Elon Musk to ask Apple to lower App Store fees on X subscriptions

0
[ad_1]

Elon Musk plans to ask Apple CEO Tim Cook to lower the App Store fees X pays on subscriptions purchased via iPhones. The X owner wants Apple to take a 30 percent cut of the subscription revenue it keeps after paying creators, rather than a 30 percent cut of the overall revenue. This would “maximize what creators receive,” he said in a lengthy post/tweet on Wednesday evening.

Apple charges a 30 percent fee on every in-app payment made on apps distributed through the App Store. This includes X subscriptions as well. If you subscribe to a creator on X using the iPhone app, only about 70 percent of the money you pay reaches the creator. Musk says this is a big loss for some creators who “live in tough circumstances.” He added that “even a few hundred dollars a month change their life.”

To ensure that, X will not keep a penny of subscription revenue creators generate for the first twelve months or even longer until the total payout exceeds $100,000. After that, it plans to take a ten percent commission. However, despite its efforts, creators lose money due to Apple’s hefty fees. Musk wants the iPhone maker to relax its policy for X subscriptions and help its efforts of supporting new and emerging creators on the platform.

Apple is unlikely to lower its App Store fees

There’s little chance Cook would entertain Musk’s request, though. The Apple CEO has fielded many such requests and public criticisms over the App Store fees over the years but never budged. Even Musk has previously called out the company publicly over its App Store policies. Matters got so worse at a point that the X owner accused Apple of threatening to withhold the app (called Twitter back then) from the App Store.

The duo eventually resolved the issue after a private meeting, with Musk later clarifying that the whole fiasco was a “misunderstanding.” However, he’s now back targeting Apple’s in-app payment policies. This time around, the world’s richest person is trying to persuade Cook by highlighting the need to support emerging content creators. Time will tell how the Apple CEO responds.

Both X and the creators would benefit if Cook accepted Musk’s proposal, though. While X won’t keep any subscription revenue for a year, a lower App Store fee means creators would reach a total payout of $100,000 sooner. X would then be able to keep ten percent of the revenue itself. The company’s ad revenue has reportedly dropped 50 percent in recent months, so any money would help.


[ad_2]
Source link

Elon Musk’s X faces copyright lawsuit in France over news content

0
[ad_1]

Elon Musk’s company, formerly known as Twitter, is facing a lawsuit in France for alleged copyright infringement. The Agence France-Presse (AFP) news agency shared that it has taken legal action against the social media platform. AFP claims that X has outright refused to discuss compensation for using AFP’s news content on its platform.


AFP is seeking an urgent court order in Paris to force X to provide the necessary information on how it reuses AFP’s content. This information is needed to calculate the amount of money AFP is owed under France’s neighboring rights legislation.


In 2019, the European Union made a decision to extend copyright law to include excerpts of news content that are shared on digital platforms. This means that using parts of news articles or content when sharing them online now falls under the scope of copyright protection in the EU.


After news of the lawsuit emerged, Musk responded in his typical manner by replying to the news tweet. It appears that he disagrees with AFP’s position.


Not only in the European Union but also in other regions, digital platforms are required by law to negotiate with publishers for remunerating news reuse. Canada recently passed the Online News Act, which also obliges tech platforms to negotiate with publishers for fair revenue sharing of their content.


In response to the Canadian law, tech giants Meta and Google have strongly opposed the measure and have hinted at the possibility of cutting off news availability in Canada instead of complying with the law. They previously used similar aggressive tactics in Australia, where they lobbied against the news bargaining code and pushed for amendments before it was eventually confirmed by lawmakers.

[ad_2]
Source link

Hackers Abuse AWS SSM Agent to Perform Malicious Activities

0
[ad_1]

Legitimate SSM agents can turn malicious when attackers with high-privilege access use it to carry out ongoing malicious activities on an endpoint.

Once compromised, the threat actors retain access to the compromised system, allowing ongoing illicit activities on AWS or other hosts.

Cybersecurity researchers at Mitiga recently discovered a new AWS post-exploitation technique. 

With the help of this new technique, threat actors run SSM agents as RAT on systems that are based on Windows and Linux. While this enables them to control the endpoints through a separate AWS account.

