Meta refuses to partner with Google on Android XR

andreasc
-
0
Meta refuses to partner with Google on Android XR
[ad_1]

In a surprising turn of events, Meta, the parent company of Facebook and Instagram, has reportedly refused to partner with Google on the Android XR project. This decision comes as a blow to Google, which was hoping to collaborate with Meta to create a unified platform for upcoming devices.

Android XR is a project by Google that aims to develop a software platform for AR and VR products. The project is still in the works, but Google hopes to turn it into a standard software kit for virtual and augmented reality devices. Similar to what it did with Android in the smartphone market.

As per The Information report, Google suggested Meta in late 2023 to partner in the Android XR project. However, Meta declined the request. Meta’s decision to reject the partnership with Google was a bit surprising as its Quest headsets currently run on an open-source and modified version of Android.

Meta won’t partner with Google on developing Android XR

As the report reads, “Meta executives decided against a partnership.” Meanwhile, Google reportedly notified Meta that it would keep the door open if they changed their mind.

Meta’s executive’s decision might come on the heels of Google’s refusal to allow Quest buyers to access the Play Store. Despite Meta’s numerous requests, Google doesn’t allow the firm to offer Google services and apps on Quest headsets, leaving buyers with a device with no practical app on it.

The move could lead Meta to part ways with Google and invest in building a standalone operating system for its VR and AR headsets. Meta is a pioneer company in developing VR and AR products but still relies on other companies for software. The firm is reportedly in talks with LG for its upcoming Quest Pro 2.

Meta refused Google’s offer due to “restrictive terms”

In a recent post on Threads, Meta CTO Andrew Bosworth confirmed Google has pitched the partnership idea to them, adding that Google is causing fragmentation in the ecosystem. Bosworth said Meta would welcome Google if it brings the Play Store to Quest headsets.

“Instead, they want us to agree to restrictive terms that require us to give up our freedom to innovate and build better experiences for people and developers—we’ve seen this play out before, and we think we can do better this time around.” Meta CTO noted.


[ad_2]
Source link

US Court Orders NSO Group to Disclose WhatsApp Pegasus Spyware Code

andreasc
-
0
US Court Orders NSO Group to Disclose WhatsApp Pegasus Spyware Code
[ad_1]

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019. The lawsuit claims that NSO took advantage of a vulnerability in WhatsApp to install the Pegasus spyware on certain user devices without their permission.

This means NSO exploited a flaw in WhatsApp to install spyware on specific phones without authorization.

As per the court document, Judge Hamilton has ordered NSO Group to reveal all spyware code related to the alleged attacks from April 2018 to May 2020 in response to WhatsApp’s lawsuit.

This contains detailed information about the spyware’s functions and signifies a major advancement in the ongoing legal dispute, as WhatsApp aims to acquire insights into the inner workings of Pegasus for defensive reasons.

Lawsuit Background

The case WhatsApp filed against NSO Group, in which the company is accused of targeting 1,400 users with the Pegasus malware, is gaining momentum.

In a recent ruling, the court rejected NSO Group’s efforts to evade responsibility by ordering the disclosure of pertinent documents and code.

Because it might reveal Pegasus’s technological capabilities and aid in legal action, this revelation might be crucial evidence for the people Pegasus targeted.

Additionally, Pegasus’s alleged abuse against political leaders is the focus of investigations in Spain and Poland.

This spyware’s technological abuse has been more understood and addressed thanks to these investigations and the developments in the WhatsApp case.

Count Response

WhatsApp has taken legal action against NSO Group, claiming that the latter’s Pegasus spyware infected 1,400 devices, including those of journalists, activists, and government officials, by using a WhatsApp vulnerability (CVE-2019-3568).

WhatsApp wants the NSO source code to figure out the vulnerability and maybe build a defense.

The court ignores NSO’s sovereign immunity claims and orders to disclose attack-related code while classifying client and server architectural specifics.

This is a massive victory for WhatsApp, but other companies in the spyware sector are still operational despite penalties and government pressure, and NSO is also facing litigation along these lines.

Despite the NSO’s assertions that it is solely intended for recognized nations, Pegasus has widely targeted human rights advocates and journalists.

To seek compensation, victims of Pegasus must first determine who is using it.

