Quit Using EmailGPT As Its Vulnerability Risks Users

andreasc
-
0
Quit Using EmailGPT As Its Vulnerability Risks Users
[ad_1]

Researchers warn users to stop using the EmailGPT service due to an unpatched security vulnerability. Exploiting the flaw potentially results in various security threats from data exposure to system crashes and monetary losses.

EmailGPT Extension Vulnerability Threatens Users

Sharing the details in a recent post, Synopsys Cybersecurity Research Center (CyRC) researchers highlighted how a severe security flaw in EmailGPT risks users’ security.

EmailGPT is an AI-powered email generating API and browser extension. Leveraging OpenAI’s GPT, it allows users quickly create email drafts and replies via prompts generated on the basis of the previous user communications.

As elaborated, the researchers discovered numerous prompt injection vulnerabilities that an adversary could exploit to take over the service logic. Consequently, the attackers may force the service to leak hardcoded system prompts and execute malicious prompts.

Regarding the impact of such exploits, the researchers mention about the users suffering financial losses due to repeated malicious prompts which an attacker may generate to the API that works on a pay-per-use model. Moreover, an attacker may also inject malicious prompts causing the service to leak sensitive user information, or even trigger denial of service.

This vulnerability, identified as CVE-2024-5184, received a medium severity rating and a CVSS score of 6.5, according to CyRC advisory.

No Patch Available Yet

According to the timeline shared in the advisory, the researchers first attempted to contact the EmailGPT developers and report the flaw in February 2024, followed by multiple attempts for the same. However, despite their effort, the researchers received no response from the service regarding vulnerability fixes.

Consequently, upon completion of the standard 90-day disclosure period, the researchers went ahead with public disclosure.

For now, there exists no viable patch or mitigation for the vulnerability. Given the threats associated with potential exploitation, the researchers advise users to stop using the EmailGPT service (API and browser extension) until a fix arrives.

Let us know your thoughts in the comments.


[ad_2]
Source link

iOS and AI: everything you need to know

andreasc
-
0
iOS and AI: everything you need to know
[ad_1]

WWDC kicks off with a keynote, giving us a sneak peek at the upcoming operating systems for Apple products, and this year is no different. 

Artificial intelligence is the buzzword in tech right now, and Apple is diving in headfirst. At today’s WWDC 2024, the Cupertino tech giant announced the new

and some fresh AI updates across all its major software, dubbing it Apple Intelligence. 

Following the keynote, developers gain access to a beta build to test their apps. As for us regular users, we can also sign up our iDevices to receive public beta builds once they’re released.

The complete version of iOS usually debuts in September alongside the latest iPhone. Therefore, this year, we anticipate iOS 18, along with its new AI features, to launch alongside the iPhone 16 series.

So, where did Apple sprinkle its AI magic?


Well, pretty much everywhere in its software. But the AI additions in iOS 18 make this the biggest software refresh we have seen in years. And while Apple is spreading AI across its operating systems, Siri is the main highlight.

Siri

Apple has reworked Siri using large language models to make it smarter and more responsive to user queries. The new Siri can now take actions within Apple’s own apps, making the assistant way more capable than it used to be.


The new Siri feels more casual and conversational, with a more natural-sounding voice. It can do more than before, taking into account events, locations, dates, people, and companies. In an essence, Siri will use your information to serve you better results. For example, you can tell Siri to find your driving license and the digital assistant will pull it out from Photos. 

Siri is stepping up its game with some handy new tricks. Imagine being able to tell Siri to open a document, move a file, delete an email, edit a photo, or give you a quick summary of your messages, notifications, and articles. That is the kind of convenience Apple is bringing with the updated Siri.


However, as exciting as all this sounds, we will have to wait a bit. The new Siri experience is set to roll out with the first version of iOS 18 and some of the new features will roll out gradually in the next year. 

Apps and services


Apple is sprinkling AI magic into loads of its own apps, and here is a rundown of the new AI features the company revealed during the event:


