Various social media platforms are now facing child safety lawsuits

0
[ad_1]

Child online safety is a major concern and various social media platforms have been found lacking in this area. As a result of this, these platforms from the likes of Meta, ByteDance, Alphabet, and Snap are facing child safety lawsuits. The platforms provided by these companies have proven to be not only addictive to children but also damaging to their mental health.

This issue has brought these companies before the court repeatedly, with the most recent ruling against them. On Tuesday, a federal court ruled against these companies, rejecting their request to dismiss cases filed against them. Most of these cases are coming from school districts around the country that have the responsibility to teach and train these children to help them become assets to society.

Some cases against these social media platforms come from various states within the country. All have a similar voice as they cry out for regulation of these platforms that are damaging children who have access to them. Here are the details on this case and how companies that own these social media platforms are reacting to the ruling.

The court strikes at social media platforms for putting children at risk with the services they offer

From the court ruling, US District Judge Yvonne Gonzalez Rogers stands with the plaintiffs. Social media platforms exert a lot of influence on those using their services. Over the past few months, lots of cases have come before the court on the damages of these platforms to young users.

With the type of content accessible to children on these platforms, their young minds are constantly changing. The ruling also points out that the First Amendment and Section 230 of the Communications Decency Act don’t protect these companies from the effects of the content their platforms produce. These laws point out that social media platforms shouldn’t be treated as publishers of third-party content.

The issue on the ground isn’t about content, but the measures put in place to protect certain people from content not meant for them. In this area, all the platforms on this case are lacking, but they still sought to get a break from the case. Some measures these platforms can put in place to protect children are age verification, parental control and so much more.

Already, all of these platforms offer these protective services, but even children can bypass them. This shows how lax these companies are when it comes to protecting minors on their platforms. The court stresses the need for changes that’ll help strengthen these protective measures.

Companies like Meta, ByteDance, Alphabet, and Snap need to closely watch minors on their platforms. Parents can also play a vital role in keeping an eye on the type of content their children have access to on social media. With this, parents and guardians can expect tighter regulations from social media platforms that will help protect users.


[ad_2]
Source link

YouTube Premium brings Gen AI, enhanced bitrate, and more

0
[ad_1]

YouTube is on a roll lately. It has introduced a handful of new features to the app. The additions include high-quality streaming on Android devices and Smart TVs, a virtual badge for regular watchers, as well as an AI summarizer of videos and comments, and more. Notably, it also hiked the fee for its premium subscription.

You can now stream videos with enhanced bitrate on Android and smart TVs

YouTube Premium brings an ad-free experience, we all know. However, the cherry on the cake is higher-quality 1080p video streaming on Android and smart TVs. The same 1080p resolution videos now play with less video compression. It was initially launched for iPhone, but now the feature expands to Android phones and tablets.

YouTube Premium gets a video continuity feature

YouTube Premium subscribers can seamlessly switch between devices to continue watching videos without interruption. For instance, you can start watching a video on your smartphone and then effortlessly pick up from the same point on your smart TV.

Simply open the YouTube app on your TV, and the video you were watching on your phone will appear with the “Continue Watching” label, ready to be resumed. This cross-device continuity feature ensures that your viewing experience remains uninterrupted, regardless of the device you’re using.

YouTube onboards gen AI for content recommendation, comment summarization

YouTube is introducing generative AI to the platform. You can interact with Conversation AI to receive personalized video recommendations based on your current viewing session. You can also engage this AI chatbot with questions about the video like a summary of the video, and more.

With conversation AI, one could also summarize lengthy comments into concise statements in key points. It is currently available to select Android users in the United States. However, it will gradually be available to all.

Additionally, YouTube is rewarding its loyal premium subscribers with virtual badges. This is similar to virtual badges available on other apps like Artifact, where the more you browse; the more you level up.


