Google’s new “Find My Device” network goes live, third-party Bluetooth tag support coming in May

andreasc
-
0
Google’s new “Find My Device” network goes live, third-party Bluetooth tag support coming in May
[ad_1]
The highly anticipated Google Find My Device network is finally live in the U.S. and Canada, as announced today by the company via a blog post. Now, if you happen to misplace your phone, keys, or even your headphones, Google’s got your back.

Find My Device works by using the power of the Android network — created by a billion Android devices and the magic of Bluetooth. When enabled, your device will be anonymously and securely tracked by other Android devices that are nearby. This means that if you lose your phone, you can use another device to log in to your Find My Device account and see its location on a map. Here’s a quick rundown of the new features:


  • Offline Finding: The Pixel 8 and Pixel 8 Pro get the full offline experience, so now you can find them even if they’re offline or the battery’s dead.
  • Bluetooth Tag Support: Starting in May, tags from companies like Chipolo and Pebblebee will be trackable within Google’s system, with more brand support coming soon.
  • Locate Nearby Items: Zero-in on lost devices with a “Find Nearby” button. Perfect when your phone’s fallen behind the couch.
  • Nest Integration: Get an idea of how close lost devices are to your Nest devices at home.
  • Sharing Made Easy: Share digital keys, remotes, and more with people you trust to help find lost items.
  • Headphone Support: Headphones from JBL, Sony, and others will soon work with the network after a simple software update.

Image Credit: Google

Google’s built a crowdsourced network using a ton of Android devices worldwide. This upgraded Find My Device Network works on devices running Android 9 or later. So, if you’ve got a relatively recent Android phone, you should be good to go.

In the announcement, Google reiterated the fact that your own Android phone helps out the Find My Device network in the background without compromising your privacy. Google states that the network uses end-to-end encryption of your location data and first-of-its-kind aggregated location reporting, which makes unwanted tracking to a private location more difficult. This was the challenge the company was working on along with Apple before officially launching the service after unveiling it last year. With iOS 17.5 implementing these anti-stalking security measures and Google’s updated Find My Device network launching with these protections as well, both companies are now working together to keep smartphone enthusiasts secure.

[ad_2]
Source link

Galaxy A53 and A13 grab Samsung’s April 2024 update in the US

andreasc
-
0
Galaxy A53 and A13 grab Samsung’s April 2024 update in the US
[ad_1]

Samsung‘s April 2024 security patch is quickly making its way into more Galaxy devices. Shortly after the Galaxy Z Fold 5, Galaxy Z Flip 5, Galaxy Tab S9 series, and Galaxy A52, we can confirm its availability for the Galaxy A53 and Galaxy A13. The latter two models are picking up the update in the US, while it is an international release for others. The Galaxy S24 series has already received the April SMR (Security Maintenance Release) globally.

April update available for the Galaxy A53 and A13 in the US

The Galaxy S24 series was the first to receive Samsung’s latest security update. The company began the rollout last month with some camera fixes in tow. The Korean firm waited a while before expanding the new SMR to other models, likely because it got busy with the One UI 6.1 update. However, the delay might have ended as the latest security patch is available for several Galaxy smartphones and tablets today.

As of this writing, the April SMR is available for the carrier-locked variants of the Galaxy A53 and Galaxy A13 on Verizon’s network in the US. The new firmware build numbers for the duo are A536VSQSADXC3 and A135USQS7DXC6, respectively. Samsung should soon roll out the update to the devices on other networks and gradually expand it to the unlocked units and international versions.

Note that we are talking about the 4G-only Galaxy A13 here. Samsung has yet to release the April update for the 5G version of the phone. Don’t expect anything big here, though. The update is all about security enhancements. The April SMR for Galaxy devices patches more than 40 security vulnerabilities, some of which are labeled as critical fixes by Samsung and Google. Watch out for a notification about the update in the coming days.

These Galaxy phones should get One UI 6.1

Samsung recently updated the Galaxy S23 series, Galaxy Z Fold 5, Galaxy Z Flip 5, and Galaxy Tab S9 series to One UI 6.1, which debuted with the Galaxy S24 series. The company will gradually push the new One UI version to more devices. The Galaxy A53 and Galaxy A13 should also get it, though they may be quite low in Samsung’s priority order.

These A series phones may also miss out on most of the new AI features found in One UI 6.1. There should still be plenty to be excited about. We will let you know when One UI 6.1 starts rolling out to more devices.


