YouTube’s upcoming tools for Shorts: easily convert horizontal videos into Shorts

0
[ad_1]
YouTube launched Shorts two years ago and offered users the opportunity to create and share short videos, much like TikTok and Instagram. Shorts allow creators to share 60-second videos or snippets from their longer content. Since its launch, Shorts has gained significant popularity, attracting over 2 billion monthly users who actively watch YouTube Shorts.Recently, YouTube announced the release of six new creating tools for Shorts, scheduled to be rolled out in the next few weeks. Among the most promising tools is the ability to transform horizontal videos into vertical Shorts. This feature is currently being tested. It enables creators to adjust the layout, zoom, and crop the selected video segment and offers split-screen effects, allowing users to retain essential parts of their longer videos.Another tool, called Colab, will allow creators to record Shorts in a side-by-side format with other YouTube or Shorts videos. This feature offers various layout options, such as vertical split-screen or horizontal arrangements.

And for those of you who prefer to go live and share your experience right away, YouTube is now testing a vertical live experience, which will allow creators to get discovered right in the Shorts feed. Viewers who are part of the test can see sneak peeks of these vertical live videos mixed into the Shorts feed. If you are one of them, all you have to do is tap on the experience, and you’ll be taken to a scrollable feed of other live videos.

YouTube is currently testing two more tools, set to be released in the following weeks. The first tool offers a way to simplify your video creation with suggestions. The second tool provides an option to save Shorts to playlists. Both of these tools will assist creators in gathering effects or music they wish to use in their future videos.

All these new tools that YouTube is now testing will roll out on the mobile app only, at least for now.


[ad_2]
Source link

Beware! Hacker-Sold macOS HVNC Tool Allows Complete Takeover

0
[ad_1]

Threat actors targeting macOS have increased lately as there were several cases of macOS information stealer malware found in the past, and many are being currently exploited in the wild. 

According to reports, there was a new macOS malware found that is capable of taking over the complete macOS system without any permission required from the user end. This malware was found on a Russian hacking forum called “Exploit”.

HVNC (Hidden Virtual Network Computing)

Virtual Network Computer (VNC) is a technology that allows remote control over another system over a network which is clearly visible to the user on what kind of actions are being performed on the user’s computer from the controller end.

It has been useful for technical support on remote location systems.

However, HVNC varies only on a single element: the activities performed by the controller end are not visible to the user.

The remote sessions, the controlling activities, and the software being installed are completely unknown to the user.

[$100,000 – macOS Secure-WebSocket HVNC]

Recently an HVNC (Hidden Virtual Network Computing) tool was discovered, which requires a $100,000 deposit to acquire the tool.

As the publisher claims, the tool is capable of providing a reverse shell, remote file manager, sensitive data stealing, and persistence on the victim’s system.

macOS HVNC post on “Exploit” forum (Source: Guardz)

This tool has been available since April 2023 and was provided a technological update in July 2023.

The owner of this post, “RastaFarEye,” has been active since May 2021 and has a previous record of many HVNC variants for Windows, cryptocurrency targeting malicious software, and Extended validation certificate creation services.

Updates on the MacOS HVNC (Source: Guardz)

Escrow based Selling

The “$100,000 deposit” indicates the money kept in the escrow account of the forum administration, which acts as insurance for the buyers in case the sold product is not as described on the post. The higher the deposit money, the more legitimate the seller is.

There was another account under the name “Rodrigo” that posted that the threat actor has been working for more than 6 months on macOS information-stealing malware, reads the report shared by Guardz.

It seems like there have been several threat actors who were working to target macOS systems for malicious purposes.

It is recommended for Small Business Owners and Managed Service Providers to keep up-to-date information on the cyber security community for the latest versions of malware and protect themselves from getting exploited.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

Samsung shows us Galaxy Z Flip 5 cases in new video

0
[ad_1]

Samsung has decided to show us its lineup of official Galaxy Z Flip 5 cases in a new video. This video popped up on Samsung’s main YouTube channel, and it has a duration of less than a minute.