[ad_2]
Source link

A roadmap through cryptocurrency’s unusual alliances

0
[ad_1]

Bitcoin, since its inception in 2009, has grown to become a global phenomenon, revolutionizing the way we perceive and utilize money. It operates on a decentralized network, removing the need for intermediaries and offering a level of transparency and security unprecedented in the financial world. However, beyond its widely acknowledged features, Bitcoin operates within a complex web of alliances and partnerships that are lesser-known but equally significant. This article aims to demystify these hidden connections, providing an insightful guide into the secret world of Bitcoin and its unfamiliar cryptocurrency alliances. Rely on Immediate Peak for cryptocurrency trading if you’re a novice investor interested in bitcoin.

The Genesis of Bitcoin and its Early Alliances

Satoshi Nakamoto, the pseudonymous creator of Bitcoin, introduced the world to a new form of digital currency, one that is decentralized and operates on a peer-to-peer network. In the early days, Bitcoin formed alliances with a small community of developers and miners who believed in its potential. These early adopters played a crucial role in testing, securing, and validating transactions on the network, laying the groundwork for Bitcoin’s future success. The alliances formed during this period were driven by a shared vision and belief in the transformative power of decentralized currency.

Decentralization and Peer-to-Peer Networks

At the heart of Bitcoin’s success is its decentralized nature, allowing it to operate independently of central authorities. This decentralization is made possible through a network of computers, known as nodes, which validate and secure transactions. Miners, who are part of this network, compete to solve complex mathematical problems, and in return, they are rewarded with Bitcoin. This creates a symbiotic relationship between miners and the network, ensuring its security and integrity. Developers also play a crucial role in this alliance, constantly working to improve the protocol and address any vulnerabilities. The alliance between miners, developers, and users is the backbone of the Bitcoin ecosystem, ensuring its continued success and innovation.

Bitcoin’s Unfamiliar Alliances with Altcoins

With the success of Bitcoin, numerous altcoins (alternative cryptocurrencies) have entered the market, each with its unique features and purposes. Some of these altcoins have formed alliances with Bitcoin, either directly or indirectly. For instance, Litecoin, often referred to as the silver to Bitcoin’s gold, was created to produce blocks more frequently and with a different hashing algorithm. These technical differences allow Litecoin to serve as a sort of testnet for Bitcoin, where new features can be implemented and tested before being introduced to the Bitcoin network. This indirect alliance benefits both cryptocurrencies, fostering innovation and stability.

The Role of Exchanges and Wallets

Cryptocurrency exchanges and wallets are essential components of the Bitcoin ecosystem, facilitating the buying, selling, and storage of Bitcoin. These platforms form alliances with Bitcoin, integrating its protocol into their systems to provide users with access to the currency. In return, Bitcoin benefits from increased liquidity and accessibility, making it more appealing to a broader audience. However, these alliances also come with challenges, particularly in terms of security, as exchanges and wallets become prime targets for malicious attacks. Ensuring the security of these platforms is paramount, as it directly impacts the trust and adoption of Bitcoin.

Bitcoin and its Connection to the Dark Web

Bitcoin’s anonymity and decentralization have led to its adoption on the dark web, a part of the internet not indexed by traditional search engines and often associated with illicit activities. While this has tainted Bitcoin’s reputation to some extent, it is essential to recognize that Bitcoin itself is not illicit; rather, it is a tool that can be used for various purposes. In response to this challenge, the Bitcoin community and law enforcement agencies have formed alliances to track and prevent illegal activities on the network. These partnerships are crucial in safeguarding the integrity of the Bitcoin network and ensuring its continued adoption.

The Future of Bitcoin Alliances

As the cryptocurrency landscape continues to evolve, so too will the alliances within the Bitcoin ecosystem. Future partnerships could include alliances with traditional financial institutions, further integrating Bitcoin into the mainstream financial system. Additionally, we may see increased collaboration between different cryptocurrencies, fostering interoperability and innovation. These future alliances will play a crucial role in shaping the trajectory of Bitcoin, influencing its adoption, innovation, and stability.

Conclusion

The secret world of Bitcoin’s alliances is complex and multifaceted, spanning across various domains and influencing the cryptocurrency in numerous ways. Understanding these connections is crucial for anyone looking to fully grasp the nuances of the Bitcoin ecosystem. By shedding light on these unfamiliar alliances, we gain insight into the forces that drive Bitcoin’s success and the challenges it faces. In navigating this intricate landscape, individuals and investors might find it beneficial to engage with innovative avenues fostering a comprehensive and informed approach to the world of digital currencies. As the world of cryptocurrency continues to evolve, staying informed and engaged in these developments is paramount.


