Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Apple. Show all posts
user consent
Apple CMA Cookies Digital Advertising Google Privacy user consent

Google Backtracks on Cookie Phaseout: What It Means for Users and Advertisers


 

In a surprising announcement, Google confirmed that it will not be eliminating tracking cookies in Chrome, impacting the browsing experience of 3 billion users. The decision came as a shock as the company struggled to find a balance between regulatory demands and its own business interests.

Google’s New Approach

On July 22, Google proposed a new model that allows users to choose between tracking cookies, Google’s Topics API, and a semi-private browsing mode. This consent-driven approach aims to provide users with more control over their online privacy. However, the specifics of this model are still under discussion with regulators. The U.K.’s Competition and Markets Authority (CMA) expressed caution, stating that the implications for consumers and market outcomes need thorough consideration.

Privacy Concerns and Industry Reaction

Privacy advocates are concerned that most users will not change their default settings, leaving them vulnerable to tracking. The Electronic Frontier Foundation (EFF) criticised Google’s Privacy Sandbox initiative, which was intended to replace tracking cookies but has faced numerous setbacks. The EFF argues that Google’s latest move prioritises profits over user privacy, contrasting sharply with Apple’s approach. Apple’s Safari browser blocks third-party cookies by default, and its recent ad campaign highlighted the privacy vulnerabilities of Chrome users.

Regulatory and Industry Responses

The CMA and the U.K.’s Information Commissioner expressed disappointment with Google’s decision, emphasising that blocking third-party cookies would have been a positive step for consumer privacy. Meanwhile, the Network Advertising Initiative (NAI) welcomed Google’s decision, suggesting that maintaining third-party cookie support is essential for competition in digital advertising.

The digital advertising industry may face unintended consequences from Google’s shift to a consent-driven privacy model. This approach mirrors Apple’s App Tracking Transparency, which requires user consent for tracking across apps. Although Google’s new model aims to empower users, it could lead to an imbalance in data access, benefiting large platforms like Google and Apple.

Apple vs. Google: A Continuing Saga

Apple’s influence is evident throughout this development. The timing of Apple’s privacy campaign, launched just days before Google’s announcement, underscores the competitive dynamics between the two tech giants. Apple’s App Tracking Transparency has already disrupted Meta’s business model, and Google’s similar approach may further reshape the infrastructure of digital advertising.

Google’s Privacy Sandbox has faced criticism for potentially enabling digital fingerprinting, a concern Apple has raised. Despite Google’s defense of its Topics API, doubts about the effectiveness of its privacy measures persist. As the debate continues, the primary issue remains Google’s dual role as both a guardian of user privacy and a major beneficiary of data monetisation.

Google’s decision to retain tracking cookies while exploring a consent-driven model highlights the complex interplay between user privacy, regulatory pressures, and industry interests. The outcome of ongoing discussions with regulators will be crucial in determining the future of web privacy and digital advertising.



Read more »
Safari
Apple Google Chrome Online Tracking Privacy Safari

Apple Warns iPhone Users to Avoid Google Chrome

 



The relationship between Apple and Google has always been complex, and recent developments have added another layer to this rivalry. Apple has launched a new ad campaign urging its 1.4 billion users to stop using Google Chrome on their iPhones. This move comes as Google attempts to convert Safari users to Chrome, amidst growing scrutiny of its financial arrangements with Apple regarding default search settings.

The Financial Dynamics Behind Safari and Chrome

Google relies heavily on Safari to drive search requests from iPhones, thanks to a lucrative deal making Google the default search engine on Safari. However, this arrangement is under threat from monopoly investigations in the US and Europe. To counter this, Google is pushing to increase Chrome's presence on iPhones, aiming to boost its install base from 30% to 50%, capturing an additional 300 million users.

Apple's new campaign focuses on privacy, highlighting Chrome's vulnerabilities in this area. Despite Google's claims of enhanced privacy, tracking cookies remains an issue, and recent reports suggest that Google collects device data from Chrome users through an undisclosed setting. Apple's advertisements, including billboards promoting Safari's privacy features, emphasise that users concerned about online privacy should avoid Chrome.

In its latest video ad, Apple draws inspiration from Hitchcock's "The Birds" to underscore the threat of online tracking. The ad's message is clear: to avoid being watched online, use Safari instead of Chrome. This campaign is not about convincing Android users to switch to iPhones but about keeping iPhone users within Apple's ecosystem.

Despite Apple's push for Safari, the reality is that many users prefer Google Search. Reports indicate that Apple itself has found Google Search to be superior to alternatives. Even if Google is dropped as the default search engine on Safari, users can still set it manually. The question remains whether Google will offer advanced AI search features on Chrome that are unavailable on other browsers.

This battle between Safari and Chrome is just beginning. As Apple fights to retain its 300 million Safari users, the competition with Google will likely intensify. Both companies are navigating a rapidly changing landscape where privacy, user preferences, and regulatory pressures play defining roles. For now, Apple is betting on its privacy-focused message to keep users within its ecosystem, but the outcome of this struggle remains to be seen.


Read more »
Spyware
Apple Cyber Security data security iPhone Hacks Mobile Hacking Mobile Spyware Pegasus Pegasus Spyware Spyware

Apple Alerts Pegasus-like Attack on Indian Activists and Leaders

 

On July 10, two individuals in India received alarming notifications from Apple, Inc. on their iPhones, indicating they were targeted by a “mercenary” attack. This type of spyware allows attackers to infiltrate personal devices, granting access to messages, photos, and the ability to activate the microphone and camera in real time. Apple had previously described these as “state-backed” attacks but revised the terminology in April. 

Iltija Mufti, political adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of the Samruddha Bharat Foundation, reported receiving these alerts. Both Mufti and Deshpande confirmed to The Hindu that they had updated their phones and planned to have them forensically examined. A spokesperson for Apple in India did not provide an immediate comment. 

Although the alert did not specifically mention state involvement, it cited Pegasus spyware as an example. Pegasus, developed by the Israeli NSO Group Technologies, is exclusively sold to governments. The Indian government has not confirmed or denied using Pegasus and declined to participate in a Supreme Court-ordered probe into its deployment. This is the first instance in months where such spyware alerts have been issued. 

The last known occurrence was in October, when Apple devices belonging to Siddharth Varadarajan of The Wire and Anand Mangnale of the Organized Crime and Corruption Report Project received similar warnings. Forensic analysis later confirmed they were targeted using vulnerabilities exploited by Pegasus clients. Both Mufti and Deshpande criticized the Union government, accusing it of using Pegasus. Mufti stated on X (formerly Twitter), “BJP shamelessly snoops on women only because we refuse to toe their line,” while Deshpande highlighted the government’s misplaced priorities, focusing on deploying Pegasus rather than addressing India’s significant challenges. 

An international investigation in 2021 by the Forbidden Stories collective exposed widespread targeting of civil society organizations, opposition politicians, and journalists with Pegasus spyware. The Indian government denied illegal activity but did not clearly confirm or deny the use of Pegasus. Alleged targets included Rahul Gandhi, former Election Commissioner Ashok Lavasa, student activist Umar Khalid, Union Minister Ashwini Vaishnaw, the Dalai Lama’s entourage, and individuals implicated in the 2018 Bhima Koregaon violence.
Read more »
Telecom
AI Apple ChatGPT Technology Telecom

From Siri to 5G: AI’s Impact on Telecommunications

From Siri to 5G: AI’s Impact on Telecommunications

The integration of artificial intelligence (AI) has significantly transformed the landscape of mobile phone networks. From optimizing network performance to enhancing user experiences, AI plays a pivotal role in shaping the future of telecommunications. 

