Everything You Need To Know About The Streaming Platform

0
[ad_1]

Roku is a hugely popular streaming TV platform that competes with Fire TV for the top spot. Despite the constant shifts in popularity, Roku remains a favorite of many due to its simplicity and ease of use. In fact, its interface has remained largely unchanged for over a decade, even as streaming TV has evolved significantly. However, there’s much more to Roku than just streaming Netflix, YouTube, or Sling. If you want to learn everything there is to know about the Roku platform, we’ve got you covered.

rok

What is Roku?

Roku makes streaming devices that allow you to cut the cord from cable. It was one of the first to really jump into the streaming hardware game, and believe it or not, it was founded in 2002. Way before any of us thought about streaming Netflix. The beginnings of Roku are pretty interesting and include being part of Netflix. Reed Hastings, still the current CEO of Netflix, decided to nix the project, as it would hamper their ability to get onto competing products. Which back then, really only included smart TVs and their own operating systems.

Interestingly, Roku is the term used for “six” in Japanese, which represents the sixth company that Anthony Wood founded.

Unlike some of the competitors in the space, like Apple TV, Android TV, and Amazon’s Fire TV, Roku has always focused on keeping its hardware super simple. That also allowed Roku to keep its prices pretty low and sell millions of units. It’s what also makes Roku appeal to those who are slightly tech-illiterate. Your grandma could use a Roku with almost no problems.

Fast-forward to 2021, Roku is now a publicly traded company with a market cap of around $45 billion.

Is Roku a hardware or software?

Technically, Roku is both hardware and software.

Roku sells streaming players like the Roku Premiere, or the Streaming Stick+ at about the price it costs to make them. Roku makes its money with the ads that it is able to sell on the apps on its platform. And from The Roku Channel, which we’ll talk about a bit more later.

Ro

Which means that the Roku OS is actually really important. And as mentioned before, Roku has kept the operating system super simple for years. In fact, it hasn’t really changed much since the first streaming player came out in the 2000s. And that’s because it didn’t really need to.

Roku also licenses out its operating system to partners like Hisense, TCL, and Walmart (via its Onn brand) to use in their products. TCL has actually made a name for itself and become the fourth largest TV maker by going all-in with Roku on its TVs.

Is it free?

After you pay for the hardware, Roku is free. But you can pay for different things like HBO MAX, or Showtime through Roku. It is a bit like Amazon’s Prime Video Channels work. But there’s no subscription fee for Roku, thankfully. We have seen some scams going around trying to get people to pay for “customer support” from Roku. That is not real, and if you get that scam, make sure to report it and don’t fall for it.

Basically, you’ll pay for some of the apps and services on Roku, but you aren’t paying Roku itself. Roku makes its money from its partners.

roku os 11 3

Roku OS 11.5

Roku announced OS 11.5 on September 12, 2022. It’s a relatively small update to the operating system, but still brings in some nice new features for the platform.

Roku OS 11.5 makes it easier to use and better content discovery, which is now at the forefront of the streaming experience. It also brings a platform-wide Save List and Continue Watching. This is found in the What to Watch section. Roku has also added enhanced search results with the introduction of Visual Search Results, and that’s just some of what’s new here.

Roku OS 11

On Tuesday, March 22, 2022, Roku announced its next big software update to the platform. That’s Roku OS 11. This update brings a number of new features to the platform, though the biggest is the new “What to Watch” home screen. This home screen will give you recommendations on what to watch from a number of different providers. It also includes support for YouTube TV, Hulu + Live TV, and Sling TV.

In addition to that, there is now a new photo screensaver coming to Roku. So you can show your own photos on your Roku device when you’re not using it. Roku has also added a new voice-enabled keyboard that works on passwords too. There’s a new “Automatic Speech Clarity” mode and new Standard, Dialogue, Movie, Music, and Night sound modes for Roku Streambar and its other sound products.

Roku OS 10.5

Roku announced OS 10.5 on Monday, September 20, 2021, among a few other Roku products. As noted by the .5 increase in the version, this is not a huge update, but it does bring in some nice new features to Roku.

This includes making it easier to find content to watch with the new Live TV Channel Guide for Roku Streaming Players. This is mostly for the Roku Channel, which has over 200 channels that you can watch for free. There’s also a new Roku Search Music and Podcast Row.

Roku is also making it easier to set up a new Roku stick or set-top box with enhancements to voice entry for email, password and PIN for on-screen keyboards. There are also new sound settings in the Roku mobile app (US only).

These are just some of what Roku has added in Roku OS 10.5. You can learn more about it here.

How does Roku work?

No matter what Roku device you buy, the experience is mostly the same. Whether that’s a TV with Roku built-in, a Soundbar with it, or a set-top box, they all have an Ethernet jack, so you can go wired if your internet is not quite as powerful as you may need for 4K video. But there is also WiFi available with Roku’s devices.

The home screen uses a pretty easy-to-read grid, so you can go left to right or up and down to find your favorite apps. You can also long-press on the apps to re-arrange them to your liking. For example, if your four most-used services are YouTube, HBO MAX, Netflix, and Peacock, you can move those all to the top row. Making them easier to jump into.

