One of the earliest tablets inscribed with the Ten Commandments (dating to A.D. 300-800) is scheduled to go up for auction at Sotheby's on Wednesday.
(Image credit: Timothy A. Clary)
German authorities have managed to disrupt a major malware operation that affected thousands of Android devices across the country.
The Federal Office of Information Security (BSI) said BADBOX came preloaded on Android devices with older firmware, which were essentially sold as infected.
Some 30,000 devices across the country were compromised, the agency added, with digital picture frames, media players, and streaming devices being the most common endpoints - however, some smartphones and tablet devices were possibly infected as well.
Outdated Android devices"What all of these devices have in common is that they have outdated Android versions and were delivered with pre-installed malware," the BSI said in a press release.
The agency outlined how BADBOX was capable of carrying out a number of malicious activities.
Mostly, it was built to silently create new accounts for email and message services, which were later used to spread fake news, misinformation, and propaganda, but BADBOX was also designed to open websites in the background, which would count as ad views - a practice generally perceived as ad fraud.
Furthemore, the malware was able to act as a residential proxy service, lending the traffic to malicious third parties for different illegal activities. Finally, BADBOX can be used as a loader, as well, dropping additional malware on the devices.
The operation was reportedly first documented by HUMAN’s Satori Threat Intelligence more than a year ago, and that it most likely originates from China. The same threat actors allegedly operate an ad fraud botnet called PEACHPIT, as well, designed to spoof popular Android and iOS apps, and its own traffic from the BADBOX network.
"This complete loop of ad fraud means they were making money from the fake ad impressions on their own fraudulent, spoofed apps," HUMAN said at the time. "Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plugging it in, and unknowingly opening this backdoor malware."
Via The Hacker News
You might also likeA Senate committee investigation, led by Sen. Bernie Sanders, accused Amazon of risking worker safety for speed while manipulating injury data to make its warehouses seem safer than they are.
(Image credit: Patrick T. Fallon)
At least three people, including the alleged shooter, are dead after a shooting at a Wisconsin grade school.
(Image credit: Scott Bauer)
Meta is rounding out the year with a major update to its Ray-Ban smart glasses with two Live features it teased at Meta Connect 2024. It’s also adding Shazam integration to help you find the names of tunes you hear while wearing your specs.
The only downside of the awesome-sounding Live features are that they’re in early access, so expect them to be less reliable than your typical AI tools. They'll also only be available to Early Access Program members in the US and Canada. You can enroll at Meta’s official site.
But if you are in the Early Access Program you can now try Live AI and Live Translation.
Live AI is like a video version of Look and Ask. Instead of taking a quick snap, your glasses will continually record your view so you can converse with it with about what you can see – or other topics. What’s more, while in a Live AI session you won’t need to say “Hey Meta” over and over again.
Meta adds that “Eventually live AI will, at the right moment, give useful suggestions even before you ask.” So be prepared for the AI to butt in with ideas without you prompting it directly.
The babelfish gets closer Shazam is coming to your Ray-Ban specs (Image credit: Shazam)Live Translation is another real-time AI tool. This time it allows the AI to automatically translate between English and either Spanish, French, or Italian.
When you’re speaking to someone who is using one of those three languages you'll hear what they say in English through the glasses’ open-ear speakers, or see it as a transcript on your phone – and they'll be able to hear or read a translation of what you’re saying in their language.
Thankfully, the update isn't all about just early access features.
If you’re out at an end-of-year party and like the sound of a tune you can also ask your glasses “Hey Meta, Shazam this song,” and it will tell you what song is playing via the Shazam music recognition tool.
Unfortunately, while this feature is available more widely it is once again only available in the US and Canada – so folks in the UK and beyond won’t have access to it yet.
You might also likeApple introduced the Mac Studio in 2022 with the M1 chip, followed by the M2 model in 2023, and although these compact powerhouses have been lauded for their performance, buyers have rightly expressed concerns about the limited base SSD configurations and the absence of post-purchase upgrade options.
External USB-C or Thunderbolt SSDs are a common workaround for users seeking additional storage, but they don't match the speed and convenience of internal storage solutions.
Stepping in to address this gap, French company Polysoft has created the first publicly available SSD upgrade solution for Apple Silicon devices. Offered at a fraction of Apple’s prices, these SSD modules are the result of an extensive reverse-engineering process.