In this blog post, we delve into how mobile networks embrace AI and its impact on consumers and network operators.

1. Apple’s AI-Powered Operating System

Apple, a tech giant known for its innovation, recently introduced “Apple Intelligence,” an AI-powered operating system. The goal is to make iPhones more intuitive and efficient by integrating AI capabilities into Siri, the virtual assistant. Users can now perform tasks more quickly, receive personalized recommendations, and interact seamlessly with their devices.

2. Network Optimization and Efficiency

Telecom companies worldwide are leveraging AI to optimize mobile phone networks. Here’s how:

  • Dynamic Frequency Adjustment: Network operators dynamically adjust radio frequencies to optimize service quality. AI algorithms analyze real-time data to allocate frequencies efficiently, ensuring seamless connectivity even during peak usage.
  • Efficient Cell Tower Management: AI helps manage cell towers more effectively. During low-demand periods, operators can power down specific towers, reducing energy consumption without compromising coverage.

3. Fault Localization and Rapid Resolution

AI-driven network monitoring has revolutionized fault localization. For instance:

  • Korea Telecom’s Quick Response: In South Korea, Korea Telecom uses AI algorithms to pinpoint network faults within minutes. This rapid response minimizes service disruptions and enhances customer satisfaction.
  • AT&T’s Predictive Maintenance: AT&T in the United States relies on predictive AI models to anticipate network issues. By identifying potential problems before they escalate, they maintain network stability.

4. AI Digital Twins for Real-Time Monitoring

Network operators like Vodafone create AI digital twins—virtual replicas of real-world equipment such as masts and antennas. These digital twins continuously monitor network performance, identifying anomalies and suggesting preventive measures. As a result, operators can proactively address issues and maintain optimal service levels.

5. Data Explosion and the Role of 5G

The proliferation of AI generates massive data. Consequently, investments in 5G Standalone (SA) networks have surged. Here’s why:

  • Higher Speeds and Capacity: 5G SA networks offer significantly higher speeds and capacity compared to the older 4G system. This is essential for handling the data influx from AI applications.
  • Edge Computing: 5G enables edge computing, where AI processing occurs closer to the user. This reduces latency and enhances real-time applications like autonomous vehicles and augmented reality.

6. Looking Ahead: The Quest for 6G

Despite 5G advancements, experts predict that AI’s demands will eventually outstrip its capabilities. Anticipating this, researchers are already exploring 6G technology, expected around 2028. 6G aims to provide unprecedented speeds, ultra-low latency, and seamless connectivity, further empowering AI-driven applications.

Read more »
Technology
AI Privacy AI technology Apple Apple security features Cloud Computing Cloud technology LLM Technology

Apple's Private Cloud Compute: Enhancing AI with Unparalleled Privacy and Security

 

At Apple's WWDC 2024, much attention was given to its "Apple Intelligence" features, but the company also emphasized its commitment to user privacy. To support Apple Intelligence, Apple introduced Private Cloud Compute (PCC), a cloud-based AI processing system designed to extend Apple's rigorous security and privacy standards to the cloud. Private Cloud Compute ensures that personal user data sent to the cloud remains inaccessible to anyone other than the user, including Apple itself. 

Apple described it as the most advanced security architecture ever deployed for cloud AI compute at scale. Built with custom Apple silicon and a hardened operating system designed specifically for privacy, PCC aims to protect user data robustly. Apple's statement highlighted that PCC's security foundation lies in its compute node, a custom-built server hardware that incorporates the security features of Apple silicon, such as Secure Enclave and Secure Boot. This hardware is paired with a new operating system, a hardened subset of iOS and macOS, tailored for Large Language Model (LLM) inference workloads with a narrow attack surface. 

Although details about the new OS for PCC are limited, Apple plans to make software images of every production build of PCC publicly available for security research. This includes every application and relevant executable, and the OS itself, published within 90 days of inclusion in the log or after relevant software updates are available. Apple's approach to PCC demonstrates its commitment to maintaining high privacy and security standards while expanding its AI capabilities. By leveraging custom hardware and a specially designed operating system, Apple aims to provide a secure environment for cloud-based AI processing, ensuring that user data remains protected. 

Apple's initiative is particularly significant in the current digital landscape, where concerns about data privacy and security are paramount. Users increasingly demand transparency and control over their data, and companies are under pressure to provide robust protections against cyber threats. By implementing PCC, Apple not only addresses these concerns but also sets a new benchmark for cloud-based AI processing security. The introduction of PCC is a strategic move that underscores Apple's broader vision of integrating advanced AI capabilities with uncompromised user privacy. 

As AI technologies become more integrated into everyday applications, the need for secure processing environments becomes critical. PCC's architecture, built on the strong security foundations of Apple silicon, aims to meet this need by ensuring that sensitive data remains private and secure. Furthermore, Apple's decision to make PCC's software images available for security research reflects its commitment to transparency and collaboration within the cybersecurity community. This move allows security experts to scrutinize the system, identify potential vulnerabilities, and contribute to enhancing its security. Such openness is essential for building trust and ensuring the robustness of security measures in an increasingly interconnected world. 

In conclusion, Apple's Private Cloud Compute represents a significant advancement in cloud-based AI processing, combining the power of Apple silicon with a specially designed operating system to create a secure and private environment for user data. By prioritizing security and transparency, Apple sets a high standard for the industry, demonstrating that advanced AI capabilities can be achieved without compromising user privacy. As PCC is rolled out, it will be interesting to see how this initiative shapes the future of cloud-based AI and influences best practices in data security and privacy.
Read more »
Technology
Apple Apple Intelligence Iphone15 Private Cloud Technology

Apple Introduces Exclusive AI Features for Newest Devices


 

Apple's WWDC 2023 brought exciting news for tech enthusiasts: the introduction of Apple Intelligence, a groundbreaking AI system. However, if you're eager to try out these new features, you'll need the latest devices.

Apple Intelligence features will be exclusively available on the iPhone 15 Pro and iPhone 15 Pro Max, equipped with the A17 Pro chip. These models are the only iPhones currently confirmed to support these advanced AI capabilities, suggesting that future models like the anticipated iPhone 16 Pro might also include these features. This exclusivity highlights Apple’s strategy to incentivize users to upgrade to their latest hardware to access the most advanced functionalities.


Compatibility Across iPads and Macs

The AI features are not confined to iPhones. Apple Intelligence will also be accessible on several iPad and Mac models, specifically those with an M1 chip or newer. The list of compatible devices includes:

- iPad Pro and iPad Air (M1 and newer)

- MacBook Pro (M1 and newer)

- MacBook Air (M1 and newer)

- iMac (M1 and newer)

- Mac mini (M1 and newer)

- Mac Pro (M2 Ultra and newer)

- Mac Studio (M1 Max and newer)

Apple plans to offer AI features through cloud processing for those with older devices. However, this method will limit the on-device functionality compared to what’s available on newer chipsets, reinforcing the superior performance of the latest models.

Benefits and Features of Apple Intelligence

Apple Intelligence is a sophisticated personal intelligence system designed to enhance user experience across iPhone, iPad, and Mac. Integrated into iOS 18, iPadOS 18, and macOS Sequoia, it combines generative models with personal context to offer highly tailored and efficient intelligence. This system can understand and generate both language and images, perform actions across various apps, and use personal context to streamline daily tasks. Examples include suggesting replies in messages, organizing photos, and assisting in drafting documents based on user habits and preferences.

