TP-Link Omada Vulnerabilities – Attackers Execute Remote Code

andreasc
-
0
TP-Link Omada Vulnerabilities – Attackers Execute Remote Code
[ad_1]

Multiple vulnerabilities have been identified in the TP-Link Omada system, a software-defined networking solution widely used by small to medium-sized businesses.

These vulnerabilities, if exploited, could allow attackers to execute remote code, leading to severe security breaches.

The affected devices include wireless access points, routers, switches, VPN devices, and hardware controllers for the Omada software.

Vulnerability Details

Identified Vulnerabilities

Twelve unique vulnerabilities were identified and reported to the vendor following our responsible disclosure policy.

Cisco Talos researchers have identified twelve unique vulnerabilities in the TP-Link Omada system.

These vulnerabilities were reported to the vendor following a responsible disclosure policy. The affected devices include:

  • EAP 115 and EAP 225 wireless access points
  • ER7206 gigabit VPN router
  • Omada software controller

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

The vulnerabilities are categorized as follows:

  1. TALOS-2023-1888: A stack-based buffer overflow in the web interface Radio Scheduling functionality of the TP-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0, build 20220926. This can lead to remote code execution.
  2. TALOS-2023-1864: A memory corruption vulnerability in the web interface functionality of the same device, leading to denial of service.
  3. TALOS-2023-1862: A command execution vulnerability in the tddpd enable_test_mode functionality of the TP-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) and TP-Link N300 Wireless Access Point (EAP115 V4). This can lead to arbitrary command execution.
  4. TALOS-2023-1861: A denial-of-service vulnerability in the TDDP functionality of the TP-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3), allowing an adversary to reset the device to factory settings.
  5. TALOS-2023-1859: A post-authentication command execution vulnerability in the web filtering functionality of the TP-Link ER7206 Omada Gigabit VPN Router.
  6. TALOS-2023-1858: A post-authentication command injection vulnerability when configuring the web group member of the TP-Link ER7206 Omada Gigabit VPN Router.
  7. TALOS-2023-1857: A post-authentication command injection vulnerability when configuring the WireGuard VPN functionality of the TP-Link ER7206 Omada Gigabit VPN Router.
  8. TALOS-2023-1856: A post-authentication command injection vulnerability when setting up the PPTP global configuration of the TP-Link ER7206 Omada Gigabit VPN Router.
  9. TALOS-2023-1855: A post-authentication command injection vulnerability in the GRE policy functionality of the TP-Link ER7206 Omada Gigabit VPN Router.
  10. TALOS-2023-1854: A post-authentication command injection vulnerability in the IPsec policy functionality of the TP-Link ER7206 Omada Gigabit VPN Router.
  11. TALOS-2023-1853: A post-authentication command injection vulnerability in the PPTP client functionality of the TP-Link ER7206 Omada Gigabit VPN Router.
  12. TALOS-2023-1850: A command execution vulnerability in the guest resource functionality of the TP-Link ER7206 Omada Gigabit VPN Router.

Technical Details

TDDP on Wireless Access Points

The TP-Link Device Debug Protocol (TDDP) is available on many devices and is exposed for 15 minutes of a device’s runtime. This service allows remote servicing without manual activation.

During this time, various functions on the device are exposed, which can be exploited by attackers.

Example Code Snippet:

struct tddp_header {

    uint8_t version;

    uint8_t type;

    uint8_t code;

    uint8_t direction;

    uint32_t pay_len;

    uint16_t pkt_id;

    uint8_t sub_type;

    uint8_t reserved;

    uint8_t digest[0x10];

};

Payload Construction:

Python

digest_req = b''

digest_req += struct.pack('B', self.version)

digest_req += struct.pack('B', self.type)

digest_req += struct.pack('B', self.code)

digest_req += struct.pack('B', self.direction)

digest_req += struct.pack('>L', self.pkt_len)

digest_req += struct.pack('>H', self.pkt_id)

digest_req += struct.pack('B', self.sub_type)

digest_req += struct.pack('B', self.reserved)

digest_req += b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

digest_req += self.payload

digest = hashlib.md5(digest_req).digest()

Vulnerability Impact

Factory Reset Device (TALOS-2023-1861)

The TDDP service can factory reset the device through a single ENC_CMD_OPT request, passing a subtype code of 0x49 via the payload field.

This causes the device to reset its configuration to the factory default and act abnormally until the next power cycle.

Gain Root Access (TALOS-2023-1862)

The TDDP service can also indirectly obtain root access on specific devices through the enableTestMode command.

