Samsung may have set a January launch date for Galaxy S24

0
[ad_1]

An early launch of the Galaxy S24 series appears confirmed. Following a couple of reports last month, another noted industry insider has just claimed that Samsung plans to unveil the new flagships about a week earlier than their predecessors. Since the Galaxy S23 debuted on February 1 this year, the 2024 models look certain to break cover in January.

Samsung to bring the Galaxy S24 lineup into the market early

In an X/Twitter post earlier today, tipster Revegnus stated that “Samsung is expected to advance the release schedule of the Galaxy S24 by approximately a week compared to its predecessor.” They added that a “January unveiling seems to be confirmed.” The source didn’t give us a date, but we can make a calculated guess based on the Korean firm’s flagship launch history.

Samsung has historically held its Galaxy Unpacked events on a Wednesday, including the Galaxy Z Fold 5 and Galaxy Z Flip 5 launch event on July 26. Going by this, the Galaxy S24 series could break cover on January 24 or January 17, 2024. A previous leak said the company is looking at a date around January 18, while the latest report says one week earlier than the Galaxy S23 launch. Either way, these two dates seem fitting.

We should get a confirmation about Samsung’s plan for its 2024 flagships in the coming months. Rumors are that the company will begin mass production of components in November, almost a month earlier than it did for the Galaxy S23 series. All signs point toward a January unveiling of the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra. We will let you know when we have more information.

The Galaxy Ring may not be part of the Galaxy S24 launch event

Samsung’s long-awaited smart ring may not arrive alongside the Galaxy S24 in early 2024. There have been rumors about the Galaxy Ring being part of the next Unpacked in some capacity, but that looks unlikely. The company reportedly has yet to complete the development work. At best, it could talk about expanding the Galaxy ecosystem to a ring soon. However, the product may not show up at the event.

The Korean media recently reported that Samsung is looking to make the Galaxy Ring available in four sizes. It doesn’t want the smallest one to lack key sensors due to size constraints. These hurdles are delaying its production. Moreover, the company also has to obtain medical approvals for the wearable as it’s a health monitoring device. Considering all this, the Galaxy Ring may not hit the store before 2025.


[ad_2]
Source link

Save $140 on the Pixel Watch for Prime Day

0
[ad_1]

During the latest Pixel event, Google unveiled the Pixel Watch 2. However, if you want to get your hands on the original Pixel Watch, it’s now on a deep discount for Amazon Prime Day. You can get this watch for a whopping $140 off.

The Pixel Watch was the first smartwatch from Google, and it was able to wow people with its amazing design and performance. It has a clean and minimalist design that people have come to love. There’s a crown/button on one side that you use to control your watch.

The Pixel Watch comes with Google’s Wear OS 3, and that’s a massive improvement over Wear OS 2. Not only that, but it will get Wear OS 4 soon enough, so you won’t have to worry about getting left behind in terms of software support.

Speaking of software, this watch comes with a selection of different health and fitness tools that you can use if you’re health-conscious. This means that you’ll be able to take it on your workout and keep track of your health.

When it comes to the battery, Google employs the same Adaptive Battery technology that it uses with its phones. This means that the software will analyze your usage habits and adapt the battery usage to those habits. It will put forth more energy only to what you do and deprioritize what you don’t. This way, the battery life improves.

When it comes to performance, Google optimized the software to work on the hardware flawlessly. This means that you’ll have extremely good performance. It flies through the software. This is important if you want a powerful smartwatch experience. While the second generation in the series is out on the market, you don’t want to ignore this original. It’s still a great buy today.

Pixel Watch – Amazon


[ad_2]
Source link

D-Link Wi-Fi Range Extender Vulnerability Attacks Inject Code

0
[ad_1]

A command injection vulnerability has been discovered in the D-Link DAP-X1860 range extender, allowing threat actors to execute remote code on affected devices. The CVE ID for this vulnerability has been given as CVE-2023-45208, and the severity is being analyzed.

This vulnerability exists in the Wi-Fi network scanning functionality, which threat actors can exploit. D-Link has not yet patched this vulnerability, nor did they respond to any comments regarding this issue. 

