U.S. to Impose Visa Restrictions on 13 Individuals

andreasc
-
0
U.S. to Impose Visa Restrictions on 13 Individuals
[ad_1]

To combat the misuse of commercial spyware, the United States Department of State has announced visa restrictions on 13 individuals linked to developing and selling these invasive technologies.

This decision underscores a broader initiative by the U.S. government to address the proliferation of spyware that threatens personal privacy, national security, and human rights.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Crackdown on Spyware Misuse

Matthew Miller, the Department Spokesperson, revealed the new measures in a press statement dated April 22, 2024.

These individuals and their immediate family members have been identified as critical players in the spyware industry, benefiting from or facilitating the misuse of technology that has targeted a wide range of individuals, including journalists, academics, human rights defenders, and U.S. government personnel.

The misuse of commercial spyware has been a growing concern globally, with numerous reports highlighting how such tools have been used to infringe on personal freedoms and conduct espionage.

The visa restrictions have been imposed under Section 212(a)(3)(C) of the Immigration and Nationality Act, following a policy approved by Secretary of State Antony Blinken in February 2024.

This legal framework provides the U.S. with the authority to deny entry to individuals whose activities potentially threaten the country’s foreign policy interests.

Broader U.S. Government Initiatives

The announcement is part of a comprehensive U.S. strategy to curb the dangers posed by commercial spyware.

This strategy includes visa restrictions, stringent export controls, sanctions, and the promotion of accountability measures.

The U.S. government has also limited its use of commercial spyware, which poses risks to national security and human rights.

The U.S. move to impose visa restrictions sends a strong message internationally about the seriousness with which it views the misuse of spyware.

It also sets a precedent for other nations to implement similar measures to protect individuals from digital threats and uphold human rights standards.

As the global landscape of technology and surveillance continues to evolve, the U.S. Department of State’s actions represent a critical step toward establishing a safer and more accountable digital environment.

The focus now turns to how other countries will respond to this initiative and whether an international consensus can be reached to effectively regulate the use of commercial spyware.

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot


[ad_2]
Source link

Elon Musk announces ranking feature for X notifications

andreasc
-
0
Elon Musk announces ranking feature for X notifications
[ad_1]

X plans to introduce a ranking option for notifications. Like your Home feed, you will get “For You” and “Following” options for notifications on the platform. Elon Musk announced this upcoming feature, which is currently in development.

X is working on a ranking option for notifications

X (formerly Twitter) has changed substantially since multi-billionaire Elon Musk took over the company in 2022. First and foremost, the platform got a new name. Subsequently, tweets were rebranded into posts and retweets into reposts. While it is the same social network app at its core, it feels a lot different now.

Another change is on the way, Musk has confirmed. “The notification tab is currently in chronological order only. We’re working on a ranking option there, like For you vs Following,” the X owner posted on Monday evening. He didn’t elaborate on the feature. But his words suggest X will group notifications from accounts you follow in one place, separate from other notifications.

Interestingly, the platform already has three sections in the Notifications tab, though they are designed to filter notifications rather than group them separately. By default, you land on the All section housing all of your notifications. The Verified section filters them to show notifications from verified accounts, including likes and comments, aka replies.

The Mentions section houses notifications for posts where you have been directly mentioned. If a verified account has mentioned you in a post or reply, you will find the notification in all three sections. It is unclear if the new ranking options will replace these or if X will keep them all, allowing users to sort notifications in multiple ways. The company may share more details soon.

Users want a more robust system for managing notifications

This upcoming change might lay the foundation for a more robust system for notification management on X. Replies under Musk’s post suggest users want a wide range of categories for sorting notifications, like Subscribers, Verified, Recent, Most liked, and more. “Sorting options on [the] engagement screen would be amazing too. When a post goes semi-viral, [it] would be helpful to see which repost was most impactful,” a user wrote.

It remains to be seen if X implements these suggestions. As Musk said, it is currently working on a ranking option for notifications. The planned change may arrive with a new update in a few weeks or months. We will keep a close eye on the development and let you know when we have more information to share. In the meantime, make sure to keep the X app updated on your phone so you don’t miss out on new features.


