Federal judge is forcing Musk to talk with the SEC again over his purchase of Twitter

0
[ad_1]
Per Reuters, Elon Musk has been ordered by a federal judge to testify once again as the Securities and Exchange Commission (SEC) continues its investigation of Musk’s $44 billion acquisition of Twitter. The court gave Musk and the SEC one week to come up with a date and location for both sides to meet. If neither side can agree to a date and time for the interview, the judge said that she would hear from both parties and come up with a date and time for them.
The SEC sued Musk last October in an attempt to force the multi-billionaire to testify about the purchase of Twitter which he made in 2022. Musk, who famously renamed Twitter “X,” had failed to show up during a scheduled meeting with the SEC in September which was related to the agency’s probe of the transaction. Twitter was a publicly-traded company before Musk took it private which means that any deep dive into the transaction by the government would start with an SEC investigation. The question is whether Musk, in filling out the required paperwork for his purchase of Twitter, followed the letter of the law or included misleading statements with his submissions.

Musk accused the SEC of harassment as he attempted to prevent the regulatory agency from interviewing him again about the Twitter acquisition. He complained that the SEC had already spoken with him twice. Judge Beeler said that the SEC, seeking relevant information from Musk, did have the authority to subpoena him.

The SEC and Musk have battled before. In 2018, Musk posted a tweet that said, “Am considering taking Tesla private at $420. Funding secured.” The tweet led Tesla’s shares to soar 11% that day, but no deal was ever announced. The SEC, Musk, and Tesla agreed to a settlement. Musk and Tesla paid $20 million in fines, and Musk had to leave his post as Tesla chairman although he retained the CEO job. The settlement also required that any tweet Musk sent out with material information about Tesla had to be approved by the SEC in advance.


[ad_2]
Source link

Google Files loses its bottom bar in the latest update

0
[ad_1]

Google apps constantly get subtle updates and visual changes as the company further refines its app ecosystem. A new change just happened to the Google Files app that not many people will be upset with. The bottom bar in the Google Files app has been removed.

Previously, when you would go on to the Google Files app, you’d see a bar at the bottom housing three navigation tabs. The app would automatically open to the Browse tab which gave you a quick overview of all the files being held on your phone. Next to that, you would see the Clean tab. This will take you to the area to let you clean files that you no longer need. Lastly, there is the Nearby Share tab. This is a shortcut to activate the Nearby Share functionality to send files to different devices.

However, a new update removes the bottom bar from Google Files

If you’re on the latest version of Google Files, then you will open the app to a little message at the bottom of the screen. This will tell you about sharing files via Nearby Share. It’s a little odd that it doesn’t refer to Quick Share, as Google is in the process of replacing Nearby Share with Quick Share. In fact, a Nearby Share for PC has switched over.

After you shoo away that message, you’ll be met with your Google Files interface sans the bottom bar. You’re not really missing much without the bottom bar. If you want to clean your files, tap on the hamburger-style menu in the upper left-hand corner and tap on the Clean button which is the first item.

If you’re used to using the Nearby Share tab, sharing items is not a big issue. Hold your finger on a file, and press the Share button. You will see the Nearby Share option in the share sheet (it will be in a different spot depending on your device manufacturer). If you share a file after the switch to Quick Share, then you will just see the Quick Share button. Tap on that, and it will do the exact same thing.

If you don’t see this change, then you’ll want to update your app. Find the Google Files app on the Play Store and look for the Update button.


[ad_2]
Source link

Smart Helmets Flaw Exposed Millions to risk of Hacking and Surveillance

0
[ad_1]

According to cybersecurity firm Pen Test Partners, Livall’s smart helmets had an inherent flaw that could lead to the leaking of critical, sensitive user information including location data.

The emergence of smart ski tech like Oakley/Recon goggles and smart ski helmet speakers have made skiing or biking a lot more fun but the dangers posed by internet-connected devices cannot be overlooked.

The latest security and privacy issues with smart helmets and other internet-connected gadgets were highlighted in research conducted by UK-based cybersecurity testing firm Pen Test Partners (PTP).

