Threads is finally available in the EU, after months of waiting

0
[ad_1]

Meta has finally launched its Threads social media network in the EU. As many of you know, Threads originally launched back in July, but due to regulatory reasons, it was now available in the EU from the get-go.

Meta’s Threads social media network is finally available in the EU

Meta recently announced that this change will happen today, and it did. There was a countdown timer on Threads.net, and it’s gone now, and you can freely access the network if you live in the EU.

Yes, the Threads app is now listed on the Google Play Store as well (that may not be the case for everyone just this moment, sit tight if it’s not). You can freely download it, and register an account, or use the one you already had, in case you managed to open one despite the limitations.

Meta has been blocking users from the EU thus far, pretty much. Well, all those barriers are now gone. X (formerly known as Twitter), just got more competition in the EU as well.

Threads managed to attract a huge user base in a very short time span

As a reminder, Threads managed to grow a lot in a very short time span. Despite the fact it launched only in July, this social media network has over 100 million users at this point, quite probably.

In only 12 hours past launch, Threads acquired 30 million users. That number grew to 55 million users not long after that. Back in October, the company announced that it has almost 100 million active users. So, at this point, chances are that the number has jumped over the 100 million mark.

User numbers are expected to grow further post EU launch

Meta is expected those numbers to grow even further, as the EU joins the fold. Granted, that would probably be more effective if available from the get-go to users in the EU, but we’ll see. Meta will most likely market Threads intensively via Instagram and Facebook to EU users, at least at first.

It’s also worth saying that Threads keeps on getting new features, constantly. The company announced its version of hashtags recently, and said that fact-checking is coming next year.


[ad_2]
Source link

Microsoft Patch Tuesday December Addressed 33 Vulnerabilities

0
[ad_1]

This week marked the release of the last patch Tuesday updates for Microsoft users for 2023. The December Patch Tuesday arrived as a modest update bundle from Microsoft, carrying 33 vulnerability fixes only.

Four Critical Vulnerabilities Patched This Month

While the December Patch Tuesday carried fewer bug fixes, it did address some critical vulnerabilities in different Microsoft products.

Specifically, Microsoft patched the following four critical severity issues.

  • CVE-2023-35641 (CVSS 8.8): It affected the Internet Connection Sharing (ICS) Windows service, allowing an adversary to target adjacent systems on the same network. Microsoft explained that exploiting the flaw required the adversary to be on the same network segment, limiting the scope of flaw to the same switch network or a virtual network. Then, sending maliciously crafted DHCP message to the target server running the ICS could allow remote code execution.
  • CVE-2023-35630 (CVSS 8.8): Another similar RCE flaw in the ICS, exploiting which required the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.
  • CVE-2023-36019 (CVSS 9.6): A spoofing vulnerability with less likely exploitation but a severe impact in the Microsoft Power Platform Connector. An adversary could execute malicious scripts on the target system after tricking the victim user into clicking a maliciously crafted URL.
  • CVE-2023-35628 (CVSS 8.1): A remote code execution vulnerability in the Windows MSHTML Platform. Exploiting this flaw required the adversary to trick the victim user into clicking on a maliciously crafted link. Nonetheless, worst-case exploitation scenarios may not require user input, as merely receiving the malicious email could trigger the exploit.

Other Microsoft Patch Tuesday December Bug Fixes

Besides the four critical vulnerabilities, Microsoft addressed 29 other important severity vulnerabilities affecting different products. These include 5 denial of service vulnerabilities, 10 privilege escalation flaws, 5 information disclosure vulnerabilities, 5 remote code execution vulnerabilities, 3 spoofing vulnerabilities, and 1 cross-site scripting (XSS) flaw. In addition, this month’s update bundle also includes some third-party patches.

Microsoft has rolled out these updates publicly; yet users should still check their systems for any updates manually to ensure receiving the bug fixes on time.

Let us know your thoughts in the comments.


