Apple to manufacture camera sensors for iPhones in-house

0
[ad_1]

Apple is reportedly expanding its in-house design efforts to include camera sensors for iPhones. For more than a decade, the Cupertino based giant has been using Sony‘s image sensors in their iPhones and iPads. However, now they are reportedly going for an even tighter integration between its camera hardware and software by manufacturing the image sensors in-house.

According to reliable insider information from Bloomberg’s Mark Gurman, Apple’s quest for perfect harmony between hardware and software will extend to various components beyond its well-known ‘A’ series and ‘M’ series processors and it will reportedly include camera sensors.

Tech giant aims for total control over hardware components

The photo and video capabilities in smartphones, including iPhones, have become major differentiators between successive generations in recent years. Observing the camera improvements in various scenarios within the Android space, it’s evident that Apple no longer holds a distinct lead in imaging.

However, with Apple’s demonstrated ability to elevate performance using its own hardware, it won’t be a surprise if the company takes back the lead by moving the camera design and manufacturing in-house.

Additionally, the importance of advanced camera technology for Apple goes beyond camera sensors for iPhones and extends to upcoming applications like mixed-reality devices and autonomous driving systems, points out Mark Gurman.

Some more beyond camera sensors

Camera sensors are not the sole focus of Apple’s in-house endeavors though. Gurman reveals that Apple is also working on bringing several other components under its umbrella, including a cellular modem, Wi-Fi and Bluetooth chips, microLED displays, a non-invasive glucose monitoring system for the Apple Watch, and batteries. Apple’s long-term strategy involves gaining control over the entire hardware ecosystem.

While Apple continues to push boundaries in photography, as evident in the recently launched iPhone 15 and iPhone 15 Pro, competition remains fierce. Rivals like the Samsung Galaxy S23 Ultra from earlier this year or the newly released Google Pixel 8 and Pixel 8 Pro are known for their excellent cameras. Apple’s move to design more hardware components in-house reflects its commitment to achieving greater control over the entire user experience.


[ad_2]
Source link

Elon Musk restores headlines to Twitter/X link previews

0
[ad_1]
In a surprising reversal of course, Elon Musk has announced that headlines will be making a comeback to Twitter/X link previews. This decision marks a significant shift from the company’s earlier stance, which had stripped away headlines from link previews in an attempt to promote original content and enhance user experience.The removal of headlines initially drew widespread criticism from users, who argued that the lack of context made it difficult to quickly understand the content of linked articles. In the past, sharing links on Twitter proved to be helpful for those that turned to the platform in order to quickly consume the latest news, a convenience that was taken away when the previews were removed.

In response to the growing user backlash, or perhaps due to his own broken user experience, Musk has now decided to reintroduce headlines to link previews. The new approach, expected to roll out in an upcoming Twitter/X update, will overlay the headline of a linked article in a semi-transparent manner over the article’s image. This compromise aims to balance the need for context with Musk’s desire for a cleaner tweet aesthetic.
Musk’s initial justification for removing headlines was based on aesthetic considerations, claiming it would enhance the visual appeal of tweets. However, users overwhelmingly disagreed, arguing that headlines were crucial for quickly grasping the essence of a linked article.

As a result, the return of headlines is a welcome development for many Twitter/X users, who can now more easily assess the relevance and credibility of linked articles before deciding to engage with them. Clearly, Musk’s penchant for rapid policy changes has actually worked in favor of the platform’s users this time around.

Only time will tell whether Musk’s newfound commitment to context will endure, but for now, users can appreciate the restored clarity and convenience that headlines bring to their Twitter/X experience.

[ad_2]
Source link

Hackers Leak Thousands of Idaho National Lab Employees’ PII Data

0
[ad_1]

According to local media, the lab has acknowledged a cyber attack resulting from a cybersecurity incident at a federally approved external vendor system.

The Idaho National Laboratory (INL) has been hacked by a group of hackers called Sieged Security (aka SiegedSec). INL, a leading US nuclear research facility, confirmed the breach on Tuesday.

The INL explained that on 20 November, a cybersecurity data breach occurred in a federally approved external vendor system, which the lab uses for supporting INL cloud Human Resources service.

The group, self-identifying as ‘gay furry hackers,’ publicly claimed responsibility for the breach by posting a statement on Telegram and the infamous Breach Forums.

“We’re willing to make a deal with INL. If they research creating IRL catgirls, we will take down this post,” their Telegram post read.

