A week in security (August 28

0
[ad_1]

A list of topics we covered in the week of August 28 to September 3, 2023.

Last week on Malwarebytes Labs:

Stay safe!


Malwarebytes EDR and MDR remove all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Disappointing Huawei Mate 60 Pro availability info confirmed

0
[ad_1]

We have some disappointing Huawei Mate 60 Pro availability info to share. This comes directly from Huawei, as the company shared it with Android Authority. The Huawei Mate 60 Pro will not be available outside of its homeland.

Disappointing Huawei Mate 60 Pro availability information gets officially confirmed

Those of you who have been hoping that the Huawei Mate 60 Pro will launch in more markets, such as Europe, well, you’re set to be disappointed. Huawei has no plans to expand the availability of the product, despite the fact the Huawei Mate 50 Pro launched in quite a few more markets.

You may wonder why is this the case? Well, it could be down to the SoC Huawei used. The Mate 60 Pro comes with Huawei’s very own Kirin 9000s processor, which does support 5G connectivity!

Huawei made this SoC in collaboration with SMIC. It’s not exactly as powerful as the latest offerings from Qualcomm, it does bring Kirin chips back into the spotlight, though. It’s close to the Snapdragon 888 in terms of sheer power, a 3-year-old chip.

Kirin processors used to be true powerhouses back in the day

Before the US sanctions, Kirin processors were a force to be reckoned with. Huawei was on the right path in many ways, and that included processors. That all changed once the sanctions took place.

We don’t have many details regarding the Kirin 9000s, but it allegedly can’t be touched by US sanctions, as it’s fully indigenous. If that is, in fact, the case, Huawei should be able to launch it in more markets. Still, there could be an obstacle we’re unaware of, or perhaps Huawei decided not to do it for some other reason. We can only guess.

The Huawei Mate 60 Pro does bring an interesting triple display camera hole design. A truly powerful camera setup with a 10-step variable aperture is also included. If the Mate 50 Pro and P50 Pro are any indication, this phone is a camera powerhouse.


[ad_2]
Source link

Schweitzer Labs Windows Software Flaws Allow Code Execution

0
[ad_1]

QuickSet and Grid Configurator of Schweitzer Labs were found to be vulnerable to multiple vulnerabilities that threat actors can exploit. Nearly, 9 new vulnerabilities were found which include 4 High severity and 5 Medium severity vulnerabilities. 

The High severity vulnerabilities belong to SEL-5037 GridConfigurator, and the Medium severity vulnerabilities belong to SEL-5030 acSELerator QuickSet Software.

SEL-5037 GridConfigurator is used for creating, managing, and deploying settings for SEL power system devices, and SEL-5030 acSELerator QuickSet Software is used by engineering for configuring, commissioning and managing devices for power system protection, monitoring, meter, and control.

Both GridConfigurator and QuickSet offer a wide range of functionalities, allowing a threat actor to perform a remote code execution. Additionally, either of these applications can control all the logic of Schweitzer Labs devices.

Technical Analysis

As per reports shared with Cyber Security News, the vulnerability CVE-2023-31171, which exists in the QuickSet due to improper neutralization of special elements used in SQL commands, can be exploited by a threat actor to perform remote code execution. 

This can be done using a crafted package since QuickSet can import device configuration from an external DMX file. It can also be chained with CVE-2023-31175 (Elevation of Privilege vulnerability) for achieving administrative privileges on the target workstation.

Discovered attackers can exploit vulnerabilities for performing various attack vectors like Social engineering (Phishing) emails to a victim with a DMX file and convincing them to restore it.

Once the systems are compromised, the threat actors can conduct many malicious activities, including extracting sensitive data, surveillance, lateral movements, and others.

Another severe vulnerability was CVE-2023-34392 (Missing authentication of critical function) can be exploited by a threat actor to execute a specially crafted client-side script code when the Grid Configurator is open. 

Products that are affected by this vulnerability include AcSELerator QuickSet prior to version 7.1.3.0 (included) and Schweitzer Labs Grid Configurator before version 4.5.0.20 (included). 