[ad_2]
Source link

Microsoft unveiled its Phi-3 family of AI models

andreasc
-
0
Microsoft unveiled its Phi-3 family of AI models
[ad_1]

Ever since the birth of the computer, we’ve seen the trend of groundbreaking technology coming down in size while getting more powerful. The computers in our pockets are exponentially more powerful than the large room-sized computers that were used back in the 60s. Well, this is happening with AI models. Microsoft just released the Phi-3 series of AI models, and they come in three sizes.

If this sounds familiar, Google released Gemini, a family of models that comes in three sizes. Recently, Meta launched its Llama 3 family of models, which also comes in different sizes. Companies are utilizing different sizes for their LLMs which makes them more versatile.

Where this really shines is on-device computing. There are several developers who don’t quite need large Internet-connected LLMs for their needs. Many people are just fine using smaller models that can easily fit on a computer.

Microsoft just released its Phi-3 AI models

Microsoft announced that these models are more powerful than the last iteration. One of the more interesting models in this family is the Phi-3 mini. It’s the smallest one in the family, and it’s designed to fit on smaller devices such as computers or smartphones. If it is small enough to fit on smartphones, then it could be a competitor to Google’s Gemini Nano.

The corporate vice president of Microsoft Azure, Eric Boyd, told The Verge that Phi-3 Mini is actually as capable as GPT-3.5. However, it’s in a much smaller form factor. According to the report, Phi-3 Mini has 3.8 billion parameters. The next model in the family is called Phi-3 Small, and that has 7 billion parameters. Lastly, Phi-3 Medium has 14 billion parameters.

If you’re using platforms like Microsoft’s Azure, Hugging Face, or Ollama, you have access to Phi-3 mini. We’re sure that these new AI models will help push Microsoft forward in the rapidly growing AI space. It’s one of the leaders of artificial intelligence, so, we’re excited to see what the company does next.


[ad_2]
Source link

Critical Flaw with API Portal Let Attackers Launch SSRF Attacks

andreasc
-
0
Critical Flaw with API Portal Let Attackers Launch SSRF Attacks
[ad_1]

A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks.

Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw in, manage, and assist developers who create applications using their APIs.

Organizations frequently use this software to create and maintain developer portals for their APIs. 

Typically, an SSRF attack involves the attacker forcing the server to connect to internal services only found in the infrastructure of the company. 

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

In different circumstances, they might be able to force the server to establish a connection with any random external systems.

Sensitive information, such as authorization credentials, can leak as a result.

This critical severity vulnerability tracked as CVE-2024-2796, has a CVSS base score of 9.3. The vulnerability was disclosed by Jakob Antonsson.

The Akana Community Manager Developer Portal, versions 2022.1.3 and earlier, has a server-side request forgery (SSRF) vulnerability. 

When an SSRF attack is successful, the hacker can control the target web server to carry out harmful operations or disclose private data. 

This approach can cause significant damage to an organization, including sensitive data exposure, cross-site port attacks (XSPA), denial of service (DoS), and remote code execution.

Affected Software Versions

It has been confirmed that the following Perforce Akana Community Manager Developer Portal versions are impacted:

  • 2022.1.1 
  • 2022.1.2 
  • 2022.1.3

Patches Released

  • 2022.1.1 (CVE-2024-2796 Patch) 
  • 2022.1.2 (CVE-2024-2796 Patch) 
  • 2022.1.3 (CVE-2024-2796 Patch)

It is highly recommended that organizations utilizing the Akana Community Manager Developer Portal update to one of the patched versions right away.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP


[ad_2]
Source link

This Website is Selling Billions of Private Messages of Discord Users

andreasc
-
0
This Website is Selling Billions of Private Messages of Discord Users
[ad_1]

In a major privacy breach, private data including private messages of millions of Discord users are being sold on a clear web website. The website, Spy.pet, is an internet-scraping company, that has been collecting data from Discord since November 2023.

So far, as seen by Hackread.com, it has sold four billion public Discord messages which were publicly accessible and gathered from 14,201 servers, which are home to 627,914,396 users.

While it is unclear who owns the website, the very nature of the data – scraped messages – suggests a potential security flaw in how Discord interacts with bots or third-party applications.

What Does “Scraped Messages” Mean?

