Google’s Gemini AI chatbot has temporarily suspended its ability to generate images of people. This move comes after backlash regarding the AI’s tendency to skew image generation of people towards darker skin tones, especially when it pertains to historical context.
Initially, realizing that the problem was more impactful than originally thought, Google promised to fix the issues via a social media post. However, the situation appears to have escalated, leading to a temporary but complete shutdown of this particular feature on Gemini’s website.
We’re already working to address recent issues with Gemini’s image generation feature. While we do this, we’re going to pause the image generation of people and will re-release an improved version soon. https://t.co/SLxYPGoqOZ
Since Gemini is now unable to generate images including people, when prompted the chatbot displays a placeholder message instead that reads: “We are working to improve Gemini’s ability to generate images of people. We expect this feature to return soon and will notify you in release updates when it does.” This message was also shared by Google in the above social media post, promising that a fixed version would be coming soon.
Gemini’s current error message when trying to generate an image that includes a human
The problem of less diverse results within AI image generation isn’t unique to Gemini. Existing AI models happen to also grapple with this, and Google’s efforts likely over-focused on addressing this known challenge but unfortunately overshot it. While well-intentioned, the results misrepresented history, which can be very concerning considering these tools are used daily for researching.
While we wait for Google to follow up with an update on this issue via their Gemini release updates hub, users in need of AI generated images involving humans will have to rely on alternative platforms.
Startale Labs, the developer behind Japan’s leading Web3 products like Astar Network and Startale Web3 Cloud, has secured an additional $3.5 million in funding. This brings their total seed funding to $7 million, following a previous investment from Sony Network Communications in September 2023.
The latest round saw participation from UOB Venture Management, a subsidiary of Singapore’s top bank UOB, and Samsung Next, the investment arm of Samsung. This strategic investment from leading Asian companies positions Startale to become a key player in the region’s Web3 domain.
Startale aims to utilize the fresh capital to accelerate the development of its Web3 products and attract top talent from around the globe. Their vision is to become the leading Web3 company in Asia, leveraging the support of prominent Asian corporations.
It is worth noting that the company has already made significant strides, collaborating with Sony Network Communications on a joint blockchain venture and launching the beta version of Startale Web3 Cloud, a developer-friendly platform for deploying and managing blockchain infrastructure.
Sota Watanabe, CEO of Startale Labs, expressed his enthusiasm, stating, “Within a year, Startale has garnered support from leading Asian companies like Sony, Samsung, and UOB Venture Management, significantly expanding our potential. The raised funds will be directed towards product development and talent acquisition, allowing us to establish ourselves as a prominent Web3 force in Asia and beyond.”
Lead investor Paul Ng, Executive Director of UOB Venture Management, shared his belief in Startale’s potential, stating, “We believe real-world applications are key to onboarding new users to Web3. Startale Labs, with their expertise and experience, is well-positioned to make Web3 accessible to the masses, particularly in Asia. We are excited to support them in bringing billions of users into the Web3 space.”
This successful funding round signals the increasing adoption of Web3 and growing trust within the Asian Web3 community.
One of the most alarming trends our ThreatDown Intelligence team has noticed lately is the increased exploitation of legitimate Remote Monitoring and Management (RMM) tools by ransomware gangs in their attacks.
RMM software, such as AnyDesk, Atera, and Splashtop, are essential for IT administrators to remotely access and manage devices within their networks. Unfortunately, ransomware gangs can also exploit these tools to penetrate company networks and exfiltrate data, effectively allowing them to “live off the land”.
In this post, we will delve into how ransomware gangs use RMM tools, identify the most exploited RMM tools, and discuss how to detect and prevent suspicious RMM tool activity using Application Block and Endpoint Detection and Response (EDR).
How ransomware gangs utilize RMM tools
Ransomware gangs exploit Remote Monitoring and Management (RMM) tools through one of three main strategies:
Gaining initial access via preexisting RMM tools: As RMM tools typically require credentials for system access, attackers can exploit weak or default RMM credentials and vulnerabilities to gain unauthorized access to a network.
Installing RMM tools post-infection: Once inside a network, ransomware attackers can install their own RMM tools to maintain access and control, setting the stage for a ransomware attack. For example, the ThreatDown Intelligence team noted a case where ransomware attackers exploited an unpatched VMWare Horizon server to install Atera.
