Tag Archive for: decade

Flashback: a decade of Google Nexus/Pixel prices and software updates

/in


The Nexus 4 was a groundbreaking phone – a near flagship for $300. Okay, it did have its quirks, e.g. no LTE support (though that wasn’t as important back in 2012), storage was limited too. Instead of focusing on just one phone we wanted to look at the trends in Google’s phone line-up.

We mentioned the price of the Nexus 4 and we’ll see what happened to the “flagship killer” status of the series. This series is all about exploring a well recognized trait of a particular brand or series – and we think that software support is one of the defining features of the Nexus and Pixel phones.

Flashback: a decade of Google Nexus/Pixel prices and software updates

The Nexus phones were affordable at first, especially if you waited a few months. The Nexus 4 dropped as low as $200 at one point. The Nexus 5 got price cuts as well. Then came the Nexus 6 – its $650 price tag made many fans unhappy. It was still an excellent phone and it influenced Google’s approach to handsets.

The following year in 2015 the Nexus line was split into two models that we’ll call “base” and “pro” for consistency. That was also the last of the Nexus line, Google started fresh with the Pixel phones.

Those gradually increased in cost over the years, peaking in 2018 and 2019 with the Pixel 3 and 4 at $800 and Pixel 3 XL and 4 XL at $900. After that Google changed course and lately the price of the small model has been falling, going down to $600 with the Pixel 6. The Pixel 6 Pro is still $900, though.

Flashback: a decade of Google Nexus/Pixel prices and software updates

Interestingly, the increased prices didn’t hurt the performance of the Pixel phones on the market. The opposite, in fact, as Google’s 2019 shipments surpassed previous years by quite a margin. Note that the image below shows cumulative shipments of all Pixel phones, but it clearly looked like Google is on the right path. The company allegedly had big plans for the Pixel 6 series too, planing to produce 7 million, more than any other series. However, Google isn’t one to talk about sales, so we don’t actually know how well the 6-series did (we’ll have to wait for analysts to figure that out).

Flashback: a decade of Google Nexus/Pixel prices and software updates

We will get back to pricing in a moment as we haven’t covered the “Pixel a” series whose main goal is to offer a Google phone on the cheap. How much…

Source…

Previously Undiscovered Team of State-Sponsored Chinese Hackers, Has Been Quietly Committing Cyber Espionage in the APAC Region for a Decade

/in


A new advanced persistent threat (APT) group linked to China has been discovered by SentinelLabs, but only after conducting cyber espionage campaigns under the radar since 2013. The Chinese hackers have been given the name “Aoqin Dragon,” appear to specialize in targeting the Asia Pacific region and likes to lure victims with malicious documents that appear to be salacious ads for pornography sites.

Stealthy Chinese hackers focused on Australia and Southeast Asia

The cyber espionage group is thought to have been in action since at least 2013, with a heavy focus on certain APAC countries and regions: Australia, Cambodia, Hong Kong, Singapore, and Vietnam. The group also focuses in on government agencies, educational institutions and telecommunications firms, and appears to target individuals involved in political affairs.

The group’s favorite approach is a fairly simple one, and has remained consistent over the years: get the victim to open malicious documents, such as PDF and RTF files. Since 2018 the group has also been observed utilizing fake removable devices via bogus shortcut files delivered to victims using Windows computers; when targets attempt to open the fake device in Windows Explorer, the Evernote Tray Application is hijacked to load a malicious DLL that quietly creates a backdoor for the attackers. The group has also been observed using fake antivirus executables.

The Chinese hackers have shown some connections to another threat group, referred to as “UNC94” (or “Naikon”) by Mandiant, that has been tracked for some years now and has also shown links to the Chinese government in its operations. Both groups employ advanced tactics, such as DNS tunneling and the use of Themida-packed files to create a virtual machine that can evade most malware detection.

The link to the Chinese government is based primarily on the group’s use of Chinese language in its malware and the targets of its cyber espionage, which are almost always of clear political interest to the CCP. The group is also not noted for engaging in the for-profit activities or target selection that would be expected of a criminal outfit.

Cyber espionage targets, tools and tactics point to low-key…

Source…

Computer security experts scramble to fix ‘vulnerability of the decade’

/in


WASHINGTON — Criminals, cyber spies, and hackers around the world are launching thousands of attempts every hour to exploit a flaw in a widely used logging software as cybersecurity experts are scrambling to close the loophole and prevent catastrophic attacks.

In early December, a security researcher at Chinese online retailer Alibaba discovered and reported the software flaw in a widely used tool called log4j. The open-source tool is a Java-based library developed by Apache that software developers use to track activity within an application.

Every time anyone on the internet connects to a site, a cloud-service provider, or others, the company managing the site or the service captures data about the activity and stores it in a log. Hackers are now attempting to break into such logs and launch attacks.

“We have kind of what I call a threefold problem here,” said Steve Povolny, principal engineer and head of advanced threat research at McAfee Enterprise. “The simplicity of the attack, the ubiquity of vulnerable installed base, and the wide availability of exploit code really combine to make this … maybe the vulnerability of the decade.”

Although Apache has offered a patch to fix the flaw, companies and government agencies use many versions of the log4j tool and are trying to figure out which fix works with what version, Povolny said. But as of late last week, security researchers have identified that a fix known as version 2.16 “effectively solves the problem,” he said.

Nevertheless, as companies and government agencies around the world attempt to fix the problem there’s “no question that this has been and is going to continue to be further weaponized,” Povolny said.

The widespread vulnerability marks a bookend to a year notable for significant cyber and ransomware attacks. At the start of 2021 the world began to grapple with the consequences of a sophisticated Russian attack on SolarWinds, a software management company, which was discovered in December 2019. The attack exposed dozens of U.S. agencies and thousands of companies to potential exploitation by Russian intelligence services.

In the months since, ransomware attacks crippled pipeline operator Colonial Pipeline and…

Source…

Cyber Experts Scramble to Assess Scope of ‘Hack of a Decade’

/in


News Highlights: Cyber Experts Scramble to Assess Scope of ‘Hack of a Decade’.

US government cyber experts are furiously working in secure offices around the world, scouring computer traffic to find out which federal systems have invaded the sweeping cyber-espionage attack that the FBI warned this week was “important and ongoing.” is. Suspected Russian hackers have broken into sensitive US government computer networks, from the Pentagon to the Department of Energy, as well as US private companies, poking around and likely reading emails and collecting data.

The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security called the attack, which began in March or possibly sooner, “a serious risk” to the US government. Experts from both the government and US private companies compromised in the attack take entire sections of their computer networks offline or quarantine them for a deeper forensic dive to find out what was copied or taken, and whether the hackers left behind malware code .

The hackers used a little-known but widely used software program called Orion, created by cyber company SolarWinds, whose client list includes the Office of the US President, the Pentagon, NASA, NSA, all five branches of the US military, and most of the Fortune. 500 companies, including the ten largest US communications companies.

The Austin, Texas-based company then deleted its customer list from its website report the hack may have affected some 18,000 customers. The company says it “has been informed that the nature of this attack indicates that it may have been carried out by an outside nation-state” and is encourage customers to update their systems to remove the threat. The company did not immediately respond to the request for comment. CISA referred adding to the attackers as “a patient, well-resourced and focused adversary” that the Orion software vulnerability was not the only way it attacked, but refused to share further details.

Since it was first reported by Reuters Sunday, the known size of the hack is growing every day. So far, government agencies, including the Ministries of Trade and Energy, are among those confirmed to be…

Source…