Scraping is a method where automated tools extract information from a platform, such as Discord, by exploiting weaknesses in bots or unofficial apps’ access and interaction with the targeted platform.

This can expose private chats, server chats, and direct messages, potentially exposing conversations between users or groups. Previously, scrapped databases from Chess.com, Clubhouse, LinkedIn, Mastodon, and GETTR also surfaced online.

What Information is at Risk?

Security experts suspect that the leaked data from Discord chats could expose personal information, private photos and videos, financial details, and company secrets. Users’ usernames, nicknames, and real names could be included, and sensitive media could be shared.

Additionally, financial details could be a target for scammers, and company secrets, especially if Discord is used for business communication, could also be exposed.

How does Spy.net Operate?

Spy.pet is a chat-harvesting platform that collects user data through profiles containing known aliases, pronouns, connected accounts, Discord servers, and public messages. Users must buy credits (costing $0.01 each and a minimum of 500 credits) to access profiles, and archives of conversations, and search for servers.

It only takes cryptocurrency for payments except for using a Coinbase link as it has banned Spy.net. In February 2024, the platform was DDoS’ed, but the owner claimed minimal damage.

This Website is Selling Billions of Private Messages of Discord Users
A screenshot from the website shows what it offers (Credit: Hackread.com)

How to Protect Yourself?

Discord is already investigating Spy.pet and is committed to protecting users’ privacy. The company plans to take appropriate steps if violations of its Terms of Service and Community Guidelines are found. 

Meanwhile, to protect yourself from potential risks, review your Discord privacy settings and ensure only authorized applications have access to your data. Change your password, enable two-factor authentication and be mindful of sharing personal information or sensitive content within Discord chats, even on private servers. If you suspect your account may have been compromised, report it to Discord immediately.

  1. Windows Users Alert: Skuld Malware Steals Discord Data
  2. Telegram and Discord Bots Delivering Infostealing Malware
  3. PureCrypter Malware Targets Governments Through Discord
  4. Scammers Selling Twitter (X) Gold Accounts Fueling Phishing
  5. Discord.io Admits Data Breach: Info of 760K Users Sold Online

[ad_2]
Source link

First Pixel 8a hands-on video shows us Bay & Mint models

andreasc
-
0
First Pixel 8a hands-on video shows us Bay & Mint models
[ad_1]

The very first Pixel 8a (hands-on) video has just surfaced, and it shows us two color options of the phone. Bay and Mint models are shown here, two of the most eye-catching colors that Google will offer.

The very first Pixel 8a video is here, and it’s a hands-on clip

This short video clip was shared by gsm_islame on Instagram and reshared by Arsene Lupin (a tipster) on X. You not only get to see the two phones but also their retail boxes here. The video itself is embedded below.

This video basically confirms all the leaks we’ve seen thus far. We’ve leaked the Pixel 8a a couple of times, exclusively. The design is very similar to the Pixel 7a, which is something you will quickly notice.

The Mint color looked a bit brighter in the renders. It looks a lot more appealing in this video, at least to us. Both of these colors look really nice, actually, and will give options to people who are tired of black, gray, and white combinations.

The Pixel 8a will have a flat display with a centered display camera hole. That is not something you can see here, but we’ve seen it in leaks. What you can see here is the back side of the phone. A camera visor is still here, with two cameras inside it. The backplate does curve towards the edges.

The phone is expected to launch next month during Google I/O

Google’s new mid-ranger is expected to launch during Google I/O next month. It will likely launch during the keynote on May 14, even though Google I/O is scheduled for May 15 as well.

The phone is said to feature a 6.1-inch fullHD+ OLED display with a 120Hz refresh rate. The Google Tensor G3 will fuel this smartphone, while the phone will retain the same camera setup as the Pixel 7a.

Android 14 will come pre-installed on the device, though the Android 15 update will follow later this year. Thanks to this video, you can see that a Type-C to Type-C cable will be included, and the same goes for a SIM ejector tool, and a Pixel Quick Switch adapter. A charging brick will not be included, as expected.


[ad_2]
Source link

Volkswagen Group’s Systems Hacked: 19,000+ Documents Stolen

andreasc
-
0
Volkswagen Group’s Systems Hacked: 19,000+ Documents Stolen
[ad_1]

The Volkswagen Group has fallen victim to a sophisticated hacking incident, with over 19,000 sensitive documents stolen.

