Samsung Unveils New Odyssey OLED, Smart Monitor and ViewFinity Monitors 

Posted in Commentary with tags on June 5, 2024 by itnerd

Samsung announced today the global launch of its 2024 Odyssey OLED gaming monitor, Smart Monitor and ViewFinity monitor lineups.

These new and updated models bring features that people want — as well as some they don’t expect — to deliver new experiences, no matter how they use their monitors. The Odyssey lineup brings a next-level OLED experience and new AI capabilities to the Odyssey OLED G8; the Smart Monitor lineup heightens joy with more enhanced entertainment features, plus the Smart Monitor M8 is powered by AI; and the ViewFinity lineup boosts connectivity to create a complete workstation.

Odyssey OLED Series: Visual Excellence With New Burn-In Prevention Features

The 2024 Odyssey OLED models expand Samsung’s offerings of next-generation OLED performance with the new Odyssey OLED G8 (G80SD model) and Odyssey OLED G6 (G60SD model).

The Odyssey OLED G8 is the first flat 32” Samsung OLED gaming monitor with 4K UHD (3840 x 2160) resolution and a 16:9 aspect ratio. It has a 240Hz refresh rate and 0.03ms gray-to-gray (GtG) response time for ultra smooth and responsive gameplay. The Odyssey OLED G6 is a 27” QHD (2560 x 1440) resolution monitor, supporting a 16:9 aspect ratio. Its 360Hz refresh rate and 0.03ms GtG response time make it easy for gamers to keep up with fast-moving gameplay.

The new Odyssey OLED G8 is Samsung’s first OLED gaming monitor powered by AI. The NQ8 AI Gen3 processor, which is the same processor Samsung uses in its 2024 8K TV, upscales content to nearly 4K when using Samsung Gaming Hub and the monitor’s native Smart TV apps for higher resolution in gaming and entertainment.

Both new OLED models feature Samsung OLED Safeguard+, a new proprietary burn-in protection technology. This technology is the first in the world to prevent burn-in by applying a pulsating heat pipe to the monitor. Additionally, the Dynamic Cooling System evaporates and condenses a coolant to diffuse heat five times more effectively than the older graphite sheet method, which prevents burn-in by reducing temperature at the core. The monitor also detects static images like logos and taskbars, automatically reducing their brightness to provide another means of burn-in prevention.

The Odyssey OLED G8 and OLED G6 both deliver incredible OLED picture quality with a brightness of 250 nits (Typ.), while FreeSync Premium Pro keeps the GPU and display panel synced up to eliminate choppiness, screen lag and screen tearing.

Samsung’s new OLED Glare Free technology also preserves colour accuracy and reduces reflections while maintaining image sharpness to offer an immersive viewing experience, even in daylight. The OLED-optimized, low-reflection coating overcomes the trade-off between gloss and reflection thanks to a new, specialized hard-coating layer and surface coating pattern.

Both monitors feature a super slim metal design that gives them a distinct identity, while Core Lighting+ enhances entertainment and gaming experiences with ambient lighting that synchronizes with the screen. The ergonomic stand also makes long sessions more comfortable with adjustable height, plus tilt and swivel support.

The new Odyssey OLED monitors are the next entry to expand Samsung’s OLED monitor market leadership. Their release comes after Samsung achieved the top position in global sales in the OLED monitor market within only one year of launching its first OLED model. This achievement underscores Samsung’s rapid ascent in the competitive landscape of OLED monitors while reinforcing its commitment to diversifying its gaming monitor lineup with models that leverage the company’s proprietary OLED technology.

Smart Monitor M8: AI Processing for Crystal Clear Video and Audio

The updated Smart Monitor lineup brings together a complete multi-device experience into one hub for smart entertainment and great productivity. The upgraded 2024 models include the M8 (M80D model), M7 (M70D model), and the M5 (M50D model).