[ad_2]
Source link

Canada invests $2.4 billion to boost domestic AI capabilities

andreasc
-
0
Canada invests $2.4 billion to boost domestic AI capabilities
[ad_1]

The Canadian government has unveiled a new plan to pump $2.4 billion into artificial intelligence (AI) development and research over the next few years. Prime Minister Justin Trudeau announced the funding package. The government aims to advance Canada’s capabilities in AI and realize the full economic potential of the technology.

Most of the investment, $2 billion, will be used to boost high-performance computing infrastructure and resources. It can be used by Canadian AI researchers and startups. Currently, many rely on cloud services owned by foreign companies outside the country’s borders.

The new Sovereign Compute Strategy will seek to build secure, domestic computing capabilities that keep citizens’ data in Canada. According to Deputy Prime Minister Chrystia Freeland, this approach can improve national security by preventing foreign access to data.

Canada’s massive AI funding to drive innovation and safety

In addition to improved computing, $200 million will go to regional agencies to support the growth of early-stage AI companies in key industries. Healthcare, agriculture, clean tech, and manufacturing are just a few of the sectors that will benefit from incentivized AI integration. The goal is to foster homegrown innovation and ensure that economic opportunity extends to all regions.

Recognizing the rapid progress of generative AI, the government has committed $50 million to a new Safety Institute. Its researchers will work to proactively address potential downsides such as unintended biases, privacy violations, or dangerous applications. Another $5.1 million has been set aside to create an Office of the AI Commissioner to provide guidance, oversight, and accountability.

The bill has been in committee since September 2023, according to Trudeau. “We want to help companies adopt AI in a way that has a positive impact for everyone,” he explains. By funding this initiative, Canada is positioning itself to be a leader in the rapidly evolving AI industry.

Other major countries that are developing regulations around AI technology include the United States and China. However, all of these regulations remain speculative. AI technology is evolving rapidly, so it’s not surprising that it’s taking a long time to develop appropriate laws.


[ad_2]
Source link

AI-As-A-Service Providers Vulnerability : Cross-Tenant Attacks

andreasc
-
0
AI-As-A-Service Providers Vulnerability : Cross-Tenant Attacks
[ad_1]

The fast acceptance of AI has serious security issues, as this necessitates strict security measures to be put in place for the protection of sensitive information within shared cloud AI infrastructure.

Wiz Research, a cybersecurity firm, in collaboration with AI-as-a-Service firms, recently discovered some common security flaws across the sector that could expose users’ personal data and models.

The implications of these findings have to be taken seriously considering AI services are now available in more than 70% of cloud environments.

AI-As-A-Service Providers Vulnerability

Malicious models pose a severe threat, enabling cross-tenant attacks and access to millions of private AI models and apps within AI-as-a-service providers. Wiz uncovered critical risks in Hugging Face’s environment:-

  • Shared inference infrastructure takeover risk via untrusted pickle-serialized models with potential remote code execution payloads.
  • Shared CI/CD takeover risk through malicious AI applications compromising the pipeline for supply chain attacks.

When securing AI/ML systems, several factors, such as the AI model being used, the application code that uses the model, and the inference infrastructure deploying the model, must be taken into account.

AI-As-A-Service Providers Vulnerability (Source -Wiz)

Malicious people can use various methods to attack each component, including malicious input for models, insecure application code that processes the results of a model, and pickled models that compromise inference infrastructures. 

This involves downloading unreliable AI models, similar to embedding untrustworthy codes into applications.

Hugging Face research team focused on isolation flaws in AI-as-a-service setups, examining the company’s major products: 

  • Inference API
  • Inference Endpoints
  • Spaces
Inference API (Source -Wiz)

However, Hugging Face’s analysis and warnings of insecure Pickle-based PyTorch models still allow inferring potentially malicious models. 

On the other hand, researchers developed a harmful PyTorch model that runs arbitrary code when loaded and remotely executes code by using Inference API to interact with it.

Researchers achieved shell-like functionality by hooking into Hugging Face’s post-deserialization inference results management code.

This demonstrates how untrusted AI models in shared compute services are at great risk due to inadequate isolation.

As a result of gaining a reverse shell through the Hugging Face Inference API, researchers realized that they were inside one pod within an Amazon EKS Kubernetes cluster.

They exploited common misconfigurations like querying the node’s IMDS to get the node role and cluster name via AWS permissions.

With node role privileges, these people got access to pod information as well as secrets that brought to light the risks of lateral movement and data leakage.

Moreover, it also executed code by using a malicious Dockerfile in Hugging Face Spaces, which demonstrated potential supply chain attack vectors caused by network isolation issues in the container registry. 

Researchers urged to allow IMDSv2 with Hop limits, apply tighter access controls, and impose authentication measures for securing shared AI environment.

