Google Photos working on an option to hide your downloaded memes and other UI tweaks

andreasc
-
0
Google Photos working on an option to hide your downloaded memes and other UI tweaks
[ad_1]
Google Photos might soon become a little easier to manage with two potentially significant features recently found within the app’s code. These are designed to tidy up the sometimes overwhelming experience of managing our ever-growing photo libraries.
We all probably store a lot more in Google Photos than just our cherished memories. Screenshots, memes, and GIFs, while sometimes useful or entertaining, can seriously clutter up the main photos tab. Thankfully, as spotted by Android code expert AssembleDebug (via PiunikaWeb), Google seems to understand this and is giving us a new “Hide clutter” setting within the app.

Having this option should help put some order into the chaos that is the Google Photos library, but won’t completely disappear distracting items like screenshots or memes. What it does, is that it tucks them away in their designated albums where you can find them if needed. The primary difference is that they won’t invade your main photo grid while you’re trying to reminisce. These changes were found hidden in Google Photos version 6.79.0.624777117 with the below strings:

<string name=”photos_allphotos_gridcontrols_hide_clutter_base_filter_setting_title”>Hide clutter</string>

<string name=”photos_allphotos_gridcontrols_hide_clutter_base_filter_setting_subtitle”>Backed-up photos like screenshots, GIFs, and memes are hidden</string>

Memories are getting a makeover too

The Google Photos’ Memories tab is also getting a fresh coat of paint. The current collage-like presentation will make way for a more streamlined interface. Individual memories will now be shown as rounded rectangles, each with a single representative photo. Whether you love or hate the change, it’s definitely a shift in Google’s approach to presenting those nostalgic moments.

Google Photos working on an option to hide your downloaded memes and other UI tweaks

Google Photos’ Memories before and after | Source: PiunikaWeb

A bit more personalization

Google is also sneaking in a small but welcome tweak to its AI feature suggestions. Sometimes, the AI-generated Memory titles offered by Google Photos can be less than ideal. A new toggle in the app settings will let users disable these suggestions if they wish, allowing for more control over how their memories are labeled.

Source: PiunikaWeb

It’s important to remember that these features are still under development, so they may change at any time or may not even roll out at all. Still, it’s encouraging to see Google Photos continuing to evolve and offer users more control over their digital photo libraries.


[ad_2]
Source link

Hackers Exploiting Palo Alto Networks Zero-Day

andreasc
-
0
Hackers Exploiting Palo Alto Networks Zero-Day
[ad_1]

The Palo Alto Networks PAN-OS software has a critical command injection vulnerability that allows an unauthorized attacker to run arbitrary code on the firewall with root access. 

The vulnerability is identified as CVE-2024-3400, with a CVSS score of 10.0. Operation MidnightEclipse has been coined to describe its exploit.

Palo Alto Networks confirmed targeted attacks using this vulnerability last Friday in an alert, crediting a threat actor for known exploitation and noting the possibility of further exploitation by threat actors.

Only PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls are configured with device telemetry enabled, and either the GlobalProtect gateway or GlobalProtect portal (or both) are affected by this issue. 

Prisma Access, Panorama appliances, and cloud firewalls (Cloud NGFW) are unaffected by this flaw. 

How Attackers Exploited The Flaw?

Using the vulnerability, the attackers set up a cron job that retrieves commands hosted on an external server once every minute.

The bash shell is then used to carry out these commands. Palo Alto said the URL is believed to be a delivery system for a firewall backdoor running on Python.

The embedded backdoor component that carries out the threat actor’s directives is decoded and operated by another Python script that is written and launched by the Python file.

Document
Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

The threat actor was observed to be remotely exploiting the firewall to download more tooling, establish a reverse shell, change course into internal networks, and eventually steal data.

Palo Alto Networks released a hotfix to address command injection vulnerability in its custom operating system.

The attack was probably the result of a state-sponsored threat actor’s campaign, which security experts discovered began in March.

