Threads finally rolls out the in-app camera and drafts

andreasc
-
0
Threads finally rolls out the in-app camera and drafts
[ad_1]

A little while back, we got the news that the Threads team was working on a few interesting features, and now they’re officially launching. According to a post from Adam Mosseri, Instagram’s CEO, the in-app camera and drafts are finally rolling out for Threads.

Not too long ago, we saw a post where Mark Zuckerberg was testing out the in-app camera in Threads. He also teased being able to save drafts within the app. At that point, they were testing the features.

When you are typing a new post in Threads, but you can’t finish it and need to return to it later, you can simply press the back button on your phone or swipe down on the post. Before exiting, the app will give you the option to save a draft to finish later. This is also for people who like to pre-draft their posts and publish them at a later time.

To access the draft again, up on the Add Post button again. This will bring up the last draft that you had. One thing to note is that, if you have a draft, the Add Post button will be different.

Threads now has an in-app camera

People who typically like to share pictures on social media have shared this gripe with Threads. When sharing a picture with the platform, there was no way of doing so quickly. People would have to go to their default camera app, pick the picture, and upload it to threads. Granted, it’s not the most labor-intensive task. However, if you’re a person who shares a lot of pictures on social media, that can get pretty annoying.

Well, when you are making a new post, you will see a new camera icon under your profile picture. When you tap on it, you’ll be taken to an in-app camera.

One thing we noticed is that, rather than being taken to a unique camera interface, it looks like the Threads app will just open your device’s default camera and directly import the picture once you take it. We’ve tested this on the Galaxy S24+ (Review) and the Tecno Phantom V Flip (Review), and we can confirm this. Even the confirmation screen, asking you whether you want to use that picture or retry it, is different across devices.

In order to access these features, make sure your Threads app is fully updated. If your app is updated, and you don’t have these features, then you may just want to wait a day or two for it to reach your device.


[ad_2]
Source link

Save $200 on iRobot’s Roomba Combo i5+ robot vacuum

andreasc
-
0
Save $200 on iRobot’s Roomba Combo i5+ robot vacuum
[ad_1]

The newest Roomba is on sale right now, saving you $200 off of its regular price. That’s the iRobot Roomba Combo i5+, which is now $349. That’s a pretty good price for a robot vacuum and mop combo here. The Roomba Combo i5+ was announced back in August and has been pretty popular ever since. It also won our Reader’s Choice Award as the Best Robot Vacuum for 2023.

The iRobot Roomba Combo i5+ is the cheapest vacuum/mop combo from iRobot on the market. And it’s a pretty nifty one. Unlike the Roomba Combo j7+, this one has separate dustbins. So, to go from mopping to vacuuming, you’d need to swap out the bins. This means there is a little more work on your end, but for this price, that’s okay.

This is a great robot vacuum for pet hair due to the rubber rolling brushes here, as well as the increased suction. So you’ll never have to worry about it missing any pet hair or getting tangled. This is a really great vacuum to pick up for those who have pets since the pet hair won’t get tangled in the brushes, and it will also do an excellent job of picking up all of the pet hair. Both things are super important these days.

This is the “Plus” model, which means it comes with an auto-empty dock. With this feature, you won’t have to worry about emptying the dustbin for up to 60 days. Once the time is up, you can take out the dustbag and replace it with a new one. It’s a hassle-free and easy process.

You can pick up the iRobot Roomba Combo i5+ from Amazon today.

Buy at Amazon


[ad_2]
Source link

Multiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes

andreasc
-
0
Multiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes
[ad_1]

QNAP has disclosed a series of vulnerabilities within its operating systems and applications that could potentially allow attackers to compromise system security and execute malicious commands.

These vulnerabilities, identified as CVE-2024-21899, CVE-2024-21900, and CVE-2024-21901, pose significant risks to users of affected QNAP devices.

The company has promptly responded by releasing updates to mitigate these vulnerabilities.

Understanding the Vulnerabilities

CVE-2024-21899: Compromising System Security Through Improper Authentication

This vulnerability could allow unauthorized users to bypass authentication mechanisms, allowing them to compromise the system’s security via a network.

Document
Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
    • If you want to test all these features now with completely free access to the sandbox:

The improper authentication flaw poses a critical risk, as it could enable attackers to gain unauthorized access to sensitive information or disrupt system operations.

CVE-2024-21900: Command Execution Through Injection Vulnerability

CVE-2024-21900 is an injection vulnerability that could allow authenticated users to execute arbitrary commands via a network.

