Category: Technology

With a Samsung event looming next week, you’ll need to know how to watch the Samsung Unpacked live stream to stay on top of all the products likely to be unveiled during the August 2022 Galaxy Unpacked. Fortunately, you’ve got plenty of options for seeing Samsung’s latest devices in real time.

The Unpacked event next Wednesday (August 10) looks to feature a packed agenda, with new foldable devices leading the way. Samsung has already confirmed as much, with president and head of mobile TM Roh promising “to show you the potential of our new Samsung Galaxy foldables as the ultimate tool for both productivity and self-expression.” That likely means new versions of the Flip and Fold devices that rank among the best foldable phones around.

There’s a mod in the works for Nintendo 64 classic golden eye 007 that turns another James Bond film into a full game. Fans are building a playable version of The Spy Who Loved MeRoger Moore’s third, and some would argue best, Bond movie.

As spotted by YouTuber Graslu00 posted a playthrough video showing 11 levels of The Spy Who Loved Me 64. The mod depicts the key events and locations of the film, taking Bond from the Alps to the pyramids of Egypt and a supertanker in the Atlantic Ocean. It includes Moore’s likeness, as well as characters such as Anya Amasova (aka Agent XXX) and villain Karl Stromberg. It’s possible to run the mod on an emulator in 4K at 60 frames per second, though you can also play it on an N64 console.

It’s a work in progress, as Graslu00 notes. The build of The Spy Who Loved Me 64 that’s available is a demo of the first three levels with a peek at a planned four-player multiplayer mode. It looks like there’s quite a way for the fans working on the game to go, though. The stage select screen shows 20 levels including, curiously, Bond’s childhood home of Skyfall — that seems to be one of the multiplayer maps.

Meanwhile, there’s an official James Bond title in the works. It emerged in late 2020 that Hitman studio IO Interactive is developing a game that delves into the superspy’s origins. It’s expected to be the first official Bond game since 2012’s 007 Legends.

inbrief DuckDuckGo has finally mostly cracked down on the third-party Microsoft tracking scripts that got the alternative search engine into hot water earlier this year.

In May, DDG admitted its supposedly pro-privacy mobile browser wasn’t blocking certain Microsoft trackers, while actively blocking other types of third-party trackers by Microsoft and other organizations, confirming findings by data-usage researcher Zach Edwards.

This special exception for the Windows giant was due to “contractual commitments with Microsoft,” DuckDuckGo CEO Gabriel Weinberg said at the time.

This caused a storm among netizens, and provoked some sharp criticism from the competition. Now, late on Friday this week, DDG said the full blocks would be added against Redmond.

“Previously, we were limited in how we could apply our 3rd-Party Tracker Loading Protection on Microsoft tracking scripts due to a policy requirement related to our use of Bing as a source for our private search results,” it quietly quacked.

“We’re glad this is no longer the case. We have not had, and do not have, any similar limitation with any other company.”

That said, Microsoft scripts from bat.bing.com, used to measure the effectiveness of web adverts, will not be blocked by DDG’s mobile browser if fetched by an advertiser’s website following a DuckDuckGo ad click. Ie, if you tap on an advert on a DDG search results page, get taken to the advertiser’s website, and the advertiser pulls a script from bat.bing.com to detect and record whether anything you subsequently ordered was a result of that advert, the browser won’t block that script.

“For anyone who wants to avoid this, it’s possible to disable ads in DuckDuckGo search settings,” the biz said, adding that it is working on removing support for bat.bing.com with alternative non-profiling ad conversion tracking.

While this may placate some users, a lot of goodwill no doubt has been lost.

Twitter confirms data stolen via privacy blunder

Back in January, Twitter fixed a privacy flaw that made it easy to unmask users. This week, the biz confirmed that the Twitter user data that went on sale earlier this year was indeed taken via that specific security hole.

Exploiting the bug was pretty easy: it was possible to send an email address or phone number to one part of Twitter’s systems, and have it tell you which Twitter account was associated with that contact information, if any, even if they had chosen not to disclose those details in their privacy settings. Thus, for instance, if you suspected someone had a pseudonymous Twitter profile, you could give their contact info to Twitter, and the site would confirm their handle. Or you could just feed the site a load of details and have it map them to accounts.

This would be useful for nation states and other organizations that are keen to know who is behind particular Twitter accounts.

“If someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,” the micro-blogging biz said Friday. “This bug resulted from an update to our code in June 2021,” it added.