Hybrid approach: Attackers can use a slew of different social engineering scams, such as technical support scams or malvertising, to trick employees into installing RMM tools onto their own machines, enabling both initial access and a mechanism for ransomware deployment. The Barclays banking scam we wrote about in February 2024 is an example of this approach.
Top RMM tools exploited by ransomware gangs
The following RMM tools are commonly used by both ransomware gangs to oversee and control IT infrastructure remotely.
Splashtop: A remote access and support solution tailored for businesses, MSPs, and educational institutions. Exploited by the ransomware gangs CACTUS, BianLian, ALPHV, Lockbit.
Atera: An integrated RMM tool for MSPs that offers remote access, monitoring, and management. Exploited by Royal, BianLian, ALPHV.
TeamViewer: A software for remote access and support. Exploited by BianLian.
ConnectWise: A suite that includes solutions for remote support, management, and monitoring. Exploited by Medusa.
LogMeIn: Provides secure remote access to computers from any location for IT management and support. Exploited by Royal.
SuperOps: An MSP platform that combines RMM, PSA, and other IT management features. Exploited by CACTUS.
Nearly all of the ten ransomware gangs have included one of the above RMM tools in their attacks.
Preventing RMM ransomware attacks with Application Block and EDR
To prevent ransomware gangs from misusing RMM tools, businesses can adopt two strategies: blocking unnecessary RMM tools using application blocking software and utilizing EDR to detect suspicious RMM tool activity.
For instance, by employing applications like ThreatDown’s Application Block, businesses can prevent the use of non-essential RMM applications.
For necessary tools, such as AnyDesk, the EDR/MDR layers within ThreatDown Bundles can offer an additional layer of protection in case of an infection.
Consider a real example where ransomware attackers used AnyDesk to establish a Command and Control (C&C) server. In one case, a threat actor infiltrated a customers environment by exploiting an unpatched server with open ports exposed to the internet. AnyDesk was installed by the threat actor afterward, as indicated in the EDR alert below. Such activity is typical of what our Threat Intel teams observe just before the widespread encryption carried out in ransomware attacks.
EDR detecting malicious RMM tool usage, with relevant MITRE techniques
After investigating the alert, however, a customer can quickly isolate the affected endpoint to prevent encryption. Alternatively, the ThreatDown MDR service can identify the alert and offer guidance on remediation.
Stop ransomware RMM attacks today
Much like other Living Off the Land tools designed to facilitate IT administration, RMM tools are now double-edged swords.
Whether using RMM tools for initial access, post-infection ransomware deployment, or a combination of the two, ransomware attackers are upping the sophistication of their attacks. However, with ThreatDown, organizations can effectively curtail the abuse of RMM tools through technologies like Application Block and EDR.
Discover the difference with ThreatDown Bundles and elevate your organization’s defense against cyber threats. Get in touch for a free trial and experience the benefits of a simplified, yet robust, security framework.
Nothing is set to unveil its latest smartphone, the Nothing Phone (2a), on March 5. The device is expected to be less expensive than the company’s high-end Nothing Phone (2). However, you don’t have to wait until March 5 to catch a glimpse of the device. We have it right here for you to see.
Nothing Phone (2a) will be available in both black and white. It will be a plastic build this time versus the metal and glass build of the Phone (2). Of course, that’s one of a few ways that Nothing can offer this device at a lower price. While Nothing has been confirmed as a price yet, we have learned quite a few aspects of this phone from the company.
Nothing has confirmed that Phone (2a) will run on the MediaTek Dimensity 7200 Pro chipset with 12GB of RAM and a +8GB RAM Booster. Typically, the RAM Booster will come from the storage on the phone. Nothing says that they co-engineered this chipset for Phone (2a) which likely means we won’t see this chipset used on any other devices.
As for other specs, many are expecting to see at least 128GB of storage on board and a 5,000mAh capacity battery, though those two specs have not been confirmed by Nothing just yet.
These do look very similar to the renders Onleaks released a few days ago. Those are based on CADs, so they aren’t always 100% accurate, but they are usually pretty close – about 95% accurate, I’d say. These renders are directly from Nothing, so they are accurate, the only changes we might see are to the home screen.
Nothing Phone (2a) features a less intricate rear design
Compared to the Nothing Phone (2), the Phone (2a) has a less intricate design, at least on the rear. We can also see from these renders that the Phone (2a) won’t feature wireless charging. That’s a bit of a bummer since other “cheaper” phones, like the Pixel 7a, do support wireless charging.
