Google Fact Check Explorer now allows users to verify images online

andreasc
-
0
Google Fact Check Explorer now allows users to verify images online
[ad_1]

Ever since the advent of the internet, bad actors have been using morphed and photoshopped images to spread misinformation and wreak havoc. However, with the launch of image generator AIs like Stable Diffusion, where anyone can generate images from a text prompt, this problem is now bigger than ever. Now, in an effort to solve this issue, Google has announced a range of updates for its Fact Check Explorer, which will allow users to fact-check images and verify their credibility.

Launched during the Global Fact 10 conference held in Seoul, South Korea, the new update will allow users to upload an image and determine if fact checkers have analyzed it before. This process not only allows users to verify an image but also helps combat the spread of misleading visual content.

At Google, we support this effort by developing tools and resources to aid people in assessing information online. We’re dedicated to helping people identify misinformation online and supporting fact-checking and those who do it for the long term,” said Avneesh Sud, Software Engineer at Google Research.

Addressing manipulation

In addition to helping people determine if images are legitimate or not, the company is also introducing a new feature that provides fact checkers with contextual information and timelines for images. Therefore, when using the new Google Fact Check Explorer, users will have access to references and be able to track the evolution of topics associated with a specific image over time.

However, it is important to note that these features are still in beta, but Google is actively working to expand access to various professionals, including journalists.

Furthermore, Google is establishing a Global Fact Check Fund, which will provide support to over 35 fact-checking organizations across 45 countries. Administered by the International Fact-Checking Network (IFCN) and in collaboration with YouTube, this step represents the company’s efforts to combat misinformation and promote the dissemination of accurate information. 

google fact check images


[ad_2]
Source link

Police Bust International Phone Scam Gang Targeting Elderly

andreasc
-
0
Police Bust International Phone Scam Gang Targeting Elderly
[ad_1]

The alleged ringleader of the phone scam gang, which preyed on elderly individuals through fraudulent phone calls, has also been arrested.

A major international law enforcement operation has resulted in the apprehension of multiple suspects, including the alleged ringleader of an organized crime group that preyed on elderly individuals through fraudulent phone calls, as confirmed by Europol.

The National Crime Agency (NCA) of the United Kingdom arrested the suspected head of the criminal network near London, while authorities in Poland and Germany carried out simultaneous raids across several locations in Europe. During the raids, law enforcement officers seized mobile phones, electronic devices, gold bars, coins, jewellery, and $160,000 in cash.

Throughout the investigation, approximately 70 individuals have been taken into custody. The modus operandi of the scam included fraudsters calling elderly victims, posing as police officers or officials authorities, and informing them that their relative was involved in a fatal accident.

The phone would then be handed to another individual who would create a sense of urgency and panic by screaming for help. This tactic aimed to coerce the victim into complying with the fraudster’s demands to hand over money, purportedly to prevent the detention of their fake relative.

Another part of the scam involved physically sending a person to the victim’s residence to collect the money. Typically, these individuals were unwitting trapped as part of squaring scams recruited through online job platforms, according to Europol.

In total, Europol estimated that hundreds of elderly individuals fell victim to this criminal gang, resulting in losses of up to $5 million ($5.4 million). According to Europol, the dismantling of the group may have prevented additional losses of approximately $1.4 million ($1.5 million).

Europol warned that these scams can deceive victims into losing substantial amounts of money while inflicting severe emotional distress and eroding trust in legitimate authorities.

The shutdown of this highly sophisticated scam is not unexpected, considering the rigorous crackdown by British authorities on cybercriminals and scammers. In November 2022, the UK’s largest bank call scam, iSpoof, was dismantled when its infrastructure was seized. Subsequently, in May 2023, the mastermind behind the operation was apprehended in London and sentenced to 13 years in prison.

