Category: Technology

Google’s Threat Analysis Group revealed on Thursday that it discovered and worked to help patch an email server flaw used to steal data from governments in Greece, Moldova, Tunisia, Vietnam and Pakistan. The exploit, known as CVE-2023-37580, targeted email server Zimbra Collaboration to pilfer email data, user credentials and authentication tokens from organizations. 

It started in Greece at the end of June. Attackers that discovered the vulnerability and sent emails to a government organization containing the exploit. If someone clicked the link while logged into their Zimbra account, it automatically stole email data and set up auto-forwarding to take control of the address. 

While Zimbra published a hotfix on open source platform Github on July 5, most of the activity deploying the exploit happened afterward. That means targets didn’t get around to updating the software with the fix until it was too late. It’s a good reminder to update the devices you’ve been ignoring now, and ASAP as more updates become available. “These campaigns also highlight how attackers monitor open-source repositories to opportunistically exploit vulnerabilities where the fix is in the repository, but not yet released to users,” the Google Threat Analysis Group wrote in a blog post. 

Around mid-July, it became clear that threat group Winter Vivern got ahold of the exploit. Winter Vivern targeted government organizations in Moldova and Tunisia. Then, a third unknown actor used the exploit to phish for credentials from members of the Vietnam government. That data got published to an official government domain, likely run by the attackers. The final campaign Google’s Threat Analysis Group detailed targeted a government organization in Pakistan to steal Zimbra authentication tokens, a secure piece of information used to access locked or protected information.

Zimbra users were also the target of a mass-phishing campaign earlier this year. Starting in April, an unknown threat actor sends an email with a phishing link in an HTML file, according to ESET researchers. Before that, in 2022, threat actors used a different Zimbra exploit to steal emails from European government and media organizations.

As of 2022, Zimbra said it had more than 200,000 customers, including over 1,000 government organizations. “The popularity of Zimbra Collaboration among organizations expected to have lower IT budgets ensures that it stays an attractive target for adversaries,” ESET researchers said about why attackers target Zimbra.

This article originally appeared on Engadget at https://www.engadget.com/an-email-vulnerability-let-hackers-steal-data-from-governments-around-the-world-160005510.html?src=rss 

If there’s a book lover on your holiday list, consider yourself lucky. There’s a huge range of gifts you can give them — and you don’t even need to know what’s next up on their to-be-read list. I’m a former bookseller with an abiding fiction habit who now tests book-related (and other) tech. Andrew Tarantola is Engadget’s resident book expert who produces our Hitting the Books column. He’s compiled the ten books he recommends for 2023 and I’ve included ereaders, accessories and subscriptions that I think the reader in your life will appreciate. Here are the best gift ideas for book lovers this year.

Kobo Clara 2E

Kindle Paperwhite Signature Edition

Twelve South HoverBar Duo

Sony WH-CH720N

Nimble Champ portable charger

Glocusent Tri-Head Book Light

Audible subscription

Libro.fm subscription

Storygraph Plus

Blood in the Machine

Elon Musk

Extremely Online

The Teachers

Monsters, Aliens, and Holes in the Ground

American Prometheus

Starter Villain

The Far Reaches Collection

Optimal Illusions

Mother Brain

This article originally appeared on Engadget at https://www.engadget.com/best-gifts-for-book-lovers-160047468.html?src=rss 

Microsoft is offering a steep, and relatively rare, discount on the Surface Pro 9 hybrid tablet as part of a larger Black Friday sales event. The savings fluctuate depending on which model you purchase, but you could save $800 on the absolute top-of-the-line model with 32GB of RAM and a 1TB SSD, bringing the price down to $1,800 from $2,600. This is a record-low deal for this particular SKU.

The discounted models offer 8GB to 32GB of RAM and 256GB to 1TB of solid-state storage. You have your choice between the 12th Gen Intel i5, the 12th Gen Intel i7, Microsoft’s proprietary Arm-based SQ2 chip or even the latest SQ3 chip. With this in mind, discounts range from $50 all the way to the aforementioned $800. Unfortunately, these deals don’t ship with a keyboard or a stylus. 

There has been some confusion between the Arm-based models and the Intel models. Simply put, the Intel models are for power users and the Arm-based models are more for general use. Yes, even though the SQ chips are newer, the Intel chips are faster. In our review of last year’s Surface Pro 9 SQ3, we called it a compromised machine compared to its Intel-based siblings.