On the left side, you’ll see different options for getting into the store, finding stuff to watch on The Roku Channel, jumping into settings, and so forth. It’s all right there, making it super easy to use.

Adding Channels

On Roku, it calls “Apps” “Channels,” likely to make it feel more like a traditional TV instead of just a bunch of apps on your TV. It’s very simple to add channels to your device, too. Just head into the Channel Store.

From there, you can search for your favorite channels. Like any app store, it also has different categories, which you’ll find on the left. And that includes games, too.

Once you find a channel to add, just click on it, then click “add”. It will then be added to your Roku account, and it’ll appear on any Roku device you might have in your home. That’s particularly useful for those who might have a few Roku’s in their home, with each TV.

You can also search the Roku Channel Store on the web and add channels to your device that way.

Finding something to watch

Roku has more channels than all of its competitors, at nearly 3,000 right now. So there’s a ton of content to watch on Roku, but it can also be a bit difficult to find something to watch on Roku, because of that.

But Roku does have a pretty impressive universal search feature that will search for a title across all of the channels that are on your Roku device. Not only can you search for titles, but also actors/actresses, and even lines from a movie or TV show.

Matches for your search are then sorted by the price, and there will be icons beside the titles that indicate what it is. A channel, movie or TV show. You’ll also be able to click on it to learn more about the title.

Unlike Google TV, Roku does not yet have a stream of content available on your home screen with content it thinks you might want to watch, or live content if you have  Sling TV or Fubo TV. The home screen is still limited to just showing your channels.

Update: On December 8, 2021, Google and Roku came to an agreement for YouTube TV. Just a day before YouTube was set to be removed. YouTube TV should be available again in the coming days.

This is one area where the simplicity of Roku actually counts against it. Because if you’re just browsing for something to watch, you need to open different apps to actually find something, instead of just scrolling down the home screen.

Using your voice (via Google Assistant and Amazon Alexa)

While Roku is not a huge tech company like Apple, Amazon, or Google, it has done a great job of working with all of their products. Instead of building competitors, Roku wanted to make sure it supported everything. So newer devices support Google Assistant, Amazon Alexa, Google Cast, and Apple AirPlay 2. Siri is not supported since it’s not really on third-party devices.

This means that you can use your voice to control your Roku device. Whether that is Amazon Alexa or Google Assistant, both will work with Roku.

You will need to give Roku access to your Google or Amazon account to use either of these voice assistants. Which can be done in the settings on your TV, or within the Roku app. This is needed because then your Google Assistant or Amazon Alexa won’t know who you are, or have access to your account. As you can do non-TV things on Roku too. Like asking about the Weather, or turning off the lights, etc.

It’s really smart of Roku to support both of the major voice assistants so that people can use whichever one they want and still use this set-top box.

Roku Channel Kids Families

Casting and AirPlay 2

As mentioned, Roku does also support Google Cast and Apple AirPlay 2. So depending on whether you are an iPhone user or an Android user, you can still mirror content on your Roku device. This means that you can easily throw a YouTube video from your phone onto the TV.

The only caveat here is that not all apps support this feature. For example, before HBO MAX made its way onto Roku officially, it did not support casting to your Roku device. That has since changed. As HBO MAX is now available on Roku.

There’s free content too

Almost all of the TV Everywhere apps are available on Roku. And those for the OTA channels that you’d get in your area too. Which are free. That includes ABC, NBC, The CW, as well as Pluto TV and Crackle. The Roku Channel is also available, which we’ll talk more about a bit later. These are all free, and supported by ads. So while you’re not paying you will need to sit through some ads.

The Roku Channel

One of the ways that Roku has decided to try and make some money lately, is through The Roku Channel. It houses free content, so you don’t need to pay for it, and it’s available on all of the Roku devices by default.

This channel will give you free content that is ad-supported. Though, usually the majority of this content is older. We’re talking at least a decade old. So you may not find a whole lot of content you want to watch right away on it. But hey, it’s free.

And Roku is continuing to add more content to this channel as well. So the content will continue to grow here. There is also 100 free live TV streaming channels available here. From news providers like ABC News Live, NowThis, Reuters, and USA Today.

Roku now has over 200 live TV channels available for you to choose from. On August 17, 2021, they added an additional 17. Providing plenty of free content for you to watch.

Roku Live TV Zone

Live TV Zone Live News

In January 2022, Roku launched the Live TV Zone. Which is basically a way for you to see what’s available in live programming right now. It will work with the Roku Channel, as well as some other live TV streaming services like YouTube TV, Sling TV, and Hulu with Live TV.

Roku does a good job of combining all services that have live TV together and show you which app it is on. Whether that’s the Roku Channel, Tubi or something else.

The Roku app

The app isn’t a must-have, in our opinion. But it is still nice to have.

With the Roku app, you are able to find channels to install and add to your Roku device. You can also move your channels around and it’ll be reflected on your Roku device.

There is a dedicated tab for the Roku Channel as well. So you can see what’s playing, and of course have it start playing on your TV.