[ad_2]
Source link

Nubia Z60 Ultra camera samples tease powerful cameras

0
[ad_1]

It was confirmed quite recently that the Nubia Z60 Ultra will launch on December 19, in China. The phone’s design also got confirmed, while some new info just surfaced. The official Nubia Z60 Ultra camera samples are now available.

The official Nubia Z60 Ultra camera samples are available

Nubia shared these images via its official Weibo account for everyone to see. There are six camera samples here, and you can check them out in the gallery below. Do note that these images have been compressed, though. You can check them out in their full resolution, though.

Nubia did include mostly daytime images here, but there’s one low-light one (dusk), and a black and white shot too. Needless to say, these images look outstanding. They’re extremely well-balanced, the colors are popping, and there are plenty of details in them.

That is usually the case when companies share official images taken with their flagships, though. It remains to be seen how will the phone perform in real-life, once it gets announced.

The triple camera setup will cover three different focal lengths

Its cameras do seem quite promising, though. The phone will include three cameras on the back, and cover three focal lengths, 18mm, 35mm, and 85mm. Do note that the images shown in the gallery have been taken at a 35mm focal length.

The main camera will be a 50-megapixel unit, with an f/1.8 aperture, and a 1/1.56-inch sensor. OIS will be supported here, and an eight-line suspension stabilizer motor will also be a part of the package.

A large battery is also coming, along with 80W wired charging

A 50-megapixel camera will also be included, with a 1/1.55-inch sensor. The third camera will be a 64-megapixel periscope telephoto camera (1/2-inch sensor). A 6,000mAh battery is also expected, along with 80W wired charging. The Snapdragon 8 Gen 3 will fuel the device.

The phone’s design is also quite interesting. The device will be boxy, with extremely thin bezels, and an under-display camera. It will have a very interesting camera setup on the back, as each of the cameras seems to have a different design. It will definitely stand out, for better or worse.


[ad_2]
Source link

Threads testing an expansion to Mastodon and other social media platforms

0
[ad_1]

Despite the brutal user drop after the initial surge, Mark Zuckerberg is not letting go of Threads. Now, the Meta mastermind is announcing something new is in the testing stage: something that’ll give users interoperability (via Reuters).

Here’s what Zuckerberg is saying:

The plans for Threads to be compatible with Mastodon or other services that use the ActivityPub protocol are not new, in fact, they were shared with the public as early as the Twitter clone came to life in mid-2023.

“We are working toward making Threads compatible with the open, interoperable social networks that we believe can shape the future of the internet”, Meta said back in July.

Now, they’re going in that direction with the current interoperability testing, but no further details are shared.

What is Mastodon?


Mastodon is a free, ad-free and open-source social network that’s self-hosted and takes privacy and customization to heart. “Instant global communication is too important to belong to one company. Each Mastodon server is a completely independent entity, able to interoperate with others to form one global social network”, says the Mastodon homepage.

Back in July, when Threads was launched, Mastodon CEO and founder Eugen Rochko wrote a lengthy blog post on the topic.

Here’s an excerpt from the article that Q&A-like:


[ad_2]
Source link

Russian Hackers Exploiting JetBrains Vulnerability to Hack Servers

0
[ad_1]

The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other co-authoring agencies have issued a warning that Russian Foreign Intelligence Service (SVR) cyber actors are widely exploiting CVE-2023-42793, aiming their attacks at servers that host JetBrains TeamCity software since September 2023.

Cyber actors affiliated with the Foreign Intelligence Service (SVR) are also referred to as Advanced Persistent Threat 29 (APT 29), Dukes, CozyBear, and NOBELIUM/Midnight Blizzard.

According to the reports, the victims include businesses that offer software for marketing, sales, medical devices, billing, employee monitoring, financial management, hosting, tool manufacturers, small and large IT companies, and an energy trade association.

Cyber Actors Exploiting JetBrains Vulnerability

The SVR continues attacking computer companies with this newly attributed operation that targets networks that host TeamCity servers. 

The authoring agencies determine that by taking advantage of CVE2023-42793, a software development program, the SVR might gain access to victims, especially by giving the threat actors the ability to compromise the networks of several software developers.

