit and make passkeys the default option for their users as well.

  1. Google offers Dark Web monitoring for US Gmail users
  2. Google Vertex AI Vision: Revolutionizing E-Commerce?
  3. Google’s Latest Android Feature Drop: Dark Web Search for Gmail ID
  4. Mobile Cybersecurity Firm Cirotta Launches Anti-Hacking Phone Cases
  5. Essential Insights on Google Cloud Backup and Disaster Recovery Service
  6. Microsoft launches free Linux memory forensics tool for detecting malware

[ad_2]
Source link

US Galaxy S21 gets October update with dozens of security fixes

0
[ad_1]

Samsung might be hard at work readying the One UI 6.0 update for Galaxy devices, but it hasn’t forgotten to roll out monthly security patches. Following the Galaxy Z Fold 5, Galaxy Z Flip 5, Galaxy S22, and Galaxy A54, the company is now pushing the October security update to the Galaxy S21 series. Like the rest of the devices, the 2021 Galaxy flagships are also initially getting the update in the US. A global rollout should follow in the coming days.

Samsung’s October update reaches the Galaxy S21 in the US

As of this writing, the October SMR (Security Maintenance Release) is available for the carrier-locked variants of the Galaxy S21, Galaxy S21+, and Galaxy S21 Ultra in the US. The update comes with the firmware build number G991USQS9EWI2. We can confirm its availability for users on Dish, T-Mobile, and Sprint networks. Samsung will soon expand the rollout to other networks. Unlocked units should also get the latest security patch shortly.

The official changelog supplied by the Korean behemoth confirms that this update doesn’t bring anything notable to the Galaxy S21 trio. It’s all about this month’s security patches, which we will discuss in detail later in this article. Samsung isn’t pushing any new features to the phones. That was expected considering that One UI 6.0 is nearing a stable release. The new One UI version brings Android 14 to the Galaxy family, introducing tons of new features.

Nonetheless, the October update has a lot to talk about. Samsung’s latest SMR patches a total of 46 security vulnerabilities across the entire Galaxy lineup. Some of these are critical patches, while others are less severe issues. The company says 12 security flaws patched this month are exclusive to Galaxy devices. These vulnerabilities don’t exist on Android products from other brands.

If you’re using a Galaxy S21, Galaxy S21+, or Galaxy S21 Ultra in the US, all of these security patches will be available to your phone with the latest update, Watch out for a notification prompting you to download the update over the air (OTA). You can also manually check for OTA updates on your Galaxy. Go to the Settings app, scroll down to the Software update menu, and tap on Download and install. If there’s no update available, check again later.

The One UI 6.0 update may roll out later this month

Samsung is currently testing the One UI 6.0 update among the public. It’s running beta programs for the Galaxy S23, Galaxy S22, Galaxy S21, the latest foldables, and a couple of Galaxy A series mid-range models. The stable version is expected to be available later this month, at least for the Galaxy S23 series. Others could follow in early November. We will keep you posted on the updates.


[ad_2]
Source link

5G patent rankings: Top players and key contributors

0
[ad_1]
5G Logo Illustration AH May 6 19

The 5G wireless networking technology has been available for several years now. The world’s first 5G smartphone debuted in April 2019. However, the majority of the world’s population doesn’t yet have access to 5G. According to the Swedish networking company Ericsson, only 35 percent of the global population was covered by 5G networks at the end of 2022, with the coverage projected to reach 85 percent in 2028.

As 5G deployment increases, the market for 5G SEPs (standard essential patents) licensing is growing too. It is becoming more lucrative than ever. Unsurprisingly, there has been a rapid increase in the number of 5G patent owners in recent years. A market study by LexisNexis reveals there were 131 unique 5G patent holders as of July 2023, up from 32 in 2015.

Overall, the firm confirmed over 60,000 granted 5G patent families globally (30,000 in Europe and the US), currently increasing at a rate of 5,000 patents annually. The top ten owners captured more the three-fourths (76 percent) of the market, but 5G patent ownership is getting “increasingly fragmented.” But who is leading this 5G patent race, let’s dive deeper into the report to find out.

The 5G patent race has familiar names at the top

LexisNexis’ report gives us 5G patent rankings under three different categories. The first category ranks companies according to the number of declared 5G patent families in the European Patent Office (EPO) or the United States Patent and Trademark Office (USPTO). Huawei tops this chart, followed by Qualcomm, Samsung, LG, Nokia, Ericsson, ZTE, and Oppo (the last two companies are joint seventh).

5G patent race rankings 1

Apple, MediaTek, Xiaomi, Sony, and Intel also find themselves in the top 20. However, this ranking sees a substantial shuffling when the Patent Asset Index (PAI) is put under consideration. The PAI represents the strength of a company’s patent portfolio. A higher number of granted patents doesn’t necessarily mean a higher PAI, as some technologies are more valuable and have more significance in the grand scheme of things.

