Samsung’s The Freestyle 2 might be the best portable projector for Gamers

0
[ad_1]

On Thursday, Samsung announced The Freestyle 2 portable projector is now up for pre-orders. The Freestyle 2 takes what made The Freestyle so great, and improves on it. Including built-in cloud gaming with support for Xbox, NVIDIA GeForce Now, Amazon Luna, Utomik, Antstream Arcade and Blacknut.

Of course, it’s still running Samsung’s TV software (which runs on Tizen), so all of your favorite TV apps are here still. That includes YouTube, Netflix, Hulu and much more. There’s also loads of ad-supported free TV available through Samsung TV Plus. There’s over 250 live TV channels in Samsung TV Plus, and it’s completely free.

The Freestyle will project an image up to 100-inches diagonal, at 1080p resolution. And it’s still pretty portable, with a weight of less than two pounds. It can also provide 360-degree sound for a pretty immersive experience.

Samsung has increased memory in The Freestyle 2, making the UX a bit snappier. But other than adding support for cloud gaming, it’s mostly the same as the original The Freestyle.

The Freestyle 2 is going to be really great for small spaces. Like a dorm room, or maybe a studio apartment. Where you really can’t afford to lose a ton of space to a TV and console table. And instead, you can place The Freestyle 2 anywhere and start playing some games or catching up on your favorite shows. So really great for taking back to school this fall.

How much is The Freestyle 2?

With adding support for cloud gaming, you might expect The Freestyle 2 to cost a bit more than the original right? Well, it’s actually $100 less.

Samsung has opened pre-orders for The Freestyle 2 today on their website for $799. And if you pre-order now through August 30, you can get a free, IP55-rated water and dust resistant case. This is a $59.99 value, so a pretty good gift for your pre-order.

Pre-order the freestyle 2 – Samsung


[ad_2]
Source link

Staggering growth of cybercrime and how data science helps improve online security

0
[ad_1]

Did you know if you were to compare the money generated by cybercrime with the GDP of world nations, it would come third behind the economic powerhouses of America and China?

Cybercrime is one of the greatest dangers facing both individuals and companies today. By the end of 2021, the total cost [PDF] of online criminality is expected to reach $6 trillion globally – with that figure increasing to an incredible $10.5 trillion by 2025.

If you were to compare the money generated by cybercrime with the GDP of world nations, it would come third behind the economic powerhouses of America and China. Somewhat unbelievably, the revenue tallied through online crime makes it larger than the entire global drugs trade and bigger than the damage caused by natural disasters annually. 

Why cybercrime has become such an issue

Ninety percent of the total data created in history has been made in the last two years and the latest figures suggest the world is now outputting an incredible 2.5 quintillion bytes of data per day (for reference, there are 18 zeros in a quintillion). Experts claim that data is now the world’s most valuable commodity – ahead of even traditional heavyweights like oil and gold.

As is always the way, where there’s money to be made, the criminals soon follow and data is no exception. From hacking private Facebook accounts to phishing attacks, malware, and MitM attacks, no business or individual is above the sights of the modern cybercriminal.

Worse yet, hackers are becoming increasingly sophisticated and devious in their tactics and are now even employing Artificial Intelligence (AI) and machine learning to automate intelligent attacks against users and companies.

The problems with complacency – particularly among business owners

Unfortunately, many company owners believe their firm to be too small or their income too low to be the target of hackers – however, the truth is quite the opposite. With many Small to Medium-sized Enterprises (SMEs) often taking a laxer approach to their online security compared to larger firms, they are becoming an increasingly tempting prospect for cybercriminals. 

SEE: Best Data Science Tools in 2020

Sometimes, this reduced data protection is down to the perceived high costs of security but, more often, it’s simply down to complacency, leading to a huge surge in attacks against SMEs. Indeed, recent research found that one in five SMEs has fallen victim to a cyberattack – and, of them, 60% fail to survive as a result and end up going out of business. 