With that said, the Surface line is well-regarded for a number of reasons. The 13-inch screen is gorgeous, the form factor is on-point and Microsoft makes it easy to source replacement parts, unlike certain rivals.

These deals are also available on Amazon, if that’s your preferred retail experience. You can grab an Intel i7 version with 16GB of RAM and 256GB of solid-state storage for $1,100, a savings of $500. You can also grab the aforementioned flagship tablet for $1,800, the same price as ordering directly from Microsoft. The company’s wider Black Friday deal also offers discounts on the Laptop 5 and Laptop Studio 2, among others. 

Your Black Friday Shopping Guide: See all of Yahoo’s Black Friday coverage, here. Follow Engadget for Black Friday tech deals. Learn about Black Friday trends on In The Know. Hear from Autoblog’s experts on the best Black Friday deals for your car, garage, and home, and find Black Friday sales to shop on AOL, handpicked just for you.

This article originally appeared on Engadget at https://www.engadget.com/microsoft-black-friday-deals-discount-the-surface-pro-9-by-up-to-800-161628594.html?src=rss 

We consider Google’s Pixel 8 and Pixel 8 Pro the best Android phones for most people, and right now both handsets are on sale for the lowest prices we’ve tracked. As part of an early Black Friday sale, the 6.7-inch Pixel 8 Pro has dropped to $799 at various retailers, while the 6.2-inch Pixel 8 is on sale for $549. That’s $200 off the usual going rate of the Pixel 8 Pro and a $150 discount for the Pixel 8. These prices are for unlocked models with 128GB of storage; if you need more space, the 256GB Pixel 8 is available for $609, which is another $150 discount. The 256GB and 512GB versions of the Pixel 8 Pro, meanwhile, are both $200 off at $859 and $979, respectively. The deals apply to each color finish of the two devices. 

We gave the Pixel 8 and Pixel 8 Pro scores of 90 and 93, respectively, in our review last month. Both phones offer a vivid OLED display with a smooth 120Hz refresh rate, solid battery life, speedy performance via Google’s Tensor G3 chip, a typically clean take on Android and superb photo quality. The cameras are particularly aided by a handful of AI editing tools: An “Audio Magic Eraser” feature does a convincing job of eliminating ambient noise from video clips, for example, while “Best Take” stitches together the best results from a series of group photos, so someone who blinked or sneezed during one shot won’t do so in the final product. (Philosophical questions over the intrusiveness of AI aside, this actually does work.) 

Perhaps the biggest feature, though, is Google’s promise to provide OS and security updates for a full seven years. Yes, you’ll almost certainly want to buy a new phone before 2030, but this extended support means there should be less pressure to upgrade down the line.

If money is no object, the Pixel 8 Pro is the better of the two: Its camera system comes with a sharper ultrawide lens and a dedicated 5x telephoto lens, it supports more advanced controls in the camera app, its display is slightly brighter and sharper and its battery lasts a bit longer. Its matte-glass back feels a little nicer in the hand, and the screen supports a wider variable refresh rate range (1-120Hz instead of 60-120Hz). Still, the standard Pixel 8 gets you most of the way there for less cash, and its smaller frame is easier to hold with one hand. Our biggest problem with both phones is that they’re priced $100 higher than their Pixel 7 counterparts, but these deals help lessen the blow. 

If you want a more affordable Android phone, the Pixel 7a is also on sale for $374, which is a $125 discount and an all-time low. That 6.1-inch phone is a step down from the Pixel 8 in most aspects, but it’s still our top recommendation for Android fans who can’t spend more than $500 on a new handset. In other Pixel deals, the Pixel Buds Pro are down to $120 — that’s within a dollar of the lowest price we’ve seen for the “best for Android” pick in our wireless earbuds buying guide. 

Your Black Friday Shopping Guide: See all of Yahoo’s Black Friday coverage, here. Follow Engadget for Black Friday tech deals. Learn about Black Friday trends on In The Know. Hear from Autoblog’s experts on the best Black Friday deals for your car, garage, and home, and find Black Friday sales to shop on AOL, handpicked just for you.