Secure your emails in a heartbeat! Take Trustifi free 30-second assessment and get matched with your ideal email security vendor - Try Here

[ad_2]
Source link

Porn panic imperils privacy online, with Alec Muffett (re-air): Lock and Code S05E08

andreasc
-
0
Porn panic imperils privacy online, with Alec Muffett (re-air): Lock and Code S05E08
[ad_1]

This week on the Lock and Code podcast…

A digital form of protest could become the go-to response for the world’s largest porn website as it faces increased regulations: Not letting people access the site.

In March, PornHub blocked access to visitors connecting to its website from Texas. It marked the second time in the past 12 months that the porn giant shut off its website to protest new requirements in online age verification.

The Texas law, which was signed in June 2023, requires several types of adult websites to verify the age of their visitors by either collecting visitors’ information from a government ID or relying on a third party to verify age through the collection of multiple streams of data, such as education and employment status.

PornHub has long argued that these age verification methods do not keep minors safer and that they place undue onus on websites to collect and secure sensitive information.

The fact remains, however, that these types of laws are growing in popularity.

Today, Lock and Code revisits a prior episode from 2023 with guest Alec Muffett, discussing online age verification proposals, how they could weaken security and privacy on the internet, and whether these efforts are oafishly trying to solve a societal problem with a technological solution.

“The battle cry of these people have has always been—either directly or mocked as being—’Could somebody think of the children?’” Muffett said. “And I’m thinking about the children because I want my daughter to grow up with an untracked, secure private internet when she’s an adult. I want her to be able to have a private conversation. I want her to be able to browse sites without giving over any information or linking it to her identity.”

Muffett continued:

“I’m trying to protect that for her. I’d like to see more people grasping for that.”

Alec Muffett

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.


[ad_2]
Source link

Galaxy Tab S6 Lite (2024) is available in the US via Amazon

andreasc
-
0
Galaxy Tab S6 Lite (2024) is available in the US via Amazon
[ad_1]

Samsung has started selling the Galaxy Tab S6 Lite (2024) in the US. The new mid-range tablet is available on Amazon with a price tag of $329.99. The company seemingly hasn’t made it available on any other platform, not even its official website.

Galaxy Tab S6 Lite (2024) arrives in the US

After a series of leaks and rumors, Samsung officially launched the Galaxy Tab S6 Lite (2024) at the end of March. The company detailed its specs, most of which were already revealed by leaks, and shared the European prices. We subsequently got the tablet’s prices for the UK, but there was no word on its price and availability for the US.

However, as spotted by PhoneArena, the Galaxy Tab S6 Lite (2024) is now on sale in the US exclusively through Amazon. Samsung is offering the tablet in 64GB and 128GB storage variants, both with 4GB of RAM and SD card support. The 64GB variant costs $329.99, while the 128GB variant is priced at $399.99. The devices ship immediately and are available for free returns. Samsung has also bundled a $100 Amazon gift card.

Amazon is the only place you can buy this tablet from in the US. It is unclear why Samsung decided to make it exclusive to the platform. Nonetheless, if you plan to buy the Galaxy Tab S6 Lite (2024), we have provided links to both storage variants below. The links take you directly to product pages for the tablet on Amazon US. If you want to quickly check out the specs and features before buying, read on.

Buy 64GB variant on Amazon

Buy 128GB variant on Amazon

Specs and features

The Galaxy Tab S6 Lite (2024) is a refreshed version of a 2022 tablet of the same name, which itself is a refresh of a 2020 tablet. All three tablets have the same design and build quality. You get an aluminum body (including the back cover) and a 10.4-inch TFT LCD screen with a 1200 x 2000 pixels resolution. The tablet supports S Pen and Samsung DeX and comes with AKG-tuned stereo speakers.

Powered by Samsung’s Exynos 1280 chipset, the Galaxy Tab S6 Lite (2024) isn’t a powerful tablet but no slouch either. You get an 8MP rear camera with no flash and a 5MP selfie camera. The 7,040mAh battery is fairly big but a 15W charging speed is somewhat slow. Other highlights include Android 14, Wi-Fi 5, Bluetooth 5.3, and USB Type-C 2.0. While the tablet is available in a 4G/LTE version in other regions, Samsung seemingly didn’t bring it to the US. The device comes in Chiffon Pink, Mint, and Oxford Gray colors.


[ad_2]
Source link

Nothing Ear & Nothing Ear (a) Leak

andreasc
-
0
Nothing Ear & Nothing Ear (a) Leak
[ad_1]

Recently, Nothing announced that they would be debuting two new earbuds on April 18. Well, how about we introduce you to the Nothing Ear and Nothing Ear (a) on April 8 instead?