According to PTP, Livall’s smart helmets have an inherent security vulnerability that can lead to the leaking of critical, sensitive user data. For your information, Livall is famous for smart ski and bike helmets. Its smart helmets allow groups of skiers/bikers to communicate using the built-in speaker and microphone and share their location-related information in a group using any of the two Livall’s smartphone apps. One of the apps is for bike riders and the other for skiers, both collectively boasting around a million users.

However, according to Pen Test Partners’ researcher Ken Munro, the security vulnerability allows easy access to any group’s audio chats and location data. Livall’s apps for group audio chat and location sharing require users to be part of the same friends’ group, which can only be accessed using a six-digit numeric code. Munro stressed that the code is not random enough, allowing anyone to access any of the 1 million possible group chat codes.

“That 6-digit group code simply isn’t random enough. We could brute force all group IDs in a matter of minutes,” Munro wrote in the blog post.

This is where the vulnerability occurs. A group code can be entered automatically, allowing a user to join without alerting other members. This allows access to users’ location and audio communications. A rogue group user can only be detected if a legitimate user checks on group members.

No Response from Livall to PTP

Here, it is worth noting that according to researchers, several attempts were made to contact Livall, but no response was received. Then, PTP contacted Tech Crunch’s Zack Whittaker on 22 January to get in touch with Livall.

Whittaker agreed to discuss issues with their bike app, which had more flaws than the ski app. Livall’s CEO responded to Whittaker on 23 January and asked for two weeks to fix the problem. On 5 February, Whittaker was informed that the app was updated with stronger join codes.

Meanwhile, IoT device users must exercise caution as the trend of hijacking smart devices and apps is gaining momentum alarmingly quickly. In a recent report, Hackread.com highlighted another shocking discovery by Pen Test Partners, revealing a critical issue in the Airbus Flysmart+ Manager suite.

The app, developed by Airbus-owned IT services company NAVBLUE, had a disabled security control, allowing it to communicate with servers using insecure methods, potentially allowing an attacker to modify aircraft performance data or adjust airport information. Researchers informed Airbus about the flaw in June 2022, and it was fixed in February 2023.

Experts Weigh In

To gain insights into this issue and vulnerabilities in IoT devices, we reached out to Adam Pilton, a Cybersecurity Consultant at CyberSmart and former Detective Sergeant who investigated cybercrime at Dorset, England Police.

“The vulnerabilities discovered in Livall helmets have been addressed, but this research prompts crucial considerations. Manufacturers must ensure strong security measures, yet users must also understand the risks of granting permissions to apps, said Adam.

“Whilst leading the Police Cyber Crime Team I saw many cases in which simple flaws such as this one, were exposed,” Adam explained. “This led to breaches of privacy, enabled crimes such as domestic abuse and often was the first step in a series of events that led to a significant cyber attack.”

“Timely responses from manufacturers are vital, as delays can exacerbate security risks. Collaboration and transparency are essential in the field of cybersecurity,” he advised.

  1. Reporter Gets His Email Hacked on The Plane
  2. Warning as small planes found vulnerable to hacking
  3. Smart alarm flaw let hackers track and turn off car engine
  4. Smartwatch flaw lets hackers overdose dementia patients
  5. Critical Flaws Found in Devices That Provide WiFi on Airplanes

[ad_2]
Source link

Which apps need your fingerprint? The latest Android 14 beta will tell you

0
[ad_1]

You want to sign into your favorite banking app or your tax management app. Then, you get a prompt asking for permission to use your fingerprint. However, do you really know if it is just that app using your fingerprint? Sometimes, it’s hard to know, but the latest Android 14 beta will show you which app needs access to your fingerprint.

In case you haven’t realized, Google just released the Android 14 QPR3 Beta 1 to Pixel devices. If you enrolled in the beta program, and you haven’t updated, you’ll want to install the update. People are still cracking into it and finding out what’s hidden within.

Android 14 will let you know which app needs access to your fingerprint

The sad fact of the matter is that you never really know which app is gaining access to your fingerprint. Sure, if you are logging into your Capital One credit card account, then you know that the Capital One app is getting access. However, bad actors have ways of doing things that they’re not supposed to and hijacking apps for their nefarious purposes.

You never know if a bad app is also getting access to your fingerprint or your facial data without you knowing. Malicious apps can slither around your operating system and gain access to things they shouldn’t.

