Instagram now lets users change Stories background using AI

0
[ad_1]

Instagram is rolling out a Generative AI-powered background editing tool for Stories for U.S.-based users. It’s called Backdrop, and it can help users change the background of their Story. Meta’s Generative AI chief, Ahmad Al-Dahle, couldn’t contain his excitement. He announced the feature with a sneak peek on Instagram’s X rival platform, Threads. “Our AI media editing tool, Backdrop, is available on Instagram in the U.S.! With backdrop, you can reimagine your image’s background with just a few taps and a prompt.”

Instagram makes AI-powered background editing tool available in the U.S.

Instagram first launched Stories in 2016, and ever since then, it has received several updates to date, including AI stickers and an aesthetic overhaul for reposts. While the last few announced by Meta have been quite technical, this one is creative, fun, and a must-try for all users. It is currently available for U.S.-based users, but it will roll out to other regions gradually.

But how does this work? Once you’ve captured or uploaded content for your Story, the Backdrop tool, highlighted by an icon at the screen’s top, shows up. Clicking on the icon displays a grid of squares stretching across the screen, similar to picture editors like Photoshop. Next, a text box prompts you to “describe the backdrop you want.” You could add anything from “surrounded by puppies,” as Dahle showed, or even “surrounded by stars in a dreamy sky.” The AI tool brings diverse scenarios to life in the background.

Instagram will tell others that you edited this using AI, so no fooling around

Your Story won’t fool anyone into thinking you’re really flying in the sky (another potential prompt). Instagram tags the content with AI·Backdrop and adds a sticker encouraging others to try it, along with your description in quotation marks.

Just recently, Snapchat pushed a similar tool that lets users create and send AI-generated images. However, it is a Snapchat+ subscriber exclusive. It comes with a similar approach where users have to describe an image, and it creates one that can be shared with friends or family. Other than that, there are a couple of AI-powered editing tools.


[ad_2]
Source link

How Can DSPM Prevent High-Profile Breaches?

0
[ad_1]

In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach.

On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported.

At first, they claimed that the data of 14,000 users was compromised. On Tuesday, the company revealed that hackers had stolen the data of 6.9 million users.

For reference, 14 million users use their services. Bad actors obtained sensitive data from almost half the users.

Stolen information includes ancestry, family trees, names, user locations, years of birth, and relationship labels. And this data is already being sold on the dark web.

How can big companies keep their user’s data safe and avoid potential data breaches?

  1. Set multiple layers of security
  2. Learn from high-profile data breaches such as 23andMe and LastPass
  3. Manage security posture with enterprise-grade solutions that can support your growing infrastructure

Cloud Data Security Posture Management (DSPM), for example,  is a security solution designed to prevent data breaches for companies that handle a large amount of sensitive information.

What Is DSPM?

Data Security Posture Management is a cloud-based cybersecurity solution designed to discover, classify, and manage access to important data.

Also, it detects vulnerabilities and threats that could lead to exploitation or escalate into hacking incidents such as data breaches.

For companies, DSPM:

  • Uncovers which data a business has
  • Classifies information based on the type
  • Finds vulnerabilities that might compromise data
  • Enforces compliance that follows industry standards

As a result, it keeps an eye on and manages the security and privacy of data across the complete IT architecture of a company.

Discover and Classify Data

The first step of the DSPM data protection process is to find out which data is stored within the system. It continually learns which data the company has to monitor and who is accessing this data later.

Once it knows which data is there, it classifies it based on the type — to pinpoint sensitive data.

As a result, security teams have complete visibility of which data is within the system and who has access to it. They get a clear image of what needs to be protected from hackers looking to steal data.

The process of mapping and discovery is ongoing and continual. 

This is essential for large businesses that enrich their databases with new data, change it, and move from one part of the infrastructure to the next every day. 23andMe fits that profile.

Access Control Management

In October, 23andMe disclosed that the hacking was possible because users reused weak passwords. Threat actors relied on brute force attacks (specifically credential stuffing) since they had user passwords from other breaches.

Once they guessed the correct login, the hacker would access not only that user’s information but also the data of all its relatives with whom the user matched on the site.

How do you uncover the hacking activity once the bad actor is in?

Access management is one of the core capabilities of DSPM. It enforces stricter controls and makes sure that the user who is logging in is genuine. 

It enforces the best access practices — from making sure that the users use 2-factor authentication to using machine learning to finding anomalies within the infrastructure of a business.

For instance, it can enforce the zero trust model that assumes every person attempting to log in could be a cyber criminal — even if they have the right credentials.