This command causes the device to execute a shell script from a predefined address, allowing an attacker to execute any command as the root user.

The discovery of these vulnerabilities highlights the importance of regular security assessments and timely patching of network devices.

TP-Link has been notified and has released patches to address these issues.

Users are strongly advised to update their devices to the latest firmware to mitigate potential risks.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Google already had defense against Snowblind Android malware

andreasc
-
0
Google already had defense against Snowblind Android malware
[ad_1]

Yesterday, a security firm published a report about a never-before-seen Android malware named Snowblind. It allegedly abuses a built-in Android safety feature to avoid detection. Its novel technique made all modern Android devices and apps vulnerable to it. However, Google refutes the claim. In a statement to Android Headlines, the Android maker said it was already aware of the malware and has implemented safety measures against it.

Google Play Protect can detect and block Snowblind Android malware

Discovered by mobile app security provider Promon, Snowblind is a new Android banking malware that manipulates the Android system to compromise apps without detection. It attacks Android’s safety tool called “seccomp” (secure computing) to bypass security checks and stealthily execute malicious activities. The attackers can steal login credentials and other information to make unauthorized financial transactions on infected devices.

Promon said it had never seen “seccomp being used as an attack vector before,” making Snowblind a first-of-its-kind Android malware. The firm added that it does not expect many apps to have protections against it. The security provider encouraged its customers and other app developers to upgrade to its Promon SHIELD version 6.5.2 or newer to keep their products safe from Snowblind and other potential seccomp-based security attacks in the future.

Shortly after we reported on Promon’s discovery, Google reached out saying it was aware of Snowblind and its techniques. “We can confirm we were already aware of this malware before this report,” the company said in an emailed statement to us. It didn’t mention the malware’s name for obvious reasons—Promon gave the name Snowblind because it was the first to publicly disclose this Android banking malware abusing a system feature.

“Based on our current detection, no apps containing this malware are found on Google Play,” the official statement added. “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”

Snowblind may not be as dangerous as it originally sounded

Promon’s report suggested that Snowblind is a dangerous malware and that most Android apps lack protection against it. However, Google’s statement clarifies the threat. While the malware exists, Google Play Protect automatically blocks its activities, protecting Android users from all known versions of Snowblind. Google Play Protect can also detect malicious behavior in apps installed from outside of the Play Store. However, it is always safer to only download apps from official stores.


[ad_2]
Source link

Here are Samsung’s new Galaxy Buds 3 and Buds 3 Pro!

andreasc
-
0
Here are Samsung’s new Galaxy Buds 3 and Buds 3 Pro!
[ad_1]

Well, the rumors seem to be true; Samsung is giving up its identity in the earbuds market and opting for an AirPod aesthetic. We’ve been seeing a ton of leaked images and renders about these new buds. Now, thanks to Evan Blass, we have some high-res images of the Galaxy Buds 3 and Galaxy Buds 3 Pro.

Oh, we miss the olden days when Samsung was the antithesis of Apple. Sure, people mocked the Galaxy S5’s “Band-Aid” back, but it was unique, for goodness’ sake! It contrasted what Apple was doing with the iPhone, and people appreciated it. Now…. we’re seeing the Korean giant copy Apple’s homework more than we’d like to see.

Recent leaks of the Galaxy Buds and the Galaxy Watch 7 show that Samsung is leaning more towards Apple’s aesthetic. The Galaxy Watch might bring a square design when its previous watches sported beautiful circular designs.

Here are high-res images of the Galaxy Buds 3 and Buds 3 Pro

Looking at the renders of these upcoming earbuds, it’s not hard to see the AirPod inspiration. The most notable thing is the addition of the stem design. Several brands opted for this design, but Samsung famously brought wild and interesting designs for its earbuds. We all remember the Galaxy “Beans.”

However, these images show us two types of earbuds. We expect one pair to be the Galaxy Buds 3 and the other to be the Galaxy Buds 3 Pro. Starting off with the base model, these look like your typical stemmed earbuds. We see that there’s a black line that runs down the stem. That’s one defining feature.

One thing that reports point to is a squeeze gesture. If so, then that will be another defining feature of these earbuds. We’re not sure if squeezing the stem will make interacting with them any easier.

On the outside of the bud, we see two microphones. We don’t know if there’s going to be a microphone on the stem.

Galaxy Buds 3 Pro

Now, let’s move on to the Pro variant. According to the images, these will look even closer to AirPods. It looks like they’ll forgo the removable ear tips and slide directly into the ears. We see the actual speaker grill with what looks like the in-ear sensor in the image. Above the alleged sensor, we see what looks like a microphone.