  • Safari: Safari is getting smarter with an Intelligent Search feature that uses AI to highlight key topics and phrases on web pages, providing a neat summary. And there is a handy new tool called Web Eraser for hiding pesky parts of web pages that keep popping up.
  • Messages: in the Messages app, get ready for a slew of handy AI features. Now, you will get better-suggested replies powered by AI for swiftly responding to incoming texts. Plus, ‌Siri‌ is stepping up its game by summarizing lengthy messages, making it easier to catch up on conversations. There is also a new emoji feature coming out. Users can make emojis based on their messages. These emojis will be made by AI, and they will be completely original, not from the usual emoji collection. 
  • Mail: the Mail app is improved with a new Smart Replies feature that offers suggestions for quick responses to incoming emails. Alongside that, there are enhancements to the search function and an option to summarize lengthy email threads. Not stopping there, Mail is also getting a makeover with automatic categorization of incoming messages. And you can also use the new Rewrite feature to get different drafts of your text by changing the tone and style of your email. 
  • Photos: in the Photos app, there is a new AI-powered feature that lets users remove unwanted objects from their images. Plus, searching photos and videos gets easier as thanks to AI, the app  understands more complex queries. You can also create a memory by typing a description and letting Apple Intelligence do the work of turning your photos into a movie.
  • Notes: with the latest AI updates, Notes lets you record voice memos directly within the app, complete with a transcript feature. Mathematical notations have been enhanced to accommodate a wider range of equations, and the app also offers AI-generated summaries of key points in both notes and audio recordings.
  • Voice Memos: similar to the Notes app, the Voice Memos app now offers transcripts and summaries for recorded content.
  • Notifications: AI will get summaries of the most important and relevant information. 
  • New Image Playground app: You can create as many images as you want with the help of AI. It is also integrated into Messages and more in-house apps. 

Which devices will be receiving the latest AI features?


‌iOS 18‌ is compatible with all iPhones that support iOS 17, including:
  • iPhone 15 series
  • iPhone 14 series
  • iPhone 13 series
  • iPhone 12 series
  • iPhone 11 series 
  • iPhone XR
  • iPhone XS
However, Apple Intelligence will be exclusive to the iPhone 15 Pro models, iPads and Macs with M1 chip and newer.

Privacy and security


In iOS 18, some of the new AI features work right on your device, so they won’t rely on cloud servers for processing, which means your data stays on your iPhone. However, other features will work on servers but Apple says you are in control of your data and can choose where to store it. 

Apple usually puts all its features into beta first, so they can test them thoroughly before making them official. The new AI features are all opt-in, if don’t want to use AI, you have the option not to.


[ad_2]
Source link

FINALLY: Apple announces RCS support coming to iPhones via iOS 18 this fall

andreasc
-
0
FINALLY: Apple announces RCS support coming to iPhones via iOS 18 this fall
[ad_1]

Image credit: Apple

Apple’s latest operating system, iOS 18, will finally bring Rich Communication Services (RCS) support to its Messages app this fall, as mentioned in passing today during Apple’s WWDC 2024 conference. This move, long-awaited by consumers and industry experts alike, promises to enhance cross-platform messaging between iOS and Android devices.For years, communication between iOS and Android users has been hampered by the outdated SMS protocol. The difference in messaging protocols has led to issues such as reduced image and video quality, message length limitations, and a lack of end-to-end encryption in cross-platform conversations. The visual distinction between blue iMessage bubbles and green SMS bubbles further emphasized this disparity.RCS, developed as a modern replacement for SMS, has already become the standard for Android devices. This protocol boasts features like typing indicators, read receipts, support for longer messages, and high-quality media sharing. It essentially mirrors the iMessage experience but is designed to work across different platforms.

RCS support for the Messages app was mentioned as a footnote during the WWDC 2024 keynote | Credit: Apple

While pressure from companies like Google and Samsung to adopt RCS may have played a role, the catalyst for Apple’s decision seems to be tied to regulatory scrutiny from the European Union. The timing of Apple’s November announcement, promising RCS support in the coming year, suggests a strategic move to appease EU regulators.
Previously, in a statement to the press, Apple had said that it would be “adding support for RCS Universal Profile, the standard as currently published by the GSM Association,” which left room for speculation as to what that would entail. The RCS standard that is currently used on the Google Messages app on Android is not the RCS Universal Profile and includes some extra features such as end-to-end encryption. It will be interesting to see if some type of encryption will be included in Apple’s version.

Although Apple has not yet provided specific details on how RCS will be implemented in iOS 18, this development is a significant step towards a more unified and feature-rich messaging experience for users across different mobile platforms. It remains to be seen how this change will impact iMessage’s popularity and whether Apple will extend RCS support to group chats or leverage it for features beyond basic messaging.


[ad_2]
Source link

Apache Log4j2 Vulnerability Remains A Threat For Global Finance

andreasc
-
0
Apache Log4j2 Vulnerability Remains A Threat For Global Finance
[ad_1]

Despite a working patch that has been around for years, the Apache Log4j2 vulnerability still poses a threat to the global finance sector. A security researcher warned users about the threat.