23andMe did have 2-factor authentication, but it made this step obligatory for all users only after the breach.

Ensure Compliance

A class action lawsuit has already been filed because the hacker shared the data on hacking forums in October.

Although not all users are concerned about data privacy, thousands of users already contacted the Canadian law firm that prepared the case and asked to join the fight.

The firm claims that 23andMe didn’t adhere to proper data privacy practices and, with it, put the sensitive data of Canadian citizens at risk.

How could DSPM help?

DSPM aids big enterprises that store large volumes of data to enforce regulatory compliance across the entire infrastructure. They make sure it follows the best cybersecurity and privacy practices.

The types of compliance or the best cybersecurity practices a business needs to meet will depend on the industry. In the case of 23andMe, we’re talking about a company that holds a lot of sensitive data.

The company’s official site states that they follow the GDPR — data privacy for EU users. It’s not yet clear if they followed the prescribed practices of other relevant regulatory laws.

Data Security Fit for Enterprises

After a data breach occurs, the most a company can do is try to reduce the reputational and financial damage. The data is already out in the world — in most cases, available on hacking forums.

So how can you mitigate damage when cybercriminals have already compromised a company?

Rebuild the trust by offering free identity protection services if the sensitive data has been leaked.

Trust is difficult to rebuild, especially for companies such as 23nadMe that claim, “At 23andMe, Privacy is in our DNA.” Big promises have to be backed up with good security practices.

How a company handles a data breach is also important. 23andMe took some time until they began notifying affected users.

Data security is different for smaller companies vs those that have complex infrastructure, millions of users, and databases filled to the brim with personally identifiable information.

The truth is — both cybersecurity and data privacy are more complex and challenging at scale.

Therefore, larger enterprises that handle sensitive information require more robust security and tools that can continually monitor the entire architecture, such as DSPM.


[ad_2]
Source link

Threads finally welcomes European users

0
[ad_1]

Welcome to Threads, European users. Now, YOU can dunk on Elon Musk in style! Threads, the newest social media app from Meta. It made waves through the tech world for being just the breath of fresh air from X. It reached over 100 million users shortly after launching, but there was one market that was. According to a new report, Threads is finally available to European users.

The platform wasn’t available in Europe, but it’s not because Mark Zuckerberg doesn’t like the continent. The EU is very strict about the data privacy of its citizens, and that’s gotten in the way of Meta’s plans from time to time. This is why the company didn’t launch Threads in Europe.

Threads is now available in Europe

While the platform wasn’t available in Europe for the longest time, we knew that it wasn’t going to be forever. The company has been doing what it could to play by the EU’s rules to bring Threads to the continent. On Thursday, Mark Zuckerberg posted that Threads is now available to use in Europe.

This will undoubtedly increase the monthly active user count will sky-rocket. After it peaked at over 100 million users, the count dropped considerably. This is natural for any platform. It was more significant for Threads because it was the fastest-growing social media platform on the market.

Many people dropped off because of the lack of features. When it launched, it was bare bones without the ability to post GIFs, use hashtags, DM people, etc. However, the company is working on bringing in some useful features to the platform. It’s getting better as time goes on, and people in Europe will be able to try them out for themselves now.

As time goes on, we’ll see more changes will come to Threads. Right now, X (formerly Twitter), is still much more feature-rich than threads. It’s going to remain that way for a while, so here’s hoping that Threads will be a more complete platform.


[ad_2]
Source link

Samsung launches Galaxy Book 4 series with AI integration

0
[ad_1]

Samsung has launched the Galaxy Book 4 series. The company today announced three models of its next-gen Windows laptops: Galaxy Book 4 Pro, Galaxy Book 4 Pro 360, and Galaxy Book 4 Ultra. We were also expecting a vanilla Galaxy Book 4 and Galaxy Book 4 360 but those were missing from today’s press release.

Samsung’s Galaxy Book 4 series begins a new era of AI PCs

According to Samsung, the Galaxy Book 4 series is its most powerful and intelligent PC lineup yet. The company has empowered the new laptops with artificial intelligence (AI). Thanks to Intel’s AI PC Acceleration program and the latest Intel Core Ultra processors, the devices bring new AI capabilities that help boost productivity.

Speaking of the processor, the Galaxy Book 4 Ultra comes in Intel Core Ultra 9 and Core Ultra 7 variants. The CPU is paired with NVIDIA’s GeForce RTX 4070 Laptop GPU 8GB GDDR6 or 4050 Laptop GPU 6GB GDDR6. The laptop boasts generative AI-based creation tools powered by the NVIDIA Studio technology. It also features NVIDIA Deep Learning Super Sampling (DLSS) technology for high-quality graphics.