First up is the Nothing Ear. These are going to be the more high-end version of the two earbuds, priced at €150. And the successor to the Nothing Ear (2), the company announced that they would be dropping the numbers from their naming for earbuds. These will include active noise cancellation, dual connection, and waterproofing with an IP54 rating, while the case gets an IPX2 rating.

Battery life is also going to be somewhat respectable here: 7.5 hours with ANC turned off, while the case will give you 33 hours. Nothing is also included, such as a fast charging feature, which allows you to get 10 hours of usage from just a 10-minute charge.

Nothing Ear will be available in black and white, as shown below. Nothing is sticking with the transparent look on these earbuds, which does look a bit more transparent on the white version. It is just a transparent stem, so the only difference in color is the earbud.

Nothing Ear (a) could be the best sub-€100 earbuds on the market

The Nothing Ear (a) is going to be pretty similar to the Nothing Ear, with the big differences being the waterproof rating and the battery life. So we’re still looking at dual connection, Active Noise Cancellation, and quick charging to get you 10 hours of playback in just 10 minutes.

On the battery life front, you’ll get eight hours of playback with ANC off, and the case will get you 38 hours of playback total. The buds are going to have a waterproof rating of IP54, while the case will get a IP55 rating. All of this for just €100.

With the Nothing Ear (a), the company will be releasing them in three colors – black, white, and yellow. The yellow color is meant to be more of an eco-friendly design for the Nothing Ear (a). But it’s unclear if the packaging will be eco-friendly, like being made from recycled paper and cardboard, just yet.


[ad_2]
Source link

Meta vs the FTC: Meta claims WhatsApp and Insta acquisition wasn’t monopolistic

andreasc
-
0
Meta vs the FTC: Meta claims WhatsApp and Insta acquisition wasn’t monopolistic
[ad_1]

Meta and the FTC are currently in a legal fight over whether or not Meta acquiring WhatsApp and Instagram was a monopolistic move. The FTC claims that the practice was indeed monopolistic, but Meta is trying to dismiss this claim, reports Android Headlines.

Meta tries to get the Federal Court to dismiss the FTC’s antitrust lawsuit


In the ongoing legal battle, Meta claims that Instagram and WhatsApp’s acquisition was to the benefit of consumers. The company has now filed a motion for summary judgment in its lawsuit against the US FTC. Basically what it is is an attempt to get the court to dismiss the case. Meta claims the FTC doesn’t have evidence to support its claims. Meta insists that it didn’t become a monopoly after acquiring WhatsApp and Insta. Also, the social media giant highlights that it is facing fierce competition from a multitude of other platforms like TikTok, X, YouTube, and Snapchat.

The second point Meta makes is that its acquisition of WhatsApp and Instagram has benefited consumers. As the company claims, it has spent “billions of dollars” and invested “millions of hours” to make both these apps better, more reliable, and more secure.

Back in 2021, DC District Court Judge James Boasberg accepted Meta’s motion to dismiss the FTC’s complaint, but the judge did give the FTC a chance to file an amended complaint which was then allowed to proceed.

Meta claims that in the FTC complaint, the market definitions are “unreasonably narrow”. It seems like the FTC has excluded platforms like TikTok and YouTube from the market it is focusing on. The market instead only includes Facebook, Insta, Snapchat, and MeWe, claims Meta.

It is now FTC’s turn to respond. As with any legal battle of the sort, these back-and-forth court filings may continue for months before a resolution is found.

Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master’s degree holder, enjoys reading, painting, and learning languages. She’s also a personal growth advocate, believing in the power of experience and gratitude. Whether it’s walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.


[ad_2]
Source link

Cisco IOS Vulnerability Allows DOS Attacks via Malicious Traffic

andreasc
-
0
Cisco IOS Vulnerability Allows DOS Attacks via Malicious Traffic
[ad_1]

Cisco recently fixed a high-severity vulnerability in Cisco IOS Software for Catalyst 6000 Series Switches, which could lead to a denial of service (DoS).

This high-severity vulnerability, which has a base score of 7.4 and is tracked as CVE-2024-20276, is triggered by improper handling of process-switched traffic. 

Cisco IOS (Internetwork Operating System) is a set of proprietary operating systems (OSes) that run on Cisco Systems hardware, such as routers, switches, and other network devices.

Cisco IOS comprises essential functionalities such as interface configuration, network management and monitoring, routing, security, switching, and quality of service (QoS).

Details Of The Cisco IOS Vulnerability

This Cisco IOS Software flaw for Cisco Catalyst 6000 Series switches could allow an unauthenticated, local attacker to force an unexpected reload on a vulnerable device.