Samsung posted a new video to show us all official Galaxy Z Flip 5 cases

The company goes through the list of cases rather quickly, but it shows just enough to pique interest. Four cases are presented here, first one by one, and towards the end of the video you can see them all in one shot.

The cases we’re talking about (in no specific order) are Flap Eco-Leather Case, Silicone Case with Ring, Clear Gadget Case, and the Flipsuit Case. All of them offer rather decent protection for the Galaxy Z Flip 5.

Galaxy Z Flip 5 official cases lineup image 2

The Flap Eco-Leather Case, for example, is made out of leather, and it’s probably one of the most premium-feeling cases out there. The Silicone Case with Ring has a soft-touch feel, and a ring for easier grip on the back.

On the other hand, the Clear Gadget Case comes with a ring that you can pull out of its dock on the back, while the Flipsuit Case is the simplest one on offer here.

The cheapest official case is priced at $49.99

We’ve talked about all of these cases in our ‘Everything you need to know’ article when the Galaxy Z Flip 5 launched. Their prices range from $49.99 for the Clear Gadget case, to $89.99 for the Flap Eco-Leather Case. Do note that these price tags are for the US, the cases have different prices in other regions, of course.

Needless to say, there are a ton of third-party offerings out there too, in case you don’t prefer any of Samsung’s cases. Otterbox announced its lineup, as did Caseology, UAG, and many other case makers. There’s plenty to choose from out there.


[ad_2]
Source link

Qualcomm Snapdragon 8 Gen 4 to use custom Nuvia CPU cores

0
[ad_1]

Qualcomm’s $1.4 billion acquisition of chip startup Nuvia, which specializes in CPU and technology design, in March 2021 may come to fruition next year. Rumors are that the company will use its in-house Nuvia CPU cores in its 2024 flagship chipset, the Snapdragon 8 Gen 4. This year’s Snapdragon 8 Gen 3 will rely on ARM’s cores.

Rumors of Qualcomm using Nuvia cores in its flagship processors starting in 2024 first emerged in May. A noted tipster, who goes by the username Digital Chat Station on the popular Chinese social media platform Weibo, claimed that the Snapdragon 8 Gen 4 will be an octa-core chipset with a 2+6 dual-cluster CPU arrangement featuring Nuvia cores. The tipster also revealed the chip’s model number SM8750.

The same source has now shed a little more light on Qualcomm’s 2024 flagship processor. We now have the names of the CPU cores developed in-house by the company, i.e. by Nuvia. Those are called Phoenix. The Snapdragon 8 Gen 4 will feature two Phoenix L cores and six Phoenix M cores. They added that Taiwanese foundry giant TSMC will manufacture the chip using its improved 3nm fabrication process (N3E).

Snapdragon 8 Gen 4 will feature only two prime CPU cores

All major chip companies currently use ARM’s Cortex-branded CPU cores in their smartphone processors, including Qualcomm. Samsung experimented with custom Mongoose cores in its Exynos processors but it didn’t work. It stopped the practice and went back to stock ARM solutions a few years back.

With the growing demand for faster processors, these companies have gradually started using more high-performance CPU cores. For example, the upcoming Snapdragon 8 Gen 3 (octa-core chip) is rumored to feature an unusual quad-cluster CPU arrangement with only two base cores. However, none of them have been able to deliver a comparable performance to Apple’s A-series and M-series chips, let alone surpass them.

Qualcomm seemingly using only two prime CPU cores in its Nuvia-powered Snapdragon 8 Gen 4 suggests fully custom solutions would do the trick. There are already rumors that it’s faster than the Apple M2. Of course, the two chips will be multiple generations apart when Qualcomm’s solution arrives in late 2024. But a deviation from stock ARM cores might be the right way for chip companies to challenge Apple.