Hackers don’t just attack businesses – individual users are a target, too

While it might be tempting to think hackers are only interested in big-time corporate attacks, their reach extends to personal users, too. Cybercrime is now a massive problem for individual users with the criminals using a vast range of tactics used to infiltrate private data – everything from credit card and financial fraud to ransomware attacks and identity theft.

Hackers are also employing different types of so-called social engineering attacks to trick users into revealing sensitive data. In 2020, phishing became the most common type of cybercrime as it is particularly effective against individual users.

Phishing sees the hacker take on the guise of a trusted and respected individual or business to gain the confidence of the user. In a typical phishing attack, the cybercriminal will contact the user through a branded email, designed to look like it came from a trusted source.

Often, they will directly ask for users to divulge private account details but, more commonly, they will redirect the individual to a similarly branded, mock website requiring them to input their account credentials.

The problems with existing rigid cybersecurity techniques

In the past, cybersecurity took a largely reactive approach to protection – more often than not by studying previous attacks then building rules and employing security measures to ensure the same attack couldn’t happen again. One example of this approach can be seen in Web Application Firewalls (WAFs), which are still widely in use today.

WAFs offer protection by identifying potentially malicious code then determining the best course of action to secure a system. However, the major issue with WAFs is that they need to be hard-coded and the rules are rigid, built on evidence from previous attacks that are then extended to isolate the signs of a future attack. 

This reactive approach to online security meant that, in real terms, the hackers were always one step ahead and had the upper hand. It also led to frequent false positives and slowing down network operability.

How data science is helping in the fight against cybercriminals

With so much data already in existence, it might seem slightly unlikely that data science principles could be used to protect the data itself. However, by studying data and, in particular, the tools and tactics used by hackers, it’s possible to build a better picture of how cybercriminals have been able to infiltrate networks and gain access to sensitive data.

By then applying machine learning processes, it’s now possible to build protection mechanisms that are proactive rather than reactive, increasing the protection of networks and digital infrastructures.

Cybersecurity Data Science (CSDS) is a growing field within the overall online security sector and represents the merging of the two disciplines. CSDS brings a more scientific approach to the protection of data. 

Experts with an online master of computer science in data science can first study previous attacks then build machine learning applications that can proactively identify threats. For example, these intelligent apps can use anomalous code detection to prevent a previously unknown type of attack from gaining access to a network.

Turning the protection idea on its head, these same machine learning apps can also be used to launch autonomous attacks against firewalls and other similar security mechanisms to identify potential backdoors or potential points of penetration. 

The takeout

There’s little doubting the dangers of cybercrime will continue to increase in coming years with hackers employing an even wider range of techniques to gain access to our private data with malicious intent. As online criminals increase their use of AI to launch these attacks, it seems only logical that cybersecurity firms will fight like with like and use data science and machine learning to stay one step ahead. 

If you thought data science was just about crunching numbers and making forecasts, think again. In the future, it’s highly likely data science will be powering your firewall and antivirus protection – from both a business and personal perspective.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.


[ad_2]
Source link

iPhone 13 Pro, Windows, Chrome, Linux and others pwned at Tianfu Cup

0
[ad_1]

Tianfu Cup is the Chinese version of the Pwn2own in which hackers from Kunlun Lab managed to secure first place by hacking iPhone 13 through a vulnerability in the Safari mobile browser.

The Chinese version of the Pwn2own hacking competition called Tianfu Cup took place from Oct. 16 to Oct. 17 in Chengdu, China.

The competition allowed teams of ethical hackers and security researchers to demonstrate their skills by exploiting zero-day vulnerabilities in popular software products and operating systems.

Some of the known targets in the competition included the following:

  • Linux
  • Vmware
  • Windows 10
  • VIVO: S9 5G
  • Chrome browser
  • Safari browser
  • Exchange Server
  • Vmware ESXi
  • Vmware Workstation
  • Ubuntu 20
  • Adobe PDF reader
  • Docker-CE
  • Parallels Desktop
  • ASUS Router AX56U
  • Xiaomi Mi 11.