Apache Log4j2 Vulnerability Remains A Threat – Warns Researcher

Security researcher Anis Haboubi directed the cybersecurity and financial sector’s attention to a critical security issue. As highlighted through his recent X post, the well-known yet notorious Apache Log4j2 vulnerability wreaked havoc a few years ago.

To reiterate, log4j2 is a variant of the first detected vulnerability Log4Shell, which allowed remote code execution in apps running the vulnerable Java logging library. It took the firm several attempts to patch the flaw before releasing the Log4j version 2.17.1, addressing the vulnerability CVE-2021-44832. This vulnerability, tagged as a moderate-severity issue, allowed RCE to an attacker with write access to the logging configuration.

Elaborating further on this matter in his X post, Haboubi wrote,

“A critical vulnerability (CVE-2021-44832) allows attackers with write access to the logging config to exploit a JDBC Appender with a JNDI URI, enabling remote code execution. This could compromise your system by executing malicious code remotely.
Once compromised, attackers can pivot using SSH tunnels to access private network databases.”

The researcher also cited Sisense’s guide on SSH tunnel connections to a private network, explaining that an adversary exploiting the Log4j2 vulnerability could further exploit SSH tunnels for lateral movement on the network.

Haboubi also explained Sisense’s latest move to integrate PEM key-based authentication in the setup script to prevent unauthorized access. While this step alleviates the severity of Log4j2, Haboubi also urged the relevant organizations to update logging configurations and implement SSH security measures to prevent potential threats.

These findings arrive following the recent security breaches at Sisense and Snowflake, which occured due to the exploitation of security flaws in their infrastructure, exposing sensitive financial data to hackers.

Let us know your thoughts in the comments.


[ad_2]
Source link

Here’s a leaked image of the HMD Atlas

andreasc
-
0
Here’s a leaked image of the HMD Atlas
[ad_1]

HMD has disconnected itself from Nokia and unveiled some very typical-looking mid-range phones. while we’ve already seen several HMD-branded phones, there are still a few surprise devices popping up. We now have a leaked image of the HMD Atlas. This is going to be a mid-ranger with a pretty nice display based on the information.

As you may know, HMD took over the license to build Nokia phones several years back. Since then, it’s been struggling to polish the company’s tarnished golden image. The company has been popping out some affordable devices over the past few years at a slowing pace. So, HMD struck out on its own and got to work on its own phones. While that’s the case, HMD has released some Nokia-branded phones recently.

We got a leaked image of the HMD Atlas

At this point, we shouldn’t expect any radical new designs or premium flagships from HMD just yet. Right now, the Finnish company is still focusing on padding out the sub-$300 market. As such, this newly leaked phone won’t have you drooling over the specs.

Starting off with the display, the HMD Atlas looks like it’s going to have a 6.64-inch LCD display with a 1080p+ resolution and 120Hz refresh rate. That’s not jaw-dropping, but it’s still an improvement over the 720p+ resolution on the other phones.

Powering the device, we have a Snapdragon 4 Gen 2. So, we’re not looking at a lot of power, but it still grants it 5G connectivity. Backing that up, there’s 8GB of RAM and 128GB of onboard storage.

In the battery department, we’re seeing some impressive numbers. This phone has a 5,500mAh battery. That’s a 10% boost from the standard 5,000mAh battery capacity we see with most phones.

Moving over to the cameras, this phone could have a 48MP main camera with an f/1.8 aperture. We expect that to be accompanied by a 5MO ultrawide camera and a depth sensor. Up front, we’re looking at a 16MP selfie camera.

Lastly, this phone could have a 3.5mm headphone jack, Micro SD card expansion, and Bluetooth 5.1 connectivity. The Atlas could cost $239.99 when it launches.


[ad_2]
Source link

Max (formerly HBO Max) follows industry trends as ad-free plans get pricier

andreasc
-
0
Max (formerly HBO Max) follows industry trends as ad-free plans get pricier
[ad_1]
In what seems to be the latest trend in the streaming world, Max (formerly known as HBO Max) has announced that it will be increasing the price of its ad-free plans. This news follows a report last month that hinted at the possibility of a price change.

As of today, new subscribers will be paying $16.99 per month for the standard ad-free plan, a dollar more than the previous price. For those who prefer the 4K ad-free plan, the monthly cost is now $20.99, also a dollar more than before. Existing Max subscribers won’t see the change immediately, but they can expect the price increase to take effect starting with their next billing cycle on or after July 4th.

