ChatGPT app for Android is now officially available on the Play Store

0
[ad_1]

Chat GPT, the revolutionary AI-powered chatbot, has been making headlines in the tech world for its ability to simulate human-like conversations through the use of its advanced language model. Although initially the most popular way to use the tool was via its official website, it soon became obvious that its users wanted to take Chat GPT with them on the go with the convenience of just launching a mobile app rather than a browser.
This became half a reality when OpenAI, the AI research company that developed Chat GPT, released an app for iOS devices. At the time that the iOS version was released, OpenAI promised that an app for Android was soon to follow.
Two months later, OpenAI followed through on its promise and opened pre-registrations for Android users that were interested in installing the app. Once registered, the app was to install on your phone automatically once it was available.
Fortunately, we didn’t have to wait long as the app is now fully available on the Google Play Store with its listing stating that “This official app is free, syncs your history across devices, and brings you the newest model improvements from OpenAI. With ChatGPT in your pocket.” This is great news for those that already use Chat GPT on their desktops and would like to have their chat history available everywhere.

Just as with the iOS app, ChatGPT Plus subscribers will have exclusive access to the next-gen GPT-4 language model, early access to features, and faster response times. Free subscribers, however, will be using OpenAI’s standard GPT-3.5 language model.

In addition to the new official app, Android and iOS users alike have the option to utilize the ChatGPT chatbot through the Bing app, which now offers a Bing Chat widget that can be conveniently added to their mobile device’s home screen. Your move Google.

[ad_2]
Source link

15 More Vulnerabilities Added to 2023 CWE Top 25 Most Dangerous Software

0
[ad_1]

The CVE MITRE foundation has released the list of “On the Cusp” in which many of the CWEs (Common Weakness Enumerations) have increased as well as decreased in their rankings between 2022 and 2023.

CVE releases the top 25 most dangerous software weaknesses which helps organizations to mitigate software security risks.

However, exploitable vulnerabilities beyond these top 25 must also be taken into consideration as they also possess a great threat to an organization.

2023 “On the Cusp”

As per the analysis from MITRE foundation, between the top 26-40 list of vulnerabilities, three vulnerabilities have increased in their rank when compared to their ranking in 2022, which includes Authorization Bypass Through User-Controlled Key, which moves to rank #38 from rank #56 in 2022.

Allocation of Resources Without Limits or Throttling increased its rank from rank #42 in 2022 to rank #29 in 2023. Reachable Assertion also increased in rank from rank #44 in 2022 to rank #26 in 2023. 

The reachable assertion was the only vulnerability to increase 18 ranks which is the highest increase as of 2023. Followed by Authorization Bypass Through User-Controlled Key which increased 16 ranks subsequently, followed by Allocation of Resources Without Limits or Throttling which increased 13 ranks.

  1. Reachable Assertion CWE-617
  2. Uncontrolled Search Path Element CWE-427
  3. Improper Restriction of XML External Entity Reference CWE-611
  4. Allocation of Resources Without Limits or Throttling CWE-770
  5. Exposure of Sensitive Information to an Unauthorized Actor CWE-200
  6. Incorrect Permission Assignment for Critical Resource CWE-732
  7. URL Redirection to Untrusted Site (‘Open Redirect’) CWE-601
  8. Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) CWE-1321
  9. Improper Certificate Validation CWE-295
  10. Insufficiently Protected Credentials CWE-522
  11. Missing Release of Memory after Effective Lifetime CWE-401
  12. Uncontrolled Resource Consumption CWE-400
  13. Authorization Bypass Through User-Controlled Key CWE-639
  14. Improper Link Resolution Before File Access (‘Link Following’) CWE-59
  15. Exposure of Resource to Wrong Sphere CWE-668

Vulnerabilities Dropped from Top 25 List of 2022

Two vulnerabilities that were present on the top 25 list of 2022 dropped down to 26-40 in 2023 which includes Improper Restriction of XML External Entity Reference, which went down from rank #24 to #28.

Another vulnerability that was dropped from the top 25 list was Uncontrolled Resource Consumption dropped from rank #23 in 2022 to rank #37 in 2023. This vulnerability was the biggest drop from the list between ranks 1-40 which decreased 14 ranks.

However, three vulnerabilities were dropped from the top 1-40 rank list, which includes, Cleartext Storage of Sensitive Information (from #40 to #43), Access of Resource Using Incompatible Type (Type Confusion) (from #31 to #46) and  Cleartext Transmission of Sensitive Information (from #39 to #48).