This vulnerability could enable attackers to manipulate the system to their advantage, potentially leading to data theft, system damage, or further unauthorized access.

CVE-2024-21901: SQL Injection Vulnerability

The SQL injection vulnerability, identified as CVE-2024-21901, could allow authenticated administrators to inject malicious code via a network.

This vulnerability is particularly concerning as it could enable attackers to manipulate or corrupt database contents, leading to data loss or unauthorized access.

Hunter recently tweeted about a severe issue related to QNAP operating systems. The tweet warns users to be cautious and take necessary measures to avoid exploitation.

A critical vulnerability (CVE-2024-21899, CVSS 9.8) has been found in multiple versions of QNAP operating systems.

Affected and Fixed Versions

QNAP has taken swift action to address these vulnerabilities by releasing updates for the affected products.

Discovering these vulnerabilities in QNAP’s systems is a crucial reminder to maintain up-to-date security measures. 

The following table outlines the affected products and their corresponding fixed versions:

Affected ProductFixed Version
QTS 5.1.xQTS 5.1.3.2578 build 20231110 and later
QTS 4.5.xQTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.xQuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.xQuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.xQuTScloud c5.1.5.2651 and later
myQNAPcloud 1.0.xmyQNAPcloud 1.0.52 (2023/11/24) and later

Users of the affected versions are urged to update their systems and applications to the latest versions to protect against these vulnerabilities.

To safeguard against these vulnerabilities, QNAP strongly recommends that users regularly update their systems and applications to the latest versions.

These updates include critical fixes that can protect devices from potential attacks.

Users can update their QTS, QuTS hero, or QuTScloud systems via the Control Panel’s Firmware Update section or download the updates directly from the QNAP website.

For myQNAPcloud, updates can be performed through the App Center.

The discovery of these vulnerabilities was credited to DEVCORE, under the identifiers ZDI-CAN-22493/22494.

QNAP’s swift response underscores the importance of proactive security measures and the company’s commitment to protecting its users. 

Users of QNAP devices are urged to update their systems immediately to protect against potential threats.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Russian Midnight Blizzard Hackers Breached Microsoft Source Code

andreasc
-
0
Russian Midnight Blizzard Hackers Breached Microsoft Source Code
[ad_1]
Russian Midnight Blizzard Hackers Breached Microsoft Source Code

Microsoft confirms that Russian state-sponsored hackers, known as Midnight Blizzard, infiltrated their systems and stole source code. Experts warn of potential zero-day vulnerabilities.

Microsoft has been hit by a significant cybersecurity breach, with the company confirming that Russian hackers infiltrated its infrastructure, compromising valuable source code.

The breach, originally discovered on January 12, 2024, and reported on January 19, raised concerns about the potential misuse of proprietary information and the security of millions of users relying on Microsoft’s products and services.

Earlier this year, Microsoft disclosed that Russian state-sponsored hackers referred to as Midnight Blizzard (also known as Nobelium, Cozy Bear, and APT29), have been spying on the email accounts of Microsoft’s team members. The group, known for the devastating SolarWinds attack, successfully stole source code in what Microsoft now terms an “ongoing attack.”

Reportedly, the hackers infiltrated a “small percentage of corporate email accounts” and stole internal messages and files in an attack that began in late November 2023. The threat actor compromised a non-production test tenant account using a password spray attack, accessing some Microsoft corporate email accounts, including senior leadership and cybersecurity employees, and exfiltrating emails and documents.

The attackers exploited vulnerabilities in Microsoft’s defences, gaining unauthorized access to a substantial portion of source code, including Windows OS components, Office Suite, and other critical software elements.

Update from Microsoft

Previously, Microsoft stated that there was no evidence that the “threat actor had any access to customer environments, production systems, source code, or AI systems.” However, as per Microsoft’s update published on March 8, 2024, Midnight Blizzard is using information from corporate email systems to gain unauthorized access, including access to source code repositories and internal systems. Still, the company asserts that there’s no evidence that attackers compromised Microsoft-hosted customer-facing systems.

Midnight Blizzard is using various tactics to attack Microsoft, some of which were shared between Microsoft and its customers via emails. Moreover, the company claims hackers increased the attack volume, such as password sprays, by up to 10 times in February compared to January.

Microsoft has increased security investments and coordinated cross-enterprise efforts to counter Midnight Blizzard’s persistent threat. The company is enhancing its security controls, detections, and monitoring, as well as conducting ongoing investigations into the group’s activities.

Hackread will continue to share findings and information as they evolve. Users are advised to implement security updates, report suspicious activity, and adhere to security best practices.

