Google Pixel 4 & 4 XL get final update w/ February security patch


Google has updated the Pixel 4 and Pixel 4 XL for what will likely be the final time, bringing the two phones up to the February 2023 security patch.

First released in 2019, the Google Pixel 4 series received three years of monthly Android security updates and Pixel-specific improvements, including the full update to Android 13 last August. Traditionally, for flagship Pixel phones, Google releases one final update after the monthly updates expire, and the Pixel 4 is no different.

Today, side by side with the broader February 2023 update for current Pixel phones, Google rolled an update to owners of the Pixel 4, the first such update since October 2022. The update brings the security improvements of the February 2023 Android Security Bulletin, and likely not much else. Judging from the build number — which starts with “TP1A” instead of “TQ1A” — the new Pixel 4 update does not bring the improvements of Android 13 QPR1, released in December.

This likely final Pixel 4 update should be rolling out now through carriers and can also be downloaded and installed manually.

  • Pixel 4: Android 13, TP1A.221005.002.B2, Feb 2023
  • Pixel 4 XL: Android 13, TP1A.221005.002.B2, Feb 2023

Down the line, if the need arises, it’s possible Google may launch an additional patch for the Pixel 4 and Pixel 4 XL, as the company has done in the past. Regardless, it’s time to bid a fond farewell to a phone that dared to do things differently — with its Soli motion sensors — and the first Pixel phone to introduce face unlock support.

More on Pixel:

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

Source…

Attack Vector vs Attack Surface: The Subtle Difference


Cybersecurity discussions about “attack vectors” and “attack surfaces” sometimes use these two terms interchangeably. However, their underlying concepts are actually different, and understanding these differences can provide a better understanding of security nuances, allowing you to improve your organization’s security by differentiating between these terms.

This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two concepts and establish a more mature security posture.

Attack vector vs. attack surface

Most simply, an attack vector is any means by which an attacker can infiltrate your environment, whereas attack surface refers to the collective vulnerability that these vectors create. Any point that allows data to pass into your application or network represents a potential attack vector. Identities, networks, email, supply chains, and external data sources such as removable media and cloud systems, are all exploitable channels that a malicious actor may use to compromise your sensitive data or personal information. This also means that any system update or release could create new attack vectors.  

Common attack vectors

Rapid technological change means that some of these attack vectors will fall out of favor with hackers and become less common. Nonetheless, some choices have been consistently common and will likely remain so.

Social engineering via email
Email attachments remain one of the most common vectors of the last 30 years. 

Consider a situation in which you receive an email with the subject: “Please correct your tax form to receive your next paycheck.” This sender’s address seems to be from your boss or HR department, and the email contains an attachment called W2.pdf. 

This type of email originates from an attacker using a spoofed return address to appear legitimate and trustworthy. However, what appears to be a PDF file may in fact be an executable file (W2.pdf.exe) containing a Trojan horse virus. If you open the file using an insecure PDF reader, you might execute the Trojan, infecting your system. 

An attack like this is an example of a social engineering attack, which…

Source…

More than 20 million Android users urged to delete three apps right now


If you entered 2023 with a fitness-focused new year’s resolution, you might be among the millions who have downloaded active apps to stay motivated.

But cyber experts are now warning that dodgy developers could be exploiting your health kick.

WATCH THE VIDEO ABOVE: Queen’s Brian May warns fans his Twitter account has been hacked.

Watch the latest news and stream for free on 7plus >>

Three apps that claim to track and encourage healthy habits are actually serving advertisements and lies.

Pedometer and health tracking apps have been flagged by anti-virus company Doctor Web for claims that users can accrue virtual rewards which can then be exchanged for real money and online gift cards.

However, the developers have removed the applications’ functional ability to withdraw payment in a later update, which effectively means that users attempting to earn money using the app will find their balance becomes worthless.

Apart from being told they can earn these ‘virtual rewards’ by performing fitness tasks, users are also constantly served advertisements and actually encouraged to boost their reward balance by watching them.

The deceptive update was detected in three apps including Lucky Habit: health tracker, which has the same command-and-control (C&C) server as two fitness apps: WalkingJoy and Lucky Step-Walking Tracker.

“This might indicate that they are all connected and that at any moment ‘Lucky Habit: health tracker’ and ‘WalkingJoy’ users may also lose all hope of receiving payments,” Dr Web reports.

All three applications were previously available for download on the Google Play Store, boasting average star ratings above 3.9 stars. However, at the time of writing only Lucky Habit: health tracker was available for download.

The apps had been downloaded over 20 million times cumulatively.

Experts have found that fitness app Lucky Habit, and two associated apps, have been scamming Android users. Credit: Dr Web

The apps’ users are told they need to collect two million “coins” to withdraw the cash equivalent of around $35, but once they have reached the required balance they are prompted to watch 30 more advertisements in order to make a withdrawal.

But after that, no…

Source…

US agency calls Apple, Google App Stores ‘harmful’


Apple appears to have been given yet another set of reasons to expand its legal team as the US National Telecommunications and Information Administration (NTIA) calls for antitrust action to force Apple and Google to make big changes to their mobile app store business models.

What’s the problem?

NTIA is the principal advisor on telecommunications and Internet policy to the Biden administration. It argues that the way things are run at present may be “harmful,” arguing that Google’s and Apple’s “gatekeeper” positions may harm consumers by raising prices and reducing innovation.

Among a raft of criticisms, the agency argues that some restrictions favor some apps over others. “In some areas, such as in-app payments, it is unclear how the current system benefits anyone other than Apple and Google,” NTIA says.

While it does concede the existing status quo has provided a range of benefits to app developers and users, the regulators still want to force both ecosystems to open up to greater competition.

The criticism does at least pay some lip service to Apple’s strong arguments concerning security and privacy and how its stores provide both, but on the strength of 150 conversations seems to think those should become a “feature” (see below).

It’s about ‘fairness’

Following President Biden’s Wall Street Journal piece in which the president called for a bipartisan approach to reeling in the Big Tech firms and how they use personal data, this is the icing on the cake of criticism from regulators worldwide concerning both companies’ business practices.

Source…