This article originally appeared on Engadget at https://www.engadget.com/the-pixel-8-and-pixel-8-pro-are-up-to-200-off-in-a-google-black-friday-deal-140005289.html?src=rss 

The living room is where most people spend a good chunk of their time when they want to relax, but most people’s home theater setup could use a little TLC. While you can drop serious money fast in this space, that doesn’t have to be the case. If you’ve got a movie-lover on your gift list, or someone who’s particularly hard to shop for, getting them something to upgrade their TV-watching experience is usually a set bet. Here are some of the best home theater gifts for this year, and no, not all of them cost a fortune.

Apple TV 4K

Monoprice Monolith THX Atmos home theater speakers

Roku Ultra

Sonos Ray

Govee LED Strip Light M1

Samsung 55-Inch S90C OLED 4K Smart TV

Hisense U8K Mini-LED Smart TV

Sony PlayStation 5

Beyerdynamic DT 900 Pro X

Audio-Technica AT-LP120XUSB Direct-Drive Turntable

BenQ HT2060 Home Theater Projector

LG Cinebeam smart portable projector

This article originally appeared on Engadget at https://www.engadget.com/best-home-theater-gifts-140037740.html?src=rss 

The Federal Communications Commission (FCC) is keeping a close eye on internet providers to make sure they provide Americans with equal access to broadband services regardless of customers’ “income level, race, ethnicity, color, religion or national origin.” Two years after the Bipartisan Infrastructure Law became official, the FCC has adopted (PDF) a final set of relevant rules to enforce. 

The Commission will have the power to investigate possible instances of “digital discrimination” under the new rules and could penalize providers for violating them. It could, for instance, look into a company’s pricing, network upgrades and maintenance procedures to decide whether a provider is keeping an affluent area well-maintained while failing to provide the same level of service to a low-income area. As The Wall Street Journal explains, it could even hold companies like AT&T and Comcast liable even if they weren’t intentionally discriminatory, as long as their actions “differentially impact consumers’ access to broadband.” If the FCC does receive complaints against a particular provider, though, it will take into account any technical and economic challenges it may be facing that prevents it from providing equal access to its services. 

According to The Journal, the FCC approved the new rules in a 3-2 vote. Their critics — mainly internet providers and Republican members of the Congress — argued that the decision could affect investments and that the commission is taking things too far by penalizing unintentional discrimination. But FCC Chairwoman Jessica Rosenworcel found the rules to be reasonable, especially since the agency will “accept genuine reasons of technical and economic feasibility as valid reasons.” 

In addition to adopting a set of rules for digital discrimination, the FCC has also updated its protections against SIM swapping and port-out scams (PDF). It will now require wireless providers to notify customers immediately when a SIM change or a port-out is requested for their account and phone number. Further, providers are required to take additional steps to protect their subscribers from the schemes. Finally, the FCC has voted to begin a formal inquiry (PDF) to look into the impact of artificial intelligence on robocalls. It could, after all, be used to block unwanted voice and text messages, but it could also be used to more easily defraud people through calls and texts. 

This article originally appeared on Engadget at https://www.engadget.com/the-fcc-will-crack-down-on-isps-to-improve-connectivity-in-poorer-areas-125041256.html?src=rss 

YouTube has announced new experimental AI services, including a feature called Dream Track in YouTube Shorts. It creates up to 30-second soundtracks using AI-generation versions of artists’ voices. Though musicians have mostly pushed back on AI (and their voices being used for training models without permission or compensation), YouTube got nine big names from the music industry to participate, including John Legend, Troye Sivan, CharliXCX and T-Pain. The company hoped to announce the feature at its Made on YouTube event in September but has been in negotiation with recording companies over rights and payments.

Users can access Dream Track by typing an idea into the creation prompt and choosing from one of the participating artists. It uses Google DeepMind’s Lyria — a new, powerful music generation model designed specifically for creating high-quality vocals and instrumentals while giving the user more control over the final product. Any content Lyria produces will also have a SynthID watermark, denoting it as such. 

Charlie Puth and T-Pain created sample Dream Tracks, which YouTube has shared as inspiration. However, many of the artists involved expressed their apprehension about AI but hoped that collaborative work could create positive, non-exploitative opportunities. “When I was first approached by YouTube I was cautious and still am, AI is going to transform the world and the music industry in ways we do not yet fully understand,” singer CharliXCX said. “This experiment will offer a small insight into the creative opportunities that could be possible and I’m interested to see what comes out of it.” 

