Samsung plans slimmer foldables, as thin as Galaxy S models

andreasc
-
0
Samsung plans slimmer foldables, as thin as Galaxy S models
[ad_1]

Samsung plans to make its foldables as thin as its Galaxy S flagship smartphones. TM Roh, the company’s head of mobile division, has reportedly tasked engineers with developing an ultra-thin foldable with a similar thickness as the Galaxy S24 series. It is already readying a 10mm Galaxy Z Fold 6 Ultra/Slim for later this year.

Samsung aims to make foldables as thin as other smartphones

At 12.1mm, Samsung’s new Galaxy Z Fold 6 is substantially thinner than the Fold 5 (13.4mm). It also weighs 14 grams less, down from 253 grams to 239 grams. However, it is still too thick in front of the competition. HONOR recently launched the Magic V3 with a thickness of just 9.2mm, making it the world’s slimmest foldable phone yet. When unfolded, the HONOR foldable is just 4.35mm thick, against Fold 6’s 5.6mm.

Other Chinese companies have also launched slimmer foldables than Samsung. The Korean firm plans to combat those with its Galaxy Z Fold 6 Slim/Ultra. As stated above, it’s expected to measure around 10mm when folded. The company might launch it only in China and its home country South Korea. For the rest of the world, the Fold 6 is its only big foldable this year. Those who prefer a clamshell foldable have the Galaxy Z Flip 6.

Samsung made the Galaxy Z Fold 6 Ultra/Slim slimmer by removing the S Pen digitizer from the display assembly. In other words, it dropped S Pen support. It also made the device wider to fit sizeable batteries and bigger displays. Rumors say the new foldable will feature better cameras too. However, its main USP is its slim profile. The lack of S Pen support is a bummer but Samsung had to make a compromise somewhere.

However, in the future, Samsung’s regular foldables might be as thin as the Chinese versions. According to the Korean media, the company is in talks with component suppliers to slim down everything, from the batteries and cameras to displays and the hinge. The ultimate goal is to reduce the thickness to Galaxy S levels. This year’s Galaxy S24 Ultra is 8.4mm thin, while the Galaxy S24 is 7.6mm and the Galaxy S24+ is 7.7mm thin.

Curated content for foldables, including optimized games

Samsung aims to make foldables mainstream. The foldable category accounted for only 1.6% of the global smartphone market last year, and 16% of the premium segment (priced $600 and higher). The goal is still too far and maybe achievable only with a slimmer design and curated content. Samsung is already working with game publishers to optimize existing games and develop customized games for the Fold and Flip screens. Hopefully, durability improvements are also on its agenda for future foldables.


[ad_2]
Source link

Spotify rolls out beta AI DJ in Spanish for Premium users

andreasc
-
0
Spotify rolls out beta AI DJ in Spanish for Premium users
[ad_1]

Spotify’s AI DJ feature has been available for almost a year in 50 markets across the world, but only in English – that’s set to change! Spotify Premium users around the globe are getting AI DJ in Spanish, the music streaming giant announced.

Launched in 2023, Spotify’s AI DJ is a feature that utilizes artificial intelligence to act like a DJ: it speaks to you between songs, spits out song and favorite artist facts, or evokes a fond memory while listening to a nostalgic track.

The goal is for Spotify users to ditch the habit of replaying the same 12 songs for years; instead, the DJ listeners hear commentary alongside personal music recommendations: thus, they’re more willing to try something new or listen to a song they may have otherwise skipped.

The impact of the Spanish language within music culture is undeniable—from the popularity of Latin artists on our platform to the power of music in breaking down language barriers. We have millions of Spanish-speaking listeners on Spotify, many of whom have been taking to social media to ask about DJ. In fact, over the last few months, we’ve seen an over 215% increase in social conversation around DJ in Spanish. Rolling out DJ in Spanish was a natural next step in the evolution of the product, and we’re excited for the world to meet Livi, the voice of DJ in Spanish.


–Spotify Newsroom, July 17, 2024

Who’s Livi?