The decision of Judge Hamilton allows victims of the Pegasus spyware to take legal action by suing WhatsApp to uncover the identity of the malware’s deployer.

This decision aligns with WhatsApp’s values of user safety and discouraging bad actors from abusing the platform, which is why WhatsApp supports it.

A precedent for corporations to be held liable for aiding spyware assaults has been established by this decision.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

OnePlus 13 could be first to use the Snapdragon 8 Gen 4

andreasc
-
0
OnePlus 13 could be first to use the Snapdragon 8 Gen 4
[ad_1]

According to a new report, the OnePlus 13 could be the first smartphone to use the Snapdragon 8 Gen 4 processor. This information comes from a tipster known as Smart Pikachu, a Chinese tipster.

The OnePlus 13 tipped to be the first phone to use the Snapdragon 8 Gen 4 SoC

He mentioned that the OnePlus 13 could be the first to get the Snapdragon 8 Gen 4. On the flip side, the OnePlus Ace 3V is said to be the first to get the next-gen Snapdragon 7 series chip. He also added that the Ace 3V will include a 1.5K display, a 5,500mAh battery, and 100W charging support.

Having said that, the OnePlus 12 is still a very new smartphone. The OnePlus 13 is not exactly around the corner. The device will likely debut in December, possibly in November, if OnePlus pushes up its launch schedule.

The Snapdragon 8 Gen 4 launch event has been confirmed for October this year. Qualcomm’s CMO confirmed as much during MWC 2024. He said that the Snapdragon Summit 2024 will take place in October. He also flat-out confirmed that the Snapdragon 8 Gen 4 will be coming.

Xiaomi was the first company to announce Snapdragon 8 Gen 3-powered devices

With that in mind, Xiaomi is usually the first company that has the privilege to announce the very first smartphones with next-gen flagship Snapdragon chips. That’s not always the case, but it has been the case several times thus far.OnePlus could get that privilege this time around if the tipster is to be believed. The Snapdragon 8 Gen 4 is actually tipped to be a considerably different chip than the Snapdragon 8 Gen 3.

How so? Well, Qualcomm will use its custom Oryon cores this time around, for the first time ever. The chip is also said not to include cores for power efficiency, contrary to the Snapdragon 8 Gen 3 and its predecessors.

It will be an immensely powerful chip, but we wonder how will Qualcomm do at power efficiency without efficiency cores. That’s one major advantage the company had over the competition.


[ad_2]
Source link

Linux and open source trends in 2024

andreasc
-
0
Linux and open source trends in 2024
[ad_1]

In 2024, the Linux and open-source landscape is poised for significant change. Known for its strong security and adaptability, Linux continues to be a key player in the tech world. This article explores the evolving trends in Linux and open source, highlighting groundbreaking developments from enhanced security to innovative educational roles. Join us as we explore how these technologies are shaping our digital future.

The Crucial Role of Privacy Tools in Linux

Linux, renowned for its robust security, provides a solid foundation for users to prioritize safety and privacy. However, it’s crucial to recognize that while Linux secures your device, it doesn’t inherently protect the data you send over the internet. Data transmitted from your Linux device can be just as vulnerable as on any other platform once it leaves your system.

This is where VPNs play a pivotal role as they hide your original IP address, effectively masking your online footprint. This means that the websites and services you access only see the IP address provided by the VPN, not your actual one. This level of privacy is further bolstered by AES encryption with PIA, making your data indecipherable to potential cybercriminals. As we delve into the future of Linux and open source, the importance of such privacy tools becomes increasingly crucial in our connected world.

Revolutionizing Open Source Interaction

The open-source community, the bedrock of collaborative innovation, is on the brink of a transformative shift. The next few years are expected to usher in an era of advanced collaboration platforms, leveraging the power of cloud computing and real-time collaboration tools. These platforms won’t just streamline project management and code development; they’ll actively foster a more inclusive and global participation. Expect a surge in virtual hackathons, open-source contribution sprints, and cross-project collaborations that break down geographical barriers. This evolution will not only democratize access to open-source projects but also enrich them with diverse perspectives and expertise.

