Apple announces support for 600 spatial apps and games on the Vision Pro

0
[ad_1]

Apple has officially announced the number of apps and games supported on the Vision Pro at launch. These are specifically designed for the headset along with access to over 1 million compatible apps on the App Store. The company’s first-ever mixed-reality headset is officially available for purchase after pre-orders concluded some time ago.

Apple Vision Pro gets 600 spatial apps and games at launch

As the Apple Vision Pro starts shipping in the US, the company has announced that over 600 spatial apps and games can take advantage of the headset’s hardware. This is in addition to a million compatible iOS and iPadOS apps. The Vision Pro will support a range of apps from productivity apps, games, and entertainment services from day one.

For sports enthusiasts, there is a PGA Tour Vision and NBA app for an immersive viewing experience on a 100-foot screen along with ultra-high resolution displays for each eye. There are also other sports apps including MLB, Red Bull TV, and compatible apps from top cable service providers. Users with the MLS Season Pass can also stream matches live on the Apple TV app.

Coming to the entertainment category, the Disney+ app lets users watch IMAX film in 2D and 3D while the Discovery Max app offers select titles available in 4K and Spatial Audio with Dolby Atmos. The Vision Pro course comes with Apple’s own Apple TV+ with some videos in 180-degree 8K 3D with Spatial Audio. Notably, Netflix, YouTube, and Spotify have snubbed the support for native apps on the Vision Pro. Users can stream content on their platforms in the headset using a browser, although the experience will be entirely different.

The Vision Pro also supports a host of games with more than 250 titles from the Apple Arcade. Users can also pair a PlayStation DualSense or Xbox Wireless controller. There is also support for spatial games. Some of the titles include NBA 2K24 Arcade Edition, TMNT Splintered Fate, Jetpack Joyride 2, WHAT THE GOLF?, Cut the Rope 3, and more.

The Vision Pro also has productivity apps and more

The Vision Pro is not only made for entertainment purposes. The headset also supports productivity and work-focussed apps. These include MindNode, JigSpace, Microsoft 365 apps, Fantastical, and Numerics. Compatible work-focussed apps include Zoom, Webex, Slack, Notion, Microsoft Teams, and Todoist.

The Apple Vision Pro can also do more. Hold the World app lets users go on a virtual museum tour whereas J.Crew Virtual Closet allos users shop for clothes virtually. There’s also spatial visualization of airport traffic to 3D weather.


[ad_2]
Source link

Pixel Watch Camera app adds Night Sight, Video, Slow Motion, and more

0
[ad_1]
If you own a Pixel Watch, you probably know that the Pixel Camera app serves as a controller. The good news is it recently received an update enabling users to switch between various photo and video modes on their Pixel Watch.

As reported by 9to5Google, the Pixel Camera app on Wear OS now offers more functionality beyond simply toggling between the front and rear cameras or setting a timer. Now, users can directly switch camera modes on the Pixel Watch. Accessible through the hamburger button, the “Modes” section at the top features Night Sight, Portrait, Photo, Video, Slow Motion, and Time Lapse options.

Before the update, users had to preset different modes in the Pixel Camera app on their phones before using the Wear OS controller. The mode switcher feature was introduced with Pixel Camera 9.2 in December, alongside additional user interface tweaks.

The primary list has been renamed to “Settings,” and the Camera switcher has transformed into a menu, requiring an additional step compared to the previous single-tap method for switching between them. This adjustment might be a tad inconvenient, especially when time is crucial.

Additionally, the timer function has also been modified to a menu, allowing users to choose between 3 or 10 seconds. This recent update closely follows the rollout of the Android 14  January security update for Pixel phones. With this latest update, both models of the Pixel Watch now share the same build number and are equipped with the January 5, 2024 security patch level.

Google unveiled its Pixel Watch 2 last year, alongside the Pixel 8 and Pixel 8 Pro. Now, rumors are already circulating about the potential updates of the upcoming Pixel Watch 3. For instance, a recent report hinted that Google might introduce the Pixel Watch in two sizes, which would be a welcome addition.


[ad_2]
Source link

Cloudflare Hacked After State Actor Leverages Okta Breach

0
[ad_1]

The aftermath of the 2023 Okta breach continues to unfold, with Cloudflare disclosing the details of its security compromise.

