Apple may have killed wired earbuds on mainstream phones, but the premium IEM (in-ear monitor) market is still alive and kicking. Companies like Campfire Audio deliver some professional-quality IEMs that remind us why we still need wired headphones. The Campfire Audio Fathom is a new set of IEMs that would satisfy any audiophile.
If you’ve seen one pair of earbuds, you’ve seen them all, right? That’s not true. While much of the world has moved onto TWS earbuds, there are still companies out there that still offer wired solutions for their smaller monitors. If you’re an audiophile, then you know that wired is the way to go if you want superior audio quality.
Let’s not mince words; the Campfire Audio Fathom are a premium pair of headphones. As such, you’re going to be paying a premium price for them. Buying them will set you back $1,049. We’re talking about some seriously high-quality hardware, so if you’re going to pick up a pair, you’re getting your money’s worth.
What makes these IEMs worth a downpayment on a car? Well, let’s dive in.
The Campfire Audio Fathom are a pair of incredible IEMs
Sure, the price is punchy, but these IEMS pull through with both power and presentation. Let’s start off with the look of these things. Campfire Audio went for a certain aesthetic with the Fathom. These are gorgeous IEMs with their black casing. That’s juxtaposed to the rainbow PVD fasteners. You’ll see the rainbow metal around where you plug the headphones in and around the microphone holes.
This is a pair of beautiful IEMs, but they also have a premium build. Most headphones (especially your typical store-shelf headphones and earbuds) come with plastic casings. In the case of the Fathom, they have an anodized aluminum casing. This helps give them a more premium feeling in the hand. Along with that, the aluminum is more sturdy, so your IEMs are much more durable.
Internals
So, what precious innards is that aluminum casing protecting? Obviously, with a price tag of more than a grand, you’re dealing with some seriously high-quality tech. The Campfire Audio Fathom use a set of custom-tuned dual armature drivers. Each bud has several drivers, and they’ve all been assigned to a specific section of the frequency spectrum. So, rather than getting one driver that’s in charge of handling everything, you know that you’re getting drivers specially tuned to give each part of the spectrum attention.
While most IEMs use several drivers in each bud, the Fathom use a whopping six drivers in each bud. So, they cover the full frequency spectrum, which creates a much more detailed sound.
There are a pair of tweeters that handle the highs, a pair of mid-range drivers, and a pair of BA low-end woofers to handle the low-end. These, coupled with the overall shape of the casing help create an incredibly-detailed audio experience.
Specs
The Campfire Audio Fathom have a frequency response of 5Hz – 20kHz, which is pretty typical for most headphones on the market. They have an impedance of 1.7 Ohms @ 1 kHz. As for the SPL (Sound pressure level), we’re looking at 94 dB @ 1 kHz: 6.75 mVrms. Campfire Audio states that these IEMs produce less than 1% Total Harmony Distortion.
What comes in the box?
When you buy a pair, you’re getting eight Time Stream Cables, a handmade leather case, a small zipper case, a two-pocket IEM pouch, and an assortment of tips. You’ll get six marshmallow tips (Small, Medium, and Large) and six silicone tips (Small, Medium, and Large).
If you’re an audiophile looking for your next favorite pair of IEMs, then look no further than the new Campfire Audio Fathom.
The cybercriminal acting under the name “Sp1d3r” gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free.
When Malwarebytes Labs first learned about this data breach, it happened to be the first major event that was shared on the resurrected BreachForums, and someone acting under the handle “ShinyHunters” offered the full details (name, address, email, phone) of 560 million customers for sale.
The same data set was offered for sale in an almost identical post on another forum by someone using the handle “SpidermanData.” This could be the same person or a member of the ShinyHunters group.
Following this event, Malwarebytes Labs advised readers on how to respond and stay safe. Importantly, even when a breach isn’t a “breach”—in that immediate moment when the details have yet to be confirmed and a breach subject is readying its public statements—the very news of the suspected breach can be used by advantageous cybercriminals as a phishing lure.
“Ticketmaster will not respond to request to buy data from us.