To create the voice model for the DJ in Spanish, Spotify enlisted their own Senior Music Editor, Olivia “Livi” Quiroz Roa, a Spotify music editor based in Mexico City who has spent her entire career in the music industry.In her day job, Livi curates popular playlists on the platform.

After an extensive international casting call, Livi’s voice resonated the most with users.

How to get started with DJ in Spanish


The Spanish-speaking voice will be available for Premium listeners in markets where DJ is currently available. It is expanding to Premium users in Spain and across select markets in Latin America, including Argentina, Bolivia, Chile, Colombia, Costa Rica, Dominican Republic, Ecuador, El Salvador, Guatemala, Honduras, Mexico, Nicaragua, Panama, Paraguay, Peru, Uruguay, and Venezuela. As long as you’re using Spotify Premium in a market where DJ is available, here’s how you can find it:
  • Head to the Search tab on Spotify.
  • Search “DJ.”
  • Press play and let your personalized DJ do the rest.
  • To switch languages, simply tap the three-dot menu within the DJ card and choose between English or Spanish.

The new commenting feature


This isn’t the only new feature from Spotify lately.

Less than two weeks ago, the streaming service rolled out Comments for podcasts and a revamped mobile app for podcasters. The new tools aim to deepen engagement between podcasters and listeners and the interactive features like Q&A and polls have seen significant engagement, with over 9 million users participating.


[ad_2]
Source link

MuddyWater Hackers Deploy Legitimate RMM With BugSleep Malware

andreasc
-
0
MuddyWater Hackers Deploy Legitimate RMM With BugSleep Malware
[ad_1]

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has escalated its phishing campaigns in Middle East countries, specifically Israel.

In their approach, they use already compromised email accounts to spread malicious content across various sectors.

Predawn churning of curd formed overnight using fresh cow milk. Made freshly in small batches.

Recent attacks have featured generic, English-language lures such as webinar invitations, which promote reuse on a wider scale.

Cybersecurity researchers at CheckPoint recently identified that MuddyWater hackers have been deploying legitimate RMM with BugSleep malware.

The BugSleep is a custom backdoor that uses legitimate Remote Management Tools (RMMs).

Their strategies are becoming more sophisticated with customized lures for certain industries and Malicious files hosted on legitimate file-sharing services like Egnyte that show how adaptable they can be while keeping their MuddyWater signatures intact.

MuddyWater new infection chain (Source – CheckPoint)

MuddyWater, a hacker group, is said to have been using Egnyte subdomains for cyber attacks involving phishing and aimed at various industries in different countries.

They have also introduced new BugSleep malware to replace certain legal uses of remote monitoring and management (RMM) tools.

Notable phishing campaigns (Source – CheckPoint)

BugSleep applies evasion techniques, encrypts communications, and can carry out multiple commands from its C&C server.

The malware has signs of ongoing development including different versions and some coding inconsistencies while using process injection for persistence, scheduled tasks, and attempts to evade EDR solutions.

Due to these implementation lapses, BugSleep poses a significant threat, especially for organizations based in Israel, Turkey, Saudi Arabia, India, and Portugal, which may have connections to operations conducted in Azerbaijan and Jordan.

Map of targeted countries (Source – CheckPoint)

The group’s enhanced phishing campaigns have been encouraged by the introduction of BugSleep.

Besides this, MuddyWater’s increased activity in the Middle East, especially in Israel, demonstrates their persistence and evolving tactics, researchers said.

Targeting diverse sectors like municipalities, airlines, and media, the group has simplified its lures, shifting from highly customized to generic themes in English. 

This alteration will enable broader regional impact rather than specific targeting with more attacks in volume, indicating their strategy adjustment.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.


[ad_2]
Source link

Meta halts AI tools in this country because of “imminent risk of damage” to “fundamental rights”

andreasc
-
0
Meta halts AI tools in this country because of “imminent risk of damage” to “fundamental rights”
[ad_1]

Brazil and its 200-million population won’t be subjected to some of Meta’s AI tools, after the company decided to pause the use of such generative AI tools there. That’s in response to a government’s objection to Meta’s privacy policy regarding personal data and AI.