CVE MITRE foundation has released a complete list of its “On the cusp” vulnerabilities which shows the current list of top vulnerabilities of 2023.


[ad_2]
Source link

Sony’s Project Q PS5 handheld seems to be just an Android tablet

0
[ad_1]

The Project Q PS5 handheld looks to be just an Android tablet with an affixed DualSense controller. That’s probably not the thing that consumers who might have been interested in this device want to hear. But that appears to be the reality according to a leaked video of the Project Q handheld that has surfaced over on X (previously Twitter).

Coming from user @Zuby_Tech (reported by Android Central), the video shows off the device for about 28 seconds. Whoever is handling this assuredly early unit goes through parts of the user interface, using both the joysticks and the touchscreen to navigate.

You can clearly see the telling signs of the Android software in numerous places. Android’s navigation buttons can be seen on the right side. And at least a few of the apps appear to be just the Android robot head. One important thing to keep in mind is that this is very obviously an early unit. And not one that is going to be meant for the consumer. With that being said, things may change. From design to user interface and software visuals, once Sony is ready to push out production models.

The Project Q handheld is one cohesive unit

While it seems pretty clear that the device is just an Android tablet with a controller, they don’t look to be separate pieces. In the last part of the video you can see the device turned around to see the back, and the whole thing looks like one unit. As opposed to a tablet that slots into a controller similar to the Razer Kishi V2.

The handheld certainly looks well-made and at the end of the day, that’s probably one of the most important things. Still, many are likely to focus on the fact that this is an Android device. It makes sense from Sony’s perspective, given it makes Android phones. But right now it’s hard to envision how this will be any different from a phone using remote play. Save for the attached controller bits.

Having said that, Sony very well might be working on features for Project Q that make Remote Play work better on it compared to other devices. For now, we’ll all have to settle for seeing what the device looks like in the wild.


[ad_2]
Source link

Next-gen Apple Watch Ultra could lose weight

0
[ad_1]

Next-gen Apple Watch Ultra could lose weight, it seems. This information comes from a tipster who made the right call on the yellow iPhone 14 in the past, so he could be right this time around too.

Next-gen Apple Watch Ultra will seemingly lose some weight

The tipster is called Setsuna Digital, and he sent out another Weibo post saying: “The new Apple Watch Ultra has lost weight”. Straight to the point, and if true, these are great news.

Why is this good? Well, the Apple Watch Ultra is truly heavy. It weighs almost twice as much as the lightest Series, it weighs 61.3 grams. That may not seem much, but for a watch, it kind of is.

We presume that Apple won’t be able to shave off a lot of its weight, but any sort of improvement will do. Getting used to the Apple Watch Ultra weight was not a problem for most, but its weight (and size) surely did not appeal to some.

Apple will use 3D printers for some parts

How is Apple planning to do this, as it may be easier said than done? Well, recently, Ming-Chi Kuo, one of the most prominent Apple tipsters, said that Apple will be using 3D printers to make some of the parts of the second-gen Apple Ultra Watch.

3D printers are usually used to print plastic, not always, but most of the time. If Apple plans to increase the plastic percentage on the second-gen Apple Watch Ultra, at least a little bit, that could tip the scales.

The tipster did say that Apple’s main goal with 3D printers is to “improve the production time and reduce the production cost”, not to shave off weight. So… it remains to be seen.

We’re also not sure when will the second-gen Apple Watch Ultra drop. The first-gen model arrived in September last year, alongside the iPhone 14 series. The second-gen model could arrive alongside the iPhone 15 series, if Apple plans on making it a yearly thing. We cannot know for sure, as only one ‘Ultra’ watch got released thus far.


[ad_2]
Source link

Threads rolls out new features, including a chronological “Following” feed on iOS and Android

0
[ad_1]

In today’s increasingly competitive social media landscape, it can be tough to keep up with all the changes and new apps that keep spawning up. Fortunately, Meta is now making our decision-making a bit easier by finally giving us the chronological following feed we have been clamoring for in Threads.
Threads is a new Instagram-based social network launched by Meta earlier this month. The app immediately garnered a ton of attention just as thousands of users signed up in the midst of Twitter (X) enforcing post rate limits in order to combat spam. Having an already existing user base in the form of everyone who already has an Instagram account, it wasn’t difficult for Threads to gain popularity amongst those that were perhaps looking for a Twitter (X) alternative.
However, the “following” feed was noticeably absent from the app in favor of a non-chronological algorithmic feed. This forced users to mute and block accounts they didn’t necessarily want to see on their feed in an attempt to train the algorithm, however futile those efforts may have seemed.