According to the threat intelligence firm that discovered it, Volexity tracks a threat actor named UTA0218 that started taking advantage of the zero-day vulnerability on March 26. 

Based on the resources needed to find and exploit the zero-day, the type of victims targeted, and the complexity of a Python-coded backdoor the threat actors placed to gain additional access to victim networks, Volexity attributes the attack to a government.

According to Volexity, zero-day exploitation appears to be targeted and restricted. However, as of this writing, “evidence of potential reconnaissance activity involving more widespread exploitation aimed at identifying vulnerable systems does appear to have occurred at the time of writing.”

Volexity discovered proof that after the intrusions, the attackers switched to internal networks.

The Active Directory database, as well as browser data from Microsoft Edge and Google Chrome, were among the critical Windows files that the threat actors targeted.

Hotfixes Released

The issue is fixed in hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all later PAN-OS versions. 

Additionally, the company said that the hotfixes for commonly deployed maintenance releases will be made available.

Palo Alto Networks advises users to watch for unusual behavior on their networks and investigate any sudden activity.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link

Logitech introduces its Logi AI Prompt Builder

andreasc
-
0
Logitech introduces its Logi AI Prompt Builder
[ad_1]

Just about every major tech company is making a hard pivot toward implementing AI in some way. This is not only for software companies. Logitech, the popular keyboard and mouse company, is making it easier to access ChatGPT by using its Logi AI prompt Builder.

Most of us within the Logitech ecosystem should know about the Logi Options+ app. This is a very useful app that you can use to fully customize your experience by letting you change the mouse settings, map buttons to certain functions and applications, etc. It’s available to download on Windows and Mac computers. So, if you have a supported keyboard or mouse, this may boost your experience.

Logitech announced the Logi AI prompt Builder to help you access ChatGPT faster

So, Logitech isn’t exactly going out and developing its own LLM. However, with how furiously companies are adopting AI, it wouldn’t have been surprising if the company did. In any case, Logitech just announced something a bit less ambitious. The Logi AI prompt Builder is a new addition added to the Logi Options+ app that will make it easier to access ChatGPT on the fly.

You can map a shortcut button to quickly access the Prompt Builder. The Prompt Builder will show up as a pop-up on the screen. You will see two main halves of the pop-up. The left half will show you the different Recipes that you can use. A Recipe is a certain function that you want the AI to perform. The current functions are rephrase, summarize, reply, and email.

On the right side, you’ll see several components. In the middle of the screen, you will see a large text field. This is where you will either paste or type the text that you want to be affected. Under that field, you will see certain options that will affect the outcome. These functions will vary depending on the recipe.

When you are finished, all you have to do is click on the Submit button at the bottom right of the screen. You will then receive your response to copy and paste.

This is a functionality that will make it quicker to access powerful generative AI capabilities. So, no matter if you are trying to type up an email for a client, write a report, digest a long bit of text, etc., you’ll have easy access to ChatGPT.


[ad_2]
Source link

Spectrum TV Stream launched with 90+ channels

andreasc
-
0
Spectrum TV Stream launched with 90+ channels
[ad_1]

US Cable TV giant Charter Communications has launched Spectrum TV Stream, a new bundle of internet-based channels from multiple broadcasters. The $39.99 per month subscription offers a bouquet of more than 90 channels from some of the biggest entertainment content producers.

Charter bundling 90 channels in one Streaming TV package

Charter Communications has reportedly launched Spectrum TV Stream, a new streaming TV bundle, primarily targeted at its Spectrum broadband customers. Incidentally, the company has launched two streaming bundles.

There’s the Spectrum Stream Latino, which offers 45 Spanish-language channels. The Spectrum TV Stream is aimed at an English-speaking audience. It has over 90 live channels.

This is a significant detour or diversification for Charter. It is now venturing into a new area where multiple streaming giants such as Netflix, Hulu, and others are competing. Sharon Peters, Executive Vice President, and Chief Marketing Officer for Charter claimed Charter has deliberately positioned the service as a lower-cost TV package for broadband-only customers.