Samsung is also working on a custom processor for its Galaxy flagships. It’s unclear whether the Korean firm will develop custom CPU cores or use stock ARM solutions. However, the new chips will be optimized for Galaxy devices from the development stage. So Samsung might be able to deliver better performance than its current general-purpose Exynos processors that it also supplies to other brands. Samsung’s custom chip may debut in 2025.


[ad_2]
Source link

Google’s fall surprise: Fitbit app to get a total redesign

0
[ad_1]

Ever since Google bought Fitbit, the Fitbit app has been going through changes, and now it appears that the app is receiving a total redesign this fall.

Google announced in a blog post that the Fitbit app is getting a new design later this fall. Some users may have already had a glimpse of it since starting from August 1st, select Fitbit users are being invited to try out the app in a limited beta and share their feedback before it becomes available to everyone.

The updated Fitbit app will feature 3 new tabs: Today, Coach, and You. These new tabs will allow you to easily check your daily goals and metrics, discover inspiration and guidance, and get personal details on your achievements and progress.

The Today tab will offer a quick overview of top stats and customizable metrics to track health goals with improved visualizations.

The Coach tab will provide motivating health and fitness content, including curated workouts and mindfulness sessions. Fitbit Premium subscribers will gain access to content like High-Intensity Interval Training (HIIT) and dance cardio classes and will find it easier to discover content through filters for specific goals and preferences.

The new You tab will allow you to customize personal details and goals, keep track of achievements with new badges, review your progress, access assessments, and reports, and stay connected with important people in your community.

The redesigned app will receive a visual refresh with a refined color palette, updated icons, and consistent charts, along with easier ways to track health on your phone without a Fitbit device. It will also have improved accuracy for tracking walks, runs, and hikes on the phone.

The app will also get updated security and privacy data settings, and, more importantly, Fitbit data will be kept separate from Google ads data and not used for targeted advertising.

Just recently, an anonymous Google insider leaked exclusive watch faces for the Pixel Watch 2, and from what we see in the images of the redesigned Fitbit app, they share some similarities, at least in terms of the color palette.

We expect the next-gen Google Pixel Watch 2 to be released this fall, along with the new Pixel 8 lineup, and the redesigned Fitbit app might be launched at the same time. After all, Google owns Fitbit, and the Pixel Watch 2 will probably have Fitbit integration.


[ad_2]
Source link

Cloud Service Provider Cloudzy Accused of Aiding Ransomware and APTs

0
[ad_1]

In Summary

  1. Report by Halcyon, a Texas-based cybersecurity startup.
  2. Cloudzy is registered in the USA but based in Iran.
  3. Cloudzy is suspected of providing C&C services to govt hacking groups.
  4. CEO Hannan Nozari denies services to cybercriminals.

The cybersecurity researchers at Halcyon claim that Cloudzy, a cloud service provider, is actively involved in providing command-and-control services to more than 20 hacking groups.

These groups encompass spyware and ransomware operators, as well as state-backed APT groups. Shockingly, approximately 40% – 60% of Cloudzy’s activities are deemed “malicious in nature,” involving activities such as espionage and extortion against its victims.

The Cloudzy Saga

Cybersecurity startup Halcyon researchers discovered that an Iranian-run ISP has been “unwittingly” supporting the “ransomware economy” and miscellaneous attack operations by providing C2P (Command-and-Control Providers) services to threat actors.

Halcyon researchers suggest there is yet another player that is, perhaps unwittingly, supporting the booming ransomware economy and other attack operations: the Command-and-Control Providers (C2P) who sell services to threat actors while assuming a legal business profile.

Halcyon

Researchers suspect that the company, identified as Cloudzy (formally RouterHosting), sells services to state-sponsored APT (advanced persistent threat) actors and cybercriminals/hackers while keeping a “legal business profile.”

In a research report (PDF) published on August 1st, the Halcyon Research team wrote that Cloudzy is registered in the USA, but it operates from outside of Tehran, Iran, and has virtually no presence in the USA.

