Apple Discloses 2 Zero-Day Flaws Exploited to Hack iPhones & Mac

0
[ad_1]

Two Zero-Day flaws have been discovered on Apple Devices affecting macOS, iOS, and iPadOS.

The vulnerabilities involve an arbitrary code execution and a buffer overflow. Reports indicate that these vulnerabilities are being actively exploited.

This is considered a high-risk vulnerability as it requires no user interaction. Apple has swiftly acted on the report and released security patches for fixing these vulnerabilities. These vulnerabilities affected the services ImageIO and Wallet.

As per reports shared with Cyber Security News, threat actors seem to have been using NSO Group’s Pegasus mercenary spyware for exploitation. The exploit also included PassKit, which consists of a maliciously crafted image. 

The exploit chain for these vulnerabilities has been referred to as BLASTPASS by Citizen Lab. Apple stated that enabling the Lockdown Mode will block this attack. 

“Apple’s update will secure devices belonging to regular users, companies, and governments around the globe. The BLASTPASS discovery highlights the incredible value of our collective cybersecurity of supporting civil society organizations.” reads the post by Citizen Lab.

CVE-2023-41064: Buffer Overflow

This vulnerability exists in macOS Ventura 13.5.2, iOS 16.6.1, and iPadOS 16.6.1, which a threat actor can exploit by sending a maliciously crafted image. Processing of the image leads to a buffer overflow, resulting in an arbitrary code execution.

The severity of this vulnerability is yet to be confirmed. However, Apple has released macOS Ventura 13.5.2, iOS 16.6.1, and iPadOS 16.6.1 in order to fix this vulnerability.

CVE-2023-41061:  Arbitrary Code Execution

This vulnerability exists due to a validation issue that can be exploited by threat actors, leading to arbitrary code execution. These vulnerabilities exist in versions prior to Apple watchOS 9.6.2, iOS 16.6.1, and iPadOS 16.6.1.

The severity of this vulnerability is yet to be confirmed. However, Apple has released watchOS 9.6.2 to fix this vulnerability in the Apple watch.

Security Patches Released by Apple

Name and information linkAvailable forRelease date
macOS Ventura 13.5.2macOS Ventura07 Sep 2023
iOS 16.6.1 and iPadOS 16.6.1iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later07 Sep 2023
watchOS 9.6.2Apple Watch Series 4 and later07 Sep 2023

Source: Apple

Detailed information about the exploitation and mitigation is yet to be published. 

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Google’s latest teaser tells us everything to expect on October 4

0
[ad_1]

Google sent out invites for its upcoming Made by Google event on October 4, just last week. And now the hype machine is getting into full gear – ahead of the iPhone 15 announcement next week.

Google has now published a video teasing the event, and showing off some products that you’ve probably seen already. It’s titled “The W8 is Almost Over”. The “W8” part is likely a play at the Watch and Pixel 8 being announced here. It’s a pretty quick video, just 15 seconds long, but we do get a glimpse at the Pixel 8, as well as a Pixel Watch and Pixel Buds Pro. All of which are color-matching in the porcelain color that we saw on the Pixel Simulator earlier this week.

New Pixel 8, same Pixel Watch & Buds

From what we can see in this teaser, which there’s not a lot to go by here, but we’ll do what we can. It looks like the Pixel Watch 2 and Pixel Buds Pro are remaining mostly the same. The Pixel Watch 2 will be an upgrade, and we’ve heard that it will also have a new chipset that should greatly improve battery life. However, the Pixel Buds Pro is likely just new colors. We’ve heard rumors that the Pixel Buds Pro would come in new colors to match the Pixel 8 series: Sky Blue and Porcelain.

Now the Pixel 8 Pro. Despite the ending of the video saying “Google Pixel 8”, it’s clearly showing the Pixel 8 Pro. That’s because we can see three cameras on the back. Even though it’s a single cutout, there’s quite clearly three cameras. So maybe Google is dropping the “Pro” name and just doing a Pixel 8 this year? That would make sense since the Pixel 7 and Pixel 7a are so close together in price, but very different phones.