Better than AppleUnlike SSDs used in PCs, Apple’s storage modules are challenging to replicate due to their integration with the M1 and M2 chips, where the storage controller resides.
Polysoft’s efforts included detailed disassembly, component analysis, and redesign, culminating in the StudioDrive SSD which is set to launch next year following a successful Kickstarter campaign.
Polysoft claims its SSDs not only replicate Apple’s modules but also improve on them.
A key difference is the inclusion of "RIROP" (Rossmann Is Right Overvoltage Protection), a safeguard inspired by Louis Rossmann’s work on hardware reliability. This feature reportedly protects against voltage surges, reducing the risk of catastrophic data loss due to hardware failure.
The StudioDrive product line supports both M1 and M2 Mac Studio models. It includes blank boards for enthusiasts and pre-configured options in 2TB, 4TB, and 8TB capacities. Polysoft says that the modules use high-quality Kioxia and Hynix TLC NANDs, offering performance and durability comparable to Apple’s original storage solutions. The drives are backed by a five-year warranty and have a lifespan of up to 14,000 TBW.
Pricing starts at €399 ($419) for 2TB, €799 ($839) for 4TB, and €1,099 ($1,155) for 8TB. While these upgrades will no doubt be viewed as an affordable, and welcome solution by many Mac Studio owners, users should be aware that installing third-party storage will void Apple’s warranty.
You might also likeApple has revealed its most download apps, games and Apple Arcade titles in the US across 2024, covering free and paid releases on all the best iPhones and iPads. And while there are plenty of expected names in the top 10 lists, there are also some that might raise a few eyebrows (scroll down for the full lists).
The most controversial pick can be found in the list of the most downloaded free iPhone apps, where the number one app is Chinese shopping site Temu. Despite retailers like this growing in popularity, a survey in summer 2024 found that 94% of respondents did not trust Temu, and the brand has been accused of mishandling customer data in the past. Yet that hasn’t stopped iOS users from sending it rocketing to the top of Apple’s charts.
As for the most downloaded paid iPhone app, that award goes to proxy utility Shadowrocket, which can be used to redirect your device’s traffic and has similarities with some of the best VPN apps. It’s clearly a popular choice, as it also landed the number three spot in the list of top paid iPad apps.
Speaking of iPad apps, the list of top ten free iPad apps is chock-full of well-known names, including YouTube, Netflix, Max, Disney Plus, Google Chrome and TikTok. Many of these same names appear in the list of most downloaded free iPhone apps, although the likes of Threads, ChatGPT, Instagram and WhatsApp have displaced several of the iPad picks.
Familiar names and games (Image credit: Brett Jordan / Pexels)The games charts also contain some interesting tidbits. The Tetris-like game Block Blast takes the number one spot on the list of free iPhone games, followed by Monopoly Go, Roblox, Call of Duty Warzone Mobile, Township, and more. Perhaps unsurprisingly, the top paid iPhone game is Minecraft, with Heads Up and Geometry Dash following behind.
Minecraft and Geometry Dash take the top two spots for paid iPad games, with Five Nights at Freddy’s and Stardew Valley taking spots three and four. Roblox, meanwhile, is the most downloaded free iPad game.
Finally, Apple included download figures for its Apple Arcade subscription service, where games can be made to work across iPhone, iPad and the Mac. Here, NBA 2K24 Arcade Edition was the most popular Apple Arcade game, followed by Snake.io+ and Hello Kitty Island Adventure.
While most of the lists are dominated by established names, they show that a few viral hits have been able to penetrate the top ten, as well as long-lived titles like Heads Up. If you’ve been looking for a new app or game for your Apple device, it might be worth browsing the lists to see what catches your eye. Here are those lists of most popular iPhone and iPad apps of 2024 in full.
The top free iPhone Apps of 2024
The top paid iPhone apps of 2024
The top free iPhone games of 2024
The top paid iPhone games of 2024
The top free iPad apps of 2024
The top paid iPad apps of 2024
The top free iPad games
The top paid iPad games of 2024
The Federal Trade Commission (FTC) is warning jobseekers to be wary of an emerging ‘task scam’, which essentially tricks victims into completing repetitive ‘work’ tasks, under the pretense of earning money - but first asking for a ‘deposit’ to secure the assignments.
This type of scam was virtually non-existent just three years ago, but reports of financial loss have shot up in 2024, with the FTC receiving over 20,000 complaints in the first 6 months alone, compared to under 500 in all of 2021.