CVE IDCVSS ScoreDescriptionAffected Products
‍CVE-2023-311758.8Execution with Unnecessary PrivilegesGrid Configurator
CVE-2023-343928.2Missing Authentication for Critical FunctionGrid Configurator
CVE-2023-311737.7Use of Hard-coded CredentialsGrid Configurator
CVE-2023-311747.4Cross-Site Request ForgeryGrid Configurator
‍CVE-2023-311705.9Inclusion of Functionality from Untrusted Control SphereSEL-5030 acSELerator QuickSet Software
‍CVE-2023-311715.9Improper Neutralization of Special Elements used in an SQL CommandSEL-5030 acSELerator QuickSet Software
‍CVE-2023-311725.9Incomplete Filtering of Special ElementsSEL-5030 acSELerator QuickSet Software
‍CVE-2023-311685.5Inclusion of Functionality from Untrusted Control SphereSEL-5030 acSELerator QuickSet Software
‍CVE-2023-311694.8Improper Handling of Unicode EncodingSEL-5030 acSELerator QuickSet Software

Users of these products are recommended to upgrade to their latest version to fix these vulnerabilities and prevent them from getting exploited.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Supply chain related security risks, and how to protect against them

0
[ad_1]

We take a look at the importance of supply chain cybersecurity and share some tips to enhance it.

By definition, a supply chain is the network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product. In only a few rare cases does one organization have full control over every step in the entire process. The links in such a supply chain often work closely together, sometimes so much so that they have access to parts of each other’s systems.

Although it is important to guard every aspect of your supply chain to avoid disruptions, for the scope of this article we will focus on the cybersecurity element of it.

From a security perspective, it’s imperative to choose your partners wisely. An organization’s security posture is its readiness and ability to identify, respond to and recover from security threats and risks. If you are the one paying, you can often make demands about the security posture of the partner, but the other way around is usually much harder. 

We probably all know the compliance audits that are the result of these demands. And it makes sense we do not wish to fall victim to the mistakes made in another organization that we have no control over. It’s usually more than enough to worry about the processes we need to control inside our own organization.

Compliance with security protocols and legal regulations like FedRAMP and SOC2 (System and Organization Controls) may not just be mandatory for your own organization. More often than not it also needs to be enforced outside your organization with all the vendors in your software supply chain. In these cases, demonstrating vendor compliance will keep your internal organization from facing fines and penalties.

But it’s not just the partners that you work with to create the end product. There are also vendors that we use to get the work done, like software, infrastructure, and services. The more organizations are using a particular software package, the more appealing an attack vector that software becomes. As a few reminders, remember Log4Shell,  the MOVEit vulnerability that was exploited by ransomware operator Cl0p, or the SolarWinds attack.

Similar attacks will continue to surface time and again and if there is a lesson to be learned it’s not to rely on the security provided by the supplier, but always keep security in mind when we decide whether and how to use something provided by a third-party.

Having a complete understanding of your vendors’ security practices is an important component of cybersecurity and supply chain risk management. So, in a supply chain your security posture is definitely a selling point and can be used as such. A partner that has their security in order has every right to emphasize that.

Some tips

Regardless of the varying needs based on your organization and your place in the supply chain, here are some tips that are worth considering to avoid being the weakest link:

  1. Make an inventory of the data you need to keep safe, along with who has access to what, in order to give you a complete understanding of your needs.
  2. Then make an inventory of your software and hardware products and their weaknesses. Based on that inventory, you can decide whether to use network segmentation in order to keep the sensitive data separated from the parts that need internet access.
  3. Use the cloud carefully. Organizations of all kinds are increasingly reliant on cloud computing. This is for good reasons, but it does complicate security, given the recent malicious targeting of cloud computing environments. So, it might be a good idea to use the cloud only for variably sized elements and have the fixed parts under your own control.
  4. Connect your internal team with your organization’s third-party partners and vendors. Work together to identify major risks and potential damage to your organization, as well as plans for mitigation. Make sure there is an actionable incident response plan with a clear division of roles.
  5. Trust is good, regular checks or constant monitoring are better. Strictly limit access to those that really need it, and deploy the rules of least privilege. Monitoring will also turn out to be helpful in case of an attack to help you backtrace the origin.
  6. Secure valuable assets with advanced encryption, both in storage as well as during transfer.
  7. Consider penetration testing and/or a bug bounty program to check your security measures. A bug bounty allows organizations to continuously test the security of their systems, whereas a penetration test is an assessment of the security level of an asset at a given point in time.
  8. Look at best practices. In 2021, NIST (National Institute of Standards and Technology) shared a report on best practices that can help keep you and your business safe by using its framework for cyber supply chain risk management or C-SCRM.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Check out official Sony Xperia 5 V promo videos