In June, Meta held an event in São Paulo to launch its first AI-driven ad targeting program for businesses on WhatsApp. With a population exceeding 200 million, Brazil is a key market for Meta. For example, the country is the second-largest user base for WhatsApp, Meta’s popular messaging service, after India.

Earlier this month, Brazil’s National Data Protection Authority (ANPD) suspended Meta’s new privacy policy for using personal data to train generative AI systems. ANPD ruled that Meta must amend its privacy policy to exclude the processing of personal data for generative AI training.

This decision follows ANPD’s immediate suspension of Meta’s new privacy policy, announced two weeks prior. The suspension, published in Brazil’s official gazette on Tuesday, halts the processing of personal data across all Meta products, affecting even non-users of Meta’s platforms.

ANPD warned of a daily fine of 50,000 reais (approximately $8,836) for non-compliance, citing “imminent risk of serious and irreparable or difficult-to-repair damage to the fundamental rights of affected holders”.

Meta expressed disappointment in ANPD’s decision, calling it a “setback for innovation” that will delay the benefits of AI for Brazilians. Meta is required to revise its privacy policy and officially confirm the suspension of personal data processing for AI training.

In a statement, Meta said it is suspending its AI tools while negotiating with ANPD to resolve concerns about generative AI.


[ad_2]
Source link

New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites

andreasc
-
0
New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites
[ad_1]

HTTP Request Smuggling is a flaw in web security that is derived from variations in the way different web servers or intermediaries, such as load balancers and proxies handle HTTP request sequences.

By creating malicious HTTP requests that exploit these inconsistencies, an attacker can control the order in which requests are processed, possibly resulting in unauthorized access, circumvention of security controls, session hijacking, or injection of malicious content into responses meant for other users.

This flaw is based on differences in the interpretation of start and end points for HTTP requests, which helps the server process them incorrectly.

Cybersecurity researchers at BugCrowd recently in a collaborative effort by Paolo Arnolfo (@sw33tLie), a hacking enthusiast passionate about server-side vulnerabilities, Guillermo Gregorio (@bsysop), a dad superhero and skilled hacker, and █████ (@_medusa_1_), a stealthy genius unveiled key insights about HTTP Request Smuggling.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

New TE.0 HTTP Request Smuggling

While cloud hosting offers security benefits, unknown HTTP Request Smuggling vectors can still pose significant threats. 

A recent discovery affected thousands of Google Cloud-hosted websites using their Load Balancer, compromising various services, including Identity-Aware Proxy. 

Researchers employ differential testing tools like http-garden for local servers and “spray-and-pray” techniques on bug bounty programs for cloud infrastructures to uncover such vulnerabilities. 

Tools like bbscope can generate extensive target lists for vulnerability research, highlighting that HTTP Request Smuggling remains a widespread and under-researched security issue.

TE.0, a new HTTP request smuggling variant, was discovered to be affecting Google Cloud’s Load Balancer.

The technique, which is similar to the CL.0 variant but uses Transfer-Encoding, enabled mass 0-click account takeovers on susceptible systems.

Attack flow (Source – BugCrowd)

It affected thousands of targets, including those protected by Google’s Identity-Aware Proxy (IAP), and it was widespread among Google Cloud-hosted websites that were set to default HTTP/1.1 rather than HTTP/2.

This discovery shows how HTTP Request Smuggling techniques keep evolving and why constant security research is crucial in cloud infrastructures.

TE.0 HTTP Request Smuggling vulnerability affected Google’s Load Balancer and compromised Google Identity-Aware Proxy (IAP), a key feature of Google Cloud’s Zero Trust security.

This flaw made it possible to bypass the strict authentication and authorization measures of IAP consequently violating its principle “never trust, always verify.”

The flaw allowed site-wide redirects as well as malicious use of application-specific widgets which could have led to severe security breaches.

All TE.0 attacks were able to evade IAP protection though not all had serious consequences.

Google admitted this after initial reporting challenges, demonstrating that fixing loopholes in cloud infrastructure is a complex problem.