Android 14 fingerprint access

So, in the case that another app is getting access to your fingerprint or facial data, Android 14 has a solution. When an app asks for permission to access your fingerprint, you will see that app’s icon at the top of the fingerprint prompt. Ostensibly, if another app is gaining access to your facial or fingerprint data, that app’s icon will pop up.

So, if you see another app pop up, you will know to delete that app immediately. Also, if you see another app getting access to your biometric data, then you should also that app. It increases the chances Google will delist that app.


[ad_2]
Source link

Does the world need transparent laptops? Lenovo thinks so!

0
[ad_1]

Lenovo is a world leader when it comes to laptops. It appears that a company has grown tired of the boring laptop form factor that we have now and has decided to mix things up. According to a new report, it appears that Lenovo is working on a transparent laptop. This device could be shown off during MWC later this month.

MWC sounds like a good idea we’re going to see s ton of top companies show off their products there. For example, Tecno is going to show off a rollable phone during the event.

While the source leaking this is reputable, you will still want to take this information with a grain of salt. Since we’re talking about a leak, there’s always the chance of it not being 100% true to life.

Lenovo could show off a transparent laptop at MWC

Move over Nothing, Lenovo also wants to bring a transparent device. However, there’s a completely different mentality here. From the looks of the leaked renders, it appears that the laptop’s display will be completely transparent. When it’s open, you will see right through the display. So, places in the picture where the pixel would be black will be completely transparent. Since it’s transparent, also expect a completely bezel-less experience.

Well, there technically is a bezel. The bezel is a massive chin bezel that, obviously, holds the very non-transparent electronic components. It’s an interesting-looking concept, and it would be interesting to see if Lenovo eventually released this product in the future.

Lenovo Transparent Laptop 2

As for the keyboard, it appears that there may not be a physical keyboard. Rather, it looks like this will be a dual-screen laptop. So, instead of there being a keyboard, you’ll see a secondary display with a digital keyboard. When the laptop is closed, you will see straight through the display to the digital keyboard.

Since this is a concept, we can’t really take some of the details to heart. For example, in one of the renders, it appears that this will have two USB-C ports. However, those might just be a formality.

There’s one potential issue

If this is indeed only a concept, then this could possibly be addressed. If transparent screens sound familiar to you, LG showed off an incredible-looking transparent television during CES this year. While the screen was transparent, it could be made non-transparent for the press of a button. A black sheet would rise from the bottom so that you can’t see through the screen. This will turn it into a regular television

However, there doesn’t seem to be anything in place to make this transparent Lenovo laptop non-transparent. Sure, the laptop will be nice to use in very dark environments or in places where privacy is not an issue. However, what if you want to take your laptop outside or in a coffee shop? The visibility will be a massive issue, and obviously, everyone will be able to see what is on your screen.

So, we’re going to have to see what Lenovo is going to do.


[ad_2]
Source link

Serious Security Vulnerability Patched In Shield Security WP Plugin

0
[ad_1]

A serious security vulnerability affected the WordPress plugin Security Shield, which could allow arbitrary file inclusion. The developers patched the flaw with the latest plugin release, making it necessary for the users to update to the latest versions as soon as possible.

Shield Security Plugin Vulnerability Allowed File

According to the details shared in a post from the team Wordfence, a local file inclusion vulnerability riddled the WordPress plugin Shield Security.

Shield Security plugin offers a simple firewall for WordPress websites, preventing bot attacks, malware, and other related threats. The plugin presently boasts over 50,000 active installations, indicating the huge number of websites exposed to threats due to any security vulnerabilities affecting the plugin.

Specifically, the vulnerability affected the plugin’s render_action_template parameter that allowing an unauthenticated adversary to include malicious PHP files on the target server. Ultimately, an attacker could execute malicious PHP codes via those files.

This vulnerability, CVE-2023-6989, received a critical security rating with a CVSS score of 9.8. Wordfence confirmed that the issue typically affected PHP files only, ruling out the possibility of remote code execution attacks. However, they did confirm that an attacker had numerous options to include and execute malicious PHP files on the target server. In their post, the researchers also presented a detailed technical analysis of the exploit.

Wordfence acknowledged the researcher with alias hir0ot for responsible vulnerability disclosure via Wordfence’s bug bounty program. The firm also awarded the researcher a $938 bounty for these findings.