Finally, this video also confirms that pre-orders will start on October 4. It’s in the fine print at the very bottom of the video.


[ad_2]
Source link

iPhone 15 price increase won’t hurt sales, says analysts

0
[ad_1]

Another day, another group of analysts saying that Apple is raising prices on the iPhone 15 Pro models this year. This time it’s Wedbush saying that Apple will “modestly” increase the price of the iPhone 15 Pro and Pro Max or Ultra models this year.

In a note to investors, Wedbush states that “we believe now is the time to increase iPhone prices modestly. As while Apple will keep the base model prices unchanged the enhanced technology, chips and battery technology in iPhone 15 Pro/Max warrants this strategic pricing move from Apple.”

The firm is also not concerned with sales, despite a price increase this year. And there’s two reasons for that. What Apple retails the iPhone for, and what buyers will actually pay for the iPhone.

Wedbush continues by stating that “importantly we expect some massive discounts/promotions from US carriers over the coming months. Which should further catalyze iPhone 15 sales out of the gate and take the sting of a slight price increase away.”

Analysts are calling this a “mini super cycle”

Every few years, Apple has a super cycle for upgrades. This is when a much larger number of people are going to upgrade than normal, due to some new features, pricing, or what have you. The last super cycle was with the iPhone 12, which was the first iPhone to get 5G support. Now, many believe that this is a “mini super cycle”.

Basically, they believe that Apple will sell more iPhones than normal on the 15 series, but it’s not quite at a super cycle level. That actually might happen with the iPhone 16 next year, if the rumors we are hearing are correct.

Wedbush estimates that about 25% of the 1.2 billion iPhone install base has not upgraded its iPhone in 4 years. So for many people, it’s likely time to do just that. Seeing as they are likely on an iPhone 11 or older.


[ad_2]
Source link

Thread’s keyword search expands to more countries speaking English and Spanish

0
[ad_1]

Meta’s Twitter (now X) competitor Threads is getting its keyword search feature rolling out to more countries now, reports 9to5Mac. At the end of August, the keyword search feature was announced, and it started getting tested in Australia and New Zealand. Now, it’s coming to “most English and Spanish-speaking countries”, as Mark Zuckerberg puts it in a post.

Threads keyword search expands to more countries today


The feature is pretty basic, but nonetheless, introducing it is a step in the right direction for the new social media app. Before having the possibility to search using keywords, users were limited only to searching for other user accounts.

That limitation mostly comes from the fact that Threads is based on Instagram. Instagram doesn’t really need a very specific text-based search anyway, given the fact it’s a photo and video-focused app.

It seems like for now, most English and Spanish-speaking countries will be getting the feature. That, unfortunately, excludes users in the European Union for now, given the fact that Meta’s had some issues with regulations from the EU on data protection. However, it is unclear exactly which countries are getting the feature now, and when will the other ones get it.All in all though, Threads is now on the way to becoming a better alternative to X. Meta’s Twitter-like app was launched in the summer, and has since been updated to include a chronological timeline and desktop access.

[ad_2]
Source link

A history of ransomware: How did it get this far?

0
[ad_1]

Today’s ransomware is the scourge of many organizations. But where did it start?

If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted file(name)s and asked for a ransom, it was far from effective. 

The AIDS Trojan was sent by snail mail on a floppy disk to participants of a WHO conference about HIV. It reached about 20,000 people and medical institutions. On the infected system it added itself to autoexec.bat and waited for 90 reboots before starting an encryption routine of all the files on the C: drive, hid directories, and displayed a ransom note. The ransom note instructed the victim to mail at least $189 to a PO Box in Panama. Not many victims did this, and the symmetric encryption was relatively easy to crack.

Nowadays things have changed quite a bit. Here are a few ways:

No more snail mail and floppy disks

These days, popular delivery methods for ransomware are malspam, malvertising, and vulnerabilities in popular software or networking devices. But what really requires a high speed internet connection is the large amounts of data that ransomware gangs steal from affected networks to add extra leverage to their ransom demands.

