iPhone users dwarf Android users in terms of app spending

0
[ad_1]

When it comes to app spending, iPhone users spend a lot more than Android users, It’s not even close. To be more accurate, iPhone users spend 7 times more on apps than Android users.

iPhone users dwarf Android users in terms of app spending, and it’s not even close

This information comes from Asymco’s Horace Dediu. He also notes that there’s a lot more data available these days, so he’s able to share more accurate information than he was able to do in the past.

Just to put things into perspective, Apple has around 650 million active App Store users. Android, on the other hand, has around 2.5 billion active users. So, Android basically dwarfs iOS in that regard.

The app revenues reveal a completely different story, though. In 2022, the ratio of app revenues was 81:42, for Apple. That difference remained steady for years, the source reports, since 2016.

Now, the monthly revenue per iPhone user is around $10.40, while it’s around $1.40 for Android users. Needless to say, this is a huge difference, and it doesn’t even include subscriptions to Apple services.

This makes iPhone users more valuable to developers, kind of

Horace Dediu says that “the iPhone consumer is 7.4 times more valuable [to developers] than the Android consumer”, simply based on the amount they spend on apps, of course.

Dediu also went on to predict big things for Vision Pro apps. This is a rather new headset, and Dedius suggests that it could generate 10 times the income for Apple. That may be an exaggeration considering the insane price tag of this thing, it costs $3,500. It remains to be seen.

There you have it. Apple users spend way more on apps, on average, and it’s not even close, not at all. We’re not surprised by the fact Apple users spend more, but this is a staggering difference. That’s hard to argue with.


[ad_2]
Source link

Spotify is testing a lyrics paywall: pay to sing along!

0
[ad_1]

“In the beginning was the Word”… and then it got paywalled.

After announcing price hikes in over 50 countries (including the US and UK) in July, Spotify is once again bringing “joy and happiness”, this time to its free-tier users. The number one music streaming service in the US is testing a new feature that is essentially a paywall for the in-app lyrics panel.

A number of Spotify free users have noticed they couldn’t access the lyrics feature in their app in the last few days. Instead of the usual blocks of lyrics, they found a message that reads “Enjoy lyrics on Spotify Premium”, plus a link to join the paid subscription.

The Verge got a comment from CJ Stanley, Spotify’s co-head of global communications:

There’s no information on when the tests will end and whether they will affect more users. On a side note: this author’s Spotify app (version 8.8.66.563) is showing lyrics just fine as of now. Users in India, though, are reporting they’re starting to get the paywall message in their Spotify applications:
Spotify rolled out lyrics to everybody (free tier or not, mobile or web) less than two years ago – in November, 2021. Prior to that, the much-requested feature was being tested as early as 2019.

[ad_2]
Source link

Titanium frame, 45W charging & more

0
[ad_1]

The Samsung Galaxy S24 Ultra specs have just been tipped, again. There’s nothing here we haven’t heard before, to be quite honest, but it’s now all in one place. This info comes from Yogesh Brar, a tipster.

The Galaxy S24 Ultra specs leak tips titanium frame, 45W charging & more

He claims that the phone will feature a 6.8-inch QHD+ AMOLED display with a 120Hz refresh rate. That will be an LTPO display, so it will be able to just between refresh rates, likely from 1 to 120Hz.

The Snapdragon 8 Gen 3 will fuel the phone, while the tipster also notes that a titanium frame will be included. Do note that the Exynos variant of the phone is also tipped, so that’s also a possibility for some markets, even though the latest rumors are saying it won’t happen.

In regards to cameras, we’ll seemingly get a 200-megapixel main camera, along with three additional sensors. A 50-megapixel unit is mentioned, and we’re guessing that’s the ultrawide camera. 12-megapixel and 10-megapixel units are also listed, these are likely telephoto and periscope telephoto cameras. On top of that, a 12-megapixel selfie shooter is also mentioned.

A 5,000mAh battery will power this handset

The phone will include a 5,000mAh battery on the inside, and 45W wired charging. Wireless charging will also be included, but the tipster did not mention anything about it. Chances are that we’ll once again get 15W wireless charging.

Android 14 will come pre-installed on the Galaxy S24 Ultra, while Samsung’s One UI 6 skin will sit on top of it. That’s basically everything that the source mentioned.

