The Nokia launches its “nearly indestructable” XR21

andreasc
-
0
The Nokia launches its “nearly indestructable” XR21
[ad_1]

is not as popular as it once was, and the company has been out of the mainstream for a while. However, it doesn’t seem to be venturing outside of the budget and mid-range phone market. The company just launched three new devices, and one is pretty unique. The Nokia XR21 launched, and it’s touted as being nearly indestructible, according to XDA Developers.

Along with that phone, Nokia also launched two other budget-friendly phones. These are the Nokia C100 and the Nokia C300. These won’t win points for durability, but they should prove to be useful handsets to keep in contact with your loved ones.

Nokia launches the Nokia XR21

Durable phones are nothing new, but the XR21 does bring some neat specs to the table. Let’s start off with what makes it so tough. This phone comes with a die-cast aluminum build, and the display uses the sturdy Gorilla Glass Victus. It has a MIL-STD-810H certification, which is a certification given to military-grade equipment to survive harsh environments.

The Nokia XR21 has an IP69k water and dust resistance rating. If you’re unfamiliar with this, the “9k” means that it can survive water at very high pressure (like water from a power washer) and water at very high temperatures.

It’s sporting a 6.49-inch display with a 1080p resolution. What’s neat is that this display has a 120Hz refresh rate. It uses the very capable Snapdragon 695 5G SoC backed up by 6GB of RAM and 128 GB of internal storage.

Other specs include a 64-megapixel main camera accompanied by an 8-megapixel ultrawide camera and a large 4800mAh battery. It’ll be available in the States for $500.

The Nokia C100 and Nokia C300

These two phones are more budget-friendly, and they’re just meant to get you through the day. The Nokia C100 has a 6.3-inch 720p+ display and it uses the MediaTek Helio P22 SoC. It has 3GB of RAM and 32GB of onboard storage. It has a 13-megapixel main camera, a 5-megapixel selfie camera, and a 3000mAh battery.

This phone costs only $99, and it will be available at Walmart, Best Buy, Target, Consumer Cellular, and TracFone Wireless retailers.

Nokia C100

As for the Nokia C300, this phone has a slightly bigger 6.52-inch 720p+ display, a more powerful Snapdragon 662 SoC, 3GB of RAM, and 32GB of storage. It will have a triple-camera setup with a 13-megapixel main camera, a 2-megapixel depth sensor, and a 2-megapixel macro camera.

The C300 will have a larger 4000mAh battery, and it will cost $139. This phone will be at the same locations as the C100.

Nokia C300


[ad_2]
Source link

The generative AI industry welcomes Web.com and GoDaddy

andreasc
-
0
The generative AI industry welcomes Web.com and GoDaddy
[ad_1]

From a recent update, it is clear that Web.com and GoDaddy are both rolling out AI features for their users. These companies are both operating web hosting businesses with millions of users around the world. Now they are both making generative AI products available to their users in a bid to simplify how they work.

Generative AI is becoming more popular on the internet, with lots of companies adding this feature to their services. Armed with such AI capability, users of these services can use prompts to enable the system to generate content for them. This content can be written, images, or even videos, and all the AI model needs is a prompt describing what the user needs.

Before this news, a few web hosting platforms have already made generative AI models available for their users. Now, after a while of waiting and working to integrate this feature into their platform, Web.com and GoDaddy are ready to join the crowd. The popularity of these various AI models is growing on a steady basis, but what does this new entry into the industry have in store for users?

Here is what Web.com and GoDaddy have in store for users with their new generative AI integration

Web hosting platforms like IONOS and Wix have already made generative AI available to users. The sole reason behind their introduction of this feature to users is to simplify things for them. So, instead of a user doing the heavy lifting while setting up their website, they can leave things to the generative AI model.

Additionally, a platform like IONOS is also using generative AI to help its users quickly generate blog posts. But in what ways do Web.com and GoDaddy use generative AI to help their users? Both platforms integrate this feature into their websites in various ways to help users handle certain aspects of the website.