Sustainable Computing: Linux’s Green Revolution

The urgency of environmental sustainability is reshaping the ethos of Linux and open-source projects. Upcoming initiatives are likely to emphasize eco-friendly software development, which includes optimizing code for lower energy consumption and supporting hardware longevity. Projects may increasingly adopt ‘green coding’ practices that prioritize efficiency and minimal resource usage. We might also see a rise in open-source software tailored for renewable energy management, smart grid technologies, and environmental data analysis. These efforts reflect a growing consciousness within the Linux community to align tech innovation with ecological responsibility.

Emerging Hardware Compatibility

Linux’s reputation for adaptability will be significantly bolstered as it expands its compatibility with emerging technologies. We are likely to witness Linux systems seamlessly integrating with a variety of new hardware, from advanced wearables to IoT devices. This includes better support for cutting-edge processors and GPUs, facilitating Linux’s use in high-performance computing and AI research. Additionally, as AR and VR technologies mature, expect Linux to play a significant role in driving these innovations forward, providing a stable and versatile platform for development and deployment.

The Educational Role of Linux and Open Source

In education, Linux and open source are transitioning from optional tools to integral components of the curriculum. Their role in teaching not only programming and system administration but also in fostering critical thinking and collaborative skills is becoming more pronounced. Educational institutions might increasingly adopt Linux-based environments for their cost-effectiveness and customizability, offering students a more hands-on learning experience. Furthermore, open-source contributions and projects could become a key part of tech education, preparing students for the collaborative and ever-changing nature of the tech industry.

AI and Open Source: A Partnership Poised for Innovation

The synergy between AI and open source is set to unlock new horizons in technological advancement. Open-source AI projects are facilitating more transparent, ethical, and community-driven development of AI technologies. These projects offer a platform for experimentation and innovation in fields like machine learning, natural language processing, and predictive analytics. Additionally, the integration of AI into open-source tools is simplifying complex tasks like code review, bug tracking, and software optimization, enhancing the efficiency and quality of open-source software development.

A Vision of Progressive and Secure Technology

As we look to the future, Linux and open source stand at the forefront of a digital revolution that is not just technological but also cultural and ecological. The developments in these realms are set to create a more inclusive, sustainable, and innovative technological landscape.


[ad_2]
Source link

Ransomware-as-a-Service Attacks targeting Middle East & Africa

andreasc
-
0
Ransomware-as-a-Service Attacks targeting Middle East & Africa
[ad_1]

The Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS) attacks, posing a grave threat to digital security.

This comprehensive report delves into the key findings, attack trends, the impact on businesses, and the crucial preventive measures that must be adopted to combat this escalating cyber threat.

The digital transformation journey of the MEA region, while opening new avenues for growth, has also exposed it to sophisticated cyber threats.

Among these, ransomware attacks have emerged as a formidable challenge, with a notable increase in incidents orchestrated through the RaaS model.

Data Leaks in the middle east & Africa
Data Leaks in the Middle East & Africa

This phenomenon not only jeopardizes the security of critical data but also undermines the economic stability of the affected regions.

Technical Analysis

The Gulf Cooperation Council (GCC) countries, South Africa, and Turkey have been identified as the hotspots for these cyber assaults.

The report also highlights the proliferation of information stealers, with over 1.2 million infected devices across MEA, underscoring the extensive reach of cybercriminal networks.

LockBit, BlackCat (ALPHV), and Arvin Club have been pinpointed as the most active ransomware gangs in the region, with LockBit accounting for 38% of the attacks.

Ransom attacks
Ransom attacks

Recent research by Group-IB highlights a staggering 68% increase in ransomware attacks across the MEA region, with the financial services and real estate sectors being the primary targets.

This surge in ransomware incidents is attributed to the RaaS model, which has democratized access to sophisticated cyberattack tools, enabling even low-skilled criminals to launch devastating attacks.

The RaaS model has significantly lowered the barrier to entry for cybercriminals, leading to a diversification of targets and an increase in attack frequency.

Financial services, real estate, and manufacturing sectors have borne the brunt of these attacks, with a notable rise in data leaks and compromised corporate networks.