One of the standout features of Apple Intelligence is Private Cloud Compute. This technology balances on-device processing and powerful server-based models, running on dedicated Apple Silicon servers. This approach allows Apple to maintain robust performance while upholding its strict privacy standards. By splitting computational tasks between the device and the server, Apple ensures user privacy is never compromised, even when leveraging extensive server-based computations.

To fully experience the capabilities of Apple Intelligence, users will need to upgrade to the iPhone 15 Pro or iPhone 15 Pro Max. While some AI features will be available on older devices through cloud processing, the most advanced capabilities will be reserved for those with the latest hardware. This move by Apple emphasises its commitment to pushing the boundaries of technology while maintaining its renowned privacy standards.


Read more »
Technology Upgrade
AI Apple Cyber Attacks CyberCrime Cybersecurity Developers iOS Technology Upgrade

Apple's AI Features Demand More Power: Not All iPhones Make the Cut

 


A large portion of Apple's developer conference on Monday was devoted to infusing artificial intelligence (AI) technology into its software. Some of the features Apple has rumoured to incorporate are not expected to work on all iPhones. If you read this article correctly, it sounds as if Apple is betting its long-awaited AI features will be enough to make you upgrade your iPhone — especially if the AI requires the latest smartphone. The annual developer conference of Apple, WWDC, is expected to take place on Monday with the announcement of iOS 18. 

According to Bloomberg, the company will release a new version of its artificial intelligence software, dubbed "Apple Intelligence," which will include features that will run directly on the iPhone's processor instead of being powered by cloud servers - in other words, they'll be powered directly from the device itself. According to the report, some of the AI services will still utilize cloud-based computing, however, many won't. The iPhone, iOS18, as well as any of Apple's other products and devices, are set to be updated, and anything short of a full array of AI-based features will likely disappoint developers and industry analysts, not to mention investors, with any changes Apple makes to its operating system. 

The company has turned to artificial intelligence (AI) as a way to revive its loyal fan base of over 1 billion customers and reverse the decline of its best-selling product in the face of choppy consumer spending and resurgent tech rivals. A key selling point that Apple uses to differentiate itself from its competitors is the fact that it is committed to privacy. There are still questions to be answered in regards to how Federighi will make sure that the personal context of a user will be shared across multiple devices belonging to the same user. 

However, he said that all data will be processed on-device and will never be shared across cloud servers. It is widely believed that the move by Apple was an evolution of the generative AI domain that would lead to the adoption of generative AI by enterprises by streamlining the best practices for AI privacy in the industrial sector. Analysts said that the software is likely to encourage a cascade of new purchases, as it requires at least an iPhone 15 or 15 Pro to be able to function. It has been predicted that we will likely see Apple's most significant upgrade cycle since the launch of the iPhone 12 in 2020, when 5G connectivity was part of the appeal for consumers for the device. 

A study from Apple analyst Ming-Chi Kuo published on Medium has claimed that the amount of on-board memory in the forthcoming iPhone 16 range, which is predicted to have 8GB of storage, may not be enough to be able to fully express the large language model (LLM) behind Apple's artificial intelligence (AI). It has been argued by analyst Kuo in a recent post that the iPhone 16's 8GB DRAM limit will likely restrict on-device learning curves from exceeding market expectations. Kuo suggests that eager Apple fans might want to temper their expectations before WWDC this year. 

Although this is true, Apple's powerful mobile chips and efficient iOS operating system can offer market-leading performance, regardless of how much RAM is available to them, on many of their previous iPhone models. As a result, memory has never been much of an issue on revious iPhone models. In the case of notoriously demanding AI tools, such as deep learning, however, the question becomes whether that level of complexity will still be applicable.

Several apps are set to feature AI technology, including Mail, Voice Memos, and Photos, as part of Apple's AI integration, but users will have to opt-in to use the features if they wish to use them. There were rumours that the company would deliver a series of features designed to simplify everyday tasks such as summarizing and writing emails, as well as suggesting custom emojis for emails. Moreover, Bloomberg reports that Siri is also going to undergo an AI overhaul to allow users to be able to do more specific tasks within apps, for instance, deleting an email inside an app will be one of these. According to The Information and Bloomberg, Apple has signed a deal with OpenAI to power some features, including a chatbot that is similar to ChatGPT, one of the most popular chatbots.
Read more »
Software
Apple Apple MacOS cryptocurrency malware Software

New MacOS Malware Steals Browser Data and Cryptocurrency

 



While malware attacks on Windows and Android systems are more frequent, macOS is not immune to such dangers. Cybersecurity experts at Moonlock Lab have identified a new type of macOS malware that adeptly avoids detection and poses a serious threat to user data and cryptocurrency.


How the Malware Spreads

The infection starts when users visit websites that offer pirated software. On these sites, they might download a file called CleanMyMacCrack.dmg, thinking it’s a cracked version of the CleanMyMac utility. However, launching this DMG file triggers a Mach-O executable, which then downloads an AppleScript. This script is specifically designed to steal sensitive information from the infected Mac.


Malware Capabilities

Once the malware infiltrates a macOS system, it can carry out a range of malicious activities:

  • It captures and stores the Mac user's username.
  •  The malware sets up temporary directories to store stolen information temporarily.
  •  It retrieves browsing history, cookies, saved passwords, and other data from different web browsers.
  •  The malware identifies and accesses directories containing cryptocurrency wallets.
  •  It copies data from the macOS keychain, Apple Notes, and Safari cookies.
  •  It gathers general user information, system specifications, and metadata.
  •  All the collected data is eventually exfiltrated to the attackers.


Link to a Known Hacker

Moonlock Lab has traced this macOS malware back to a notorious Russian-speaking hacker known as Rodrigo4. This individual has been seen on the XSS underground forum, where he is actively seeking collaborators to help spread his malware through search engine optimization (SEO) manipulation and online advertisements.

Rodrigo4's method involves manipulating search engine results and placing ads to lure unsuspecting users into downloading the malicious software. By making the malware appear as a popular utility, he increases the chances of users downloading and installing it, unknowingly compromising their systems.


How to Protect Yourself

To prevent this malware from infecting your Mac, Moonlock Lab recommends several precautions:

1. Only download software from reputable and trusted sources.

2. Regularly update your operating system and all installed applications.

3. Use reliable security software to detect and block malware.

The crucial point is users should be cautious about downloading software from unverified websites and avoid using pirated software, as these are common vectors for malware distribution. Staying informed about the latest cybersecurity threats and adopting good digital hygiene practices can also drastically reduce the risk of infection.




Read more »
Technology
Apple CyberCrime Cybersecurity Cyberthreats Cyerattacks Data Safety iPhones Meta NVIDIA Technology

Nvidia Climbs to Second Place in Global Market Value, Surpassing Apple

 


This month, Nvidia has achieved a historic achievement by overtaking Apple to become the world's second most valuable company, a feat that has only been possible because of the overwhelming demand for its advanced chips that are used to handle artificial intelligence tasks. A staggering $1.8 trillion has been added to the market value of the Santa Clara, California-based company's shares over the past year, increasing its market value by a staggering 147% this year. 

Nvidia has achieved a market capitalisation of over $3 trillion as a result of this surge, becoming the first semiconductor company to achieve this milestone. The value of Nvidia's shares has skyrocketed over the past few years, making it the second most valuable company in the world and larger than Apple, thanks to its surge in value. As a consequence of the excitement regarding artificial intelligence, which is largely based on Nvidia chips, the company has seen its shares rise dramatically over the past few years.