The flaw was addressed soon after it was disclosed via Twitter’s bug bounty program in January, we’re told. It was then reported in July that someone had seemingly exploited the privacy hole prior to its patching and was selling information obtained from Twitter’s servers.

Though Twitter has now acknowledged that this info was stolen via the bug before it was fixed, it’s understood that 5.4 million Twitter users had their details harvested and put up tor sale.

A window into the world of Pegasus

An investigation into spyware used by the government of Israel has discovered that Israeli cops had their own version of NSO’s Pegasus snoopware dubbed Seifan as early as 2016. We’ve also been treated to a view of the software control panel for the espionage tool, revealing its real-time surveillance capabilities and other functions.

Deputy Israeli Attorney General Amit Merari, leader of an investigative committee looking into police use of spyware, published a report Monday detailing the committee’s findings, Israeli news site Haaretz reported.

Seifan, according to Merari’s investigation, may have been pitched to the Israeli government as early as 2014 in a form that analysts described to Haaretz as a beta form of the now-notorious spyware. The investigation showed that the Israeli Police used the technology in a manner “beyond its legal authority,” and that the group responsible for its operation is still in possession of illegally gathered data.

Among the capabilities of the Seifan Pegasus variant are all the usual table stakes: data exfiltration, call interception, and the like. Also included in the police version of Pegasus was “volume listening” that allowed police to snoop on an infected device’s microphone in real time, and remote operation of a handset’s cameras.

Haaretz said the latter tool is likely illegal, as Israeli law “does not explicitly allow the planting of concealed cameras, and certainly does not allow the remote control of a camera by hacking a suspect’s mobile device.”

Pegasus isn’t restricted to Israel, either: NSO, the Israeli company that developed the spyware, has tried to downplay fears by saying it has sold Pegasus to fewer than 50 customers, at least five of which were EU member states, though. According to reports, Pegasus has been used to spy on political dissidents, journalists, and other government targets, including the murdered Washington Post journalist Jamal Khashoggi.

The Merari investigation found that, while Israeli Police were using spyware, no eavesdropping took place outside of court-ordered situations.

“Police use of [Seifan] was solely for the purpose of preventing and solving serious crimes, and subject to court warrants, and that no intentional actions were taken in contravention of the law,” the Israeli Police said in a statement to Haaretz.

Critical flaws in Cisco email hardware: Patch now

Vulnerabilities in Cisco’s AsyncOS for physical and virtual email appliances have been patched, and anyone with an affected system is advised to update now.

Cisco notified customers of the security holes in June, and lately updated the notice to point to AsyncOS patches for the flaws, which could allow a remote attacker to bypass authentication and log into the web administration console for an affected device.

Caused by improper authentication checks when using LDAP for external authentication, the vulnerability has a CVSS score of 9.8. It affects all Cisco Email Security Appliances and Cisco Secure Email and Web Managers running vulnerable versions of AsyncOS that are configured for external authentication and use LDAP as a protocol.

Cisco noted that external authentication is disabled by default, but warns users of its email appliances to double-check the settings to ensure they’re not leaving equipment exposed.

Secure Email and Web Manager appliances running AsyncOS versions 13, 13.6, 13.8, 14, and 14.1 can find updates, and those using Email Security Appliances will find updates available for AsyncOS versions 13 and 14. Links to the updated version can be found in the Cisco security advisory linked above.

AsyncOS release 11 is out of support, Cisco said, and those using this version or older should migrate to a fixed release. Release 12 doesn’t appear to be getting updates against exploitation, either.

For those who can’t update to a newer version of AsyncOS, Cisco said a workaround is available by disabling anonymous binds on the external authentication server. Cisco said it hasn’t discovered any malicious use of the vulnerabilities in the field.

Cybercriminals book Uber to hurry up scams

Scammers may now be offering to send Ubers to victims’ homes to ferry them to banks to withdraw large sums from their accounts.

That’s the story from Towson, Maryland, USA, where an 80-year-old woman targeted by fraudsters was offered a courtesy ride to the bank to fix an “accidental” $160,000 bank withdrawal, as reported by infosec blogger Brian Krebs.

The scammers used a familiar tactic that, in this instance, happened to work out well: they posed as Best Buy employees collecting payment for an appliance installation; the victim had coincidentally just had a dishwasher fitted for her not long prior. The scammers said the victim owed $160.

