Generative AI is now almost everywhere and has been growing in popularity in the past year and a half. Almost all tech companies now have an AI bot and the features offered using Generative AI on phones are growing as we speak.
However, a report from Axios states that the US Congress isn’t particularly fond of Microsoft’s solution, Copilot. It has reportedly banned the AI app for members of the House over security concerns.
US Congress reportedly bans Copilot for members of the House citing security concerns
Reportedly, Congress’ Chief Administrative Officer, Catherine Szpindor, stated that Copilot is “unauthorized for House use” because of security concerns. Basically what this means is that the AI may leak information shared by House staff.
Meanwhile, Microsoft stated that they are working on government-friendly AI solution that would be able to meet strict security requirements. Reportedly, once this version is ready Congress will be checking it out and deciding whether to allow it for use or not. Last June, the House restricted staff members from using ChatGPT. They are allowed to use the paid version, but the free version is banned.
Microsoft Copilot is a helpful generative AI tool that also has a paid version. The paid version can be integrated with Word, Excel, Outlook, and PowerPoint. For now, though, congressional staff is banned from using it. If it were to leak government data, that would be a huge risk and could potentially cause enormous issues to arise.
Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master’s degree holder, enjoys reading, painting, and learning languages. She’s also a personal growth advocate, believing in the power of experience and gratitude. Whether it’s walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.
The DoD DIB Cybersecurity Strategy is a three-year plan (FY24-27) to improve cybersecurity for defense contractors that aims to create a secure and resilient information environment for the Defense Industrial Base (DIB).
It will be achieved through collaboration between DoD and DIB, focusing on four key goals: strengthening DoD’s cybersecurity governance, enhancing contractor cybersecurity posture, ensuring critical capabilities are cyber-resilient, and improving collaboration with the DIB.
The strategy is in line with national strategies and makes use of the National Institute of Standards and Technology’s Cybersecurity Framework.
FY 2024 – 2027 DoD DIB Cybersecurity Strategy
DoD relies on the DIB to develop advanced technologies and maintain critical infrastructure, as DIB companies are vulnerable to cyberattacks from foreign adversaries and non-state actors, which could result in unauthorized access to sensitive data and disruption of critical business operations.
DocumentRun Free ThreatScan on Your Mailbox
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
The DoD has established a multi-pronged approach to improving DIB cybersecurity, including collaboration with industry associations and public-private partnerships.
The strategy will inform future updates to DoD’s DIB cybersecurity plan and focus on protecting DoD information, ensuring DIB supplier continuity of operations, and making the DIB more cyber-secure.
Current DoD and DIB Cybersecurity Efforts
The Department of Defense (DoD) will strengthen its governance structure for Defense Industrial Base (DIB) cybersecurity by fostering collaboration among stakeholders and developing regulations.
It includes establishing a DIB Cybersecurity Executive Steering Group (ESG) to coordinate policies and a DoD DIB Cybersecurity Program to implement a DoD-wide strategic approach.
It also works with DIB and interagency stakeholders to improve information sharing and develop a governance framework for subcontractor cybersecurity by improving the cybersecurity posture of the Defense Industrial Base (DIB) through a number of initiatives.
The initiatives include requiring DIB contractors to implement cybersecurity best practices and undergo assessments, sharing threat intelligence with DIB contractors, and improving the ability to recover from cyberattacks.
It will also work with DIB contractors to evaluate the effectiveness of cybersecurity regulations and policies.
DoD DIB Cybersecurity Strategic Alignment
The Department of Defense needs to prioritize the cybersecurity of critical Defense Industrial Base (DIB) production capabilities, which is achieveable by working with the DIB Sector Coordinating Council (SCC) to identify critical suppliers and facilities and setting clear policies on cybersecurity for them.
The DoD, as the Sector Risk Management Agency (SRMA) for the DIB, should focus government-led protection efforts on these critical assets, which will ensure that limited resources are directed towards the most impactful activities.
According to the Media Defense, DoD will collaborate with DIB to improve cybersecurity posture by leveraging commercial cybersecurity service providers, improving communication channels, and expanding information sharing.
NSA will share threat intelligence with DIB, and DIB SCC will collaborate with DoD to improve information sharing and also develop cyber incident scenarios and response playbooks to improve DIB’s resilience.
NIST Cybersecurity Framework 2.0 Core
The DoD DIB Cybersecurity Strategy outlines a collaborative effort between DoD and DIB to strengthen cybersecurity posture, which emphasizes information sharing, education, and baseline security requirements.