Perhaps the best feature of the app is that it can be used as a remote. So if you lost your physical remote, you can use the app to control your TV. It can also make it a whole lot easier to search for something to watch, as you have a touchscreen keyboard, instead of moving the cursor left to right to pick each letter on the TV.

Finally, you can enable private listening by pairing a pair of headphones to the app, and still play it on the TV. Which is pretty neat. And surprisingly, there’s no lag there either.

What Roku devices are available to buy?

Roku devices range from around $20 all the way up to $100. Each offering different features. For example, the cheapest ones do not offer up 4K HDR support, while the more expensive ones do. And the most expensive one also has Dolby Atmos support. You can check out the latest sales on Roku devices here.

Roku Express

roku

This is the cheapest option currently available. It supports HD streaming, up to 1080p. Which is fine, since most of the streaming services cap at 1080p and the studios are still filming at 720p and if you’re lucky, 1080p. It’s very small, but definitely mighty. At just $30, it’s worth buying for a secondary TV in your home.

Roku Express – Amazon

Roku Streaming Stick 4K

roku4k 768x432 1

Roku announced the Streaming Stick 4K and 4K+ on September 20, 2021, and it’ll begin shipping in October.

This new streaming stick replaces the Streaming Stick+. It offers better 4K support, as well as improved speed and WiFi. The Streaming Stick 4K comes with Dolby Vision, and Dolby Atmos is available via pass-through.

The main difference between the Streaming Stick 4K and 4K+ is that the 4K+ comes with the Roku Voice Remote Pro.

 

Roku Ultra

roku

This is the highest-end Roku available, coming in just a penny shy of $100. The Ultra is able to stream at up to 4K HDR quality, and also supports Dolby Atmos and Dolby Vision, and Bluetooth streaming. It also includes a pair of headphones for private listening. Amazing how the remote has a headphone jack, yet your smartphone does not.

Roku Ultra – Amazon

Is it worth it?

Roku is worth it for the sheer amount of channels that it offers. At 3,000 channels, it’s more than any of its competitors. A big reason for this is how popular it is and the fact that it has a lot of international channels. So you can watch foreign films and TV shows on your Roku device right there, without leaving the country.

Where Roku devices cost as little as $20, and sometimes cheaper during the holidays, it’s a no-brainer to pick one up. Or even get a TV with Roku built-in.


[ad_2]
Source link

Expect More Streaming Service Consolidation in 2024

0
[ad_1]

A trend that we expect to see continuing into 2024 is streaming consolidation. We’ve seen this already happen quite a bit in 2023 (and, to an extent, in 2022). In 2022, WarnerMedia and Discovery announced their merger, which was finalized in 2023, and the combined company is now Warner Bros Discovery, with the relaunched “Max” app to go along with it.

In 2023, we also saw Disney purchase the remaining portion of Hulu from Comcast. Disney paid $8.6 billion for Comcast’s 33% stake in Hulu, however they will likely be paying more in the future, after an appraisal is done. While this isn’t really a consolidation, it does mean that Disney can push Disney+ into Hulu and vice-versa.

At the end of 2023, we’ve started to hear rumors of Warner Bros Discovery and Paramount in talks to merge. That would make the company about as large as NBCUniversal and Disney, as well as Netflix, from a streaming perspective.

So why are we seeing all of this consolidation? It’s simple. Most of these streaming services are not making money. This is because there are so many streaming services that most people aren’t subscribing to more than two or three, with a few subscribing to around five streaming services. This is forcing streaming services to look again at their strategy.

Additionally, studios are finding that it is more lucrative to license their content to other streaming services versus putting it on their own streaming service. A big reason for this is that most streaming services offer an ad-supported tier now. And in the contracts for those ad-supported tiers, the studio gets a cut of the ads played alongside their content. That is making it more lucrative for, say, Warner Bros to license the Harry Potter franchise to Peacock.

warner bros discovery

Streaming consolidation isn’t just about mergers

While we are seeing more and more companies looking at mergers to compete with the bigger streamers, that’s not all that’s going to happen within the consolidation phase. Bundles are going to be a big part of consolidation, which we have already started to see happen.

There have been rumors lately that Apple and Paramount were in talks to offer a bundle that would see users getting both Paramount Plus and Apple TV Plus for a low price. No price was mentioned other than saying it would be cheaper than subscribing to both services separately.

Verizon has also been a big player in this space its +play service, which allows you to subscribe to different services, all through your Verizon account. But you can also get credit for +play every month, which saves you a few bucks. Verizon has also recently launched a Netflix and Max bundle for $10 per month, which is an incredible discount.

These streamers are ultimately looking to target Netflix, which is currently the big dog in the streaming world. A big part of that is Netflix’s early start in streaming. Netflix began its streaming counterpart in 2007, so they’ve been doing this for quite some time. Started out with licensing content from a number of studios and is now doing a hybrid of licensing and creating its own original content. For quite some time, Netflix was spending so much on original content that it was not making money. However, that has changed now. Netflix is pretty quick to pull the plug on content that isn’t doing as well as they had hoped, which has been a huge negative for the service as of late.

Amazon Fire TV omni QLED series AM AH 13

What’s the future of streaming?