However, it is currently unclear what motivated this attack or persuaded SiegedSec to believe the INL has the expertise to create catgirls. For your information, in July 2023, SiegedSec, the same group that has now claimed responsibility for breaching the Idaho National Laboratory, also asserted its involvement in targeting NATO, leading to the leakage of sensitive details. Additionally, in October 2023, the group was involved in cyberattacks against Israeli Critical Industrial Control Systems (ICS).

Nevertheless, the hackers claim to have obtained a significant amount of employee data, including addresses, Social Security numbers, birth dates, employment information, and phone numbers.

“We’ve accessed hundreds of thousands of user, employee and citizen data..” the hackers added. They also claim to have sent an “announcement” to all INL’s OTBI platform users to prove their access. East Idaho News has confirmed the data’s authenticity after contacting INL employees.

Hackread.com has also conducted an analysis of the leaked data. In total, the leaked database is 207 MB with 43,850 email addresses, predominantly hosted on domains such as @INL.GOV, @ICP.DOE.GOV, and a few on @GMAIL.

Hackers Leak Thousands of Idaho National Lab Employees' PII Data

The group wants the lab to research the possibility of creating IRL catgirls (genetically engineered catgirls), a reference to an old meme about furries and human-mutant cat hybrids.

The Idaho Falls-based INL has played a pivotal role in developing nuclear energy, and this breach is definitely a big blow to the organization. Currently, it is investigating the incident and the extent of damage with the collaboration of the Department of Homeland Security and the FBI.

In a comment to Hackread.com, Colin Little, Security Engineer at Centripetal, said “Although media surrounding this event claims that no nuclear secrets, intellectual property or R&D information was accessed or stolen, which is fortunate, it is nonetheless highly disconcerting that the staff generating that intellectual property and participating in the most advanced Nuclear Energy R&D have had their information leaked online.”

“There appears to be some controversy about whether the threat actor group who stole the data is at all politically motivated; I find this question to be irrelevant because now those who are politically motivated and would very much like to know the names and addresses of the top Nuclear Energy researchers in the US have that data as well,” Colin argued.

SiegeSec’s demands have been met with disbelief by many. Still, the group maintains that its actions aren’t motivated by a grudge against the organization, and they are just interested in knowing if creating real-life catgirls is possible.

The incident highlights the growing sophistication of cyber threats and the importance of organizations taking steps to protect their data. The release of sensitive employee data poses a serious security risk for the INL and its employees.

Nevertheless, Hackread.com can confirm that the leaked data is now being shared on several underground hacking forums, including Russian-language ones.

  1. Quest Diagnostics data breach affects 12 million customers
  2. Top 10 vulnerable airports where your device can be hacked
  3. Top US aerospace services provider breach, loses 1.5 TB of data
  4. America’s largest diagnostics service LabCorp suffers data breach

[ad_2]
Source link

Maryland distributed 133,000 Chromebooks for free

0
[ad_1]

The state of Maryland in the U.S. has distributed over 133,000 Chromebooks for free recently. Governor Wes Moore announced the distribution. This initiative, to distribute Chromebooks, is part of a $27.2 million investment. He mentioned that “these devices are a gateway for Marylanders to be able to apply for jobs, complete schoolwork, and connect with vital community resources.”

The state of Maryland just distributed more than 133,000 Chromebooks for free

The Chromebook laptops were given out through 27 local governments, which worked with community groups to find and contact eligible families. The laptops were given out in phases, and HP and Daly Computers were partners in the effort. The specific models or specs of the laptops remain under wraps. But it’s almost a certainty that they won’t be high-end models.

How to get a free Chromebook from the State of Maryland

To get a free Chromebook from the State of Maryland through the Montgomery Connects program, you need to meet a few requirements. First, you must live in Maryland, be at least 7 years old, and have not received a computer from Montgomery County before. Second, you must be eligible for the Affordable Connectivity Program (ACP) internet discount program. Lastly, you need to bring proof of your identity, address, and ACP eligibility when you pick up your Chromebook. You must also schedule an appointment online to receive your device.

Marylanders can also receive free one-on-one tech support from the University of Maryland’s TechExtension through their digital navigator program.

Chromebooks still make the right choice, especially among the first buyers. Powered by Chrome OS, they offer a cloud-centric design that enables them to work efficiently even on modest hardware specs. Moreover, the recent distribution led by the state will also help bridge the digital divide among the masses. This makes them well-suited for basic tasks and internet access. For example, for those seeking an affordable and user-friendly device.