DoD will leverage expertise from the NSA, DC3, and USCYBERCOM to improve detection and response, which aims to continuously improve DIB cybersecurity through collaboration and resource coordination by ensuring the resilience of critical defense suppliers and producers against evolving cyber threats.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Nubia showed off its first flip phone at MWC 2024. At the time, we had no idea whether the device would actually launch in Europe. Well, we’re glad to say it will. The Nubia Flip 5G will launch in Europe on April 9, the company has confirmed.
The Nubia Flip will launch in Europe on April 9
The press event will kick off at 1 PM CET / noon BST / 7 AM EST / 4 AM PST. If you’re interested in getting the device, you can get a €15 discount. All you have to do is sign up for emails on the official Nubia Flip event website. You will also be eligible to win a free Nubia Flip if you do that.
The Nubia Flip is made out of metal and glass, and it has a circular cover display on the back. There is also a black circle around it which hosts the phone’s main cameras. That circle reminds us of some of HONOR’s designs, to be quite honest, like the HONOR Magic6 Lite.
On the inside, you’ll find a large display with a centered display camera hole. That display is, of course, flat, and the phone folds right down the middle. The sides of the device are flat, and all the physical buttons sit on the right-hand side.
The phone has a 6.9-inch OLED display with a 120Hz refresh rate
The Nubia Flip features a 6.9-inch 2790 x 1188 OLED display with a 120Hz refresh rate. That is its main panel. The cover display measures 1.43 inches, and it has a resolution of 466 x 466.
A 50-megapixel main camera sits on the back, and it’s backed by a 2-megapixel depth unit. A 16-megapixel camera is included on the main display. The phone has been certified for 200,000 folds, by the way.
33W wired charging is supported, while the Snapdragon 7 Gen 1 fuels the device
The Nubia Flip has a 4,310mAh battery, and it supports 33W wired charging. Wireless charging is not supported here, in case you were wondering. The phone is fueled by the Snapdragon 7 Gen 1 chip.
Despite the fact the phone hasn’t launched yet, we already know what to expect on the pricing side of things. The Nubia Flip will set you back $599 should you choose to be it. That makes it one of the most affordable foldable smartphones on the market.
The Nubia Flip will arrive in Black and Gold colors. We still don’t know in which markets exactly will it become available, though.
TikTok’s critics often highlight the difference in the way the virulent app behaves and operates in the Far East and in the west. Namely, there are grave concerns with the “western” TikTok’s algorithm and the content it feeds to kids and young users.
Now, TechCrunch reports that TikTok is bringing its dedicated STEM feed to Europe – meaning that the popular short video app will be more educational (in theory).
The ByteDance-owned company announced the expansion of its specialized STEM (science, technology, engineering and mathematics) feed to Europe, beginning with the UK and Ireland. This initiative first took off in the US last year.
For users under 18, the STEM feed will be displayed automatically along with the “For You” and “Following” feeds. Those users that are past the age of 18 can activate the STEM feed through the app’s “content preferences” feature, which offers English-language content with auto-translate subtitles.
Since its US debut, 33% of TikTok users have activated the STEM feed, with a third of teenagers accessing it weekly. The US has witnessed a 24% increase in STEM content since the feed’s introduction. Globally, TikTok hosts nearly 15 million STEM-focused videos, posted over the last three years.
This development follows criticism of TikTok for exposing young users to potentially harmful content and accusations of using design tactics that promote virtual addiction. The European Union, in February, began an inquiry to determine if TikTok violates the Digital Services Act by allowing minors access to unsuitable content and encouraging addictive behaviors.
Ransomware, initially a Windows threat, now targets Linux systems, endangering IoT ecosystems.
Linux ransomware employs diverse encryption methods, evading traditional forensics.
Still developing, it shows potential for Windows-level impact. Early awareness allows for assessing IoT security implications.
The following cybersecurity analysts from Edinburgh Napier University recently unveiled live forensic techniques to detect ransomware infection on Linux machines:-
Salko Korac
Leandros Maglaras
Naghmeh Moradpoor
Bill Buchanan
Berk Canberk
Live Forensic Techniques Ransomware
However, the increased use of IoT technologies has brought about interconnected devices without man’s intervention making them susceptible to ransomware attacks, especially in Linux-based IoT systems.
DocumentRun Free ThreatScan on Your Mailbox
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
Although there have been efforts against paying ransomware and shifting cyber-criminal activities due to political issues, ransomware is still a significant concern with new ways of evading countermeasures.