The Galaxy Book 4 Ultra sports a 16-inch AMOLED touchscreen display with a 16:10 aspect ratio, WQXGA+ resolution (2880×1800 pixels), 400nits of peak brightness, 48-120Hz variable refresh rate, and 120% DCI-P3 color volume. Samsung is offering up to 64GB of LPDDR5X RAM and 2TB SSD (PCle) with an expansion slot. The device features a new optimal cooling system with an 11 percent wider vapor chamber and a dual fan with uneven blade spacing.

For connectivity, you get Wi-Fi 6E and Bluetooth v5.3. There are two Thunderbolt 4 ports, a USB Type-A, an HDMI 2.1, a Micro SD, and a headphone/microphone jack. Samsung has equipped the PC with studio-quality dual microphones and AKG-tuned quad speakers featuring two 5W woofers and two 2W tweeters. You get Dolby Atmos and bi-directional AI noise canceling for crystal clear voice during video calls.

The new Samsung laptop has a 2MP front-facing camera with 1080p resolution. It features a large touchpad and a backlit Pro keyboard with numeric keys. The Galaxy Book 4 Ultra is fueled by a 76Wh battery with support for 140W USB Type-C charging. The Korean firm says it can charge from 0 to 55 percent in just 30 minutes. The company also touts “a new discrete Samsung Knox security chip that secures critical system data separately.”

The two Pro models are slightly less powerful

Samsung’s Galaxy Book 4 Pro and Galaxy Book 4 Pro 360 are slightly less powerful laptops than the Ultra. For starters, they feature Intel’s Core Ultra 7 and Core Ultra 7 processors with Intel Arc graphics. They are also limited to 32GB of LPDDR5X RAM and 1TB SSD (PCIe) with an expansion slot. The rest of the specs mostly remain unchanged, though.

You get the same set of ports, connectivity features, studio-quality dual microphones, AKG-tuned quad speakers with Dolby Atmos, and a 2MP front-facing camera. The AMOLED display also carries over unchanged, and so does the backlit Pro keyboard. However, the Pro model is available in a 14-inch variant (with the same display specs) and lacks numeric keys.

The smaller Galaxy Book 4 Pro also has a smaller battery (63Wh) than the 16-inch version (76Wh). Samsung is offering a 65W USB Type-C charger with both versions. The Galaxy Book 4 Pro 360, which features a rotatable hinge and offers a tablet-like experience, supports the S Pen. The Korean firm has included the accessory in the box. The two Pro models also feature the Samsung Knox security chip.

Samsung has readied the Galaxy Book 4 Ultra in Moonstone Gray color and the other two models in Moonstone Gray and Platinum Silver colors. All three laptops ship with Windows 11 Home. The company says the new laptops will go on sale through its official website in January 2024. They will be initially available in South Korea and will gradually make their way into more markets. Samsung will share the pricing details closer to the market release.


[ad_2]
Source link

Chinese Hackers Seize Hundreds Outdated Routers for Data Transfer

0
[ad_1]

Volt Typhoon, also known as the Bronze Silhouette, has been discovered to be linked with a complex botnet called “KV-botnet.”

The threat actor has been using this botnet to target Small Office/Home Office routers since at least February 2022. Their primary targets are routers, firewalls, and VPN devices which are utilized for proxying malicious traffic. 

According to reports from Microsoft and the US government, this threat actor is building their infrastructure to disrupt communications between the USA and Asia in case of future conflicts.

Chinese Hackers Seized Outdated Routers

The IP addresses used for the campaign were attributed to the People’s Republic of China, according to the report shared with Cyber Security News.

In addition to this, the operations took place during the working hours of Chinese Standard Time, which adds additional confidence about the threat actor’s origin.

The botnet is divided into two distinct activities: the “JDY cluster,” which has less sophisticated techniques for scanning targets, and the “KV cluster,” which is reserved for manual operations against high-profile targets.

Clusters of botnet (Source: Black Lotus Labs)
Clusters of botnet (Source: Black Lotus Labs)

Moreover, the botnet also targets end-of-life devices that are being used by SOHO entities as they have low security and are easy to exploit. The devices focussed specifically were Cisco RV320s, DrayTek Vigor routers, and NETGEAR ProSAFE firewalls.