They care not for the privacy of 680 million customers, so give you the first 1 million users free.”
The cybercriminals that are active on those forums will jump at the occasion and undoubtedly try to monetize those records. This likely means that innocent users that are included in the first million released records could receive a heavy volume of spam and phishing emails in the coming days.
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
Set up identity monitoring.Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Check your exposure
While matters are still unclear how much information was involved, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
In 2021, UNC3886, a suspected China nexus cyber espionage actor, was found to be targeting strategic organizations on a large scale, utilizing multiple vulnerabilities in FortiOS and VMware to install backdoors on the infected machines.
Fortinet and VMware have released patches to fix the vulnerabilities.
However, further investigations on the threat actor’s attack vector revealed the threat actor’s sophisticated, cautious, and evasive nature as they employed several layers of organized persistence over compromised machines.
This includes maintaining access to network devices, hypervisors, and virtual machines to gain alternative channel access.
Once they gained access to the compromised environment, they used publicly available rootkits for long-term persistence and also deployed malware to establish a connection with the C&C server.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
Further, they also extracted information from TACACS+ (Terminal Access Controller Access Control Server) authentication using custom malware.
Zero-Day Exploitation
According to the reports shared with Cyber Security News, the UNC3886 threat actor has been exploiting VMware vCenter vulnerability CVE-2023-34048 since 2021, which allows unauthenticated remote command execution on vulnerable vCenter machines.
Adding to this, there were several other vulnerabilities, such as:
CVE-2022-41328 – Path Traversal – used to download and execute backdoors on FortiGate devices
CVE-2022-22948 – Information Disclosure – Used to obtain encrypted credentials in vCenter’s postgresDB
CVE-2023-20867 – Authentication Bypass – Used to execute unauthenticated Guest operations from compromised ESXi host
CVE-2022-42475 – Heap-based Buffer Overflow – Used to execute unauthenticated arbitrary code or commands via specially crafted requests.
Further, several publicly available rootkits were used to establish long-term persistence. The rootkits used by UNC3886 are REPTILE, MEDUSA, and SEAELF.
REPTILE
This is an open-source linux rootkit that provides backdoor access to a system.
Additionally, this rootkit offered several functionalities, including actions like hiding files, processes, and network connections, the option to listen to specialized packets like TCP, UDP, or ICMP for activation, and an LKM launcher, which can be used to decrypt the actual kernel module code from the file and load it into memory.
Though this was an open-source rootkit, the threat actor made several code changes to customize it to their needs.
Most of the code changes were observed to be before version 2.1, introduced on March 1, 2020.
One of the important changes that was identified was inside the LKM launcher, which included a new function to daemonize a process.
MEDUSA And SEAELF
MEDUSA was another open-source rootkit that was implemented with dynamic linker hijacking via LD_PRELOAD.
The loader of MEDUSA was termed SEAELF. Two versions of MEDUSA were identified, both of which used XOR encryption keys to encrypt configuration strings.
Further, several additional changes were seen in the MEDUSA configuration, which can be used to create multiple MEDUSA artifacts.
Malware Usage
In addition to rootkits, the threat actor used several malware, such as MOPSLED and RIFLESPINE. MOPSLED is a shellcode-based modular backdoor that is capable of communicating over HTTP or a custom binary protocol over TCP to the C2.
The main core functionality of this backdoor was its capability to retrieve plugins from the C2 server, and it also uses the ChaCha20 encryption algorithm.
Moreover, UNC3886 was found to be using a Linux variant of this backdoor to deploy on vCenter servers and on some compromised endpoints that already had REPTILE installed.
RIFLESPINE is another cross-platform backdoor that uses Google Drive to transfer files and execute commands.
This backdoor uses CryptoPP library to implement the AES algorithm to encrypt the data transmitted between the compromised machine and the threat actor.
The deployment of this backdoor starts with creating an encrypted file on Google Drive with instructions to RIFLESPINE when getting executed on the compromised endpoint.