[ad_2]
Source link

Citrix Bleed widely exploitated, warn government agencies

0
[ad_1]

In a joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), along with other international agencies, warn that ransomware gangs are actively exploiting the Citrix Bleed vulnerability.

Affiliates of at least two ransomware groups, LockBit and Medusa, have been observed exploiting Citrix Bleed as part of attacks against organizations. Both are globally significant, and were ranked as the first and sixth most active groups in our November ransomware review.

Known ransomware attacks October 2023

Known ransomware attacks by ransomware group, October 2023

Mandiant states it is currently tracking four distinct uncategorized groups involved in exploiting this vulnerability.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE for the vulnerability known as Citrix Bleed is CVE-2023-4966 (CVSS score 9.4 out of 10). The vulnerability is described as a sensitive information disclosure in NetScaler web application delivery control (ADC) and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

The vulnerability provides attackers with the capability to bypass multi-factor authentication (MFA) and hijack legitimate user sessions, and is said to be very easy to exploit. It’s reported to have been in use as a zero-day since late August. On October 10, 2023, Citrix released security updates to address CVE-2023-4966 along with another unrelated vulnerability giving organizations the chance to patch for the vulnerability.

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerability:

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

NetScaler ADC and NetScaler Gateway version 12.1 are now End-of-Life (EOL) and also vulnerable. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication products are not impacted.

The advisory provides Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs) obtained from FBI, the Australian Cyber Security Centre (ACSC), and voluntarily shared by Boeing. Boeing observed LockBit affiliates exploiting CVE-2023-4966, to obtain initial access to Boeing Distribution Inc., its parts and distribution business that maintains a separate environment.

Besides patching, CISA encourages organizations to assess Citrix software and their systems for evidence of compromise, and to hunt for malicious activity. If compromise is suspected or detected, organizations should assume that threat actors hold full administrative access and can perform all tasks associated with the web management software as well as installing malicious code.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.


[ad_2]
Source link

Huawei clarifies statement and says its international models will still be able to run Android apps

0
[ad_1]
If you live in the U.S., you know that you can’t just run into a carrier-operated store in the U.S. and buy a Huawei phone. But you can find the international variant of some of the company’s handsets on Amazon and eBay including 2022’s photography-based flagship, the P50 Pro. Recently though, Huawei made an announcement that was concerning to those who regularly buy the company’s innovative and well-made phones for the global markets.
The announcement said that the next version of Huawei’s Harmony operating system, called HarmonyOS Next, would completely lose the ability to support any Android apps. However, the Chinese manufacturer clarified its comment by noting that none of its phones sold outside of China will use HarmonyOS Next. Instead, these phones will use the EMUI OS which is based on the Android Open Source Project (AOSP) version of Android but without Google Services and apps.
Huawei is not allowed to offer the Google version of Android for a couple of reasons. The Chinese government bans the use of some Google apps in the country, and the placement of Huawei on the U.S. entity list for being a national security threat means that it cannot work with Google at all. But Huawei phones outside of China will run on EMUI allowing users to sideload Android apps on their Huawei phones.
According to a translated version of CNMO “Huawei will “continue to increase its support for developers around the world.” Wccftech says that Huawei has a large number of developers making sure that all of their apps work without a hitch on phones without Google services. Unfortunately, Huawei has no plans to develop an international version of the phones in the Huawei Mate 60 Pro series for sale outside of China.

The next flagship line coming from Huawei is expected to be the photography-based P70 series which will also be powered by Huawei’s own 7nm Kirin 9000s 5G application processor. It isn’t known whether Huawei will offer this line for sale outside of China. The P70 series should be announced sometime in the first quarter of next year. If Huawei does offer an international version of the phones in the P70 line, those units should have EMUI pre-installed allowing owners to sideload Android apps which will run natively on these handsets.


[ad_2]
Source link

Windows Hello fingerprint authentication can be bypassed on popular laptops

0
[ad_1]

Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops.

Microsoft’s Offensive Research and Security Engineering (MORSE) asked the researchers to evaluate the security of the top three fingerprint sensors embedded in laptops. They found vulnerabilities that allowed them to completely bypass Windows Hello authentication on all three.

If you like to read the full technical details, we happily refer you to the Blackwing researcher’s blog: A TOUCH OF PWN – PART I. For a less technical summary, carry on.

First but foremost, it’s important to know that for these vulnerabilities to be exploitable, fingerprint authentication needs to be set up on the target laptop. Imagine the type of disaster if that wasn’t true.