“We are focused on creating more flexible, lower-cost video options for our customers that include a bundle of channels they want to watch. With Spectrum TV Stream and Stream Latino, our customers now have the option to choose high-value, internet-delivered streaming TV packages that include the most popular news and entertainment networks and Spanish-language programming.”

This new service offers 90+ live-streaming TV channels from Walt Disney Company, Warner Bros. Discovery, Fox, A&E, AMC, BBC America, CNN, National Geographic, and more.

The Spanish package with 45 Spanish channels costs $24.99 per month. It includes channels from Univision, Telemundo, beIN Sports en Español, and Discovery en Español. Interestingly, Charter already offers Mi Plan Latino, which is a Spanish-language TV package.

Sports Channels missing from Spectrum bundle

The Spectrum TV Stream subscription includes channels that offer entertainment and news. It is available to Spectrum Internet customers.

The entire package is reportedly available through the Spectrum TV App. Charter offers the Spectrum app for nearly every imaginable hardware, including iOS and Android smartphones and tablets, Apple TV, Roku, Xbox One, Amazon Kindle Fire, Samsung Smart TVs, Xumo Stream Box, and more. The same service is also available via the SpectrumTV.com website.

Notably missing from the English language Spectrum TV Stream bundle are sports channels. Even the ESPN+ stream, which Disney usually bundles in cable deals, is missing. The ESPN+ stream is available with the Spectrum TV Select Plus package. This might be a deal-breaker for many, especially considering how fierce the competition is.


[ad_2]
Source link

Cisco Warns Of Massive Brute-Force Attacks : VPNs & SSH Services

andreasc
-
0
Cisco Warns Of Massive Brute-Force Attacks : VPNs & SSH Services
[ad_1]

Hackers use brute-force attacks since it is an uncomplicated technique to break passwords or get into systems without permission. 

By systematically trying various combinations of usernames and passwords, attackers can exploit weak credentials.

Brute-force attacks are automated and scalable, enabling hackers to compromise multiple accounts or systems in a relatively short time.

Cybersecurity researchers at Cisco recently warned of massive brute-force attacks targeting VPNs and SSH services.

Cisco: Massive Brute-Force Attacks

Cisco Talos appreciates the contributions of Brandon White, Phillip Schafer, Mike Moran, and Becca Lynch for identifying a worldwide increase in brute force attacks on VPNs, web authentication portals, and SSH services since at least March 18th, 2024.

Free Live Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here

All these attacks originate behind TOR exit nodes and other anonymizing proxies and tunnels.

However, due to this reason, Cisco Talos is currently observing this widespread campaign.

These brute force attacks, which depend on the targeted environment, may result in unauthorized network access, account lockouts, and denial-of-service conditions. 

Traffic volumes associated with this campaign have steadily increased since March, and this trend will probably continue.

This campaign affects other services as well; however, certain services have been identified as being affected.

Here below, we have mentioned all the services that are affected:-

  • Cisco Secure Firewall VPN 
  • Checkpoint VPN  
  • Fortinet VPN  
  • SonicWall VPN  
  • RD Web Services 
  • Miktrotik 
  • Draytek 
  • Ubiquiti 

Besides this, brute-force attempts leveraged both generic and organization-specific valid usernames. 

The targeting appears indiscriminate and does not focus on any particular region or industry.

The traffic sources are commonly proxy services, including but not limited to those listed below:-

  • TOR   
  • VPN Gate  
  • IPIDEA Proxy  
  • BigMama Proxy  
  • Space Proxies  
  • Nexus Proxy  
  • Proxy Rack

The given proxy services are employed as non-exclusive sources of traffic, whereas the attackers may use other ones. 

Talos has blacklisted known associated IP addresses due to an enormous traffic surge, although source IPs will probably be changed. 