Not all files are encrypted

The criminals quickly learned that it is beneficial if the victim is still able to use their device to the extent that they can read the instructions and pay the ransom. So modern day ransomware uses an exclusion list to avoid encrypting files that are essential for the system’s operations.

Payment is made in cryptocurrency

Ransom payments in pseudo-anonymous cryptocurrencies does allow the tracking of payments through the blockchain, but the real identity of the receiver can be hidden until the money is used to make payments or exchanged in fiat currency. The use of cryptocurrency allows cybercriminals to transfer their funds to a place where they feel they can safely use it.

More powerful computers means stronger encryption

Strong encryption routines are relatively resource heavy (a 1989 machine would definitely struggle) but modern machines have hardly any problem with it. Errors that lead to ransomware variants that could be decrypted without paying for the key are become more rare because the criminals learn from each other’s mistakes and a lot of code has been made publicly available. The use of asymmetrical encryption allows encryption routines to do their work without leaving a decryption key behind on the affected system.

Leaked Code

Stolen or leaked code has made it possible for relative beginners to create their own ransomware. As an example, one of the most notorious ransomware gangs (Lockbit) had their ransomware builder leaked online by a disgruntled developer.

Bulletproof hosting

The Dark Web and bulletproof hosting are helpful for criminals in that they allow them to keep websites and other necessary services up for longer. Having to move your leak site and command and control (C2) servers every day would make life a lot harder for ransomware operators since they would have to be prepared for the fact that their sites, compromised or otherwise, would be taken out of their control.

Pen testing tools

Many Initial Access Brokers (IABs) are happy to deploy pen testing tools (i.e. Cobalt Strike) to compromise networks and enable lateral movement once the breach has been established. Penetration testing, or pen testing, is the practice of running controlled attacks on a computer system, network, software, or other application in an attempt to find unpatched vulnerabilities or flaws. By performing pen tests, an organization can find ways to harden its systems against possible future real attacks, and thus make them less exploitable. To this end, some tools were developed that inevitably fell into the hands of criminals.

Protective governments

It also helps criminals that some ransomware gangs are rumored to be allowed by governments as long as they don’t attack domestic machines. Some governments even allegedly sponsor ransomware gangs because they disrupt critical infrastructure of their enemies or competitors. The Commonwealth of Independent States (CIS) is an international organization comprised of Russia and other republics that used to be part of the Soviet Union. There are a number of techniques that ransomware creators commonly use and include in their code to avoid CIS countries, such as hard-coding country names and geographical territories, and checking the system language.

Ransomware as a service

The ransomware as a service (RaaS) model—where ransomware gangs “rent out” their technology on a subscription basis to other groups—makes it possible to scale operations and divide the workload in an effective way. It also makes the “industry” easier to access for less talented cybercriminals.

The RaaS business model also requires mutual trust, which is not always easy to maintain when everyone is trying to stay anonymous. We often see affiliates switch sides after an arrest or an infrastructure shutdown. Others no longer feel like sharing the revenues and feel confident they can do it alone or in a smaller group.

Thankfully, defences against ransomware have evolved too. Here are a few ways to secure your organization:

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

This article was originally presented as a Malwarebytes webinar in German about the history and development of ransomware, hosted by Carrie Mackenzie and Pieter Arntz.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Google offers a sneak peak at the Pixel 8 Series

0
[ad_1]

Shortly after uploading a video showing the products that Google is announcing on October 4, they have now uploaded a slightly longer video showing a peak at the Pixel 8 and Pixel 8 Pro.

This is a 24 second long video, so still not super long. But one thing that you’ll notice here is that the Pixel 8 Pro is matte. That’s something that people have been begging for, for quite some time now. The glossy finish looks great at first, but gets fingerprinted up pretty quickly, and scratched very easily.

The Pixel 8 Pro we know is coming in three colors: Licorice, Sky Blue and Porcelain. The colors of the regular Pixel 8 are a bit of a mystery, but this teaser shows a sort of salmon color for the phone.