Full list of targets exploited at Tianfu Cup

iPhone 13 Pro, Windows, Chrome, Linux and others pwned at Tianfu Cup
Full list of targets exploited at Tianfu Cup.

The winner of the Tianfu Cup was Kunlun Lab who made the biggest dent in the pot. The team managed to secure $ 654,500 in total for several feats, including hacking iOS 15 through a vulnerability in the Safari mobile browser.

On the other hand, Pangu Team won 300,000 US dollars after breaking into an iPhone 13 Pro during this weekend’s Tianfu Cup.

The team has been known for jailbreaking mobile phones since 2014. This time they managed to crack the security of a brand new top model with iOS 15.

Although technical details are limited at the moment, it will be the first time that someone has publicly demonstrated a successful remote attack on the iPhone 13 since its release on Friday, September 24.

iPhone 13 Pro, Windows, Chrome, Linux and others pwned at Tianfu Cup
Teams and prize money they won at Tianfu Cup.

As part of the challenge, participants had to circumvent the Pointer Authentication Code (PAC), a security mechanism (in practice a cryptographic signature of pointer values) that Apple has introduced at the chip level.

In total, prizes were awarded for 1.88 million dollars, which is equivalent to just over £1.37 million. Since iPhone 13 is one of the most expensive smartphones in the market at the moment, it is expected that Apple will be contacted by security researchers about the vulnerabilities identified during Tianfu Cup.

Therefore, expect more iOS 15 security updates in the coming weeks.  

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.


[ad_2]
Source link

Beware- FontOnLake Rootkit Malware Attacking Linux Systems

0
[ad_1]

According to ESET’s researchers, components of FontOnLake malware are divided into three groups: Trojamized app, Rootkit, and Backdoor. 

Researchers at Slovak cybersecurity company ESET have identified a new malware family utilizing custom and well-designed modules. In ESET’s white paper [PDF], researchers revealed that the malware dubbed FontOnLake Rootkit malware targets Linux systems and its modules are under active development.

The malware samples uploaded to VirusTotal indicate that the first intrusion through this previously unidentified threat happened in May 2020. TencentLacework Labs, and Avast are also tracking this malware using the moniker HCRootkit. 

About FontOnLake

Researchers noted in their report that FontOnLake has a “sneaky nature,” “advanced design,” and “low prevalence.” Therefore, it is easier to use this malware in targeted attacks.

According to ESET researcher Vladislav Hrčka, it allows remote access to the attackers, can serve as a proxy server, and steal credentials. This malware family uses “modified legitimate binaries” to collect data, and these binaries have been adjusted to load more components.

Moreover, to stay undetected, the malware uses a rootkit. These binaries are used on Linux systems but “can additionally serve as a persistence mechanism,” Hrčka wrote in a blog post.

Likely Targets

The information about its C&C server’s location and the countries where the samples were uploaded indicates that the campaign targets users in Southeast Asia.

ESET researchers further stated that they have discovered two versions of the Linux rootkit based on the Suterusu open source project and perform similar functions such as:

  • File hiding
  • Hiding itself
  • Process hiding
  • Performing port forwarding
  • Hiding network connections
  • Exposing the collected credentials to its backdoor
  • Magic packets reception (These packets instruct the rootkit to download and execute another backdoor)

“We believe that FontOnLake’s operators are particularly cautious since almost all samples seen use unique C&C servers with varying non-standard ports. The authors use mostly C/C++ and various third-party libraries such as Boost, Poco, or Protobuf. None of the C&C servers used in samples uploaded to VirusTotal were active at the time of writing – which indicates that they could have been disabled due to the upload,” researchers explained.