An individual identified as Hannan Nozari runs this company, allegedly the founder of another Iranian firm abrNOC. This is based on the finding that eight individuals employed by Cloudzy in Iran also work for abrNOC.

“Halcyon therefore assessed with high confidence that C2P Cloudzy is almost certainly a cutout for the actual hosting company, abrNOC, operating out of Tehran, Iran,” researchers confirmed.

Cloudzy Supporting Nation-State Actors

Halcyon researchers conducted a thorough assessment of Cloudzy’s activities over a three-month period before releasing their report. According to their analysis, Cloudzy not only provided command-and-control (C2P) services to threat actors worldwide, disguising them as anonymity-based services, but it also demonstrated an alarming lack of response when informed about malicious activities.

This lack of response strongly suggests that Cloudzy was actively aiding threat actors. Even more concerning is the discovery that its attack infrastructure was closely tied to government-backed hacking groups from various countries, including the following:

  • Iran
  • India
  • China
  • Russia
  • Vietnam
  • Pakistan
  • North Korea

In addition to its government ties, Cloudzy was found to have links with sanctioned spyware vendors, including the Israeli spyware vendor Candiru, who came to the limelight last year for using Chrome 0-day to target journalists.

Cloudzy allegedly also provided its services to infamous ransomware gangs such as Ghost Clown and Space Kook. Notorious cybercriminals were also found to be connected to the service.

Cloud Service Provider Cloudzy Accused of Aiding Ransomware and APTs
Complete list of APT groups that Cloudzy is allegedly providing services to (Screenshot credit: Halcyon )

Halcyon Shares Shocking Evidence Against Cloudzy

In its report, Halcyon provided hard facts against Cloudzy. For instance, researchers noted that the company never verified its customers’ identities and got registered with just a working email address. Over half of its hosted servers were discovered supporting malicious activities directly on infrastructure loaned from a dozen different ISPs. 

Moreover, it accepts cryptocurrency payments from users wanting to anonymously use its Remote Desktop Protocol (RDP) Virtual Private Server (VPS) services. Its T&C policy prohibits it from getting involved in illegal activities, but the ISP services provider has allowed abusers to continue operations for a nominal fee.

Cloudzy’s Response

Cloudzy’s CEO Nozari has refuted Halcyon’s claims, stating that only 2% of its clients were malicious and that the company cannot be held responsible for having such clients. Talking to Reuters, Nozari explained that he is doing everything to get rid of such clients, but the firm should not be blamed if its services are being abused.

“If you are a knife factory, are you responsible if someone misuses the knife?” the CEO explained his stance in a LinkedIn exchange.

Nozari also explained that his company was registered in the US state of Wyoming because a US domicile is required to register IP addresses in America.

However, Halcyon executive Ryan Golden refuses to back down, claiming that his researchers tracked Cloudzy’s digital footprints by renting its servers and examining the social media pages of its employees before publishing the report.

Cybersecurity firm CrowdStrike stated that it never observed any state-sponsored actor using Cloudzy, but many other cybercriminals use it, and its operational base is definitely unclear.

  1. Feds seize VPN service used by hackers in cyber attacks
  2. Free VPN Service SuperVPN Exposes 360 Million User Records
  3. Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps
  4. US Warns Firms About North Korean Hackers Posing as IT Workers
  5. Microsoft-Signed Drivers Helped Hackers Breach System Defenses

[ad_2]
Source link

Fake Chat App On Android Steal Signal, WhatsApp Data

0
[ad_1]

Heads up, Android users! If you have recently installed any “Safe Chat” apps for your secret chats, delete it immediately. Researchers have warned of this fake chat app aiming to steal Android users’ data.

Fake Chat Apps Actively Targeting Android Users

Researchers from CYFIRMA have recently shared details about a new malware campaign targeting Android users. As explained in their post, the malicious campaign targets Android users via a fake chat app named ‘Safe Chat.’