Following the bug report, the plugin developers patched the vulnerability with the Shield Security plugin version 18.5.10. Yet, the plugin’s official page mentions 19.0.6 as the latest release, indicating further updates since this security fix. Hence, all users running this plugin on their websites must ensure updating to the plugin 18.5.10 or later (preferably to the latest available version) to receive all necessary bug fixes.

Let us know your thoughts in the comments.


[ad_2]
Source link

CISA and Fortinet Warns of New Critical FortiOS Zero-Day Flaws

0
[ad_1]

Fortinet has classified both security vulnerabilities as critical. Concurrently, CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with pertinent details regarding the issue.

Network security vendor Fortinet has released security updates to address remote code execution vulnerabilities (CVE-2024-21762, CVE-2024-23313) in FortiOS. The vulnerabilities could be exploited by cyber threat actors to control affected systems. Fortinet noted that CVE-2024-21762 is potentially being exploited in the wild.

Following the advisory from Fortinet, the US Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog on February 9, 2024, to add CVE-2024-21762. CISA confirmed that this vulnerability, affecting multiple versions, is being actively exploited in attacks,

As per Fortinet, CVE-2024-21762 (CVSS 9.6/10.0, rated Critical) is an out-of-bounds write vulnerability detected in SSL VPN. It allows remote unauthenticated actors to execute arbitrary code/commands through specially designed HTTP requests.

On the other hand, CVE-2024-23113 (CVSS 9.8/10.0, rated Critical) is a format string bug found in the FortiOS Forti/gate to FortiManager protocol and allows remote, unauthenticated actors to execute arbitrary code and commands. However, there is no evidence this vulnerability is being exploited in the wild.

The vulnerabilities affect versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. Fortinet has released patches for each affected version except for 6.0 for which users are advised to migrate to a newer version. It is worth noting that FortiOS 7.6 is not impacted.

The vendor stated that it balances customer security with a “culture of researcher collaboration and transparency” and regularly communicates with customers on security measures through their PSIRT Advisory process.

Still, the detection of ‘critical’ vulnerabilities in Fortinet OS has raised concerns among the cybersecurity community. CISA had earlier disclosed that a China-linked threat group Volt Typhoon has been exploiting vulnerabilities in network appliances from various vendors, including Fortinet, Citrix, Cisco, Ivanti, and NetGear.

“In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” the advisory read.

In one of the instances discovered by the Dutch agencies, the group likely obtained initial access by exploiting CVE-2022-42475 in an unpatched network perimeter FortiGate 300D firewall.

For insights into the latest Fortinet flaws and the rising concerns about vulnerabilities in network appliances, we reached out to Mayuresh Dani, Manager, Security Research, at Qualys Threat Research Unit who emphasised that Fortinet alerted its partners about the vulnerability before the public advisory. Considering this, the vulnerability might be easy to exploit, and a Proof of Concept (PoC) disclosure could happen soon.

“Fortinet sent out advanced notifications to its partners about this vulnerability before the advisory was made public. CVE-2024-21762 is already included in the CISA KEV list. The exploit code maturity is also ranked as HIGH in the vendor-supplied CVSS scoring,” noted Mayuresh.

“Given all these facts and the way Fortinet itself has characterized the vulnerability, it may be trivial to exploit this vulnerability and that a PoC disclosure is imminent,” Mayuresh warned. “Furthermore, no user interaction is required for exploitation and there is no mention of how this vulnerability was discovered – internally or via external reports.”

  1. Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk
  2. Hackers dump login credentials of Fortinet VPN users in plain-text
  3. Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products
  4. Hackers Exploiting Critical Vulnerabilities in Fortinet VPN – FBI-CISA
  5. Critical Flaw Exploited to Bypass Fortinet Products, Compromise Firms

[ad_2]
Source link

Microsoft Copilot’s latest update adds new UI on Android and iOS devices

0
[ad_1]
Formally introduced last month after being tested for about a year, Microsoft’s Copilot for Android and iOS devices has just received a major update that adds a new UI. Rolling out in waves, the update brings a more streamlined look and feel specifically designed to help users take advantage of Copilot’s AI-powered features.With more than 5 billion chats and 5 billion images created to date, Copilot is slowly becoming one of the biggest AI-powered tools available. The chatbot developed by Microsoft allows users to go beyond just creative images to now customize their generated images with inline editing right inside the app thanks to Designer.