Here are a couple of things to remember about streaming as we move into 2024. The first thing is interest rates. It’s currently more expensive to borrow money than it was a couple of years ago. That means a lot of streaming companies and studios are spending less on content. And that, in turn, is going to cause more churn of customers, which will result in less revenue coming in.

Additionally, we’re in the middle of a recession right now, where consumers are going to be tightening their belts a bit. Obviously, one of the first things that consumers will cut is indeed streaming services. They are easy to cancel, and it’s not necessarily a need for a lot of people.

While this won’t necessarily happen in 2024, I could see a lot of these smaller streaming services going away. Now whether that means merging or simply going bankrupt and pulling the plug is another story. But I do believe we’ll be left with no more than five main streaming services. That would be Netflix, Hulu, Max (if the Warner Bros Discovery and Paramount merger happens), Amazon Prime Video, and Apple TV Plus. I believe that Amazon Prime Video and Apple TV Plus will stick around because these are not the main businesses for Amazon and Apple. In fact, they are loss leaders. So they can stick around and continue losing money for these companies, as long as they bring in more customers for their other businesses.

But as for the main three – Netflix, Hulu, and Max – I think that would be a really great group of streaming services. Unfortunately, I can see prices continuing to rise. And for everyone saying, “It’s just as expensive as cable,” first off, it is not. Secondly, you can cancel any of these services at any time; that’s something you can’t do with cable – it’s either all or nothing.

2024 and beyond is going to be rather interesting for streaming. It’s going to be very interesting to see which streaming services fold, which ones merge with others, and which are still around this time next year.


[ad_2]
Source link

Galaxy S24 has a more premium design thanks to slimmer bezels

0
[ad_1]

Samsung is just weeks away from unveiling the Galaxy S24 series. Well, there is hardly anything that leaks haven’t already revealed, but an official announcement is pending. It is expected on January 17, 2024. Ahead of that, tipster Ice Universe has highlighted a key design change that makes the new phones look more premium than their predecessors. The tipster compared the Galaxy S24 with the Galaxy S23, Galaxy S22, and Galaxy S21.

Galaxy S24 has slimmer display bezels than previous Samsung flagships

A post on X (formerly Twitter) shows the Galaxy S24 next to the last three generations of S-series Samsung flagships. The 2021 model, i.e. the Galaxy S21, is the tallest of the lot. It is 151.7mm tall, while all subsequent models, including the Galaxy S24, measure between 146 and 147mm in height. With a width of 70.6mm, the upcoming device is narrower too. The Galaxy S21 has a width of 71.2mm.

However, despite the notable size difference, the Galaxy S24 features a 6.2-inch display, the same as the 2021 (the 2022 and 2023 models have 6.1-inch screens). Samsung pulled this off by making the bezels slimmer. As you can see in the photo below, the new phone (at the right end) has the thinnest bezels of the four devices. It makes the handset look more premium. Samsung has also moved the power and volume buttons a little higher.

Samsung Galaxy S24 s23 s22 s21 front design compare

The tipster also made a direct comparison between the Galaxy S24 and Galaxy S22 with a close-up of corners and edges. The improvements or changes in bezel width are noticeable to the naked eye. It is a design evolution in the right direction. With major design changes rumored for the Galaxy S25 series, Samsung may have begun setting up the foundation. More leaks about the Galaxy S24 lineup are expected in the coming weeks.

The 2024 Samsung flagships will go on sale in late January

Samsung may not have officially announced the launch date for the Galaxy S24 series but leaks have confirmed that the 2024 flagship lineup will debut on January 17. The launch event, which will reportedly take place in San Jose, USA, falls on January 18 in some countries—including South Korea—due to the time difference.

Like before, the Korean behemoth will open pre-orders for the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra immediately after the Galaxy Unpacked event, at least in most major markets. General sales may begin on January 30. Samsung estimates the new flagships to outsell the 2023 lineup by more than ten percent. Whether it achieves the goal, time will tell.


[ad_2]
Source link

Microsoft Copilot has spread from Windows to Android with a new app

0
[ad_1]

If you use Windows, then you definitely know about Microsoft Copilot. Either it’s from the news coverage or the fact that Microsoft has been shoving this AI tool down every Windows user’s throat. The company has a lot of faith in this AI tool, and it’s expanding it to more corners of the tech industry. Microsoft has just launched a Copilot app on Android.

This was a pretty silent launch that the company did for some reason. With as much fanfare the company made about Copilot, you’d expect it to make a grand announcement. However, it could be because the company wants people to use it, primarily, on Windows systems. In any case, the app is free to use and open to download now on your Android phone.

Download Copilot

How does the Copilot Android app work?

As you can expect, this brings all of the power you’d expect from Copilot in the browser to your phone. So, if you need to ask a question about the world, generate an image, or just show off to your friends at a party, it’s as easy as accessing the app.

The interface isn’t all that different from the other GPT apps on the market. When you first start the app, you’ll be prompted to give the app access to your location, but you can reject it if you want. You’ll need to if you need to ask queries that relate to local areas. After you put in your first query, you’ll then be prompted to agree to Microsoft’s terms of service. Read them if you want to know more about how your data is being used by the app.