Here below we have mentioned the disclosure timeline:-

Disclosure timeline (Source – BugCrowd)

Google Cloud’s infrastructure was discovered to have a significant vulnerability due to persistent attempts to hack through the web application by using HTTP request smuggling techniques.

Research motivated by curiosity which resulted in a big check and a lesson that cyber security highlighted the value of creative thinking.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.


[ad_2]
Source link

TikTok’s appeal to not be considered ‘gatekeeper’ by the EU gets dismissed

andreasc
-
0
TikTok’s appeal to not be considered ‘gatekeeper’ by the EU gets dismissed
[ad_1]

In an attempt to make the internet space more competition-friendly, the EU with the DMA (Digital Markets Act) has established a so-called “gatekeepers” list, and TikTok is one of the companies included in it.

Being listed as a gatekeeper requires you to meet a series of requirements to ensure the space is competition-friendly. TikTok’s parent company, ByteDance, has appealed the inclusion of TikTok in the list. But now, this appeal has been dismissed.

Examples of requirements that ‘gatekeeper’ services need to meet under the DMA are, for example, messaging services to support interoperability with other messaging services. Or, OS developers to let users choose which apps to pre-install, and not to favor their own services and apps over those of third parties.

To be considered a ‘gatekeeper’, the service needs to have a specific number of users, market capitalization, and to be influential among people.

TikTok was one of the first services listed as a ‘gatekeeper’, and ByteDance appealed. However, the General Court of the EU has now ruled that the company meets the conditions for a gatekeeper.

TikTok was arguing that appointing gatekeepers was to protect emerging services from dominant companies but TikTok didn’t have a comparable position to others in the gatekeepers list. The list also includes giants such as Amazon, Alphabet, Apple, ByteDance, Meta, and Microsoft.

The rules from the DMA indicate that services with more than 45 million monthly users and a capitalization of more than 75 billion euros in the EU are to be considered gatekeepers. TikTok meets these conditions, and it also has an influence on people.

ByteDance can still try to defend itself despite its appeal being dismissed. To do so, the company needs to take the case to the Court of Justice of the European Union (CJEU). This will be the last chance for the company to evade the gatekeeper list.

Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master’s degree holder, enjoys reading, painting, and learning languages. She’s also a personal growth advocate, believing in the power of experience and gratitude. Whether it’s walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.


[ad_2]
Source link

Cybercriminals Exploit Attack on Donald Trump for Crypto Scams

andreasc
-
0
Cybercriminals Exploit Attack on Donald Trump for Crypto Scams
[ad_1]

Researchers at Bitdefender Labs remain ever-vigilant, informing users about the latest scams and internet perils that threaten their security and finances.

The latest discovery involves cybercriminals exploiting an alleged assassination attempt on former US President Donald Trump to conduct extensive crypto-doubling schemes.

Stream-Jacking Attacks on YouTube

Stream-jacking attacks on YouTube, where hijacked channels are used to promote fraudulent schemes, are not new. However, cybercriminals continue to refine and adapt their tactics to maximize their reach and success.

In a recent development, threat actors have leveraged the assassination attempt against Donald Trump to lure unsuspecting victims into their crypto-doubling scam.

The Mechanics of the Scam

Bitdefender researchers have identified dozens of hijacked YouTube channels that have been broadcasting deep fake live streams featuring Elon Musk since July 16. These streams purport to reveal insights into the assassination attempt on Trump.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

While the videos do not mention the incident, the channel descriptions provide additional context, falsely linking Elon Musk to political support for Trump.

One such description reads, “Elon Musk plans to provide about $45 million a month to a new political committee supporting former US leader Donald Trump as part of the presidential campaign #Tesla #Musk #Trump.

“Another hijacked channel description states, “Former President Donald Trump was the target of an apparent assassination attempt Saturday at a Pennsylvania rally, just days before he was to accept the Republican nomination for a third time.

Amidst a barrage of gunfire, a bloodied Trump, who reported being shot in the ear, was surrounded by Secret Service and hurried to his SUV, all while defiantly pumping his fist.

Trump’s campaign has since stated that the presumptive GOP nominee is doing ‘fine’ after the shooting, which pierced the upper part of his right ear.