The upgraded 32” 4K UHD Smart Monitor M8 introduces new features powered by AI with the NQM AI processor, taking entertainment experiences to the next level. AI upscaling brings lower resolution content up to nearly 4K, and Active Voice Amplifier Pro uses AI to analyze background noise in the user’s environment to optimize dialogue in the user’s content. 360 Audio Mode is available on the M8, which pairs with Galaxy Buds to create an immersive sound environment. The built-in SlimFit Camera also makes it easy to conduct video calls through mobile applications with Samsung Dex.

New to the entire line of Smart Monitors is a Workout Tracker, which pairs with a Galaxy Watch to enable real-time health data on the screen, even while streaming content. This makes it easier to track workout goals and can make working out more enjoyable.

These new features enhance the already impressive Smart Monitor functionality. Smart TV apps and Samsung TV Plus provide instant access to a wide range of streaming services and live content, without needing to boot up a PC or connect to other devices.

The M7 is available in 32” and 43” with 4K UHD (3840 x 2160) resolution, a brightness of 300 nits (Typ.) and a gray to gray (GtG) response time of 4ms. The M5 is available in 27” and 32”, with FHD resolution (1920 x 1080), a brightness of 250 nits (Typ.) and a GtG response time of 4ms.

ViewFinity Series: Maximizing Creativity and Ease of Use

Optimized for creatives and professionals, and built with responsible practices, the latest ViewFinity lineup includes the ViewFinity S8 (S80UD and S80D models), ViewFinity S7 (S70D model) and the ViewFinity S6 (S60UD and S60D models).

The updated 2024 ViewFinity monitors are made with a minimum of 10% recycled plastic and do not apply chemical sprays to the plastic components. The packaging also uses glue instead of staples for easier disassembly.

The Easy Setup Stand is put together with one quick click, requiring no tools or screws, making it fast and easy to set up and enjoy the ViewFinity’s vibrant display. Every 2024 ViewFinity monitor supports HDR10 and the display of 1 billion colours, offering accurate colour representation, while also integrating TÜV-Rheinland-certified Intelligent Eye Care features to alleviate eye strain during prolonged work periods.

The ViewFinity S8 offers 27” and 32” screen options, each with 4K UHD (3840 x 2160) resolution, a refresh rate of 60Hz and a brightness of 350 nits (Typ.). They also feature a USB hub for easy connectivity and a height-adjustable stand. The S80UD model includes a new KVM switch for easy connection and switching between two different input devices, as well as a USB-C port that allows users to charge devices with up to 90W of power.

The ViewFinity S7 is available in 27” and 32” options, each with UHD 4K (3840 x 2160) resolution, a brightness of 350 nits (Typ.) and a refresh rate of 60Hz. The ViewFinity S6 is available in 24”, 27” and 32” options, each with QHD (2560 x 1440) resolution, a refresh rate of 100Hz and a brightness of 350 nits (Typ.), including a USB hub and height-adjustable stand. The S60UD model also includes a built-in KVM switch and a USB-C port (up to 90W charging).

For more information on Samsung’s 2024 monitor lineups, please visit www.samsung.com

Leave a comment »

Why I Have Stopped Using The Bartender App On My Mac (And You Should Too)

Posted in Commentary on June 5, 2024 by itnerd

When I first got my 16″ MacBook Pro, one of the apps that I used to make my experience better was Bartender. I wrote about it here and I really liked the app as it minimizes what’s on my menu bar and is smart enough to surface icons when an action is required. However, I’ve stopped using this app for the following reasons:

  • Apparently the app sold roughly two months ago with nobody being told about it.
  • Then a Reddit thread appeared with screen shots from MacUpdater warning about the owners of Bartender being replaced.
  • Bartender’s new owners replied to the Reddit thread. But their answers seem suspect to many. Yours truly included. But the core message from the new owners is that there was a certificate change in the latest version and nothing more. By certificate change, I assume it’s the developer certificate.