  1. Europol Busts Crypto Fraud Call Centers
  2. Europol nabs 106 criminals involved in SIM swapping
  3. Europol busts VPNLab VPN used by ransomware gang
  4. NCA infiltrates cybercrime market with fake DDoS sites
  5. Europol arrests 6 over malware counter anti-virus platform

[ad_2]
Source link

Ultimate Member Plugin Zero-Day Risks 200K+ WordPress Sites

andreasc
-
0
Ultimate Member Plugin Zero-Day Risks 200K+ WordPress Sites
[ad_1]

Heads up, WordPress admins! Researchers have caught a zero-day vulnerability in the Ultimate Member WordPress plugin, which hackers are exploiting to gain elevated privileges on target websites. Until the patch arrives, uninstalling the plugin is the only viable option to protect your websites.

Ultimate Member Plugin Zero-Day Actively Exploited

According to a recent post from Wordfence, a severe security issue affects the Ultimate Member plugin that criminal hackers have started exploiting to target websites.

Ultimate Member is a dedicated WordPress plugin offering user profile and membership features for websites. The plugin facilitates the creation of catchy profiles and online communities with swift membership registrations.

Currently, the plugin’s official WordPress page boasts over 200,000 active installations. While this indicates the usefulness of the plugin and its subsequent popularity, it also suggests how any vulnerabilities in this plugin can directly impact thousands of websites globally.

One such critical severity vulnerability recently caught the attention of the Wordfence team. As observed, they noticed a privilege escalation vulnerability (CVE-2023-3460; CVSS 9.8) that allowed rogue admin registrations.

Specifically, the flaw existed because the plugin used a predefined list of banned user meta keys that an adversary may bypass by adding slashes to the user meta key. An unauthenticated attacker may set the wp_capabilities user meta value to ‘administrator’ to gain admin access to the website.

Wordfence team observed numerous instances of active exploitation of this vulnerability, where the attackers created rogue accounts with usernames ‘wpenginer,’ ‘wpadmins,’ ‘wpengine_backup,’ ‘se_brutal,’ and ‘segs_brutal.’ The researchers have also shared the indicators of compromise in their post.

Patch Still Pending To Arrive Despite Efforts

Following the bug discovery and exploitation detection, the plugin developers started working on patching the flaw. However, their efforts were seemingly unsuccessful, as the vulnerability affects even the latest version 2.6.6.

According to the developers, the team has been working on fixing the vulnerability since Ultimate Member version 2.6.3. The following versions (2.6.4, 2.6.5, and 2.6.6) also aimed at ‘partially closing’ the flaw. However, they are still working on addressing the issue completely, which means the vulnerability still risks all websites.

Hence, until a patch arrives, the only workaround to protect websites from potential attacks is to disable/uninstall the plugin. Besides, the plugin developers urge the users to keep checking for updates.

Let us know your thoughts in the comments.


[ad_2]
Source link

The Tweet rate is breaking other Twitter apps

andreasc
-
0
The Tweet rate is breaking other Twitter apps
[ad_1]

Not too long ago, Elon Musk made a change to Twitter that limited the number of tweets that a person is allowed to see in a day. This tweet limit caused an uproar among users, and it’s breaking third-party Twitter apps.

That’s right. When it comes to making bad decisions regarding Twitter, Elon Musk is batting 1,000. Ever since the billionaire took the helm, Twitter has been spiraling out of control. Twitter Blue is more expensive, the verification badge doesn’t mean anything, and much more. But hey, at least your tweets can be up to 25,000 characters long.

Now, his next home run limits the number of tweets that a user can view on the platform. If you’re a verified user, then you’re limited to viewing 8,000 tweets in a day. If you’re an unverified user, then the number drops significantly. Unverified users can only view 800 tweets a day. If you’re a new unverified user, then don’t expect to see more than 300 tweets per day.

In a tweet, Musk mentioned that this is due to data scraping. He also said that this is going to be temporary. That’s good news, but he didn’t give us any insight as to when it’s going to end.

The tweet limit is breaking Twitter apps

This limit doesn’t only affect the first-party Twitter platform. There are third-party apps and services that you can use to view your tweets. Well, they’re subject to the limit as well.

Services like Tweetdeck are experiencing issues loading tweets. When trying to load different columns, you’d only get the spinning “loading” wheel. A report from Waxy (via Engadget) states that the Twitter web app is sending requests in an infinite loop. This could be because of a bug in the Twitter web app, but that hasn’t been confirmed.