Infection Chain

The threat actor uses multiple files, including a bash script file, for their infection chain. They half-specific processes and remove security tools that defaultly run on the compromised devices.

KV cluster infection chain (Source: Black Lotus Labs)
KV cluster infection chain (Source: Black Lotus Labs)

As part of the evasion techniques, the botnets are set up with random ports for C2 communication and also disguise their names as existing processes.

Threat actors communicate with these botnets and perform data exfiltration, data transmission, creation of network connections, task execution, and many others.

Furthermore, a complete report about this botnet has been published, which provides detailed information about the botnet infection chain, process execution, attack methods, evasion techniques, and other information.


[ad_2]
Source link

FCC reveals key Galaxy Xcover 7 specs ahead of launch

0
[ad_1]

Samsung has picked up a couple more regulatory approvals for the Galaxy Xcover 7. The upcoming rugged smartphone has received certifications from the FCC in the US and NBTC in Thailand. It was previously certified by the Bluetooth SIG and India’s BIS.

New Galaxy Xcover 7 certifications confirm some rumored specs

A month ago, we exclusively leaked the official renders of the Galaxy Xcover 7, revealing its design much ahead of launch. The device has since popped up on several online listings with the model number SM-G556B. Those listings unveiled some of its key specs, giving us a better idea of what Samsung has in the pipeline.

While we still don’t have a launch date, the FCC and NBTC certifications have revealed more information about the Galaxy Xcover 7. First spotted by MySmartPrice, the latter listing confirmed the name and presence of 5G cellular connectivity. The FCC, on the other hand, revealed that the device packs a 3,950mAh battery with support for 25W (9V/2.77A or 11V/2.25A) fast wired charging.

 

Additionally, we can see that the new rugged smartphone boasts NFC and Wi-Fi 5. The Bluetooth SIG recently confirmed Bluetooth v5.3 support for the Galaxy Xcover 7. Previous leaks and benchmark listings have revealed Android 14, 6GB RAM, and an octa-core chipset featuring two performance CPU cores clocked at 2.2GHz and six efficiency cores at 2.0GHz for the phone.

The chipset features ARM’s Mali-G57 MC2 GPU. Based on this information and 5G support, we might be looking at MediaTek’s Dimensity 6100+ SoC. It is a 5G-enabled chipset designed for low-cost Android smartphones. It appears Samsung is readying a budget-oriented rugged smartphone in the form of Galaxy Xcover 7. Last year’s Galaxy Xcover 6 Pro is a more premium offering.

Samsung may launch the phone alongside a rugged tablet

The Galaxy Xcover 7 isn’t the only rugged Android device Samsung has in the work. The company is also readying a rugged tablet, the Galaxy Tab Active 5 Pro. Leaked specs of the tablet suggest it will be a budget offering too, so much so that the device may lack a “Pro” branding.

The Korean firm may be preparing a sequel to the Galaxy Tab Active 3 from 2020 rather than last year’s Galaxy Tab Active 4 Pro. Likewise, the Galaxy Xcover 7 could be the successor to the Galaxy Xcover 5 from 2021. We expect to hear more about the two rugged Galaxy products in the coming weeks. Samsung may unveil them in early 2024 if not before the end of this year.


[ad_2]
Source link

Intel’s Core Ultra CPUs “stretch battery life by hours”

0
[ad_1]

Intel has lifted the curtain on its latest mobile CPUs, codenamed Meteor Lake, officially called Core Ultra. The new CPUs are designed for laptops and are years in the making, featuring significantly improved power efficiency and overall computing performance with a bunch of AI computing baked in.

Intel says its new CPUs are the company’s most power-efficient CPUs ever. Built on Intel’s 4 process technology and utilizing a new tiled architecture with a combination of core types to divide up the tasks. P-cores (or performance cores) handle any high-performance tasks like gaming. E-cores (efficiency cores) take care of any tasks that are more tedious and don’t require a lot of computing power.

By splitting up these tasks like this, battery life on laptops is “stretched by hours.” Any improvement Intel can help deliver when it comes to battery life should be welcomed. Considering the most recent generations before the Meteor Lake family didn’t exactly shine in this area. The entire makeup equals 16 cores and 22 threads with six of those cores being P-Cores and 8 of them being E-Cores. The remaining two cores are low-power E-Cores to help boost the power efficiency. The new chips also feature a new, more powerful GPU.

Intel Core Ultra CPUs have built-in Arc GPUs for enhanced performance

Better power efficiency is great but Intel didn’t stop there with these chips. They also feature a built-in Intel Arc GPU for better performance while gaming. Intel says that these new chips can deliver 2x the performance per watt compared to 13th Gen Intel Core i7 CPUs when gaming resolution is set at 1080p.

