Implications of Spotify’s 17% Layoffs in 2023

0
[ad_1]

Spotify has announced that the music streaming giant is laying off over 17% of its total workforce. This workforce cut translates to about 1,500 Spotify employees. It is facing several challenges, including increased competition from Apple Music and Amazon Music, as well as rising costs. Spotify is making these changes because it needs to use its resources more wisely. The company wants to be more effective, and it realized that having more people doesn’t always mean it’s more effective.

Spotify is cutting the total workforce by 17%

In a recent blog post, Spotify CEO Daniel Ek announced that the company will reduce its workforce by approximately 17%. This decision comes in response to the current economic climate. Ek acknowledged that this decision will impact many talented and hardworking individuals, but he emphasized that it is necessary to ensure Spotify’s long-term success.

“I realize that for many, a reduction of this size will feel surprisingly large given the recent positive earnings report and our performance. We debated making smaller reductions throughout 2024 and 2025. Yet, considering the gap between our financial goal state and our current operational costs, I decided that a substantial action to rightsize our costs was the best option to accomplish our objectives. While I am convinced this is the right action for our company, I also understand it will be incredibly painful for our team,” CEO Daniel Ek noted in a press release.

Spotify will continue to help the laid-offs for a short while

Spotify will give them money based on how long they worked there, as well as pay for any unused vacation time. The company will also continue to cover their healthcare for a while. And help them with any immigration issues related to their job. Additionally, Spotify will provide them with services to help them find new jobs.

In a similar instance in June 2023, Spotify let go of 200 people from its podcast unit. This was part of a plan to make the podcast division more efficient and focus on music streaming. Spotify also said that this will help it invest in new podcasting projects.


[ad_2]
Source link

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

0
[ad_1]

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed AeroBlade, which appears to be aimed at carrying out both competitive and commercial cyberespionage.

The threat actor employed spear-phishing as the means of distribution mechanism.

A weaponized document that was delivered as an email attachment reportedly has a malicious VBA macro code embedded in it as well as a remote template injection mechanism to provide the next stage of the payload execution, according to the BlackBerry Threat Research and Intelligence team.

AeroBlade Execution Chain

The network infrastructure and weaponization of the attacker appear to have gone active around September 2022, based on the evidence. 

Researchers estimate that the attack’s offensive phase took place in July 2023 with medium to high confidence. The network infrastructure stayed the same during that period, but the attacker’s toolset increased, making it stealthier.

There were two campaigns found, and there were a few similarities between them, such as:

  • Both lure documents were named “[redacted].docx.”
  • The final payload is a reverse shell.
  • The command-and-control (C2) server IP address is the same.

There were a few differences between the two campaigns, such as:

  • The final payload of the attack is stealthier and uses more obfuscation and anti-analysis techniques.
  • The campaign’s final payload includes an option to list directories from infected victims.
https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2023/11/aeroblade-fig01.png
AeroBlade execution chain

A targeted email containing a malicious document attachment with the filename [redacted].docx is the first sign of an infection.

When the document is opened, it shows text in a purposefully jumbled font and a “lure” message requesting that the potential victim click on it to activate the content in Microsoft Office.

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2023/11/aeroblade-fig02.png
Malicious document displays text in a scrambled font

The next-stage information is saved in an XML (eXtensible Markup Language) file inside a .dotm file. A.dotm file is a Microsoft Word document template that contains the default layout, settings, and macros for a document.

When the victim manually clicks the “Enable Content” lure message and opens the file, the [redacted].dotm document drops a new file to the system and opens it.

“The newly downloaded document is readable, leading the victim to believe that the file initially received by email is legitimate. In fact, it’s a classic cyber bait-and-switch, performed invisibly right under the victim’s nose”, researchers said.

An executable file that is run on the system via the macro will be the final stage of execution. The final payload is a DLL that connects to a hard-coded C2 server and functions as a reverse shell.  With the use of reverse shells, attackers can force communication and gain total control of the target machine by open ports.

https://blogs.blackberry.com/content/dam/blogs-blackberry-com/images/blogs/2023/11/aeroblade-fig14.png
Example of information collected from infected system

An American aerospace organization was the targeted target of both campaigns, based on the content of the lure message. Its goal was probably to obtain insight into its target’s internal resources to assess its vulnerability to a potential ransom demand.


[ad_2]
Source link

Update your iPhones! Apple fixes two zero-days in iOS

0
[ad_1]

Apple has released emergency security updates for iOS 17.1.2 and iPadOS 17.1.2 to patch for two zero-day vulnerabilities that may have been actively exploited.