The Pro will also have the black line down the stem. This could be the main visual cue making these stick out. On the back of the Galaxy Buds 3 Pro, we see two additional microphones.

Case

Along with the images of the buds, we also see the case that they’ll come in. As you could guess, the case will look closer to the AirPods’ case. What makes this case different from the AirPods case is the transparent lid.

The transparent lid will allow you to see the colored lights on either side of the case. There’s a blue light for the left bud and an orange light for the right bud. This matches the colored strips on the bottom of the actual earbuds. We’re not sure if these are just colored strips or if they’re lights. We’ll have to see them to be sure.

Right now, we’re still waiting for more information about these earbuds to come out. Right now, we only have leaked specs. They could have up to 24 hours of battery life, IP57 water and dust resistance, and be compatible with Google’s Find My Device network.


[ad_2]
Source link

Google could soon expand access to Imagen 3 AI model to its Gemini Advanced subscribers

andreasc
-
0
Google could soon expand access to Imagen 3 AI model to its Gemini Advanced subscribers
[ad_1]

Image credit — Google

Google appears to be expanding access to its most advanced text-to-image AI model, Imagen 3. Originally announced last month with limited access, Google is believed to be planning early access to it for Gemini Advanced subscribers through a popup within the beta version of the Google app for Android.Spotted through an APK teardown, the app’s code reveals that Imagen 3 could become more widely available after its initial limited release. While there’s no definitive way to confirm if the updated model uses Imagen 3, it’s highly likely based on the app’s popup message.

The popup header announces the “First look: Imagen 3” and invites Gemini Advanced subscribers to experience early access to the latest version of the AI tool. Additionally, a drop-down list outlines the updated features of this advanced AI model.

Imagen 3 as spotted in the latest beta of the Google app for Android and unofficially activated via code flags

| Images credit — AssembleDebug and Android Authority

The popup also provides information about the new and enhanced features available in the latest version of the AI tool, although the specifics of those features remain undisclosed. Initially, only select creators were granted access to Imagen 3 through a private preview, with others able to join a waitlist. Now, with this expanded access, Gemini Advanced subscribers will be given the opportunity to explore and test the capabilities of Imagen 3.

The expanded access suggests that Google is progressively rolling out the model to a wider user base, starting with its Gemini Advanced subscribers. While the company hasn’t made an official announcement about this wider access, the discovery within the Google app for Android strongly indicates a broader release.

Although there’s no confirmation yet that the model is using Imagen 3, it seems highly probable given the available information. With this expanded access, users will be able to explore the latest advancements in AI-generated images and contribute to refining the model’s capabilities through their feedback and experiences.


[ad_2]
Source link

Thousands of UEFA Customer Credentials Sold on Dark Web

andreasc
-
0
Thousands of UEFA Customer Credentials Sold on Dark Web
[ad_1]

The thrilling UEFA League, aka Euro 2024, is attracting over 20 million football fans in Germany and millions more worldwide. However, this excitement has also attracted the attention of threat actors who are exploiting the event’s anticipation to fulfil their nefarious objectives.

A new report from Cyberint highlights a surge in cyber threats targeting the event. Its Dark Web monitoring reveals threat actor discussions related to UEFA, sales account searches, ticket offers, free/cheap streaming services, and the sale of compromised customer credentials. 

Reportedly, threat actors are using compromised UEFA customer credentials to perform fraudulent activities, such as account takeovers and ticket purchases. They can also steal sensitive personal information, impersonate account owners, and gain access to funds or payment cards. 

Cyberint has detected over 15,000 exposed UEFA customer credentials since 2024, and over 2,000 UEFA customer credentials were found for sale on dark web marketplaces. These credentials are often exposed through credential harvesting malware, which infects the victim’s machine and sends user input logs to the C&C server operator.  

Since UEFA has sold streaming rights for its tournaments to media networks, it provides cybercriminals with an opportunity to create illegal content sites to lure fans without cable or streaming subscriptions through promises of free livestreaming and real-time scores. Clicking on links on these malicious websites can lead to data breaches or virus infections. These sites may demand ransom for the victim’s computer and network, or gain control of a system for fraud or spying. Drive-by downloads, a type of malware attack, can also occur by visiting the site.

Researchers noted that mobile apps impersonating UEFA’s official app are widely available on third-party app stores, often containing malicious elements. These stores are less regulated, allowing anyone to upload unauthorized apps without supervision.