The flaw identified as CVE2023-42793 impacts the version before 2023.05.4; it was possible to bypass authentication in JetBrains TeamCity, which might result in RCE on TeamCity Server.

Software developers manage and automate software development, compilation, testing, and release using TeamCity servers, according to the CSA. 

Malicious actors may be able to undertake malicious supply chain operations, get source code, sign certificates, disrupt software deployment and compilation procedures, and much more if they have access to a TeamCity server.

The CSA also stated threat actors carry out malicious operations like moving laterally, backdoor deployment, privilege escalation, and other actions to guarantee long-term, continuous access to the compromised network environments.

In mid-September 2023, JetBrains released a fix for this CVE, which restricted the SVR’s ability to operate to exploit unpatched TeamCity servers accessible over the Internet.

Although the authorizing agencies evaluate that the SVR is still likely in the preparation phase of its operations and has not yet utilized its access to software developers to access customer networks, the SVR’s access to these networks gives it a chance to enable difficult-to-detect command and control (C2) infrastructure.

 “Russian cyber actors continue taking advantage of known vulnerabilities for intelligence collection,” said Rob Joyce, Director of NSA’s Cybersecurity Directorate. 

“It is critical to ensure systems are patched quickly, and to implement the mitigations and use the IOCs listed in this report to hunt for adversary persistent access.”

Recommendation

Based on the malicious actions of the SVR cyber actors, the agencies advise enterprises to enhance their cyber security posture by implementing the mitigations in the alert. The mitigations are as follows:

  • Implementing a patch from JetBrains TeamCity
  • Monitor the network
  • Setting up host-based and endpoint protection solutions
  • Utilizing multi-factor authentication
  • Auditing log files

[ad_2]
Source link

HONOR partners up with Porsche Design; first product coming next month

0
[ad_1]

HONOR and Porsche Design have announced their global partnership. Porsche Design, as many of you know, is a luxury lifestyle brand, and it’s well-known for its partnership with Huawei over the years.

Huawei and Porsche Design have announced a number of joint products over the years. Those were usually special editions of existing devices, and that’s what we’re expecting from these two companies as well.

HONOR & Porsche Design announce their global partnership

HONOR said that “both brands are united by the vision of creating innovative products that combine exceptional and functional design with cutting-edge technology”. The company also said that the partnership will focus on “creating premium devices that embody the essence of both HONOR and Porsche Design”.

The very first product that will be a part of this partnership is coming next month, in January 2024. Do note that it will launch in China, that’s something HONOR wanted to be clear on. Now, that doesn’t mean it won’t launch globally too, but it’s coming to China first.

It’s also worth noting that Porsche Design has been in the smartphone industry for 15 years. It co-released a number of products over that period of time. It will be interesting to see what will this new partnership deliver.

HONOR had a very successful year

HONOR had a very successful year in 2023. The company managed to grow quite a bit, and improve its position in a number of markets. Some interesting products also got announced, like the HONOR Magic V2.

That device is coming to global markets, by the way, in Q1 next year. We’re not sure of the exact timeline yet, but do take note of that. It’s still the lightest tablet-style foldable in the market.

It will be interesting to see where will Porsche Design fit in. We’re expecting a variant of the HONOR Magic6 series to be co-developed with Porsche Design, as the timing fits, but we’ll see.


[ad_2]
Source link

CISA Asks on Google Workspace Secure Configuration Baselines

0
[ad_1]

In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) unveils the Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines. 

This architectural marvel establishes a robust groundwork, elevating data security across nine core GWS services, encompassing Gmail, Drive, Meet, and Calendar.

Delve into the essence of SCuBA GWS baselines. Carefully crafted blueprints delineate each service’s minimum viable security configurations. 

These serve as the bedrock upon which organizations sculpt their bespoke security postures. 

Addressing pivotal facets like access controls, data encryption, and logging, these predefined settings fortify the frontline against the ever-evolving landscape of cyber threats.

Baselines, while formidable, require vigilant oversight. 

Enter ScubaGoggles – an ingenious assessment tool from CISA. 