A new beta version of Tweetdeck seems to fix that issue, but that victory was short-lived. Tweetdeck is still subject to the same tweet limit. So, after it loads the limited number of tweets, it won’t function. With a service like Tweetdeck, one that displays a ton of tweets at a time, it’s not hard to cap out your tweets.

Right now, we’re all just waiting to see how the company plans on making this situation better. Undoubtedly, people are upset about this limit. Even paying for Twitter Blue doesn’t get rid of the limit.


[ad_2]
Source link

Motorola Defy Satellite Link is now available for purchase in the US

andreasc
-
0
Motorola Defy Satellite Link is now available for purchase in the US
[ad_1]

With satellite connectivity being a big deal, the Motorola Defy Satellite Link is here to save the day. Motorola put this device in the spotlight a few months ago after its launch, and it is now available for purchase. The idea behind the development of this device is that it can help users access the internet even in areas with little or no internet coverage.

To access the internet, users would only need the Motorola Defy Satellite Link, which would find a nearby satellite to connect with. Once this connection between the Defy device and the satellite is secure, the user would be able to access certain services on their smartphone. This piece of technology is great for those whose jobs entail that they move into areas with low network coverage.

Well, anybody can own this device as it can come in handy in the event of a network outage. Some devices already have satellite connectivity features built in just for rainy days. If your device doesn’t have this feature, and you see it as being important, then you can opt to get the Motorola Defy Satellite Link.

Details, pricing, and where to buy the Motorola Defy Satellite Link

A few months ago, details on the Motorola Defy rugged device to launch in collaboration with Bullitt Group hit the internet. This device, although not yet available, would come with built-in satellite connectivity features. But while fans anticipate the launch of this rugged smartphone with satellite connectivity, Motorola is offering satellite connectivity for less.

The Motorola Defy Satellite Link is a compact device that can give your device access to satellite connectivity. Staying true to the Motorola Defy brand, this is a rugged device that comes with Ingress Protection (IP68). It is drop and water-resistant, it also features MIL SPEC 810H certification and is resistant to thermal shock.

In certain parts of Europe, this device has been available for usage over the past few months. However, the company is finally extending availability and support to the US now. Other regions such as South America, Africa, and Australia will get support for satellite connectivity with this device in the coming months.

So if you are living in the US and need a device that can help you to access the internet via satellites, you can get one. The Motorola Defy Satellite Link is priced at $149. This device will connect to your smartphone via Bluetooth and offer satellite internet connectivity.

With satellite internet, users can send and receive text messages as well as send out SOS alerts. But to access these features, users would need to pay for either the Essential, Everyday, Premium, or Freedom plans. All except the Freedom plan are monthly subscriptions, the more a user pays, the more features they get access to.

Some specifications of this device include a 600mAh battery that can last 4 days on a single charge. It uses a USB-C charger to power up the battery once there is a need to. For processing power, it makes use of the MediaTek MT6825 NTN chipset. Lastly, it has a Lanyard, so it can be attached to the user without getting lost.


[ad_2]
Source link

Mockingjay Process Injection Technique Permits EDR Bypass

andreasc
-
0
Mockingjay Process Injection Technique Permits EDR Bypass
[ad_1]

The newly devised Mockingjay process injection technique can evade most existing security mechanisms, allowing EDR bypass. It’s a trivial process to carry out, requires minimal steps, and delivers maximum results merely by exploiting legit DLLs.

Researcher Devised Mockingjay Process Injection Technique

According to a recent post from Security Joes, Mockingjay is an advanced process injection strategy that successfully bypasses most detection measures.

Process injection is a known attack strategy where an adversary may inject codes directly into a trusted running process. Some process injection types include Dynamic-link Library Injection and Process Doppelgänging. The aim is to escape detection while gaining access to the process memory and network resources and gain elevate privileges.

While it’s a viable technique, process injection involves some specific actions, such as interacting with Windows APIs, that most existing EDR (Endpoint Detection and Response) systems effectively monitor. That’s where Mockingjay becomes important as it allows evading such EDRs. That’s because Mockingjay doesn’t rely on Windows APIs; but instead uses legitimate DLLs RWX (read, write, execute) sections.