Due to this reason proactive security measures are necessarily vital in protecting the IoT environments from this growing threat.
Response chain (Source – Arxiv)
There 24 major execution experiments were performed with retest across 12 combinations, involving three samples of ransomware on two Linux OS with two permission levels.
In balancing realism and effort, virtual machines simulated cloud environments to external memory dumps and network captures without the ransomware being detected.
Originally designed to be very realistic, the initial design led to lengthy forensic investigations that called for retesting environments to validate unforeseen results as well as removing disturbing elements.
Playbook for experiment execution (Source – Arxiv)
Replacing the Windows ransomware’s lateral movement and encryption of file shares and web server files that also provide user logins, Linux ransomware was not able to achieve very damaging results.
User files were encrypted by Cl0p and Icefire, thereby disabling GUI logins, while Blackbasta malware was aimed at /vmfs/volumes.
Most importantly, none of them used administrative permission adequately, hence MySQL/Sybase, SSH, FTP, or any Samba sharing were all left unharmed although they had been running as root.
Contrary to this approach, in companies where external storage is preferred to be on home or root directories, it might have resulted in less observable impact.
Ransomware activities exhibited by Linux are determined by those observed in Windows.
The research provides insights into the implications of Linux ransomware for the IoT industry.
Instead of encrypting data, criminals may block operations temporarily until payment is made through cyber-attacks on IoT gadgets.
Linux ransomware requires a lot of work and doesn’t scale well as it has to be specifically developed for each individual target, unlike modular Windows variants.
IoT solutions with strong security and low market visibility have less threat. The most scalable among these can attack either endpoints, gateways, or cloud infrastructure.
Further discoveries indicate that encryption techniques like RC4, ChaCha20 as well as AES are used by attackers which makes live forensics challenging compared to Windows platforms.
Recommendations
Presently, Linux ransomware causes limited harm, but it is expected to change in the future.
Risk management measures are suggested to secure Linux systems to enable risk evaluation and mitigation in the IoT industry.
Here below we have mentioned the recommendations:-
Avoid HOME directories
Separate and restrict permissions and data access
Avoid using privileged users
Focus on identifying backdoors
Shut down first
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
ChatGPT, the world-changing, AI-driven chatbot, can now be accessed instantly, without the need to create an account or sign in. The OpenAI Foundation, the organization behind the popular AI engine, announced on Monday that it’s starting to make the chatbot available to users around the globe without any need to sign in.According to OpenAI, this move aims to “make tools like ChatGPT broadly available so that people can experience the benefits of AI.” There’s a hidden benefit for the company as well.
More users means more training data for the AI algorithm, and more people could potentially decide to subscribe to the premium ChatGPT-4 version once they get a taste of how powerful modern AI is.
We tested the open access here in PhoneArena and found out that it’s still not available in Bulgaria, but our good friends at Engadget confirmed that the instant access to the GPT-3.5 works in the States. We’re talking about a gradual rollout, so if you, just like us, don’t have the option available yet, try again later (as disappointing as this may sound).
There’s a safety concern with users that don’t need to sign in, and OpenAI says it takes it seriously. The company will block more prompts in suspicious and dubious categories in order to prevent misusing the AI model. “We’ve also introduced additional content safeguards for this experience, such as blocking prompts and generations in a wider range of categories,” reads part of the official announcement.
You can opt-out of training the AI model
By the way, non-signed in users can also opt out of sharing their prompts for training purposes, they need to select the question mark next to the text box and go to Settings, then toggle the switch saying Improve the model for everyone.”
“More than 100 million people across 185 countries use ChatGPT weekly to learn something new, find creative inspiration, and get answers to their questions,” writes OpenAI in the blog post. We would argue that some of these use the language model to slack off and get the AI slave to do some work for them, but we don’t have enough information to predict how this would impact humanity. Just be careful how you treat your future AI overlord!
Veracode, a leading provider in the cybersecurity space, has officially announced its acquisition of Longbow Security.
This strategic move is poised to revolutionize how organizations manage and mitigate risks in multi-cloud environments, offering a unified solution to the complex challenges of today’s digital landscape.
The digital era has ushered in rapid innovation and transformation across industries, compelling organizations to adopt DevOps methodologies and leverage open-source technologies.
However, this shift towards accelerated deployment across multi-cloud environments has introduced many security challenges.
Security teams are often inundated with alerts from numerous tools, each providing a fragmented view of the risks.
