OnePlus Open foldable will launch “soon”, company confirms

0
[ad_1]

OnePlus will announce its first-ever foldable smartphone soon. The company confirmed, during TechCrunch Disrupt 2023, that the OnePlus Open will launch “soon”.

The OnePlus Open will launch “soon”, OnePlus confirms

Do note that OnePlus didn’t specifically name it the ‘OnePlus Fold’, but that name did get confirmed not long ago. OnePlus said that this new device is “set to redefine the concept of foldable smartphones by delivering all-around flagship-level experiences in a compact foldable form factor”.

The company also promised that more details regarding the device “will be available soon on the official OnePlus website, OnePlus forums, and social media channels”.

So, it seems like the OnePlus Open is right around the corner, as we expected. The phone is rumored to launch in early October, and yes, it will be globally available.

In fact, the OnePlus Open is said to be exactly the same phone as the OPPO Find N3, as far as the design is concerned. That device didn’t launch yet either, by the way, so keep that in mind. One will ship with OxygenOS and the other with ColorOS. The Find N3 will likely be exclusive to China, though.

OnePlus marked its 10th anniversary

Now, during the TechCrunch Disrupt 2023, OnePlus also marked its 10th anniversary. The company said that over the past decade, they always “sought to do the right thing in the right way”.

Over the last 10 years, the company launched some truly notable devices. It managed to get a lot of attention from the get-go. The OnePlus One is a well-known smartphone in tech circles.

The OnePlus 11 is a competitively-priced current-gen flagship, and the OnePlus Open is aiming to deliver more competition to the global foldable smartphone market.

The OPPO Find N and Find N2 were very compelling smartphones, and it’s a shame they were China-exclusive. OnePlus is aiming to bring that expertise to global markets, so let’s see what will the OnePlus Open aka Find N3 have to offer. In case you find this confusing, OnePlus and OPPO are sister companies.


[ad_2]
Source link

Wearable market returns to growth after six months of decline

0
[ad_1]

The global wearable market has returned to growth after two successive quarters of year-on-year (YoY) decline in shipments. According to research firm Canalys, the industry shipped 44.2 million units of wearable devices in Q2 2023. That’s a six percent annual growth from the same period last year. The firm had reported an 18 percent YoY decline in the year-ending quarter of 2022, followed by a one percent decline in the first three months of 2023.

As has been the trend lately, the basic watch category registered the biggest growth across the market. It accounted for 44 percent of the whole market this past quarter, the biggest share of the category yet. Shipments of basic watches grew in the previous quarters as well, despite an overall decline in wearable shipments. This is thanks to a phenomenal rate of low-cost smartwatch adoption in India, the world’s most populous country.

The Indian wearable market saw a 73 percent growth in sales of basic watches this past quarter, the report states. Local companies like Noise, Boat, and Fire-Boltt led the charge with entry-level models offering exceptional value to consumers. Fire-Boltt, for example, had an average selling price below $19. This, coupled with affordable products from Huawei, Xiaomi, and Huami ensured that basic watches continued their phenomenal sales momentum in India.

Canalys Q2 2023 global wearable market 2

The basic band category, which has been steadily declining in recent years, saw a further drop in shipments in Q2 2023. This category captured 19 percent of the global market. Shipments of smartwatches, meanwhile, mostly remained flat YoY from last year. As usual, the category should see notable growth in the third and fourth quarters. Samsung’s Galaxy Watch 6, Apple’s Watch 9, and Google’s Pixel Watch 2 should drive smartwatch sales.

Apple continued to top the global wearable market in Q2 2023

Apple has been the world’s largest smartwatch company for the past several years. It continues to top the market despite a three percent annual decline in shipments and the emergence of new Indian brands. Noise and Fire-Boltt have both made it into the top five with eight percent and seven percent market share, respectively. Their shipments grew a whopping 93 percent and 86 percent in Q2 2023.

However, they are nowhere close to Apple, which captured 20 percent of the global wearable market this past quarter. Xiaomi (11 percent) and Huawei (10 percent) sit below the Cupertino giant. While Xiaomi’s shipment remained flat, Huawei registered a 13 percent growth. Samsung has dropped out of the chart but could make it back in the second half of the year if the Galaxy Watch 6 series sells well.

Canalys Q2 2023 global wearable market


[ad_2]
Source link

Fortinet FortiOS Security Flaw Allows Malicious Code to Be Executed

0
[ad_1]

Recent reports indicate that Fortinet FortiOS has been discovered with Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, which threat actors can use for malicious purposes.