This was confirmed via a post by Mark Zuckerberg earlier today in reply to yet another post requesting the feature. Immediately after, several users began to report that they could see the following tab available in their home feed, as well as follow-up post by the official Threads account in the app.

Note, however, that the following tab isn’t immediately noticeable when you launch the app as it is hidden behind a clever little trick. To see the new feed you will need to either tap on the Threads logo at the top of the feed, or tap on the Home icon on the bottom left. Tapping on either one of these will reveal the new “Following” tab right beside the existing “For You” feed.

In addition, to the new feed, this update introduces new features such as translations, notification filters, an updated follow button, and a way to approve all follow requests at once. The official @threadsapp account also promised new features will be coming. Hopefully, one of these is direct messages, as this has also been high on the list of user requests.


[ad_2]
Source link

Hackers Use SMS Alerts to Install SpyNote Malware

0
[ad_1]

Reports indicate that a Smishing campaign was conducted against Japanese Android users under the name of a Japanese Power and Water Infrastructure company. The SMS contains a link to lure victims into a phishing site.

Once the victims click on the link, mobile malware is downloaded, which was discovered to be the SpyNote malware.

The SMS alerts the users about payment problems in the water or power infrastructure to create a sense of urgency and push them to act swiftly.

Smishing Campaign

The smishing campaigns have a different context for users, including suspension of power transmission due to non-payment and suspension notice of water supply due to non-payment.

Suspension notice of Power Transmission (Source: twiiter.com/@Tobilasystems)
Suspension of Water Supply (Source: twiiter.com/@Tobilasystems)

Victims who visit these malicious URLs are prompted to install the SpyNote malware.

SpyNote Malware

The source code of SpyNote was leaked in October 2022, after which it spread wide across cybercriminals and is being used for malicious purposes. SpyNote is capable of exploiting accessibility services and device administrator privileges.

It can also steal device location, contacts, SMS messages, and phone calls. Once the malware is installed, it appears with a legitimate app icon to look real.

When the victims open the application, it prompts them to enable the Accessibility feature.

If the victim grants permission, the application disables battery optimization, which allows it to run in the background, and also grants unknown source installation permission for installing another malware without the user’s knowledge or consent, read the McAfee blog post.

This malware was previously found to be attacking the Bank of Japan in April, in which the malware was distributed in a different method.

Threat actors keep up-to-date information about companies with legitimate reasons to contact their customers.

Indicators of Compromise

Command and Control Server

Malware Samples

SHA256 Hash 
075909870a3d16a194e084fbe7a98d2da07c8317fcbfe1f25e5478e585be1954 
e2c7d2acb56be38c19980e6e2c91b00a958c93adb37cb19d65400d9912e6333f 
a532c43202c98f6b37489fb019ebe166ad5f32de5e9b395b3fc41404bf60d734 
cb9e6522755fbf618c57ebb11d88160fb5aeb9ae96c846ed10d6213cdd8a4f5d 
59cdbe8e4d265d7e3f4deec3cf69039143b27c1b594dbe3f0473a1b7f7ade9a6 
8d6e1f448ae3e00c06983471ee26e16f6ab357ee6467b7dce2454fb0814a34d2 
5bdbd8895b9adf39aa8bead0e3587cc786e375ecd2e1519ad5291147a8ca00b6 
a6f9fa36701be31597ad10e1cec51ebf855644b090ed42ed57316c2f0b57ea3c 
f6e2addd189bb534863afeb0d06bcda01d0174f5eac6ee4deeb3d85f35449422 
755585571f47cd71df72af0fad880db5a4d443dacd5ace9cc6ed7a931cb9c21d 
2352887e3fc1e9070850115243fad85c6f1b367d9e645ad8fc7ba28192d6fb85 
90edb28b349db35d32c0190433d3b82949b45e0b1d7f7288c08e56ede81615ba 
513dbe3ff2b4e8caf3a8040f3412620a3627c74a7a79cce7d9fab5e3d08b447b 
f6e2addd189bb534863afeb0d06bcda01d0174f5eac6ee4deeb3d85f35449422 
0fd87da37712e31d39781456c9c1fef48566eee3f616fbcb57a81deb5c66cbc1 
acd36f7e896e3e3806114d397240bd7431fcef9d7f0b268a4e889161e51d802b 
91e2f316871704ad7ef1ec74c84e3e4e41f557269453351771223496d5de594e 