Apple said both vulnerabilities were in the WebKit component, which is the engine that powers Safari browser on Macs as well as all browsers on iPhones and iPads. It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux.

The updates are available for the following:

  • iPhone XS and later
  • iPad Pro 12.9-inch 2nd generation and later
  • iPad Pro 10.5-inch
  • iPad Pro 11-inch 1st generation and later
  • iPad Air 3rd generation and later
  • iPad 6th generation and later
  • iPad mini 5th generation and later.
  • macOS Sonoma 14.1.2
  • Safari 17.1.2.

The updates may already have reached you if you automatically update, but it doesn’t hurt to check if your device is at the latest update level.

If a Safari update is available for your device, you can get it by updating your iPhone or iPad or updating your Mac.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

New OPPO Find X7 Pro leak promises better camera island design

0
[ad_1]

About a week ago, a baffling OPPO Find X7 Pro design appeared, with an octagon camera island. Well, a new leak just appeared, and it promises a better OPPO Find X7 Pro camera island design.

New OPPO Find X7 Pro camera island design appears again, and it’s different than before

This information comes from Ricciolo, a tipster, and you can see a leaked image below. The phone’s camera island is cut off here, on purpose, it seems, but it does share some information with us.

OPPO Find X7 Pro camera island leak 1

The main thing that we can see here is that the camera cutouts don’t fit with the previous octagon camera leak. Three cutouts are vertically aligned here, with another one added next to the bottom cutout. You can also see a Hasselblad logo here.

This leak suggests an entirely different camera island design, which is nice to see, as that octagon camera design that leaked didn’t exactly look appealing. We cannot confirm this one is accurate either, but there you go.

Now, we do see four cutouts here, but that doesn’t mean the phone will offer four cameras. The OPPO Find X6 Pro arrived with three cameras, and the same could be the case here. Though a quad-camera setup is also a possibility.

The phone is expected to launch in Q1 2024

The OPPO Find X7 Pro will become official in Q1 next year, most likely. The OPPO Find X6 Pro was announced in March this year, so… it makes sense. There’s, of course, a chance that OPPO will flip the script and announce the phone sooner. We’ll have to wait and see.

The OPPO Find X7 Pro will arrive alongside the OPPO Find X7, and it will be fueled by the Snapdragon 8 Gen 3 SoC. The main focus will be on its cameras, but that device will offer flagship-grade specs through and through.

We also know that it will take advantage of Sony’s most powerful LYTIA camera sensor, the LYT-900. It could become the very first phone to do that.

 


[ad_2]
Source link

Ransomware attacks expose flaws in cloud security standards

0
[ad_1]

In a recent study, Dig Security took a look into the persistent effectiveness of ransomware attacks, particularly those occurring in the cloud. Despite ongoing investments and emphasis on defensive cybersecurity measures, large organizations continue to succumb to ransomware attacks in the cloud. The research reveals a surprising disparity between current data security practices and the evolving tactics employed by ransomware groups. The study identifies four primary techniques in cloud-based ransomware attacks: data deletion, override, re-encryption, and disable key.

Data deletion involves threat actors deleting data after its exfiltration, thus granting them exclusive access. Its efficacy diminishes significantly with version control and a robust object lifecycle policy in place. An effective object lifecycle policy enhances the security of data stored in a cloud environment, making it more challenging for attackers to delete data discreetly.

The Object Override technique entails attackers systematically replacing each object in a cloud bucket with a blank file, rendering the data unusable. This method involves creating an empty file locally, which allows attackers to overwrite legitimate objects with the empty file. The attacker is effectively deleting the object without deletion permissions. This approach significantly disrupts data access and can be executed without elevating certain permissions.

Object Encryption/Re-encryption can be done to all objects within a targeted cloud storage bucket. This method involves reading each file in the bucket and subsequently re-uploading it using a localized encryption key. The crux lies in the file decryption process contingent on an attacker-held encryption key. Possessing the encryption key gives the attacker full control until receiving a ransom. This common technique can stretch organizational recovery timelines to weeks or months.

The adoption of Multi-Factor Authentication (MFA) and versioning in cloud environments is paramount in mitigating ransomware threats

Attackers exploit the Disable Key method, designed to protect data by scheduling the deletion of actively used encryption keys, thereby rendering encrypted data inaccessible. Notably, this process mandates a minimum seven-day advance notice. One might initially view this as an easily detectable and improbable attack vector. However, the reality is that in a production environment with a multitude of keys, the risk becomes significantly plausible.