Cloudflare, a globally renowned cloud services provider, experienced a security incident on Thanksgiving Day, 23 November 2023, allowing unauthorized access to their internal Atlassian server. The company confirmed no customer data or systems were affected by the intrusion, which was effectively blocked within 24 hours.

The investigation was concluded recently. According to the company’s blog post published on 2 February 2024, Cloudflare detected the breach on 24 November 2023 and the investigation was launched on 27th November in cooperation with CrowdStrike, called Project Code Red. 

Cloudflare’s systems were accessed by attackers using an access token and three service account credentials were stolen during a previous Okta breach in October 2023. The threat actor gained access to its Atlassian environment using stolen credentials, reportedly seeking information about Cloudflare’s global network’s architecture, security, and management. It is worth noting that Cloudflare’s Atlassian system is responsible for managing internal collaboration tools like Confluence and Jira. 

“The threat actor accessed Jira tickets about vulnerability management, secret rotation, MFA bypass, network access, and even our response to the Okta incident itself. The wiki searches and pages accessed suggest the threat actor was very interested in all aspects of access to our systems: password resets, remote access, configuration, our use of Salt, but they did not target customer data or customer configurations.”

Cloudflare

Cloudflare discovered that a ‘nation-state attacker’ could be responsible for their server’s breach. However, the company did not share further details on the possible perpetrator. The attacker accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system on 14 November 2023.

Cloudflare CEO Matthew Prince, CTO John Graham-Cumming, and CISO Grant Bourzikas stated that on November 22, hackers gained persistent access to their Atlassian server, source code management system, and console server.

They also unsuccessfully attempted to gain access to a data center in São Paulo, Brazil, which was not yet put into production by Cloudflare. As a precautionary measure, every piece of equipment at its Brazil data center was returned to manufacturers to ensure the facility was safe.

As for prevention, response measures from Cloudflare’s staff included rotating all 5,000 unique production credentials, physically segmenting test and staging systems, performing forensic triage on around 4,983 systems, and re-imaging and rebooting global network systems.

According to Cloudflare, this includes all Atlassian servers, including Bitbucket, Jira, and Confluence. Although all remediation efforts were completed by 5th January, Cloudflare is still actively focusing on software hardening, and credential and vulnerability management.

For your information, Okta, an identity and access management services provider, reported a data breach on 23 October 2023, allowing unauthorized access to files, including session tokens, which could be used for hijacking attacks.

The attacker compromised a stolen account between September 28 and October 17, 2023, to view, update, and extract sensitive data by accessing Okta’s support case management system. 

Okta’s chief security officer, David Bradbury, revealed that at least 134 customers were impacted by the breach and some files were HAR files containing session tokens, which could be used for session hijacking attacks.

Many firms have reportedly been targeted with stolen Okta credentials, Cloudflare being one of them. Previously, 1Password, one of Okta’s customers, reportedly was targeted. On September 29, 2023, 1Password detected suspicious activity where a threat actor used a stolen session token to access its Okta administrative portal.

  1. 10 Top DDoS Attack Protection and Mitigation Companies
  2. Whitehat hacker bypasses SQL injection filter for Cloudflare
  3. LAPSUS$ Hackers Hack Microsoft and Okta, Leak Trove of Data
  4. Google, Cloudflare, AWS Disclose Largest DDoS Attack in History
  5. Cloudflare Launches Android and iOS version of 1.1.1.1 DNS Service

[ad_2]
Source link

Google’s Guided Frame ad will air during Super Bowl

0
[ad_1]

Google will showcase its Guided Frame feature in a Super Bowl ad this year, bringing attention to how it aids low-vision and blind users in capturing memorable photos. Google initially associated Guided Frame with the Google Pixel 7 series in 2022, but it has now expanded its functionality to the Google Pixel 8 series.

Unlike its initial limitation to the front-facing camera, the latest Pixel phones allow users to leverage Guided Frame with the rear camera system as well. Visually impaired filmmaker Adam Morse directed the behind-the-scenes video for the upcoming ad. The video provides insights into the experiences of users employing the framing feature.