After persuading her to install and run remote-control software on her computer, the scammers had her log into her bank account so they could sort out the payment, and then said they “accidentally” transferred $160,000 into her account instead of taking out $160. Next, the cybercriminals tried to get the woman to go to her bank in person to wire “back” the money.

When she said she didn’t drive, the crooks said they would send an Uber to her home. It’s unknown if the Uber came: the victim’s son told Krebs that she went to the home of a neighbor after the phone call, who figured out it was a scam.

While it’s often assumed that older people are the most common victims of online fraud, multiple studies point to a different conclusion: young people are most likely to fall for a digital scam. Reported reasons vary, but in general younger internet users are seen as overly confident in their online security skills, leading to riskier behavior without a full understanding of what can go wrong.

CISA’s top malware strains of 2021

The US Cybersecurity and Infrastructure Security Agency, along with the Australian Cyber ​​Security Centre, have released an informative, if somewhat late, report naming their top observed malware strains of 2021.

According to the agencies, remote-access trojans, banking trojans, information stealers and ransomware topped the list, with most strains included having been on the scene for more than five years.

“Updates made by malware developers, and reuse of code from these malware strains, contribute to the malware’s longevity and evolution into multiple variations,” the advisory read.

Eleven malware strains are mentioned in the report, most of which we’ve covered to some capacity:

• Agent Tesla has been used in phishing campaigns against the US oil industry
• AZORult is a data harvesting malware that targets Windows
• Formbook, a data stealer also known as XLoader, has been spotted on Ukrainian systems
• Ursnif is a banking malware first spotted in 2008
• LokiBot is a banking trojan in use for years
• MOUSEISLAND is a Word macro downloader; given recent Microsoft updates to macro usage, it may have to adapt to a new tactic
• NanoCore is a RAT that landed its developer in prison
• Qbot is a data stealer that uses the Windows Follina exploit
• Remcos is allegedly legitimate pentesting software often used by cybercriminals
• TrickBot is a form of ransomware whose Russian creator was recently arrested in South Korea
• Gootkit has been used to promote malicious websites in search engine results

Cybersecurity company Tenable said CISA’s list of top malware has an interesting overlap with the most exploited vulnerabilities of 2021: they rely on each other.

Citing CISA’s list of the 36 most commonly exploited vulnerabilities of 2021, Tenable said four of them are represented by malware in the list covered here, with two released after the relevant timeframe. Of the vulnerabilities Tenable singled out, several are exploitable by multiple malware families.

Tenable said it’s seen “sustained exploitation of these flaws by diverse threat actors,” and said it’s concerned that exploits of older vulnerabilities continue to be common.

“Continued exploitation is troubling evidence that organizations are leaving these flaws unremediated, which is particularly concerning considering how many Print Spooler flaws Microsoft has patched in the intervening year since PrintNightmare,” Tenable said. ®

Organizers at Evo 2022 have announced that LeBron James is banned from being played at the tournament’s Multi Versus slot, though the announcement’s wording left some fans wondering if the four-time NBA championship winner was banned from visiting the Vegas competition.

On Saturday (August 5), Stage Four at Evo 2022 will stream a top 32 and finals tournament for Multi Versuswith competitors duking it out over a £82,445 ($100,000) prize pool.

Ahead of the tournament, Start.GG has shared the rules that players will need to abide by (via Dexerto). While most of the rules cover the basics – punctuality, game settings and cheating – there’s a specific line about which Multi Versus characters are banned from the tournament.

“Iron Giant, LeBron James, or any other characters released after the start of Open Beta will not be allowed in the Evo 2022 Multi Versus Open Beta Tournament,” says the rule – which notes that it is “subject to change at the sole discretion of Warner Bros. and Player First Games.”

While this rule is likely meant to avoid including fighters who have had less time to be balanced, LeBron James’ inclusion on the list has amused fans who would rather believe that the basketballer has been banned from attending the Las Vegas tournament.

it’s kinda hilarious to see the sentence “Lebron James is banned for EVO”

— Susie – Multiversus Leaks (@multiversusie) August 4, 2022

I can’t believe LeBron James is banned from Evo

— Kybosh @ Peak Fiction (@Kybosh42) August 4, 2022

I thought you meant the irl LeBron James was banned from going to Evo, I was confused for a second

— PeteSauce The AwsomeSauce (@PeteSauceToon) August 4, 2022

“Now I absolutely want to see the real LeBron James go to Evo, enter the Multi Versus tournament, & cause mass confusion,” joked one Twitter userwhile another asked “is Lebron James banned at Evo just as a character or like if LeBron just wants to watch a tournament live he can’t get in?