Starting with Web.com, this web hosting platform is letting AI generate domain names and assist in certain aspects of building the site. The platform ensures that there are a lot of ways the prompts can be written by the users and executed by the AI model. This makes it easy for the user to perfectly describe certain features they want on the website before the AI gets to work.

GoDaddy, on its part, employs generative AI for product descriptions on the users’ online store. It also takes care of messages coming in from customers on the website, as well as Ads on Meta platforms (Facebook and Instagram). These features will come in handy for millions of users that own business websites and use GoDaddy web hosting services.

Making use of these generative AI features on Web.com and GoDaddy will come at a price to users. For those users struggling with things like setting up their website, product description, and social media Ads, they can wave their problems goodbye. Now, with just a few prompts, they can let AI handle certain roles on their website while they focus their attention on other things.


[ad_2]
Source link

Splunk Flaw Let Attackers Escalate Privilege

andreasc
-
0
Splunk Flaw Let Attackers Escalate Privilege
[ad_1]
Splunk Flaw

Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide.

Splunk can collect logs of all the configured events that can be used later to investigate security incidents.

Based on recent reports, Splunk was vulnerable to a Privilege escalation vulnerability which was discovered and reported.

The company has immediately patched this vulnerability on all Splunk versions.

CVE-2023-32707: ‘edit_user’ Capability Privilege Escalation

Any users with low privileges and has ‘edit_user’ capability can escalate their privileges to an admin user by sending a specially crafted web request to Splunk.

This was because of the fact that ‘edit_user’ does not connect with the ‘grantableRole’ setting in the authorize.conf configuration file, which could prevent this privilege escalation vulnerability.

Affected Products and Fix:

The Table below shows the products that were affected and the fixed version.

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1Splunk Web8.1.0 to 8.1.138.1.14
Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.108.2.11
Splunk Enterprise9Splunk Web9.0.0 to 9.0.49.0.5
Splunk Cloud PlatformSplunk Web9.0.2303 and below9.0.2303.100

Mitigations and Workarounds:

  • Other than admins, no other users must have the ‘edit_user’ capability.
  • Do not provide an ‘edit_user’ role through which other roles will be inherited.
  • Do not assign the ‘edit_user’ capability to users with low or no privileges.

All Splunk users are recommended to upgrade their Splunk versions to the latest versions.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

EHA

[ad_2]
Source link

Rumored Galaxy S24 zoom camera upgrades may not materialize

andreasc
-
0
Rumored Galaxy S24 zoom camera upgrades may not materialize
[ad_1]

Samsung‘s planned upgrades for the zoom camera system of its flagship smartphones may not materialize next year. The Galaxy S24 Ultra will reportedly get pretty much the same two zoom lenses as the current Ultra, bar some “minor improvements”. Neither will be a 5x zoom camera, nor a variable lens with 3x to 10x continuous optical zoom.

Hopes of a zoom camera upgrade on the Galaxy S24 Ultra are fading away

Samsung has used 3x and 10x zoom cameras on its Ultra flagships since the Galaxy S21 Ultra in 2021. There have been rumors lately that the 2024 model will bring major changes to the zoom camera system. Firstly, we heard that the company is planning to equip the phone with a variable lens. It was said to offer continuous optical zoom at all magnification levels between 3x and 10x.

Such a solution would essentially eliminate the need for two separate cameras, and also improve the image quality across the board. You’ll get optical zoom at every magnification level up to 10x. LG announced a 4x to 9x variable zoom lens in late December last year, just ahead of CES 2023 in January. So hopes of Samsung equipping the Galaxy S24 Ultra with a similar solution were high.

But, those hopes suffered a blow earlier this week when a rumor surfaced that the Galaxy S24 Ultra will feature a 5x zoom lens. Since the company certainly won’t downgrade maximum optical zoom from 10x to 5x, a dedicated 5x solution means there will be no variable lens. Nonetheless, it would be an upgrade from a 3x solution. The device will offer optical zoom at a slightly higher magnification level.