The popularity of the company has resulted in it becoming the largest company in Silicon Valley, which has led it to replace Apple, which has seen its share price fall due to concerns regarding iPhone sales in China and other concerns. Several weeks from now, Nvidia will be split ten times for ten shares, a move that could greatly increase the appeal of its stock to investors on a personal level. Nvidia’s surge over Apple’s market value signals a shift in Silicon Valley, where the co-founded company by Steve Jobs has dominated the field since the iPhone was launched in 2007. While Apple gained 0.78 per cent, the world’s most valuable company, Microsoft gained 1.91 per cent in value. 

As a result of the company’s graphics processing units fuelling a boom in artificial intelligence (AI), Nvidia’s rally continues an extraordinary streak of gains for the company. There has been a 260 per cent increase in revenue for the company in recent years, as tech titans such as Microsoft, Meta, Google, and Amazon race to implement artificial intelligence. 

Last month, Nvidia announced a 10-for-1 stock split as a way of making stock ownership more accessible to employees and investors. In the first half of this year, Nvidia shares have more than doubled in value after almost tripling in value in 2023. With the implementation of the split on Friday, the company will be able to appeal to a larger number of small-time investors, as the company's shares will become even more attractive. 

As a consequence of Microsoft, Meta Platforms, and Alphabet, all of these major tech companies are eager to enhance their artificial intelligence capabilities, which is why Nvidia's stock price has surged 147% in 2024. According to recent revenue estimates, the company's stock has gained close to $150 million in market capitalisation in one day, which is more than the entire market capitalization of AT&T. As well as a 4.5% increase in the PHLX chip index, many companies have benefited from the current optimism surrounding artificial intelligence, including Super Micro Computer, which builds AI-optimized servers using Nvidia chips. 

During his visit to the Computex tech fair in Taiwan, former Taipei resident Jensen Huang, chairman & CEO of Nvidia, received extensive media coverage that highlighted both his influence on the company's growing importance as well as his association with the event. Compared to Apple, there are challenges facing Apple due to weak demand for iPhones in China and stiff competition from its Chinese competitors. According to some analysts, Apple misses out on incorporating AI features compared to other tech giants because the company has been so slow in incorporating them. 

According to LSEG data, Nvidia's stock trades today at 39 times expected earnings, but the stock is still considered less expensive than a year ago, when the stock traded at more than 70 times expected earnings, indicating it's less expensive than it used to be.
Read more »
Windows
Apple Critical Flaw iTunes Vulnerabilities and Exploits Windows

Apple Warns Windows Users: Critical Security Vulnerability in iTunes

Apple Warns Windows Users: Critical Security Vulnerability in iTunes

Apple confirms the finding of a critical security flaw in the iTunes program for Windows 10 and Windows 11 users, which could have allowed malicious attackers to execute code remotely at will.

Willy R. Vasquez, a security researcher at the University of Texas in Austin, uncovered the vulnerability, known as CVE-2024-27793. This vulnerability affects the CoreMedia framework, which processes media samples and manages media data queues in iTunes.

A major security flaw in the iTunes app for Windows 10 and Windows 11 users could have allowed malicious attackers to execute code remotely, Apple said in a support article published on May 8.

About CVE-2024-27793

Willy R. Vasquez, a Ph.D. scholar and security expert at The University of Texas at Austin, discovered CVE-2024-27793 and contributed sandboxing code to the Firefox 117 web browser. The vulnerability, rated critical by the Common Vulnerability Scoring System v3, affects the CoreMedia framework, which provides the media pipeline used to process media samples and handle batches of media information, says Apple.

The flaw allows an attacker to execute arbitrary code by sending a maliciously crafted request during the file processing. It is critical to highlight that the attacker does not need physical access to the Windows PC, as the exploitation can be carried out remotely. 

The vulnerability explained

The CVSS v3 critical grade of 9.1 out of 10 is mostly due to the potential for remote code execution. The basic root of the flaw was found as inadequate checks inside the CoreMedia framework component, which Apple fixed with enhanced checks in the most recent release.

Based on the Vulnerability Database resource, CVE-2024-27793 can be leveraged remotely without authentication, although successful exploitation requires human involvement. This interaction could include clicking a link or visiting a website where CoreMedia processes the malicious file

The ease of exploitation and potential impact of arbitrary code execution emphasize the seriousness of this issue. Users should upgrade their iTunes programs to the most recent version to protect themselves from any attacks exploiting this security weakness.

Protecting Your System

Here are some steps you can take to safeguard your system:

  • Update iTunes: Ensure that you’re running the latest version of iTunes. Apple’s security patches are typically included in software updates, so staying up-to-date is essential.
  • Be Cautious: Avoid clicking on suspicious links or visiting untrusted websites. Malicious actors often use social engineering tactics to trick users into interacting with harmful content.
  • Regular Backups: Regularly back up your data to an external drive or cloud storage. In case of a security breach, having backups ensures that you won’t lose critical files.
  • Use Antivirus Software: Install reputable antivirus software and keep it updated. Antivirus tools can detect and block known threats, providing an additional layer of defense.
Read more »
macOS
Apple Cyber Security iCloud iPhone macOS

Apple ID Shuts Down: Users Panic While Trying to Reset Password

Apple ID Shuts Down: Users Panic While Trying to Reset Password

Apple IDs serve as the gateway to our digital ecosystem. They unlock access to our beloved photos, messages, apps, and more. But what happens when that gateway suddenly slams shut, leaving us confused outside? 

Recently, Apple users have been struggling with this very issue, as widespread reports of forced password resets have surfaced.

Locked out of your Apple ID? Here’s what you need to know

If you've been locked out of your Apple ID in the last day or so without warning, you're not alone

Apple users have been suffering a wave of forced lockouts, with some indicating that they have been forced to reset their passwords to regain access.

The lockouts have resulted in customers losing access to their devices, but there appears to be no root cause or anything in common across incidents, and Apple has yet to comment on the matter. 

The company's System Status website indicates that all services are "operating normally," with Apple ID services particularly listed as "available."

The lockout mystery

If your Apple ID has locked you out, you might panic and try your usual password, but it’s useless. You’re left staring at the blank “Incorrect Password” message. What gives?

The cause behind these lockouts remains hidden in mystery. Experts believe it’s a security measure triggered by suspicious activity, while others suspect a glitch in the matrix. Regardless, the concern is real. Users have taken to social media, sharing their stories of being shut. 

Have you had your password reset?

If your Apple ID has been blocked out and you must change your password, any app-specific passwords you may have created will also need to be reset. That's something you'll have to do whether you utilize apps like Spark Mail, Fantastical, or any number of others.

It could potentially cause significant issues if you use iOS 17.3's Stolen Device Protection. You'll need to use biometrics on your iPhone, such as Face ID or Touch ID, to access your account or use Apple Pay.

Apple’s silence

As the lockout story falls out, Apple has remained silent. No official statements, no explanations. The tech giant continues to operate, but the users are panicking to regain control of their digital lives. Is it a glitch? A security enhancement? At this moment, we can only wait for Apple’s response

What can you do?

1. Reset Your Password: Change the password. But remember the app-specific ones too.

2. Biometrics: If you’ve set up Face ID or Touch ID, use them to reclaim your digital ID.

3. Stay Tuned: Keep an eye on Apple’s official channels. 

Read more »
Technology
Apple Internet Internet Complexity Tech Outage Technology

Tech Outages: Exposing the Web’s Fragile Threads

Tech Outages: Exposing the Web’s Fragile Threads

Today, technology outages have become more than mere inconveniences—they’re disruptions that ripple across industries, affecting businesses, individuals, and even our daily routines. Over 1.75 million user-reported issues flooded in from across the globe.  From WhatsApp to Greggs (the UK’s popular sausage roll maker), and even tech giants like Apple and Meta, all have recently faced service disruptions due to IT outages. Let’s explore the reasons behind this trend.