The advertisement follows individuals utilizing the feature on Pixel devices to capture meaningful moments. Notably, while Pixel phones were not employed to shoot the ad, professional cameras and equipment were used for production. Adam Morse aimed to convey the experiences of blindness and low vision to sighted individuals. He applied visual distortions to the camera by using petroleum jelly on camera lenses. In the video, Morse shared his dedication to creating an authentic experience of blindness that remains accessible to individuals with sight.

Guided Frame utilizes non-visual cues to enable users with visual imparities to capture quality moments

Guided Frame employs object detection and non-visual cues to assist visually impaired users in taking quality moments. Audio instructions like “Hold for a photo,” “Move your phone down,” and “One face in the frame” guide users through the process. Additionally, the feature provides haptic feedback and displays high-contrast visuals for users with partial or low vision. Google’s development of this feature involved direct collaboration with blind and low-vision individuals. It was to ensure the incorporation of effective alternative sensory feedback.

In 2024, Google sheds light on Guided Frame’s expansion to recognize objects beyond people. It shows Google’s commitment to improving accessibility through the use of AI technologies.


[ad_2]
Source link

Three HMD smartphones coming during the ‘first phase’

0
[ad_1]

As many of you know by now, HMD Global has no plans to launch new Nokia-branded smartphones. The company will shift to its own HMD-branded devices, and some of them have already been teased by HMD. That being said, according to a new report, we can expect to see three HMD smartphones during the ‘first phase’.

Three HMD smartphones expected to launch during “first phase”

This information comes from 91mobiles who got the info from “industry sources who have been giving accurate leaks related to Nokia in the past”. The source also mentioned that HMD Global does plan to continue selling Nokia-branded phones for the foreseeable future, but new ones won’t be coming. HMD Global will also keep Nokia phone sales limited to offline stores, based on the provided info.

The source is saying that one of those three phones will be quite affordable. No specific info was given about the other two, but we presume neither of them will belong in the premium level. We’ll see.

The company is bringing some of its new phones to MWC 2024

Now, HMD Global is expected to announce its first ‘HMD’ devices during MWC 2024 in Barcelona. We’re not sure if all three devices mentioned here will launch, though, we’ll have to wait and see.

The company did start teasing its upcoming devices via its official website. If you take a look at the three images below, you’ll be able to see what we’re talking about.

Smartphones that HMD is teasing remind us of old Nokia Lumia phones

The device shown in the first image seems to be different-looking than the two shown in the other two photos. What’s interesting is that the phone(s) in the second and third images do remind us of some old Nokia Lumia phones with Windows Phone on them.

You’ll notice that these devices are quite colorful. The one in the first image seems to have flat sides, and a flat backplate, plus probably a flat display. The phone(s) in the other two images have flat top and bottom sides, while the left and right sides are heavily curved.

The Mobile World Congress is taking place later this month, so we’ll get all the necessary info there. HMD Global could release more teasers by then, though.


[ad_2]
Source link

Snap recalls Pixy drone due to fire hazard, issues full refund

0
[ad_1]

Snap, the company behind the social media app Snapchat, is recalling its Pixy drone due to a fire hazard. The US Consumer Product Safety Commission (CPSC) says the lithium-ion battery in the drone can overheat and catch fire. The agency has received four reports of the battery overheating and bulging, leading to one fire and one minor injury. It advises consumers to immediately stop using the drone, remove the battery, and stop charging it.

Snap recalls its Pixy flying drone camera

Pixy was launched in April 2022 as a flying camera companion for Snapchat users. It is a mini drone that works without a controller or an SD card. Simply activate the device and select the flying mode, and you have a flying camera for hands-free video recording. You can select from four preconfigured flight paths—the drone can float in front of you, orbit around you, or follow you as you walk or run.

On a single charge, Pixy can capture five to eight flights. Videos and photos captured by the drone are automatically transferred to your phone. It is a cool little device that can add a fun element to your social media experience. Snap CEO Evan Spiegel once suggested the market for these kinds of personal drones was huge, bigger than that for camera-mounted glasses. However, the company discontinued Pixy just four months after launching it.