These vulnerabilities have been given the CVE IDs CVE-2023-29183 and CVE-2023-34984. The severity of these vulnerabilities has been categorized as CVE-2023-29183 – 5.4 (Medium) and CVE-2023-34984 – 8.8 (High) by NVD.

Document
Get a Demo

With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.

Cross-Site Scripting (XSS): CVE-2023-29183

This vulnerability exists due to improper input neutralization during web page generation, which could allow an authenticated attacker to execute a malicious JavaScript code through a crafted guest management setting.

Fortinet has given the severity for this vulnerability as 7.3 (High). 

Affected Products and fixed in version

ProductAffected VersionFixed in Version
FortiProxy7.2.0 through 7.2.47.0.0 through 7.0.107.2.5 or above7.0.11 or above
FortiOS7.2.0 through 7.2.4,7.0.0 through 7.0.11,6.4.0 through 6.4.12,6.2.0 through 6.2.147.4.0 or above7.2.5 or above7.0.12 or above6.4.13 or above6.2.15 or above

Cross-Site Request Forgery (CSRF): CVE-2023-34984

This vulnerability exists due to a failure in the protection mechanism in FortiWeb, which could allow a threat actor to bypass CSRF and XSS protections. The severity for this vulnerability has been given as 8.8 (High).

Two security advisories have been published by Fortiguard, which provide detailed information regarding the component affected and other information.

Affected Products and fixed in version

ProductAffected VersionFixed in Version
FortiWeb7.2.0 through 7.2.17.0.0 through 7.0.66.4 all versions6.3 all versions7.2.2 or above7.0.7 or above

Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited by threat actors.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Google Pixel 4a reaches end of life, it may be time to upgrade

0
[ad_1]

The Google Pixel 4a has come to a point where it will no longer be getting updates, it reached its end of life, as people say. Google pushed out the September 2023 update to its Pixel phones, but not the Pixel 4a.

Google’s Pixel 4a phone reached end of life, it will no longer be getting updates

Just to be clear, we’re talking about the regular Pixel 4a here, not the 5G model. The Pixel 4a 5G did get the update, and it will still continue getting them. That phone has a different SoC, and it’s also newer at the same time.

Google officially confirmed that it won’t change its original plan to end support with the August 2023 update. Google never planned on pushing out Android 14 to the Pixel 4a, and it’s sticking to that decision.

The Pixel 4a 5G, on the other hand, will not only get Android 14 which will go out in the near future, but will also keep getting updates for one more year. Android 14 will be its last major Android update, though.

The phone launched three years ago

Google launched the Pixel 4a back in August 2020. The phone is three years old at this point. It features an understated design, and modest specs by today’s standards. It was rather affordable at the time, though, and offered solid performance, and a good camera.

The phone is made out of plastic, and equipped with the Snapdragon 730G SoC. It also includes 6GB of RAM and 128GB of storage. A 12.2-megapixel camera sits on its back, while it originally shipped with Android 10.

That phone was succeeded by the Pixel 5a, 6a, and 7a. The Pixel 8a is expected to arrive next year, but if you’re looking for a new Pixel device at the moment, the Pixel 7a is the way to go. You may also consider getting the Pixel 7, as it’s not that much more expensive than the 7a, and it offers a lot more value.


[ad_2]
Source link

iPhone 15 May Charge Faster Than Apple Claims!

0
[ad_1]

The iPhone 15 left us with a nasty surprise when Apple unveiled it about a week ago. And that was its charging speed. Now while many did not expect it to jump up to 100W charging like some Android phones, we were hoping for faster charging than 20W, thanks to the move to USB-C. But that didn’t happen.

If you take a look at Apple’s website, it is quoting that the iPhone 15 charging speed is 20W. Though not word for word, what Apple actually says is that you can get a 50% charge in 30 or 35 minutes “with 20W adapter or higher”. So many of us took that to mean, it’s still 20W charging, which is technically true. However, in testing, it appears that the iPhone 15 and iPhone 15 Pro can actually charge at up to 27W, with an appropriate charger.

This is believable, but more testing is needed

This is believable, since the iPhone 14 series was able to charge a bit faster than Apple was touting. It was around 25W in independent tests. So not a huge surprise here, to see it charging a tiny bit faster than even its predecessor. So why is Apple only touting 20W? Well, they kinda aren’t. Since they are saying 20W or higher, adapter.

Of course, it’s still far slower than phones like the OnePlus 11, which can charge at over 100W and be fully charged in less than 30 minutes – not only half way charged.