The attack begins when the attackers trick the target users into downloading the Safe Chat app via WhatsApp phishing. Once downloaded, the fake app wins the victim user’s trust by displaying legit-looking pages and numerous permission requests. However, in the background, the app’s malware stealthily infiltrates the devices.

Following the download, the app first shows a landing page with the text “Initializing secure connection.” and a shield icon. With this step, the app tricks the user into believing it is a secure chat app. It then displays numerous popups requesting permissions regarding battery optimization and running the app in the background.

After granting these permissions, the user then sees a login page for registering with the app, followed by another permission popup, clicking which takes the user to the device’s Accessibility settings. At this point, the app requires the user to grant accessibility permissions, denying which makes the app prompt the permission popup repeatedly.

Once granted, the malicious app can exploit this permission for screen recording. Whereas the user never gets an idea about the sneaky malicious activity going on as the app displays a simple dummy page for the user to add contacts and start chatting.

Reviewing the app code made the researchers find numerous malicious capabilities. For instance, the app requests several dangerous permissions, such as access to the device’s location, contacts, SMS messages, file storage, and call logs. Besides, it interacts with the other installed chat apps, which shows that the malware may steal data from other secure chat apps like WhatsApp, Signal, Telegram, or Facebook Messenger.

The malware then transmits all stolen data to its C&C via port 2053.

Victims Include South Asian Users

The researchers have traced back this malicious campaign to the APT Bahamut – a threat actor group known since 2017 for targeting users in South Asia and the Middle East. CYFIRMA also highlighted that Bahamut’s activities resemble another APT “DoNot” – a presumably state-backed Indian threat actor group.

Bahamut APT predominantly aims at individual users, and this particular campaign likely spread through WhatsApp. Hence, the key to preventing this malware attack is to avoid interacting with links sent from unknown sources. Users must stay wary when receiving abrupt links, app invites, and attachments from known sources or their contacts. Ideally, users must confirm the legitimacy of the message from the supposed known source via some other means before clicking the link or accepting an app invite.

Let us know your thoughts in the comments.


[ad_2]
Source link

Google Pixel phones a neat new trick for taking selfies

0
[ad_1]

Google has presented a neat new feature for taking selfies on its Pixel smartphones. Do note that this applies to the Pixel 6 and newer phones, however. Older devices did not get this feature, at least not yet. It’s possible they never will. So, it landed on all Pixel 6 and Pixel 7 series devices, and the Pixel Fold too.

Google Pixel phones get a neat new trick for taking selfies

What exactly are we talking about here? Well, you can now trigger the timer for taking selfies with the palm of your hand. This is a feature we’ve seen on a number of other smartphones, and Google finally decided to adopt it.

First and foremost, you need to go into your camera settings, and enable the timer option. If the timer is not enabled, this feature will not work. Set the timer to desired time, for example, 3 seconds, and then we can proceed.

Once you’re done, prop up the phone somewhere, and step back. Once you’re ready, simply raise your hand, with the palm facing the phone, and with the fingers spread out. The timer will activate, and your picture will be taken.

This feature could prove to be useful when you’re taking group selfies

From what we’ve seen, the feature works really well, as expected. This could be especially useful when taking group selfies, of course. It allows you to step away from the phone, and remotely activate the timer, basically.

The feature should be available to everyone at this point. Google seemingly pushed this out via a server-side update. Just in case, though, check if you do have a Google Camera update via the Google Play Store.

This feature has been tested in beta builds of Android 13, and it’s now finally available in a stable build. Just to be clear. We’ll likely see it on the Pixel 8 series out of the box. It remains to be seen whether it will trickle down to older devices, though.


[ad_2]
Source link

Scientists find jailbreaking method to bypass AI chatbot safety rules

0
[ad_1]

Generative AI chatbots, like ChatGPT and Google Bard, have truly opened up a world of new possibilities for users to find information. However, their vast knowledge spanning multiple domains, including criminal applications, has raised concerns among industry experts. And although both OpenAI and Google claim that they have the necessary measures in place, researchers at Carnegie Mellon University have identified a new weakness in these AI systems, enabling potential malicious actors to bypass safety rules.