Sadly, that doesn’t seem to be happening either. According to well-known Twitter tipster @Tech_Reve, the Galaxy S24 Ultra will not feature a 5x zoom lens, nor a variable solution. Instead, the company will continue to equip its flagships with 3x and 10x zoom cameras. The former lens will reportedly carry over unchanged from the Galaxy S23 series. The latter, meanwhile, may get minor improvements and is the only camera upgrade on the phone.

If true, this would be a bit disappointing. Hopefully, Samsung will make up for it with other meaningful upgrades on the Galaxy S24 series. The Galaxy S23 series did decently well in the market this year thanks to the company equipping the phones with a Snapdragon processor globally. The 2024 models need something big to be a worthy successor. Time will tell what the Korean giant has up its sleeves.


[ad_2]
Source link

ChatGPT maker OpenAI is the fastest-growing website globally

andreasc
-
0
ChatGPT maker OpenAI is the fastest-growing website globally
[ad_1]

OpenAI, the firm behind the AI sensation ChatGPT, is now the fastest-growing leading website globally. The website (openai.com) that gives you access to the generative AI tool has climbed up to the 18th spot in the global ranking just a few months after it burst onto the scene. It is on the way to reaching one billion monthly active users (MAU) in a record time.

According to an analysis by research firm VezaDigital, based on data from Similarweb, OpenAI grew by 54.21 in traffic volume in March of this year. The website had 847.8 million unique visitors during the month. This helped it climb nine spots to become the world’s 18th most-visited website (from 27th). OpenAI had leaped 24 spots in February, climbing from the 51st spot to the 27th.

This staggering growth means the ChatGPT creator is the fastest-growing website among the top 50 most visited sites globally. It is “easily the greatest increase of all the top-ranking websites worldwide,” the report states. OpenAI surpassed the one-billion-visits milestone in February and grew to 1.6 billion total visits in March. One of every nine visitors is from the US, which is the website’s biggest source of traffic.

“The ChatGPT phenomenon spread like wildfire at the end of 2022 and we expect it to soon break all records of being the fastest-ever website to reach one billion monthly active users in such an incredibly short space of time,” said Stefan Katanic, CEO of VezaDigital. “This is indicative of a clear public interest in AI-powered solutions… We believe that AI will play a big role in over 50 percent of businesses in the next five years.”

The ChatGPT website growing exponentially isn’t a surprise

ChatGPT is all the rage right now. It has been so over the past few months. Launched in late November last year, the generative AI tool has taken the world by storm, so much so that several other established tech companies are rushing to create their own alternatives. It’s no wonder that the website is seeing exponential growth in MAUs.

However, the growth may slow down in the coming months due to a couple of reasons. For one, Google Bard (bard.google.com) is now available to the public, giving direct competition to ChatGPT. Moreover, chat.openai.com is no longer the only way to access the service. OpenAI recently launched an iOS app for ChatGPT, with an Android app planned too. Nonetheless, the AI rage is here to stay. Watch this space for the availability of the ChatGPT Android app.


[ad_2]
Source link

Millions of PC Motherboard Were Sold With Backdoor

andreasc
-
0
Millions of PC Motherboard Were Sold With Backdoor
[ad_1]
Millions of PC Motherboard

Gigabyte systems have been identified by the Eclypsium platform for exhibiting suspicious backdoor-like behavior. This discovery marks a recent development in detecting potential security vulnerabilities in Gigabyte systems.

The Eclypsium platform employed heuristic detection methods to identify potential supply chain threats, specifically targeting new and previously unknown compromises of legitimate third-party technology products or updates. 

These heuristic methods are crucial in uncovering and addressing emerging threats within the supply chain.

Recent findings have unveiled a concerning issue with the firmware in Gigabyte systems, as it is observed to drop and run a Windows native executable during system startup. 

This executable, in turn, proceeds to download and execute supplementary payloads insecurely.