When you get into the interface, you’ll see a toggle at the top of the screen allowing you to access the GPT-4 model. If you want to use the more powerful model, you can do so without any hassle. You won’t be prompted to pay or sign in to use it. It will just tell you that responses might take a little more time to process.

Using the app might be a little confusing at first. When you first scroll to the bottom, you won’t see a classic text field to enter your query. You’ll see some suggested queries inside a horizontal carousel of chips. Below that, you’ll see the microphone icon to let you speak into your phone. It’s clear that Microsoft wants that to be the primary way you interact with this app. When you use your voice, you’ll get an audible response as well as a text-based one.

Next to the microphone icon, you’ll see much smaller and less accented camera and keyboard icons. Tap on them to interact with the app in that way. So, if you want a classic text field, tap on the keyboard icon. If you want to upload a picture, tap on the camera icon.

Limitations

Using this app is just like using the browser version, so you’re subject to the same limitations. You still have access to up to 2,000 characters per query. Also, the tool will be less useful if you’re not signed in. So, if you want longer conversations and queries, you’ll need to sign in. Also, you’ll need to sign in if you want to generate images.

Once you switch the program to GPT-4, there doesn’t seem to be a direct way to switch it to the older model. If you want to switch it back to GPT-3.5, you’ll need to manually clear the app’s local storage in the Android App Info screen. Once you do that, re-open the app, and don’t flip the toggle.


[ad_2]
Source link

Android Malware Actively Infecting Devices to Take Full Control

0
[ad_1]

Android malware infects devices to take full control for various illicit purposes like:- 

  • Stealing sensitive information
  • Generating unauthorized financial transactions
  • Enabling remote attacks

By gaining complete control, threat actors can exploit the device for their illicit activities, posing significant threats to:-

  • User privacy 
  • User security

Cybersecurity analysts at McAfee Mobile Research recently found an Android backdoor, “Android/Xamalicious,” using the Xamarin framework to infect devices and take full control.

Android Malware Gain Device Control

It employs social engineering for accessibility privileges and communicates with the C2 server. Second-stage payload dynamically injected as assembly DLL, which takes full control for:-

  • Ad fraud
  • App installs
  • Financially motivated actions

Researchers identified the link to the ad-fraud app “Cash Magnet,” revealing financial motivation. Xamarin usage allows long-term activity, hiding malicious code in the APK build process. 

Cash Magnet
Cash Magnet (Source – McAfee)

The custom encryption and the obfuscation techniques were used for communication and data exfiltration. Around 25 malicious apps carry the threat, some on Google Play since mid-2020. 

McAfee’s proactive measures and Google Play Protect aim to mitigate Potentially Harmful Applications. Android/Xamalicious detected on at least 327,000 devices, remains highly active.

Android/Xamalicious trojans disguise as apps from the following categories that are available in third-party markets:-

  • Health
  • Game
  • Horoscope
  • Productivity

Unlike previous Xamarin-based malware, Xamalicious is distinct in its implementation. Xamarin architecture allows .NET code interpretation on Android via Mono. 

An example app, “Numerology” prompts victims to enable accessibility services for deceptive functionality.

Tricking users into permitting accessibility services
Tricking users into permitting accessibility services (Source – McAfee)

All the accessibility services need to be activated manually after several OS warnings.

Accessibility services configuration prompt
Accessibility services configuration prompt (Source – McAfee)

Malware varies from traditional Java or ELF Android code and the original .NET, compiled into DLL, LZ4 compressed, and embedded in BLOB or /assemblies directory.

Besides this, it is loaded by ELF or DEX at runtime, reversing varies in complexity, and the code is commonly available in the following assemblies:- 

  • core.dll
  • <package-specific>.dll 

Some variants obfuscate DLLs, while others retain the original code. After acquiring accessibility permissions, the malware contacts the server for the second-stage payload.

App execution and communication with the malicious server
App execution and communication with the malicious server (Source – McAfee)

Xamalicious malware checks the victim’s device info, like apps and rooting status, via system commands. If rooted or connected via ADB, it skips the second-stage payload download.

Here below, we have mentioned the types of information that are collected by the malware:-

Data collected
Data collected (Source – McAfee)

With the help of RSA-OAEP and HTTPS, the Xamalicious encrypts all the data to evade detection. However, if the C2 infrastructure is available, then the hardcoded RSA keys in the DLL enable decryption. 

The Send() function encrypts data with a JWT and sends it to “/Updater” via HTTP POST. The decrypt() function uses a hardcoded RSA private key for C2 responses, possibly containing a second-stage payload.

Data sent to the C&C server that decides second-stage payload delivery and malware’s self-protection includes:- 

The C&C encrypts DLL with AES and device-specific key, the device decrypts the token, and then the ‘URL,’ parameter with a custom AES key unique to device details.