Expert Comments

Ariel Parnes, former Head of the Israeli Intelligence Service Cyber Department, winner of the Israel Defense Prize for tech innovations in the cyber field, and COO and Co-Founder at SaaS incident response leader, Mitiga, shared the following insights with Hackread.com:

“For advanced nation-state cyber groups, access to a company’s source code is akin to finding the master key to its digital kingdom, opening up avenues for finding new zero-day vulnerabilities: undiscovered security flaws that can be exploited before they’re known to the software creators or the public.”

Ariel warned that “Zero-day vulnerabilities represent a critical threat because there’s no straightforward way to detect them until after they’ve been discovered and disclosed by the software creators. Given this challenging landscape, organizations need to double down on cybersecurity measures focused on proactive defence.”

  1. Microsoft Disables App Installer After It’s Abused for Malware
  2. Fake Ledger App on Microsoft Store to Steal $800k in Crypto
  3. Microsoft Azure Exploited to Create Undetectable Cryptominer
  4. Microsoft Teams External Access Abuses for DarkGate Malware
  5. Microsoft Outlook Flaw Exploited by Russian Forest Blizzard Group

[ad_2]
Source link

OnePlus Open is finally getting Android 14 in the US

andreasc
-
0
OnePlus Open is finally getting Android 14 in the US
[ad_1]

Android 14 has finally started rolling out to the OnePlus Open in the US. Why do I say ‘finally’? Well, the update started rolling out at the beginning of February, not in the US, though. It started arriving to users who were Closed Beta and Open Beta testers first, and only those in India.

Android 14 is finally coming to the OnePlus Open in the US

We hoped that the update would spread to other markets quicker than this, but there you have it. We had to wait for about a month and a half at this point. The update is finally rolling out in the US, though.

The update is marked as CPH2551_14.0.0.501(EX01). This update does bring OxygenOS 14 to the table, along with Android 14. The update itself weighs 2.54GB, so chances are you’ll want to be connected to Wi-Fi before you download it.

All the base Android 14 changes are included, but this changelog is focused on OxygenOS, of course. This update is bringing Aqua Dynamics to the table. It’s a new way of interacting with morphing forms. It allows you to view up-to-date information at a glance.

OnePlus added several new, interesting features

‘File Dock’ has been added, so you can now use drag and drop action to transfer files between apps and devices. The ‘Content Extraction’ feature is also included here. It can recognize and extract text and images from the screen with a single tap.

Cutting out objects/subjects from a photo also becomes a lot easier now, thanks to the ‘Smart Cutout’ feature. It allows you to cut out several subjects from a photo thanks to some help from AI.

The ‘Shelf’ has been improved too, as more widget recommendations have been added. The security has been improved, and so has Aquamorphic Design. Color styles have been changed, while new Aquamorphic-themes ringtones have been included too. OnePlus also tweaked the animations and the always-on display (AOD) OnePlus Open feature here.

This OnePlus Open update is rolling out in stages, as per usual. Some of you probably already got it, while it’s on the way to the rest, you may have to wait a bit, though.


[ad_2]
Source link

Qualcomm will launch new SoCs soon, maybe even a flagship chip

andreasc
-
0
Qualcomm will launch new SoCs soon, maybe even a flagship chip
[ad_1]

Qualcomm is prepping to host an event as early as March 18 at 2:30 PM local time in China where it could introduce the latest flagship Snapdragon chip. Notably, the conference’s slogan is “Intelligence is in the core, and there is a dragon in it.Per reports, the chip maker could announce the Snapdragon 8s Gen 3 and the Snapdragon 7+ Gen 3 chips. But take note that Qualcomm hasn’t announced anything about these developments yet. Both the chipsets are said to be built on the same architecture as the Snapdragon 8 Gen 3, which has been receiving praises since its launch.

Qualcomm may launch a flagship chip on March 18th

The news about the event comes from a post on Weibo, where the chip maker could announce at least two chips, including a flagship one. The Snapdragon 8s Gen 3 will steal the limelight of the event, while we anticipate the other chip, 7+ Gen 3, to power up budget smartphones releasing ahead.

Delving into the technicals of the upcoming chips, the Snapdragon 8s Gen 3 could boast one 3.01GHz Cortex-X4 core, four 2.61GHz Cortex-A720 cores, and three 1.84GHz Cortex-A520 cores, alongside an Adreno 735 GPU. Conversely, the Snapdragon 7+ Gen 3 could exhibit a similar architecture but with different clock speeds, including a 2.9GHz Cortex-X4 core, four 2.61GHz Cortex-A720 cores, and three 1.9GHz Cortex-A520 cores, completed by an Adreno 732 GPU.