Nothing also uses fewer Glyph modules on the Phone (2a) than the Phone (2), which had 11 glyphs. The Phone (2a) will have only three, which are all around the camera module.
The rear also appears to be in two parts, with the bottom portion looking like a cover and not showing components like the higher-end Nothing Phone (2).
There’s still a camera bump on the back, however with the cameras being centered, that should help avoid any wobbling while on a table. Additionally, with the cameras being centered, your fingers shouldn’t cover them when using them in the landscape for photos and video.
Nothing has been touting that they will announce the Phone (2a) at an online event on March 5. That’s just under two weeks away. So we’ll find out soon whether this is the real deal.
It seems like, from the get-go, Google has been having big issues with all of its generative AI products. These require the company to go back and fix them. In the case of Gemini, Google paused image generation of people because it “missed the mark” when it comes to race and gender depiction.
Not too long ago, Google gave Bard the ability to generate images along with text. That functionality remained during the switch over to Gemini. You’re able to ask Gemini to generate images of pretty much anything. However, people are finding that generating images of people, who would historically be Caucasian or male, are resulting in images of people of color and females.
One person asked Gemini to generate an image of founding fathers, but it generated images of people of Asian descent. The founding father’s image also depicted the two people as being extremely modern with casual t-shirts, business-casual buttoned-up shirts, and no powdered wigs (you can’t forget the wigs, Google!). This is just one example.
Google paused image generation of people for Gemini because it missed the mark
The company posted a statement saying that it’s “aware that Gemini is offering inaccuracies in some historical image generation depictions.” It’s currently working on improving this and delivering accurate depictions of historical figures.
For the time being, this generation of people has been suspended. If you try to generate an image of a person, you’ll get a message saying “We are working to improve Gemini’s ability to generate images of people. We expect this feature to return soon and will notify you in release updates when it does.”
It appears that Google wanted a more inclusive generative AI experience by allowing more people with different skin tones and genders to be generated. The company gets points for that, as many image generators tend to favor generating Caucasian folks whenever asked to create a human being.
However, the company seems to have overshot it and missed the mark. We’re not quite sure when the ability to generate images of people will return. However, it should hopefully be soon.
In a significant move against cybercrime, the U.S. government has announced a bounty of up to $15 million for information that could lead to the identification, arrest, or conviction of individuals associated with the notorious LockBit ransomware group.
This announcement comes as part of a broader crackdown on ransomware operations that have caused extensive damage to numerous organizations worldwide.
DocumentLive Account Takeover Attack Simulation
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.
Background on LockBit
LockBit is a ransomware-as-a-service (RaaS) operation, which means its developers create ransomware software that affiliates then deploy against victims.
The group has been responsible for high-profile cyberattacks, including those on chipmaker TSMC, consulting firm Accenture, and a Foxconn subsidiary.
LockBit Ransomware Operator Data (Image Source: U.S. Department of State)
In 2022, LockBit was identified as the most deployed ransomware variant globally by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Law Enforcement Actions
Recently, international law enforcement agencies, including Europol and the U.K.’s National Crime Agency, have seized LockBit’s dark website, replacing it with a notice of control by authorities.
This operation, known as “Operation Cronos,” involved the FBI and other law enforcement organizations from Australia, Japan, and Europe.
The takedown of LockBit’s operations is considered a significant victory in the fight against ransomware.
The U.S. Department of State’s Rewards for Justice program is offering the bounty, which includes $10 million for information on key leaders of the LockBit group and an additional $5 million for information leading to the arrest or conviction of anyone conspiring or attempting to participate in LockBit’s ransomware attacks.
Ransomware attacks have become increasingly prevalent, with payments to attackers exceeding $1 billion in 2023.
LockBit, in particular, has been one of the most active groups, with its ransomware variant targeting over 2,000 victims and receiving more than $120 million in ransom payments.
The Challenge Ahead
Despite the recent law enforcement success, the adaptability of ransomware gangs poses a continuous challenge.
LockBit’s operators are believed to be based in Russia, complicating efforts for arrest due to geopolitical tensions.
However, the U.S. government’s substantial reward offer underscores the seriousness with which it is pursuing these cyber criminals.
The U.S. government’s reward offer marks a critical step in the global effort to combat ransomware.