Malicious apps Detected

Here below, we have mentioned all the malicious apps detected:-

Malicious apps
Malicious apps (Source – McAfee)

Countries from where users were affected

Here below, we have mentioned all the countries from where most of the users are affected:-

  • The USA
  • Brazil
  • Argentina
  • The UK
  • Spain
  • Germany

IOCs

IOCs
IOCs (Source – McAfee)

[ad_2]
Source link

Generative AI may change the world (the gaming world, that is)

0
[ad_1]

Each day, we learn more of generative AI’s endless possibilities and its potential impact on several industries. While it’s set to make some major changes to the human world, there are several frontiers it’s going to explore in the meantime; one of which is gaming. Generative AI is soon set to have some major effects on the gaming world.

Generative AI exists in different forms; thus, it can impact gaming in several key areas. These include production time and NPC interactions. As for when we’ll feel the effects of AI in gaming, we’re not 100% sure. Several industry insiders say that it’s on the scale of years. So, for the time being, the gaming industry is still primarily driven by manpower, and many of us prefer it that way.

Generative AI can affect the gaming world in a few ways

Besides making tools to help users generate absurd images and generate college essays, AI companies are also making tools that help workers speed up productivity. Many businesses use models like GPT-4 and Gemini to assist workers with their tasks, and gaming companies are no exception. According to a study conducted by CNBC, 72% of workers said that AI technology actually helps speed up productivity. That’s not far off from the results of a study that Microsoft conducted.

With faster production speeds, games are expected to be produced more timely. “generative AI is already in use by lots of people. Programmers use Copilot and ChatGPT to help them write code, concept artists experiment with Stable Diffusion and Midjourney, and so on,” says Julian Togelius, New York associate professor of computer science.

Generative AI could also help with NPC interactions

Game companies using AI should come as no surprise, as many major companies are using AI. Google plans to use AI tools in its ad sales department. However, there’s a company looking to bring AI into the actual games. Many games nowadays use scripted interactions between playable characters and NPCs. Well, there are some companies looking to change that sometime in the near future.

Imagine interacting with a villager and having a completely unique conversation that no other player in the world is having. This is something that a company called Inworld is planning on doing, and it’s partnering with Microsoft to make it happen. Basically, the company is looking to work on technology that will let NPCs “evolve beyond predefined roles, adapt to player behavior, learn from interactions, and contribute to a living, breathing game world,” said Kylan Gibbs, co-founder and chief product officer of Inworld AI.

We won’t know how that’s going to be for another couple of years. The companies are still working on this technology, so who knows when we’ll see the first game using generative AI?


[ad_2]
Source link

Cisco to Acquire Multi-Cloud Network & Security Startup Isovalent

0
[ad_1]

In a strategic move destined to fortify its dominance in the ever-evolving realm of cloud security, Cisco has officially declared its intent to acquire Isovalent, a trailblazer in open-source cloud-native networking and security. 

This bold acquisition underscores Cisco’s steadfast commitment to empowering organizations of varying sizes to navigate the intricacies of multi-cloud environments with unparalleled security and efficiency.

The union of Cisco’s industry-leading security prowess with Isovalent’s groundbreaking open-source technologies, including eBPF and Cilium, promises to reshape how organizations approach and manage cyber risks across diverse cloud infrastructures. 

This formidable synergy is set to propel the Cisco Security Cloud vision—an AI-driven, integrated platform designed to provide advanced protection against emerging threats at every layer of the cloud ecosystem.

Envisioning a Secure Multi-Cloud Future

Imagine a future where security seamlessly envelops applications, virtual machines, containers, and cloud assets across distributed environments. 

Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, anticipates this reality through the combined might of Cisco and Isovalent. 

Incorporating Cilium’s power will birth a unique multi-cloud security and networking capability, simplifying and accelerating digital transformation journeys.

Isovalent’s proficiency in eBPF, a revolutionary technology offering unprecedented visibility into operating system internals, has led to the development of Cilium—a preferred solution for cloud-native networking and security. 

Recent innovations, such as Cilium Mesh and Tetragon, enhance the acquisition’s comprehensiveness, providing simplified hybrid cloud connectivity and eBPF-based runtime security enforcement.

A Commitment to Open Source

Cisco’s unwavering commitment to open source is showcased through its promise to nurture, invest in, and contribute to the eBPF and Cilium communities. 

Stephen Augustus, Head of Open Source at Cisco, highlights the collaboration’s potential to accelerate innovation, positioning the Cisco Security Cloud platform as the definitive answer to evolving customer needs.

This acquisition reinforces Cisco’s position within the Cloud Native Computing Foundation and eBPF Foundation, establishing its role as a cornerstone of the open-source ecosystem. 

The collaboration between these industry giants promises to unleash the full potential of eBPF technology, ensuring the safeguarding of workloads irrespective of their cloud residency.

The anticipated closing of the acquisition in the third quarter of fiscal year 2024 will witness the Isovalent team seamlessly integrating into Cisco’s Security Business Group.


[ad_2]
Source link

DOJ saves millions for victims of the Blackcat Ransomware Group

0
[ad_1]

The US Department of Justice (DOJ) has successfully disrupted the notorious Blackcat ransomware group, also known as ALPHV or Noberus. This follows the DOJ’s investigation into Apple’s alleged anti-competitive practices. After hitting Henry Schein with two major ransomware attacks in less than two months, the hacking collective targeted over 1,000 computer networks and extorted millions of dollars from victims. Thankfully, the DOJ’s intervention has halted the operation at least up to some extent, and the DOJ has noted that it’s just the beginning.