0
[ad_1]

The Sony Xperia 5 V was announced a couple of days ago, and since then, Sony released some promo videos to show off the device. Three such videos were published on YouTube, and all of them are included below.

Sony has released several promo videos for its new Xperia 5 V handset

The first video is called ‘Official Product Video – A smartphone that’s right for you​’, and it’s your standard smartphone launch video. It shows the device in use, in various living scenarios, while highlighting its design and features.

This video puts a huge focus on the phone’s cameras, but that’s not all. The phone’s speakers, battery life, raw performance power, and various other aspects are highlighted.

The second video is called ‘Product Design Video – Design in your style​’, and it’s all about the design and features. It has an entirely different style than the first video here, and it’s also considerably shorter.

The third, and last, video that Sony shared is called ‘Official Campaign Video – New phone. New me’. This one is the shortest of them all.

This is the only video that has narration throughout it, and it also focuses on the phone’s features, above anything. To be more accurate, it focuses mostly on the cameras and the sound the phone produces.

The Xperia 5 V is Sony’s high-end, and yet compact smartphone

Sony introduced the Xperia 5 V as its high-end, compact device. This phone is fueled by the Snapdragon 8 Gen 2 SoC, but it has a 6.1-inch fullHD+ 120Hz display, and the same main camera sensor as the Xperia 1 V flagship.

It includes a 5,000mAh battery, which should be plenty for that 6.1-inch display, especially considering the SoC that is in use here. The phone is equipped with stereo speakers, and ships with Android 13 out of the box. Click here if you’d like to know more about it.


[ad_2]
Source link

NCSC Warns of Specific Vulnerabilities in AI Models Like ChatGPT

0
[ad_1]

A large language model (LLM) is a deep learning AI model or system that understands, generates, and predicts text-based content, often associated with generative AI.

In the current technological landscape, we have robust and known models like:-

  • ChatGPT
  • Google Bard 
  • Meta’s LLaMA

Cybersecurity analysts at the National Cyber Security Centre (NCSC) have recently unveiled and warned of specific vulnerabilities in AI systems or models like ChatGPT or Google Bard, Meta’s LLaMA.

Vulnerabilities

While LLMs have a role, don’t forget cybersecurity basics for ML projects. Here below, we have mentioned the specific vulnerabilities in AI models about which the researchers at NCSC warned:-

  • Prompt injection attacks: A major issue with current LLMs is ‘prompt injection,’ where users manipulate inputs to make the model misbehave, risking harm or leaks. Multiple prompt injection cases exist, from playful pranks like Bing’s existential crisis to potentially harmful exploits like accessing an API key through MathGPT. The prompt injection risks have risen since the LLMs feed data to third-party apps. 
  • Data poisoning attacks: LLMs, like all ML models, rely on their training data, which often contains offensive or inaccurate content from the vast open internet. The NCSC’s security principles highlight ‘data poisoning,’ and research by Nicholas Carlini shows poisoning large models with minimal data access is possible.

Prevention mechanisms

Detecting and countering prompt injection and data poisoning is tough. System-wide security design, like layering rules over the ML model, can mitigate risks and prevent destructive failures.