Which phones will feature the upcoming Qualcomm Snapdragon chips?

The rumored candidates, according to folks at Gizmochina, include the Realme GT Neo6 series, Redmi Note 13 Turbo, Xiaomi Civi 4, OnePlus Ace 3V, Vivo Pad 3, and new devices in the iQOO Neo 9 series. These devices might feature either of the upcoming chips. Notably, the publication adds that we might’ve to wait until March 18 when Qualcomm will confirm the releases during its event. So, until then, you may have to take this information with a grain of salt. But regardless of that, we could say that new Qualcomm processors are on their way.


[ad_2]
Source link

PoC Exploit Released for OpenEdge and AdminServer.

andreasc
-
0
PoC Exploit Released for OpenEdge and AdminServer.
[ad_1]

A Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer.

This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive systems.

Understanding the Vulnerability(CVE-2024-1403)

The vulnerability arises when the OpenEdge Authentication Gateway (OEAG) or the AdminServer is configured with an OpenEdge Domain that utilizes the OS local authentication provider.

Document
Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
    • If you want to test all these features now with completely free access to the sandbox:

This configuration can lead to unauthorized access during login attempts due to a flaw in the authentication routines.

Specifically, the vulnerability allows authentication success to be incorrectly returned from an OE local domain under certain conditions, such as when unexpected content is present in the credentials passed during the login process.

Affected versions include OpenEdge Release 11.7.18 and earlier, OpenEdge 12.2.13 and earlier, and OpenEdge 12.8.0.

The vulnerability has been addressed in the latest updates: OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.

 Community Progress has addressed the issue and has Updates in OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1. 

Impact and Affected Components

The vulnerability has a broad impact, potentially affecting various components of the OpenEdge platform, including:

  • OpenEdge Database access through OEAG
  • AdminServer logins via OpenEdge Explorer (OEE) and OpenEdge Management (OEM)
  • Database Servers accepting OEAG-generated tokens
  • Secure Token Service Utilities
  • Pro2 web application utility for Pro2 management

Ptrace SecurityGmbH recently tweeted about a security vulnerability, CVE-2024-1403, that affects Progress OpenEdge software.

The vulnerability allows for authentication bypass, potentially putting sensitive information at risk.

Mitigation and Upgrade Instructions

A Proof of Concept (PoC) exploit has been made available for a significant vulnerability identified in the OpenEdge Authentication Gateway and AdminServer.

This flaw can potentially be exploited by attackers to gain unauthorized

For users running vulnerable versions of OpenEdge, upgrading to the fixed versions is crucial.

The fixed versions are:

  • Vulnerable Version: OpenEdge Release 11.7.18 and earlier

Fixed Version: OpenEdge LTS Update 11.7.19

  • Vulnerable Version: OpenEdge Release 12.2.13 and earlier

Fixed Version: OpenEdge LTS Update 12.2.14

  • Vulnerable Version: OpenEdge Release 12.8.0

Fixed Version: OpenEdge LTS Update 12.8.1

For those unable to upgrade immediately, temporary mitigation steps include library replacement and domain replacement mitigation for OEAG and AdminServer mitigation strategies, such as using AdminServer Group controls and disabling the AdminService.

The release of the PoC exploit for CVE-2024-1403 underscores the importance of maintaining up-to-date security measures in software systems.

OpenEdge users are urged to review their systems, apply the necessary updates or mitigations, and remain vigilant against potential unauthorized access attempts.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

HONOR Magic6 Ultimate Edition design officially revealed

andreasc
-
0
HONOR Magic6 Ultimate Edition design officially revealed
[ad_1]

Both the HONOR Magic6 Ultimate Edition and Porsche Design HONOR Magic6 RSR are coming on the same day, March 18. That being said, the design of the HONOR Magic6 Ultimate Edition has just been revealed.

HONOR just revealed the design of the HONOR Magic6 Ultimate Edition handset

HONOR itself revealed its design. We got to take a look at its camera shape recently, and now we get to see the vast majority of its backplate. If you check out the three images below, you’ll get to see the phone.

As you can see, black and purple color variants are teased here. Those are likely the only color options that we’ll be able to get. You can clearly see that the back side of the phone is vastly different than what the Magic6 Pro delivers.

The camera island has a different shape, and curved glass on top

The camera island on the back has a completely different shape, though the camera layout is still the same. The top-right and bottom-left corners of the camera island are more rounded than the other two corners.