Investigations point towards a possible involvement of Chinese hackers, raising concerns over international cyber espionage and the security of global automotive giants.

The Volkswagen Group reported a massive security breach in its IT systems late last week.

According to sources, the attackers managed to exfiltrate over 19,000 documents containing sensitive information related to the company’s operations, plans, and, potentially, details on electric mobility technologies, as reported by ZDFheute.

The breach was first detected by the company’s internal security team, who noticed unusual activity in their network.

Forensic experts suggest that the sophistication of the attack indicates a well-organized group with significant resources.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Impact on Volkswagen

The repercussions of this breach for Volkswagen are manifold.

The stolen documents contain critical information that could affect Volkswagen’s competitive edge in the electric vehicle market.

There is also a significant risk of financial loss, both through potential disruptions in operations and through the impact on investor confidence.

The company has issued a statement assuring stakeholders that immediate measures are being taken to contain any further damage and that they are working closely with law enforcement agencies.

In response to the incident, Volkswagen has announced a comprehensive overhaul of its cybersecurity protocols.

The company plans to implement advanced real-time monitoring systems, increase its cybersecurity workforce, and enhance employee training on data security.

Volkswagen also collaborates with cybersecurity firms to analyze the breach and prevent future incidents.

This event has highlighted the need for robust cybersecurity measures in the automotive industry, which is increasingly reliant on digital technologies.

China’s Involvement

The investigation into the hack has revealed digital footprints leading to China, suggesting that the breach could be part of a larger pattern of cyber espionage targeting Western technology and industrial sectors.

While the hackers’ identity has not been officially confirmed, the attack pattern aligns with methods commonly used by Chinese hacking groups.

This incident adds to the growing tensions between China and the West over cybersecurity and intellectual property theft.

The breach of Volkswagen’s systems is a stark reminder of the vulnerabilities in global corporations’ digital infrastructures.

As companies continue to expand their digital footprint, the importance of safeguarding critical information cannot be overstated.

The incident affects Volkswagen’s immediate operational capabilities and has broader implications for international business security protocols and geopolitical relations.

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot


[ad_2]
Source link

Huawei Mate 70 & Pura 80 camera revealed by trusted source

andreasc
-
0
Huawei Mate 70 & Pura 80 camera revealed by trusted source
[ad_1]

The Huawei Pura 70 series was launched quite recently in China. As we’re expecting to see those devices become global, a trusted source has just revealed the Huawei Mate 70 and Pura 80 main camera sensors.

This information comes from Digital Chat Station, one of China’s most reliable tipsters. If it were a less trusted source, we’d be really skeptical, to be honest. In any case, let’s see what Digital Chat Station had to say.

The Huawei Mate 70 & Pura 80 main camera sensors tipped

He claims that Huawei will use the OmniVision OV50K camera on the Huawei Mate 70 series. The OmniVision OV50X camera sensor will be used on the Huawei Pura 80 series.

Now, we know that the OmniVision OV50K is a large 1/1.3-inch sensor that utilizes LOFIC technology. Thanks to that, it should be able to provide extremely fast autofocus speed. That sensor was used on the HONOR Magic6 Ultimate, in case you were wondering.

That camera sensor will likely be used as the main camera on the Huawei Mate 70 series. It is possible that all phones in the series will utilize that sensor, the source did not really specify.

What about the OmniVision OV50X? Well, that one is a bit of a mystery. We do know that it will incorporate LOFIC as well, but we’re not sure what else. We’re also not sure what will the sensor size be, exactly.

The Huawei Pura 80 series is about a year away at this point, so that is not surprising. Digital Chat Station somehow managed to get his hands on this detail so early in the game.

The Huawei Mate 70 series is coming later this year, most likely in August or September

The Huawei Mate 70 series is expected to arrive later this year. The Mate 60 series arrived at the very end of August, in China. The Mate 70 series is expected in either August or September. It remains to be seen if Huawei will make them global, though.

The Huawei Pura 70 series has plenty to offer, especially the Pura 70 Ultra model. It remains to be seen how Huawei aims to top that with the Huawei Mate 70 series.