Further, the execution outputs will be encrypted, stored in a temporary file, and then uploaded to Google Drive again.
The instructions on the RIFLESPINE include the following:
Download the file with the get command.
Upload file with put command.
Set the next call out time in milliseconds with settime.
Execution of arbitrary commands with /bin/sh
Indicators Of Compromise
Filename
MD5
Family
Role
gl.py
381b7a2a6d581e3482c829bfb542a7de
UTILITY
install-20220615.py
876787f76867ecf654019bd19409c5b8
INSTALLER
lsuv2_nv.v01
827d8ae502e3a4d56e6c3a238ba855a7
ARCHIVE
payload1.v00
9ea86dccd5bbde47f8641b62a1eeff07
ARCHIVE
rdt
fcb742b507e3c074da5524d1a7c80f7f
ARCHIVE
sendPacket.py
129ba90886c5f5eb0c81d901ad10c622
UTILITY
sendPacket.py
0f76936e237bd87dfa2378106099a673
UTILITY
u.py
d18a5f1e8c321472a31c27f4985834a4
UTILITY
vmware_ntp.sh
4ddca39b05103aeb075ebb0e03522064
LAUNCHER
wp
0e43a0f747a60855209b311d727a20bf
GHOSTTOWN
UTILITY
aububbaditd
1d89b48548ea1ddf0337741ebdb89d92
LOOKOVER
SNIFFER
bubba_sniffer
ecb34a068eeb2548c0cbe2de00e53ed2
LOOKOVER
SNIFFER
ksbubba
89339821cdf6e9297000f3e6949f0404
MOPSLED.LINUX
BACKDOOR
ksbubba.service
c870ea6a598c12218e6ac36d791032b5
MOPSLED.LINUX
LAUNCHER
99-bubba.rules
1079d416e093ba40aa9e95a4c2a5b61f
REPTILE
LAUNCHER
admin
ed9be20fea9203f4c4557c66c5b9686c
REPTILE
BACKDOOR
authd
568074d60dd4759e963adc5fe9f15eb1
REPTILE
BACKDOOR
bubba
4d5e4f64a9b56067704a977ed89aa641
REPTILE
LAUNCHER
bubba_icmp
1b7aee68f384e252286559abc32e6dd1
REPTILE
BACKDOOR
bubba_loader
b754237c7b5e9461389a6d960156db1e
REPTILE
BACKDOOR
client
f41ad99b8a8c95e4132e850b3663cb40
REPTILE
BACKDOOR
dash
48f9bbdb670f89fce9c51ad433b4f200
REPTILE
LAUNCHER
listener
4fb72d580241f27945ec187855efd84a
REPTILE
BACKDOOR
packet
e2cdf2a3380d0197aa11ff98a34cc59e
REPTILE
CONTROLLER
authdd
fd3834d566a993c549a13a52d843a4e1
REPTILE.SHELL
BACKDOOR
authdd
4282de95cc54829d7ac275e436e33b78
REPTILE.SHELL
BACKDOOR
bubba_reverse
c9c00c627015bd78fda22fa28fd11cd7
REPTILE.SHELL
BACKDOOR
unknown
047ac6aebe0fe80f9f09c5c548233407
REPTILE.SHELL
BACKDOOR
usbubbaxd
bca2ccff0596a9f102550976750e2a89
RIFLESPINE
BACKDOOR
audit
3a8a60416b7b0e1aa5d17eefb0a45a16
TINYSHELL
CONTROLLER
lang_ext
6e248f5424810ea67212f1f2e4616aa5
TINYSHELL
BACKDOOR
sync
5d232b72378754f7a6433f93e6380737
TINYSHELL
CONTROLLER
x64
3c7316012cba3bbfa8a95d7277cda873
VIRTUALGATE
DROPPER
ndc4961
9c428a35d9fc1fdaf31af186ff6eec08
VIRTUALPEER
UTILITY
lsu_lsi_.v05
2716c60c28cf7f7568f55ac33313468b
VIRTUALPIE
ARCHIVE
vmsyslog.py
61ab3f6401d60ec36cd3ac980a8deb75
VIRTUALPIE
BACKDOOR
vmware_local.sh
bd6e38b6ff85ab02c1a4325e8af29ce4
VIRTUALPIE
LAUNCHER
cleanupStatefulHost.sh
9ef5266a9fdd25474227c3e33b8e6d77
VIRTUALPITA
LAUNCHER
client
a7cd7b61d13256f5478feb28ab34be72