The glass on top of the cameras is also curved towards the sides. HONOR will seemingly use vegan leather on the back of the HONOR Magic6 Ultimate Edition. That goes for both color variants of the phone.

HONOR will add plenty of character to the backplate

You will also notice that HONOR is also using vertical protrusions on the back. A small one above the camera island, and a larger one below it. That will likely be useful for grip purposes, at least based on where it’s located. This phone should be quite grippy in general, though, due to the use of vegan leather.

The phone will be fueled by the Snapdragon 8 Gen 3 SoC. A 6.8-inch 2800 x 1280 LTPO AMOLED display will be used, with up to 120Hz refresh rate. The phone will likely offer up to 16GB of RAM, perhaps even up to 24GB.

A 5,600mAh battery will be used, while 80W wired and 66W wireless charging will be supported. The camera setup will be the same as on the HONOR Magic6 Pro, most likely. You can read our Magic6 Pro review if you’d like to know more about it.


[ad_2]
Source link

X plans to remove likes & reposts from your feed

andreasc
-
0
X plans to remove likes & reposts from your feed
[ad_1]

Twitter, now X, has undergone several changes since its acquisition by business leader Elon Musk. One of the most controversial changes remains its rebranding to X.com, offering verification badges for a price. But if that’s not enough, Musk might’ve other plans. In a series of posts shared by Elon Musk, he may have announced the future overhaul of X. This time, it’s not a minor but a substantial overhaul.

Elon Musk now wants to remove likes and reposts from X’s feed in favor of total views

As indigestible as it may seem, never doubt Elon, especially when he wants something specific. He wants to remove the likes and reposts from the X’s feed in favor of the total “view count” because according to him, that’s “very clean”. Of course, he adds that he’s “been dying to do this for a year”.

This first came to light after DogeDesigner posted that X may be considering removing the likes and reposts from the feed. However, the catch of the account pinned is you can see them once you tap on the post. Musk replied to the post, confirming “That is definitely happening.”

In the tipped layout, the count of views on posts, which tells you how many people are interested, will be shifted to the top right near the posting time. To engage with the post in this updated format, you’ll swipe right to reply and swipe left to favorite it. Musk mentioned that once you tap on the post, you’ll see the number of likes, reposts, and favorites it has, but it’s still being determined if their display will change.

This is how the UI will look like

Another reliable tipster Abhishek Yadav has shared a screenshot of how the platform would look, once this feature comes to life.

If you know Elon Musk, you’d know he has a thing for aesthetics. Notably, he put his platform through some changes earlier, including the removal of URL cards. But he brought it back after a short hiatus.


[ad_2]
Source link

Elon Musk: “OpenAI is a lie”, xAI will open-source Grok. Carl Pei: “Based”

andreasc
-
0
Elon Musk: “OpenAI is a lie”, xAI will open-source Grok. Carl Pei: “Based”
[ad_1]

Elon Musk announced that his AI company – xAI, will open-source the Grok chatbot, OpenAI’s ChatGPT rival (via Reuters).

To “open-source” means to share a program’s code with everyone for free, so anyone can use, change, and share it again. It’s like sharing a recipe publicly, so people can tweak it, improve it, or make something new with it. This helps make the program better and more secure because lots of eyes are looking at it and helping fix any problems.

Carl Pei is impressed, and comments:Here’s the original Elon Musk tweet itself:Then, another X user says that “OpenAI should do the same. If they are “open” that is”, to which Elon Musk has this to say: “OpenAI is a lie”. Here’s that post:Earlier this month, Elon Musk filed a lawsuit against OpenAI, the company behind ChatGPT, and its CEO Sam Altman. Musk accused them of straying from the company’s founding goal of developing artificial intelligence to benefit humanity, rather than for profit.This is quite the twist, given that the day after OpenAI’s launch in December 2015, when co-founder Sam Altman emphasized his trust in co-chair Elon Musk and their shared vision for safely distributing AI.

Nearly ten years later, Musk and Altman are disputing the future of AI, as Musk has sued OpenAI in California, accusing Altman and others of deviating from the company’s original altruistic mission by seeking commercial gain.

During a podcast with computer scientist Lex Fridman in November, Musk expressed his appreciation for the idea of AI that is open-source. That same month, his startup released its AI model to a select group of users.

Following this, in December, Musk’s company introduced Grok, a rival to ChatGPT, exclusively for Premium+ subscribers of the social media platform X. Musk’s vision for Grok is to create an AI that is devoted to seeking the truth to the utmost degree.


[ad_2]
Source link
1...334335336...1,474Page 335 of 1,474