[ad_2]
Source link

Samsung Electronics parts ways with display panel supplier BOE

0
[ad_1]

Samsung Electronics has parted ways from major display panel supplier BOE. Notably, it had provided 10% of Samsung’s TV panels in the first quarter of 2023. However, in the third quarter of the same year, Samsung’s Device eXperience (DX) division decided to exclude BOE from its supply chain for both TV and monitor panels.

The decision to part ways with BOE is believed to be a mid-to-long-term strategy plan to cut all ties eventually. Samsung’s decision has already hurt BOE, with the company’s market share declining in the third quarter. Notably, BOE announced powering up the OnePlus 12 and the OnePlus Ace 2 in its homeland.

Samsung vs. BOE isn’t a mere coincidence, there’s a backstory to it

Samsung Display and BOE, two key players in the global display sector, are fighting a bitter legal battle. The former alleges that BOE has stolen its trade secrets related to OLED panels and modules. The dispute, filed on October 31st, has already reached the chambers of the U.S. International Trade Commission (ITC).

Meanwhile, BOE refuses Samsung Display’s allegations. It insists that OLED technology has been independently developed. However, Samsung Display says that BOE has accessed its trade secrets through illicit means.

The ITC is currently investigating Samsung Display’s complaint. If the ITC finds that BOE has indeed infringed on Samsung Display’s patents, it could issue an exclusion order barring BOE from importing and selling its OLED products in the U.S. This would be a major blow to BOE, which is a major supplier of OLED panels to phone makers.

Moreover, a Business Korea report cites industry experts saying that Samsung Electronics is reportedly expanding its supply chain to include other suppliers. It includes LG Display, Sharp, and AUO. All in all, the situation is worsening for BOE. Samsung Electronics has already excluded it from the list of partners, and Apple reportedly cancelled iPhone 15 OLED orders citing quality concerns.


[ad_2]
Source link

What role do GPUs play in cryptocurrency mining?

0
[ad_1]

Cryptocurrency mining is the process of validating and adding transactions to a blockchain ledger, and miners are rewarded with cryptocurrency tokens for their efforts. This article delves into the critical role that Graphics Processing Units (GPUs) play in this complex and evolving landscape. For those starting out with bitcoin investments, SyntroCoin provides a trustworthy avenue for trading cryptocurrencies.

The Evolution of Cryptocurrency Mining

Early Days of Bitcoin Mining

In the early days of cryptocurrency, Bitcoin could be effectively mined using a CPU (Central Processing Unit). However, as the network grew and competition intensified, CPU mining became obsolete due to its inefficiency and limited processing power.

Emergence of GPU Mining

Graphics Processing Units (GPUs) emerged as the next logical choice for cryptocurrency miners. Their parallel processing capabilities allowed for significantly higher hash rates compared to CPUs. GPUs were particularly well-suited for the SHA-256 algorithm used in Bitcoin mining.

Shift Towards ASIC Mining

As cryptocurrencies gained more popularity, the mining landscape continued to evolve. Application-Specific Integrated Circuits (ASICs) were developed to mine specific cryptocurrencies, surpassing GPUs in terms of efficiency. Bitcoin miners, in particular, transitioned to ASICs, making GPU mining for Bitcoin less profitable.

Understanding GPUs in Cryptocurrency Mining

How GPUs Work

GPUs are specialized hardware designed for rendering graphics, but their parallel processing architecture makes them suitable for a wide range of computational tasks, including cryptocurrency mining. A GPU consists of thousands of small cores capable of performing multiple calculations simultaneously, making them ideal for the repetitive calculations required in mining.

GPU Mining Algorithms

Different cryptocurrencies use various mining algorithms, and GPUs are particularly efficient in certain types. For example, the Ethash algorithm used by Ethereum relies on memory-intensive tasks that GPUs excel at, making them the preferred choice for Ethereum miners.