VIRTUALPITA
BACKDOOR
duci
cd3e9e4df7e607f4fe83873b9d1142e3
VIRTUALPITA
BACKDOOR
payload1
62bed88bd426f91ddbbbcfcd8508ed6a
VIRTUALPITA
ARCHIVE
rdt
8e80b40b1298f022c7f3a96599806c43
VIRTUALPITA
BACKDOOR
rhttpproxy
c9f2476bf8db102fea7310abadeb9e01
VIRTUALPITA
BACKDOOR
rhttpproxy-IO
2c28ec2d541f555b2838099ca849f965
VIRTUALPITA
BACKDOOR
rpci
2bade2a5ec166d3a226761f78711ce2f
VIRTUALPITA
BACKDOOR
ssh
969d7f092ed05c72f27eef5f2c8158d6
VIRTUALPITA
BACKDOOR
nds4961l.so
084132b20ed65b2930129b156b99f5b3
VIRTUALSHINE
BACKDOOR
Network-Based Indicators
IPv4
ASN
Netblock
8.222.218.20
45102
Alibaba
8.222.216.144
45102
Alibaba
8.219.131.77
45102
Alibaba
8.219.0.112
45102
Alibaba
8.210.75.218
45102
Alibaba
8.210.103.134
45102
Alibaba
47.252.54.82
45102
Alibaba
47.251.46.35
45102
Alibaba
47.246.68.13
45102
Alibaba
47.243.116.155
45102
Alibaba
47.241.56.157
45102
Alibaba
45.77.106.183
20473
Choopa, LLC
45.32.252.98
20473
Choopa, LLC
207.246.64.38
20473
Choopa, LLC
149.28.122.119
20473
Choopa, LLC
155.138.161.47
20473
Gigabit Hosting Sdn Bhd
154.216.2.149
55720
Gigabit Hosting Sdn Bhd
103.232.86.217
55720
Gigabit Hosting Sdn Bhd
103.232.86.210
55720
Gigabit Hosting Sdn Bhd
103.232.86.209
55720
Gigabit Hosting Sdn Bhd
58.64.204.165
17444
HKBN Enterprise Solutions Limited
58.64.204.142
17444
HKBN Enterprise Solutions Limited
58.64.204.139
17444
HKBN Enterprise Solutions Limited
165.154.7.145
135377
Ucloud Information Technology Hk Limited
165.154.135.108
135377
Ucloud Information Technology Hk Limited
165.154.134.40
135377
Ucloud Information Technology Hk Limited
152.32.231.251
135377
Ucloud Information Technology Hk Limited
152.32.205.208
135377
Ucloud Information Technology Hk Limited
152.32.144.15
135377
Ucloud Information Technology Hk Limited
152.32.129.162
135377
Ucloud Information Technology Hk Limited
123.58.207.86
135377
Ucloud Information Technology Hk Limited
123.58.196.34
135377
Ucloud Information Technology Hk Limited
118.193.63.40
135377
Ucloud Information Technology Hk Limited
118.193.61.71
135377
Ucloud Information Technology Hk Limited
118.193.61.178
135377
Ucloud Information Technology Hk Limited
FreeWebinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
It seems like Elon Musk is convinced this is the future we’re looking at. Brain chips will become the norm based on what he said. The reactions to the first brain chip implant were… colorful, let’s just say that.
People are very skeptical about all this, which is unsurprising
People are very skeptical when it comes to allowing a company plan a chip inside their brain. There’s no need to explain why that is. So it’s hard to imagine that it will become the norm, but Musk certainly believes it will.