Now, two years later, it is recalling every single Pixy drone it sold. Not just the battery but the entire drone. As The Verge noted, this could be because it no longer makes those batteries. In fact, Snap doesn’t want you to send the defective batteries back. You have to only send the camera and other accessories and dispose of the battery safely yourself, adhering to your local laws.

You can get a refund of up to $250

According to CPSC, the total recall volume is about 71,000 units. These include batteries purchased separately, so Snap sold fewer than 71,000 Pixy flying cameras. The company will refund all purchases, including optional accessories. You don’t need a receipt to apply for a refund. You will get a refund even if you received the drone as a gift. All you need is its serial number, a 16-character alphanumeric code on the back of the device, under the battery.

Once you have it, fill out this form and Snap will email you a prepaid return label. As far as disposing of the battery is concerned, the company says you should not drop them at household garbage or recycling bins or used battery recycling boxes at retail stores. You should follow “the procedures established by your municipal recycling center for damaged/defective/recalled lithium-ion batteries.”

You will get at least $185 for each Pixy flying camera you send back to Snap. If you purchased the Flight Pack bundle, you could get a refund of up to $250. Additionally, each extra charger or battery you purchased will fetch between $40 and $50, while the Pixy batteries that Snap sold separately are worth between $16 and $20. You can find more details about this recall program on an official support page here.


[ad_2]
Source link

Xiaomi 14 Ultra could be more expensive than its predecessor

0
[ad_1]

The Xiaomi 14 Ultra is expected to arrive in the coming months, and it will seemingly be more expensive than its predecessor. This information comes from a very reliable source, actually. Digital Chat Station shared the info, one of China’s most accurate tipsters.

The Xiaomi 14 Ultra will be more expensive than its predecessor

He says that the Bill of Materials (BOM) estimation indicates a price increase. The BOM has increased for more than CNY700 ($100), so we can expect the Xiaomi 14 Ultra to get a price hike.

The tipster also confirmed that we’ll get a quad camera setup on the back, with Leica optics. The phone will also include Xiaomi’s self-research tech, and that goes for communications, materials, batteries, and more

We don’t know when exactly is the phone coming, but it’s coming in the next couple of months based on everything we’ve seen thus far. Its specifications have been rumored quite a few times thus far.

Four 50MP cameras are expected, while the main one will support multi-stop variable aperture

The Snapdragon 8 Gen 3 is expected to fuel the device. Four 50-megapixel cameras are rumored. The main unit will be the Sony LYT-900, allegedly, and it will offer a multi-stop variable aperture (f/1.63-f/4.0).

A 5,180mAh battery is also rumored, while the phone is said to offer 90W wired and 50W wireless charging support. Yes, a charger will be included in the package, in case you were wondering.

An in-display fingerprint scanner is expected, and it will be an ultrasonic one. Xiaomi stuck to optical in-display fingerprint scanners thus far, but that will likely change with the Xiaomi 14 Ultra.

A large AMOLED display is also expected with a 120Hz refresh rate. Yes, that will be an LTPO panel with an adaptive refresh rate. Android 14 will likely come pre-installed, with Xiaomi’s HyperOS on top of it.


[ad_2]
Source link

Google’s newest AI generative tools help users create images and music

0
[ad_1]
Google’s Bard AI has been recently upgraded with a handful of new features and improvements, including the company’s newest generative AI tools such as ImageFX, MusicFX, and TextFX.

While MusicFX and TextFX were available for a few months, they have been improved this week with new features and functionalities, so if you’ve played with these before, it’s worth revisiting them after the update.

For the first time, those passionate about AI can check out Google’s new ImageFX model. The new generative AI tool helps people create images with simple text prompts.

Initially available as an experiment in Google’s Labs, ImageFX is now available for everyone. ImageFX comes with a prompt interface that features “expressive chips” allowing users to experiment with adjacent dimensions of their creation and ideas.

In addition to launching ImageFX, Google announced improvements to MusicFX and TextFX. The former received new capabilities such as higher-quality audio and faster music generation.

As far as TextFX goes, this was launched last year and recently got usability updates that improve the overall user experience and navigation.

It’s important to mention that these AI generative tools are only available in the United States, New Zealand, Kenya, and Australia. Also, everything generated by Google’s AI tools will be watermarked digitally.