Abusing AWS SSM Agent

Amazon-signed SSM is a complete management system for admins that gives them the ability to manage the following things:-

AWS Systems Manager Agent (SSM) is widely used and comes pre-installed on many AMIs, which makes it a potential attack surface for hackers on a large pool of AWS instances.

Mitiga finds SSM agent can run in “hybrid” mode within EC2 limits, and this enables access to two key elements via attacker-controlled AWS accounts:-

SSM hybrid mode configures an AWS account to manage diverse machines like:-

  • Non-EC2
  • On-premise servers
  • AWS IoT devices
  • VMs across other cloud environments

Bash commands enable SSM agents to execute in non-associated AWS accounts, and SSM’s proxy feature allows traffic to pass outside AWS infrastructure.

Moreover, the complete exploitation chain depends on two scenarios, and here below we have mentioned them:-

  • Scenario 1: Hijacking the SSM agent
  • Scenario 2: Running Another SSM Agent Process

Abilities unlocked using the SSM Agent as a RAT

Here below, we have mentioned all the abilities:-

  • The SSM agent is signed by Amazon, so it’s initially trusted by Antivirus and Endpoint Detection & Response solutions.
  • Attackers don’t need to upload new RAT binaries since the SSM agent is already installed on the endpoint, avoiding AV and EDR products’ detection.
  • Threat actors can use their malicious AWS account as a C&C server which enables them to control the compromised SSM agent that makes their communication appear legitimate.
  • Attackers don’t need additional code for the attack infrastructure, as they rely solely on the SSM service and agent.
  • The SSM agent supports features like “RunCommand” and “StartSession,” giving attackers effortless control over the compromised endpoint from their AWS account, allowing them to manipulate it in various ways.
  • The SSM agent’s widespread installation in default AMIs within AWS increases the potential attack surface, providing more targets for threat actors.

Recommendations

Here Below we have mentioned all the recommendations:-

  • Reconsider adding SSM agent to AV or EDR allow list for security reasons.
  • To detect and respond to this malicious action effectively, make sure to integrate the detection techniques into your SIEM and SOAR platforms.
  • AWS security team suggests using the VPC endpoint for the Systems Manager to restrict command receipt from the original AWS account/organization.
  • Make sure to configure the System Manager service through a VPC endpoint.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

Xiaomi MIX Fold 3 image appears along with retail box

0
[ad_1]

The Xiaomi MIX Fold 3 will launch this year, and its image has just appeared, along with the phone’s retail box. The Xiaomi MIX Fold 3 will become the company’s third-gen book-style foldable.

Do note that the first and second-gen products were exclusive to China. We’re hoping things will change this time around, as Samsung does need more competition in global markets. If that does end up happening, Xiaomi will still launch the phone in China first, though.

The Xiaomi MIX Fold 3 image just appeared, along with the phone’s retail packaging

In any case, if you check out the two images shown below the article, you’ll see the phone itself and its box. Unfortunately, though, we only get to see the phone’s front side when folded. This seems to be a screenshot from the phone’s ‘About device’ section.

What we can see here is that the device will have a centered display camera hole on its cover display. You can also see its physical buttons, and its slightly curved glass that sits on the display.

The second image shows the phone’s retail packaging. It’s exactly what you’d expect, actually. The box is larger than the Xiaomi 13 Ultra’s, but the design element is the same. You’ll notice Xiaomi’s branding, the phone’s name here, and of course Leica’s logo too. The box itself has a dark gray color.

It will likely launch at some point this month

The Xiaomi MIX Fold 2 arrived on August 11 last year. That means that the MIX Fold 3 launch is likely not far off at this point. We don’t have a lot of information about the device just yet, but we do know what to expect.

The Xiaomi MIX Fold 2 was quite thin and compact for a book-style foldable. For a while, it was the thinnest book-style foldable out there. It’ll be interesting to see whether Xiaomi will be able to trump the HONOR Magic V2 in that regard.

Qualcomm’s Snapdragon 8 Gen 2 SoC will fuel this smartphone, while we’re expecting LPDDR5X RAM and UFS 4.0 flash storage to be included. Both of its displays will offer a 120Hz refresh rate, while we’ll also get truly fast charging here.