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

A threat actor can create a Wi-Fi network with a crafted SSID within the range of the extender and can execute commands during the setup process. Command injection was also possible when using the network scan function of the range extender.

The extender uses the “GetSiteSurvey” SOAP action to identify nearby networks. If any networks have an apostrophe(‘) on their SSID (for example, `Olaf’s Network`), the setup process crashes repeatedly with a response below.

————————————————————————
Error 500: Internal Server Error
CGI program sent malformed HTTP headers: [0   1   *****                **:**:**:**:**:**   WPA2PSK/AES 7        11b/g/n     NONE   In 17       YES      NO
1   1   *****               **:**:**:**:**:** WPA2PSK/AES            24       11b/g/n     NONE   In 13 YES      NO
2   1   *****               **:**:**:**:**:** WPA2PSK/AES            47       11b/g/n/ax  NONE   In 13 YES      NO
3   1   *****               **:**:**:**:**:** WPAPSKWPA2PSK/TKIPAES  81       11b/g/n     NONE   In 7 YES      NO
4   1   *****               **:**:**:**:**:** WPA2PSKWPA3PSK/AES     63       11b/g/n/ax  NONE   In 19 YES      NO
5   1   *****               **:**:**:**:**:** WPA2PSK/AES            44       11b/g/n/ax  NONE   In 5 NO      NO
6   1   Olafs Network **:**:**:**:**:** WPA2PSK/AES 47 11b/g/n/ax NONE In 20 NO NO
sh: 7: not found
sh
————————————————————————
Crash response (Source: Redteam-pentesting)

This can be used for performing a denial-of-service attack on the extender. However, arbitrary command execution can be achieved by including commands on the SSID name, like `uname -a`, which results in the command being executed successfully. 

Error 500: Internal Server Error
CGI program sent malformed HTTP headers: [0   1   *****                **:**:**:**:**:**   WPA2PSK/AES 0        11b/g/n     NONE   In 17       YES      NO
1   1   Test
Linux dlink-rp 4.4.198 #3 SMP Mon Jan 11 10:38:51 CST 2021 mips GNU/Linux
sh: **:**:**:**:**:**: not found
sh: 2: not found
sh: 3: not found
sh: 4: not found
[…]
sh: 40: not
Successful command injection (Source: Redteam-pentesting)


Red team-pen testing has published a complete report about this vulnerability, which provides detailed information about the Proof-of-concept, Security Risk, Timeline, and disclosure of this vulnerability.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

Hackers on WordPress Websites Hacking Spree with Balada Malware

0
[ad_1]

Thousands of WordPress websites have been hacked as hackers exploit a vulnerability in the tagDiv Composer front-end page builder plugin.

  • The vulnerability is tracked as CVE-2023-3169.
  • It lets attackers inject malicious code into a particular location in the site’s database and propagate the code to every public page of the targeted area.
  • Balada malware campaign reportedly exploits a recently patched vulnerability in Newspaper and Newsmag premium themes’ key component tagDiv Composer front-end page builder plugin.
  • After obtaining initial access, attackers can upload backdoors, add malicious plugins, and create admin accounts to gain persistent access.
  • This vulnerability was fixed in the plugin’s version 4.2.

Web developers using WordPress themes Newspaper and Newsmag must remain cautious as a recently patched vulnerability is being exploited to gain full control of a website. The vulnerable plugin is tagDiv Composer, an essential component of the Newspaper and Newsmag themes. These themes are available via the Theme Forest and Envato marketplaces, boasting over 155,000 downloads.

Vietnamese researcher Truoc Phan detected it first. It is tracked as CVE-2023-3169 and carries a severity rating of 7.1 out of 10, which is Medium. It was partially fixed in version 4.1 of tagDiv Composer and fully patched in version 4.2.

According to security firm Sucuri’s researcher Denis Sinegubko, threat actors exploit this cross-site scripting (XSS) vulnerability to inject malicious code in webpages, redirecting visitors to scam or compromised websites.