If you’re a fan of the ad-free experience and prefer to pay annually, you’ll also see an increase. The standard ad-free yearly plan will now cost $169.99 (up from $149.99), and the 4K ad-free yearly plan will be $209.99 (up from $199.99). However, for those who don’t mind watching a few ads, there’s a silver lining: the price for the ad-supported subscription will remain unchanged at $9.99 per month or $99.99 per year.

Current Max plans and pricing | Credit: Max

This isn’t the first time that Warner Bros. Discovery, the parent company of Max, has raised prices. Last year, they also bumped up the cost of their streaming service. And it appears they’re not alone in this trend. NBCUniversal is planning to increase the price of Peacock by $2 in July, and Disney is set to start charging customers who share passwords this month. The moves to raise prices by all these companies are becoming more increasingly tough to keep up with.The move to raise subscription prices comes at a time when streaming services are investing heavily in content and technology. While these price increases might not be popular with consumers, they’re likely necessary for the companies to continue providing high-quality content and remain competitive in the ever-growing streaming market, however detrimental they may become to the viewer’s wallets.

[ad_2]
Source link

Criminal IP Unveils Innovative Fraud Detection Data Products

andreasc
-
0
Criminal IP Unveils Innovative Fraud Detection Data Products
[ad_1]

AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced that it has started selling its paid threat detection data from its CTI search engine ‘Criminal IP‘ on the Snowflake Marketplace. Criminal IP is committed to offering advanced cybersecurity solutions through Snowflake, the leading cloud-based data warehousing platform.

 

<Image caption: Criminal IP’s Intelligence Listings on Snowflake Marketplace >

Criminal IP’s Intelligence for Fraud Detection and Privacy Protection is meticulously crafted to address the growing concerns surrounding fraudulent activities and privacy breaches. By aggregating data on known malicious and masked IP addresses, including those with historical abuse records such as IDS, malware, phishing, ransomware, and blocked IPs, this dataset equips organizations with actionable insights to identify and mitigate fraudulent activities in real time. Additionally, the product boasts advanced capabilities to detect servers infected by botnet and C2 software, as well as IP addresses leveraging masking services like VPNs, proxies, and hosting. This product is tailored to support fraud detection (FDS) and malicious IP plans, enabling organizations to bolster their security posture and streamline incident response protocols.

Criminal IP’s Intelligence for Threat Detection & Incident Response is designed to empower organizations to combat cyber threats effectively. This comprehensive cyber threat intelligence dataset provides invaluable insights into malicious IP addresses, leveraging data sourced from Criminal IP’s Cyber Threat Intelligence Database (CTIDB).

These new datasets on the Snowflake Marketplace offer granular, real-time threat intelligence, enabling organizations to safeguard digital assets, mitigate risks, and respond swiftly to security incidents. Snowflake’s global customers can access a complimentary trial of up to 1,000 data items, with subscription options for daily updates.

About AI Spera

AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, significantly expanded its reach by launching its flagship solution, Criminal IP, in 2023.

Since then, the company has formed technical and business collaborations with over 40 renowned global security firms, including VirusTotal, Cisco, Tenable, Sumo Logic, and Quad9.

Besides the CTI search engine, the company offers Criminal IP ASM, a SaaS-based Attack Surface Management Solution on AWS and Azure Marketplace, and Criminal IP FDS, an AI-based Anomaly Detection Solution used for credential stuffing prevention and fraud detection.

Available in five languages (English, French, Arabic, Korean, and Japanese), the search engine provides a powerful service for users worldwide.


[ad_2]
Source link

Nokia shows off immersive phone call technology with 3D audio

andreasc
-
0
Nokia shows off immersive phone call technology with 3D audio
[ad_1]

A Nokia executive has made the first “immersive” phone call as a demonstration. This is a new technology that the company is working on. It promises to offer an improved calling experience thanks to 3D spatial audio technology.

Pekka Lundmark, CEO of Nokia, revealed more details about the technology. He was also the one who held the call with Stefan Lindström, Finland’s Ambassador of Digitalization and New Technologies. According to Lundmark, immersive phone calls are designed to offer a closer communication experience. It will help make interactions between all parties more lifelike. The goal is similar to Google’s Project Starline, but with much fewer requirements.

The new Nokia’s 3D audio-based immersive phone call technology

Currently, voice calls use monophonic audio. This means that all sound is compressed to output through a single channel, which significantly reduces quality. It also completely eliminates the feeling of separation between all the sound elements present during a call. On the other hand, Nokia’s immersive calls solve this by implementing 3D audio technology.

One of the advantages of the technology is that it does not require special devices. The first immersive call was made using a normal 5G-supported phone. The only hardware requirements are support for 5G networks and at least two microphones. Today, millions of devices meet these requirements.