This led to a Reddit user investigating the current version of Bartender versus the previous version put out by the previous owner of the app. What this user found isn’t reassuring:

That’s not good to say the least. That alone is a reason to uninstall this app ASAP. But actually, there’s one other reason that you should uninstall the app. More digging by Reddit users has found that the company who bought this app is a company named Applause, and in their FAQ, they say this:

So the way I read this, it appears on the surface that this company buys apps and never updates them. Instead they simply monetize the app as it is. That’s a major red flag to me. Thus I uninstalled the app this morning and I’ll spend some time researching alternatives as I would like to better manage my menu bar.

This whole situation highlights the fact that you need to be careful when you install apps on your computer. And you need to be on your toes in case a situation like this pops up. I say that because not being on your toes can end badly for you. On top of that, I now know that Applause exists, and I now know what their game is. And as a result you can be sure that I’ll be avoiding their apps going forward as they seem to be at best sketchy.

2 Comments »

Australian Food Services Provider Records Exposed in Data Breach 

Posted in Commentary with tags on June 5, 2024 by itnerd

Documents belonging to Patties Foods Limited, an Australian leading provider of food services, have been exposed as reported by cybersecurity researcher Jeremiah Fowler.

What happened:

  • 496,296 records, and a separate cloud storage database inside the logging records containing 25,800 invoices;
  • System errors, warnings, indexing operations, search queries, cluster health status, and other diagnostic data;
  • Documents also identified vendors, contacts, emails, and banking information such as account numbers, invoice amount, employee names, and even evidence of ransomware.

Why it matters: The database also contained tickets identifying support requests, technical issues, and communications between Patties Food Limited and Proveio.ai representatives that could potentially be misused for fraud or by malicious actors to exploit identified system vulnerabilities.

If you want to know more about Jeremiah’s findings and insights you can read the full report here: 

https://www.websiteplanet.com/news/pattiesfoods-breach-report

Leave a comment »

Horizon3.ai Revisits Fortinet FortiClient EMS to Exploit 7.2.X (CVE-2023-48788)

Posted in Commentary with tags on June 5, 2024 by itnerd

The Horizon3.ai Attack Research team has just published “CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X” which discusses the differences in exploitation between FortiClient EMS’s two mainline versions: 7.0.x and 7.2.x. Today’s post updates an SQL injection exploit analysis for Fortinet FortiClient EMS.   

Horizon3.ai Senior N-Day Vulnerability Researcher Luke Harding details exploitation obstacles and payload crafting between the two mainline versions of the software. It is an update to Horizon3.ai’s March 21, 2024 post “CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive” and POC which as it turns out only worked on 7.0.x versions.

Harding notes “When writing exploits for different versions of vulnerable software, the differences in the exploit are usually small, such as different offsets, renamed parameters, or changed endpoints. Exploitation of the 7.2.x attack path for CVE-2023-48788 was an interesting challenge, because the core vulnerability and endpoint being attacked were the same, but the code path traversed was largely different.”

Harding walks through the updated exploit in the post which is online now. 

Leave a comment »

New Appdome SDK Protection and Threat Streaming Service to End Third-Party Mobile Supply Chain Risk

Posted in Commentary with tags on June 4, 2024 by itnerd

Appdome, the mobile app economy’s one-stop shop for mobile app defense, today released a new mobile SDK protection and mobile threat streaming service, called Appdome SDKProtect™. Appdome SDKProtect is designed to end third-party, mobile supply chain risk and democratize mobile threat intelligence and telemetry data among mobile SDK developers. The new service enables mobile SDK developers to quickly and easily create protected and threat-aware versions of their mobile SDKs, reducing fraud and ensuring compliance.

Mobile SDKs play a critical role in the mobile app economy, enabling Android & iOS developers to integrate essential functions into their applications, such as payment and banking services, digital identity verification, analytics, advertising, and more. The widespread use of mobile SDKs also makes them a prime target for malicious actors seeking to exploit SDKs to create supply chain risks inside mobile apps or compromise mobile app security to perform identity fraud, account takeovers, SDK spoofing, data breaches or other attacks.