The vulnerability stems from the improper handling of process-switched traffic.

An attacker may take advantage of this flaw by directing malicious traffic to a vulnerable device. 

If the exploit is effective, the attacker could trigger a denial of service (DoS) issue by forcing the compromised device to reload.

“An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition”, Cisco said in its advisory.

Affected Products

Suppose any of the following Cisco products are running a vulnerable version of the Cisco IOS software and have activated port security, device classifier, or authentication, authorization, and accounting (AAA). In that case, they are susceptible to this vulnerability:

  • Catalyst 6500 Series Switches with Supervisor Engine 2T or 6T
  • Catalyst 6800 Series Switches with Supervisor Engine 2T or 6T

Use the show running-config | include interface|port-security command to find out if a device has port security setup.

This vulnerability affects a device if port security is enabled on an interface.

Use the show running-config | include device classifier command to see if a device has device classifier configured.

The device is susceptible to this vulnerability if the command returns output.

Use the show running-config | include system-auth-control|interface|port-control|mab command to find out if a device is configured with AAA.

This vulnerability affects a device if AAA is enabled on the interface.

Products Not Vulnerable

The following Cisco products are unaffected by this issue, according to Cisco

  • IOS XE Software
  • IOS XR Software
  • Meraki products
  • NX-OS Software

Cisco has verified that the following Cisco IOS platforms are unaffected by this vulnerability:

  • Catalyst 1000 Series Switches
  • Catalyst 2000 Series Switches
  • Catalyst 3000 Series Switches
  • Catalyst 4000 Series Switches
  • Catalyst 9000 Series Switches

There are no workarounds to address this vulnerability. Users are encouraged to upgrade to the appropriate fixed software release to mitigate the risk posed by this vulnerability.

Cisco has made these updates free for customers with service contracts, accessible through their usual update channels.

For customers without service contracts, upgrades can be obtained by contacting the Cisco Technical Assistance Center (TAC), with the product serial number and the URL of the advisory as evidence of entitlement to a free upgrade.

Secure your emails in a heartbeat! Take Trustifi free 30-second assessment and get matched with your ideal email security vendor - Try Here


[ad_2]
Source link

The Galaxy Z Fold 6 may have the same camera from last year

andreasc
-
0
The Galaxy Z Fold 6 may have the same camera from last year
[ad_1]

Right now, we’re getting a tidal wave of new information surrounding Samsung’s upcoming Z Fold smartphone. While we expect these phones to be an improvement over last year’s model in several ways, it appears that one area of the phone will not see any change. According to reports, the Galaxy Z Fold 6 may have the same camera setup as last year’s foldable phone.

One area where Samsung’s Galaxy foldables haven’t been impressing audiences is the camera. These phones usually fall behind in the camera department, and this is something that people have commented on ever since the beginning. The cameras are never bad overall, but they’re always underpowered compared to the latest Galaxy S phone.

The main thing that annoyed people was the fact that the Galaxy foldable phones are so expensive compared to other flagship phones. So, it just feels weird having underperforming cameras on a nearly $2,000 phone.

The Galaxy Z Fold 6 might have the same cameras from last year’s foldable phone

Even though this news is coming from a notable leaker, you’ll still want to take this news cautiously. We’re not dealing with official information, and there’s always a chance that new information could arise before the official launch.

According to notable leaker Ice Universe, Samsung may fit the Galaxy Z Fold 6 with the same camera package present in the Galaxy Z Fold 5. It notes that everything could be the same from the main camera to the under-display camera.

Last year’s Galaxy Z Fold 5 (Review) had a 50-megapixel main camera sensor with an F/1.8 aperture, 10-megapixel 3x telephoto camera with an f/2.4 aperture, 12-megapixel ultrawide camera with an f/2.2 aperture, 10-megapixel external selfie camera with an f/2.2 aperture, and 4-megapixel under-display camera with an F/1.8 aperture.

The cameras on this phone were good, but they weren’t befitting of the high price tag. Well, it appears that the Galaxy Z Fold 6 will mirror these camera specs and be yet another step behind the top flagships of the year.

Better camera specs might come, but they could cost you

Along with rumors of the Galaxy Z Fold 6 coming, we’ve also been following rumors surrounding the Galaxy Z Fold 6 Ultra model. As the name suggests, it will be more powerful and more expensive than the standard Galaxy Z Fold 6 model. News about this Ultra model is still very scarce, so we don’t have much to go on. However, it’s possible that Samsung could fit better camera specs into the Ultra model and leave the standard model with last year’s specs.

We will have to wait for more information on that model.


[ad_2]
Source link
1...222223224...1,468Page 223 of 1,468