Extend cybersecurity basics to address ML-specific risks, including:-

Cyber secure principles

Beyond LLMs, recent months revealed ML system vulnerabilities due to insufficient cybersecurity principles, such as:-

  • Think before you arbitrarily execute code you’ve downloaded from the internet (models)
  • Keep up to date with published vulnerabilities and upgrade software regularly.
  • Understand software package dependencies.
  • Think before you arbitrarily execute code you’ve downloaded from the internet (packages)

However, in a rapidly evolving AI landscape, maintaining strong cybersecurity practices is essentially important, regardless of ML presence.

Keep informed about the latest Cyber cybersecurity news by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Premium tiers on some dating apps will go up to $500

0
[ad_1]

Dating apps like Tinder, Grindr, Match, and Bumble have significant plans on the horizon. They’re preparing to introduce premium tiers, and some of these subscriptions could cost users as much as $500 per month. Several dating apps have hit a limit in terms of their user base for paid subscriptions. To overcome this challenge and sustain revenue growth, they’re increasing subscription fees.

According to a report by Bloomberg, one successful strategy is offering weekly subscriptions. This approach has encouraged more users to try the paid tiers.

Match Group Inc. provides a prime example of the success of this strategy. Since launching weekly subscriptions in April, there has been a remarkable 73% increase in UK-based Gen Z women opting for paid Tinder plans. Hinge also saw a similar boost.

However,one of the challenges of the weekly subscriptions is the instability. Users may cancel it, after trying it briefly and then cancel, making the revenue stream less predictable.

Many companies are considering introducing even more expensive premium tiers. Match Group is on the verge of unveiling a subscription tier that could cost users a hefty $500 per month in the coming months.

But that’s not the only thing Match is introducing, they are exploring the possibility of a $500-a-month version slated for release in the fall. Bumble Inc., which already offers a weekly subscription, plans to test a premium tier later this year and launch a more affordable option for Gen Z users. Grindr Inc. is also seeing positive results from its new weekly subscription and exploring options for lower-cost plans and a premium tier.

Dating apps premium tier objectives

These premium offerings are designed for individuals seeking a more personalized and curated matchmaking experience. Bumble CEO Whitney Wolfe Herd noted that users are willing to pay a premium for a service that helps them find meaningful connections.

However, Bumble and Grindr are not only eyeing pricier premium tiers. These dating apps premium also plans to introduce new tiers with lower pricing options compared to their existing subscriptions.


[ad_2]
Source link

ShinyHunters Hacker Group Claims to Have Hacked Pizza Hut data

0
[ad_1]

Pizza Hut Australia has fallen victim to a cyberattack resulting in unauthorized access and potential compromise of customer data. 

DataBreaches has uncovered alarming details about this breach, with a hacking group known as ShinyHunters claiming responsibility for the attack.

According to the information obtained, ShinyHunters allegedly infiltrated Pizza Hut Australia’s systems approximately 1 to 2 months ago, leveraging Amazon Web Services (AWS) through multiple entry points. 

Shockingly, they assert that they have exfiltrated over 30 million records, including customer orders and the personal information of more than 1 million customers. 

What’s particularly concerning is that ShinyHunters allegedly operated stealthily without detection during the entire intrusion.

As evidence of their claims, ShinyHunters provided DataBreaches with two sample files. 

The first file contained records of customer orders totaling 200,000 entries, each including a wide array of order details, customer information, and payment data. 

The second file was a JSON file encompassing the personal details of 100,000 customers. 

This file included sensitive information like names, email addresses, postal addresses, longitude, mobile phone numbers, passwords, service type (delivery or pickup), and even credit card numbers. 

The credit card data was encrypted, and the passwords were hashed, but other fields were in plaintext.

DataBreaches spot-checked customer names to validate their claims and found matches with individuals in the corresponding geographic areas within the data samples. 

ShinyHunters is demanding a ransom of $300,000.00 to delete the stolen data. It’s worth noting that ShinyHunters has a history of selling or leaking data when victims do not comply with their extortion demands.

Currently, Pizza Hut has not responded to ShinyHunters’ demands, leaving customers concerned about the safety of their personal information. 

While the data breach is a significant security incident, no official notice on Pizza Hut Australia’s website alerting customers to this breach involving their credit card information.