[ad_2]
Source link

Google shut down AI Test Kitchen apps to focus on the web

0
[ad_1]

Google has shut down its AI Test Kitchen mobile apps. It removed both Android and iOS versions of the app from their respective app stores (Google Play Store and Apple App Store) on Monday. The apps themselves stopped working a few hours later, prompting users to access the platform on the web.

“AI Test Kitchen has moved to the web,” a banner on the discontinued mobile apps reads. “This allows us to deliver more demos faster,” Google further explains. The banner contains a link to the web interface of the company’s AI experiment hub. In a statement to 9to5Google, a Google spokesperson reiterated that the apps have been shut down to ensure faster and easier updates for all users. It no longer needs to separately update the platform on Android, iOS, and the web.

AI Test Kitchen lets you try out Google’s AI experiments

Announced at Google I/O 2022 in May, AI Test Kitchen debuted in August of that year. The company described it as a public platform to “learn about, experience, and give feedback on emerging AI technology.” At launch, it offered three AI experiments powered by Google’s LaMDA (Language Model for Dialogue Applications): Imagine It, List It, and Talk About It (Dogs Edition).

Along with the web interface, Google also launched dedicated mobile apps for AI Test Kitchen on Android and iOS. It even announced a “Season 2” for the app in November. The company touted new AI experiments such as City Dreamer and Wobble, both of which were text-to-image generation tools. The former would let you build a city of your imagination, while the latter used AI to make an imaginary monster dance.

However, Google seemingly scrapped those plans as the new tools never arrived. Meanwhile, At Google I/O 2023 in May, the company added its AI music creation tool MusicLM to the AI Test Kitchen and simultaneously removed the existing experiments from the platform. MusicLM, which lets you create music using text prompts, is the only experimental tool currently available on Google’s AI Test Kitchen.

Google will likely add more new AI tools to the platform in the coming months. But you won’t be able to access them through mobile apps. You must visit the web interface to try the latest AI innovations from the tech giant. You can sign up for AI Test Kitchen here. “Our goal is to learn, improve, and innovate responsibly on AI together,” Google says.

Google AI Test Kitchen mobile apps shut down notice


[ad_2]
Source link

Meta releases an AI music generator that creates music from text

0
[ad_1]
Recently, Meta and Microsoft joined forces to introduce the new Llama 2 – a next-generation large language AI model, resulting in Mark Zuckerberg’s company working on several generative AI tools for Instagram, including one that helps identify AI-generated content. Such a tool might be more needed than we thought, as Meta has now introduced its latest project.

In a blog post, Meta introduced its latest AI tool, AudioCraft, which generates, according to the company, high-quality, realistic audio and music from text. The company says this tool would help, for example, “a small business owner add a soundtrack to their latest video ad on Instagram with ease.”


So this might also mean no more browsing through different songs for hours before uploading a Reel. You might just have to write down what type of music you need, and the AI tool will generate it. Not sure how artists would feel about that, though.


AudioCraft is still not rolled out on any of the Meta-owned social media platforms, but maybe it is just a matter of time before the AI tool becomes just another feature we can use daily. For now, Meta is releasing AudioCraft as open-source code. The company says that the goal is to allow researchers and practitioners to train their own models with their own datasets and help advance the field of AI-generated audio and music.


AudioCraft is a collection of three models: MusicGen, AudioGen, and an improved version of EnCodec. MusicGen is an audio generation model designed for creating music. It was trained on a large dataset of around 400,000 music recordings, including text descriptions and metadata, totaling 20,000 hours of music owned by Meta or licensed for this specific purpose.


AudioGen is an AI model capable of text-to-audio generation. By providing a written description of an acoustic scene, the model can produce realistic environmental sounds that match the description, complete with complex scene context and lifelike recording conditions. The EnCodec decoder ensures higher-quality music generation with fewer issues.

 
According to Meta, “responsible innovation can’t happen in isolation.” The tech giant also says that its models’ training datasets lack diversity, especially in terms of music styles and language. By sharing the code for AudioCraft, Meta aims to enable other researchers to test new methods to reduce bias and misuse in generative models.