“Criminal actors should be aware that the announcement today is just one part of this ongoing effort. Going forward, we will continue our investigation and pursue those behind Blackcat until they are brought to justice.”

The Blackcat ransomware group, known for its members communicating in Russian (as noted by Bloomberg), has been a thorn in the side of businesses and organizations globally. Deputy Attorney General Lisa O. Monaco stated in a DOJ news release, “In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers.”

FBI’s decryption tool rescues over 500 victims of the Blackcat Ransomware Group

The FBI played a crucial role in this operation, developing a decryption tool that aided more than 500 Blackcat victims in recovering their data. This initiative saved victims over $68 million in ransom payments. The FBI not only provided decryption assistance but also gained visibility into the Blackcat ransomware group’s computer network, allowing the seizure of several of its websites.

The modus operandi of Blackcat involves developers creating and updating ransomware software, which “affiliates” deploy in attacks on high-value targets. The developers and attackers then share the illicit profits. Once the hackers infiltrate a network, they steal sensitive data before encrypting the victim’s system. The hackers then demand a ransom, threatening to expose confidential information if the victim denies to pay the ransom.

The group promised decryption and non-disclosure of sensitive information to the victims who paid the ransom, while they left those who resisted locked out. The hackers also exposed their data on the dark web. Blackcat’s targets included major entities like MGM Resorts, Caesars Entertainment, critical infrastructure, and Reddit in the US and Europe, encompassing government facilities, emergency services, defense companies, critical manufacturing, healthcare facilities, and a large UK hospital group.

As the cat-and-mouse game continues, the DOJ’s message is clear: criminal actors involved in cybercrime will be pursued relentlessly until they are held accountable for their actions.


[ad_2]
Source link

Ubisoft Hackers Scrambled for 900GB of Data Before Foiled

0
[ad_1]

Ubisoft Entertainment SA, a French video game publisher, has confirmed an attempt to breach the company’s security to steal personal and sensitive data from its infrastructure.

According to sources, an unknown threat actor accessed Ubisoft’s internal tools on December 20th, allegedly aiming to obtain 900GB of data. After entering the French game publisher’s internal systems, the hacker reviewed users’ access rights and Microsoft Teams, Confluence, and SharePoint. However, Ubisoft managed to revoke access after 48 hours.

Ubisoft, famous games like Assassin’s Creed and Avatar: Frontiers of Pandora, is investigating the breach to determine how the “unknown threat actor” allegedly gained access to the company’s Microsoft Teams, Confluence, Atlas, and SharePoint channels and maintained access for 48 hours before Ubisoft revoked access.

It’s worth noting that the latest cybersecurity incident at Ubisoft occurred just a year after the company was compelled to issue a password reset due to a cyber attack linked to Lapsus$.

The online malware repository VX-Underground posted about the incident on its X (Twitter) page, explaining that the attackers “aimed” to obtain 900 GB of Ubisoft’s data.

Ubisoft Hackers Scrambled for 900GB of Data Before Foiled

“December 20th an unknown Threat Actor compromised Ubisoft. The individual had access for roughly 48 hours until the administration realized something was off and access was revoked. They aimed to exfiltrate roughly 900 GB of data but lost access.”

The researchers also shared screenshots of Ubisoft’s internal services. Whether the hacker(s) could obtain any data before Ubisoft revoked access or not is still unclear. However, it is suspected that the attackers wanted to obtain Rainbow Six: Siege user data but failed. The company claims to be “aware” of the security incident but hasn’t shared any additional information as yet.

This is the second data breach targeting a major video game company this month. Earlier in December, as reported by Hackread.com, Ratchet & Clank and Spider-Man developer Insomniac Games got sensitive employee data/information regarding unreleased video games stolen in a massive hacking incident.

The hacker published detailed plans of Insomniac for the next decade, including unannounced projects, production details, art assets, and employee information. Ransomware group Rhysida took responsibility for the hack and demanded 50 bitcoins to prevent the data from being published publicly.

In Ubisoft’s case, so far, there’s no indication that anything of the sort was accessed or leaked. Nevertheless, the resurgence of the trend to target gaming giants is not surprising, as hackers are known to ruin Christmas and holidays for gamers.

  1. Online gaming and protection against cyber attacks
  2. Fake Cyberpunk 2077 Android App Delivering Ransomware
  3. Gaming controllers manufacturer exposed 1.1M customer records
  4. ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee
  5. Capcom ransomware attack: Gaming details leaked; no ransom paid

[ad_2]
Source link

How Do You Protect Your APIs from Bot Attacks?

0
[ad_1]
Protect Your APIs from Bot Attacks

Organizations face an escalating threat of bot attacks in the rapidly evolving digital landscape. As revealed in our latest AppSec report, there has been a staggering 56% increase in bot attacks compared to Q2 2023. Previously associated with DDoS attacks, bots are becoming increasingly sophisticated, targeting not only websites and applications but also APIs.