The incident set off panic at the rally, with many attendees seeking cover from the unexpected violence. Billionaire Elon Musk reacted to the incident, stating Saturday evening that he ‘fully’ supports Donald Trump.

Musk’s statement has added a new dimension to the unfolding events, hinting at potential political endorsements in the upcoming election. #Tesla #Musk #Trump.”

Hijacked Channels and Deepfake Videos

Not all hijacked YouTube channels have changed their names, but some have been renamed “Tesla” or “Donald Trump Jr.”

The threat actors have stripped these channels of their original content and begun livestreaming the same deepfake video promoting crypto-doubling offers under titles like “Elon Musk Reveals Insights on Trump Assassination Attempt and Election Support.”

The potential reach of this scam is alarming. One of the hijacked channels has 1.26 million subscribers, while others have subscriber counts ranging from 100,000 to over 700,000.

The broadcasts use looped-deep fake videos of Elon Musk, encouraging viewers to scan a QR code embedded in the video to participate in a crypto giveaway.

Fraudulent Websites and QR Codes

Scanning these QR codes directs users to fraudulent websites hosted on domains resembling the impersonated brand, such as Tesla, or domains that associate Musk’s and Trump’s names.

Examples of these malicious domains include musktrump[.]org, tesla-elon[.]gives, elomusk[.]finance, muskrise[.]io, and taketesla[.]org.

Bitdefender’s anti-phishing and anti-fraud filtering systems have detected and blocked these domains.

Protecting Against Crypto-Doubling Scams

Vigilance and adherence to good cyber practices are crucial to avoid such scams.

Bitdefender researchers recommend the following steps:

  1. Be Wary of Click-Bait Titles: Avoid videos and links with sensational titles related to Tesla or the attack on Donald Trump.
  2. Check for Malicious Domains: Identify malicious domains and ensure your security systems block them.
  3. Secure Your YouTube Account: Follow dedicated guides to keep your YouTube account safe from hijackers.
  4. Scrutinize Crypto Investment Promises: Be skeptical of messages and videos promising double returns on crypto investments.
  5. Avoid Scanning QR Codes in Videos: Do not scan QR codes in YouTube videos that offer too-good-to-be-true crypto giveaways.
  6. Inspect YouTube Channels for Suspicious Activity: Look for signs such as missing or deleted videos and closed comment sections.
  7. Report Suspicious Activity: Notify the platform or other relevant parties about any suspicious activity.
  8. Use Comprehensive Security Solutions: Employ trusted security solutions that can block phishing attempts and fraudulent links.
  9. Utilize Scamio for Verification: When in doubt, use Bitdefender’s Scamio to analyze texts, messages, links, QR codes, or images for potential scams.
  10. Scamio is available on Facebook Messenger, WhatsApp, and web browsers and can be shared with others in various countries.

As cybercriminals continue exploiting high-profile events for their schemes, users must stay informed and vigilant.

Individuals can protect themselves from these sophisticated crypto-doubling scams by following the recommended precautions and utilizing advanced security solutions.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.


[ad_2]
Source link

New Tinder feature to fool around with comes this July in the US

andreasc
-
0
New Tinder feature to fool around with comes this July in the US
[ad_1]
If you’re actively participating in the Tinder subculture, you’re going to get a kick out of this: the popular dating app declares that a new feature is coming to the US this July!

Tinder has announced the release of ‘Photo Selector’, an AI-powered feature designed to help users choose their profile pictures from a curated selection of photos retrieved directly from their phones.

Authenticity is crucial in attracting the right match on Tinder – and the idea is that the AI tool will make you somehow more authentic, a Tinder blog post explains. Hey, look on the bright side: at least there’ll be someone (or rather – something) to blame when you don’t get any Tinder matches.

They’re citing data from a survey: 85% of singles believe their dating app profiles should represent their true selves, while 52% find it challenging to select a profile image.

Most single women prefer men’s profiles with at least four images that genuinely reflect their personalities. Men who include more than one face photo in their profiles increase their chances of matching with women by 71%, the announcement continues.