By incentivizing information that could lead to the dismantling of LockBit, authorities aim to disrupt the ransomware ecosystem and prevent future attacks.
The fight against cybercrime remains a top priority, with the U.S. and its international partners committed to tracking down and prosecuting those responsible for these malicious activities.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Threads is the newest addition to the Meta social media app universe, and it’s been regaining a lot of steam since its user base plummeted last year. As a standalone platform, it’s performing well. However, Meta is looking to integrate it with its other siblings. Because of this, Meta is testing cross-posting between Threads and Facebook.
We’ve already seen some integration between Threads and Instagram; this makes sense, seeing as Threads was basically built from Instagram’s code. While scrolling Instagram, it’s not uncommon for you to see featured Threads. This is one thing that definitely helped boost its user base.
Meta is now testing cross-posting between Threads and Facebook
This is something that we saw coming. Facebook is already pretty closely tied to Instagram. You’re about to cross-post between Instagram and Facebook. This eliminates the need to post the same thing twice across the platforms.
Now, it’s Threads’ turn. The social media platform has been crawling back up the rankings as Meta has been adding more features to it. Now, the app has over 130 million monthly active users. So, it’s obvious that Threads is doing something right.
At this point, we’re not quite sure when Meta is going to expand this test to other users. However, it seems to be working fine. When the feature does make it to the public, it’ll be a way for more posts to exist on Threads. Not many people like to post the same content on different social media accounts. This will eliminate the need to double-post, and it gives people more opportunities to gain traction on Threads
After multiple leaks and rumors in recent times, the Samsung Galaxy Fit 3 is finally official. The wearable fitness device debuted without much fanfare because everything leading up to today’s launch left very little to the imagination. The latest offering arrives nearly four years later as the successor to the Galaxy Fit 2 from 2020. It packs significant upgrades over its predecessor.
Samsung Galaxy Fit 3 arrives officially putting leaks to the bed
The Samsung Galaxy Fit 3 has a rectangular dial with an aluminum chassis and a silicone strap. It is IP68-certified dust and water-resistant up to 50 meters. There is a physical button on the right side. On the display front, the device has a 1.6-inch AMOLED screen that is said to be 45 percent larger than its predecessor. This allows room for viewing more information. The display can be customized with more than 100 watch faces via the Galaxy Wearables app.
In terms of health and fitness, the Samsung Galaxy Fit 3 is equipped with a heart-rate monitor, SpO2 sensor, sleep tracker, and the ability to track stress levels. It is also capable of detecting snoring and offers personalized sleep coaching to help users understand their sleeping patterns and improve it. The Fit 3 packs support for over 100 types of workout modes. Unfortunately, it lacks a built-in GPS, so users will need to carry their smartphones for outdoor activities.
The Galaxy Fit 3 packs additional useful features
The Samsung Galaxy Fit 3 comes with fall detection that lets users call emergency services if needed. The Emergency SOS feature can be triggered by pressing the side button five times if the user finds themself in a emergency situation.
The Galaxy Fit 3 users can also access a host of capabilities with a connected Samsung Galaxy ecosystem. They can sync the Do Not Disturb and Sleep mode on their Galaxy phone with the Galaxy Fit 3. The wearable device also packs convenient features like a remote camera and music control, find my phone, notification display, and more. Samsung says that the Galaxy Fit 3 is compatible with phones running Android 10 or above and having 1.5GB RAM. The latest offering is rated to last up to 13 days under typical usage.
The Samsung Galaxy Fit 3 is offered in Grey, Silver, and Pink Gold color options. It will be available in select markets starting February 23. The pricing has not been revealed yet. As per a recently leaked retail box, the wearable device is reportedly priced at 2,50,000 shillings (~$99) in Tanzania.
In a startling revelation that has sent shockwaves through the cybersecurity community, a massive data leak has exposed the inner workings of I-Soon (上海安洵), a Chinese tech security firm with deep ties to the country’s government agencies, including the Ministry of Public Security, Ministry of State Security, and the People’s Liberation Army.
Over the weekend of February 16th, the leak provided an unprecedented glimpse into China’s cyber espionage operations, raising serious questions about global cybersecurity and the extent of state-sponsored hacking activities.
DocumentLive Account Takeover Attack Simulation
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.