There’s also support for DirectX 12 Ultimate, hardware-accelerated ray-tracing, HDMI 2.1, and DisplayPort 2.1 20G.

An all-new Neural Processing Unit paves the way for AI computing

The addition of the NPU seems to be more about setting things up for future computing. Rather than what you’ll be able to do right now. As ExtremeTech points out, Intel does little more than show off a few benchmarks for apps like Stable Diffusion and DaVinci Resolve. However, the company doesn’t go in-depth on how the NPU will benefit the majority of consumers.

That being said, Intel is seemingly getting a jumpstart here. It’s paving the way now so it’s prepared for when “AI PCs” are more mainstream.

Intel already has plenty of partners implementing the new chips

We’re bound to hear about more of these leading into CES. Some manufacturing partners are already announcing products though. Earlier this morning Samsung announced the Galaxy Book 4 powered by the Intel Core Ultra 9 and Intel Core Ultra 7 chips. Lenovo also announced the IdeaPad Pro 5i featuring an Intel Core Ultra 9. These are both mainly intended for ultra-thin portable computing for work or general use. But there are gaming laptops with Intel’s new chips on the horizon as well. Acer this morning announced its first gaming laptop powered by Intel’s Core Ultra CPUs. The Predator Triton Neo 16.

Consumers should expect more gaming laptops with Intel’s new chips to pop up in the coming weeks.


[ad_2]
Source link

How Sandboxes Help Analysts Expose Script-Based Attacks

0
[ad_1]

Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive.

You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network.

To prevent this, analyzing suspicious files in malware analysis sandboxes is crucial. Here are some instances where they prove invaluable.

Decoding VBE Files

The contents of a VBE file

VBE files are essentially encoded VBS scripts initially designed back in the day to safeguard intellectual property. As a result, it is impossible to view their source code without extra tools, hindering analysis and allowing detection evasion. 

Script-Based Attacks
A decoded VBE file

However, uploading a VBE file to a proper sandbox service instantly reveals the decoded VBS script at play. It presents a full view of the script execution process, including its requested functions, transferred data, and commands.

Viewing Command Returns 

Script-Based Attacks
The dir command

A sandbox can also reveal the results of commands executed within scripts. In this example, the cmd process command line contains the command “dir,” yet it remains unknown what it returns. 

The return of the command and additional information

With the help of a sandbox, users can see the command’s output as well as download it for further analysis. This empowers analysts to fully comprehend the attacker’s actions and the potential harm caused.

Document
Any Run Interactive Sandbox

Analyzing any suspicious attachment or URL in a free interactive malware sandbox like ANY.RUN can instantly provide you with a conclusive verdict.

Observing Script Usage by Executables

A sandbox’s ability to track script-executable interactions is crucial in identifying malicious scripts that depend on executables for their functionality. This insight helps analysts detect and neutralize script-based malware by employing executable files as a launchpad for their malicious activities.

Scripts launched by executables

In the provided example, a malicious executable utilizes the Windows Management Instrumentation Command (WMIC) tool to load and execute a VBScript file. This approach allows the malware to conceal its true nature and manipulate the system without raising suspicion.

Analyzing VBS and JS-based Malware  

WSHRAT’s query to “winmgmts:\\\localhost\root\SecurityCenter2″

A sandbox can streamline investigating VBS-based malware, saving a lot of time on extensive reverse engineering or debugging. This example shows the WSHRAT malware making a WMI query likely to check for all the installed antivirus solutions on the device.

You can try the full range of ANY.RUN’s capabilities completely for free by requesting 14 days of a free trial


[ad_2]
Source link

Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts

0
[ad_1]

Microsoft Threat Intelligence, partnered with cybersecurity firm Arkose’s ACTIR, conducted a large-scale operation against online fraudulent login markets, successfully taking down Hotmailbox.me.

Microsoft has successfully dismantled a black market for fraudulent login credentials. This action followed an investigation aimed at disrupting the fake Microsoft account network known as Storm-1152, extensively utilized by cybercriminals.

Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts
The seizure notice (Screengrab: Microsoft)

Researchers believe that cracking down on fraudulent accounts is crucial because cybercrime relies on fraudulent accounts as these act as digital keys for mass phishing, spam campaigns, and ransomware attacks.

The use of fraudulent and stolen login credentials by cybercriminals for large-scale data breaches is an undeniable reality. The recent attack on OAuth app users, as revealed by Microsoft just yesterday, serves as a small example amidst more significant incidents.