The new Appdome SDKProtect service provides mobile SDK vendors and developers with multiple options for mobile SDK protection. Appdome SDKProtect strengthens the security posture of third-party software development kits (SDKs) used in mobile app development against static and dynamic attacks, reverse engineering, IP loss and exploits. The service also makes Appdome platform’s rich mobile attack and intelligence data intelligence framework available to SDK providers to enhance the value of their SDK-based mobile services.

Appdome SDKProtect™ offers several levels of mobile SDK protection:

  • Threat-Shielding: Used to protect mobile SDK against reverse engineering and tampering by obfuscating and encrypting SDK data, strings, resources and preferences.
  • Mobile Risk Evaluation: Comprehensive coverage of SDK attacks, such as facial recognition bypass, root and Jailbreak detection, emulator detection, hooking frameworks, debuggers, Android debug bridge and more.
  • Threat Intelligence: Takes the power of Threat-Shielding and Mobile Risk Evaluation and combines it with two visibility and control options.
    • Threat-Streaming, which takes Threat Intelligence to the next level by providing real-time telemetry data that can be streamed to the SDK maker’s back-end to create specific outcomes when attacks happen.
    • Threat-Monitoring, which combines the protections with real-time attack monitoring and enterprise-grade intelligence via Appdome ThreatScope™ Mobile XDR.

The mobile Threat Intelligence packages leverage the power of Appdome Threat-Events™ in-app attack intelligence framework. The framework that empowers mobile developers with real-time event data and control for mobile SDKs.

Using the Appdome SDKProtect service is easy. Mobile SDK developers present the Appdome platform with a version of the mobile SDK (in Android .aar or .jar and iOS framework files), choose the level of protection to apply to the SDK and initiate the build command. Once selected, the Appdome platform builds the chosen protections into the mobile SDK. In just minutes, the protected mobile SDK is available for download and distribution by the mobile SDK developer to its customers.

Appdome SDKProtect is fully compatible with all mobile platforms, frameworks, and development languages. It seamlessly integrates with existing app development workflows and tools, requiring no changes to the SDK source code or development environment.

To learn more about Appdome SDKProtect, please visit https://www.appdome.com/sdkprotect/.

Leave a comment »

Ransomware Resurged In 2023 With 50 New Variants: Mandiant

Posted in Commentary with tags on June 4, 2024 by itnerd

In a report published by Mandiant on Monday, despite law enforcement operations against prolific ransomware groups such as ALPHV/BlackCat, ransomware activity increased in 2023 compared to 2022 with researchers observing 50 new ransomware variants and a third branching off of existing malware.

Researchers also saw a 75% increase in posts on ransomware groups’ data leak sites. This is consistent with a Chainalysis report stating that a record breaking $1bn was paid to ransomware attackers in 2023.

Code reuse, actor overlaps and rebrands have become common in the modern ransomware threat landscape. According to Mandiant, the increase in extortion activities is likely driven by factors including:

  • New entrants
  • New partnerships between groups
  • Ransomware services by actors previously associated with disrupted, prolific groups

Finally, Mandiant found that threat actors increased their reliance on remote management tools in ransomware operations, 41% in 2023 compared to 23% of intrusions in 2022.

Emily Phelps, Director, Cyware had this to say:

   “The proliferation of new ransomware variants and the surge in extortion activities reinforce the urgent need for a collective defense strategy. To get ahead of these threats, organizations must be enabled to share threat intelligence and defensive strategies. By adopting integrated solutions that facilitate seamless information sharing and collaboration, organizations can better defend against these sophisticated attacks and minimize the impact of ransomware on their operations.”

Given that I reported on an apparent ransomware attack as recently as this morning, this is something that requires a lot of focus. Because we’re on the edge of having ransomware get out of control. If it hasn’t already.