This watchful guardian scans GWS environments in real-time, gauging adherence to baselines. 

By spotlighting security gaps, ScubaGoggles empowers organizations to fortify their defenses proactively. 

It is a beacon, ensuring security configurations harmonize seamlessly with the established baselines.

CISA’s Open Invitation

CISA acknowledges that security is an ongoing odyssey, not a static destination. 

An open invitation echoes through the corridors of federal agencies and organizations, urging active participation in sculpting the final form of SCuBA GWS baselines. 

Embrace the opportunity to adopt draft baselines, tailoring them to specific needs. 

Share experiences and insights during the public comment period until January 12, 2024, sculpting baselines that are lucid, pragmatic, and impactful.

SCuBA GWS Initiative

A leap forward in cloud security, the SCuBA GWS initiative reshapes the narrative. 

Armed with baseline configurations and the vigilant gaze of ScubaGoggles, CISA propels organizations into a realm of control over their cloud security posture. 

This collaborative journey, fueled by open feedback, forges a pathway towards a more secure and resilient cloud ecosystem.

The draft SCuBA GWS baselines and ScubaGoggles beckon exploration. 

Actively contribute to this transformative initiative, charting a course towards a more secure future for your organization and the cloud at large. 

Key Takeaways:

  • CISA pioneers draft SCuBA GWS baselines and ScubaGoggles for nine core GWS services.
  • Baselines epitomize minimum viable security configurations, enhancing cloud security.
  • ScubaGoggles, a vigilant assessment tool, provides real-time visibility into compliance.
  • Public feedback is welcomed until January 12, 2024, shaping the final baselines.
  • SCuBA GWS initiative fosters collaboration, strengthening the cloud security posture.

[ad_2]
Source link

Last weekend Google spread the date that Eminem died even though he’s still alive and well

0
[ad_1]

When you think about all of the news and information that travels online each day, the amount is staggering. Occasionally you get someone who wishes to create some sort of reaction by posting fake news on Wikipedia for a laugh. Most of the time, the fake news never makes it past the Wikipedia stage as it is caught by a reader and brought to the attention of the people at Wikipedia who are in charge of correcting these types of things.

But what happens when a totally made-up piece of news seeps from Wikipedia into a part of the internet with a larger audience? We found out the other day when Google’s Knowledge Graph reported on the demise of a famous recording artist who had not actually passed away. The Knowledge Graph is a box filled with information that appears on the top or off to the right side of Google’s search results.
Last weekend, Google’s Knowledge Graph reported that rapper Eminem had died at the age of 51 in Madison, Wisconsin on December 10th. Per Newsweek, the hoax began when a post on Eminem’s Wikipedia page mentioned that the rapper had died. This information, which was totally fabricated by someone with a macabre sense of humor, changed Google’s search results for Eminem (whose real name is Marshall Bruce Mathers III) as the December 10th date of his passing was listed in the Knowledge Graph.

Anyone who happened to look up Eminem using Google Search on December 10th might have seen the Knowledge Graph showing that Eminem had died. And to help spread the news, over a 24-hour period the rapper’s fans wrote things like “Can’t believe he’s gone.” And the posts from fans of the Real Slim Shady included the hashtag #RIPEminem. 

That hashtag actually appeared back in 2020 when another hoax spread online that Eminem was dead after a user on what was then called Twitter posted a tweet that said, “I killed Eminem.” In that case, the account was suspended but not before the rumor of Eminem’s death had circulated throughout the internet.

Google commented on last week’s incident by noting that the Knowledge Graph uses a variety of sources including Wikipedia. Google says that it has systems in place that are supposed to detect if any of the Knowledge Graph’s sources have been tampered with. However, Google says that this system is not perfect. In the event that the system fails, as it did with the fake death of Eminem, Google expects to be informed by users so that it can manually fix the Knowledge Graph.