Recent data security assessments by Dig’s statistics reveal concerning vulnerabilities. Only 10% of encrypted buckets utilize Customer Master Keys (CMK) for heightened security, and a striking 72% of remotely managed CMK buckets lack active monitoring. Data protection measures also showcase disparities, with 31% having versioning enabled, 67% implementing logging, but a mere 1% adopting object lock for crucial data tampering prevention.

Dig highlights the effectiveness of Data Security Posture Management in helping companies assess risks in the cloud. As organizations continue to battle with ransomware, it is crucial to implement new tools and practices that safeguard customer data.


[ad_2]
Source link

Stellar Cyber Bridges Cybersecurity Skills Gap with First-of-Its-Kind University Program

0
[ad_1]

Stellar Cyber’s University Program is the only invite-only program designed to meet the needs of educational organizations that provide degrees/certifications in cybersecurity and offer not-for-profit security operations services.

SAN JOSE, CA – December 4, 2023 – Today, Stellar Cyber, the innovator of Open XDR technology, announced the launch of its University Program – the only invitation-only program for educational organizations that dedicate themselves to developing the next generation of cybersecurity professionals and provide not-for-profit security operations services to underserved communities. 

The program includes access to technology, curriculum and security experts within the Stellar Cyber ecosystem. This program aims to help educational organizations and underserved communities, both of which lack ready access to the tools, technology and other resources required to teach and defend against cybersecurity attacks.

“All too often, students graduate from college without being exposed to the fantastic career opportunities in the cybersecurity industry,” said Paul Levasseur, Vice President of Customer and Partner Enablement at Stellar Cyber. “We want to ensure that students understand the exciting and enriching opportunity that exists in cybersecurity so they can make more informed decisions about their future.” 

In addition to enabling educational organizations to train future cybersecurity professionals, the University Program helps those students provide much-needed cybersecurity services to communities that lack the budget and resources to build and maintain a security operations team. 

In 2023, the cybersecurity skills gap has emerged as a critical issue, casting a shadow over the escalating turf of online threats and cyber conflicts. As technology advances, so does the complexity of cyberwarfare, transcending geographical boundaries and involving various entities, both allies and adversaries.

This widening gap in cybersecurity expertise is particularly concerning in the face of evolving challenges, highlighting the urgent need for comprehensive solutions to bridge this disparity and fortify defences against the diverse range of cyber threats emanating from all corners of the globe.

“Attackers look for targets that cannot easily defend themselves,” Levasseur added. “Our hope is to ensure that these previously underserved communities get the protection they deserve.” 

The University Program includes the following:

  1. Enablement: Stellar Cyber provides its Open XDR Security Operations platform to educational institutions so they can use it to prepare students for security operations careers.
  2. Curriculum: Stellar Cyber provides Open XDR and cybersecurity courseware for instructor-led training and access to on-demand course content that illustrates how to use the Stellar Cyber platform to optimize threat detection, investigation and response. 
  3. Training and Certification: Students learn to use the latest security technology (including SIEM, NDR, UEBA, and more) to investigate cyber threats. Students may also participate in the Stellar Cyber Certification Program to achieve additional distinction for attaining security operations expertise.
  4. Internships and Job Opportunities: Students qualify for Stellar Cyber customer and partner community internships.  
  5. Mentorship: Students can seek advice and coaching by industry experts from Stellar Cyber and its community.  
  6. Licensing for Educational Lab Environments and (Not-for-Profit) Operations: Licensing includes virtual appliances and software that may be hosted in the educational institution’s on-premises or cloud environment.
  7. Special Discounts and Services for Stellar Cyber Products for Other Security Operations: Special educational license discounts are available for other campus-wide security operations requirements. 
  8. Press and Promotional Opportunities: Stellar Cyber collaborates with educational institutions to promote them, their students and associated partners who achieve cybersecurity excellence through participation in the Stellar Cyber University Partnership program.

“Stellar Cyber is proud to offer this comprehensive, collaborative education program free of charge for those training our cyber warriors of the future,” said Jim O’Hara, Chief Revenue Officer at Stellar Cyber. “We are honoured to do our part to help shrink the worldwide cybersecurity skills gap and provide security services to communities in need. It’s our objective to scale as broadly as possible and to assist universities as they prepare their graduates to enter the cybersecurity workforce.”