[ad_2]
Source link

State-of-the-Art Redis Malware Bypasses Security Solutions

0
[ad_1]

Discovering a clandestine and potent menace, Aqua Nautilus researchers have brought to light the HeadCrab, an advanced threat actor wielding bespoke malware targeting Redis servers globally. 

Redis, an open-source, in-memory data structure store, serves as the unsuspecting battleground for the HeadCrab onslaught. 

Often left exposed on the internet without proper authentication, default Redis servers become vulnerable to unauthorized access and command execution, laying the foundation for potential exploits.

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

The narrative begins with an assault on a honeypot, as the HeadCrab threat actor strategically deploys the SLAVEOF command to compromise a Redis server. 

A map depicting the amount and locations of compromised Redis serversA map depicting the amount and locations of compromised Redis servers

This sets off a chain reaction, leading to the download of the elusive HeadCrab malware onto the victim’s server. 

Detailed command logs unveil the meticulous steps employed, from configuring the server to loading the malware module.

Unraveling HeadCrab’s Arsenal

HeadCrab’s malicious module, when reverse-engineered, reveals sophisticated malware equipped with eight custom commands. 

These commands, prefixed with “rds,” empower the attacker with extensive capabilities, ranging from manipulating Redis configurations to establishing encrypted communication channels with Command and Control (C2) servers.

Why “HeadCrab”? The threat actor provides a hint, referencing the HalfLife game’s monstrous creature that turns humans into zombies. 

The malware itself features a “miniblog” within, acknowledging Aqua Security and linking back to their previous Redigo malware discovery.

HeadCrab operates stealthily, running solely in memory, avoiding disk storage, and communicating with legitimate IP addresses. 

Runtime detection becomes crucial, as showcased by Aqua’s platform, revealing the stepwise chain of events, from dropped executables to the execution of the XMRIG malware in memory.

Mapping to MITRE ATT&CK Framework

The HeadCrab campaign aligns with various techniques from the MITRE ATT&CK framework, offering a comprehensive mapping of the attack components to established tactics, further aiding in understanding the threat landscape.

HeadCrab poses a significant threat, having infiltrated over 1,200 servers. 

Immediate remediation is imperative for infected systems, involving thorough incident response, isolation, and cleanup. 

Mitigation strategies include hardening Redis server environments, adhering to best practices, and utilizing tools like Aqua’s platform for continuous scanning and monitoring.


[ad_2]
Source link

Ivanti Discloses 2 New zero-days, 1 Under Active Exploitation

0
[ad_1]

Two new zero-day vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure products that are assigned with CVE-2024-21888 and CVE-2024-21893. Additionally, one of the vulnerabilities (CVE-2024-21893) has been reported to be exploited by threat actors in the wild.

However, Ivanti has released a security advisory for patching these vulnerabilities and urges all their customers to patch them accordingly. It is worth noting that Ivanti Connect Secure was reported with a zero-day earlier this month, which was also exploited by threat actors in the wild. 

Document
Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

2 New Zero-days

CVE-2024-21888: Privilege Escalation vulnerability

This vulnerability exists due to a web component of Ivanti Connect Secure and Ivanti Policy Secure that allows a threat actor to elevate their privileges to that of an administrator.

The prerequisite for exploiting this vulnerability requires the threat actor to have a user privilege on the vulnerable device.

The severity for this vulnerability was given as 8.8 (High). There has been no evidence of exploitation for this vulnerability.

CVE-2024-21893: Server-Side Request Forgery

This vulnerability exists in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA, which allows a threat actor to access some unrestricted resources without any authentication.

The severity for this vulnerability was given as 8.2 (High). This vulnerability has been reported to be exploited by threat actors in the wild.

In addition to this, both of these vulnerabilities have been added to the CISA’s Known Vulnerability Catalog alongside the previously exploited vulnerabilities CVE-2024-21887 and CVE-2023-46805

Affected Products and Fixed in Version

Affected ProductsVulnerable versionsFixed in versions
Ivanti Connect Secure9.x and 22.xversions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1) and ZTA version 22.6R1.3.
Ivanti Policy Secure9.x and 22.x

It is recommended that users of these products upgrade to the latest versions to prevent these vulnerabilities from being exploited by threat actors.


[ad_2]
Source link