These sites offer fake tech support, push notification scams, and fraudulent lottery wins to lure users. Push notification scams force users into subscribing by displaying fake captcha dialogues.

Hackers on WordPress Websites Hacking Spree with Balada Malware

The most concerning aspect of this research is that threat actors have already compromised thousands of WordPress websites. On NIST’s National Vulnerability database, it is reported that the tagDiv Composer WordPress plugin versions before 4.2 didn’t have authorization in a REST route and didn’t validate or escape some parameters when outputting them back.

This allows unauthenticated users to conduct Stored Cross-Site Scripting attacks. Exploiting this flaw, an attacker can inject malicious code into a website.

It is worth noting that this vulnerability originated in a malware campaign dubbed Balada by Sucuri. The company has been tracking it since 2017, when it was first detected, and estimates that since 2017, the malware has compromised over one million websites.

In September 2023, Balada injections were seen on more than 17,000 websites and 40,000 users. Over 9,000 of the newly detected infections resulted from injections facilitated by CVE-2023-3169.

Balada group prefers to gain persistent control over compromised websites by injecting scripts that create accounts with administrator rights. When real admins detect it, they remove the redirection but keep the fake admin accounts. The threat actor uses the admin privileges to create a new set of malicious redirect scripts.

Commenting on this story is Chris Hauk, Consumer Privacy Advocate at Pixel Privacy said, “Unfortunately, plugins and themes are favourite targets of hackers looking to exploit weaknesses in the WordPress ecosystem.”

Chris warned that “This flaw was only recently patched in the tagDiv Composer plugin, so there are likely still thousands upon thousands of WordPress sites using the old version of the plugin. WordPress admin should immediately update their plugins and templates to protect against this hack,” he advised.

It is necessary for any web developer or website administrator using WordPress themes Newspaper and Newsmag to inspect the site and event logs to detect signs of infection. Apart from removing malicious scripts, they must check for newly added admin accounts and backdoor code. Those still using the old version must immediately switch to TagDiv version 4.2 to prevent infection.

  1. How To Secure WordPress Website From Cyber Attacks?
  2. Zero-Day Exploit Threatens 200,000 WordPress Websites
  3. 5 WordPress Security Solutions with Free SSL Certificates
  4. Flaws in 2 famous WordPress plugins put millions of sites at risk
  5. Hackers using hacked WordPress & Joomla sites to drop malware

[ad_2]
Source link

The brand new Apple Watch Ultra 2 is $50 off Today

0
[ad_1]

Amazon’s Prime Big Deal Days are going strong, and that includes a pretty nice discount on the new Apple Watch Ultra 2. It’s now $50 off, making it just $749. Not a steep discount, but remember, this did just come out last month. So this is a pretty good discount in that regard.

The Apple Watch Ultra 2 has been pretty popular, like its predecessor, because of the bigger display and battery life. So this is a 49mm watch, and the battery life is double what the regular Apple Watch is. Apple claims about 36 hours of usage here. But you’ll likely get 2-3 days of use.

You also get a dedicated button, which Apple calls the Action Button here. You can map this to do all sorts of things. Like starting a workout. The Apple Watch Ultra 2 does run on watchOS 10, which was a pretty big upgrade this year for the Apple Watch, including bringing widgets over to the wrist.

It’s a really good watch to pick up, especially if you’re already in the Apple ecosystem, and it will last. That is because this is a titanium watch, with a sapphire display. Meaning that it’s going to be pretty tough to scratch this one up.

You can pick up the Apple Watch Ultra 2 from Amazon at the link below. Remember this deal is available during Prime Big Deal Days only, ending on October 11, at 11:59PM PT. You also need to be a Prime member to get this deal, which you can sign up for a free trial here.

Apple Watch Ultra 2 – Amazon


[ad_2]
Source link

Save $80 on the OnePlus Pad for Amazon Prime Day

0
[ad_1]

Earlier this year, OnePlus released its first table, and it’s an affordable device. Well, the OnePlus Pad is even more affordable during Amazon Prime Day. The OnePlus Pad is now even more affordable with the deep $80 discount bringing the price down to $399.99 from $79.99.