Downdetector

This platform monitors web outages and provides insights into the extent of problems faced by companies. On April 3, 2024, more than 1.75 million user-reported issues were flagged worldwide for WhatsApp, with tens of thousands also reported for the App Store and Apple TV. Neither firm responded to inquiries about the cause of their outages.

Internet Complexity

The internet, like software, comprises multiple layers. Regulatory changes, consumer demands for seamless data access, and the integration of new features (such as AI chatbots) add layers and complexity. Unfortunately, more layers mean a higher risk of things going wrong. Companies are pushing for innovation, but it comes with the potential of breaking existing systems.

Moving Parts and Cloud Services

Various factors can cause internet services to fail, including typos in code, hardware faults, power outages, and cyberattacks. Severe weather conditions can also impact data centers housing powerful servers. Additionally, many companies have shifted from managing their infrastructure in-house to using cloud services. While this enables faster development, a single outage at the cloud service provider can affect multiple platforms and technologies.

Tech Giants

Glitches in services provided by major cloud providers like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud have previously led to downtime for thousands of customers.

The internet's complexity, rapid innovation, and reliance on cloud services contribute to the increased occurrence of tech outages. As companies strive for progress, maintaining stability remains a challenge.

The Quest for Progress

We crave seamless experiences. We want our apps to load instantly, our streaming services to buffer flawlessly, and our online orders to arrive yesterday. But progress is a hungry beast. It devours stability, chews on reliability, and spits out error messages. The quest for innovation pushes boundaries, but it also tests the limits of our digital infrastructure.

Read more »
Spyware Alert
Apple Cyber Security Cyberattacks CyberCrime CyberThreat Mercenary Social Media Spyware Alert

Apple Steps Up Spyware Alerts Amid Rising Mercenary Threats

 


It has been reported that Apple sent notifications on April 10 to its Indian and 91 other users letting them know they might have been a victim of a possible mercenary spyware attack. As stated in the company's notification to the affected users, these spyware attacks were intended to 'remotely compromise the iPhone associated with the users' Apple IDs,' suggesting the attackers might have targeted them specifically as a result of who they are or what they do, and that they were most likely to be a target. 

A threat notification has been issued to users worldwide after fears were raised that sophisticated spyware attacks could be targeting high-profile Apple customers. There had been a similar warning sent out to Indian Apple users back in October last year, in which members of the Indian Parliament and journalists were alerted about potential ‘state-sponsored attacks'. 

People who had been alerted last year were able to use social media in response to the alerts, but this time around, the same has not been the case. After the Pegasus surveillance issue, Apple introduced this feature in 2021. When these alerts are received, they will be sent to users when they see activity that is consistent with a state-sponsored attack. 

It has recently released an alert highlighting the dangers and rarities of mercenary spyware, like the famous Pegasus from NSO Group, highlighting how complex and rare these types of viruses can be. According to the company's warning email, the spyware was designed to secretly infiltrate iPhones associated with particular Apple IDs. 

There has been a lot of speculation surrounding this issue, with Apple indicating that attackers may select their targets depending on their identity or profession to gain access to their systems. Mercenary spyware refers to sophisticated malware that has been developed and deployed primarily by private entities that may be guided by national authorities. 

In a message issued by the company, users were warned that advanced spyware may attempt to remotely access their iPhones, indicating that they may be at risk. The attacks, according to Apple, are both “exceptionally rare” and “vastly more sophisticated” than the usual cybercrime activities or consumer malware. 

In addition to stressing the unique characteristics of threats such as Pegasus spyware from NSO Group, the company also pointed out that such attacks are individually tailored and cost millions of dollars to launch, and only a very small percentage of customers are affected by such attacks. Moreover, as evidenced by the fact that a coalition of countries, including the United States, is currently working to create safeguards against the misuse of commercial spy software, these efforts are in line with global efforts to combat the misuse of commercial spyware. 

Furthermore, a recent report released by Google's Threat Analysis Group (TAG) and Mandiant shed light on the exploitation of zero-day vulnerabilities in the year 2023, revealing a significant portion of these exploits would be attributed to commercial surveillance vendors. It is widely known that web browser vulnerabilities and mobile device vulnerabilities are a major source of threat actors' evasion and persistence strategies, an indication of how reliant they are on zero-day exploits. 

Among the most concerning issues was that, in India, opposition politicians had raised concerns about possible government involvement in attacks against mobile phones in October, citing Apple's earlier alert about state-sponsored attacks from October that appeared to indicate such an involvement. There has been a high-risk warning issued by CERT-In, India's national cybersecurity watchdog, about vulnerabilities in Apple products that are affecting the entire Apple ecosystem. 

There may be vulnerabilities in these systems which will enable attackers to access sensitive information, execute unauthorized code, bypass security measures, and spoof systems to perform identity theft and other attacks against them. Several Apple devices and software are the subject of this advisory, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari, as well as a wide range of Apple devices and computer software.

Apple also recommends that users remain vigilant regarding suspicious links and attachments, as some attacks might be exploiting the power of social engineering to mislead users into clicking on malicious links. When users suspect that they are being targeted, even in the absence of a threat notification, precautions should be taken to avoid exposing themselves to security threats. 

These precautions include changing passwords and speaking with experts in the field of digital security. As a result of these evolving threats, Apple emphasizes that to mitigate the risks effectively, users must work together with security professionals. Proactive measures and an increased awareness of cyber threats must become increasingly important in helping combat malicious cyber activity in the era of growing digital privacy concerns. 

There may be vulnerabilities in these systems which will enable attackers to access sensitive information, execute unauthorized code, bypass security measures, and spoof systems to perform identity theft and other attacks against them. Several Apple devices and software are the subject of this advisory, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari, as well as a wide range of Apple devices and computer software. 

Apple also recommends that users remain vigilant regarding suspicious links and attachments, as some attacks might be exploiting the power of social engineering to mislead users into clicking on malicious links. When users suspect that they are being targeted, even in the absence of a threat notification, precautions should be taken to avoid exposing themselves to security threats. These precautions include changing passwords and speaking with experts in the field of digital security. 

As a result of these evolving threats, Apple emphasizes that to mitigate the risks effectively, users must work together with security professionals. Proactive measures and an increased awareness of cyber threats must become increasingly important in helping combat malicious cyber activity in the era of growing digital privacy concerns. It is recommended that users when clicking on links or opening attachments from unknown sources, be cautious. 

Since they feared the spyware might help attackers plan for a stealth attack, they decided not to share any more details about it. Additionally, Apple incorporated new advice for users who might be impacted by mercenary spyware attacks into its support page for those who might have been affected. The page explained how these threats are tailored to each individual and their particular device, which means they are difficult to detect and hard to eliminate.
Read more »
security alerts
Apple Cyber Threats Data Breach Digital Security iPhone mercenary spyware attack remote targeting security alerts

Apple Alerts iPhone Users of 'Mercenary Attack' Threat

 

Apple issued security alerts to individuals in 92 nations on Wednesday, cautioning them that their iPhones had been targeted in a remote spyware attack linked to mercenaries.

The company sent out threat notification emails, informing recipients, "Apple has detected that you are being targeted by a mercenary spyware attack," suggesting that the attack might be aimed at specific individuals based on their identity or activities. 

These types of attacks, termed as "mercenary attacks," are distinct due to their rarity and sophistication, involving substantial financial resources and focusing on a select group of targets. Apple emphasized that this targeting is ongoing and widespread.

The notification warned recipients that if their device falls victim to such an attack, the attacker could potentially access sensitive data, communications, or even control the camera and microphone remotely.