This alert fatigue, coupled with the cognitive overload experienced by engineering teams, underscores the urgent need for a comprehensive solution that offers a singular view of risk.
A Unified Solution for Cloud-Native Environments
Veracode’s acquisition of Longbow Security is a game-changer in application security.
DocumentRun Free ThreatScan on Your Mailbox
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
Longbow Security, renowned for its pioneering approach to security risk management in cloud-native environments, brings to the table an innovative platform that promises to close the gap in risk visibility.
This merger synergizes Veracode’s best-in-class application security capabilities with Longbow’s expertise in cloud-native risk management, delivering a continuous, holistic view of an organization’s application security posture.
Key Benefits of the Veracode-Longbow Integration
The integration of Veracode and Longbow Security introduces a suite of benefits designed to empower security teams and developers alike:
Unified Visibility: Organizations can now gain comprehensive insights into risks across applications, code, and cloud, enabling them to address critical vulnerabilities effectively.
Orchestrated Remediation: Leveraging Veracode’s AI-driven capabilities, teams can prioritize and efficiently remediate issues from code to the cloud.
Actionable Insights: The ‘Best Next Action’ advice feature facilitates root cause analysis, guiding customers towards the most effective remediation strategies.
Continuous Monitoring and Assessment: Real-time vulnerability discovery across application portfolios and runtime environments ensures that organizations clearly understand their security posture.
Addressing the Challenge of Security Debt
In today’s fast-paced digital environment, 71 percent of organizations are grappling with security debt—flaws in applications that remain unaddressed for over a year.
The Veracode-Longbow integration offers a robust solution to this pervasive issue, enabling teams to rationalize security risk across their tools and prioritize remediation at scale.
Veracode’s acquisition of Longbow Security is more than just a merger; it’s a testament to Veracode’s unwavering commitment to advancing cloud-native application security.
By expanding its platform capabilities with Longbow’s industry-defining risk management solutions, Veracode will empower its customers to navigate the evolving threat landscape with unprecedented confidence.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Xiaomi is planning to push out the HyperOS update to a bunch of devices in Q2 2024, and we have a full list. Do note that we’re talking about a global HyperOS update here, and the news is official.
Before we get down to it, do note that HyperOS is here to replace MIUI. This is Xiaomi’s new Android-based OS, though it is very similar to MIUI. Xiaomi is going with different naming now, however, and it did make some changes, but you’ll be right at home if you’ve used MIUI in the past.
Xiaomi’s HyperOS update is coming to a bunch of global units in Q2 2024
Xiaomi has listed 13 (series of) devices here, all but one are smartphones. The Xiaomi 11 Ultra and Xiaomi 11T Pro will be getting the update. The same goes for the Xiaomi Mi 11X, Xiaomi 11I HyperCharge, Xiaomi 11 Lite, and the Xiaomi 11i.
The update will also be rolling out to the Xiaomi Mi 10, Redmi K50i, Redmi 13C series, and Redmi 12. The Redmi 11 Price 5G will also be getting it, and the same goes for the Redmi Note 11 Series. Those were all smartphones, but the Redmi Pad 5 will also be getting the update in Q2 2024.
The update already rolled out to a bunch of global Xiaomi devices
The HyperOS update has already rolled out to a bunch of Xiaomi smartphones thus far. Those devices include the Xiaomi 13 Pro, Xiaomi Pad 6, Xiaomi 12 Pro, Redmi Note 13 5G, Redmi Note 13 Pro 5G, Redmi Note 13 Pro+ 5G, and more. You can check out the entire list below.
Once the update is available to your device, your phone/tablet will let you know. You can, of course, check manually too, if you’d like. That way you may be able to update sooner than you’d usually be able to, as the phone doesn’t ping for updates as often.
If you’d like to check manually, open the Settings on your phone, and go to About Phone. There you’ll want to tap the System updates option.
YouTube Shorts has become a major participant in the constantly changing online content creation scene by providing producers with new opportunities for engagement and revenue. According to recent statistics, many of YouTube’s paid producers are currently utilizing the Shorts feature, highlighting the tool’s expanding popularity and potential for generating income.
Furthermore, the latest statistics released by YouTube claim that Shorts is currently generating revenue for about 25% of its compensated artists. With the introduction of the short-form video format in response to the growing popularity of platforms such as TikTok, this number demonstrates the format’s quick acceptance and success.