The three sensors the researchers looked at were all of the “match on chip” type. This means that a separate chip stores the biometric credentials (in this case the fingerprints), making it almost impossible to hack into.

The communication between the sensor and the laptop is done over a secure channel, set up through the Secure Device Connection Protocol (SDCP) created by Microsoft.

SDCP aims to answer three questions about the sensor:

  1. How can the laptop be certain it’s talking to a trusted sensor and not a malicious one?
  2. How can the lapop be certain the sensor hasn’t been compromised?
  3. How is the raw input from the sensor protected?
    • The input has to be authenticated.
    • The input is fresh and can’t be re-playable.

So, what could go wrong?

The researchers were still able to spoof the communication between sensor and laptops. They were able to fool the the laptops using a USB device which pretended to be its sensor, and sent a signal that an authorized user had logged in.

The bypasses are possible because the device manufacturers did not use SDCP to its full potential:

  • The ELAN sensor commonly used in Dell and Microsoft Surface laptops lacks SDCP support and transmits security identifiers in cleartext.
  • Synaptics sensors, used by both Lenovo and Dell, had turned SDCP off by default and used a flawed custom Transport Layer Security (TLS) stack to secure USB communications.
  • The Goodix sensors, also used by both Lenovo and Dell, could be bypassed because they are suitable for Windows and Linux, which does not support SDCP. The host driver sends an unauthenticated configuration packet to the sensor to specify what database to use during sensor initialization.

The recommendation of the researchers to the manufacturers is clear: SDCP is a powerful protocol, but it doesn’t help if it isn’t enabled or when it can be bypassed by using other weak links in your setup.

The fact that three manufacturers were mentioned by name doesn’t mean by any stretch that others have done a better job. It just means the researchers didn’t get round to testing them.

If you, as a user, are worried about anyone being able to get near your laptop with a USB device, you shouldn’t be using fingerprints as an authentication method and disabled.

  1. Type and search [Sign-in options] in the Windows search bar, then click [Open].
  2. Select [Fingerprint recognition (Windows Hello), then click [Remove], and the fingerprint sign-in option will be removed.

Until the manufacturers have dealt with the weaknesses in their setups, we can’t assume that this is a secure method of authentication.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

Instagram now lets you download Reels, and it’s super easy

0
[ad_1]

Instagram has expanded the availability of its publicly viewable Reels download feature to all users worldwide. The feature was initially limited to users on mobile in the US when it was launched in June. Now, anyone on the app can download public Reels to their devices and not just save them for viewing later.

Instagram now lets users download their favorite Reels

Instagram users can now save reels created by public accounts to their camera roll, announced chief Adam Mosseri on his broadcast channel. Downloaded reels will have a watermark with the creator’s Instagram handle, similar to TikTok. Users can access the new Download option by tapping the share button and selecting it next to the Copy Link icon. Before this, users could only save Reels.

The ability to download Reels eliminates the constant need for an internet connection. Users can save their favorite Reels directly to their devices and watch them offline. It also kills the hassle of screen recording videos to share with non-Instagram users or those who prefer avoiding links.

There’s still room for privacy if you don’t prefer downloading your videos

Public accounts can still choose to toggle off the ability for people to download their reels. You can control who can download your Reels by adjusting your privacy settings. Navigate to Settings > Privacy > Reels and Remix, and then toggle the “Allow people to download your Reels” option accordingly.

The company says, “For Instagram users under 18 with public accounts, the default setting for downloading reels will be off.” However, this can be turned on. Meanwhile, private Instagram account holders needn’t worry about their content at all.

Mosseri clarified that Instagram users can only download Reels with original audio tracks. This means that the Reels with licensed audio tracks will not have audio when downloaded.


[ad_2]
Source link

Smartphone market shows positive signs, growth expected in 2024

0
[ad_1]

After 27 consecutive months of YoY (year-on-year) decline in shipments between June 2021 and September 2023, the global smartphone market is now showing signs of recovery. Sales increased by five percent in October 2023 thanks to higher demand in emerging markets like the Middle East, Africa, and Latin America. Industry experts believe this trend will continue for the rest of 2023, with the market returning to growth in 2024.

The global smartphone market may grow by four percent in 2024

According to research firm Canalys, a better show in the final quarter of 2023 will help the smartphone market close the year with a five percent annual shipment decline, which is a notable improvement from a 12 percent decline last year. It expects a shipment increase next year, with sustained growth in the years to come. The firm has projected a shipment volume of 1.17 billion for 2024, a four percent growth from 1.13 billion estimated smartphone sales this year.