The involvement of Initial Access Brokers (IABs) in selling access to these networks on the dark web further complicates the threat landscape, making it imperative for businesses to bolster their cybersecurity defenses.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter


[ad_2]
Source link

Nepali Hacker Tops Hall of Fame by Reporting Facebook’s Zero-Click Flaw

andreasc
-
0
Nepali Hacker Tops Hall of Fame by Reporting Facebook’s Zero-Click Flaw
[ad_1]

Samip Aryal, a cybersecurity researcher and an ethical hacker from Nepal, bypassed the system’s rate-limiting feature and subsequently checked possible combinations of 6-digit numbers (from 000000 to 999999) for two hours.

Samip Aryal, a Nepali bug bounty hunter, discovered a zero-click flaw in Facebook’s password reset system, potentially allowing hackers to compromise any targeted account. This exploit earned Aryal his highest bug bounty, making him top the Facebook Hall of Fame for White-Hat Hackers 2024 ranking, though the exact bounty amount remains unknown.]

Nepali Hacker Tops Facebook Hall of Fame by Exposing Account Takeover Flaw
Samip Aryal tops Facebook Hall of Fame list

Aryal discovered a way to abuse Facebook’s password reset functionality without rate-limiting. The bug allowed attackers to hijack user accounts through “zero-click” attacks (without user interaction) by requesting a password reset and brute force the 6-digit security codes. 

The vulnerability was discovered in Facebook’s password reset functionality. It allowed hackers to bypass the system’s rate-limiting feature and subsequently check possible combinations of 6-digit numbers (from 000000 to 999999) for two hours.

In his blog, Aryal revealed finding a vulnerable endpoint on Android Studio while testing Facebook versions. He received a pop-up in the password reset flow offering users to send a security code through Facebook notification. The code remained active for two hours despite incorrect inputs.

“I didn’t see any sort of code invalidation after entering the correct code but with multiple previous invalid tries (unlike in the SMS reset functionality),” Aryal explained.

He used a brute-force attack methodology to cover the entire search space in an hour, revealing that some users had the nonce code displayed on the notification, a zero-click exploit. The code was displayed on another screen with a single click.

For your information, a cryptographic nonce is an arbitrary number that can only be used once in a cryptographic communication. He further noted that hackers could hijack Facebook user accounts by choosing any account, going to its password reset flow, selecting “Send code via Facebook notification,” trying any code to receive a server response, and brute forcing it in two hours. Facebook application users would receive notifications with a six-digit code or prompting them to tap to see the login code.

Nepali Hacker Tops Facebook Hall of Fame by Exposing Account Takeover Flaw
PoC GIF

Aryal responsibly disclosed the flaw to Facebook on January 30, 2024, and the issue was fixed on February 2. 

The vulnerability could lead to personal information theft, disinformation spread, and network attacks. Being aware of emerging security threats on Meta and other social networking platforms is also crucial to keep your accounts protected.

It is worth mentioning that Meta accounts have particularly been the target of scams lately. In March 2023, researchers at Guardio discovered an info-stealing campaign involving fake ChatGPT extensions claiming to integrate with Google search results but in reality attempting to steal Facebook accounts. 

WithSecure cybersecurity firm identified a connection between recent DarkGate malware attacks and Vietnam-based threat actors attempting to hijack Meta business accounts and steal sensitive data in October 2023.

To stay safe, users should enable two-factor authentication, use strong, unique passwords, be cautious with password reset requests, and stay updated on security threats. 

  1. 6 of the Best Crypto Bug Bounty Programs
  2. 10 Famous Bug Bounty Hunters of All Time
  3. Bug bounty: Hack Tesla Model 3 to win your own Model 3
  4. OpenAI’s ChatGPT Bug Bounty Program – Earn $200 to $20k
  5. Bug Bounty: Earn $40K for hacking Facebook, Instagram, WhatsApp

[ad_2]
Source link

Leaked Galaxy Tab S6 Lite (2024) pricing suggests price decrease

andreasc
-
0
Leaked Galaxy Tab S6 Lite (2024) pricing suggests price decrease
[ad_1]

The pricing and configuration details of the Samsung Galaxy Tab S6 Lite (2024) for the European markets have leaked out. It will arrive as the successor to the S6 Lite 2022 edition. The upcoming offering has already bagged multiple certifications hinting at its imminent launch.