Photo Selector could be seen as a digital companion that curates a diverse selection of photos from users’ camera rolls, optimized to help users find a match.

Singles aged 18-24 report spending an average of 33 minutes selecting the right profile photo for their dating app – this is where the new app comes into play!

By the way, Tinder has been hinting at such an AI tool for almost a year now.

By alleviating the burden of photo selection, Photo Selector enables users to focus more on making meaningful connections rather than spending excessive time on choosing photos.

“We’re proud to be the first dating app to roll out an AI tool that can make the profile-building experience significantly easier – an area we know is one of the hardest parts of dating. As the category leader, we’re pushing ourselves to define the industry’s best use cases for meaningful consumer AI integrations. As demonstrated by our Photo Selector feature, we’re developing AI tech to assist you in making decisions, not to make them for you. Our commitment to our users is clear and equally applies to our view of AI: at Tinder, we develop innovative technologies to create a safer space for people to make authentic connections.


–Faye Iosotaluno, CEO of Tinder.

Using Photo Selector


Here’s how this is supposed to work – simply snap a selfie for facial recognition, grant access to your camera roll, and let our AI tech curate a selection of images for your review. You decide which pictures you want to select and add to your profile.

Capturing the ideal images from your smartphone


Tinder Resident Dating Expert Devyn Simone offers tips on choosing profile photos that truly reflect your personality.

  • Find your light: Think of yourself as the star of a glamorous photoshoot. Well-lit photos are always the vibe; natural light is your best friend. On a sunny day, seek out a nice shaded spot and snap a few variations. It’s always good to have a few options to choose from.
  • Avoid confusion: No one wants to play “Where’s Waldo?” with your dating profile pics. People are here to meet you, not your entire friend group. One group photo is fine, but keep the rest solo. Opt for a bright, fun pic that showcases you in all your glory.
  • Clean that lens: It’s basic but crucial. You don’t want to look like you were photographed with a potato. Give your camera lens a quick wipe with a microfiber cloth before snapping away. Crisp and clear photos = instant upgrade.
  • Have fun: Your profile should be a mini-story about your fabulous life. Show off different sides of your personality with a variety of photos: a stunning headshot, an action shot (you doing something you love), a social shot, and a candid shot. Inspire people to want to know more about the amazing you!
  • Mix it up: If your profile pics are older than your favorite brunch spot, it’s time for a refresh. Keep things current by adding at least one or two new photos. Fresh pics show you’re active and keep your profile feeling new and exciting.

Photo Selector will be available in the U.S. region beginning in July, as well as international markets later this summer.

[ad_2]
Source link

New Find My Watch feature is coming to the Pixel Watch

andreasc
-
0
New Find My Watch feature is coming to the Pixel Watch
[ad_1]
You will soon be able to track your Pixel Watch, and do other useful things, remotely, even if the watch is offline and not paired with any device. This upcoming new feature leverages the Find My Device network capabilities, and it’s something that’s been around in iOS for some time.

Actually, this functionality already works with Android phones and tablets, as well as some trackers. Our friends at 9to5Google have found out that the feature is coming to the Pixel Watch. By decompiling the code of the Pixel Watch app, they found a couple of stings of code, suggesting that a Find My Watch feature is in the works.

The strings of code show a label nested under the Find My Device setting, called “Find My Watch.” There’s also a short description of the feature, reading: “Allow to remotely locate, lock, and erase your watch, even when your watch is offline.”
New Find My Watch feature is coming to the Pixel Watch

This means that if you lose your Pixel Watch or your device gets stolen, you will be able to locate it and hopefully retrieve it, or in the worst case scenario, erase it to prevent personal data leaks. It’s done using other devices linked to the Find My network, so you don’t need to be connected or paired directly to your Pixel Watch.

Google will probably expand this functionality to other Wear OS devices, as the Find My Device network uses Google Play Services, meaning it can connect a wide range of devices, independently of their specific hardware. The Pixel Buds Pro, for example, might be next in line to receive the Find My feature.


[ad_2]
Source link
1...232425...1,452Page 24 of 1,452