Describing Mockingjay, the post reads,

Our unique approach, which involves leveraging a vulnerable DLL and copying code to the appropriate section, allowed us to inject code without memory allocation, permission setting, or even starting a thread in the targeted process.

Briefly, the researchers demonstrated their attack strategy via the vulnerable DLL msys-2.0.dll inside Visual Studio 2022 Community. The team searched for this DLL and found it possessed the default RWX section they could exploit. They then loaded this DLL into the memory space of their custom apps to load and execute the injected code.

The attack happened entirely without Windows API use, demonstrating the efficiency of bypassing EDRs. Moreover, it didn’t require memory allocation, permission settings, or creating threads for code execution.

The researchers have shared the details about Mockingjay in their post, whereas the following video demonstrates the technique.

Suggested Remediation

Since Mockingjay indicates the inefficiency of existing endpoint protection measures, the researchers advise the organizations to implement dynamic analysis for analyzing runtime behaviors, identify anomalous activities, employ signature-based detection for known threats, deploy reputation-based filtering to flag suspicious activities, and ensure robust memory protection.

Let us know your thoughts in the comments.


[ad_2]
Source link

Google Pixel 8 Pro Protoype leaks

andreasc
-
0
Google Pixel 8 Pro Protoype leaks
[ad_1]

Here’s our first look at a prototype of the upcoming Google Pixel 8 Pro. And it comes with very few surprises, actually.

The biggest change we can see here is that Google is going with a two-tone backside again. With the top, above the camera bar, looking darker than the bottom part. Of course, that could also just be due to the lighting in the room where this picture was taken.

The other big change we’re seeing here is the camera bar. It looks like there’s now one cut out for the triple-camera setup. Instead of an oval for the ultrawide and wide sensors, and another cutout for the telephoto lens. It also doesn’t look like it’s quite as curved as the Pixel 7 Pro.

On the front, there’s not a whole lot that this shows us. However, it does show that this is a flat display, instead of a curved one, so that’s good to see.

Pixel 8 Pro Prototype

Pixel 8 Pro codename has been rumored to be “husky”

Many of you might be wondering why we think this is the Pixel 8 Pro? Well, we have seen leaks and rumors that the codename for the Pixel 8 Pro is going to be “Husky”, and that’s what’re seeing on this model. It’s also quite obvious that this is a Pixel device here.

There’s a few other things that these images of “husky” show us, including the fact that it has 12GB of Samsung’s LPDDR5 RAM and 128GB of storage from SKHynix. That’s the same RAM and Storage as the Pixel 7 Pro, so it doesn’t look like there’s any upgrades in that department.

Google is set to announce the Pixel 8 series later this year, typically around the beginning of October. So we still have a couple of months before this device is made official. And that means plenty more leaks coming.


[ad_2]
Source link

Mastodon’s Android App Gets a New Look with Material You

andreasc
-
0
Mastodon’s Android App Gets a New Look with Material You
[ad_1]

Over the weekend, Elon Musk tried yet again to kill Twitter, and sent a lot of people over to Mastodon. And that was shortly after Mastodon had rolled out a new update which brought about a Material You redesign. And we must say, it looks amazing.

Mastodon is a federated social media network, and was actually growing quite significantly in the days following Musk’s takeover of Twitter back in October. It’s since slowed down a bit, but it does have nearly 13 million users right now. So it’s not small like Bluesky, which has just a few hundred thousand people on-board right now. And actually had to halt sign ups over the weekend due to Twitter’s rate limiting. Which is insane, since it’s still invite only.

Material You for everyone

Now with Material You on Mastodon, it’s the best looking social media app on Android. It just looks so great in Material You. Since it’s going to take accents from your wallpaper, just like the rest of the Google apps and Settings already does. So you can really customize how Mastodon looks on your Android device.

You can switch between light and dark mode, and also have it follow the system-wide setting. Making it easier to switch between light and dark mode on your Android device.