PC Motherboard With Backdoor

Utilizing similar methodologies as other manufacturer-installed vulnerabilities, this feature employs techniques reminiscent of backdoors like Computrace, which malicious actors have exploited. 

Additionally, it resembles firmware implants such as:-

  • Sednit LoJax
  • MosaicRegressor
  • Vector-EDK

The presence of this backdoor suggests that it was deliberately designed and implemented with specific functionality in mind. To fully eliminate it from impacted systems, a firmware update would be necessary.

UEFI firmware analysis revealed a file named “8ccbee6f7858ac6b92ce23594c9e2563ebcef59414b5ac13ebebde0c715971b2.bin.” 

This file is a Windows Native Binary executable within the UEFI firmware volume identified by the GUID “AEB1671D-019C-4B3B-BA-00-35-A2-E6-28-04-36.”

The UEFI firmware incorporates this Windows executable, saved to disk during the system boot process.

This approach mirrors the frequently employed UEFI implants and backdoors to establish persistence.

In the DXE phase of UEFI firmware booting, the “WpbtDxe.efi” module utilizes the provided GUID to load a Windows executable file into memory. 

This file is then installed into a WPBT ACPI table, which is subsequently executed by the Windows Session Manager Subsystem (smss.exe) during the Windows startup process.

EHA

Before installing the executable into the WPBT ACPI table, the “WpbtDxe.efi” module verifies whether the “APP Center Download & Install” feature is activated in the BIOS/UEFI Setup. 

The .NET-based Windows executable is deployed, retrieves, and executes a separate executable payload. 

The specific location from which the payload is obtained depends on the configuration settings.

The executable dynamically fetches and launches the payload from a designated location determined by its configuration.

It is crucial to avoid using plain HTTP for updating privileged code due to its susceptibility to compromise through MITM attacks.

Despite employing HTTPS-enabled options, our observation reveals a flaw in implementing remote server certificate validation, making MITM attacks still possible. 

This highlights the need for improved validation mechanisms to ensure the integrity and security of remote server connections. 

Despite having a valid Gigabyte cryptographic signature meeting Windows’ code signing requirements, the executable and Gigabyte tools provide limited defense against malicious use when exploited with Living-off-the-Land techniques, as seen in the recent Volt Typhoon attacker alert.

Risks and attack scenarios

Here below, we have mentioned all the risks and attack scenarios:-

  • Abuse of an OEM backdoor by threat actors
  • Compromise of the OEM update infrastructure and supply chain
  • Persistence using UEFI Rootkits and Implants
  • MITM attacks on firmware and software update features
  • Ongoing risk due to unwanted behavior within official firmware.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus


[ad_2]
Source link

Google is adding a “Top Results” to the Gmail for Android Search

andreasc
-
0
Google is adding a “Top Results” to the Gmail for Android Search
[ad_1]

Gmail for Android is getting a new feature called Top Results for the search bar. As the name implies its intention is to make it easier to find what is most likely to be the email(s) you’re looking for.

Here’s how it works. When you open Gmail and tap the search bar to look for a specific email, the app will surface top results based on multiple factors, and place them at the top of the list. They’ll be labeled “Top results” of course, so you shouldn’t miss them.

The feature is built on machine learning models which look at your search keyword and your most recent emails. Though Google says it also looks at other relevant factors to give you the results. Anything not considered a “Top results” will still be listed as “all results in mail” as usual. Only now they’ll be just under however many top results there are.

Gmail for Android ‘Top Results’ begins rolling out today

If this sounds like a useful feature to you then you won’t have to wait too long for availability. In fact, it starts rolling out to users today. It’ll be available for both regular Gmail accounts as well as Workspace accounts.

As for the rollout pacing, it could take up to two weeks before it’s actually visible for you. I’m not seeing it on either my personal or work accounts just yet. According to Google this was a “highly requested feature.” And for those that wished it was included before now, you’re getting your wish.