Beware- FontOnLake Rootkit Malware Attacking Linux Systems
Interaction of FontOnLake’s components

Known Components

As shown in the screenshot above; FontOnLake malware’s known components are divided into three groups: Trojanized applications are the modified legitimate binaries adjusted to conduct a range of malicious activities.

The second component is user-mode backdoors that serve as the main communication point for the malware operators. Thirdly, it has Rootkits, which are kernel-mode components used to provide fallback backdoors and assist with updates.

“Their scale and advanced design suggest that the authors are well versed in cybersecurity and that these tools might be reused in future campaigns,” Hrčka wrote, adding that most of the features are designed to hide FontOnLake’s presence, offer backdoor access, and relay communication, researchers concluded.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.


[ad_2]
Source link

Amazon Music: Everything You Need To Know

0
[ad_1]

Amazon Music isn’t one of the most popular streaming services out there, but it is a good competitor to Spotify, YouTube Music and Apple Music. Especially since you can use it for free – much like Spotify. Amazon actually has three versions of this service, there’s Amazon Music, Amazon Music Prime and Amazon Music Unlimited. Which range from free to $10.99 per month. There are also various versions of the Unlimited plans for Prime and non-Prime members, a family plan, a single device plan and a student plan. The Echo device plan is actually no longer available, and replaced by the single device plan.

So here, we’re going to tell you everything you need to know about Amazon Music and whether it’s worth using over the other streaming music services out there.

What is Amazon Music?

Surprisingly, Amazon Music has been around since 2008. It originally started as Amazon MP3, which was a streaming platform and online music store. It was later rebranded as Amazon Music, and in 2019 it launched Music HD. Which was set to be a competitor to Tidal. Offering lossless quality and 4K quality music for you to stream for a few bucks more per month. Though Music HD was later rolled into Amazon Music in 2021, and available to all customers at the regular Amazon Music price.

Amazon last reported the number of users it had in 2020, which was around 55 million subscribers. Meanwhile Apple Music had 98 million subscribers as of 2021, YouTube Music had 50 million subscribers in late 2020, and Spotify has over 422 million subscribers as reported in 2021. But Spotify’s numbers are a bit skewed, since there is a free plan, and many likely have been on that plan for many years.

Screen Shot 2022 07 06 at 10 14 38 AM

Amazon Music Free vs Music Prime vs Music Unlimited

As mentioned before, there are three versions of the music streaming service from Amazon. There’s the free version, a version for Prime members and then unlimited which offers everything.

Amazon Music Free is the most basic music service from the ecommerce giant. At this tier, you will get access to thousands of playlists and radio stations. But you do not get individual songs. You will also get advertisements playing during your listening experience. Amazon also does not offer offline playback on this level. Finally, it only works on one device. It’s really great for those that want to check out the service, and not pay for it yet.

Amazon Music Prime is the next level up, and if you’re a Prime member, it is included in your yearly cost. You’ll get over five million songs plus playlists and stations. There’s no advertisements on this tier, but there is offline playback. Music HD and UHD is not available here, that is saved for Unlimited.

Then there is Amazon Music Unlimited. This is $10.99 for the standard plan (or $9.99 if you’re a Prime member), and offers basically everything. You can use it with or without a Prime account too. It offers everything from the Free and Prime tiers, along with HD, Ultra HD and Spatial Audio playback. It’s also available in a family account, which lets you use it on up to six devices at the same time. Below is a table breaking down these three services, so you can choose what’s right for you.

Update: Amazon has announced that starting on September 19, 2023, pricing for Music Unlimited will go up by a buck per month. So that’s $10 for Prime members now and $11 for non-Prime members.

What devices can I listen on?

Amazon Music is available virtually everywhere. Here’s what devices it is available on right now:

  • Desktop browsers
  • iPhone
  • iPad
  • Android (smartphones and tablets)
  • Amazon Fire TV
  • Amazon Echo (and other Alexa-enabled speakers)

You’ll notice that things like Apple TV and Android TV, and even the Google Assistant speakers are not available. That’s not a big surprise, considering they have competitors. And Amazon doesn’t put its products on Google products other than smartphones and tablets, for the most part. And its vice versa for Google.