That brain chip allowed Noland Arbaugh, Neuralink’s first human test subject, to play chess by using his brain. Chess is something he always loved to do, but was unable to due to his accident that happened 8 years ago.
The potential of brain chips is vast, of course, but it’s a touchy subject for many. People certainly won’t be running to get the same treatment anytime soon. Who knows what will happen down the line, though. The future is uncertain in so many ways and impossible to predict.
Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as an executable disguised as a Word document attached to phishing emails.
It uses evasion techniques to avoid detection and analysis. Then it downloads a malicious payload through an HTTPS request, as the loader is signed with an expired legitimate certificate or a self-signed certificate issued by the C&C server.
WeChat code never executed.
SquidLoader is a malicious loader that executes a decoy file pretending to be a Word document, containing obfuscated code referencing popular software products like WeChat or mingw-gcc, to mislead security researchers.
Despite the decoy code, the real malicious code is delivered through the HTTPS body in the response and XOR-decrypted for execution.
The loader doesn’t have persistence itself, but the second-stage payload (Cobalt Strike) can achieve persistence on the victim machine.
Alert generated by malicious code.
Techniques For The Defense Evasion:
SquidLoader utilizes various obfuscation techniques to hinder analysis and employs pointless instructions like “pause” or “mfence” to bypass emulators potentially.
Encrypted code sections are decrypted with a single-byte XOR and include decoy instructions.
In-stack encrypted strings are decrypted with a multibyte XOR key when needed, where jumps are crafted to land in the middle of instructions, confusing disassemblers.
Overall, these techniques aim to hide malicious code within legitimate functions and make analysis more difficult.
Fixed function parsing by IDA
It employs multiple obfuscation techniques to hinder analysis and manipulates the stack to overwrite the return address with the shellcode address.
Control flow is obfuscated using infinite loops and a complex switch statement that makes execution order unpredictable, while debuggers are detected by checking for specific processes, debugger objects, and kernel debuggers.
The malware also checks for the presence of certain files and performs its own syscalls through wrappers to bypass potential hooks, making it difficult to understand the malware’s functionality and purpose.
Code modifications after a debugger is detected
The analysis report by Level Blue details a Cobalt Strike loader that utilizes a custom communication protocol with the C&C server, where the loader fetches a single payload that leverages a configuration obfuscation technique similar to the loader itself.
The payload communicates with the C&C server using HTTPS requests with custom headers to perform actions like initial connection, system information exfiltration, and receiving tasks, where the exfiltrated data is encrypted with a custom bitwise operation-based algorithm.
C&C request sample.
To evade detection, the malware employs Win32 API obfuscation with dynamic resolution for position-independent execution and builds an in-memory table storing API function addresses.
Instead of raw addresses, it stores a transformed value using a bitwise operation: the bitwise NOT of the lower DWORD ANDed with 0xCAFECAFE, OR’ed with the address itself ANDed with 0xFFFFFFFF35013501.
Before calling the functions, the malware undoes this transformation to retrieve the correct addresses for a successful API call.
FreeWebinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The Shark AI Ultra (AV2511AE) robot vacuum is currently on sale over at Amazon for a whopping 50% off right now. That’s going to bring the price down to just $299. And makes it a really good value now, almost a no-brainer purchase.
This incredible robot vacuum from Shark is able to pick up just about anything that might be on your floors, with Shark claiming 50% better edge cleaning when compared to the RV2502AE model. The incredible suction also makes the Shark AI Ultra a perfect robot vacuum for pets in homes. It’s able to get up all of that pet hair, even the most stubborn of pet hair. The HEPA filtration is also a good feature to have, especially for those with allergies.
Shark uses 360-degree LiDAR vision to quickly and accurately map out your home. This allows the robot vacuum to methodically clean and detect and avoid objects that are in its path. It’s also able to adapt to day or night, so even with not much light, it can clean your home with ease.