UPDATE: BullWall Executive, Carol Volk had this to say:

   “In promptly shutting down affected systems and reporting the incident to the SEC, Frontier demonstrated a solid response strategy. This approach, focused on containment and transparency, likely minimized the impact of the attack despite the sensitive data involved.

   “If the “containment they had in place was in fact a ransomware containment system, it would account for their quick turnaround in dealing with the breach.

   “This incident underscores the need for all organizations to have well-defined ransomware containment strategies. Frontier’s handling of the situation serves as a reminder of the critical importance of preparation and quick action in the face of cyber threats.”

Dave Ratner, CEO, HYAS adds this:

   “Preparation for this rise in ransomware requires more than confirming backups and checking configurations — without the implementation of cyber resiliency solutions, as suggested by everyone from CISA to the White House — organizations will remain vulnerable and susceptible.  The deployment of solutions like PDNS and others can be accomplished in short order, rapidly shift the tide, and should be done immediately.”

Leave a comment »

NIST Hires Outside Firm To Clear The Backlog In The NVD

Posted in Commentary with tags on June 4, 2024 by itnerd

Facing a growing backlog of reported flaws, NIST has announced a commercial contract with an outside firm to clear the backlog in its National Vulnerability Database (NVD). This was reported in a status update that was posted on May 29th:

NIST has awarded a contract for additional processing support for incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database. We are confident that this additional support will allow us to return to the processing rates we maintained prior to February 2024 within the next few months.

In addition, a backlog of unprocessed CVEs has developed since February. NIST is working with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to facilitate the addition of these unprocessed CVEs to the NVD. We anticipate that that this backlog will be cleared by the end of the fiscal year. 

Mike Walters, President and Co-Founder of Action1 has provided some insight on what resources the NVD would need to keep up with the number of vulnerabilities being reported:

“The National Vulnerability Database (NVD) plays a critical role in the cybersecurity landscape by cataloging and enriching vulnerability information. To keep up with the backlog, which now exceeds 10,000 vulnerabilities, NVD needs to address several issues and improve its operations.

First, the NVD must form a consortium to improve the program and, more importantly now, secure additional funding from federal agencies, the private sector, or public grants to cover the costs associated with scaling infrastructure, hiring additional staff, and purchasing necessary software tools. It is also important for them to obtain grants for AI and machine learning research to develop cutting-edge tools that can be integrated into the NVD workflow. Implementing advanced machine learning models and AI can help automate the initial triage and enrichment process of vulnerability reports. 

Second, NVD will need to hire a highly skilled team of security analysts, data scientists, and threat intelligence experts to operate and enhance the new AI tools that will help handle the growing backlog of vulnerabilities. These professionals can oversee automated processes, validate AI-generated insights, and handle more complex cases that require human intervention. 

Third, to collect and analyze data, the NVD will need to build stronger relationships with cybersecurity communities, including CVE Numbering Authorities (CNAs), private cybersecurity firms, academic institutions, and other threat intelligence platforms that can lead to more holistic and timely data sharing. 

Implementing a crowdsourcing model where verified contributors can submit and enrich vulnerability data could also help spread the workload and speed up the process. 

These are the key resources that NVD needs to manage the crisis.”

Hopefully NIST can get on top of this quickly. But with the amount of flaws that are and have been reported, that won’t be easy. But it is something that needs to be done.

UPDATE: Emily Phelps, Director, Cyware adds this comment:

   “It’s encouraging to see NIST taking proactive steps to address the backlog in the National Vulnerability Database. The current backlog highlights the increasing complexity and volume of vulnerabilities that organizations face today. Effective and timely vulnerability management is crucial for maintaining robust cybersecurity defenses.”

Leave a comment »

TELUS Launches Fifth And Largest #StandWithOwners Contest

Posted in Commentary with tags on June 4, 2024 by itnerd

TELUS is announcing the return of its #StandWithOwners contest for its fifth consecutive year with over $1 million in prizing, the largest prize pool in the program’s history. With Small Businesses accounting for 98% of all employers in Canada, TELUS is continuing its commitment to support and recognize the outsized impact business owners have on our communities and our economy.