[ad_2]
Source link

NVIDIA CEO predicts considerable popularity of humanoid robots

andreasc
-
0
NVIDIA CEO predicts considerable popularity of humanoid robots
[ad_1]

NVIDIA was one of the first gaming-oriented brands to implement artificial intelligence. The firm also carried out a test to see the benefits of adding generative AI into video games. The CEO of NVIDIA recently attended the CadenceLIVE Silicon Valley 2024 event where he made an interesting statement claiming that humanoid robots will gain immense popularity among the general population. He talked about the prices of these robots as well.

NVIDIA CEO believes humanoid robots will be more commonplace than expected

In an interview that took place in CadenceLIVE’s Silicon Valley event, the CEO of NVIDIA, Jensen Huang said that he expects the humanoid robots to become very common in the coming years. He further says that the increasing use of these AI robots will revolutionize industries and will change the way they work. Not only this, but more and more general population will also start using it.

The CEO indirectly predicted the price of upcoming humanoid robots as well. He says that we can get a cheap car for around $10,000 – $20,000 and we would be able to get a humanoid robot for the same price soon. For specific environments, he claims that getting robots over these cheap cars is much more sensible and versatile.

They are not going to be very expensive

If we look at the past trends, the prediction of the CEO isn’t totally wrong. Elon Musk previously said that their upcoming humanoid robot, the Optimus would be priced around $25,000. Do keep in mind that this is the first generation and the price is expected to decrease over time.

Many more industries will soon enter into the manufacturing of humanoid robots. This will increase the market competition and force the firms to price their robots very competitively. NVIDIA is also working on Project GR00T, which is going to be the basic model of humanoid robots, and if we consider the CEO’s comment, it surely will not have a heavy price.


[ad_2]
Source link

Hacker Offer Upto $300 To Mobile Networks Staff for Illegal SIM Swaps

andreasc
-
0
Hacker Offer Upto $300 To Mobile Networks Staff for Illegal SIM Swaps
[ad_1]

A SIM Swap Scam or SIM Cloning Scam exploits a vulnerability in a two-factor authentication (2FA) system that relies on SMS messages for verification codes, where attackers aim to gain control of the victim’s mobile phone number by convincing the victim’s mobile carrier to transfer the number to a new SIM card under the attacker’s control.

The attacker typically initiates the scam by acquiring the victim’s personal information, including their phone number, which can be obtained through various means, such as data breaches, social engineering attacks (e.g., phishing emails or smishing attacks), or by purchasing the information on the dark web.

Breakdown Of The Technical Aspects Of A SIM Swap Scam:

Once the attacker has the victim’s phone number and potentially other personal details (e.g., Social Security Number, date of birth), they contact the victim’s mobile carrier while impersonating the victim. 

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

To appear legitimate, attackers may use social engineering tactics to convince carrier representatives that they have lost their phone or SIM card and request a replacement. 

Weaknesses in the carrier’s verification process, such as relying solely on security questions with predictable answers or a lack of multi-factor authentication for customer service representatives, can increase the scam’s success rate.

As reported by Reddit, if the social engineering is successful, the attacker convinces the carrier to issue a new SIM card and activate it on their device, effectively porting the victim’s phone number to the attacker’s controlled SIM card.

With the phone number under their control, the attacker can intercept any SMS messages sent to the victim’s number, including 2FA codes for various online accounts (e.g., bank accounts and social media accounts).

Attackers can bypass 2FA security measures and potentially take over the victim’s accounts by gaining access to these codes.

Once attackers have access to the victim’s accounts, they can wreak havoc by stealing money by transferring funds from bank accounts, making unauthorized purchases using linked credit cards, or even committing identity theft by using the victim’s personal information for fraud.

Mitigate The Risk Of SIM Swap Scams:

Carriers can stop relying solely on knowledge-based authentication (e.g., security questions) and implement multi-factor authentication for customer service interactions.

This involves sending a one-time verification code to a trusted email address or registered device before processing any SIM swap requests.

Biometric verification using fingerprints or facial recognition can be a more robust way to confirm a customer’s identity during SIM swap requests.

Carriers can educate their customer service representatives on the tactics used in SIM Swap Scams and train them to be more vigilant in identifying and preventing such attempts.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link
1...167168169...1,471Page 168 of 1,471