The Amazon Music Family Plan

The Amazon Music Family Plan is pretty similar to other streaming music services out there. It offers six devices that you can use at the same time to stream music. It’s also competitively priced at $14.99 per month. So you can share it with up to six people, and pay a little more than $2 per month, if you split the cost.

Amazon also says that each family member on this plan will get all of their own personalized stations, playlists and such. So when you login, you’ll see your own music, library, playlists and other recommendations. Pretty similar to Spotify, YouTube Music and Apple Music actually.

Screen Shot 2022 07 06 at 10 15 24 AM

The Single Device Plan

The Single Device Plan from Amazon is actually very intriguing. Since you can get Amazon Music Unlimited for just $3.99 per month. Now it is only on one device, period. Not simultaneously. So if you’re one that works from home and only really listens to music at your desk, you can use this plan on your Echo Dot or another Echo device and never worry about using it on another device.

Keep in mind that the Single Device Plan does not include HD, Ultra HD or Spatial Audio. Which might be a letdown for some.

The Student Plan

Like most other streaming music services out there, Amazon Music Unlimited has a student plan too. It’s available for $4.99 per month, which is about half the price of the usual price. Of course, if you get Prime Student, you can get Music Prime included in that $69/year service.

So how do you get this plan? Well, you’ll need to prove that you are indeed a student. Amazon will use the third-party vendor SheerID to confirm you are indeed a student. If your student status can’t be automatically verified, you’ll need to manually upload your enrollment documentation. You’ll need to provide one of the following:

  • Official Enrollment Letter from your academic institution (acceptance letters will not be approved)
  • Class schedule for the current academic term
  • Registration receipt or tuition receipt
  • Transcript that shows classes currently in progress
  • Other school issued document that displays your first/last name, an issue date from the current term or within the last three months

It’s important to note that even if you have proven your eligibility for Prime Student, you’ll still need to do it for Amazon Music Unlimited. Amazon says that this is because Music Unlimited uses a different student screening process than what Prime Student uses.

Can I use Alexa for Amazon Music Unlimited?

Of course you can. You can use your voice to start or change music with Amazon Alexa. It works on any Alexa-enabled speaker, not just first-party speakers from Amazon. You can say things like “Alexa, play Lizzo” or something like “Alexa, play some pop music”. Here are a number of other Alexa voice commands you can use with Music Unlimited.

  • Want to hear the latest song or album by your favorite artist but don’t know the title? Try, “Alexa, play the new song by Bruno Mars,” or, “Alexa, play the latest album by Norah Jones.”
  • Have words to a song stuck in your head but can’t remember the name of the song? Just say a few words and Alexa will play it for you. Try, “Alexa, play the song that goes ‘I’ll Be Your Lifeline Tonight.’”
  • Want to re-live the music from your college days? Try, “Alexa, play the most popular rock from the ’90s.”
  • Feeling down and need a pick-me-up? Try, “Alexa play happy R&B music.”
  • Want to listen to early catalog from a favorite artist? Try, “Alexa, play Van Halen from the ’70s.”
  • Having friends over? Try, “Alexa, play music for a dinner party.”
  • Want to be surprised? Try, “Alexa, play the Song of the Day.”

How many songs does Amazon Music have?

So how large is the Amazon Music catalog? Well, it currently boasts 90 million songs. Now how does that compare to the competition? Apple Music has over 50 million songs, Spotify has over 35 million songs, and YouTube Music has over 80 million songs available. So it’s quite large, compared to the competition, with more than twice as many songs as Spotify. When Amazon Music first launched, its library was pretty small. But it has grown considerably over the years. Keep in mind that these numbers don’t get updated often, so they could be closer together than you think.

Screen Shot 2022 07 06 at 10 16 05 AM

However, keep in mind that the Free and Prime versions of Amazon Music do have far fewer songs, only about 5 million.