The Galaxy S24 Ultra is not coming anytime soon. The phone will likely launch in Q1 next year, globally. It will arrive alongside the Galaxy S24 and Galaxy S24+ handsets.

Chances are we’ll see plenty more rumors and leaks moving forward, so get ready for that.


[ad_2]
Source link

Huawei preparing 3 chips, looking to compete with Apple M2

0
[ad_1]

A well-known tipster has just shared some very interesting information. He claims that Huawei is preparing 3 chips, and that it’s planning to compete with the Apple M2 chip too. So, at least one of them will be a direct competitor.

Huawei is looking to compete with the Apple M2 SoC, as it’s working on 3 new chips

He also included the ‘confirmed’ tweet, to his original post, so he’s feeling very confident about this. Huawei seems to be back in the SoC game, as it recently surprised us all and released the Kirin 9000s.

That processor fuels the company’s new high-end handset, the Huawei Mate 60 Pro. The chip itself is about as powerful as the Snapdragon 888, a two-year-old processor. Still, this is a huge step forward for Huawei, as it also supports 5G.

As many of you know, Huawei could not use 5G processors for years due to the US ban. Well, it somehow managed to do this in collaboration with SMIC. Huawei doesn’t plan to stop there, though, not at all.

Unfortunately, Revegnus did not release any information about Huawei’s upcoming chips. We don’t know what segments they are aiming at, aside from the Apple M2 competitor, of course. Huawei seems to be making strides in that regard.

The US government wants to know how Huawei made a 7nm Kirin 9000s in face of a ban

Huawei is doing so well that the US government wants to know how SMIC produced a 7nm Kirin 9000s chip, despite the ban. The US export rules are in place still, and only one company in the world makes a machine that employs the extreme ultraviolet lithography (EUV) needed to make this happen. ASML agreed not to ship any EUV machines to China, so the US wants to know how is this possible.

Now, making a 7nm smartphone SoC without an EUV machine is possible, it’s very difficult, though. The South China Morning Post (SCMP) reports that the US National Security Adviser, Jake Sullivan, wants to know everything about this chip. They’re skeptical.

This story is far from over, it seems.


[ad_2]
Source link

PHPFusion Flaw Allows Attackers to Read Critical System Data

0
[ad_1]

On Tuesday, Synopsys addressed High and medium vulnerabilities CVE-2023-2453, and CVE-2023-4480 discovered in PHPFusion by the researchers.

PHPFusion is an open-source content management system (CMS) designed for managing personal or commercial websites and is offered under the GNU Affero General Public License v3.0. 

These vulnerabilities impact versions 9.10.30 and earlier versions of PHP fusion, which let attackers perform remote code execution attempts.

No patches are available to mitigate the vulnerability; instead, it recommends its users disable the” Forum “ option to prevent the exploitation.

CVE-2023-2453

CyRC researcher Matthew Hogg discovered this high vulnerability with a base score of 8.5.

Due to insufficient sanitization of arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. 

Exploitation of this vulnerability can lead to remote code execution (RCE) if an attacker can acquire some means of uploading a crafted payload file with the ‘.php’ extension to any known absolute path on the target system. 

There is no patch available for this vulnerability. Disabling the “Forum” Infusion through the admin panel removes the endpoint for exploiting this vulnerability, preventing the issue.

 If the “Forum” Infusion cannot be disabled, technologies such as a web application firewall may help to mitigate exploitation attempts. 

CVE-2023-4480 

In the admin panel’s “Fusion File Manager” component, an attacker can make a forged request to read system files with the running process’s privileges due to an out-of-date dependency.  

CyRC researcher Dharani Sri Penumacha discovered this medium vulnerability with a base score of 5.2. 

Exploitation of this vulnerability can lead to arbitrary file read and limited file write for known absolute paths on the host. 

There is no patch available for this vulnerability. Technologies such as a web application firewall may help to mitigate exploitation attempts

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

FreeWorld ransomware attacks MSSQL—get your databases off the Internet

0
[ad_1]

A attack that uses a database as an entry point to a network reminds us that you should never expose your databases to the Internet.