Canalys global smartphone market growth projection 2023 to 2027

Canalys says the market will record a CAGR (Compound Annual Growth Rate) of 2.6 percent from 2023 to 2027. If it turns out to be accurate, global smartphone sales will reach 1.25 billion units in 2027. The current growth is fueled by increased smartphone adoption in emerging markets. Middle East (nine percent), Africa (three percent), and Latin America (two percent) will post a positive shipment growth this year.

Developed markets such as North America, Europe, and China, on the other hand, have a higher smartphone saturation. These regions aren’t expected to return to annual shipment growth until 2024-2025. Canalys estimates these markets to record a respective shipment decline of 11 percent, 11 percent, and six percent this year. The Asia Pacific region will also see a six percent drop in smartphone sales in 2023.

However, the region will return to growth in 2024 with a six percent increase in shipments. This, coupled with slower growth in China and North America, will help Asia Pacific emerge as the single biggest smartphone market next year. “One in three smartphones shipped in 2024 will be purchased in the Asia Pacific versus only one in five back in 2017,” said Sanyam Chaurasia, Senior Analyst at Canalys. “… driven by resurging demand in India, Southeast Asia and South Asia.”

Canalys global smartphone market regional share 2024

The average selling price is on the rise

Several factors contributed to a slowdown in the smartphone market in recent years. From a component shortage and economic implications of the Russia-Ukraine conflict and the US-China trade war to longer replacement cycles, everything affected sales. However, with users replacing their phones less often, the ASP (average selling price) of devices is on the rise. The ASP was $332 in 2017 when sales peaked with over 1.4 billion shipments.

In 2023, with shipments about 20 percent below the 2017 peak, the ASP of smartphones has reached $440. With OEMs starting to focus on on-device AI capabilities, the demand for premium phones may increase in the coming years. Effectively, the ASP will grow further. “Profitability is looking up for hardware makers strategically launching flashy new features to captivate consumers in key growth markets,” said Toby Zhu, Senior Analyst at Canalys.

Canalys global smartphone market 2023 2024


[ad_2]
Source link

Samsung’s Galaxy S21 series makes the move to Android 14

0
[ad_1]

Another day, another Samsung phone gets Android 14. The big update, which brings One UI 6.0, is now rolling out to the Galaxy S21 series. The company has already updated the Galaxy S22 and Galaxy S23, as well as the latest foldables, flagship tablets, and a bunch of mid-range models.

Galaxy S21 series gets Android 14 update

As of this writing, Samsung’s Android 14-based One UI 6.0 update for the Galaxy S21 series is available in Europe. X/Twitter user @tarunvats33 shared a screenshot confirming the rollout in Switzerland. The new firmware build number for the phones is G99*BXXU9FWK2. The OTA (over the air) update file weighs about 2.2GB for the base model. It should be a similar-sized OTA file for the Galaxy S21+ and Galaxy S21 Ultra too.

Samsung will soon bring this update to other markets, including the US. It will also expand the coverage to the Galaxy S21 FE, which isn’t covered in the initial rollout. As usual, the build number and file size may vary slightly depending on the model and your region. However, the content of the update will remain unchanged. The FE model may miss out on a few camera features due to its hardware limitations, but it will get most of them.

One UI 6.0 is a massive update, so even with a few missing features, the Galaxy S21 FE will get a lot. From UI changes for the Quick Settings layout and notification panel to new and improved camera features and more powerful editing tools, the update brings a myriad of visual and functional changes to Galaxy phones. Samsung is also bundling the latest security fixes here, pushing more than 60 vulnerability patches alongside a ton of goodies.

If you’re using a Galaxy S21 in Europe, the big update may reach you anytime now. Users in other regions can expect to receive Android 14 and One UI 6.0 over the next few days. Samsung is pushing the update to eligible models at an incredibly fast pace, so it won’t keep users waiting for much longer. You can check for new updates on your Galaxy phone by going to Settings > Software update > Download and install.

Samsung plans to update most devices before the end of the year

Samsung has already released its Android 14 update roadmap for Galaxy devices. According to that roadmap, it will update the vast majority of eligible models to the new Android version before the end of the year. Well, it planned to push One UI 6.0 to the Galaxy S21 series in December, so it appears to be ahead of schedule. We will let you know when the Koren firm rolls out Android 14 to more Galaxy phones and tablets.


[ad_2]
Source link