Should I switch to Amazon Music?

If you are already heavily invested in the Amazon ecosystem – with Echo, Alexa, Ring, etc – then Amazon Music is a really good option for you to check out. Especially if you’re a Prime member, since you can get it for free. It is also the only one, other than Apple Music to offer lossless music at the regular $9.99 price (on the unlimited plan at least). Which is something you should definitely consider. As it does make the music sound a whole lot better.

Amazon Music doesn’t have as many features as some of the other streaming music services out there, so you may want to check that out first. And if you want to use it on literally every platform (Nest Hub, Echo Dot, Android, iOS, etc) then you will likely want to stick with Spotify. Out of the four major streaming music services, they are all very similar, so it really depends on your needs and what you listen to, as far as which is going to be best for you.


[ad_2]
Source link

Ransomware targeted SCADA systems of 3 US water facilities

0
[ad_1]

United States has warned of more ransomware attacks on information technology (IT) and operational technology (OT) networks of the country’s Water and Wastewater Systems (WWS) Sector facilities.

On Thursday, multiple US government agencies, including the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA), issued a joint alert, warning organizations in the Water and Wastewater Systems (WWS) Sector regarding an upsurge in cyberattacks against these facilities.

SEE: Employee PC hacked via TeamViewer in attempted water supply poisoning

The alert revealed that three industrial control systems (ICS) at water facilities in the US had been impacted by ransomware attacks in the past two years.

“The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message,” the agencies noted in the alert.

WWS Facilities Under Threat

As per the alert from the FBI, CISA, EPA, and NSA, the WWS sector is currently under the radar of cybercriminals. Threat actors can launch phishing campaigns and target outdated software to exploit control systems.

The agencies claim that they are aware of the emerging threat against water facilities’ OT and IT networks. The agencies revealed that threat actors are explicitly targeting critical infrastructure sectors; however, this doesn’t mean that the threat isn’t restricted to the WWS sector only.

The Executive Assistant Director for Cybersecurity, Eric Goldstein, stated that the recent ransomware incidents make cybersecurity a top priority of critical infrastructure owners and operators.

“While vulnerabilities within the Water Sector are comparable to vulnerabilities observed across many other sectors, the criticality of water and wastewater infrastructure and recent intrusions impacting the sector reflect the need for continued focus and investment,” Goldstein said.

Potable Water Facilities The Prime Target

The advisory noted that malicious activities targeting WWS facilities might launch ransomware attacks affecting the potable water generating facilities by gaining control of wastewater processes.

Since these facilities are part of the sixteen US critical infrastructure sectors, spearphishing or other kinds of attacks that cause their compromise or incapacitation would directly impact national and economic security and jeopardize public health and safety.

Multiple Malware Strains Discovered

The agencies further revealed that they had identified multiple ransomware strains against the WWS sector in the incidents. The threat actors are trying to encrypt water treatment facilities systems using Ghost used in August 2021 against a WWS facility in California.

SEE: DoJ charges man for hacking, tampering with public water facility

The ransomware variant persisted in the system for a month. Authorities later discovered it in three supervisory control and data acquisition (SCADA) servers that displayed a ransomware message

In September 2021, threat actors used the Makop ransomware variant against a New Jersey-based WWS facility. In March 2021, a Nevada-based WWS facility was also targeted with an unknown malware strain that affected the SCADA system.

Moreover, a ransomware strain called ZuCaNo was launched against a Maine-based WWS facility’s SCADA wastewater computer in July 2021, and the system had to be run manually until the computer was restored.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.


[ad_2]
Source link

Chinese VPN app Quickfox caught exposing 1 million users’ data

0
[ad_1]

The Quickfox VPN is mainly used by Chinese citizens living abroad who need to access Chinese websites as most of these sites are geo-restricted.