We’ll have to do some testing once the iPhone 15 comes out on Friday to see if this is indeed accurate. So far, the only people with an iPhone 15 were those under embargo with Apple, that attended the event last week. And they won’t say anything bad about Apple, out of fear of not getting units early again. So do keep that in mind with these reviews.


[ad_2]
Source link

BlackCat Ransomware Leveraging Remote Monitoring Tools

0
[ad_1]
BlackCat Ransomware

BlackCat Ransomware variant Sphynx has been newly identified with additional features used for encrypting Azure Storage accounts. This Sphynx variant of BlackCat was first discovered in March and was upgraded in May, which added the Exmatter exfiltration tool. 

Another version of Sphynx was released in August, which included new command-line arguments that can override the credentials inside the config files obtained from compromised systems.

Microsoft published a post in August that mentioned the inclusion of Impacket (for credential dumping and remote service execution) and Remcom tools. In addition, it also consisted of some compromised credentials that are used for lateral movement and further ransomware deployment.

“This BlackCat version also has the Remcom hacktool embedded in the executable for remote code execution. The file also contains hardcoded compromised target credentials that actors use for lateral movement and further ransomware deployment.” reads the thread by Microsoft on Twitter.

Threat Actors Access Azure portal

Threat actors could steal Azure keys by accessing the customer’s Azure portal. These keys were then base64 encoded and embedded with the ransomware binary with command line executions.

An -o argument was included in the command line arguments, which targets an Azure storage account name and access key; this binary was executed multiple times with 39 unique Azure Storage accounts, resulting in encrypting them with ransomware.

Document
FREE Webinar

Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.

During this operation, threat actors used tools like AnyDesk, SplashTop, and Atera combined with the Chrome browser to access the LastPass vault browser extension. Moreover, threat actors also obtained OTP for accessing the Sophos Central account for managing other Sophos products.

On investigating further, it was found that threat actors proceeded to change the security policies and tamper protection before encrypting the systems and Azure Storage accounts with IzBEIHCMxAuKmis6.exe with the extension .zk09cvt. 

Ransomware note (Source: @SophosXOps/infosec.exchange)

Notable Change

Denoting the changes mentioned by IBM, this Sphynx variant of BlackCat does not include -access-token parameter but instead it now uses keys like ‘-8UwUubTNYzygbQPJF -x_ -NI3_zn6Jr -U8Z -hedu5PO -CBJC7jzy -HFVmgW -DK3rdo’ and includes a set of more complex arguments.

Sophos provides detailed information about the operation, source code, and indicators of compromise of this variant of BlackCat.

It is highly recommended that organizations implement and adhere to necessary precautions and measures to effectively prevent and combat the occurrence of ransomware attacks. Such proactive and vigilant steps can significantly reduce the risk of devastating consequences that may result from these malicious attacks.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Compromised Free Download Manager website was delivering malware for years

0
[ad_1]

After three years of delivering malware to selected visitors, Free Download Manager was alerted to the fact that its website had been compromised.

In a public announcement, Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware.

Free Download Manager is—unsurprisingly—a download manager for Windows, macOS, Android, and Linux that allows users to manage their downloads and lets them grab large files, torrents, music, and videos.

In the announcement the service says the actual security incident took place in 2020. So why was the issue only recently discovered?

First and foremost, the cybercriminals only redirected users that aimed for the Linux version of the software.

Not all of these visitors were redirected to the malicious domain. They were “fingerprinted” based on as yet unknown criteria and only some were served the malicious Debian package. According to Free Download Manager the compromised website contained an exception list of IP addresses from various subnets, including those associated with Bing and Google. Visitors from these IP addresses were always given the correct download link.

Furthermore, the victims received a full functional Free Download Manger, so they had no reason to assume that something was amiss, even though some users reported errors that said “Waiting for process: crond” when they tried to shut down or reboot their system.

According to the statement made by Free Download Manager:

“It’s estimated that much less than 0.1% of our visitors might have encountered this issue.”

The number of victims might even have been less, if it weren’t for the fact that several posts on social media, Reddit, StackOverflow, YouTube, and Unix Stack Exchange, pointed to the malicious domain as a reliable source for getting the Free Download Manager tool.

Unfortunately, malware scanners for Linux are considered useless by many home users, and only some companies add them to their endpoint security solution. So, there is not much overlap to be expected between the users of Free Download Manager and those that have deployed an anti-malware solution for Linux systems.