Mitigation steps vary depending on the affected VPN solution, as these brute-force attacks aim at different types of VPN, web authentication portals, and SSH services.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link

Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

andreasc
-
0
Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)
[ad_1]

Las Vegas, United States, April 17th, 2024, CyberNewsWire

Zero Knowledge Networking vendor shrugs off firewall flaw

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a leading firewall solution, Xiid Corporation reminds organizations that Xiid SealedTunnel customers remain secure. This latest vulnerability, currently unpatched and rated 10/10 on the CVSS (Common Vulnerability Scoring System), highlights the limitations of traditional security approaches.

Xiid SealedTunnel, the world’s first and only Zero Knowledge Networking (ZKN) solution, goes beyond Zero Trust architecture. Unlike today’s firewalls susceptible to zero-day exploits because of their break-and-inspect approach and the inevitable use of “smart” detection techniques that can and do fail, SealedTunnel is inherently resilient by design.

“This is a great example of why complex firewalls become their own security risk. Keep your firewalls simple, and just have them block all inbound access,” said Josh Herr, Head of Deployment and Integration at Xiid Corp. “Xiid SealedTunnel takes a fundamentally different approach. Our ZKN architecture ensures that data remains completely private and never exposed, even in the face of unknown threats.”

Xiid’s ZKN technology leverages the power of Zero Knowledge Proofs, allowing users to verify access rights without ever revealing sensitive information. This eliminates attack surfaces and renders data unreadable to unauthorized parties, even if a network breach occurs.

About Xiid Corporation

Xiid Corporation is a leading cybersecurity provider specializing in Zero Knowledge Networking solutions. Xiid’s flagship product, SealedTunnel, empowers organizations to achieve unparalleled security and privacy through a revolutionary approach that goes beyond traditional firewalls and zero-trust models. www.xiid.com

Contact

CEO
Steve Visconti
Xiid Corporation
[email protected]
7753382174


[ad_2]
Source link

Samsung’s April update lands on the Galaxy S20 FE in the US

andreasc
-
0
Samsung’s April update lands on the Galaxy S20 FE in the US
[ad_1]

Samsung has started updating the US version of the Galaxy S20 FE to the April security patch. The first-gen Fan Edition (FE) phone is currently receiving the update on carrier-locked units. Factory-unlocked variants should join the party soon. The latest security update has been already pushed to the phone in several international markets.

April update is live for the US version of the Galaxy S20 FE

Launched in late 2020, the Galaxy S20 FE marked the beginning of a new smartphone lineup for Samsung. The FE lineup offers flagship-grade features in a more affordable package. The device has received regular updates since its launch. It arrived with Android 10 and received feature updates up to Android 13. That’s the maximum Samsung promised, so it will no longer get feature updates—no Android 14 or One UI 6.1.

The Galaxy S20 FE is still getting monthly security patches, though. It should pick up new SMR (Security Maintenance Release) at least until September this year. After that, Samsung may end software update support for the phone or drop it to quarterly updates and push a few more security patches. There are still several months to go before we know whether the FE phone will get updates for a fifth year.

In the meantime, it is starting to pick up the latest SMR (Security Maintenance Release) in the US. The carrier-locked variants of the Galaxy S20 FE are getting the April update with the firmware build number G781USQSFHXD1. As expected, the update doesn’t bring any new features or improvements. It is all about this month’s security fixes. “The security of your device has been improved,” the official changelog states.

The April 2024 SMR for Galaxy devices patches more than 40 vulnerabilities. As usual, these include several Android OS patches from Google. The Android maker fixed one critical Android bug this month, along with dozens more high-severity vulnerabilities. Samsung also patched a handful of Galaxy-specific security flaws. These issues don’t exist on Android devices from other brands.

Galaxy S20 flagships may not get the new SMR

Samsung’s April 2024 security update may not reach the Galaxy S20 flagships. Those devices arrived in early 2020 and turned four earlier this year. The company has dropped them to quarterly updates. They picked up the March release, so the next security patch may arrive in June. We will let you know when a new update rolls out to the Galaxy S20 series. You can always check for updates from the Settings app.