There’s no admin control for this feature so admins won’t need to turn it on for Workspace accounts. It should just start working once it’s rolled out to your app. You also don’t have to worry about enabling a toggle or anything like regardless of whether it’s a personal account or not.

Gmail for Android Top Results


[ad_2]
Source link

Instagram explains how its content algorithm works

andreasc
-
0
Instagram explains how its content algorithm works
[ad_1]

In this day and age, where social media algorithms dictate a big part of our lives, it’s no surprise that industry experts and people have started to question how the algorithm works. Now, in an effort to clarify how its recommendation system functions and levy off the misconceptions about its algorithm, Instagram executive Adam Mosseri, in a recent blog post, explained how they rank content across different parts of the app.

Mosseri explained that rather than relying on a single algorithm, which many users speculated, the content rankings for different Instagram sections like Stories, Reels and Search are influenced by a complex web of factors, with a significant portion of them stemming from user-generated data.

Factors in consideration for stories and reels

Starting with the stories, multiple factors influence the story rankings, including the frequency of a user’s engagement with an account’s updates, as well as their interactions with others through direct messages and Story interactions such as likes. Additionally, Instagram also evaluates the user’s relationship with an account, such as whether they are friends or family.

When it comes to reels, the influencing factors differ slightly, as instead of relying on interactions with a specific account, Instagram takes into account a user’s previous actions, such as likes, saves, and shares, depending on the type of video. Moreover, the platform also calculates the predictive value of indicators like video resharing, completion rate, likes, and engagement with audio.

Tackling Shadowbanning

Shadowbanning generally refers to the suppression of an account or content without a clear explanation. And after widespread speculation, Instagram has finally acknowledged this concern and announced that they are actively working to enhance transparency through the introduction of an “account status” feature. This feature will not only alert users if Instagram deems their posts “ineligible” for recommendations but also allow them to appeal the decision.

While Instagram’s transparency regarding its recommendation system is commendable, it is important to understand the intricate nature of such algorithms, as they rely on countless data points and machine learning models. Therefore, providing a simple definition is not possible. Nonetheless, gaining insight into the underlying factors that affect recommendations will empower users to navigate the platform more effectively.


[ad_2]
Source link

Bug affecting Android version of WhatsApp causes it to crash when a certain message is received

andreasc
-
0
Bug affecting Android version of WhatsApp causes it to crash when a certain message is received
[ad_1]

The Android version of popular messaging app WhatsApp is crashing whenever someone sends a specific message to a subscriber via the app. On Twitter, security researcher PandyaMayur (@pandyaMayur11) wrote that the specific message is http://w.me/settings. In other words, if you were to send that precise message in a chat to a WhatsApp contact who uses the Android version of the app, it will cause that app to crash. This appears to be affecting users with version 2.23.10.77 of WhatsApp.
The message will cause WhatsApp to continually crash whenever the specific chat containing it is opened. So if someone sends you a chat containing the message as a prank or just to get you upset, after you restart the app, avoiding the malicious chat will keep your WhatsApp app running. While http://w.me/settings would normally allow you to access the settings on the app, for some reason only the Android version of the WhatsApp app is carrying the bug that is causing it to crash when a chat containing that message is opened. 
If someone does send the message to you, the only thing you can do besides avoiding that specific chat is to open WhatsApp via your desktop or laptop computer and delete it. Once you’ve deleted the message on your computer, you can return to your Android phone and resume the chat.

As of the latest data available, WhatsApp is the most popular messaging app in the world with 2 billion monthly active users worldwide. WeChat is second with 1.2 billion monthly active users followed by WhatsApp’s stablemate Facebook Messenger with 988 million monthly active users.


[ad_2]
Source link

Amazon Ring Employees Able to Access Customer Video

andreasc
-
0
Amazon Ring Employees Able to Access Customer Video
[ad_1]

California-based Ring LLC endangered its customers’ privacy by allowing any employee or contractor to see consumers’ private footage and failing to implement basic privacy and security controls, enabling hackers to gain control of consumers’ accounts, cameras, and videos.