For more information about the Stellar Cyber University Partnership Program contact [email protected]

  1. The Most In-Demand Freelance Skills for 2023
  2. The highest paying jobs in the cyber security industry?
  3. Cybersecurity | How to Become a Cybersecurity Expert
  4. Best performing cybersecurity companies and their recent developments
  5. Boise State’s Cyberdome Prog Heralds New Era in Cybersecurity Education

[ad_2]
Source link

Android OEMs might start using glass lenses in their cameras

0
[ad_1]

In a recent research note, analyst Ming-Chi Kuo sheds light on a transformative trend in smartphone camera technology, specifically focusing on the adoption of glass-plastic hybrid lenses from traditional plastic lenses. The iPhone 15 Pro Max from Apple and Huawei’s upcoming P70 Art flagship model are at the forefront of this innovation, utilizing a hybrid lens named 1G3P. This hybrid lens consists of one part glass and three parts plastic.

Kuo anticipates (via PhoneArena) that this shift to a glass-plastic hybrid lens will bring about significant changes in the industry. Notably, he foresees a transition to the use of molding/spherical glass in these lenses, surpassing the quality of traditional wafer-level glass. Largan positions its 1G3P lenses to compete with the existing 8P lenses.

The advantages of the 1G3P lens, which is used in the iPhone 15 Pro Max‘s 5x tetraprism camera, include its comparatively lower height profile and increasing competitiveness in pricing compared to the traditional 8P ones. Notably, this lower height profile of the hybrid lens can reduce the protrusion of the camera assembly.

Increased yields and reduced cost of the hybrid lens might make it appealing to more Android OEMs

Pricing dynamics play a crucial role in this evolution. The 1G3P hybrid lens implemented by Huawei starts at $12 during the prototype stage. However, Kuo predicts a drop to the $6-$7 range during mass production as yield rates improve. Higher yields at Largan, a leading manufacturer of these hybrid lenses, could enable Apple to integrate the tetraprism lens into the iPhone 16 Pro aside from the iPhone 16 Pro Max in 2024.

Beyond cost efficiency, Kuo highlights another significant advantage of glass-plastic hybrid lenses – their ability to rectify lens deformation resulting from the design of compact camera modules (CCM).

Looking ahead, Kuo predicts a wider adoption of glass-plastic hybrid lenses in high-end smartphones, with more manufacturers following Apple and Huawei. Currently, Largan and Sunny Optical lead the production of these lenses, with Largan enjoying a competitive edge due to its experience in the market and expertise in plastic lenses, says Kuo.


[ad_2]
Source link

Human-level AI is decades away, says Meta’s AI chief

0
[ad_1]

Right now, we can’t tell whether AI will reach human intelligence in 1 year, 5 years, 10 years, or 100 years. We have no more insight into the future of AI than a fortune cookie, but it’s not stopping people from making their predictions. Meta’s Chief AI scientist, Yann LeCun, just said that AGI (Artificial General Intelligence) is decades away, according to a new report.

AGI is basically the final form of AI; it’s AI that’s on par with a human being. This is the kind of AI that you’ve seen in sci-fi movies over the years. Right now, as powerful and scary as AI is, it’s miles behind a human brain. This means that it will be able to think for itself and do more than just digest massive amounts of text. So, AGI is the kind of AI technology that most people think will bring the extinction of humanity.

Meta’s AI chief says that AGI is decades away

In stark contrast to Jensen Huang’s statement that AGI is only five years away, Meta’s chief AI scientist, Yann LeCunn, said that human-level AI isn’t quite so close. Meta just held a large media event to celebrate the 10th birthday of its Fundamental AI Research Team. LeCun spoke at the event and laid down why he thinks that AGI isn’t around the corner.

One point he made makes a ton of sense; he said that we’re likely to get “cat-level” or “dog-level” intelligence before human-level intelligence. That’s just a natural progression, and if he’s right, then who knows if we’ll reach cat/dog-level intelligence in the next five years?

LeCun also touched on text as a source of knowledge. Companies train their AI on mountains of text data. We’re talking about social media posts, articles, books, and other sources. However, he said that “Text is a very poor source of information,”.

That’s another solid point, as human beings learn from several different sources. People learn from touch, smell, taste, sight, sound, experience, love, hate, fear, pain, and the list goes on to infinity. Sure, you can train a bot on text surrounding what it feels like to poke your finger, but it will never learn the feeling of it. “Train a system on the equivalent of 20,000 years of reading material, and they still don’t understand that if A is the same as B, then B is the same as A.”

He poked a hole in what Jensen Huang said

Yann LeCunn did cast a little bit of shade toward Jensen Huang, the CEO of Nvidia. Recently, Huang said that AI will be able to reach AI-level intelligence within five years. Whether or not that’s the case, LeCunn talked about his claim and said that Nvidia is set to profit from this whole AI craze. “There is an AI war, and he’s supplying the weapons.”, he said about Huang. ″[If] you think AGI is in, the more GPUs you have to buy,” which makes sense.