In this ranking, Huawei drops below Qualcomm and Samsung. LG is still at the fourth spot, but Nokia tumbles to the seventh. InterDigital (ranked 14th in the previous chart) climbs up to fifth. Oppo (7th to 12th), Asus (22nd to 15th), BlackBerry (34th to 23rd), Kyocera (27th to 36th), Deutsche Telecom (41st to 53rd), Langbo (24th to 40th), Cisco (56th to 45th), Brevet Capital (45th to 33rd), and Orage (56th to 74th) are other big movers in either direction.

Companies that moved from a lower rank to a higher rank have a stronger patent portfolio with fewer patent families. It’s the other way around for companies that dropped to a lower rank. They have more granted patents, but their Patent Asset Index is lower. The report states that only about 10-20 percent of declared 5G patents are truly essential, so some companies may have fewer essential patents.

Top companies contribute more to the 3GPP

This report also ranks companies according to their contributions to the 3GPP (3rd Generation Partnership Project), the organization that develops the 5G wireless standard. Top companies usually make bigger contributions, with Huawei, Ericsson, Nokia, Qualcomm, and Samsung capturing the top five spots. Intel, which was ranked 20th and 21st in the previous two charts, is the seventh-biggest contributor to the 3GPP, behind ZTE.

In overall 5G patent rankings (average ranking across the three measurements), Huawei leads over Qualcomm, Samsung, Ericsson, Nokia, and LG, with ZTE, Oppo, NTT, and InterDigital making up the top ten. China has 12 firms in the top 50, followed by the US (10), Japan (7), South Korea (6), and Taiwan (6). The Netherlands and Germany have two each, while one company each from Sweden, Finland, France, Canada, and Ireland made it to the top 50.

Chinese companies also account for almost half (48 percent) of all 5G SEP licensees around the world. The country’s patent agency has granted over 26,000 5G patents, behind the USPTO (28,000). The EPO has granted 15,000 patents. Note that some companies obtain patents for the same technology across multiple jurisdictions. The top five jurisdictions (including South Korea and Japan) currently have around 41,000 unique 5G patent families.

5G patent race rankings 2
5G patent race rankings 3
5G patent race rankings 2
5G patent race rankings 3

The post 5G patent rankings: Top players and key contributors appeared first on Android Headlines.


[ad_2]
Source link

Google Meet update adds 1080p video resolution for groups calls

0
[ad_1]

After bringing the ability to install third-party add-ons directly within the app last month, Google Meet is now getting another useful feature that’s not really related to productivity: 1080p support for group calls.

Previously only available for 1:1 Google Meet calls, full HD support is now being expanded to meetings with three or more participants. Those who own 1080p cameras must select the higher resolution option before entering a meeting because it’s off by default.

According to Google, 1080p is only sent when one or more users are pinning the 1080p-enabled user on a screen large enough to render the high-resolution video feed.

For this to work smoothly, additional bandwidth will be needed to be able to send 1080p video. As expected, if the requirements aren’t met, the app will automatically adjust the resolution. Support for 1080p streaming in groups calls is now available on both Rapid and Scheduled Release domains.

Google confirmed that the new feature is available for free to Google Workspace Business Standard, Business Plus, Enterprise Plus, Enterprise Essentials, Enterprise Standard, Enterprise Starter, Education Plus, and the Teaching and Learning Upgrade.

The new feature is also available to Workspace Individual subscribers, but not to users with personal Google Accounts, at least for the moment.


[ad_2]
Source link

R2R Stomping – New Method to Run the Hidden Code in Binaries

0
[ad_1]

Your perceived reality can differ from the .NET code you observe in debuggers like dnSpy, raising questions about its behavior beyond debugging.

Enhance .NET app startup and latency by using ReadyToRun (R2R) format for AOT compilation, creating larger binaries with both IL code and native versions for improved performance.

CheckPoint researchers recently unveiled a novel method to execute hidden code in ReadyToRun (R2R) .NET binaries by altering the IL code to diverge from pre-compiled native code, leveraging .NET optimization.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

R2R stomping

Originally Microsoft’s, the Dotnet framework is now open-source and cross-platform, supporting languages like C#, F#, VB.NET, and PowerShell. It began with Windows-only closed-source in 2002, but in 2004 the open-source “Mono Project” emerged. 

Microsoft later introduced its own open-source version, .NET Core (2016), evolving into .NET 5 (2020). This research targets .NET Core 3.0+ to .NET 5+ due to the ReadyToRun format.

The traditional .NET assemblies rely on JIT for code execution, causing latency. As dotnet usage grows, solutions focus on reducing JIT reliance and improving startup times through ahead-of-time (AOT) compilation.

Here below, we have mentioned all the primary formats of AOT compilation:-

ReadyToRun (R2R) compiled assemblies include both IL code and native code, conforming to CLI format enriched with a “ManagedNativeHeader” pointing to a “READYTORUN_HEADER” with the signature “0x00525452,” distinguishing them from other CLI images.

ReadyToRun header structure
ReadyToRun header structure (Source – CheckPoint)

R2R stomping alters R2R binaries to make IL code differ from pre-compiled native code, prioritizing native execution. 