As expected, the Pixel 8 is sticking with two cameras, while the Pixel 8 Pro is sticking with three cameras. Just as we’ve seen on the Pixel 6 and Pixel 7 series in the past couple of years. The main difference being telephoto on the Pixel 8 Pro. Both devices are coming with the new temperature sensor too.

Google confirms an October 4 pre-order

Throughout this video, Google confirms at the bottom of the screen that pre-orders will begin on October 4. Now that is not a huge surprise, seeing as Google does typically start pre-orders the same day as the announcement. Usually an hour or so after the event, pre-orders open up. Though there’s no confirmation on when they will ship. Likely within two weeks, though.

It’s a bit surprising that Google is doing these videos now, versus in a week or two, after the iPhone 15 has been announced. Typically, Google and other companies don’t even try to take hype away from Apple with the iPhone announcement, but that’s not the case this year. It seems like Google is very confident in its Pixel 8 series this year, which is a great thing.

Google has also created a landing page for the Pixel 8 series on the Google Store. With more images and information on the Pixel 8.

Screenshot 2023 09 07 at 2 31 18 PM


[ad_2]
Source link

Interoperability in the cryptocurrency space: The role of RENBTC

0
[ad_1]

In the ever-evolving world of cryptocurrency, interoperability has emerged as a crucial factor for the seamless transfer and exchange of digital assets across different blockchain networks. One prominent player in this space is RENBTC, a decentralized cryptocurrency that enables interoperability between Bitcoin (BTC) and Ethereum (ETH) blockchains. This article explores the concept of interoperability, its significance in the cryptocurrency ecosystem, and how RENBTC facilitates cross-chain transactions. Additionally, Quantum FBC App, an online trading platform, provides users to access these interoperable capabilities, allowing them to explore new horizons and capitalize on the huge potential of decentralized apps.

Understanding Interoperability

Interoperability refers to the ability of disparate blockchain networks to communicate and interact with each other. In the context of cryptocurrencies, interoperability enables the transfer of assets between different blockchain platforms without the need for intermediaries or centralized exchanges. It unlocks new possibilities for decentralized applications (dApps) and enhances liquidity and accessibility in the crypto space.

The Importance of Interoperability

Seamless Asset Transfer: Interoperability allows users to move their assets across different blockchain networks effortlessly. This functionality reduces friction and eliminates the need for multiple transactions or conversions, thus saving time and transaction costs.
Enhanced Liquidity: By enabling cross-chain compatibility, interoperability promotes liquidity by bringing together fragmented markets and expanding the pool of potential trading partners. It fosters a more vibrant and efficient cryptocurrency ecosystem.
Diversification and Risk Management: Interoperability allows users to diversify their cryptocurrency holdings across multiple blockchains, reducing the risk of being exposed to a single platform or network. It offers greater flexibility and protection against potential vulnerabilities or disruptions in specific chains.
Bridging Communities: Interoperability encourages collaboration and synergies between different blockchain communities. It enables projects to leverage the strengths and features of multiple platforms, fostering innovation and the development of cross-chain applications.

RENBTC: Bridging Bitcoin and Ethereum

RENBTC is a prominent example of a project that facilitates interoperability in the cryptocurrency space. It serves as a bridge between the Bitcoin and Ethereum blockchains, allowing users to seamlessly transfer their Bitcoin holdings onto the Ethereum network. This cross-chain functionality opens up numerous opportunities for leveraging Bitcoin in the Ethereum ecosystem.

How RENBTC Works

Locking BTC: To initiate the interoperability process, users send their BTC to a specified address controlled by RENBTC. These BTC holdings are then locked, ensuring their security during the cross-chain transfer.
Minting RENBTC: Once the BTC is locked, RENBTC mints an equivalent amount of RENBTC tokens on the Ethereum blockchain. These tokens represent the locked BTC and are compatible with the Ethereum network.
Utilizing RENBTC: With the minted RENBTC tokens, users gain access to the Ethereum ecosystem, enabling them to participate in various DeFi protocols, decentralized exchanges (DEXs), and other Ethereum-based applications.
Redeeming BTC: When users want to move their BTC back to the Bitcoin blockchain, they simply burn their RENBTC tokens on the Ethereum network. Once the burn transaction is confirmed, RENBTC releases the equivalent amount of BTC to the user’s specified address.