Advantages of Using GPUs in Mining

GPUs offer several advantages in cryptocurrency mining, including versatility, affordability, and ease of replacement. Miners can switch between different coins and algorithms, ensuring a steady income stream. GPUs are also more accessible to hobbyists and small-scale miners compared to costly ASICs.

Popular Cryptocurrencies Mined with GPUs

Bitcoin and GPU Mining

While Bitcoin mining with GPUs is no longer profitable for most, some altcoins that share Bitcoin’s SHA-256 algorithm can still be mined with GPUs. However, these coins often have lower market values and higher volatility.

Ethereum and Ethash Algorithm

Ethereum is one of the most popular cryptocurrencies that can be mined with GPUs. The Ethash algorithm’s memory-intensive nature favors GPUs, and Ethereum’s continued growth has kept GPU mining profitable.

Other GPU-Mineable Cryptocurrencies

Numerous altcoins, including Litecoin, Ravencoin, and Zcash, are mineable with GPUs. Miners often shift their attention to these coins when profitability decreases for major cryptocurrencies.

Building a GPU Mining Rig

Hardware Requirements

To build a GPU mining rig, you’ll need GPUs, a motherboard with multiple PCIe slots, a power supply unit (PSU), cooling solutions, and a reliable internet connection. Selecting the right hardware components is crucial for efficient mining.

Software Setup

Mining software is essential to configure and manage your mining rig. Popular choices include CGMiner, Claymore’s Dual Miner, and NiceHash. Each software has its unique features and compatibility with different GPUs and algorithms.

Mining Pools and Software

Mining pools are groups of miners who combine their computational power to increase the chances of earning rewards. Joining a mining pool can provide more consistent payouts compared to solo mining.

Challenges and Considerations

Energy Consumption and Environmental Impact

The energy consumption associated with cryptocurrency mining, especially for Proof-of-Work (PoW) coins, has raised environmental concerns. Miners should consider the ecological impact and explore more energy-efficient alternatives.

GPU Availability and Pricing

The demand for GPUs for mining has led to supply shortages and increased prices. Miners often face challenges in acquiring GPUs at reasonable prices, which can impact profitability.

Regulatory and Legal Considerations

Cryptocurrency mining operates in a regulatory gray area in many countries. Miners should be aware of local laws and tax implications related to mining activities to avoid legal issues.

The Future of GPU Mining

Upcoming Developments in GPU Technology

GPU manufacturers continue to innovate, releasing more powerful and efficient models. Miners should stay updated on these developments to maximize their mining efficiency.

Potential Shifts in Cryptocurrency Mining Methods

The cryptocurrency industry is dynamic, and the future of mining may involve a shift from PoW to Proof-of-Stake (PoS) or other consensus mechanisms. Miners should adapt to changing trends and explore new opportunities.

The Ongoing Role of GPUs in Mining

In conclusion, GPUs have played a crucial role in the history of cryptocurrency mining, offering miners a flexible and profitable option. While ASICs have dominated Bitcoin mining, GPUs remain a viable choice for many other cryptocurrencies. As the industry continues to evolve, miners should adapt to new challenges and opportunities to thrive in the ever-changing world of cryptocurrency mining.

Conclusion

This article has provided a comprehensive overview of the role of GPUs in cryptocurrency mining. From their evolution in the mining landscape to the technical aspects of GPU mining, building mining rigs, and addressing challenges, GPUs remain a pivotal tool for miners worldwide. As the cryptocurrency industry continues to advance, the significance of GPUs in mining is expected to persist.


[ad_2]
Source link

ALPHV (BlackCat) Ransomware Gang Uses Google Ads for Targeted Victims

0
[ad_1]

According to eSentire, the ALPHV ransomware gang is employing the Nitrogen malware in the ongoing attacks.

Cybersecurity experts at eSentire, a leading global cybersecurity solutions provider, have published details of an ongoing attack campaign from Russian-speaking affiliates of the notorious ALPHV (aka BlackCat) ransomware gang.