The tech giant also shares that it is excited to see the creative outcomes people will produce using its method. You can already hear hundreds of samples that the AI tool generated, from 80s disco through jazz instrumentals to, for example, a male speaking with many people cheering in the background.


[ad_2]
Source link

Keychron is making a gaming keyboard with modular customization

0
[ad_1]

If you’ve not heard of the Lemokey L3, you might want to sit up and take notice of this gaming keyboard. It’s being made by Keychron and will be the company’s first proper gaming keyboard under its new premium gaming division. While you can’t get the Lemokey L3 just yet, it’s up for pre-order now through Kickstarter and is worth a look. Keychron is best known for its collection of mechanical keyboards offering great customization options, hot swappable switches and more.

And while it does have some gaming keyboards available, none of them are like the Lemokey L3. At first glance it just looks like another cool keyboard from Keychron. But give it longer than a glance and you’ll start to pick up on all the neat little details. Like the programmable knob and macro column on the left side.

The L3 also features hot-swappable switches, and it’s built using a double gasket design for added durability. Of course, the full aluminum frame certainly helps with that. These features are just the tip of the iceberg too.

The Lemokey L3 gaming keyboard features 2.4GHz wireless with a 1000Hz polling rate

Wireless gaming keyboards aren’t as bad as they used to be. Far from it actually. But that doesn’t mean any company making them can start slacking on giving them the best connection capabilities possible. Keychron is promising a 1000Hz polling rate with the Lemokey L3 that “ensures seamless and ultra-responsive gaming.”

If the keyboard is able to live up that, then this is an important factor. Because the last thing you want is your keyboard lagging right at the most critical moments in games. Additional features include a sound dampening layer to keep the keys from sounding too loud and the ability to connect it to up to three different devices.

It also comes in three different color options, which are Space Silver, Carbon Black, and Navy Blue, and don’t worry about RGB backlist keys because it has those as well. Keychron says the keyboard is estimated to ship around October of this year. The project has already earned more than double its funding goal too, so those who back the project should expect it to arrive on time.


[ad_2]
Source link

YouTube is testing new AI generated video summaries

0
[ad_1]

Ever since its introduction late last year, generative AI has quickly found its way into a lot of industries. Now, in line with these efforts, YouTube has begun the testing of a new AI-generated video summaries feature which, as the name suggests, will provide a brief overview of a video’s content without replacing the existing descriptions written by humans.

Although currently limited to only a few English-language videos and similar to the web page summaries of the Bing AI chatbot, the feature primarily aims to help viewers quickly assess whether a video aligns with their interests, thereby saving valuable time. However, it is important to note that this feature will be exclusive to YouTube Premium members.

“​​We are testing a new feature for viewers that uses generative AI to create summaries for YouTube videos. We frequently test new features before they are officially launched so that we can build and refine the best experience for our viewers and creators,” said Jamie, a Google spokesperson, in a statement to TheVerge.

Broader plans to integrate AI

Google says their primary motivation behind leveraging AI was the sheer volume of content people upload on YouTube, which made it impossible to use manpower in order to summarize every video. Additionally, as the testing phase continues, YouTube is likely to gather valuable insights from user participation and feedback, further enhancing its recommendation algorithm. Moreover, Google is also planning to use this generative AI to summarize user reviews for apps on the Play Store.

While this development in AI-generated video summaries is exciting and could prove beneficial to YouTube users, AI systems still face reliability issues and are prone to generating false information. Therefore, for this new feature to succeed, Google will need to address these concerns and ensure that misinformation does not affect a video’s performance.


[ad_2]
Source link

Google Chrome update brings useful search improvements on mobile

0
[ad_1]

Google announced this week that improvements to search features are rolling out to Chrome mobile. Some of these new features will only be available on Android, while others will be available on both iOS and Android devices.

The most important one is related to search. Depending on whether or not a website is compatible with this new Chrome feature, you’ll be able to see relevant search suggestions when you click on the browser’s address bar. A new section called “Related to this page” shows up when you click on Chrome’s address bar to provide you with suggestions for other searches related to the page you’re currently reading.

It makes searching for more information about what you’re reading much easier and completely removes the need to open a new page and type new search words that might or might not give you the answers you need.