Starting today through September 4, 2024, businesses are invited to apply at telus.com/StandWithOwners for their chance to win one of five grand prize packages. Each package is valued at over $200,000, including $50,000 in cash, $115,000 in advertising and national recognition, $25,000 in TELUS technology and a $10,000 TELUS Health well-being package. Additionally, 15 finalists will each receive $20,000 in funding and technology.

TELUS is seeking applicants that will demonstrate what makes their business unique, their use of technology to drive innovation, and a proven track record of growth. Additionally, applicants will be asked to show how the success of their business has made a meaningful impact on their local economies and communities.

The 2024 #StandWithOwners contest highlights TELUS’ continued dedication to championing Canadian businesses. Since 2020, TELUS has committed $5 million to #StandWithOwners, providing funding, advertising and technology to help businesses thrive in a digital world. As part of TELUS’ greater commitment to the growth of Canadian business, over $300 million has been invested to support owners, start-ups and leaders of tomorrow through the TELUS Pollinator Fund for Good and TELUS Ventures.

For more information and to apply for this year’s contest, visit telus.com/StandWithOwners.

Leave a comment »

BREAKING: London Hospitals Pwned In Cyberattack

Posted in Commentary with tags on June 4, 2024 by itnerd

This isn’t good.

In another example of health care being easy targets for threat actors, a number of London hospitals have apparently been pwned in a cyberattack. Sky News has the details:

King’s College Hospital, Guy’s and St Thomas’, including the Royal Brompton and the Evelina London Children’s Hospital, and primary care services were hit by the “major IT incident” involving pathology partner Synnovis, letters sent to NHS staff said.

Trusts reported the incident was having a “major impact” on the delivery of services, with blood transfusions particularly affected.

Some procedures and operations have been cancelled or have been redirected to other NHS providers as hospital bosses continue to establish what work can be carried out safely.

And:

The cyber incident is thought to have occurred on Monday, meaning some departments could not connect to their main server.

Several senior sources have told the Health Service Journal (HSJ) the system has been the victim of a ransomware attack.

This is why I keep saying that the health care sector needs to do better to protect itself. But on top of that, they need better funding to do so. The UK is in the middle of a general election so I am sure that this incident will come up on the campaign trail. But in the meantime, this is a devastating cyberattack that will have far reaching implications for weeks.

1 Comment »

Twitter Is Now Officially Home To Porn

Posted in Commentary with tags on June 4, 2024 by itnerd

TechCrunch has spotted that Twitter has updated their terms of service to now allow porn until the platform:

Over the weekend, X added clauses to its rules, formally allowing users to post adult and graphic content on the platform — with a few caveats. Users can now post consensually produced NSFW content as long as it is prominently labeled as such. The new rules also cover AI-generated videos and images.

The tweak to the rules is not a complete surprise, since X, under Elon Musk, has already experimented with formally hosting adult content with NSFW communities.

“We believe that users should be able to create, distribute, and consume material related to sexual themes as long as it is consensually produced and distributed. Sexual expression, visual or written, can be a legitimate form of artistic expression,” X’s page on “adult content” policies reads.

“We believe in the autonomy of adults to engage with and create content that reflects their own beliefs, desires, and experiences, including those related to sexuality. We balance this freedom by restricting exposure to Adult Content for children or adult users who choose not to see it,” the page reads.

My guess in terms of Twitter making this move is that Elon Musk is now going to use porn as a revenue source. Seeing as Twitter is now a private company, we don’t know how much Elon is hurting for cash. But seeing as he’s let racists, insurrectionists, and other low life scumbags back onto Twitter in a seemingly desperate attempt to make a few bucks, it’s not a shock that he’s letting porn officially onto Twitter. At least not to me.

Good luck with that Elon.

Leave a comment »

« Older Entries
Newer Entries »