According to eSentire’s Threat Response Unit (TRU) researchers, key targets in this campaign are public entities and corporations in the Americas and Europe. Over the last three weeks, these affiliates have breached a manufacturer, a law firm, and a warehouse provider within eSentire’s customer network, apart from other firms. However, eSentire’s security research team thwarted and neutralized these attacks.

Researchers noted that ALPHV/BlackCat threat actors gain initial access to their target’s IT networks through three methods. These include exploiting stolen or compromised login credentials to gain unauthorized access, exploiting vulnerabilities in remote management/monitoring tools to access IT systems, and browser-based attacks in which users are tricked into visiting malicious websites that deliver malware or malicious links in emails or social media posts.

Furthermore, they observed that BlackCat affiliates have expanded their attack tactics substantially to include malvertising. In this campaign, the attackers place deceptive Google ads promoting popular software like Advanced IP Scanner, WinSCP, Slack, or Cisco AnyConnect to trick business professionals into visiting certain websites.

In reality, these attacker-controlled websites deliver Nitrogen malware under the guise of authentic software. They lure users by placing malicious ads at the top of search results for keywords relevant to businesses, for instance, ‘ cloud backup solutions.’

They can also use the name of a fictional company to lure their targets into clicking on the ads. These cyberattacks seem to be part of a larger campaign involving malicious ads for WinSCP placed on both Google and Bing search results by ALPHV/BlackCat affiliates.

“The malvertising attacks they shut down in the past three weeks on behalf of the law firm and manufacturer are a continuation of a June 2023 campaign, where an affiliate of the ALPHV/BlackCat Ransomware gang was observed using malicious ads to distribute the Nitrogen malware, which led to the ALPHV/BlackCat ransomware” eSentire’s blog post revealed. 

Nitrogen is an initial-access malware discovered in June 2023. It uses obfuscated Python libraries and DLL sideloading to evade detection and hide its attack path after infection.

After getting installed, it lets attackers gain a foothold in the targeted entity’s IT environment. Attackers can then infiltrate deeper and launch malware of their choice. In the ongoing campaign, victims are typically infected with ALPHV/BlackCat ransomware, eSentire TRU’s senior threat intelligence researcher Keegan Keplinger noted.

For your information, the ALPHV/BlackCat ransomware gang is known for its $100 million MGM Resorts breach. Its attack tactics have evolved from experienced ransomware operators such as the Colonial Pipeline attack fame DarkSide, REvil, and BlackMatter. Some of its prominent affiliates include Scatted Spider, FIN7, and UNC2565. 

The BlackCat/ALPHV ransomware presents a significant threat to businesses and unsuspecting users. The severity is underscored by the FBI’s release of Indicators of Compromise (IoC) last year (PDF).

Considering that ransomware operators are now exploiting social media and Google Ads to reach a wider audience, business owners should remain cautious of unexpected ads or too-good-to-be-true offers.

Always verify the legitimacy of the company offering the ad before clicking on it. Never download software from unknown/unverified sources, and use a reputable anti-malware program.

  1. Hackers use Google Ads to steal $50 million of Bitcoin
  2. Google Ads Malware Wipes NFT Influencer’s Crypto Wallet
  3. Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack
  4. Fake Brave browser website dropped malware, thanks to Google Ads
  5. Ad-blocker Chrome extension AllBlock injected ads in Google searches

[ad_2]
Source link

Samsung pushes November update to Galaxy S22 in the US

0
[ad_1]

A few more Samsung smartphones are now receiving the November security patch in the US. The company has released the new SMR (Security Maintenance Release) for the Galaxy S22 series, Galaxy Z Fold 3, and Galaxy Z Flip 3. The foldable models have already received the update in international markets but the 2022 flagships are picking it up stateside ahead of a global rollout.

Galaxy S22 and 2021 foldables get November update in the US

As of this writing, only factory-unlocked Galaxy S22 phones are receiving the November security patch in the US. The update comes with the firmware build number S90*U1UES3CWK1 and doesn’t bring anything more than this month’s security fixes. Samsung will push the new SMR to the carrier-locked units in the coming days, while simultaneously expanding the release to international markets.