While it was reported that India was among the affected countries, it remained uncertain whether iPhone users in the US were also targeted. Apple refrained from providing further comments beyond the details shared in the notification email.

In response to the threat, Apple advised recipients to seek expert assistance, such as the Digital Security Helpline provided by the nonprofit Access Now, which offers emergency security support around the clock.

Furthermore, Apple referenced Pegasus, a sophisticated spyware created by Israel's NSO Group, in its notification regarding the recent mercenary attack. Apple had previously filed a lawsuit against the NSO Group in November 2021, seeking accountability for the surveillance and targeting of Apple users using Pegasus. This spyware has historically infiltrated victims' devices, including iPhones, without their knowledge. Since 2016, instances have surfaced of Pegasus being employed by various entities to monitor journalists, lawyers, political dissidents, and human rights activists.
Read more »
Vulnerabilites and Exploits
Apple CISA iOS iPad Vulnerabilites and Exploits

Apple iOS and iPadOS Memory Corruption Vulnerabilities: A Critical Alert


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) raised the alarm by adding two such vulnerabilities in Apple’s iOS and iPad to its Known Exploited Vulnerabilities catalog. These vulnerabilities are actively exploited, posing significant risks to users’ privacy, data, and device security.

The Vulnerabilities

CVE-2024-23225: This vulnerability targets the kernel of both Apple iOS and iPadOS. A flaw in memory handling allows malicious actors to corrupt critical system memory, potentially leading to unauthorized access, privilege escalation, or even remote code execution. Exploiting this vulnerability can have severe consequences, compromising the integrity of the entire operating system.

CVE-2024-23296: Another memory corruption vulnerability affecting Apple iOS and iPadOS, CVE-2024-23296, has also been identified. While specific technical details are not publicly disclosed, it is evident that attackers are leveraging this flaw to gain unauthorized access to sensitive data or execute arbitrary code on affected devices.

The Impact

These vulnerabilities are not merely theoretical concerns; they are actively being exploited in the wild. Cybercriminals are capitalizing on them to compromise iPhones and iPads, potentially gaining access to personal information, financial data, and corporate secrets. The impact extends beyond individual users to organizations, government agencies, and enterprises relying on Apple devices for daily operations.

Immediate Action Required

CISA’s Binding Operational Directive (BOD) 22-01 specifically targets Federal Civilian Executive Branch (FCEB) agencies, urging them to take immediate action to remediate these vulnerabilities. However, the urgency extends beyond the federal sector. All organizations, regardless of their affiliation, should prioritize the following steps:

Patch Management: Ensure that all iOS and iPadOS devices are updated to the latest available versions. Apple has released security patches addressing these vulnerabilities, and users must apply them promptly.

Security Awareness: Educate users about the risks associated with memory corruption vulnerabilities. Encourage them to be cautious while clicking on suspicious links, downloading unverified apps, or interacting with unfamiliar content.

Monitoring and Detection: Implement robust monitoring mechanisms to detect any signs of exploitation. Anomalies in system behavior, unexpected crashes, or unusual network traffic patterns may indicate an active attack.

Incident Response: Develop and test incident response plans. In case of successful exploitation, organizations should be prepared to isolate affected devices, investigate the breach, and remediate the impact swiftly.

Beyond the Technical Realm

The addition of Apple iOS and iPadOS memory corruption vulnerabilities to CISA’s Known Exploited Vulnerabilities catalog serves as a wake-up call. It reminds us that threats are real, and proactive measures are essential to protect our devices, data, and digital lives.

Read more »
WhatsApp
Apple Cyber Crime Cyberattacks CyberCrime DMA Compliant E2EE iMessage Messenger Meta Privacy Protocol Technology Fusion TikTok WhatsApp

Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

 


As part of the launch of the new EU regulations governing the use of digital "gatekeepers," Meta is ready to answer all of your questions about WhatsApp and Messenger providing end-to-end encryption (E2EE), while also complying with the requirements outlined in the Digital Markets Act (DMA). A blog post by Meta on Wednesday detailed how it plans to enable interoperability with Facebook Messenger and WhatsApp in the EU, which means users can message each other if they also use Signal's underlying encryption protocol when communicating with third-party messaging platforms. 

As the Digital Markets Act of Europe becomes more and more enforced, big tech companies are getting ready to comply with it. In response to the new competition rules that took effect on March 6, Google, Meta, and other companies have begun making plans to comply and what will happen to end users. 

There is no doubt that the change was not entirely the result of WhatsApp's decision. It is known that European lawmakers have designated WhatsApp parent company Meta as one of the six influential "gatekeeper" companies under their sweeping Digital Markets Act, giving it six months to allow others to enter its walled garden. 

Even though it's just a few weeks until the deadline for WhatsApp interoperability with other apps approaches, the company is describing its plans. As part of the first year of the regulation, the requirements were designed to support one-to-one chats and file sharing like images, videos, or voice messages, with plans for these requirements to be expanded in the coming years to include group chats and calls as well. 

In December, Meta decided to stop allowing Instagram to communicate with Messenger, presumably to implement a DMA strategy. In addition to Apple's iMessage app and Microsoft's Edge web browser, the EU has also made clear that the four parent companies of Facebook, Google, and TikTok are "gatekeepers," although Apple's parent company Alphabet and TikTok's parent company ByteDance are excluded. 

ETA stated that before the company can work with third-party providers to implement the service, they need to sign an agreement for interoperability between Messenger and WhatsApp. To ensure that other providers use the same security standards as WhatsApp, the company requires them to use the Signal protocol. 

However, if they can be found to meet these standards, they will accept others. As soon as another service sends a request for interoperability, Meta is given a window of three months in which to do so. The organization warns, however, that functionality may not be available for the general public to access immediately. 

The approach Meta has taken to interoperability is designed to meet the DMA requirements while also providing a feasible option for third-party providers looking to maximize security and privacy for their customers. For privacy and security, Meta will use the Signal Protocol to ensure end-to-end encrypted communication. This protocol is currently widely considered the gold standard for end-to-end encryption in E2EE.
Read more »
Phishing Attacks
Android Apple cryptocurrency Cyberattacks CyberCrime Cybersecurity Data Breach Threat FCC iOS Phishing Attacks

Sophisticated Phishing Tactics Unveiled in Targeted FCC Cybersecurity Breach

 


Several phishing campaigns targeting employees of cryptocurrency platforms such as Binance and Coinbase and the Federal Communications Commission (FCC) have been discovered, including one dubbed CryptoChameleon, which targets cryptocurrency platforms and employees. Based on an analysis from Lookout, the victims of this attack primarily use Apple iOS and Google Android devices with SSO solutions, such as Okta, Outlook, and Google, with their Apple and Google accounts with single sign-on. 

Several days ago, Lookout, a company focused on cloud security, announced that it had discovered an "advanced phishing kit" that targeted cryptocurrency exchanges, revealing techniques similar to what was expected. The phishing kit, which has been dubbed CryptoChameleon, can also be used to cheat the Federal Communications Commission (FCC) by using mobile devices. 

Most of the intended targets are crypto traders, single sign-on (SSO) services in the U.S., Binance staff, and Coinbase employees, with a small minority being Bitcoin traders and SSO service users. The kit seeks to trick victims into sharing sensitive information, including usernames, passwords, password reset URLs, and photo IDs, by sending carbon copies of SSO pages, phishing emails, SMS messages, and call-in scams via email, SMS, and voice mail, mainly aimed at US users.  