Ring LLC, which Amazon purchased in February 2018, produces internet-connected, video-enabled home security cameras, doorbells, and related accessories and services

Reports say every Amazon Ring employee had access to every customer video, even if it wasn’t necessary for their duties. 

Additionally, before July 2017, the staff members may take any of those recordings, keep them, and share them as they pleased with staff members from a third-party contractor in Ukraine.

That’s what the FTC claimed in a recent case, for which Amazon may have to pay a $5.8 million penalty.

“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.

“The FTC’s order makes clear that putting profit over privacy doesn’t pay.”

Ring Fails To Set Up Basic Procedures For Staff Monitoring And Detection

According to the complaint, for instance, one employee, over several months, looked at thousands of video records belonging to female users of Ring cameras that surveilled personal locations in their houses, such as their bathrooms or bedrooms.

The employee wasn’t stopped until another employee noticed the misbehavior. Even when Ring set restrictions on who may see customers’ videos, the firm couldn’t identify how many additional workers inappropriately accessed private films because Ring failed to adopt basic steps to monitor and detect employees’ video access.

According to the FTC, a Ring employee allegedly saw hundreds of recordings from at least 81 different female users. 

The employee watched the videos for at least an hour every day for hundreds of days between June and August 2017. Their supervisor said it was “normal” for an engineer to view so many accounts after another employee raised the issue with them.

“Only after the supervisor noticed that the male employee was only viewing videos of “pretty girls” did the supervisor escalate the report of misconduct. Only at that point did Ring review a portion of the employee’s activity and, ultimately, terminate his employment”, based on an FTC complaint.

In January 2018, a male employee looked for a female coworker using her email address and exploited his access privileges to watch her videos.

Engineers (including employees and independent contractors) were only permitted access to customer films if there was a business requirement in February 2018, when employee access permissions were further restricted.

EHA

Ring modified its access policies again in February 2019 so that most of its workers and contractors could only view a customer’s private video with that customer’s permission.

The FTC provides further examples of access abuse and surveillance. Because there were no detection procedures, Ring allegedly has no idea how much-unauthorized access occurred.

Customers were unaware that so many staff might view their video. According to the FTC, Ring’s Terms of Service and Privacy Policy did not state that its employees and contractors would be able to examine all video recordings to develop and improve its products before December 2017.

Ring just explained the business’s permission to use recordings made in conjunction with its (then-named Doorbot’s) cloud service for product development in the middle of prolonged, legalese-filled terms.

Ring Fails To Use MFA And Protect Against Threats

The FTC claims Ring failed to implement multi-factor authentication (MFA) until May 2019, far after many rivals had done so, and it also ignored employee and outside security researcher warnings to protect users from threats like credential stuffing and brute force attacks.

The FTC claims that more than 55,000 users had their Ring devices compromised between January 2019 and March 2020.

Cybercriminals have occasionally exploited two-way chat to terrorize Ring consumers, as though from a horror film: Several women in bed heard hackers curse at them, several children were called racist slurs, and much more.

The DOJ Filed a Complaint

The Department of Justice filed the complaint and settlement proposal on behalf of the FTC.

Amazon was accused of violating the Children’s Online Privacy Protection Act (COPPA) rule by retaining Alexa voice and geolocation data linked with young users for years while prohibiting parents from exercising their right to request the deletion of their children’s data.

In a blog post, the FTC stated that because children’s speech patterns are different from adults, they may have been particularly beneficial to Amazon:

“Children’s speech patterns are markedly different from adults, so Alexa’s voice recordings gave Amazon a valuable data set for training the Alexa algorithm and further Amazon’s commercial interest in developing new products.”

Along with the $25 million settlement, Amazon will be prohibited from exploiting geolocation and speech data collected from children to develop or enhance data products.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus


[ad_2]
Source link
1...1,2001,2011,202...1,471Page 1,201 of 1,471