For the Galaxy Z Fold 3, the update is available to users of both carrier-locked and unlocked units. The new build numbers are F926USQS4GWK2 and F926U1UES4GWK1, respectively. As you might expect, it’s a similar changelog. Samsung isn’t pushing anything extra here. The update is all about the latest security patches. The November SMR contains more than 60 vulnerability fixes.

The story is unchanged for the Galaxy Z Flip 3 too. Samsung is widely rolling out the update to the 2021 clamshell foldable in the US. The November SMR comes with firmware version F711USQS5GWK2 for carrier-locked units and F711U1UES5GWK1 for unlocked units. With Android 14 and One UI 6.0 just around the corner, we can understand the Korean firm’s decision to not push any goodies with this release.

As said earlier, this month’s security update for Galaxy phones patches more than 60 vulnerabilities. The majority of those are Android OS patches coming from Google, which labeled five vulnerabilities as critical issues. We have 15-odd Galaxy-specific patches as well. The latest update with patch these vulnerabilities on your Galaxy S22, Galaxy S22+, Galaxy S22 Ultra, Galaxy Z Fold 3, or Galaxy Z Flip 3.

All of these phones will get Android 14

Samsung has already begun its Android 14 rollout but it has yet to push the update to any other model except for the Galaxy S23 trio. It might begin a wider rollout in the coming days. It is expected to push the big update to all eligible flagship models before the end of the year, including the past three generations of foldables, the Galaxy S22 series, and the Galaxy S21 series. We will let you know when the rollout begins.


[ad_2]
Source link

Microsoft is developing a new AI tool to help its blind customers

0
[ad_1]

A sad fact of tech is that most technology is meant to benefit people with eyesight. However, people who are visually impaired rely on technology as much as anyone else. Well, Microsoft has adopted a new AI technology that will help its blind customers better navigate its services, according to a new report.

There’s a service called Be My Eyes that helps people who are blind and visually impaired get through their every tasks. Well, Microsoft partnered with Be My Eyes and integrated its technology into its own Disability Answer Desk. It will help Microsoft customers with any sort of troubleshooting they need to do. Since this involves Microsoft, it should come as no surprise that this is an AI tool.

Microsoft will use AI to help its blind customers

Be My Eyes has been around since 2015, and the company just started working on implementing AI into its service. Called Be My AI, this service uses OpenAI’s GPT-4 to ascertain images taken with a phone. It will then give the user a verbal description of what’s in the picture. So, a person could take a picture of their medication or a user manual for a device. The app will give them verbal feedback on what they took a picture of.

This way, they have a way to know what’s going on around them. Right now, this function is in beta testing for iPhone users. If you want to learn more about this, you should go to the Be My Eyes page.

Microsoft is going to implement Be My AI’s technology into its Disability AnswerDesk. It’s essentially creating an AI-powered assistant that will help them with their technical problems. So, if a user is having trouble with one of the company’s services, they can use the AI assistant to solve their problems.

In fact, after some limited testing, it turns out that people prefer to go about it this way instead of talking to a human agent. About 90% of the people involved in the test chose using AI over a human being.

Microsoft is one of many companies gearing up to use Be My Eyes in their services. Other companies like Sony, Hilton, OpenAI, and Procter & Gamble are also looking to implement the technology into their services. This could be a game changer for people who are visually impaired.


[ad_2]
Source link

You may soon be able to hide the “At a Glance” widget on Pixels

0
[ad_1]
After years of requests from users, Google is finally giving Pixel owners the option to disable the At a Glance widget on the Pixel Launcher. This change was spotted in the works as part of the Android 14 QPR2 Beta 1 update, which was released yesterday.

As Pixel device owners know all too well, the At a Glance widget is a small text based bar that sits at the top of the primary home screen of the Pixel launcher. It displays information such as the weather, calendar events, and traffic conditions — and while the widget can be useful — the fact that it cannot be disabled has been the cause of complaints about its intrusive nature.

However, as spotted by Mishaal Rahman, Android 14‘s latest beta includes a hidden toggle that will allow you to completely hide the “At a Glance” widget from the home screen, thus freeing that space up for other app icons and/or widgets. This is a change that is expected to be welcomed by many Pixel phone users that would like more control over the way their device’s home screen looks.