Although some of the features offered by Copilot require a subscription, almost all of them have a free version that at least allows users to figure out if they’re worth paying for.

For example, Copilot Pro subscribers can also resize and regenerate images between square and landscape without leaving chat, in addition to customizing the images with Designer.
Video Thumbnail

Finally, Microsoft announced that it will soon roll out the new Designer GPT inside Copilot, offering users a more immersive, dedicated canvas inside the chatbot.

Microsoft’s Copilot is available for free and works on Microsoft Edge, Chrome, Firefox and Safari. All the changes announced this week will be rolled out on iOS, Android, and the web.


[ad_2]
Source link

Instagram and Threads claim they will stop recommending political content

0
[ad_1]

Meta continues to make major changes to how its social apps work, mostly due to the EU cracking down on tech giants. The EU’s new legislation is trying to create a fairer and more competitive digital economy, and this can’t be achieved without strict rules.

Some of the changes that Meta plans to implement are related to a certain type of content that the social company aggressively recommended to its users because it produced huge engagement.

If you’re a fan of politics and take your share of political news from social apps on a daily basis, you’ll most likely be affected by Meta’s upcoming changes for Instagram and Threads.

Both apps will stop recommended political content to its users, Instagram’s Adam Mosseri confirmed over the weekend. According to him, Meta no longer wants “to proactively amplify political content from accounts that you don’t follow.”

This means that while you will still be able to see political content from the accounts you already follow, you will no longer be suggested political content from accounts that you don’t have among your following list.

If political content is posted by an account that is not eligible to be recommended, that account’s content can still reach their followers in Feed and Stories, Mosseri explains.

Although Meta will stop recommending political content, users will still have the option to get this type of content if that’s what they really want. The changes will only apply to public accounts and only in places where Instagram and Threads recommend content.


[ad_2]
Source link

Getting ready to embrace AI, Grammarly lays off 230 employees

0
[ad_1]

If you write for a living, or you’re a student, Grammarly is probably one of your best friends online. Grammarly will help you find and correct grammatical and spelling mistakes and the paid version of the app and website will give you real-time writing suggestions to improve your report. For $12 a month, the paid version of Grammarly will even alert you to accidental plagiarism.

With many analysts talking about a future where generative AI bots replace human writers, it makes sense for Grammarly to use AI to help subscribers improve their writing skills. This week, Grammarly announced that it is laying off 230 employees to focus on “the AI-enabled workplace of the future,” according to the company. Grammarly said, “This decision supports Grammarly’s vision of bringing responsible AI writing assistance to people and workplaces everywhere. Millions of people and thousands of businesses use Grammarly to achieve more through better writing.”
In a memo to employees shared in a blog post, Grammarly CEO Rahul Roy-Chowdhury wrote, “As we strengthen our focus toward driving the AI-enabled workplace and deepen our technical investments in AI, we will need a different mix of capabilities and skillsets. We also need to redesign our organization to improve the quality and speed of collaboration — and that means, among other things, restructuring roles and co-locating certain teams.”

The executive made it clear that the layoffs were not a cost-cutting measure and said that Grammarly’s financial position remains “strong.” Instead, reducing the headcount is being done to get Grammarly prepared for the coming AI future. Those leaving the company will receive a minimum of 3 months’ base pay. That increases for team members who have been with the company longer. U.S.-based team members leaving the company will have an option to continue receiving their health insurance benefits for up to six months.

Grammarly is also helping those leaving the firm find a new position by offering “stipends or access to services for individualized career coaching, resume review, and other transition services.” The company will also create an “available talent” list that the public will be able to see. The list will include names, specialties, and “key results” that future employees can view. And those leaving Grammarly can keep their company-issued laptop for personal use.

Looking ahead, it’s easy to see that Grammarly is hanging its hat on AI. CEO Roy-Chowdhury wrote, “We see massive opportunity as every individual and business begins to harness the power of AI. For nearly 15 years, we’ve been building a product that helps millions of people every day, makes teams measurably more productive, and is already used by employees in 96% of the Fortune 500. We’ll build on this foundation to bring even more value to our customers. AI will fundamentally change the workplace for the better—and Grammarly will play a leading role in driving that change.”


[ad_2]
Source link