Finally, we can’t forget about the docking station. Like most newer robot vacuums, the Shark AI Ultra also has an auto-empty dock. This actually comes in two models – a 45-day capacity and a 60-day capacity – currently, the 60-day capacity is actually much cheaper. So that’s our pick for this one. That means it can vacuum your home every day for 60 days before it needs to be emptied. That’s not too shabby.
All in all, this is a pretty impressive robot vacuum that you can pick up at home for not a lot of money.
Hackers target vaults, buckets, and secrets to access some of the most classified and valuable information, including API keys, logins, and other useful data kept within these storage solutions.
These storage solutions’ centralized and often inadequately protected nature makes them exceptional targets for the threat actors.
Cybersecurity analysts at DATADOG Security Labs discovered that hackers have been attacking the vaults, buckets, and secrets to steal data.
Hackers Attacking AWS Vaults
From 2024-05-23 to 2024-05-27, analysts detected abnormal behavior in a client’s AWS during threat hunting. IP 148[.]252.146.75 attempted ListSecrets and ListVaults API calls.
Enriched as a potential UK Vodafone residential proxy. Activity in another AWS included ListBuckets to enumerate S3 buckets, then ListObjects on available buckets – automated per event times.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
No GetSecretValue, BatchGetSecretValue, or GetObject were observed despite the S3 data events that were enabled. While the reasons are:-
Broad automated campaign assessing available data before exfiltration
or
Testing AWS identity access level for resale value determination
First, the attacker was observed targeting the S3 Glacier vault backup data. After failed enumeration, subsequent InitiateJob calls were expected to retrieve the vault archive list and specific archive, then GetJobOutput to download.
Attackers commonly mask location using VPNs like free Cloudflare WARP, whose AWS API calls may seem less suspicious than other VPN providers.
Attack chain (Source – DATADOG Security Labs)
The requests-auth-aws-sigv4 Python library likely generated the identified user agent for manually signing AWS API requests, unlike typical AWS CLI or Boto3 SDK usage, which handles Sigv4 signing automatically.
Manually managing to sign provides no real advantage but could indicate suspicious activity if unexpected in your environment.
Recommendations
Researchers recommend detection and response teams closely examine this campaign due to the potentially severe operational impact of the exfiltration of production LLM data and resources from your cloud environment.
Here below, we have mentioned all the detection opportunities:-
Utilize IoCs to detect specific campaigns.
Enrich CloudFlare IPs if expected API calls.
Multiple regions ListSecret/ListVault in a short period.
17 regions under 1 minute in observed data.
Spikes in AccessDenied for ListSecrets, ListBuckets, ListObjects, ListVaults.
Suspicious AccessDenied spikes indicate a lack of proper permissions.
FreeWebinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The Galaxy Z Fold 6 dummy images surfaced several times thus far, but not a single one gave us a good look at the display crease. Those dummy units are allegedly very precise, and that includes the display crease.
The display crease on the Galaxy Z Fold 6 & Flip 6 is not exactly flattering
If you take a look at the images in the gallery below, you’ll see a significant display crease on both devices. The Galaxy Z Fold 6 seemingly has an even bigger “problem” with that than the Flip 6, as rumors indicated.
There are a number of phones out there that have less pronounced creases
Various other smartphone OEMs managed to tone down the crease significantly. That doesn’t seem to be the case for Samsung, though. The crease is still very much pronounced here. Well, we’ll see if the real products will be the same in that regard.
Based on these dummy units, which come in two colors, the Galaxy Z Fold 6 won’t be that thin either. The Galaxy Z Fold 5 is nowhere as thin as the HONOR Magic V2 for example, nor the OnePlus Open.
If you were hoping to see some significant changes in that regard, well, that won’t be the case, it seems. The Galaxy Z Fold 6 will have three vertically-aligned cameras on the back. It will look similar to its predecessor.
The Galaxy Z Flip 6 will still have two cameras on the back, as does the Flip 5. Both phones will be made out of metal and glass. Both of them will launch on July 10. That’s when Samsung’s second Unpacked event of the year will take place. That is still unofficial, but several sources confirmed it.