Smishing is one of the social engineering attacks used by threat actors to attack individuals who use SMS for communication. Users of mobile devices are recommended to keep an eye out for these kinds of Smishing campaigns and be vigilant.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


[ad_2]
Source link

Huawei’s HarmonyOS 4.0 is coming on August 4

0
[ad_1]

Huawei launched HarmonyOS years ago, and we’re coming around to version 4.0 now, which is coming in August. Huawei confirmed that the new version will become official on August 4 via a cryptic post on Weibo.

Huawei’s HarmonyOS 4.0 is coming next month, and we already know the date

The company shared an image of some ArkTS code, and the timing fits, as that’s when Huawei Developers Conference will take place. So, it’ll be announced during Huawei’s conference, as expected.

HarmonyOS 4 0 teaser image 1

HarmonyOS is not only made for smartphones, but for the company’s entire smart ecosystem. It runs on global versions of Huawei smartwatches, though their smartphones are still pre-loaded with EMUI (even though the functionality is basically the same). In China, it’s a different story entirely.

HarmonyOS 4.0 will improve interoperability within the 1+8+N environment, based on teasers. It is already in beta testing, as expected. It will likely be rebranded to EMUI globally, but still, it’s HarmonyOS at its core.

The Huawei Mate 60 series will come with HarmonyOS 4.0 pre-installed, at least in China

The upcoming Huawei Mate 60 series will likely come with HarmonyOS 4.0 pre-installed, in China at least. The global variants will include the EMUI equivalent of HarmonyOS 4.0, basically.

We still do not know when the Mate 60 series will launch exactly, but it’s expected to drop this fall. So, considerably later than HarmonyOS 4.0, which basically guarantees we’ll see it pre-installed.

As many of you know, Huawei is still banned from using Google services on its phones. It’s also prevented to use 5G processors due to the US ban. The company has been pushing its products forward despite that, however.

The Huawei Mate X3 foldable is an outstanding offering that got announced not long ago, and the Huawei P60 series proved to be quite compelling too. It remains to be seen what will Huawei deliver with the Mate 60 series.


[ad_2]
Source link

App developers file a $1 billion class action lawsuit against Apple

0
[ad_1]

Apple’s 30% App Store fee has always been a subject of widespread debate, particularly because the company does not allow users to side-load apps like Android. And although the European Union’s Digital Markets Act (DMA) has mandated Apple to allow sideloading in the 27 EU member states from March 6th, 2024, over 1500 app developers have reportedly filed a class action lawsuit against Apple, alleging that the company’s App Store commission fees are exorbitant and a consequence of its monopolistic control over the app distribution platform.

Leading the lawsuit is Sean Ennis, a professor at the Centre for Competition Policy at the University of East Anglia, who argues that the company’s significant commission fees, ranging from 15% to 30%, have severely hampered business for many developers. As a result, the lawsuit is seeking $1 billion in damages.

“Apple’s charges to app developers are excessive and only possible due to its monopoly on the distribution of apps onto iPhones and iPads. The charges are unfair in their own right and constitute abusive pricing. They harm app developers and also app buyers,” said Ennis.

While Ennis takes the class action lawsuit to the UK Competition Appeal Tribunal, with the support of the law firm Geradin Partners, various organizations and governments have long contested Apple’s fee structure. And despite a $100 million lawsuit last year prompting the company to implement several changes, such as removing the $100 developer fees and introducing the Small Business Program to alleviate the burden on smaller developers, many big studios still have to pay a significant cut.

Side-loading could be the answer

Although the outcome of the lawsuit remains uncertain, considering a similar case in a U.S. court ruled in favor of Apple, the EU’s mandate for Apple to allow sideloading might help developers circumvent the fees. This ruling not only promises to benefit developers by boosting their profit margins, but it could also lead to lower prices for consumers in the long run.


[ad_2]
Source link

AMD’s Zen2 Processor Flaw to Steal Sensitive Data

0
[ad_1]

The CPUs that are based on x86-64 architecture feature XMM registers (128-bit), recently extended to 256-bit (YMM) and 512-bit (ZMM) for greater capacity.