Wizcase’s team of ethical researchers, led by Ata Hakcil, discovered a “critical leak” that the researchers found to be exposing personally identifiable information of at least one million users of a Chinese VPN service.

The team revealed that the VPN leaking data is Quickfox, produced by Fuzhou Zixun Network Technology Co., Ltd.

The VPN is mainly used by Chinese citizens living abroad who need to access Chinese websites as most of these sites are geo-restricted. The VPN connects to servers in China and lets users avoid those restrictions.

What Happened?

Reportedly, the leak was caused by a misconfiguration in the VPN. The product had insufficient ELK (Elasticsearch, Logstash, and Kibana) stack security, which refers to the three open-source programs responsible for streamlining searchers via large files, in this case, the logs of Quickfox.

SEE: Almost Every Major Free VPN Service is a Glorified Data Farm

Researchers identified that Quickfox had set up access restrictions from Kibana but hadn’t set up security measures for the Elasticsearch server. Hence, anyone with an internet connection and a browser could access Quickfox and retrieve sensitive PII information on the service’s users.

What’s worse is that there wasn’t any password protection in place or login credentials required to access the data, but the data wasn’t encrypted.

What Information was Leaked?

The 100GB database contained around 500 million records, including PII of nearly one million Quickfox users. PII data included:

  • Names
  • Device data
  • Device type
  • phone numbers
  • email addresses
  • MD5 hashed passwords
  • Software installed on the device and installation date.

The data is enough for scammers to launch phishing attacks, vishing phone calls, and other schemes to obtain banking data. The server was yet not secured until the time of this writing.

Chinese VPN app Quickfox caught exposing 1 million users' data
Screenshot shared by WizCase shows a List of installed software on a random users device by name, install date, and version

“All the documents found were dated between June 2021 and September 2021,” Wizcase researchers wrote in their report. “The leaked information about device type and installed software could make this con very convincing. It’s unclear why the VPN was collecting this data, as it is unnecessary for its process and it is not standard practice seen with other VPN services.” 

SEE: 7 VPN with no-logs policy exposing 1.2 TB of user data

Impacted users were mainly located in the following countries:

  • USA
  • China
  • Japan
  • Indonesia
  • Kazakhstan

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.


[ad_2]
Source link

Amnesty Intl. accuses Indian cyber security firm of spyware attacks

0
[ad_1]

According to Amnesty International, it found evidence that attackers testing the spyware were using the IP address of Indian cyber security firm Innefu Labs.

Amnesty International has accused an Indian cyber security company of developing Android spyware that has been used in targeted attacks against Togolese activists. The company, Innefu Labs, has denied the allegations.

According to Amnesty International, the spyware is distributed via email messages and the Facebook-owned messaging app WhatsApp. The campaign’s modus operandi involves phishing and social engineering techniques such as luring the victim into downloading the spyware through email or installing it on their device through WhatsApp chat.

Once installed, the spyware allows attackers to have full control over the device including the camera, microphone, read WhatsApp messages, steal files and photos remotely – all that without raising any alarm.

One Togolese activist who would like to keep their identity hidden shared WhatsApp screenshots showing an Indian WhatsApp number trying to lure them into downloading and installing ‘ChatLite,’ supposedly secure chat app.

In reality, it was actually a custom-developed Android spyware tool that, when successfully deployed, allows the attackers to collect sensitive data from victims’ mobile devices and install additional spyware tools.

In another attempt, the attacker used a Gmail account to send a malicious MS Word file to trick the activist into installing the spyware. 

Amnesty accuses Indian security company of developing Android spyware
WhatsApp chat leading to the installation of ChatLite app that is spyware

The spyware was initially attributed to a “hacker group” called Donot Team. It is worth noting that last year, the DoNot APT group was seen abusing Google Firebase cloud messaging to distribute Firestarter Android to exploit the Kashmir issue between India and Pakistan. Though, its prime target in the campaign was the Pakistani government.