Threat actors upload unauthorized apps, often containing malicious elements, exposing users to malware and data breaches. The apps target UEFA’s fans, customers, and volunteers, using the brand’s name and logo.

Moreover, Euro 2024 fans are increasingly relying on third-party ticket-selling websites, which also presents opportunities for scammers. Some sellers exploit fans’ enthusiasm by peddling fake or non-existent tickets, reaching out through social media or creating elaborate phishing websites to mimic legitimate ticket sellers.

Another fraud vector is the ticket lottery, offering fans a chance to earn free tickets. Threat actors can use the provided details to target victims for scams or sell the information to the highest bidder. 

Euro 2024 Fans Beware: Thousands of UEFA Customer Credentials Sold on Dark Web
Screenshot shows cybercriminals selling UEFA customer accounts and a malicious app impersonating the original UEFA app (Screenshot: Cyberint)

Researchers identified that UEFA’s website might be the weak link in this scenario.

“One notable aspect is the misconfiguration of UEFA’s official website – uefa.com. Such vulnerabilities present a tangible risk, potentially serving as gateways for threat actors to launch attacks,” researchers explained in the report shared with Hackread.com.

Cyberint recommends being cautious of unsolicited communications, verifying website authenticity, and using secure payment methods. To avoid ticket fraud, buy tickets only from authorized sources, use secure payment platforms like PayPal, prefer credit card payments, and avoid direct bank or money transfers, to prevent Euro 2024 from being marred by “opportunist threat actors.”

  1. Stolen Singaporean Identities Sold on Dark Web Starting at $8
  2. Crooks Exploited Satellite Live Feed Delay for Betting Advantage
  3. Russia hacked Winter Olympics & framed N.Korea in false-flag attack
  4. Cybersecurity Loopholes Found in Paris 2024 Olympics Infrastructure
  5. Hackers Disrupts Winter Olympics Website During Opening Ceremony

[ad_2]
Source link

Medusa RAT Attacking Android to Steal SMS & Screen Control

andreasc
-
0
Medusa RAT Attacking Android to Steal SMS & Screen Control
[ad_1]

A new variant of the Medusa malware family was discovered disguised as a “4K Sports” app, which exhibits changes in command structure and capabilities compared to previous versions. 

Researchers believe these changes are aimed at improving efficiency and strengthening the botnet.

The MaaS model used by Medusa allows for adaptations based on various factors, such as new affiliates seeking less detectable variants to target unexplored regions. 

Sports 4K Activities
Sports 4K Activities

The Medusa banking Trojan, first discovered in 2020, grants attackers remote access to devices through VNC and accessibility services, allowing them to perform real-time screen sharing, steal keystrokes, and launch overlay attacks for on-device fraud (ODF) such as account takeover (ATO). 

Medusa communicates with the attacker’s C2 server through a web socket connection, fetching the URL dynamically from social media platforms like Telegram for obfuscation and resilience against takedowns.

The malware also utilizes backup channels on social media for additional communication redundancy. 

Key-logging in Action
Key-logging in Action

A recent resurgence of Medusa malware campaigns, since July 2023, utilizes social engineering (smishing) to deliver droppers that side-load the malware onto Android devices in targeted countries (CA, ES, FR, IT, UK, US, TK). 

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

This new variant leverages on-device fraud (ODF) but specific cash-out methods and transfer amounts remain unknown, while Medusa exhibits adaptability through its backend infrastructure, which can support multiple botnets with distinct functionalities. 

Cleafy discovered five active botnets that were distinguished from one another based on the types of decoys, distribution strategies, and locations that were targeted. 

 Most-used icons and names in recent Medusa campaigns
 Most-used icons and names in recent Medusa campaigns

Two Medusa botnet clusters were identified; where Cluster 1 targets Turkey, the US, and Canada and uses traditional phishing tactics, while Cluster 2 targets Europe and uses droppers besides phishing, as both clusters are reducing requested permissions to evade detection. 

Early campaigns requested permissions for cameras, microphones, locations, etc., but recent campaigns only request permissions for core functionalities like accessibility, SMS, internet, foreground service, and package management, which makes them stealthier and harder to detect.  

Comparison of permissions required in early and recent campaigns
Comparison of permissions required in early and recent campaigns

Researchers identified a new variant of Medusa malware with a streamlined command set, and 17 commands from the previous version were removed to reduce its footprint and improve stealth. 