[ad_2]
Source link

U.S. facing cyberattacks from foreign nations, China the latest

0
[ad_1]

The United States has faced numerous cyberattacks from foreign bodies recently, and the country’s latest threat comes from China. Hackers with ties to the People’s Liberation Army have successfully broken into roughly two dozen U.S. systems over the past year, the Washington Post reported. The Post spoke to unnamed U.S. and industry security officials to get that figure, which lines up with public data from official reports. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is the government body that handles cyberinfrastructure, and has cited China as an associate of the culprits of numerous cyberattacks in the U.S.

The U.S. claims that China is the sponsoring nation behind the cyberattacks on U.S. infrastructure, particularly targeting transportation. Other utilities, like water and power stations, are top targets as well. China could be using these cyberattacks as “practice” for a war. This comes as tensions between the U.S. and China are coming to a head, with the former looking to gain manufacturing independence. If there was ever a full-scale conflict between the two powerful countries, cyberattacks could slow response or cause homeland chaos.

“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis,” Brandon Wales, the executive director of CISA, told the Post. “That is a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage.”

The groups behind U.S. cyberattacks may be associated with China

China isn’t the only country launching cyberattacks on the U.S. Iran has also tried to breach U.S. infrastructure, according to government officials. And the idea that potential cyberattacks could be used as part of a larger conflict is more than just suspicion. In Russia’s ongoing invasion of Ukraine, Russia is attacking the country with ground assaults, air strikes, and cyberattacks.

The U.S. government has identified a group known as Volt Typhoon as a source of the cyberattacks. Additionally, it describes the group as a “People’s Republic of China (PRC) state-sponsored cyber actor.” The group uses an attack method known as “living off the land.” Through this process, attacks from the Volt Typhoon can blend in with normal usage and go undetected.

Cyberattacks could intensify as China and the U.S. continue moving toward hostilities. We’ve already seen plenty of cyberattacks against companies in the private sector, too.


[ad_2]
Source link

ASUS ROG Phone 8 launch date confirmed alongside renders

0
[ad_1]

The ASUS ROG Phone 8 launch date has been confirmed by ASUS ahead of CES next month, which is expected to feature the new phones. The ASUS ROG line of phones has been a favorite among many for years now. These phones are the go-to for anyone recommending the best gaming phone on the market. While previous ROG phones have tinkered with unique features, it seems the Phone 8 will focus on cameras this time around.

When will ROG Phone 8 launch?

The ROG Phone 8 will be launching in China on the 16th of January. ROG’s Weibo account mentioned the product launch conference will take place on that date. This comes after the phone had already been teased prior by ASUS, drumming up speculation amongst consumers. The ROG phones have been featuring wildly untraditional designs for the last few iterations, but the ROG Phone 8 seems to have dialed it back slightly.

ASUS shifting gears

ASUS seems to have taken a page out of the books of industry giants like Samsung, Apple, and Oppo. While Galaxy and iPhone flagships battled it out in the camera department, ROG phones experimented with radical new features. For example, the ROG Phone 7 had an airflow port to help with thermals when using the AeroActive Cooler 7 attachment. When you put the attachment on it opens the port and allows for more air to keep temps low and performance optimal.

The AeroActive Cooler 7 also had a built-in subwoofer for more bass-heavy audio. On the rear side of the phone, there was a second screen, mostly used for eye-catching visuals. ASUS ROG Phone 8 has other priorities in mind, however.

New renders and a focus on cameras

ASUS has been talking about how it has been hard at work improving the cameras for the Phone 8 lineup. They’re quite confident too, and are holding a blind test where people have a chance of winning one of the new phones. ASUS has recently revealed some new renders of the ROG Phone 8 as well.

The phone seems to have a pentagon-like camera cutout on the back. ASUS has also slimmed down the bezels, making for the sleekest-looking screen ever seen on a ROG phone. However, much like the focus on cameras, an industry standard has been adopted as well. The renders show that the new screen has a punch-hole camera, ending ASUS’s streak of being one of the few manufacturers who still produced whole screens.

Naturally, the phone shines in other aspects. It is undoubtedly going to be one of the most powerful phones to launch in 2024, and definitely one to keep an eye on. It isn’t every day you get a phone with 24GB of RAM.


[ad_2]
Source link