Advantages of RENBTC

RENBTC offers several advantages that make it an attractive solution for interoperability:

Security: RENBTC ensures the safety of users’ BTC holdings during the cross-chain transfer process by utilizing a decentralized network of darknodes that maintain the integrity and transparency of the system.
Trustlessness: RENBTC eliminates the need for trust in intermediaries or centralized exchanges. The protocol’s design and the use of smart contracts ensure that transactions occur according to predefined rules without requiring manual intervention.
Privacy: RENBTC values user privacy and does not disclose transaction details or personally identifiable information. This commitment to privacy enhances the overall user experience and protects sensitive information.
Community-Driven: RENBTC is built on a community-driven model, which ensures that decisions and improvements are made collaboratively. This approach fosters transparency, innovation, and a sense of ownership among participants.

Conclusion

Interoperability is a fundamental aspect within the cryptocurrency space, playing a crucial role in facilitating the smooth and efficient transfer of assets across various blockchain networks. RENBTC stands out as a prominent player in this arena, offering innovative cross-chain capabilities that effectively bridge the gap between Bitcoin Era and Ethereum. Embracing interoperability within the cryptocurrency ecosystem not only enhances liquidity and accessibility but also fosters collaboration among different platforms, paving the way for a future that is more interconnected, efficient, and rife with opportunities for growth.


[ad_2]
Source link

How Microsoft’s highly secure environment was breached

0
[ad_1]

An investigation by Microsoft has finally revealed how China-based hackers circumvented its “highly isolated and restricted production environment” in May 2023.

An investigation by Microsoft has finally revealed how China-based hackers circumvented the protections of a “highly isolated and restricted production environment” in May 2023 to unlock sensitive email accounts belonging to US government agencies.

The attack was first reported by Microsoft in July, in an article that left some important questions unanswered. The original article revealed that China-based hackers—dubbed Storm-0558 in accordance with Microsoft’s new threat actor naming scheme—had gained access to email accounts “affecting approximately 25 organizations in the public cloud including government agencies as well as related consumer accounts of individuals likely associated with these organizations.” Ars Technica describes those government accounts as “belonging to the US Departments of State and Commerce.”

The accounts, Microsoft says, were accessed using forged authentication tokens:

Microsoft investigations determined that Storm-0558 gained access to customer email accounts using Outlook Web Access in Exchange Online (OWA) and Outlook.com by forging authentication tokens to access user email. 

Authentication tokens are the computer equivalent of the wristband you get at a concert, or the lanyard you’re issued at a cybersecurity conference. You show your ticket once, and in return you’re given a wrist band or lanyard that you have to keep on display at all times to show you belong.

In the case of Outlook.com, your username and password are the ticket that gets you through the door, and the authentication token is the lanyard you’re given that says you’re allowed to be there.

An attacker with your authentication token can pretend to be you without knowing your password, so tokens need to be hard to forge. To ensure they are, they’re backed by cryptography that hinges on a private cryptographic key that has to be kept very, very, very secure indeed.

The original Microsoft article noted that Storm-0558 “used an acquired [Microsoft account] key to forge tokens to access OWA and Outlook.com” but, crucially, did not say how the attackers were able to get at a key that would have been held in something like a real life version of the Fort Knox-like production environment, described by Microsoft as follows:

Microsoft maintains a highly isolated and restricted production environment. Controls for Microsoft employee access to production infrastructure include background checks, dedicated accounts, secure access workstations, and multi-factor authentication using hardware token devices. Controls in this environment also prevent the use of email, conferencing, web research and other collaboration tools which can lead to common account compromise vectors such as malware infections or phishing, as well as restricting access to systems and data using Just in Time and Just Enough Access policies.