One of the best qualities of this tablet is the display. The OnePlus Pad has an 11.61-inch LCD display with an impressive 144Hz refresh rate. While it’s an LCD display, it’s still a beautiful and colorful display. It has a unique 7:5 aspect ratio that OnePlus calls the ReadFit display. It’s great for reading content.

Moving onto the internals, this tablet uses the powerful Dimensity 9000 SoC. This delivers a ton of power with excellent performance and gaming chops. Backing that up, we have 8GB of RAM that can be extended to 12GB via storage.

The OnePlus Pad has a set of powerful quad speakers. They deliver a powerful sound that will greatly augment the movies, TV shows, or games that you’re playing. It’s there if you need to put your Bluetooth speaker away. The speakers also have Dolby Atmos, so you’ll be able to tune the audio to your liking.

The OnePlus Pad comes with Android 13 out of the box, and OnePlus did a great job optimizing OxygenOS to work on the tablet. This is thanks to the work that Google did to make Android more tablet-friendly. So, everything in the software just flows and reacts perfectly.

When it comes to gaming, the software has a game boost that will overclock the processor and give you amazing gaming performance. You can play through graphically intensive games like Genshin Impact at their highest settings without a hiccup. It’s definitely the tablet to get if you want a powerful tablet experience at a great discount.

OnePlus Pad – Amazon


[ad_2]
Source link

Patent win over Sonos reinstates multiple speaker groups for Google Nest & Chromecast smart speakers

0
[ad_1]
It’s been quite the ride since 2020 when a legal war began between Sonos and Google, claiming theft and patent infringement, resulting in an import ban on a number of Google smart home products including Nest, Chromecast, and Pixel smartphones. Additionally, as the two companies have continued to go back and forth suing each other, the consumer paid the price by losing key functionality on their devices.
One of the changes Google had to implement in order to comply with the cease and desist court order that was placed on the company, was to make changes to the way its smart home devices could be controlled by users. After a software update, Google removed the ability to add Nest speakers, displays, and Chromecast devices to multiple speaker groups, among other software limitations.
Today, in a scathing blog post, Google has provided an update on the ongoing case, adding that last week a federal judge ruled in its favor when it pertains to two of the patents in question. The court wrote the below in its decision:

Devices will now be able to live in multiple speaker groups

Following the announcement of the legal decision, Google swiftly took to its Google Nest Community with a post advising that it will be rolling back the changes made to speaker groups where devices could only belong to one speaker group at a time. Therefore, an update to the Google Home app for Android will be coming in the next 48 hours and soon on iOS. Affected units, such as Nest speakers, displays, and Chromecast devices, will also be updated with this change.
While this is great news for those of us that own Google smart speakers, let’s not all celebrate too soon. According to Reuters (via 9to5Google), Sonos has responded to the decision by stating that it was “wrong on both the facts and the law” and that an appeal would follow. Let’s hope this war between Google and Sonos doesn’t continue to affect us, the consumers.

[ad_2]
Source link

Hidden Linux Filesystems to Store Sensitive Data

0
[ad_1]

Protecting personal data is a growing concern, with local storage as the last line of defense. Even here, precautions are needed against adversaries like thieves, and at this point, disk encryption offers solutions for this threat.

But disk encryption alone can’t protect against powerful adversaries who can coerce users into revealing encryption keys. 

Plausible deniability (PD) is a security measure to hide crucial data’s existence, allowing users to deny its presence to violent adversaries.

Elia Anzuoni and Tommaso Gagliardoni from their following respective university and organizations recently unveiled “Shufflecake,” a stealthy data concealment technique, inheriting the legacy of TrueCrypt and VeraCrypt:-

  • EPFL, Switzerland
  • Kudelski Security, Switzerlan
Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Shufflecake Hidden Linux Filesystems

Plausible deniability (PD) approaches vary by the storage layer they target, with filesystem-level and FTL-level options. 

Each has pros and cons, but adversaries can compromise layer-specific solutions with access to lower layers.

A robust plausible deniability (PD) approach operates at the block layer, using a block device interface with bRead and bWrite methods. 