Command “setoverlay” in action
Command “setoverlay” in action

Five new commands were introduced, including taking screenshots, uninstalling apps, and controlling the device screen with a black overlay, which allows attackers to mask malicious activities and potentially steal sensitive information. 

Some functionalities requiring permissions (e.g., sending SMS, getting contacts) are still present in the code but blocked by the system without permission grants, which suggests that the malware is adaptable and can be easily modified for future campaigns. 

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more

andreasc
-
0
Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more
[ad_1]

A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses.

As more and more legislation emerges requiring websites and platforms—like gambling services, social networks, and porn sites—to verify their users’ age, the requirement for authentication companies offering that service rises.

You may never have heard of the Israeli based authentication company, AU10TIX, but you will certainly recognize some of its major customers, like Uber, TikTok, X, Fiverr, Coinbase, LinkedIn, and Saxo Bank.

Au10tix advertising the authentication and age verification for the world's leading brands

AU10TIX checks users’ identities via the upload of a photo of an official document.

A researcher found that AU10TIX had left the credentials exposed, providing 404 Media with screenshots and data to demonstrate their findings. The credentials led to a logging platform containing data about people that had uploaded documents to prove their identity.

Whoever accessed the platform could peruse information about those people, including name, date of birth, nationality, identification number, and the type of uploaded document such as a drivers’ license, linking to an image of the identity document itself.

Research showed that the likely source of the credentials was an infostealer on a computer of a Network Operations Center Manager at AU10TIX.

Stolen credentials have shown to be a major source of breaches like those recently associated with Snowflake. Snowflake pointed to research which found that one cybercriminal obtained access to multiple organizations’ Snowflake customer instances using stolen customer credentials.

Another major problem is that these sets of credentials get traded and sold all the time. And it’s not as if when you sold them once, that’s it. Digital information can be copied and combined endlessly, leading to huge data sets that criminals can use as they see fit.

We’ve talked about the dangers of data brokers in the past. The California Privacy Protection Agency (CPPA) defines data brokers as businesses that consumers don’t directly interact with, but that buy and sell information about consumers from and to other businesses. There are around 480 data brokers registered with the CPPA. However, that might be just the tip of the iceberg, because there are a host of smaller players active that try to keep a low profile.

Either way, for any company and particularly an authentication company working with sensitive data, having such an account accessible with just login credentials should be grounds for serious penalties.

In a statement given to 404 Media, AU10TIX said it was no longer using the system and had no evidence the data had been used:

“While PII data was potentially accessible, based on our current findings, we see no evidence that such data has been exploited. Our customers’ security is of the utmost importance, and they have been notified.”

For now, there’s not much that individual users of the brands can do apart from keep an eye out for any official statements, and consider an ongoing identity monitoring solution. Below are some general tips on what to do if your data has been part of a data breach:

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your personal data exposure

You can check what personal information of yours has been exposed on our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.


[ad_2]
Source link

HONOR Magic V3 will be even thinner than its predecessor

andreasc
-
0
HONOR Magic V3 will be even thinner than its predecessor
[ad_1]

HONOR Magic V3 will be even thinner than its predecessor, the Magic V2. This is not exactly a surprise. The Magic V2 was the first book-style foldable that actually felt like a regular smartphone in the hand.

The upcoming HONOR Magic V3 could be even thinner than the Magic V2 was

Well, the Magic V3 model is right around the corner, and the company’s teaser image just surfaced. We’re not sure if HONOR published this, but based on Teme’s words, the image you can see below is HONOR’s marketing image.

We haven’t been able to find it on HONOR’s social media platforms in China, so we’re not sure if it’s official yet. In any case, the first image in the gallery is unrealistically thin. The second one represents a more realistic look at the phone.

HONOR did something similar with last year’s model. This model will be even thinner than last year’s, though. The HONOR Magic V2 is 10.1mm thick when folded. Well, Teme says this one will be 9.Xmm thick when folded.

The camera bump is expected to be more substantial this time around, which is a good sign

You can also see a camera bump here, which is allegedly more realistic on the second image, but possibly not 100% accurate. It will be more substantial than last year. That’s actually a good thing. Why? Well, because it means that the phone will get a camera upgrade.

The HONOR Magic V2 was a great smartphone, but its cameras were not its best feature. Well, HONOR is seemingly looking to change that.

The HONOR Magic V2 was announced in July last year, so if HONOR plans to stick to its release cycle, its successor is coming next month. Do note that it took HONOR a long time to bring the global variant to consumers, though. It took the company about 6 months, despite the fact the phone was shown off at IFA in September last year.