Microsoft provides an answer—what it calls the “most probable mechanism”—to the riddle of how attackers breached all that protection, in its September 6 update.

It starts with a crash in a consumer signing system in 2021. A “crash dump” of the system, which included the key, was moved from the highly secure production environment into Microsoft’s debugging environment so that the cause of the crash could be investigated.

At some point after this occurred, Storm-0558 compromised a Microsoft engineer’s corporate account. That account had access to the debugging environment containing the crash dump with the key, and Storm-0558 was able to retrieve it from there without having to tackle the extensive security of the production environment.

Crucially, mechanisms that should have redacted the key material during the crash dump failed.

As you’d expect, Microsoft explains that it’s gone to great pains to beef up its security as a result, with numerous improvements in the way it handles and detects key materials, among other improvements.

The attack is a great example of just how advanced and persistent Advanced Persistent Threat (APT) actors can be, and why what Microsoft calls an “‘assume breach’ mindset” is so important in modern security. Computer networks are complicated and constantly in flux, and any organization can be breached. Assume you have been breached and monitor your environment accordingly.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Apple iPhone 14 Pro vs Sony Xperia 5 V

0
[ad_1]

Sony introduced its Xperia 5 V handset quite recently, and we’re here to compare it with its direct competition. We’ll compare the Apple iPhone 14 Pro vs Sony Xperia 5 V. The iPhone 15 series is right around the corner, but many of you will hold onto your iPhone 14 Pro, or perhaps even buy it after the iPhone 15 series arrives. Having said that, these two phones are both compact high-end offerings from their respective companies, and each of them has its strengths.

We’ll first list their specifications, and will then compare them across a number of categories. We’ll compare their designs, displays, performance, battery life, cameras, and audio performance. Both of these phones are rather compact, but they’re vastly different, both on the outside, and on the inside.

Specs

Apple iPhone 14 Pro & Sony Xperia 5 V, respectively

Screen size (main):
6.1-inch LTPO Super Retina XDR OLED display (120Hz, HDR10, 2,000 nits)
6.1-inch OLED display (120Hz, 1B colors, HDR10)
Display resolution (main):
2556 x 1179
2520 x 1080
SoC:
Apple A16 Bionic
Qualcomm Snapdragon 8 Gen 2
RAM:
6GB
8GB
Storage:
128GB/256GB/512GB/1TB (NVMe)
128GB/256GB (UFS 3.1)
Rear cameras:
48MP (wide, f/1.8 aperture, dual Pixel PDAF, sensor-shift OIS), 12MP (ultrawide, f/2.2 aperture, PDAF, 1.4um pixel size), 12MP (telephoto, f/2.8 aperture, PDAF, OIS, 3x optical zoom)
48MP (wide, f/1.9 aperture, Dual Pixel PDAF, OIS), 12MP (ultrawide, f/2.2 aperture, Dual Pixel PDAF)
Front cameras:
12MP (f/1.9 aperture, OIS)
12MP (f/2.0 aperture, 1.25um pixel size)
Battery:
3,200mAh
5,000mAh
Charging:
20W wired, 15W MagSafe wirelss, 7.5W Qi wireless (charger not included)
30W wired, wireless, reverse wireless (charger not included)
Dimensions (unfolded):
147.5 x 71.5 x 7.9mm
154 x 68 x 8.6mm
Weight:
206 grams
182 grams
Connectivity:
5G, LTE, NFC, Wi-Fi, USB Type-C/Lightning, Bluetooth 5.3
Security:
3D facial scanning
Side-facing fingerprint scanner
OS:
iOS 16 (upgradable)
Android 13
Price:
$999
€999
Buy:
Apple
Amazon

Apple iPhone 14 Pro vs Sony Xperia 5 V: Design

The moment you look at the two phones, you’ll notice massive differences. The iPhone 14 Pro is shorter and wider than the Sony Xperia 5 V. That’s due to a different aspect ratio, for the most part, as the Xperia 5 V has a tall and narrow 21:9 aspect ratio. The iPhone 14 Pro is also considerably heavier at 206 grams, compared to 182 grams of the Xperia 5 V. That’s mainly due to its stainless steel frame.