DataBreaches (an organization that provides data and statistical analyses to Protenus for their Breach Barometer reports) has reached out to Pizza Hut Australia’s CEO, CFO, and COO for comments regarding the breach, inquiring whether they were aware of the security breach, if law enforcement or regulators had been informed, and if customers were notified. 

As of the publication of this news, no responses have been received.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

You can’t afford to miss this Dell XPS 13 Labor Day Deal

0
[ad_1]

Dell is currently running a pretty awesome Labor Day deal on the XPS 13 laptop, knocking $200 off of its regular price, making it just $599. This deal is only good through Labor Day weekend, so you’d better be quick with this one.

This is a slightly older model of the Dell XPS 13, which has a 12th Gen Intel Core i5 processor, with 8GB of LPDDR5 RAM and 256GB of SSD storage. There’s also a 51Wh battery inside, that should get you through the day on a single charge. And if not, Dell also includes a 45W AC charger in the box – something your phone doesn’t come with.

Dell also includes two Thunderbolt 4 ports, and that’s it actually. There’s one on each side of the laptop. But Dell does include a USB-C to USB-A dongle, so you can use your older accessories with this laptop. The only downside with this laptop is that there’s no headphone jack at all. So you’ll need a dongle for that.

You can pick up the Dell XPS 13 Laptop from Dell’s website at the link below.

Dell XPS 13 – Dell.com


[ad_2]
Source link

Samsung to bring AMD GPU to mid-range Exynos chips

0
[ad_1]

Samsung is reportedly planning to bring AMD graphics to its mid-range Exynos processors. According to tipster Revegnus, aka @Tech_Reve, the Exynos 1430 and Exynos 1480 will both feature AMD’s RDNA-based GPU. These chips will arrive early next year, powering some of the Korean firm’s 2024 Galaxy A models.

Before you get too excited, the tipster has urged everyone to not have “overly high expectations” for the gaming performance of the upcoming AMD-powered mid-range Exynos chips. This is because Samsung will primarily use the RDNA graphics to improve the ISP (Image Signal Processor), i.e. the camera performance, rather than gaming.

Next-gen Galaxy A phones may be more camera-centric

The Korean firm might be looking to make its next-gen Galaxy A phones more camera-centric. We might see higher-resolution cameras on some premium models, like the Galaxy A55. The Exynos 1430 and Exynos 1480 should also deliver more powerful post-processing for better image quality, more akin to flagship models.

Gaming may be taking a backseat, but the inclusion of AMD graphics should bring some improvements over ARM’s Mali GPUs that Samsung’s mid-range Exynos processors have been traditionally using. We aren’t expecting flagship features like ray tracing, but maybe better driver support and some performance boost over older chips.

Nonetheless, it’s nice to see Samsung’s partnership with AMD for RDNA-based mobile graphics coming down to mid-range chips. The duo signed this deal in 2019, but the first Exynos processor to use an AMD GPU came last year. The Exynos 2200’s Xclipse 920 GPU handled the graphics duties on the Galaxy S22 series flagship smartphones. That’s still the only Exynos chip with an AMD-powered GPU.

Meanwhile, in April this year, Samsung signed a multi-year extension of its partnership with AMD for the Radeon graphics technology. Rumors said the companies will work on improving their RDNA-based mobile GPUs (the Xclipse 920 left a lot to be desired). The plan was to eventually bring AMD graphics to the mid-range segment. It appears we will finally see that happen next year.

Galaxy S24’s Exynos 2400 will feature an AMD-powered GPU

Alongside bringing AMD GPUs to mid-range chips, Samsung is also working on a new flagship solution. The company’s next-gen Exynos 2400 flagship, which will power the Galaxy S24 series in some markets, will feature a much-improved Xclipse 940 GPU. It’s said to boast twice as many graphics computing units as the Xclipse 920. The same source recently claimed that the new GPU is still quite power-hungry. It remains to be seen if Samsung manages to fix those issues before the chip enters mass production.


[ad_2]
Source link