Beyond number crunching, the large registers (YMM and ZMM) are employed in various scenarios, including standard C library functions such as:- 

Tavis Ormandy, a Google security researcher, found a fresh AMD Zen2 CPU vulnerability enabling data theft at 30KB/sec per core, risking passwords and encryption keys.

Zenbleed Flaw

The AMD’s Zen2 processor vulnerability has been tracked as “CVE-2023-20593,” this results from mishandling ‘vzeroupper’ instruction, impacting modern processors’ speculative execution. 

Ormandy found hardware events with fuzzing and performance counters, confirmed via the “Oracle Serialization” approach.

Using this technique, the author exposed CVE-2023-20593 in Zen2 CPUs by spotting discrepancies between randomly generated programs and serialized oracles. 

The flaw allowed optimized data leakage from various system operations, even in virtual machines, isolated sandboxes, and containers.

On May 15, 2023, the researcher informed AMD of the flaw and now released a PoC exploit for CVE-2023-20593. Though written for Linux, the bug impacts all Zen 2 CPUs regardless of the operating system.

Products affected

Here below, we have mentioned all the products that are affected:-

  • AMD Ryzen 3000 Series Processors
  • AMD Ryzen PRO 3000 Series Processors
  • AMD Ryzen Threadripper 3000 Series Processors
  • AMD Ryzen 4000 Series Processors with Radeon Graphics
  • AMD Ryzen PRO 4000 Series Processors
  • AMD Ryzen 5000 Series Processors with Radeon Graphics
  • AMD Ryzen 7020 Series Processors with Radeon Graphics
  • AMD EPYC “Rome” Processors

For ‘Zenbleed’-affected CPUs, make sure to apply AMD’s microcode update immediately or await a future BIOS fix from your vendor.

It’s been recommended users set up the “chicken bit” to DE_CFG[9] as a mitigation method, but it causes a CPU performance drop. Detecting Zenbleed exploitation is likely impossible since it’s stealthy, needing no elevated privileges or special system calls.

However, the practical impact of Zenbleed is limited to users with local access and specialized knowledge to exploit it.

But, experts have strongly recommended that users keep their systems updated with the latest security patches and BIOS updates.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


[ad_2]
Source link

Samsung flagships with Exynos processors may return soon

0
[ad_1]

The Snapdragon exclusivity of Samsung‘s Galaxy S flagships may be ending after just one year. Next year’s Galaxy S24 series may use an Exynos chipset in some markets. Samsung will also launch the Galaxy S23 FE, which is expected to debut a few months later, in Exynos and Snapdragon variants.

For the past several years, Samsung shipped its flagship phones with either an Exynos or Snapdragon processor depending on your region. Usually, the US and China got Snapdragon and the rest of the world got the company’s in-house Exynos chip. The latter group of users wasn’t happy with this split as Exynos versions always underperformed their Snapdragon counterparts.

After relentless complaints for years, Samsung finally ditched Exynos and went all in with Snapdragon last year. The Galaxy S23 series is powered by an overclocked version of the Snapdragon 8 Gen 2 globally. However, rumors are that the company will go back to Exynos as early as next year. A Samsung executive hinted in April that the Galaxy S24 series could ship with an in-house processor.

Another report has now reiterated this possibility. Citing a reliable source, Pocket-lint reports that Samsung is considering returning to Exynos for the Galaxy S24 series. Previous rumors suggested that the Exynos-powered Galaxy S24 may launch in Europe and Southeast Asia. However, some industry experts believe the Korean firm may not take this risk of shipping the Exynos version in major markets like Europe.

“I’d be surprised if Samsung decided to return to Exynos for the important European market, but we might see it in some smaller markets to ensure Samsung’s in-house platform stays in the game,” said Ben Wood, Chief Analyst and CMO of CCS Insight. “There’s also likely an element of Samsung wanting to keep Qualcomm on its toes too, which may be what is driving these recent rumors.”

Samsung will use the Exynos 2200 in the Galaxy S23 FE in some regions

Ahead of Galaxy S24, Samsung has one more Galaxy S model lined up for launch. The company is readying the Galaxy S23 FE with plans to debut it later this year. It’s developing Exynos and Snapdragon variants of the new Fan Edition (FE) phone. The device will feature the Snapdragon 8 Gen 1 in the US and Exynos 2200 in other regions. We might hear more about this phone following the Galaxy Unpacked event on Wednesday. Samsung will launch new foldables, tablets, and smartwatches at the event tomorrow.


[ad_2]
Source link