A suspicious new domain registration for the domain fcc-oktacom led researchers to discover a suspicious phishing kit. Cryptocurrency platforms and SSO services, including Coinbase, are most commonly targeted by this phishing kit, which is capable of impersonating a variety of company brands, with Coinbase being the most frequently targeted service.

Other websites were using the kit, and the majority of these websites used a subdomain of official-servercom as their C2 instead of their main domain. A recent blog post by Lookout states that the attack has been successful in phishing over a hundred people, many of whom remain active today. It is noteworthy that the C2 server URL, the client-side logic, and the style sheets were included in the kit. 

Most cybercriminals host their sites on RetnNet hosting. To prevent automated analysis tools from identifying the site, victims must first complete a captcha, known as hCaptcha, which provides the site with credibility. It appears CryptoChameleon is replicating the fashions used by Scattered Spider, specifically through its impersonation of Okta and the use of domain names previously assumed to be associated with the organization by Lookout. 

It is important to remember that the phishing kit has significantly different capabilities and C2 infrastructure than the phishing kit, even though the URL and spoofed pages look similar to what Scattered Spider might create. It is common for threat actors to copy one another's tactics and procedures when the tactic or procedure has been so publicized that it has become widely accepted. 

Furthermore, it remains unclear if this is the work of a single threat actor or a tool that is being used by many different groups at the same time. This is what has made the threat actors so successful in stealing high-quality data, according to Lookout, as high-quality phishing URLs, login pages that perfectly match the look and feel of legitimate websites, a sense of urgency, and consistent communication via SMS and voice calls have enabled them to steal data so efficiently. 

As soon as the attackers get access to the victim, they use their credentials to log in, and based on information that has been provided by the MFA service, they direct them to the appropriate page.  In addition to employees of the Federal Communications Commission (FCC), this phishing kit targets cryptocurrency users of Binance, Coinbase, and various other platforms that provide cryptocurrency services like Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor. 

There have been over 100 successful phishing attacks on victims so far. As a result, automated analysis tools are not able to flag the sites because the fake login screen is displayed only after the victim completes a CAPTCHA test using hCaptcha, thus preventing them from being flagged. 

By mimicking a company's customer service team with the pretence that it is protecting a person's account after a purported hack, these pages can be distributed via unsolicited phone calls and text messages. As a result, the victim's phone number and the choice of six- or seven-digit code can be customized on the phishing page. 

Cryptocurrency platforms and Single Sign-On services are the most frequently targeted services by phishing kits that impersonate various company brands, with Coinbase being the most commonly targeted.  

Further, victims are also lured through phone calls, emails, and text messages, when phishing emails are disguised as legitimate messages from cryptocurrency platforms or the Federal Communications Commission (FCC) with malicious links, while SMS messages are disguised as legitimate notifications from cryptocurrency platforms or the FCC. 

Lookout customers have been protected against these phishing sites since the beginning of January 2024 due to the similarity of infrastructure and the similarity of previous attacks.
Read more »
Technology
AI Apple Artificial Intelligence Cyber Hackers Cyberattacks CyberCrime Google Technology

Google's 'Woke' AI Troubles: Charting a Pragmatic Course

 


As Google CEO Sundar Pichai informed employees in a note on Tuesday, he is working to fix the AI tool Gemini that was implemented last year. The note stated that some of the text and image responses reported by the model were "biased" and "completely unacceptable". 

Following inaccuracies found in some historical depictions generated by its application, the company was forced to suspend its use of its tool for creating images of people last week. After being hammered for almost a week last week over supposedly coming out with a chatbot that could be used at work, Google finally apologised for missing the mark and apologized for getting it wrong. 

Despite the momentum of the criticism, the focus is shifting: This week, the barbs were aimed at Google for what appeared to be a reluctance to generate images of white people via its Gemini chatbot, when it came to images of white people. It appears that Gemini's text responses have been subjected to a similar criticism. 

In recent years, Google's artificial intelligence (AI) tool Gemini has been subjected to intense criticism and scrutiny, especially as a result of ongoing cultural clashes between those of left-leaning and right-leaning perspectives. In contrast to the viral chatbot ChatGPT, Gemini has faced significant backlash as a Google counterpart, demonstrating the difficulties associated with navigating AI biases. 

As a result of the controversy surrounding Gemini, images that depict historical figures inaccurately were generated, and responses to text prompts that were deemed overly politically correct or absurd by some users, escalated the controversy. It was quickly acknowledged by Google that the tool had been "missing the mark" and the tool was halted. 

However, the fallout from the incident continued as Gemini's decisions continued to fuel controversies. There has been a sense of disempowerment among Googlers on the ethical AI team during the past year, as the company increased the pace at which it rolled out AI products to keep up with its rivals, such as OpenAI, who have been rolling out AI products at a record pace. 

Gemini images included people of colour as a demonstration that the company was considering diversity, but it was also clear that the company failed to take into account all possible scenarios in which users might wish to create images. 

In her view, Margaret Mitchell, former co-head of Google's Ethical AI research group and chief ethics scientist for Hugging Face AI, has done a wonderful job of understanding the ethical challenges faced by users. As a company that had just been established four years ago, Google had been paying lip service to increasing its awareness of skin tone diversity, but it has made great strides since then.

As Mitchell put it, it is kind of like taking two steps forward and taking one step backwards." he said. There should be recognition given to them for taking the time to pay attention to this stuff. In a general opinion, Google employees should be concerned that the social media pile-on will make it even harder for internal teams who are responsible for mitigating the real-world harms that their artificial intelligence products are causing, such as whether the technology can hide systemic prejudices. 

The employees worry that Google employees should not be able to accomplish this task by themselves. A Google employee said that the outrage that was generated by the AI tool for unintentionally sidelining a group that is already overrepresented in the majority of training datasets could spur some at Google to argue for fewer protections or guardrails on the AI’s outputs — something that, if taken to an extreme, could hurt society in the end. 

The search engine giant is currently focused on damage control as a means to mitigate the damage. It was reported that Demis Hassabis, the director of Google DeepMind's research division, said on Feb. 26 that the company plans to bring the Gemini feature back online within the next few weeks. 

However, over the weekend, conservative personalities continued their attack against Google, specifically in light of the text responses Gemini provides to users. There is no doubt that Google is leading the AI race on paper, with a considerable lead. 

The company makes and supplies its artificial intelligence chips, has its cloud network, which is one of the requisites for AI computation, can access enormous amounts of data, and has an enormous base of customers. Google recruits top-tier AI talent, and its work in artificial intelligence enjoys widespread acclaim. A senior executive from a competing technology giant expressed to me the sentiment that witnessing the missteps of Gemini feels akin to observing a defeat taken from the brink of victory.
Read more »
Yahoo
Android Apple CIA Cyberattacks CyberCrime Cybersecurity Data Theft Yahoo

Ex-CIA Developer Faces 40-Year Sentence for Leaking Classified Data to WikiLeaks

 


In a multi-charged case that involved the disclosure of classified documents to WikiLeaks, Joshua A Schulte, a former CIA software engineer, was sentenced to 40 years for multiple counts of espionage and computer hacking, as well as one count of lying to FBI agents after handing over classified materials to WikiLeaks in 2022, he was found guilty of four counts of espionage and computer hacking in 2022. 

According to US authorities, Schulte was the cause of the largest breach in CIA history, because his alleged contributions to WikiLeaks have been regarded as one of the largest unauthorized disclosures of classified information ever made by the United States. 

Approximately eight thousand classified documents detailing CIA hacking tools were released on WikiLeaks in 2017 as part of an incident dubbed Vault 7, in which 8761 classified documents were made available. 