If you love knowing what’s trending at any given time and you own an Android device, you can now see trending Google searches directly in the Chrome address bar. You can just simply open a new tab in the browser, tap the address bar and scroll down to see what’s trending.

Clicking on a trending search will allow you to see search results for that topic and even learn more about it. Although this feature is not yet available for iOS users, Google says that it will release it later this year.

Another useful addition to Chrome is not really a new feature but an improvement to an existing one. Touch to Search, a feature that allows users to quickly search a word or phrase directly from a webpage, is getting a small upgrade.

Android users can now find related searches using Touch to Search. When you now tap and hold on a word, you’ll get a carousel at the bottom of the webpage that shows related searches. This is only available on Android.

Finally, the search suggestions feature on Chrome for iOS is getting a small upgrade too. Instead of six suggestions showing up when you start typing in the Chrome address bar, you’ll now be given 10. Of course, the most relevant will appear at the top, but you can scroll down for more options if you’re not content with what you get. This feature is already available on Android, but iOS users can now enjoy it too.


[ad_2]
Source link

Over 600+ Citrix Servers Hacked To Install Web Shells

0
[ad_1]

A critical remote code execution (RCE) vulnerability identified as CVE-2023-3519 has been the subject of several attacks, which have already compromised and backdoored hundreds of Citrix Netscaler ADC and Gateway servers.

Attackers used web shells on at least 640 Citrix servers in these attacks, according to security experts from the Shadowserver Foundation, a nonprofit organization focused on advancing internet security.

Previously, the vulnerability was used as a zero-day attack on the network of a critical infrastructure organization in the United States.

“We can say it’s fairly standard China Chopper, but we do not want to disclose more under the circumstances.

I can say the amount we detect is much lower than the amount we believe to be out there, unfortunately,” Shadowserver CEO Piotr Kijewski said.

​”We report on compromised appliances with webshells in your network (640 for 2023-07-30).

We are aware of widespread exploitation happening July 20th already,” Shadowserver said on their public mailing list.

“If you did not patch by then please assume compromise. We believe the actual amount of CVE-2023-3519 related web shells to be much higher than 640.”

Around 15,000 Citrix appliances were CVE-2023-3519 attack-vulnerable as of around two weeks ago.

That number has now decreased to below 10,000, showing some improvement in the vulnerability’s mitigation. Most of the servers are located in the United States and Germany.

Map of compromised Citrix servers

Specifics of the Ongoing Attack

Customers were alerted by Citrix last week that the NetScaler Application Delivery Controller (ADC) and Gateway CVE-2023-3519 (CVSS score: 9.8) vulnerability is being actively exploited in the wild.

The flaw is a code injection vulnerability that might lead to unauthenticated remote code execution.

The issue mostly affects unpatched Netscaler appliances configured as gateways (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or authentication virtual servers (AAA server).

Threat actors used this vulnerability as a zero-day in June 2023 to install a  web shell on a critical infrastructure organization’s NetScaler ADC appliance.

The web shell allowed the actors to find the victim’s active directory (AD) as well as gather and exfiltrate AD data.

The attackers attempted to move laterally to a domain controller, but the appliance’s network-segmentation restrictions prevented them from doing so.

“In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical infrastructure organization’s NetScaler ADC appliance,” CISA said.

“The web shell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data.

The actors attempted to move laterally to a domain controller, but network-segmentation controls for the appliance blocked movement.”

Citrix issued security updates to address the RCE vulnerability on July 18th, confirming that exploits have been seen on susceptible appliances.

“Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.” reads the report published by Citrix.

Citrix fixed CVE-2023-3519 together with CVE-2023-3466 and CVE-2023-3467, two high-severity flaws that might be used to escalate privileges to root and conduct reflected cross-site scripting (XSS) attacks.

CISA gave U.S. federal agencies until August 9 to safeguard Citrix servers on their networks in response to continuous attacks.

Similar Citrix Netscaler ADC and Gateway vulnerabilities have previously been used by ransomware gangs, such as REvil and DoppelPaymer, to breach corporate networks.

In light of this, the company strongly advises concerned customers to install the necessary updates as soon as feasible.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link