Understanding Bot Attacks on APIs

APIs are crucial components for communication between software applications. As organizations embrace digital transformation, APIs have become integral to their operations. However, this increased reliance also makes them susceptible to malicious bot activities. Understanding the nature of bot attacks on APIs is the first step towards developing effective defense strategies.

  • Credential Stuffing Attacks – Bot operators leverage stolen or leaked credentials to gain unauthorized access to APIs. This is often achieved through automated scripts that systematically input username-password combinations until a successful login.
  • API Abuse – Bots can exploit vulnerabilities in API endpoints to carry out various malicious activities, such as data scraping, inventory hoarding, or launching further attacks within the organization’s network.
  • Brute Force Attacks – Bots employ brute force techniques to crack API authentication mechanisms by systematically attempting different combinations of usernames and passwords until the correct credentials are found.

Why are APIs the Target for Bot Attacks?

Hackers increasingly target APIs due to their widespread use and vulnerability. These attacks are preferred because they are cost-effective and more challenging to detect than traditional browser attacks. As organizations rely more on APIs, securing them becomes crucial for online security.

API attacks are becoming more sophisticated, leveraging cloud computing and distributed networks. Unlike browser attacks, APIs provide a direct path to specific resources, making them attractive to various cyber threats. Detecting malicious API calls is challenging because they lack clues from traditional browser requests.

Attackers find APIs appealing because they are easy to deploy and require fewer resources. Unlike traditional attacks’ costlier “headless” browsers, APIs offer basic and affordable capabilities. Mobile APIs primarily provide a convenient platform for hiding malicious activities.

APIs also grant attackers closer access to the core infrastructure of applications, posing a significant risk. Protecting against API attacks is essential for maintaining the security of digital systems.

Signs of Bot Attacks on APIs

  • A quick and significant increase in traffic can signal a bot attack.
  • Unusual spikes in activity during off-peak times can be a red flag.
  • An uptick in error messages, especially regarding logins or access, could mean a bot attack.
  • Bots follow patterns. Detect repeated or similar requests happening too quickly.
  • A sudden influx from unusual places or concentrated activity in specific regions may indicate bots.

How Do You Protect Against Bot Attacks on Your APIs?

As businesses heavily rely on APIs for instant communication, they face a rising threat from malicious bot attacks. These attacks can lead to significant financial losses, reputation damage, and a loss of customer trust. The legal consequences are also severe, with potential fines and lawsuits for data breaches.

Here are essential techniques to protect from bot attacks on APIs:

Monitor and Manage API Calls

Utilize robust monitoring tools to keep a close eye on all API calls. Implement systems that differentiate between legitimate requests and potential threats from automated scripts. Establish real-time alerts to promptly respond to suspicious activities, minimizing the risk of successful bot attacks.

Prevent Human-Like Bots

Employ advanced authentication mechanisms to distinguish between human and bot interactions, behavioral analysis, and device fingerprinting to challenge and thwart bots attempting to mimic human behavior. Regularly update and enhance these security layers to stay ahead of evolving bot tactics.

Usage and Journey Tracking

Implement comprehensive logging and tracking systems to record the usage and journey of API calls. Analyze historical data to establish standard usage patterns and behavior. Implement anomaly detection algorithms to quickly identify deviations, enabling swift responses to potential bot attacks and minimizing their impact.

Malicious Intent Inspection

Integrate threat intelligence and pattern recognition tools to scan incoming API requests for signs of malicious intent. Employ heuristics and machine learning algorithms to identify patterns commonly associated with bot attacks. Regularly update threat databases and algorithms to ensure the system can effectively recognize emerging threats.

Comprehensive API Visibility

Implement solutions with an automatic API discovery that provides a comprehensive view of all APIs in use within the ecosystem. This includes understanding each API’s dependencies, interactions, and data flows.

Enhanced visibility enables security teams to identify potential weak points and proactively address security concerns, reducing the likelihood of successful bot infiltrations.

Implementing Granular Controls to Counter Bad Bots

Effectively managing bad bots requires a nuanced approach with granular controls. When the system identifies a malicious request with a high confidence level, it should take preventive measures before allowing access to the API and extracting sensitive information.

The suitable response options can be categorized into:

  • Block– Instantly deny access to the API for highly malicious requests, preventing potential harm and safeguarding sensitive information.
  • Feed Fake Data– Confuse bad bots by providing misleading or false data, diminishing the value of their efforts, and deterring future malicious activities.
  • Throttle– Limit the rate of requests from suspicious sources, slow down bots, and reduce the potential impact of their actions.
  • Drop– Reject requests from identified malicious sources without response, minimizing engagement and discouraging further attempts.

Behavior-based Baselines

Conduct thorough behavioral analysis of applications and APIs to establish baseline patterns of normal behavior. For instance, bot protection bundled in AppTrana WAAP involves understanding typical usage patterns, data flows, and access frequencies. 

Any deviations from these established baselines can trigger alerts, allowing security teams to investigate and respond promptly to potential bot attacks. It also regularly updates behavioral baselines to adapt to evolving application usage patterns and emerging threats.


[ad_2]
Source link