Let’s hope that HONOR will be more prompt this time around. Let’s hope that we’ll get a global variant soon after the Chinese one launches.


[ad_2]
Source link

Thousands of Raptive creators push to hold AI companies accountable

andreasc
-
0
Thousands of Raptive creators push to hold AI companies accountable
[ad_1]

We’re at a point where we’re starting to see the negative effects of AI technology despite what CEOs of AI companies tell us in keynotes. Creators stand to lose significantly thanks to AI, and this is why they’re banding together. Thousands of Raptive creators band together to urge Congress to hold AI companies accountable.

It doesn’t take a rocket scientist to know what sort of effects AI technology will have on the creator economy. We’re already seeing creators being let go from their jobs because their employers chose to replace them with an AI model. As these AI tools get better, more people are going to lose their jobs. Writers, artists, musicians, filmmakers, actors, voice actors, etc. will all need to either abandon their lifelong passions or sell out and mass-produce soul-less AI slop to please money-hungry corporations. There are very few other avenues to take.

Thousands of Raptive creators want AI companies to be held accountable

The American has been hard at work trying to pull some AI regulations out of the ether, but not much has materialized. However, other entities are out fighting the good fight while the government waits for the ink to dry.

For example, several major record labels are suing the companies behind two AI music generators for copyright infringement. This is one of the many lawsuits going on right now.

Raptive is a company representing thousands of independent creators. It’s paid out more than $2 billion to creators, and that number is going up. Raptive also acknowledges the threat of AI technology.

The company, backed by more than 13,000 creators from across the U.S. has urged Congress to hold major AI companies accountable for their actions. According to PR Newswire, the creator economy is valued at $100 billion, and it could nearly double in the next three years. However, with AI companies shoving AI tools down our throats, we fear that the creator economy could crumble.

Requests

Raptive and the creators have a handful of requests. Firstly, they want to enforce copyright law to protect original content from being scraped without consent. Secondly, they want a form of revenue-sharing structure in place so that creators are properly compensated for their work. Thirdly, AI tools shouldn’t reduce the traffic going to creators’ websites. Tools like these (a good example is Google’s AI Overviews) can cut a company’s ad revenue significantly.

Fourthly, future AI products shouldn’t be able to unfairly compete against creators. This is pretty tricky, as this is what they’re doing now. “Why hire an artist to spend three hours on a painting when MidJourney can whip it up in 30 seconds?” These are the questions that companies are asking. So, we’re going to have to see what the government makes of that request. Lastly, the government needs to ensure that these AI companies are being held accountable for their behavior.

We’re talking about major corporations here; they’re about as ethical as a desert is wet. There need to be some rules, guidelines, and the threat of MAJOR FINES to keep companies in line. OpenAI, Alphabet, and Meta contacted Hollywood studios about their AI products. HOLLYWOOD STUDIOS! So, not even industry-level jobs are safe from AI. We need something to keep these companies from completely ruining the entire creator economy.


[ad_2]
Source link

Opera brings image generation and other AI features to its Android browser

andreasc
-
0
Opera brings image generation and other AI features to its Android browser
[ad_1]

Opera is one of the first companies to have fully adopted AI. The Norwegian browser is now delivering new features that use AI regularly to those using its apps.

The latest Opera announcement involves the company’s Android browser, which just received an important update that adds Image Generation and a few other AI-related features.

After a trial run in beta, Opera has decided to incorporate image generation with Aria in the latest version of the Android browser. The new feature is powered by the Imagen2 image generation model from Google and is now available to all users.

To take advantage of the new functionality, users must ask Aria to generate whatever they wish, and the browser AI will create it. The images created can be further refined if they don’t match your initial description. Additionally, these images generated by the Ai can be copied to a clipboard, saved, shared with friends, and even set to be your device’s wallpaper.

Along with image generation, the latest Opera update brings AI to the newsfeed with Daily Roundups. Basically, AI is used to curate a selection of the most relevel news podcasts that you might be interested to listen to.

Unfortunately, Daily Roundups is only available in the United States at the moment. On the bright side, the new feature comes with AI-powered audio playback, allowing users to listen to articles on the go.

Last but not least, version 83 introduces an improved search view in News to allow users to find their preferred country. Also, 30 new languages are now supported in order to enable more local content.

And if you’re a football fan, Opera recently launched a suite of new features specifically designed around EURO 2024, including a live score carousel with in-depth statistics, match notification, as well as a dedicated newsfeed.


[ad_2]
Source link
1...747576...1,452Page 75 of 1,452