Unmasking I-Soon: Hacker-for-Hire
I-Soon, known for its contracts with various People’s Republic of China (PRC) agencies, was at the center of a significant security breach when a trove of its internal documents was leaked online.
The leaked documents, which include contracts, marketing presentations, product manuals, and lists of clients and employees, reveal detailed methods used by Chinese authorities to surveil dissidents overseas, hack other nations, and promote pro-Beijing narratives on social media platforms, reads Sentinel Labs report.
The documents also show I-Soon’s involvement in hacking networks across Central and Southeast Asia, as well as Hong Kong and Taiwan, using tools that allow Chinese state agents to unmask users of platforms like X (formerly known as Twitter), break into email accounts, and hide the online activities of overseas agents
This leak offers a rare window into the pervasive state surveillance and cyber operations conducted by Chinese authorities, highlighting the sophisticated nature of China’s cyber espionage ecosystem.
The Impact of the Leak
The leak has stunned researchers and analysts, providing some of the most concrete details seen publicly about the operations of a state-affiliated hacking contractor.
It reveals how government targeting requirements drive a competitive marketplace of independent contractor hackers-for-hire
The documents detail I-Soon’s compromise of at least 14 governments, pro-democracy organizations in Hong Kong, universities, and NATO, showcasing the global reach of China’s cyber espionage efforts
One of the leaked documents lists targeted organizations and the fees earned by hacking them, with data collection from Vietnam’s Ministry of Economy paying out $55,000, among other payouts
This leak not only embarrasses the company but also raises critical questions for the cybersecurity community, offering a unique opportunity to reevaluate past attribution efforts and gain a deeper understanding of the complex Chinese threat landscape.
Investigating the Leak
The source of the leak remains unknown, with speculation ranging from a rival intelligence service, a dissatisfied insider, or even a rival contractor
Chinese authorities are investigating the unauthorized dump of documents, and I-Soon has reportedly held meetings to assess the impact of the leak on its business
The leak’s authenticity, while still under investigation, has been deemed highly credible by cybersecurity firms and analysts who have examined the documents
The leak of I-Soon’s documents marks a significant moment in understanding state-sponsored cyber operations, shedding light on the intricate and often hidden world of cyber espionage.
As researchers and analysts continue to sift through the leaked data, the cybersecurity community is poised to reassess its defense strategies and attribution efforts in the face of a complex and evolving threat landscape.
This incident underscores the critical importance of cybersecurity vigilance and the ongoing challenges posed by state-affiliated hacking operations on a global scale.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Bluzelle, a Singapore-based decentralized storage company, is making it easier than ever to earn cryptocurrency with the launch of Curium, a new Miner Pool app. Curium allows anyone to contribute storage space and security to Bluzelle’s network and earn BLZ tokens in return, all from their computer or mobile device.
Traditionally, running nodes for blockchain projects has been a complex process requiring technical expertise and expensive hardware. Curium eliminates these barriers by offering a user-friendly app that works on any device, regardless of operating system.
The good news is that Bluzelle solves this by making it easy for anyone to install the Curium app on their computers or mobile devices. This app works on any operating system, including Windows, Mac, Linux, Android, or iOS. Once installed, users simply need to provide their Bluzelle wallet address.
Their device then becomes a “just in time” (JIT) storage node service provider, earning BLZ tokens for the fractional times their machine is online. This operation is similar to an Ethereum PoS pooler miner app, where anyone can install the app on their PC and start earning fractional amounts of ETH based on their device’s uptime.
However, it’s worth mentioning that users must remain alert against fake crypto apps created by scammers targeting iOS, Android, and Windows devices. Recently, Apple approved a fake wallet app on the Play Store that stole user data.
Similarly, Microsoft permitted a fake fundraising app that siphoned almost a million dollars from users. Furthermore, Google has been involved in multiple incidents where fake apps led to the theft of users’ funds. Therefore, it is significant to note that the Curium app is expected to be released by the end of 2024.
“The Curium storage node application is one of the core technologies we envisioned when we launched Bluzelle’s white paper over six years ago,” said Neeraj Murarka, co-founder and CTO of Bluzelle. “Now anyone can become part of our decentralized infrastructure network and earn rewards for simply having their device online.”
With Curium, users can contribute to the security and storage of Bluzelle’s network while earning BLZ tokens. This opens up the world of cryptocurrency to a wider audience, making it easier for anyone to participate in the Web3 revolution.