However, it’s important to note that this change is still a few months away from being available to the general public. The Android 14 QPR2 Beta 1 update is currently only available to developers and beta testers, and the “Add At a Glance to home screen” settings toggle is still not active. Furthermore, The final release of Android 14 QPR beta builds is not expected to be released until next year.

Historically, customization options on the Pixel launcher had been pretty limited, with some users having to opt for using a third party launcher that offers more flexibility. For Pixel phone owners, hiding the At a Glance widget will open new possibilities and might entice them to give the out of the box experience a chance. Now, if only the Pixel launcher would also support icon packs, then we’d really be in business.

[ad_2]
Source link

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

0
[ad_1]

Protestware is a controversial form of activism. Some people believe that it is a necessary evil to draw attention to important issues. Others believe that it is a harmful and unethical practice.

Cybersecurity researchers at ReversingLabs, a prominent software supply chain security provider, have discovered a new wave of Protestware involving npm packages hiding scripts that bring attention to the humanitarian crisis in two conflict-ridden regions- Ukraine and the Gaza Strip.

Reversing Labs’ cyber content lead and blog author, Peter Roberts explained that protestware is a unique kind of cyberactivism in which the actor utilizes the ‘open-source software ecosystem’ to record protests against social or political issues. They embed code into the software, which, when installed or used, triggers a message or other action that draws attention to the protestware developer’s cause.

“Application developers conceal political messages inside open source code, often designing it to display to the user after an application is installed or when it is executed,” the blog post read.

The same method has been used to call attention to the wars in Ukraine and Gaza. Protestware developers have created software that displays messages condemning the violence. 

In the latest campaign, two different protestware samples were found by researchers. The first one used a popular Node.js package manager npm version, e2eakarev npm package, version 7.1.0, published in late October 2023, by an npm user, ‘~updater.downloader.’ It claims to be a ‘free Palestine protest package,’ and has been downloaded eight times so far.

ReversingLabs researcher Lucija Valentić discovered that after installation, this package triggers a postinstall script (index.js) that first checks the location where it is launched. If it is Israel, the package displays an English-language message in the terminal, urging the reader to raise awareness for the ‘Palestinian struggle,’ support the “Boycott, Divest, Sanction (BDS) movement,” and donate to humanitarian aid. The message bears the sign “The Anonymous Protestor.” 

Another package, dubbed “@snyk/sweater-comb”, was discovered, version 2.1.1. This npm package was released in August 2023 by Snyk and included a common JavaScript library module called “es5-ext” (already used in many other applications, including Signal Messenger’s installation executable for Windows). The protestware feature was added to this package in early March 2022, as per Checkmarx’s report.

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine
Screenshot: ReversingLabs

When installed, the module executes a postinstall script ‘_postinstall.js’ that first checks the host device’s geolocation. If it is Russia, a message in the Russian language is displayed urging for peace in Ukraine. 

Tomislav Peričin, Chief Software Architect at ReversingLabs, expressed concern over the rising vulnerabilities and software supply chain attacks, stressing that political messages could escalate over time.

“The risks that developers and software consumers face have never been higher, including political messages. Having software perform random acts of political activism does little for the specific cause. But it does decrease the private sector’s already shaky trust in software.”

Tomislav Peričin

Referring to the worldwide condemnation of the Russian invasion of Ukraine, and the resulting sanctions imposed on Russia, the message encourages readers to download the Tor browser or visit a webpage to circumvent censorship. 

Apart from displaying these messages, the packages performed no other actions. This indicates that these aren’t malicious per se.

Protestware may appear similar to ethical hacking, but it does highlight the persistent nature of risks associated with the open-source software ecosystem. Threat actors can easily manipulate users by exploiting popular applications in the name of protestware.

  1. Does Hacktivism Really Equal Terrorism?
  2. Anonymous hacked Russian TV with Ukraine war footage
  3. Anonymous sent 7m texts to Russians, hacked 400 security cams
  4. Ukrainian Hacktivists Trick Russian Military Wives for Personal Info
  5. Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App

[ad_2]
Source link