Music AI Tools are also coming to YouTube, in collaboration with its Music AI Incubator. These tools can create guitar riffs from a hummed melody or turn a pop track into a reggaeton anthem. Producer and songwriter, Louis Bell, created a sample video to showcase it. 

YouTube is walking a tightrope as it navigates the careful balance of introducing AI tools and protecting against misuse. The video platform recently announced new policies for labeling videos made using AI and letting public figures, such as musicians, report deepfakes. 

Dream Track is currently only available to a select group of creators and artists, whereas participants of the Music AI Incubator should be able to test the tools out later this year. 

This article originally appeared on Engadget at https://www.engadget.com/youtubes-first-ai-generated-music-tools-can-clone-artist-voices-and-turn-hums-into-melodies-132025817.html?src=rss 

Early Black Friday sales have been steadily rolling in, but few have been as practical heading into the long winter months as Google’s Nest Thermostat. The smart thermostat is typically $130 but is currently just $90 — a 31 percent discount and only $10 more than its all-time low. 

Google’s Nest Thermostat came on the scene in 2020 as a cheaper but solid alternative to its Nest Learning Thermostat (retailing at $240). Both devices have the same goal: to save energy and money. The standard Nest Thermostat is Energy Star-certified and turns the temperature down when you leave to avoid any waste. If you’re heading home sooner than expected (or staying out later, for that matter), you can adjust the heat schedule right on the app from your phone, tablet or laptop.

While it can be a big help with keeping those heating bills in check, Google’s Nest Thermostat should work just as well with your air conditioning system come summer. Plus, it also provides tips for both through the Savings Finder on ways to adjust your heating or cooling schedule to save even more money.

The thermostat isn’t the only Nest product offering a solid deal ahead of Black Friday. The Google Nest Wireless Doorbell is down to $120 from $180 — one of a trio of Nest products currently at their all-time low price. Rounding out the sale is the Google Nest Indoor Wired Security Camera for $70 from $97 and the two-pack Google Nest Wi-Fi Pro with Wi-Fi 6E available for $200, down from $300.

Your Black Friday Shopping Guide: See all of Yahoo’s Black Friday coverage, here. Follow Engadget for Black Friday tech deals. Learn about Black Friday trends on In The Know. Hear from Autoblog’s experts on the best Black Friday deals for your car, garage, and home, and find Black Friday sales to shop on AOL, handpicked just for you.

This article originally appeared on Engadget at https://www.engadget.com/googles-nest-thermostat-drops-to-90-in-a-black-friday-deal-133052800.html?src=rss 

Countless aspects of generative AI have caused rampant debate, including its access to copyrighted material. Now, the vice president of audio at Stability AI, Ed Newton-Rex, has resigned due to his belief that training generative AI models using copyrighted content doesn’t qualify as “fair use,” he wrote in an op-ed on Music Business Worldwide. He joins the likes of artists such as Bad Bunny, who recently spoke out against a viral TikTok song that used AI to mimic his voice.

Meanwhile, AI companies have steadfastly supported fair use (training models with copyrighted material without asking permission or providing compensation), and Newton-Rex’s decision marks a unique change from the norm. In his public resignation letter, Newton-Rex explains that he believes Stability AI has a more “nuanced view” than some of its competitors. However, he had an issue with the company’s recent submission to the United States Copyright Office, which argued that AI development should fall under fair use.

“I disagree because one of the factors affecting whether the act of copying is fair use, according to Congress, is ‘the effect of the use upon the potential market for or value of the copyrighted work,'” Newton-Rex stated. “Today’s generative AI models can clearly be used to create works that compete with the copyrighted works they are trained on. So I don’t see how using copyrighted works to train generative AI models of this nature can be considered fair use.”

Newton-Rex is a published classical composer and founded Jukedeck, which created music using AI, in 2012. He became the product director of TikTok’s in-house AI lab after the company purchased Jukedeck in 2019 and subsequently worked at Voicey (acquired by Snap) before joining Stability AI in November 2022.

Ironically, there’s also been an (as yet unsuccessful) push to protect AI-produced work. In August, a judge upheld the US Copyright Office’s decision that AI-generated art can’t be copyrighted, stating, “Human authorship is a bedrock requirement of copyright.”

This article originally appeared on Engadget at https://www.engadget.com/ai-music-pioneer-quits-after-disagreement-over-fair-use-of-copyrighted-works-114546092.html?src=rss