Dubbed “jailbreaking,” this method involves adding characters to the end of user queries, allowing AI chatbots to override safety mechanisms and produce harmful content. For example, adding a specific string to a question about creating a bomb prompted the AI to deliver a full answer, surpassing its limitations.

However, what makes the situation even worse is that the chatbot itself generates these hacks, making it possible to create an infinite number of patterns and significantly complicate efforts to control the spread of harmful content. Additionally, the fact that this new technique appears to work on almost every AI chatbot, including ChatGPT, Google Bard, and Bing AI chatbot, raises some serious concerns.

“We demonstrate that it is, in fact, possible to automatically construct adversarial attacks on [chatbots], … which cause the system to obey user commands even if it produces harmful content,” says the research.

Potential Implications

The research once again highlights the growing concerns with the AI industry, which has failed to implement the necessary safeguards. This is because threat actors could exploit the jailbreaking technique to spread misinformation and coerce AI chatbots into creating malware.

Upon discovering these potential weaknesses, the researchers promptly disclosed their findings to the respective companies and also issued a statement of ethics to justify publishing their research.

“While this is an issue across LLMs, we’ve built important guardrails into Bard – like the ones posited by this research – that we’ll continue to improve over time,” said Google in response to the research.


[ad_2]
Source link

Compromised Barracuda appliances equipped with persistent backdoors by attackers

0
[ad_1]

CISA has released three reports based on the analysis of backdoors planted on compromised Barracuda ESG appliances

The Cybersecurity and Infrastructure Security Agency (CISA) has published three malware analysis reports based on malware variants associated with the exploitation of a known vulnerability in Barracuda ESG appliances.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The vulnerability at hand is listed as CVE-2023-2868, which has a CVSS score 9.4 out of 10.

It’s described as a remote command injection vulnerability in the Barracuda Email Security Gateway (appliance form factor only), caused by a failure to comprehensively sanitize the processing of .tar files (tape archives).

The vulnerability stems from incomplete input validation of the names of the files contained within the archive. As a consequence, a remote attacker could format the file names to trigger the remote execution of a system command through Perl’s qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of a patch that was applied automatically to all customer appliances.

At a later point Barracuda sent out an action notice to inform customers that impacted ESG appliances should be replaced immediately, regardless of patch version level.

From what we have gathered in the meantime, we know that the vulnerability has been used in targeted attacks as a zero-day vulnerability for months before the patch was issued, by a group that allegedly has ties to China.

The three CISA reports address:

The first report provides information about 14 malware samples comprised of Barracuda exploit payloads and reverse shell backdoors.

The SEASPY backdoor is a persistent and passive backdoor that masquerades as a legitimate Barracuda service (BarracudaMailService). SEASPY monitors traffic from the actor’s C2 server. When the right packet sequence is captured, it establishes a reverse shell to the C2 server over TCP. The shell allows the threat actors to execute arbitrary commands on the ESG appliance. CISA obtained two SEASPY malware samples which are discussed in the report.

The SUBMARINE backdoor is a persistent backdoor executed with root privileges that lives in a Structured Query Language (SQL) database on the ESG appliance. SUBMARINE comprises multiple artifacts that together enable execution with root privileges, persistence, command and control, and cleanup. This malware poses a severe threat for lateral movement. The report discusses seven malware samples obtained by CISA and the contents of the compromised SQL database, which included sensitive information.

According to Barracuda, the SUBMARINE malware was utilized by the threat actor in response to Barracuda’s remediation actions in an attempt to create persistent access on customer ESG appliances. This malware appeared on a very small number of already compromised ESG appliances. Barracuda’s recommendation is unchanged: Customers should discontinue use of the compromised ESG appliance and contact Barracuda support (support@barracuda.com) to obtain a new ESG virtual or hardware appliance.


We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.


[ad_2]
Source link