Debian packages are typically used to install software on Debian-based Linux distributions, including Ubuntu. The malicious package dropped an information-stealing script and a crond backdoor that established a reverse shell from the C2 server. Crond is a daemon used to execute cron jobs in the background. It is a service process that handles and executes commands to run automated tasks (cron jobs) in accordance with a specified schedule.

The stealer in question was after system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure).

Remediation

The compromised Free Download Manager website has been replaced. All the Free Download Manager users who downloaded FDM for Linux between 2020 and 2022 should scan their computers for malware.

Malwarebytes Browser Guard users will receive a warning when they try to visit this domain.

Browser Guard blocks fdmpkg.org

Browser Guard blocks fdmpkg.org

Indicators of Compromise (IOCs):

File hashes (SHA-256):

b77f63f14d0b2bde3f4f62f4323aad87194da11d71c117a487e18ff3f2cd468d

2214c7a0256f07ce7b7aab8f61ef9cbaff10a456c8b9f2a97d8f713abd660349

93358bfb6ee0caced889e94cd82f6f417965087203ca9a5fce8dc7f6e1b8a3ea

d73be6e13732d365412d71791e5eb1096c7bb13d6f7fd533d8c04392ca0b69b5

File locations:

/etc/cron.d/collect

/var/tmp/crond

/var/tmp/bs

/var/tmp/atd

IP and domain:

172.111.48.101

fdmpkg.org


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Samsung teases a 200MP zoom camera for smartphones

0
[ad_1]

In September 2021, Samsung launched the world’s first 200MP camera for smartphones. It has since followed up with two more 200MP sensors, one of which is found on the Galaxy S23 Ultra. However, all three of those cameras are wide-angle lenses with short focal lengths, meaning that they can only be used as primary shooters. The company plans to bring the benefits of high-resolution sensors to telephoto cameras with a 200MP zoom lens.

According to Samsung, telephoto cameras are now seen as “the second main camera” instead of just a secondary camera. That’s because of the benefits of optical zoom when taking portrait photos. Main cameras distort close-up shots due to their short shooting distance and wide field of view. “Since the human face’s 3D shape is projected onto the 2D image sensor, the center of the face is extended compared to the face’s peripheral because of the relative distance from the camera,” Samsung explains.

With telephoto cameras, which have a longer focal length and a narrow field of view, the distortion is much lesser. Zoomed-in portrait shots also offer better background blur. However, the relatively small size of zoom cameras means images are of lower resolution and don’t offer the same quality as main cameras. Samsung wants to close this gap. This can be done with ultra-high-resolution telephoto lenses. The Korean firm says it has a vision of making 200MP sensors for zoom photography.

Samsung 200MP zoom camera teaser 1

In a lengthy Newsroom post, Samsung explained how high-resolution zoom cameras could be the next big thing in smartphone photography. It has provided samples and technical insight into this vision. However, the company didn’t reveal when we can expect such sensors from it. Hopefully, it will have more to share about this vision soon. Don’t expect this camera on the Galaxy S24 Ultra, though.

Samsung may downgrade the Galaxy S24 Ultra to a 5x zoom camera

We have come across two contrasting pieces of information surrounding Samsung’s zoom cameras today. On one hand, the company says that zoom cameras have become the second main camera on smartphones. On the other hand, it is downgrading the Galaxy S24 Ultra to a 5x zoom lens from a 10x solution found on the Galaxy S23 Ultra.

It’s reportedly increasing the resolution from 10MP to 50MP. If only the Korean giant could do this without lowering the optical zoom level of the sensor. This change means the Galaxy S24 Ultra won’t have an upper hand over the competition in camera zoom capabilities. Time will tell whether the decision backfires. The Galaxy S24 series is rumored to arrive in January 2024.

Samsung 200MP zoom camera teaser 2


[ad_2]
Source link

AT&T just made a 5G call through a satellite

0
[ad_1]

Move over, AI! There are other innovations getting attention in this modern-day era, and satellite calling is one of them. Several companies are looking to break down the barrier between our phones and the satellites orbiting the Earth. According to Cord Cutters, using the AT&T 5G network, a user was able to make a call through a satellite.

Several companies are looking to usher us into the age of satellite calls. You’re able to make SOS satellite calls using your iPhone. Also, companies like Huawei and Samsung are looking to bring satellite calls to the public. Using this technology, people far away from signal towers will still be able to get a signal. If you’re out in the middle of nowhere, this could come in handy.