[ad_2]
Source link

Nintendo will not attend Gamescom 2024

andreasc
-
0
Nintendo will not attend Gamescom 2024
[ad_1]

Nintendo will not attend the Gamescom 2024 event scheduled to begin on August 21 in Cologne, Germany this year. The company has informed some media outlets that its decision to skip the largest gaming event comes after “careful consideration.”

Gamescom is Europe’s biggest annual gaming expo. It is set to begin on August 21 and end on August 25 this year. Many game developers globally use this event as a platform to exhibit their upcoming games or gaming hardware.

A Nintendo spokesperson informed a German gaming news outlet that the Kyoto-based company won’t participate in the Gamescom 2024 event. Talking about Nintendo’s plan to skip the event with the German news outlet Games Wirtschaft, a company representative said that every year the company evaluates whether or not it should attend the Gamescom event.

And, this time around, after considering all the perspectives, the gaming giant has decided not to attend the Gamescom 2024 event. The company representative also mentioned that players can try out Nintendo Switch games at other gaming events throughout the year.

Nintendo’s decision to skip the Gamescom 2024 event makes sense

The news comes as a surprise since Nintendo has always participated in Europe’s biggest gaming event. However, the decision of Nintendo not to attend the Gamescom 2024 event somewhat makes sense. Notably, the first reason for this could be declining first-party support for games on the Nintendo Switch.

Another possible reason behind skipping Gamescom 2024 could be the late launch of the Nintendo Switch 2, the company’s next big hardware release. Rumors suggest that the company’s next handheld console might launch in 2025.

In short, that means there won’t be any official announcement regarding the same before or during the Gamescom 2024 event. Moreover, this could also mean that the company might not announce the Nintendo Switch 2 at the Summer Game Fest, a new global digital gaming event that will begin on June 7, 2024.

All that said, Nintendo’s decision to skip Gamescom 2024 could see a decline in the number of attendees for the event. Not to forget, many tournaments and competitions took place at a large show stage set by Nintendo at Gamescom 2023. It also set up multiple gaming stations, photos, and selfie booths for the attendees. But it seems by skipping the event, Nintendo is focusing more on its Nintendo Switch 2.


[ad_2]
Source link

L00KUPRU Ransomware Attackers discovered in the wild

andreasc
-
0
L00KUPRU Ransomware Attackers discovered in the wild
[ad_1]

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the wild, posing a threat to unsuspecting users.

The L00KUPRU ransomware is known to encrypt user files, appending the .L00KUPRU extension to the affected files.

The attackers behind this malware have employed a sophisticated approach, dropping a ransom note as a text file titled “HOW TO DECRYPT FILES.txt.”

This note demands payment in Bitcoin cryptocurrency and displays a pop-up window on the victim’s desktop, providing the attackers’ contact details and the BTC wallet address for the ransom payment.

Free Live Webinar for DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

Broadcom has published an article detailing its findings on the L00KUPRU ransomware.

The post includes technical details on the malware’s behavior, such as using encryption algorithms and command-and-control servers. 

Variant Details

A leading cybersecurity firm has identified several variants of the L00KUPRU ransomware, including:

  1. Adaptive-based: ACM.Ps-RgPst!g1
  2. File-based: Ransom.CryptoTorLocker, WS.Malware.1
  3. Machine Learning-based: Heur.AdvML.B

These variants have been designed to evade detection and infiltrate systems, posing a significant threat to individuals and organizations.

The discovery of the L00KUPRU ransomware is a stark reminder of the ever-evolving landscape of cybersecurity threats.

Experts urge users to remain vigilant, keep their systems and software up-to-date, and implement robust backup strategies to mitigate the impact of such attacks.

Collaboration between security researchers, law enforcement, and the public is crucial in combating the rise of sophisticated ransomware variants like L00KUPRU.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP


[ad_2]
Source link
1...166167168...1,452Page 167 of 1,452