Nvidia is the prime source of processing power for companies building their AI LLMs. Companies like X and OpenAI purchase a dump truck-load of GPUs from the company to train their AIs. This pushed Nvidia’s revenue through the roof. Last year, the company’s Q3 2022 earnings report showed about $680 million in earnings. This year, the same report showed more than $9 billion. That’s a massive jump.

The future is still unclear

At this point, we still don’t know when AI will reach the level of the people training it. Companies are still grappling with the whole “AI hallucinations” issue. The raw processing power behind AI is getting more powerful as time goes on, and LLMs are being trained on more and more information, so it’s likely that it’s going to be smarter next year and the year after.

Also, we can’t rule out massive breakthroughs in AI technology that will leap-frog it years into the future. We’re all still waiting on more information about Q*, the project that OpenAI is working on. This is the breakthrough that the AI researchers allegedly warned would be a danger to humanity. Also, it’s the project that many folks believe led to the company’s CEO, Sam Altman, being fired. That’s all yet to be officially confirmed at this point.

In any case, AI technology is going to continue to improve, and we don’t know how long until it’s at the AGI level.


[ad_2]
Source link

Apple TV owners can now use Zoom

0
[ad_1]

Apple and Zoom have finally kept their promise and brought the video meetings app Zoom to the Apple TV. Allowing users to connect with anyone on other devices, Windows or Mac computers, as well as mobile phones and tablets, Zoom is making the jump to Apple TV.

Not really surprising since the app has been demoed about a month ago, the new Zoom app for Apple TV requires users to have a camera or connect via their iPhones or iPads. Here are the main features offers by the Zoom app for Apple TV:

  • Easily start and join Zoom Meetings with one click from your device
  • HD video and audio means crystal clear communications
  • Calendar integration keeps you on schedule
  • Easily invite friends or colleagues via phone, email, or Zoom contacts
  • View in-meeting chat
  • Ability to be assigned to a breakout room

Keep in mind that Zoom will only work on Apple TV 4K (2nd generation) or later models. Also, as mentioned earlier, you’ll need a compatible iPhone or iPad for the Continuity Camera feature.The app can be downloaded right now for free via the Apple TV App Store. Make sure to look for an app called Zoom for Home TV if you want to start zooming. Obviously, you’ll need an account to use Zoom, but this can be created for free, and the entire process is very easy to follow.

[ad_2]
Source link

Android 14 available for Galaxy S21 series in the US

0
[ad_1]

Samsung‘s Android 14 update is now available for the Galaxy S21 series in the US. The big update is currently rolling out to the 2021 flagship series on Verizon’s network. It should soon roll out widely to everyone. The Korean firm has already pushed Android 14 and One UI 6.0 to these phones in most international markets.

Galaxy S21 phones receive Android 14 in the US

Samsung began pushing Android 14 to its phones in late October, though a proper rollout didn’t kick off until mid-November. The Galaxy S21 series joined the party shortly, with the initial rollout covering units in Europe. The company gradually expanded its Android 14 coverage for the 2021 flagships to more markets, including Africa and Asia.

Today, we have confirmation that One UI 6.0 is available for the US versions of the Galaxy S21, Galaxy S21+, and Galaxy S21 Ultra. Verizon’s website reveals the build number G99*USQU9FWK5 for the phones, with the November security patch part of the package. Carrier-locked units on other carriers should receive the update with the same build number. It may or may not be different for unlocked units.

Regardless of the build number, the update will bring a plethora of changes to the Galaxy S21 lineup. From new camera features and more powerful editing tools to redesigned system UI elements and improved animations, there’s plenty to look forward to. After all, it is a major Android OS update. The November 2023 security patch, which contains 65 vulnerability fixes, is also part of the package.

If you are using a Galaxy S21 in the US, this update will soon be available to you. Watch out for a notification in the coming days. You can also manually check for updates from the Settings app (Software update > Download and install). Note that OTA (over the air) updates are released in batches and may not be available to everyone simultaneously. The Android 14 update will weigh multiple gigabytes (GB).

This may be the last major Android update for the 2021 flagships

Samsung launched the Galaxy S21 series with Android 11 onboard in January 2021. With Android 14 now here, the phones have received three major Android OS updates. They may not get a fourth update unless the company decides to cover the aging flagships under its revamped software policy that guarantees four generations of Android updates and five years of security updates. Even if the Galaxy S21 series misses out on Android 15, it may get One UI 6.1 sometime in 2024.


[ad_2]
Source link