An AT&T 5G call was made through a satellite

We’re stepping toward satellite calls, and this call was a major leap forward. Back on September 8th, an AST SpaceMobile engineer was able to successfully complete a call from Maui, Hawaii to Madrid, Spain. This call used AT&T’s 5G network, and it was completed through AST SpaceMobile’s own low-Earth orbit satellite called BlueWalker3.

There are two things that are notable about this call . Firstly, this is a major step forward. This involves a phone call between two regular phones routed through a satellite. Apple’s implementation is restricted to emergency calls, which isn’t a bad thing. It just limits the use case. The call made through AT&T could have been a casual call.

Secondly, the area in Maui was far from any cell tower; it was basically in the middle of nowhere. That call would have been impossible under other circumstances. Ostensibly, this could make dead zones a thing of the past.

AST SpaceMobile has been performing equally incredible feats over the past couple of months. In April this year, the team was able to make the first direct-to-device voice call between Texas and Japan. Then, in June, they made history again by completing the first file download using BlueWalker in a dead zone in Maui. They were able to reach 10Mbps download speeds.

They didn’t stop there, as the team completed the first video call on 4G using the satellite technology. Also, they were able to tap speeds up to 14Mbps. Who knows what milestone the team will pass next?


[ad_2]
Source link

Cryptojacking Attack Leverages AWS Services

0
[ad_1]
AMBERSQUID Cryptojacking

Cryptojacking is a malicious cyberattack in which an attacker stealthily utilizes a victim’s computer or device to mine cryptocurrencies such as Bitcoin or Monero without the victim’s knowledge or agreement.

This usually entails infecting the victim’s PC with malware that mines using the victim’s processing power and resources. 

Security experts at the Sysdig Threat Research Team (TRT) recently uncovered a novel cloud-native cryptojacking attack dubbed “AMBERSQUID” that leverages AWS services.

Novel Cryptojacking Attack

Overlooked services in AMBERSQUID operation can cost victims over $10,000/day. AMBERSQUID exploits the cloud services without AWS resource approval, complicating the incident response by targeting multiple services.

AMBERSQUID was found by analyzing 1.7M Linux Docker images, revealing hidden malicious payloads.

AMBERSQUID attack chain (Source – Sysdig)

The initial container on Docker Hub led to a broader investigation, uncovering accounts initially using basic cryptominer containers before transitioning to AWS-specific services in this analysis.

Here below, we have mentioned all the active Docker Hub accounts:-

  • https://hub.docker.com/u/delbidaluan
  • https://hub.docker.com/u/tegarhuta
  • https://hub.docker.com/u/rizal91
  • https://hub.docker.com/u/krisyantii20
  • https://hub.docker.com/u/avriliahasanah
  • https://hub.docker.com/u/buenosjiji662
  • https://hub.docker.com/u/buenosjiji
  • https://hub.docker.com/u/dellaagustin582
  • https://hub.docker.com/u/jotishoop
  • https://hub.docker.com/u/krisyantii20
  • https://hub.docker.com/u/nainasachie
  • https://hub.docker.com/u/rahmadabdu0
  • https://hub.docker.com/u/robinrobby754

Deep exploration of delbidaluan/epicx reveals an attacker’s GitHub account housing Amplify app source code and mining scripts, employing multiple code versions for evasion.

The delbidaluan/epic container uses entrypoint.sh as ENTRYPOINT, with various images executing distinct scripts in the same format.

The initial script, amplify-role.sh, establishes the ‘AWSCodeCommit-Role,’ a role the attacker uses to grant permissions to AWS Amplify and other services.

Document
FREE Webinar

Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.

AWS Services Exploited

Here below, we have mentioned all the AWS services that are exploited:-

  • AWS Amplify
  • Amazon ECS
  • AWS CodeBuild
  • AWS CloudFormation
  • Amazon EC2 Auto Scaling
  • Amazon SageMaker

Wallets Used

Here below, we have mentioned all the wallets used:-

  • Zephyr
  • Tidecoin
  • Verus
  • Monero
  • QRL
  • Bamboo

Cost to the Victim

In the below chart, costs to the victim were mentioned:-

Cost to the victim (Source – Sysdig)

CSPs like AWS offer diverse services beyond EC2, often overlooked due to limited visibility, but they, too, grant access to computing resources.

Monitor all CSP services for misuse, employ higher-level usage logging if needed, and respond swiftly to detect and contain threats like AMBERSQUID. 

At the moment, this threat targeted the AWS only, but it also underscores risks for other CSPs.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link