Apple’s handset has uniform bezels, and a pill-shaped cutout on the front. The Xperia 5 V doesn’t have any cutouts on the display, but its top and bottom bezels are a bit thicker than the side ones. Both phones do have flat displays, and flat sides. The Xperia 5 V is a bit more comfortable to hold, though, due to nicely chamfered edges and the fact it’s lighter than the iPhone 14 Pro.

On the back, the iPhone 14 Pro has its recognizable triple camera setup in the top-left corner. The Xperia 5 V has two cameras, which are also located in the top-left corner. That setup looks vastly different, though. Both smartphones are quite slippery, and both offer IP68 certification for water and dust resistance. The premium feel is present with both of them. Do note that using the two phones is considerably different, as they feel entirely different in the hand. The Xperia 5 V is considerably narrower and taller, while being lighter. Trying out both may be the best course of action.

Apple iPhone 14 Pro vs Sony Xperia 5 V: Display

The iPhone 14 Pro includes a 6.1-inch 2556 x 1179 LTPO Super Retina XDR OLED display. That is a flat display with a 120Hz refresh rate, and HDR10 support. Dolby Vision support is also included, and the panel goes all the way up to 2,000 nits of brightness at its peak. This display has a 19.5:9 aspect ratio, and it is protected by the Ceramic Shield glass.

iPhone 14 Pro image 101

The Sony Xperia 5 V, on the flip side, includes a 6.1-inch 2520 x 1080 OLED panel. That display is flat, and has a 120Hz refresh rate. It can project up to 1 billion colors, and supports HDR10 content too. The display aspect ratio here is 21:9, while the panel is protected by the Gorilla Glass Victus 2.

Now, both of these displays are great. They’re more than sharp enough, and provide you with vivid colors, and good viewing angles. The blacks are also deep on both displays. The iPhone 14 Pro’s display does have one advantage, though, its brightness. It does get brighter than the Xperia 5 V’s panel, even though that one is far from being dim. It’s something to consider if you’re out in direct sunlight often.

Apple iPhone 14 Pro vs Sony Xperia 5 V: Performance

The iPhone 14 Pro is fueled by the Apple A16 Bionic processor. It also includes 6GB of RAM, and NVMe storage. The Xperia 5 V ships with the Snapdragon 8 Gen 2 SoC from Qualcomm, while it also includes 8GB of RAM and UFS 3.1 flash storage. These phones have two of the most powerful mobile processors out in the market, and yes, both smartphones perform admirably.

Their software experiences are entirely different, but both offer outstanding performance. They’re both smooth at all times, and handle multitasking like champs. Even when it comes to gaming, there are no issues for either smartphone. Whatever you download from their respective app stores, these two smartphones will be able to handle. Even the most graphically intensive games are included in that estimate. So, no worries there.

Apple iPhone 14 Pro vs Sony Xperia 5 V: Battery

The iPhone 14 Pro includes a 3,200mAh battery, while the Xperia 5 V comes with a 5,000mAh unit. Apple’s iPhone handsets usually need considerably less juice than Android phones, which is why the difference is that noticeable. In regards to actual battery life, the Xperia 5 V does offer more, actually. Whereas the iPhone 14 Pro can cross the 7-hour screen-on-time mark, the Xperia 5 V goes above and beyond that.

Getting over 8 hours of screen-on-time, or for some people 9 hours is doable. It all depends on how you use your phone, and what apps you have on there, of course, in addition to your signal strength. So, do note that your mileage may vary when it comes to battery life, you may get entirely different results. One thing is for sure, both smartphones do offer good battery life, so there’s nothing to worry about here.