The only bad thing here is that, there’s no enhancements for larger screens like the Pixel Fold and Pixel Tablet. As I noted on Twitter over the weekend, Mastodon does work better on the Pixel Fold’s main display, since it does use up the whole display, but it’s kind of not usable. And that’s because it’s just stretched out on a 6:5 aspect ratio display.

Hopefully some changes to the large display format will come soon for Mastodon. But as for now, they aren’t here. Instead, we get treated with Material You.


[ad_2]
Source link

Siemens Automation Device Flaw Let Attackers Execute Code

andreasc
-
0
Siemens Automation Device Flaw Let Attackers Execute Code
[ad_1]
Siemens Automation Device Flaw

It has been discovered that the Siemens A8000 CP-8050 and CP-8031 PLCs contain a vulnerability that can be exploited for Remote Code Execution (RCE) without the need for authentication.

The Siemens SICAM A8000 is a versatile device that can be used for power distribution, transmission, and microgrids. It can also function as a communication gateway for a variety of networks and protocols.

CSN

Vulnerability Details

According to SEC Consult, which discovered the vulnerability, the Siemens A8000 CP-8050 and CP-8031 PLCs are affected.

The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by multiple vulnerabilities, such as authenticated remote command injection, exposure of serial UART interface, and hard-coded credentials (for UART login).

CVE-2023-28489 – RCE

An attacker could exploit the flaw by sending a crafted HTTP request to the Siemens Toolbox II port 80/443; arbitrary commands can be executed without authentication.

This attack may lead to the full compromise of the device, and operation will get affected.

CVE-2023-33919 – Authenticated Command Injection

The flaw is due to a lack of input sanitation; any user with access to the SICAM WEB can execute arbitrary commands as a “root” user.

CVE-2023-33920 – Hard-coded Root Password

The “root” password hash remains the same for all the devices, so if the password is known, it could be used to log in via UART and SSH.

CVE-2023-33921 – Console Login via UART

To access the UART interface, physical access to the PCB is required. Once connected, the boot information will be displayed, followed by a login prompt.

Updates

An update to firmware CPCI85 V05 has been released by Siemens; the updates can be found here and here.

Workaround

The possible workaround is to block access to the A8000 CP-8050/CP8031 module or disable the Toolbox II communication on port 80/443 and limit physical access.

A complete report from SEC Consult can be found here.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.


[ad_2]
Source link

HBO shows are finally coming to Netflix

andreasc
-
0
HBO shows are finally coming to Netflix
[ad_1]

Netflix has been the temporary home of content from many companies. However, there’s one company that’s yet to place its shows on the streaming service, and that’s HBO. However, thanks to a report from Deadline (via Engadget), HBO is finally making some of its content available on Netflix in the US.

The home of most of HBO’s shows and movies can be found on MAX. The company originally showed all of its content on HBO MAX, but the company merged its content with Discovery+. The merged streaming service is MAX, and it gives you access to content from both of the streaming services. However, HBO had to shed a bunch of its HBO MAX content in the process.

If you’re interested in getting a subscription, the plan starts off at $9.99/month ($99.99/year) for the ad-supported tier. Going ad-free will cost you $15.99/month ($149.99/year),  and the top-tier plan costs $19.99/month ($199.99/year).

These HBO shows are coming to Netflix in the US

There’s a handful of shows crossing the pond to Netflix, but there’s only one show currently streaming. This is a gradual rollout, so the other shows will show up on Netflix in due time.

The show that’s on Netflix now is Insecure. This show was created by Issa Rae, and it’s highly acclaimed. This comedy-drama “looks at the friendship of two modern-day black women, as well as all of their uncomfortable experiences and racy tribulations.”, as per the description on HBO.com. All five seasons are currently on Netflix, so you can start binging now.

If you manage to burn your way through that show, don’t worry. There are other shows making their way over to Netflix. Band of Brothers, Six Feet Under, Ballers, and The Pacific are also making their way over to Netflix. These shows will arrive as time goes on. Also, remember, this refers to the US market. If you’re outside of the US, you’ll be able to watch True Blood.


[ad_2]
Source link
1...1,1201,1211,122...1,475Page 1,121 of 1,475