TikTok and its Chinese parent company ByteDance have filed a brief spelling out their lawsuit against the US government over the proposed ban. Filed in the US Court of Appeals for the D.C. Circuit, the brief calls the newly passed law to ban the app unconstitutional and a restriction on freedom of speech. A group of TikTok creators, who have separately sued the US government over the same matter, also filed a similar appeal.
TikTok and TikTok creators appeal in court against the US ban law
After mulling over it for years, the US government finally framed a law to ban TikTok. President Joe Biden signed the law on April 24, just a day after the Senate passed it. American lawmakers have national security concerns with the platform over its potential ties with the Chinese government, which the firm has always denied. TikTok has until January 19, 2025, to either sell its US operations or face a nationwide ban and exit the country.
Unsurprisingly, the company disagrees with the US government’s decision and has challenged the law in court. It filed a lawsuit seeking a ruling that blocks the law. A group of US-based TikTok creators who earn their livelihood from the app also filed a similar lawsuit. All of them argue that the proposed ban violates the First Amendment rights of Americans. They called the law an attempt to put an “extraordinary restraint on speech.”
The plaintiffs have now filed briefs doubling down on their arguments, providing the court with more evidence supporting their case. TikTok says the US government didn’t consider other options and rapidly moved forward with a law to ban the app. The firm adds that it provided American lawmakers “with an extensive and detailed plan to mitigate national security risks” but they ignored it and passed the law in a hurry.
“Never before has Congress expressly singled out and shut down a specific speech forum,” TikTok’s newly filed brief laments Congress for an unconstitutional law. “Never before has Congress silenced so much speech in a single act,” the brief continues in the same tone. “Congress gave this Court almost nothing to review. Congress enacted no findings, so there is no way to know why majorities of the House and Senate decided to ban TikTok.”
Oral arguments in the case will begin in September
The court will hear oral arguments in TikTok’s lawsuit against the US government’s ban law on September 16, 2024. Both parties have asked the court to expedite the case and announce its ruling by the first week of December. This is to ensure that TikTok gets enough time to appeal to the Supreme Court review if needed. As said earlier, the firm has until January 19, 2025, to finalize its next steps, whether to sell the app or exit the US.
President Joe Biden can extend the deadline, though. He may do that if he sees enough progress toward a divesture. However, it won’t be easy for ByteDance to sell TikTok’s US arm unless it decides to give the platform away cheaply. There aren’t many buyers who might be willing to spend billions of dollars on TikTok without getting access to its coveted recommendation algorithm, the key to its success.
A Chinese export law reportedly blocks the sale of the platform’s recommendation algorithm. So any buyer might have to develop a fresh algorithm from scratch, which could severely impact the user experience. TikTok has already denied that it is developing a US-only algorithm for a possible sale. For the time being, it is seemingly focused on blocking the law and living on to see more success in the US. Its newly filed brief contains hundreds of pages of communications with the US lawmakers explaining its measures to mitigate national security concerns. Time will tell what the court decides.
Microsoft is rolling out a new update that brings a feature that many Android users will want to take advantage of: the ability to extract text from the images stored on their phones.
The folks at Windows Latest report that the OCR (optical character recognition) is now making its way to all Windows 11 users after about one month spent in beta testing where only members of the Windows Insider Program had access to it.
Although Microsoft initially called the feature “Scan Text,” but it’s now labeled simply as “Text.” Regardless of how it’s called, it uses the same technology as the traditional OCR, so if you’d like to try it out, you’ll have to update Phone Link to the latest version (1.24052.124.0).
Unfortunately, it appears that the feature only works well with English texts. If you’re trying to extract text from other languages, you’ll notice that it’s not as accurate.
Microsoft claims that its OCR-like feature should work with multiple languages, but that seems to be false at the moment. Even so, having the ability to save text from an image in a sperate document can be invaluable sometimes, even the feature is limited to English language.
Keep in mind that you can bring up the ability to extract text from images stored on your Android phone by simply using the dedicated shortcut: Ctrl + T.
.webp)
.webp)
.webp)
.webp)
.webp)