However, Amnesty says it has found evidence that the Indian cyber security company Innefu Labs is behind the spyware. The spyware and Innefu Labs use the same infrastructure.

In addition, Amnesty found evidence that an attacker testing the spyware was using Innefu Labs’ IP address. Among other things, the spyware was used against an activist in Togo. 

Amnesty accuses Indian security company of developing Android spyware
The screenshot from a directory shared by Amnesty International shows screen grabs from already compromised Android devices – These screenshots were generated by the attackers while testing their Android spyware’s screen capture and keylogging capabilities.

While discussing the connection between Innefu Labs and the spyware campaign in its report [PDF], Amnesty International went on to state that,

Amnesty International initially found the Innefu Labs IP address, 122.160.158.3, exposed in Android screenshots on the Android spyware test server. While this IP address is not registered directly to Innefu Labs, it is being used by the company, Amnesty claimed.

A subdomain for authshieldserver (dot) com has pointed to the Innefu Labs IP address since 2016. AuthShield is an Innefu Labs product. Additionally, the PassiveTotal service has also recorded TLS certificates containing the innefu.com domain on the same IP address.

The same Innefu Labs IP address also appeared in the SQL databases Amnesty International discovered on the URL shortener and Android spyware distribution servers. These SQL databases also contain records from previous spyware distribution servers which were no longer active at the time of discovery, added Amnesty.

Amnesty approached Innefu Labs, but it denies the allegations. According to the security company, there is no evidence that it is involved in spyware. Moreover, in a letter to the human rights movement, the company threatens legal action.

However, Amnesty sticks to the conclusion. “Based on the evidence gathered in this study, Amnesty believes Innefu Labs is involved in the development and/or distribution of a number of spyware tools previously linked to Donot Team,” maintains Amnesty.

The human rights movement is calling on the Indian government to launch an investigation into the security company, curb the use of surveillance technology and strictly regulate the export of spyware technology.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.


[ad_2]
Source link

Next Vivo flagship to offer variable aperture & 200MP telephoto camera

0
[ad_1]

Vivo is planning some major camera improvements with its next flagship. The next Vivo flagship, likely called the Vivo X100 Pro+, will support variable aperture, and feature a 200MP telephoto camera.

The upcoming Vivo flagship will offer variable aperture & 200MP telephoto camera

The Vivo X90 Pro offered great camera performance, as did the Vivo X90 Pro+. Well, VIvo is looking to up the ante. Neither of those two phones offered variable aperture, nor did it have a 200MP telephoto camera, not even close.

They did have a 1-inch camera sensor, and chances are the Vivo X100 Pro+ will too. Variable aperture will only make that sensor more useful, as Xiaomi showed us with the Xiaomi 13 Ultra. Let’s hope that Vivo will do things differently, though.

The Xiaomi 13 Ultra has a two-stop variable aperture, while Huawei offers far more on its Mate 50 Pro and P60 Pro devices. Granted, Huawei did not utilize a 1-inch camera sensor, but still, it provides outstanding results. Variable aperture definitely has something to do with that.

Variable aperture can make quite a difference if implemented properly

If utilized properly, it can help provide far more balanced shots, and improve image quality in all lighting conditions. Unfortunately, we still don’t have the exact info on it, so we don’t know how many levels will Vivo offer.

The tipster also mentioned a 200MP telephoto camera, which is quite surprising. We still don’t have the details regarding that camera, but pixel binning will be the name of the game.

In addition to these two details, the tipster shared some additional specs we’ll get with the Vivo X100 Pro+. The Snapdragon 8 Gen 3 is said to fuel the phone, while the device will include a 6.78-inch display with a 120Hz refresh rate.

LPDDR5X RAM and UFS 4.0 storage will be supported, while a 50-megapixel portrait camera (Sony’s IMX758 sensor) was also mentioned. An ultrasonic fingerprint scanner will be included under the display, while the phone will be IP68 certified for water and dust resistance.


[ad_2]
Source link