However, managed debuggers like dnSpy/dnSpyEx have different optimization settings, leading to distinct code execution, and this method is similar to VBA stomping in MS Office.

R2R Stomping

R2R stomping modifies assembly code to make method IL behavior differ from pre-compiled native code.

Here below, we have mentioned the modification methods:-

  • Compile real – Replace with decoy
  • Compile decoy – Replace with real

Most researchers analyze dotnet assembly at the IL or decompiled C# code level, often using tools like dnSpy/dnSpyEx. However, R2R stomped assembly analysis requires delving deeper into native code.

The R2R stomped assembly analysis demands a unique approach and toolset compared to standard dotnet assembly analysis, with various tools serving specific tasks.

Here, these specific tasks are divided into:-

  • Parsing the ReadyToRun assembly structure (R2RDump, dotPeek)
  • Showing the IL code and interpreted decompiled C# code (ILSpy, dnSpyEx, dotPeek)
  • Locating and disassembling the pre-compiled native code (R2RDump, ILSpy)

Detecting ReadyToRun compilation is straightforward, whether manually or with tools like dotPeek or ILSpy, which can also handle dotnet bundle file formats.

Detection of R2R assembly
Detection of R2R assembly (Source – CheckPoint)

While static, automated detection for production isn’t available, behavioral-based detection remains unaffected by R2R stomping.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

Upgrading your Android device? Read this first

0
[ad_1]

A few tips and how-tos for when you are ready to move to the next Android phone. Backup, transfer, wipe, and move on.

Last month, we wrote an article about what to do when upgrading your iPhone. Since then, we’ve received several requests to do a similar post about Android devices.

Providing uniform and easy to follow instructions is a bit harder to do for Android, because there are many differences between makes, models, language settings, and Operating System (OS) versions. Nonetheless, we will try to provide some guidance for when you are ready to move on to the next model.

We will provide you with some options, but it’s important to realize the difference between transferring your settings and transferring your data. After migrating data (files) only you will need to reinstall all the apps.

1. Back up your data

You can back up content, data, and settings from your phone to your Google Account. You can even set up your device to automatically back up your files.

  • Open your device’s Settings app.
  • Select Google And then Backup.

Tip: If this is your first time, turn on Backup by Google One and follow the on-screen instructions.

Please keep in mind that your Google One backup can take up to 24 hours. When your data is saved, “On” will be showing below the data types you selected.

2. Transfer your data

Cloud storage services like Google Drive, Dropbox, or OneDrive can be used to transfer data between two Android smartphones. You need to upload the files to the cloud storage service from one device and then download them on to the other device.

Alternatively, f you’d rather use a method that doesn’t require an internet connection and your model supports it, you can try using a microSD card. Insert an extra card into your phone and then copy your files to the card with the My Files app.

Some manufacturers provide special methods to transfer data between their models. For example, Samsung allows you to use Smart Switch to transfer contacts, photos, messages, and other types of files, and Xiaomi has introduced the Mi Mover App to transfer data from any phone to a Xiaomi model.

Or you can transfer using short range connections. There are a few different methods to do this, but they are usually limited to data and will not transfer settings between phones of different manufacturers.

  • You can use Bluetooth to transfer data between two Android smartphones. To do this, enable Bluetooth on both smartphones, pair them, and then select the files you want to transfer.
  • If both smartphones support NFC (Near Field Communication), you can transfer data by holding them close to each other. This method is faster than Bluetooth, but both devices need to be very close to each other.
  • Wi-Fi Direct also allows you to transfer data between two Android smartphones without the need for an internet connection. You need to enable Wi-Fi Direct on both smartphones and then select the files you want to transfer.

3. Check your new phone is up-to-date

Install all updates on your new device and check if everything still works. There may be differences in how your new make and model phone works because of a difference in OS and the level of customization by the original equipment manufacturer (OEM).  First make sure you have the latest updates installed. For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device.

Then use your new phone for a day or so. This way you should find any flaws that came with the migration and you may be able to correct them with your old phone still functional.

4. Erase your device

Once you are satisfied everything is working as it should, it’s time to safely retire your old phone.

To remove all data from your Android device, you can reset your device to factory settings. Factory resets are also called formatting or hard resets. As the name implies, this will restore the device back to the state it was in when it left the factory. The process is easy enough, but it can’t be reversed. So, make sure you have everything important backed up first.  On most phones, you can reset your phone through the settings app. If you can’t find the option in your phone’s settings app, you can try factory resetting your phone using its power and volume buttons. We recommend checking your manufacturer’s support site for device-specific instructions.

Once you have created a backup and removed all the data from your device, it is now safe to hand it down, sell it on, or have it recycled. There are plenty of nonprofit organizations and local communities that offer options to help you recycle old electronics.

If you don’t feel like giving them away for free, Amazon offers gift cards for just about any kind of electronics device. And many other companies will give you store credit for your old devices, no matter where you bought them.


We don’t just report on Android security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today.


[ad_2]
Source link