When we think of ransomware and brute force password guessing attacks, we normally think of RDP, but recent research from Securonix reminds us that anything secured with a password and exposed to the Internet is of interest to cybercriminals.

Microsoft’s Remote Desktop Protocol has been a favourite point of entry for ransomware gangs for several years now. Cybercriminals seek out machines with RDP exposed to the Internet and attempt to guess their passwords, hoping to gain entry. They like RDP because it gives them exactly the same access as sitting at a chair in front of the computer, and because there are millions of targets to choose from.

But other systems can be abused to gain entry in a similar way, and the Securonix Threat Research team reports that it has spotted attackers targeting exposed Microsoft SQL (MSSQL) services using brute force attacks.

In an attack described by Securonix, attackers brute forced a MSSQL password and then used the database’s xp_cmdshell feature to run commands on the host machine the database was running on.

Next, discovering that the MSSQL function xp_cmdshell stored procedure was enabled, the attackers began running shell commands on the host. This function allows for command execution and should normally not be enabled unless required.

The attackers used this ability to run commands on the host machine to try to give themselves RDP accesss. When that failed, they used AnyDesk remote access software instead. From there they explored the network the server was running on, before ultimately running FreeWorld ransomware. Securonix provide a detailed breakdown of the precise steps taken by the attackers, and its article is well worth reading.

The attack is a timely reminder of an old security adage, one that’s at least as old as the 25 years or so I’ve been messing around with databases: Never expose your databases to the Internet. Typically, databases contain sensitive information that should be at the centre of your network and not the periphery, and that should only be accessbile to internal systems. Where data needs to be accessed from the Internet it should be made available via an application or API.

Although the situation is much improved now, historically, some databases made the situation worse by shipping with default passwords, or even no authentication at all.

As I mentioned before, one of the things that attracts attackers to RDP is the large number of available targets, so I wondered how many databases I could find via Shodan, the search engine that finds Internet-connected computers.

For comparison, every time I’ve looked in the last five years or so, there have been around two or three million computers running RDP accessible via Shodan, meaning that attackers have two to three million targets to choose from.

Finding databases on the Internet

The first database I looked up was MSSQL, the target in the attack spotted by Securonix. A simple search on Shodan found almost 90,000 potential targets. Although there are seemingly far fewer Internet-exposed computers running MSSQL than RDP, a server running MSSQL is likely to be a far higher value target than a desktop running RDP.

Anything connected to the Internet should expect to be the subject of relentless password guessing, and these are no exception.

Shodan search for MSSQL

Next up was MongoDB, a “noSQL” database with a that has been the subject of significant ransomware campaigns in the past. Historically, some configurations of MongoDB made it possible to install it without setting a password, and attackers made hay with those who didn’t.

The problem was so serious that in 2017, the MongoDB website published an article called How to Avoid a Malicious Attack That Ransoms Your Data, reminding its users to use the product’s security features.

Evidently, plenty of people didn’t read it and in 2020, an automated ransomware campaign dropped ransom notes on 22,900 databases left exposed without a password. At the time this was said to represent 47% of Internet-connected MongoDB databases.

Those mass exploitation events are a thing of the past, but according to Shodan there are now almost 110,000 MongoDB databases connected to the Internet for potential attackers to probe.

Shodan search for MongoDB

Next I searched for MySQL, the world’s most popular database. Shodan found more than three million servers running MySQL, giving it parity with RDP in terms of the total number of potential targets. Alongside those there are a further 800,000 instances of the MySQL fork, MariaDB, making a huge, four million-strong pool of targets.

Shodan search for MySQL

MySQL and MariaDB often act as the source of data for websites, rather than as an enterprise data store like MSSQL, so may carry less business-critical data, but they still represent a prize, and a potential entry point into a network.

While there are exceptions to every rule, it’s always good to start with the assumption that you should probably follow the rule. It remains good advice to keep your databases off the Internet, so think long and hard before you decide that’s the right solution. And whether they are on the Internet or not, databases should always be secured with an exceptionally strong password.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Google Maps lets you mark saved places with an emoji

0
[ad_1]

When you’re using Google Maps, you have the ability to save locations to lists so that you can access them at a later date. Previously, you were only allowed to label them using text. However, according to 9To5Google, Google Maps lets you mark your saved places with an emoji.