For your information, Storm-1152 is the world’s leading seller and creator of fraudulent Microsoft accounts. The platform has been exposed through a collaborative effort between Microsoft Threat Intelligence and cybersecurity firm Arkose’s Cyber Threat Intelligence Research unit (ACTIR). 

According to Microsoft’s report, Storm-1152 operates a network of illicit websites and social media pages, selling fake Microsoft accounts and identity verification bypass tools. So far, the operators have generated around 750 million fraudulent accounts, leaving a trail of destruction.

Storm-1152, a notorious group in the cybercrime-as-a-service (CaaS) industry, specializes in producing and selling millions of fraudulent Microsoft accounts. The group is impactful because it lowers the barrier to entry, enabling a wider range of actors to engage in cybercrime. This efficiency boosts the scope and frequency of cyberattacks, impacting countless individuals and businesses.

Microsoft aims to dismantle Storm-1152’s infrastructure and disrupt the entire ecosystem that enables their activities, aiming to create a safer online environment for everyone. Microsoft has obtained a court order from the Southern District of New York to seize U.S.-based infrastructure and offline websites used by Storm-1152 to harm Microsoft customers.

The case focuses on fraudulent Microsoft accounts and services sold to bypass security measures on other technology platforms. Microsoft’s Digital Crimes Unit disrupted Hotmailbox.me, 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, which facilitate CAPTCHA solve service sales and identity verification bypass tools for other platforms.

Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts
The malicious marketplace Hotmailbox.me (Screengrab: Microsoft)

Researchers have also uncovered links between Storm-1152’s network and various cybercrime groups, including Octo Tempest, Storm-0252, and Storm-0455.

Nevertheless, this was a multi-phased operation launched to expose the people operating the malicious servers. Researchers used various investigative techniques, including network traffic analysis, telemetry data, and reverse engineering, to identify the source of the storm.

They identified three individuals, Duong Dinh Tu, Linh Van Nguyễn, and Tai Van Nguyen, as the masterminds behind the Storm-1152 machine. They hosted illegitimate platforms, authored the code, published tutorials, and offered live chat support.

Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts
Screengrab: Microsoft

Exposing the individuals behind Storm-1152 was crucial in dismantling this criminal network and holding accountable those who actively enabled online crime. Additionally, this coordinated takedown sends a clear message to Storm-1152 and others following their path: they are being watched and soon will be caught.

  1. Storm-1283 Sent 927K Phishing Emails with Malicious OAuth Apps
  2. Chinese Group Storm-0558 Hacked European Govt Emails, Microsoft
  3. Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks
  4. Microsoft and Fortra to Take Down Malicious Cobalt Strike Infrastructure
  5. EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability
  6. Scammers Use Fake Ledger App on Microsoft Store to Steal $800K in Crypto

[ad_2]
Source link

Google Messages doesn’t share location data with third parties

0
[ad_1]

Android 14‘s latest update brought a notable feature – an expanded “Data sharing updates for location” dashboard. However, confusion ensued as Google Messages users received warnings that their location data was being shared with third parties. Google has now clarified that this warning is a result of an error in the app’s Play Store listing, and no actual data sharing with third parties is occurring.

Users reported seeing Google Messages in the privacy dashboard, with a message indicating that their location data is now being shared with third parties, provided they have enabled the app’s location permission for the sharing feature. The warnings displayed on this page are generated based on changes to the Data safety section of Google Play, which app developers self-report.

Google clarifies: No location data shared by Messages despite the Android 14 warning

The Data safety section, introduced in 2022, allows app developers to provide information about their data sharing practices. However, it is the responsibility of individual developers to accurately report their data sharing practices. Additionally, they can update this information at any time.

In the case of Google Messages, the app’s development team has responded to this matter. The team acknowledged that they mistakenly checked the wrong Data safety box on the Play Store. Currently, both Approximate and Precise location data are listed under “Data that may be shared with other companies or organizations.” However, Google clarified that Google Messages is not actually sharing location data with third parties. The warning was triggered due to a listing error.

It’s important to note that other major Google apps listed on the Play Store have been reported as “No data shared with third parties,” emphasizing Google’s commitment to user privacy. Google recently noted “Maps never sells data to anyone, including advertisers.” Significant in context, Google informs that Maps will soon start saving your location history locally. As Google initially assured users, the error in the Messages’ Play Store listing has already been corrected.

No data shared with third parties


[ad_2]
Source link