The technology is compatible with both calls between two people and meetings between multiple people. In the latter, it could be used even better, since the three-dimensional sound will separate the voices of all the participants. This will allow you to distinguish the voices of each participant according to their spatial position.

Nokia’s immersive phone call technology will be one of the advantages of 5G Advanced. 5G Advanced is the next evolutionary leap in mobile networks before the arrival of 6G. The company will have to reach licensing agreements for its implementation. So, you’ll probably have to wait some years before it’s available to everyone.


[ad_2]
Source link

Google Home’s “Favorites” widget rolls out for Android

andreasc
-
0
Google Home’s “Favorites” widget rolls out for Android
[ad_1]

Google has begun the wide rollout of its Google Home 3.18 update, bringing a highly anticipated feature to Android users: the “Favorites” widget. First announced last week, this update is now available via the Play Store, although you may need to restart your device before it shows up. If you’re enrolled in the Preview Program, you’ll get a first look at this new tool for managing your smart home.The Favorites widget offers two customization options: syncing with your favorites from the Home app or choosing specific controls unique to the widget. Syncing with the app mirrors the grid layout of the Favorites tab, while the custom option allows for arranging devices in your preferred order. You can further tweak the widget using the edit icon, and even switch between different homes. For now, you can select Actions (Assistant, Broadcast, Call Home) and Devices, with support for automations promised in the near future.

Google Home Favorites widget installation | Credit: PhoneArena

For devices like lights, plugs, and blinds, a simple tap on the widget will toggle them on or off. Google notes that some devices may take a moment to respond, but the widget will keep you updated on the progress. Devices like cameras, Wi-Fi, thermostats, and commands will open the corresponding control page in the app when tapped.

Security remains a priority, with sensitive actions like opening smart locks or garage doors requiring extra authentication. This added layer of protection ensures that your home stays secure.

The widget refreshes its status every 30 minutes and offers flexibility in sizing. You can have it fill your entire homescreen, shrink it down to a single tile, or choose a different configuration. You can even have multiple widgets on your homescreen. Tapping on any empty space within the widget will launch the full Google Home app.

Google Home Favorites widget resizing | Credit: PhoneArena

This new feature joins the growing list of updates Google has been rolling out to its smart home ecosystem this year. With the Favorites widget, the company is clearly aiming to streamline the control of smart devices for Android users, prioritizing both convenience and security. However, only time will tell how well this new feature is received by the broader user base.

[ad_2]
Source link

Docker Hub Services No More Available In Russia

andreasc
-
0
Docker Hub Services No More Available In Russia
[ad_1]

Shortly after multiple users complained online about the unavailability of Docker Hub services, it’s now official that Docker Hub services have been suspended in Russia. The platform cites US export laws as a reason to pull out their services post-Russia-Ukraine war.

Docker Hub Ends Operations In Russia Sans Prior Notifications

Reportedly, the developer platform Docker has blocked Russian users from accessing it due to US laws. This development came as a shock to many Russian developers who relied on Docker Hub.

Specifically, Docker Hub is the main public registry for the developer platform-as-a-service giant Docker, facilitating the developer community globally. The platform employs a freemium model and has become beneficial for most users as a seamless cloud platform for sharing, storing, and managing container images.

The matter gained traction in the media following multiple complaints from users regarding the inaccessibility of Docker Hub services in Russia. Besides highlighting the matter on social media sites like Reddit, users also shared their concerns on the official Docker forums.

Eventually, Russian media confirmed that Docker blocked its services for Russian users, citing compliance with US export control laws as the reason. Moreover, besides banning Russian users, Docker also restricted users from five other countries: Iran, Cuba, North Korea, Syria, and Sudan.

Users trying to access Docker and facing the restriction witness the following message from the platform.

Since Docker is a US company, we must comply with US export control regulations. In an effort to comply with these, we now block all IP addresses that are located in Cuba, Iran, North Korea, Republic of Crimea, Sudan, and Syria. If you are not in one of these cities, countries, or regions and are blocked, please reach out to https://hub.docker.com/support/contact/

Since Docker mentioned blocking IP addresses from these regions, users may still be able to access the platform using a VPN. In fact, VPNs are often used for accessing blocked sites and services globally. Nonetheless, this isn’t a fool-proof strategy due to potential IP/DNS leak issues that may trigger the ban if the platform knows the real IP addresses or if Docker implements measures to detect and block VPN users.

Let us know your thoughts in the comments.


[ad_2]
Source link
1...145146147...1,471Page 146 of 1,471