This translates to a $220 million loss for victims of job related scams in the first half of 2024, with nearly 40% of those being ‘task scams’, according to the agency. Since cryptocurrency is the primary form of payment for these schemes, they have driven the crypto losses - with $41 million lost in employment scams in the same period - double that of 2023 in its entirety.
Don’t pay to get paidThe offer of easy money is always enticing, and fraudsters will often impersonate trusted companies like Amazon or Deloitte, with victims given a set of tasks to complete before moving to the next level.
Interestingly, the FTC has warned this approach has ‘gamified’ the scams, creating an effect similar to gambling, where the victim is sucked in, sometimes with small payouts to build trust, before being goaded into making larger deposits to access bigger tasks - but the deposits are never returned to the victim.
Joobseekers have unfortunately proved frequent targets for scammers, especially for those looking for a remote position - with a request for upfront payment is a common job related scam, making up 25% of cases.
More tactics used by fraudsters are phishing attempts (19%), and requests for confidential data (17%) that can then either be used to commit identity theft, or sold on to malicious actors.
You might also likeA huge database containing millions of sensitive records has been discovered unprotected online available to anyone who knew where to look.
The cache was recently discovered by security researcher Jeremiah Fowler, known for uncovering misconfigured databases, or non-password-protected archives.
This time around, Fowler said he found a database containing more than 4.8 million documents, and weighing roughly 2.2 terabytes. Investigating the files found in the archive, the researchers said he found eye exams in .PDF format, together with patient Personally Identifiable Information (PII), doctor’s comments, and images of the exam results.
Reacting to the findings“The database also contained .csv and.xls spreadsheets that listed patients and included their home addresses, Personal Health Numbers (PHN), and details regarding their health,” Fowler told vpnMentor.
Personal Health Numbers are unique identifiers, assigned to individuals, by provincial or territorial healthcare systems in Canada to manage access to publicly funded healthcare services. They are used to track medical records, process insurance claims, and verify eligibility for healthcare services.
Cybercriminals could abuse PHNs by using them for identity theft, such as obtaining unauthorized medical services, filing fraudulent insurance claims, or purchasing prescription drugs illegally. They could also sell these numbers on the dark web for profit or exploit the associated data to craft targeted phishing or social engineering attacks.
Drilling deeper, Fowler found that the database belonged to Care1, a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care. The company says its software helped manage more than 150,000 patient visits, and is used by more than 170 optometrists.
After realizing who the owner was, Fowler reached out to the company, who locked the database down soon after. However, without detailed forensics, it’s impossible to know if malicious actors found the archive at any time in the past.
You might also likeAdobe and Box have announced a new partnership aimed at making content creation easier than ever for business users.
The agreement will see Adobe Express become the default image editor in Box’s online content creation service, giving users access to a far more powerful and wide-ranging platform.
The move will also bring editing images, crafting presentations, and managing digital assets directly into Box, meaning users will no longer need to switch between multiple applications to carry out tasks such as cropping and resizing images, adding filters, and removing distracting objects and backgrounds.
Box and Adobe Express partnership“Today, every enterprise is feeling the pressure to create more content to engage audiences across a growing number of internal and external channels,” said Govind Balakrishnan, SVP of Adobe Express & Creative Cloud Services.
“By integrating Adobe Express directly into Box, we’re helping enterprises close that gap, meeting millions of business users where they work with intuitive, world-class creative tools and AI they can trust.”
Adobe Express will also bring the company's Firefly generative AI tool, meaning teams can create AI-powered content within the Box platform.
The two firms say by reducing the time it takes to create, review, and approve content, businesses can maintain a competitive edge. For example, marketing teams can quickly edit visuals for their campaigns and tailor social media content for different markets, while HR departments can build training materials and update internal communications, and sales teams can develop presentations personalized to their audience.
The news is the latest step in the partnership between Adobe and Box, with Adobe Document Cloud, Adobe Experience Cloud, and Adobe Creative Cloud already integrated into the platform.
“As enterprises increase the amount of content they’re creating, Box is leveraging AI in our secure ecosystem to fuel collaboration, reduce content sprawl and manage risk,” said Aaron Levie, CEO of Box.
“We’re excited to partner with Adobe Express to enhance what we can offer with the world’s best creative tools and AI that’s commercially safe. As a result, every Box customer and user will have the ability to easily create, collaborate on and securely manage digital media in a single, secure Intelligent Content Management platform.”
You might also like