Samsung Galaxy Tab S6 Lite (2024) details surface for the European market

Citing a European source, Appuals reports that the Samsung Galaxy Tab S6 Lite (2024) will launch in 4GB + 64GB and 4GB + 128GB RAM and storage configurations. The WiFi-only version of the base option will cost €429 whereas the higher model will be available for €489. On the other hand, the LTE network version of the same variants will cost €459 and €519.

Compared to the 2022 edition, the upcoming S6 Lite (2024) edition price seems to be cheaper for all variants except the 64GB WiFi-only model. The publication adds that the pricing could vary depending on the market region. The Tab S6 Lite (2024) will come in Chiffon Pink, Oxford Grey, and Light Green color options.

Only a few upgrades expected on the upcoming offering

Appuals says that the Galaxy Tab S6 Lite (2024) is confirmed to feature a 10.4-inch display as per the source. This is the same as its predecessor. Based on leaks and rumors, an Exynos 1280 processor will reportedly power the tablet. It is expected to be backed by a 6,840mAh battery unit (advertised as 7,000mAh) with support for 15W charging. The upcoming offering will run on Android 14 with OneUI 6 layered on the top.

Samsung first launched the Galaxy Tab S6 Lite in 2020. The brand followed it up with a 2022 edition with incremental upgrades. We assume the upcoming 2024 edition will also continue the same tradition.


[ad_2]
Source link

X reinstates policy against misgendering & deadnaming

andreasc
-
0
X reinstates policy against misgendering & deadnaming
[ad_1]

X is again making it illegal for users to misgender and deadname other users on the platform. The policy was dropped last year, but X is reinstating it again following numerous criticisms.

As Ars Technica reports, in April last year, X (called Twitter back then) updated its abuse and harassment policy to allow for misgendering and deadnaming. The policy was adopted in the pre-Musk era in 2018. But the billionaire later suggested that his tweets might violate the policy.

Meanwhile, the latest update to X’s policy in January indicates that the company is again banning users from misgendering and deadnaming transgender people and other members of the LGBTQ+ community under the newly-added “Use of Prior Names and Pronouns” section.

Misgendering and deadnaming is illegal again on X

As the new policy reads, X will “reduce the visibility of posts that purposefully use different pronouns to address someone other than what that person uses for themselves, or that use a previous name that someone no longer goes by as part of their transition.”

Posts that contain misgendering and deadnaming will be removed from search results, timelines, trends, and notifications. Additionally, no ads will be shown adjacent to them.

The non-profit LGBTQ advocacy organization GLAAD blamed X back then for not banning misgendering and deadnaming. It said Twitter’s move was “the latest example of just how unsafe the company is for users and advertisers alike.” Meanwhile, the organization said policies that explicitly ban misgendering and deadnaming are better than vague policies that confuse content moderators.

LGBTQ+ advocacy groups are not happy with X’s recent policy update

The platform only acts against misgendering and deadnaming if it receives a complaint from the target. That is according to a new policy. “Given the complexity of determining whether such a violation has occurred, we must always hear from the target to determine if a violation has occurred.”

Meanwhile, GLAAD suggests that self-reporting is not the best possible way to tackle desecration against the LGBTQ+ community. Presumably, because it puts all the burden on the victim’s shoulders. The GLAAD’s Jenni Olson told Ars that X’s recent move is a step back from stronger protections that the platform had in place for many years.


[ad_2]
Source link

A week in security (February 26 – March 3)

andreasc
-
0
A week in security (February 26 – March 3)
[ad_1]
cryptocurrencies investor

March 1, 2024 – Scammers are attacking Mac users interested in cryptocurrencies using a fake fix for a meeting link that won’t work.

pig butchering scams

March 1, 2024 – Pig butchering scams are usually tied to cryptocurrency investments that make for big business with victims on both sides of the line.

booking a castle does not come cheap

February 29, 2024 – One of our researchers was targeted by a scammer advertising on Airbnb and hosting a fake Tripadvisor website.

Facebook login screen

February 29, 2024 – A vulnerability, now fixed, in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all.

February 28, 2024 – Detecting and disrupting a months-long malware campaign on an MSP.


[ad_2]
Source link
1...359360361...1,476Page 360 of 1,476