With over 3 million producers enrolled in YouTube’s ad-sharing service, there are around 750,000 developers of Shorts overall. While YouTube does not disclose the exact breakdown of how much it has paid Shorts creators, it is clear that Shorts has contributed significantly to the $70 billion paid out to creators over the last three years.
Remarkably, the majority of YouTube Shorts producers make money from other YouTube channels. According to Taylor, around 80% of creators who were qualified for YouTube’s Partner Program through Shorts are now making money from long-form videos and fan fundraising on the site.
How is YouTube Shorts empowering paid creators?
Vertical films up to 60 seconds long, known as “shorts,” provide producers with a quick and engaging method to engage their audience. Content creators of all stripes have a lot of creative options with Shorts’ features like text overlays, filters, and music integration.
Shorts can be profitable through YouTube’s Partner Program, which allows eligible creators to earn money from advertising, channel subscriptions, and Super Chat donations. By including Shorts into this structure, YouTube has enabled creators to more effectively market their short-form content, helping them to diversify their sources of income.
Numerous elements have contributed to Shorts’ success. First off, the fact that it is integrated into the YouTube platform guarantees exposure to a wide range of users, giving producers the chance to expand their subscriber base and reach new viewers. Furthermore, short-form material is particularly enticing to both artists and consumers due to its simplicity of creation and consumption.
Additionally, YouTube has aggressively promoted the production of Shorts by launching many programs, such as the Shorts Fund, which gives money to producers of excellent material. This investment guarantees a consistent flow of entertaining and inventive material for viewers to enjoy in addition to motivating producers to prioritize Shorts.
Google today agreed to settle a class action lawsuit (via TheVerge) originally brought in 2020 by Google account holders who accused the company of continuing to track their actions online even when they were browsing using Incognito mode while using Chrome. With Incognito mode, according to Google, “none of your browsing history, cookies and site data, or information entered in forms are saved on your device. This means your activity doesn’t show up in your Chrome browser history, so people who also use your device won’t see your activity.”
Here’s an example of what Incognito mode can do for you. Suppose you went online and bought your wife a present from “Yohann’s House of Very, Very Expensive Diamond Necklaces.” If you bought the gift while in Incognito mode, she wouldn’t be able to snoop around on your phone and discover that you visited Yohann’s online store while using Chrome. This way, you can really surprise her when you give her the necklace.
Google says that it never associated the data it collected from Incognito mode with individuals
While your wife or anyone else going through your phone can’t see the websites you visited on Chrome while you had Incognito mode enabled, guess who does collect some data? If you guessed Google, you got it right. Google spokesperson José Castañeda did say that the company never individualized the data it collected. He said, “We never associate data with users when they use Incognito mode. We are happy to delete old technical data that was never associated with an individual and was never used for any form of personalization.”
Google was collecting data from users browsing in Incognito Mode
Now you might be rubbing your hands with glee expecting another class action payout that perhaps you can grab a part of. Sorry guys and gals. Even though the plaintiffs had asked for $5 billion, they are receiving bupkus (zero) said Castañeda because the settlement did not include any damages for the class. However, members of the class are allowed to file individual suits against Google.
Back in December, news of the settlement was originally released but the actual terms of the settlement hadn’t yet been filed with the court and made public until now. It turns out that the Plaintiffs insisted that they keep their individual rights to sue Google for damages. That is why the settlement doesn’t include a payout to the Plaintiffs.
Google did agree to make some changes to its Incognito mode
Google did agree to rewrite its disclosures to say that the company does collect private browsing data and must include this on the splash screen that appears at the start of every browsing session in Incognito mode. The court filing also says, “Google must delete the private browsing detection bits that Plaintiffs uncovered, which Google was (twice) sanctioned for concealing. As a result, Google will no longer track people’s choice to browse privately.”
Some say that Google’s Incognito mode icon reminds them of Breaking Bad’s Walter White
For the next five years, Google must also make a change to Incognito mode that allows users to block third-party cookies by default. The settlement notes that “This change is important given Google has used third-party cookies to track users in Incognito mode on non-Google websites. This requirement ensures additional privacy for Incognito users going forward while limiting the amount of data Google collects from them.”
A hearing will be held on July 30th in front of Judge Yvonne Gonzalez Rogers of the United States District Court for the Northern District of California. If the judge is happy with the settlement, she will sign off on it at this time.
The icon used by Google to indicate Incognito mode reminds many of the Walter White character on one of the most amazing television series of all time, “Breaking Bad” which explains the headline. Of course, having to explain this takes away from some of the amusement that this writer might have normally felt otherwise.