If you want to save a location in Google Maps, it’s pretty easy. When you’ve found the location you want to save, just tap on the pin. You’ll see a panel rise from the bottom of the screen with some chips that you’ll scroll through.

You’ll see the Save chip eventually. When you tap on it, you’ll see a page full of the lists that you can save the location to. You’re also able to create your own list. Just make sure that you press the Done button on the top of the screen.

Google Maps lets you mark your saved location with an emoji

We’re all used to the default icons that Google uses to mark locations. However, you’re more limited with the icons for saved locations. You were limited to a heart, star, suitcase, flag, and list icon. That’s not a lot of options, but this new update will expand the number of options exponentially.

This update will let you apply any one of the hundreds of emojis as the icon for your saved locations. So, any emoji that you can use to message your friends can be used to mark your saved locations.

How to do this

There’s a bit of a limitation here. You can’t change the icons of your locations individually. Rather than changing the icon for the location, you’re changing the icon for the list. When you change the icon for a list, all of the icons in that list will reflect it.

On the bottom of the screen, tap on the Saved button. Scroll down a bit to see the lists that you saved. Find the list that you want to edit (you’re only able to change the icons for lists that you created). Tap on the three-dot menu on the right of the screen and tap on the Edit list button.

When you’re on the list editing screen, tap on the square at the top of the screen. After that, you’ll see the list of emojis that you can choose from.  When you choose the emoji, it will be applied.


[ad_2]
Source link

How BurgerCities stands out in the market

0
[ad_1]

In the dynamic landscape of cryptocurrencies, where the emergence of new projects is a daily occurrence, standing out requires something truly exceptional. BurgerCities, a groundbreaking platform, has accomplished just that by captivating the interest of both investors and crypto enthusiasts.

By leveraging a distinctive approach and introducing innovative features, BurgerCities has successfully established itself as a prominent leader in the crypto market. In this article, we will delve into the key aspects that differentiate BurgerCities from its counterparts and explore how the integration has significantly contributed to its phenomenal achievements. fbc-edge.org, an online trading platform that has played a critical role in allowing seamless transactions and improving overall user experience, has contributed to its amazing success.

The Rise of BurgerCities

A Visionary Concept

BurgerCities emerged with a transformative vision to redefine the dynamics of cryptocurrency interaction. Its core objective revolves around bridging the divide between conventional finance and the digital asset realm, thereby democratizing access for a broader spectrum of individuals. Through the development of an intuitive and user-friendly platform, BurgerCities has successfully garnered the attention of both experienced crypto investors and novices entering the market, cultivating an inclusive environment that caters to diverse user needs.

Cutting-Edge Technology

One of the core strengths of BurgerCities lies in its utilization of cutting-edge technology. The platform leverages blockchain and smart contract capabilities to provide a secure and transparent ecosystem for users. This technological foundation ensures the integrity and immutability of transactions, instilling confidence in users and setting BurgerCities apart from its competitors.

Key Features of BurgerCities

Seamless Integration

BurgerCities seamlessly integrates traditional financial instruments with the world of cryptocurrencies. Users can easily convert their fiat currencies into digital assets and vice versa, providing a convenient gateway for newcomers to enter the crypto market. By removing the complexities typically associated with crypto investments, BurgerCities has democratized access to this emerging asset class.

Staking and Yield Farming

BurgerCities offers a unique staking and yield farming mechanism that allows users to earn passive income by participating in the platform’s ecosystem. By staking their tokens, users can contribute to the network’s security and receive attractive rewards in return. This feature has attracted a large community of crypto enthusiasts who seek to maximize their earnings while supporting the growth of BurgerCities.

Decentralized Governance

BurgerCities stands out by embracing the principles of decentralization and community governance. Token holders have the power to propose and vote on platform improvements, ensuring that the project evolves according to the collective vision of its community. This democratic approach fosters a sense of ownership and inclusivity, empowering users and fostering trust in the platform.

The BurgerCities Advantage

Unparalleled Security

Security is a paramount concern in the crypto world, and BurgerCities has prioritized it from day one. By implementing robust security measures and conducting regular audits, BurgerCities provides users with a safe environment to transact and store their digital assets. The platform’s commitment to security has earned the trust of its user base, setting it apart from less scrupulous competitors.