The trial on March 9, 2020, July 13, 2022, and September 13, 2023, led Schulte to become the prime suspect and face multiple convictions at trials that concluded on that date. US spies used the leak, which the CIA dubbed a “digital Pearl Harbor,” to hack Apple and Android smartphones, as well as to hack internet-connected television sets and turn them into listening devices, the CIA dubbed a “digital Pearl Harbor.” 

There has been a discussion about whether the Wikileaks founder Julian Assange should be kidnapped or assassinated after the security breach, Yahoo News reported, citing anonymous officials. As a result of the security breach, US officials have been planning to wage an "all-out war" against Wikileaks, including a potential kidnapping or assassination of its founder. 

Despite being indicted in 2019 on charges of espionage and criticized by press freedom organizations, Assange is currently fighting extradition to the US government in Britain. Additionally, the US authorities claim that Schulte's personal computer also contained tens of thousands of videos and images of child sexual abuse material. 

The Independent reports that Schulte denied the allegations and claimed that the CIA and FBI had used him as a scapegoat for the leak of CIA documents. Several brazen, heinous crimes of espionage committed by Joshua Schulte, one of the most brazen, and horrendous of all times, were committed by Schulte, the lawyer for the US. 

In his quest for revenge against the CIA, Schulte caused untold damage to the national security of our country based on how the CIA responded to Schulte's security breaches while employed by the agency. Schulte intended to cause even more harm to this nation after he was caught by the FBI, as he launched what he called an “information war,” releasing top secret information from behind bars to cause more harm to the nation.” 

Schulte received his sentence based on convictions for espionage, computer hacking, contempt of court, lying to the FBI, and having CSAM, among other charges. Additionally, he received a life sentence of supervised release alongside his prison sentence as well as his prison sentence. The CIA spying tools leak that was published last week included some shocking claims, including that hackers could gain access to Apple iPhones, 

Android devices made by Google and Samsung, and Samsung TVs made by Samsung to spy on their users. As presented in court documents, Schulte's theft "immediately and profoundly" affected the CIA's ability to gather foreign intelligence against U.S. adversaries; placed CIA personnel, programs, and assets directly at risk; and resulted in hundreds of millions of dollars of losses to the Agency.

Schulte repeatedly denied responsibility for the leak of the WikiLeaks documents during interrogations conducted by the FBI following the WikiLeaks disclosures. Schulte wrote in his journal in his detention pending trial that he intended to "break diplomatic relations, close embassies, and end US occupation across the globe." 

In the course of searching his apartment in New York, the FBI found that Schulte had hidden thousands of videos and images of horrific and disturbing child sexual abuse under layers of encryption. The FBI uncovered the servers and computers where Schulte had hidden the videos. Following his move to New York, according to the investigation, he continued to store child pornography from Russian websites and the dark web that he collected during his employment with the CIA and began to store it after moving to the city. It was from March 2020 until September 2023 that Schulte faced three separate trials in which he was tried for different crimes.
Read more »
Passwords
Apple Cyber Security Cyberattacks CyberCrime CyberThreat iOS iPhone Passwords

Apple's Shield Shattered: The Critical Flaw in iPhone Theft Defense

 


Several weeks ago, Joanna Stern from the Wall Street Journal reported that an increasing number of iPhone thieves have been stealing their devices from restaurants and bars and that one criminal was earning up to $300,000. 

During these attacks, it was common for thieves to observe their victims entering their passcodes before stealing their devices, changing their Apple ID passwords, and disabling Find My iPhone so that they could not be tracked or wiped remotely. With the help of this Keychain password manager, a thief can easily lock victims out of accounts (such as Venmo, CashApp, other banking apps, etc.) by using their passwords. 

However, Stolen Device Protection helps protect users against this vulnerability in two main ways. Users must use Face ID or Touch ID authentication (with no fallback for the passcode) to change important security settings such as Apple ID passwords or device passcodes when the feature is enabled. In addition to this, it also introduces a one-hour security delay before users can adjust any of these security settings. 

Essentially, this is intended to give victims enough time to mark their iPhones as lost before a thief can change them crucially. With the release of iOS 17.3 last week, Apple made sure that it included much anticipated features such as Collaborative Apple Music Playlists and AirPlay hotel integration. 

The biggest highlight of iOS 17.3 was the Stolen Device Protection, but we found that it was not as secure as we originally thought it would be. This is a new feature of iOS 17.3 called Stolen Device Protection that prevents bad actors from completing crucial actions such as changing your Apple ID password if they have your passcode. The purpose of this is to prevent bad actors from completing critical operations such as changing your passcode. Thus, you are unable to track the iPhone or mark it as stolen if someone stole it. 

In familiar locations such as your home and workplace, the iPhone Stolen Device Protection feature is turned off by default. However, there is a fatal flaw here. It is difficult for users to set familiar locations manually on the iPhone, as it learns your habits and automatically marks familiar locations as familiar locations. 

As a result, if you frequent the same bar or cafe over and over again, the Stolen Device Protection feature might not work, and it will be marked as a familiar place. There are two ways in which you can fix this problem. For example, the new feature automatically detects when an iPhone has been stolen, secures the device by using Face ID or Touch ID authentication, and then allows the user to change or modify any passwords stored on the device. Also, it would be necessary to wait for one hour with a mandatory time delay before any of the changes would be locked in. 

As a result of the cool-down period, users can report or mark the iPhone as lost before making any changes to it before making any changes to the devices. As ThioJoe pointed out in the post, users who have Significant Locations enabled will not be able to call upon the increased security layers if they have Significant Locations enabled on their devices. 

According to Apple, once a user starts frequenting a certain location, that location will be deemed 'significant'. As well as using this data to suggest journals, store memories, and display photos, it uses other data too. Furthermore, Apple is now also utilizing this technology to protect stolen devices after they have been lost or stolen. 

Furthermore, ThioJoe explains that users have no control over Significant Locations, which, means that once your iPhone finds itself in a Significant Location, all the protection features of the device are nullified by that moment. According to Apple, the feature, which is buried in the iPhone's settings menu, will add an extra layer of security to the iOS operating system. 

The security update addresses a vulnerability that has been exploited by thieves, allowing them to lock victims out of their Apple accounts, delete their pictures and other files from their iCloud accounts, and empty their bank accounts by using the Keychain Password Manager passwords that they keep in their accounts. Anecdotal evidence suggests that phone thefts are on the rise due to Apple's introduction of this feature. 

Incidents of stolen phones are prevalent on online forums like Reddit and in news articles across various locations, ranging from Los Angeles to London. Common tactics employed by thieves include pickpocketing, "table surfing," and moped snatching, as reported by law enforcement. The Wall Street Journal previously highlighted criminal activities where perpetrators observed individuals entering passcodes on stolen phones to access personal information. 

To counteract such security concerns, Stolen Device Protection has been introduced, designed to monitor a user's "familiar locations," such as their home or workplace. When attempting certain actions on the device outside these recognized places, additional biometric security measures are enforced. This approach aims to reduce the reliance on passcodes, susceptible to theft through various means, in favour of more secure "biometric" features like facial recognition or fingerprints, which are significantly harder to replicate.

Currently, as Apple works on developing a more robust solution, a temporary workaround involves disabling the Significant Locations feature on your iPhone. This can be done by accessing the Settings app, navigating to Privacy & Security, and selecting Location Services > Significant Locations. This feature prompts the device to request Face or Touch ID authentication when Stolen Device Protection is active. Although this serves as a temporary resolution, it is anticipated that Apple will enhance and refine this feature in future updates to provide a more comprehensive and secure solution.
Read more »
Subscribe to: Posts (Atom)