Though LeBron James won’t be at the tournament, Evo’s Multi Versus finals will be worth watching to see how the game’s early meta is shaping up. besides Multi Versusthere will a host of different fighting games and livestreams to follow at this year’s tournament – ​​here’s how to watch Evo 2022.

To build artificial intelligence (AI) systems that can interact with people in smarter, safer and more useful ways, we need to teach them to adapt to our needs. Today, we’re releasing Blender Bot 3, our state-of-the-art conversational agent that can converse naturally with people, who can then provide feedback to the model on how to improve its responses. We will be sharing data from these interactions, and we’ve shared the BlenderBot 3 model and model cards with the scientific community to help advance research in conversational AI.

The BlenderBot series has made progress in combining conversational skills — like personality, empathy and knowledge — incorporating long-term memory, and searching the internet to carry out meaningful conversations. BlenderBot 3 inherits these skills and delivers superior performance because it’s built from Meta AI’s publicly available OPT-175B language model — approximately 58 times the size of BlenderBot 2.

Since all conversational AI chatbots are known to sometimes mimic and generate unsafe, biased or offensive remarks, we’ve conducted large-scale studies, co-organized workshops and developed new techniques to create safeguards for BlenderBot 3. Despite this work, BlenderBot can still make rude or offensive comments, which is why we are collecting feedback that will help make future chatbots better.

The Promise and Challenge of Chatting With Humans

Allowing an AI system to interact with people in the real world leads to longer, more diverse conversations, as well as more varied feedback. For example, you can react to each chat message in our BlenderBot 3 demo by clicking either the thumbs-up or thumbs-down icons. Choosing a thumbs-down lets you explain why you disliked the message — whether it was off-topic, nonsensical, rude, spam-like or something else. You can also submit feedback in the chat itself.

Developing a Safe Chatbot That Improves Itself

To improve BlenderBot 3’s ability to engage with people, we trained it with a large amount of publicly available language data. Many of the datasets used were collected by our own team, including one new dataset consisting of more than 20,000 conversations with people predicated on more than 1,000 topics of conversation. We trained BlenderBot 3 to learn from conversations to improve upon the skills people find most important — from talking about healthy recipes to finding child-friendly amenities in the city.

When the chatbot’s response is unsatisfactory, we collect feedback on it. Using this data, we can improve the model so that it doesn’t repeat its mistakes.

We understand that not everyone who uses chatbots has good intentions, so we also developed new learning algorithms to distinguish between helpful responses and harmful examples. Over time, we will use this technique to make our models more responsible and safe for all users.

Putting BlenderBot 3 to the Test

Compared with its predecessors, we found that BlenderBot 3 improved by 31% on conversational tasks. It’s also twice as knowledgeable, while being factually incorrect 47% less often. We also found that only 0.16% of BlenderBot’s responses to people were flagged as rude or inappropriate.

The goal of our research is to collect and release feedback data that we and the broader AI research community can leverage over time. That way, we can find new ways for AI systems to be safer and more engaging for people who use them.

Driving Conversational AI Forward

Progress in the field of AI heavily depends on the opportunity for the wider AI research community to build on the best available technology. Therefore, releasing chatbot models and datasets is key to gaining complete, reliable insights into how and why they work, the potential they hold and their limitations.

While BlenderBot 3 significantly advances publicly available chatbots, it’s certainly not at a human level. It’s occasionally incorrect, inconsistent and off-topic. As more people interact with our demo, we’ll improve our models using their feedback and release data to benefit the wider AI community.

Learn more about BlenderBot 3

Google has many tricks and shortcuts that help narrow down exactly what you are looking for — and it just rolled out a new search feature that should speed things up even more. When you use quotes in a search, that particular word or phrase will show up in a snippet in bold under the webpage — and not just that: Google will indicate where exactly that word/phrase will appear on the site.

The new update from Google should save you precious minutes that are spent in scrolling through websites, finding the exact term you are looking for. Google already had “search with quotes” in place, which brought up only those pages that contained those particular words.

Now in a blog post (opens in new tab), Google mentions that it is updating its search shortcut to help users find content much faster. Google “generally” makes the quoted words bold in the webpage snippets when searched for on a desktop, but not when accessed through a phone.

In Google’s example, the term “google search” is highlighted in bold below each webpage that it is found. The sentence that is under the webpage is a snippet that Google has created to help users find the term, rather than a description or context of the webpage.