Strong Partnerships

BurgerCities has forged strategic partnerships with key players in the crypto industry, further solidifying its position in the market. These collaborations have resulted in increased liquidity, expanded utility for the platform’s native token, and access to a wider network of users. By aligning with reputable projects and organizations, BurgerCities has gained credibility and opened doors for future growth.

Exceptional User Experience

User experience is at the core of BurgerCities’ philosophy. The platform’s intuitive interface, comprehensive educational resources, and responsive customer support create a seamless and enjoyable experience for users. BurgerCities understands the importance of providing exceptional service and goes above and beyond to ensure user satisfaction, setting it apart from its competitors.

Conclusion

BurgerCities has firmly established itself in the fiercely competitive crypto market by introducing a visionary concept, leveraging state-of-the-art technology, and presenting a diverse set of compelling features. Its unwavering dedication to ensuring top-notch security measures, embracing community governance principles, and delivering an unparalleled user experience has propelled BurgerCities to a leadership position within the industry. As the crypto market evolves at a rapid pace, BurgerCities is primed to make significant advancements, captivating the interest of investors and spearheading a revolution in the way we interact with cryptocurrencies.


[ad_2]
Source link

Smart chastity device exposes sensitive user data

0
[ad_1]

We take a look at reports of an IoT chastity cage device which is exposing user data.

A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of “name, address, phone number and card details” is bad enough. If such things are tied to sensitive material or websites, it can be many times worse.

This is the case for a recent piece of Internet of Things technology tied to people’s love lives. TechCrunch reports that a wearable “chastity device” which allows the user’s partner to control it over the internet (via Android app) has exposed all manner of user details which includes:

  • Home addresses
  • IP addresses
  • Plaintext passwords
  • Email addresses
  • GPS coordinates

The researcher who discovered the issue claims it’s due to “several flaws” in the servers being used by the company behind the device. Two vulnerabilities were how the researcher was able to view no fewer than 10,000 user records. Despite contacting the organisation responsible on June 17, there’s been no word back and the issue is still out there.

Due to this potentially snowballing in a much worse way if the device name is made public, the details are so far being kept under wraps. As a result, if you use an internet connected chastity cage with your partner you won’t know for sure if you’re potentially affected or not.

At this point the story would unusually end, and we’d advise you to think carefully when using IoT devices tied to more private aspects of your life. Well, not just yet! As it happens, the researcher was so frustrated by the lack of response that they took to compromising the device’s website with the following message:

The site was disabled by a benevolent third party. [REDACTED] has left the site wide open, allowing any script kiddie to grab any and all customer information. This includes plaintext passwords and contrary to what [REDACTED] has claimed, also shipping addresses. You’re welcome!” the researcher wrote. “If you have paid for a physical unit and now cannot use it, I’m sorry. But there are thousands of people with accounts on here and I could not in good faith leave everything up for grabs.

We can’t condone breaking into a website and while trying to warn people is commendable, doing it in this fashion is likely to lead to more problems. If you want to keep a lid on the issue and not have it spill out across the internet, nothing can make something go public quicker than a spectacular web page defacement.

In this case, it doesn’t seem to have happened (yet). Even so, the message was gone a day later and the issue which led the researcher to so many user details still exists.

The above is bad enough. PayPal payment logs being exposed is possibly even worse, tying payments to email addresses. All of this alongside the GPS details for some users makes public activities that some folks will find embarrassing and not for public consumption. In specific circumstances this kind of thing can lead to harassment, trolling, and more.

With this in mind, we suggest an abundance of caution when making use of devices and technology similar to the above.

A product with no internet connection is safer from a data exposure perspective, but will naturally be somewhat less functional. If you need to make payments, use anonymous emails set up for exclusive use with sensitive devices. And keep in mind that enabling features like GPS will give potentially pinpoint accuracy to your daily movements.

We can only hope that the flaws in the above device are patched as soon as possible, but it’s possible that nothing will ever be done about it. While it should be quite shocking that such a personal device is able to be exploited in this way, IoT has been a flashpoint of poor security practices and lack of responsibility for years now. Buyer most definitely beware.


We don’t just report on threats—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today.


[ad_2]
Source link