This framework formats one device with multiple encrypted volumes, including decoy volumes. Even after surrendering passwords for decoy volumes, PD ensures the hidden volumes remain undetectable to adversaries.

Early PD research mainly focused on single-snapshot adversaries, assuming devices would only be checked once. However, modern storage, especially SSDs, can leave traces of data changes, challenging single-snapshot security. This scenario is addressed in multi-snapshot security models.

Addressing multi-snapshot attacks in PD systems, especially with TrueCrypt and derivatives, poses challenges. Some solutions, like oblivious random access machines (ORAMs), offer multi-snapshot security but at significant performance costs. 

WoORAMs, which obfuscate write requests, provide an efficient alternative for post-arrest physical layer adversaries, sparking a new research direction for multi-snapshot-resistant PD solutions.

The landscape of available PD solutions has usability and security gaps, with limited adoption. VeraCrypt is the most widespread but has limitations. 

WoORAM-based alternatives have potential but suffer significant performance drawbacks. Additionally, read requests’ impact on the physical device state is uncertain. 

Many PD solutions, including TrueCrypt, may unintentionally leak hidden data through OS behaviors. A versatile PD solution balancing security and usability is lacking, particularly for Linux.

Shufflecake’s disk layout
Shufflecake’s disk layout (Source – Arxiv)

The device’s storage is divided into a header and data sections. The header includes a fixed-size DMB and equal-sized volume headers, preventing easy volume count deduction by header size.

Shufflecake offers operational advantages over TrueCrypt and is open-source to build trust and encourage community contributions for future enhancements.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

AI sneak attacks, location spying, and definitely not malware, or, what one teenager fears online: Lock and Code S04E21

0
[ad_1]

This week on the Lock and Code podcast, we speak with Bay Area teenager Nitya Sharma—for the second year in a row—about what she’s most worried about online and what she does to stay safe.

This week on the Lock and Code podcast…

What are you most worried about online? And what are you doing to stay safe? 

Depending on who you are, those could be very different answers, but for teenagers and members of Generation Z, the internet isn’t so scary because of traditional threats like malware and viruses. Instead, the internet is scary because of what it can expose. To Gen Z, a feared internet is one that is vindictive and cruel—an internet that reveals private information that Gen Z fears could harm their relationships with family and friends, damage their reputations, and even lead to their being bullied and physically harmed. 

Those are some of the findings from Malwarebytes’ latest research into the cybersecurity and online privacy beliefs and behaviors of people across the United States and Canada this year.

Titled “Everyone’s afraid of the internet and no one’s sure what to do about it,” Malwarebytes’ new report shows that 81 percent of Gen Z worries about having personal, private information exposed—like their sexual orientations, personal struggles, medical history, and relationship issues (compared to 75 percent of non-Gen Zers). And 61 percent of Gen Zers worry about having embarrassing or compromising photos or videos shared online (compared to 55% of non Gen Zers). Not only that, 36 percent worry about being bullied because of that info being exposed, while 34 percent worry about being physically harmed. For those outside of Gen Z, those numbers are a lot lower—only 22 percent worry about bullying, and 27 percent worry about being physically harmed.

Does this mean Gen Z is uniquely careful to prevent just that type of information from being exposed online? Not exactly. They talk more frequently to strangers online, they more frequently share personal information on social media, and they share photos and videos on public forums more than anyone—all things that leave a trail of information that could be gathered against them.

Today, on the Lock and Code podcast with host David Ruiz, we drill down into what, specifically, a Bay Area teenager is afraid of when using the internet, and what she does to stay safe. Visiting the Lock and Code podcast for the second year in the row is Nitya Sharma, discussing AI “sneak attacks,” political disinformation campaigns, the unannounced location tracking of Snapchat, and why she simply cannot be bothered about malware. 

“I know that there’s a threat of sharing information with bad people and then abusing it, but I just don’t know what you would do with it. Show up to my house and try to kill me?” 

Tune in today to listen to the full conversation.

To read the full report, click below. 

Read the report

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)


[ad_2]
Source link