When it comes to charging, neither smartphone is particularly fast. The iPhone 14 Pro supports 20W wired, 15W MagSafe wireless, and 7.5W Qi wireless charging. The Xperia 5 V supports 30W wired, 15W wireless, and reverse wireless charging. One thing to note is that neither smartphone ships with a charger in the box, so you’ll need to get a compatible charger in order to keep them charged.

Apple iPhone 14 Pro vs Sony Xperia 5 V: Cameras

The iPhone 14 Pro has three cameras on the back. A 48-megapixel main camera (f/1.8 aperture, dual pixel PDAF, sensor-shift OIS) is backed by a 12-megapixel ultrawide camera (120-degree FoV), and a 12-megapixel telephoto unit (3x optical zoom). The Sony Xperia 5 V has a 48-megapixel main camera (f/1.9 aperture, dual pixel PDAF, OIS), and a 12-megapixel ultrawide unit, so two cameras.

iphone 14 pro AM AH 1

The images these two phones provide are a bit different, though both smartphones do a good job. The ones from the iPhone are closer to what you’d actually see, while the processing is a bit more aggressive on the ZenFone 10. The iPhone 14 Pro usually tends to retain a bit more detail when you pixel peep, but the ZenFone 10 will basically never blow up the highlights, unlike the iPhone 14 Pro. That’s something the phone still struggles with from time to time.

When it comes to low light images, the iPhone 14 Pro does a slightly better job overall. It manages to pull a bit more detail in such situations, especially from the shadows. It also tends to be faster when capturing low light images. Both ultrawide cameras are good in regular lighting, but we’d advise using main cameras in low light. The iPhone 14 Pro wins in the telephoto department, of course.

Audio

Both of these smartphones come with a set of stereo speakers. Those speakers are good on both smartphones, and actually almost equally loud. They provide pleasant, well-balanced sound, well, unless you’re a real stickler for details, of course. All in all, the speakers are quite good.

The ZenFone 10 even comes with an audio jack, which is not something we see often on smartphones, let alone high-end ones. If you prefer wireless audio, you’ll be glad to hear that both devices support Bluetooth 5.3.


[ad_2]
Source link

New Chaes malware is targeting banks & industries

0
[ad_1]

Threat actors are always on the lookout for new means to gain unauthorized access and steal money. Now, according to a new report from cybersecurity firm Morphisec, threat actors have developed a new strain of malware known as Chaes 4, which utilizes Google’s DevTools Protocol to illicitly gather data from its victims.

Originally identified as malware targeting e-commerce customers in Latin America, the latest iteration of Chae$ 4 introduces new techniques for extracting credentials and employs a sophisticated approach to intercept clipboard data. Additionally, the malware’s reliance on Google’s DevTools Protocol signifies a strategic shift in its tactics, providing direct access to a victim’s browser and an array of intrusive capabilities.

How does the attack work?

According to the report, when a potential victim visits a compromised website, the threat actors present a deceptive pop-up message, enticing them to download an installer for Java Runtime or an antivirus solution. Upon installation, the malware deploys a malicious MSI file, which subsequently initiates a core module known as “ChaesCore.”

From there, ChaesCore establishes a communication channel with the command-and-control (C2) server and retrieves additional modules, which allow the malware to gather comprehensive information about the victim’s device, and extract stored credentials from the browser. To make matters worse, certain modules are even capable of intercepting financial transactions on the victim’s device, thus posing a significant risk.

Who is behind the Chaes malware attacks?

In early 2022, security experts at Avast traced these attacks back to a group known as “Lucifer,” which primarily targets organizations in the banking and logistics sectors. However, it is important to note that these threat actors, with over 800 compromised WordPress websites, are currently focusing on Latin America, particularly Brazil.

“It has a specific focus on customers of prominent platforms and banks such as Mercado Libre, Mercado Pago, WhatsApp Web, Itau Bank, Caixa Bank, and even MetaMask. Furthermore, dozens of CMS (Content Management) services haven’t been spared either, including WordPress, Joomla, Drupal and Magento,” reads the report.


[ad_2]
Source link