Feed aggregator

Universal Music Group (UMG) is threatening to pull all of its music from TikTok today following a breakdown in negotiations over royalties, the company wrote in an open letter. That would mean TikTok creators would lose access to songs from stars including Taylor Swift, Billie Eilish, the Weeknd, Drake and others. 

With UMG's deal with TikTok set to expire, the sides have reportedly been in negotiations for the past year. Such deals are worth billions annually to music publishing firms and are typically negotiated every few years. Universal is the world's largest record label, and if does pull it's music from TikTok, it would be the first time this has happened in recent memory.

Universal said TikTok wanted to pay a "fraction" of the rate paid by other social media sites. "As our negotiations continued, TikTok attempted to bully us into accepting a deal worth less than the previous deal, far less than fair market value and not reflective of their exponential growth." 

In its own post, TikTok said that it serves as a valuable marketing tool for artists and publishers. "Despite Universal's false narrative and rhetoric, the fact is they have chosen to walk away from the powerful support of a platform with well over a billion users that serves as a free promotional and discovery vehicle for their talent."

TikTok also benefits greatly from access to Universal's catalog and being cut off from access to ultra-popular artists like Taylor Swift would be a blow to creators and users. TikTok's Chinese parent ByteDance has more than 3 billion monthly active users and made $29 billion in revenue in a single quarter ending June 2023, according to The Financial Times. Warner Bros. Music, the number three record label behind Sony Music and UMG, recently struck a deal with TikTok. 

Universal said it does "not underestimate what this will mean for artists and their fans" but that it will not shirk its responsibilities. "TikTok’s tactics are obvious: use its platform power to hurt vulnerable artists and try to intimidate us into conceding to a bad deal that undervalues music and shortchanges artists and songwriters as well as their fans." The company added that payments from TikTok amount to "only about 1 percent of our total revenue."

This article originally appeared on Engadget at https://www.engadget.com/universal-music-threatens-to-pull-songs-from-tiktok-over-payment-terms-101528365.html?src=rss

Samsung has failed to recover from the sharp decline in profit it experienced in 2022. In its latest earnings report, the Korean company has reported KRW 258.94 trillion ($194 billion) in annual revenue and KRW 6.57 trillion ($4.9 billion) in operating profit for the fiscal year of 2023. Those are markedly smaller numbers than the previous fiscal year's, especially the latter's — Samsung posted an operating profit of KRW 43.38 trillion ($35 billion) for 2022, which was already $6.9 billion smaller than the year before due to the weak demand for its chips and smartphones. According to The Wall Street Journal, these numbers represent Samsung's weakest earnings in over a decade. 

The company says its memory business showed signs of recovery, but not enough to stop it from incurring KRW 2.18 trillion ($1.63 billion) in operating losses for the fourth quarter of 2023. According to Nikkei, this is the semiconductor division's first annual loss in 15 years since the 2008 global financial crisis, and it's the biggest one yet. Samsung's visual display and digital appliances division also posted KRW 0.05 trillion ($37.5 million) in operating losses despite TV sales doing well in the fourth quarter due to the holiday season. Samsung's mobile business showed a a decline in sales and profit quarter-on-quarter, as well, due to lower smartphone sales and "the fading of new-product effects" from previous flagship models. 

For the first quarter of 2024, Samsung's game plan is to improve its profits "by increasing sales of high value-added products," such as components meant for generative AI products. It expects stronger demand for its chips in the PC and mobile sectors this year, but it admits that its earnings may not significantly recover soon because its customers are still downsizing their inventories. Samsung has high hopes for the Galaxy S24 series, though, and believes the devices' AI capabilities can help its mobile business achieve a a double-digit growth in 2024. The Galaxy S24 phones have already started shipping with prices starting at $800 for the most basic version and at $1,300 for the S24 Ultra. 

Update, January 31, 2024, 6:44AM ET: Added information about the semiconductor division's historic losses.

This article originally appeared on Engadget at https://www.engadget.com/samsungs-annual-profits-continued-to-decline-in-2023-090500640.html?src=rss

In 2018, Tesla awarded Elon Musk a $56 billion pay package that helped propel him to the top of world's richest lists. Now, a judge in Delaware has rendered the deal between the company and the CEO to be invalid and called the compensation an "unfathomable sum" that's unfair to shareholders. As initially seen and reported by Chancery Daily on Threads, the court of Chancery in Delaware has released its decision on the lawsuit filed by Richard Tornetta. The Tesla shareholder accused the automaker of breaching its fiduciary duty by approving a package that unjustly enriches its chief executive.

Judge Kathaleen McCormick wrote in the decision that Musk "enjoyed thick ties" with the directors who were in charge of negotiating his pay package on behalf of Tesla, which means there "was no meaningful negotiation over any of the terms of the plan." The judge also talked about how Musk owned 21.9 percent of the automaker when the package was negotiated. That gave him "every incentive to push Tesla to levels of transformative growth," because he stood to gain $10 billion for every $50 billion in market capitalization increase. 

"Swept up by the rhetoric of 'all upside,' or perhaps starry eyed by Musk’s superstar appeal, the board never asked the $55.8 billion question: Was the plan even necessary for Tesla to retain Musk and achieve its goals?" the judge wrote in the court document. As The Washington Post notes, she ruled that Tornetta is entitled to a "rescission" and has ordered Tesla and its shareholders to carry out her decision and undo the deal. Musk's camp, however, can still appeal her ruling. 

Musk has sold some of his Tesla stocks to help pay for his acquisition of Twitter, now X, from the time his pay package was approved. At the moment, he owns around 13 percent of Tesla, though he recently said that he wants 25 percent control over the company before he's comfortable growing it to be a leader in AI and robotics. 

In response to the court's decision, Musk tweeted: "Never incorporate your company in the state of Delaware." He also posted a poll asking followers whether Tesla should change its state of incorporation to Texas, where its physical headquarters are located. 

This article originally appeared on Engadget at https://www.engadget.com/elon-musks-56-billion-tesla-pay-package-has-been-tossed-out-by-the-court-074235803.html?src=rss

Microsoft posted another blowout earnings report for Q2 of the 2024 fiscal year, with revenues of $62 billion (up 18 percent from last year) and profits of $21.9 billion (a 33 percent increase). But really, the most interesting thing about this quarter is that we finally get to see how the $68.7 billion Activision Blizzard acquisition affects the $3 trillion company. While Microsoft isn't breaking out specific numbers, it says that its overall gaming revenue increased by 49 percent, 44 points of which came from the "net impact" of the Activision deal.

The rosy news is a bit surprising, considering that Microsoft announced last week that it was laying off 1,900 people across Xbox and Activision Blizzard. Those layoffs include the rest of Blizzard's esports division, according to reports, following 50 layoffs and a restructuring last summer.  

Microsoft's More Personal Computing division, which includes Xbox, Surface and Windows, was up 19 percent ($16.9 billion) since last year. The company says the Activision deal accounted for 15 points of that increase. It's a huge change for a division that's been severely impacted by dwindling PC sales (which affects Windows licenses and Surfaces) and struggling Xbox consoles. PC device revenues were down 9 percent for the quarter, while Xbox hardware sales were up 3 percent.

Xbox content and services revenue is also up 61 percent since last year, 55 points of which comes from Activision. It'll be interesting to see if Microsoft can actually leverage that acquisition to help Xbox sales, or at the very least, spur on more interest in Game Pass subscriptions. (Unfortunately, we don't have any updates on how that service is doing.)

This article originally appeared on Engadget at https://www.engadget.com/microsofts-gaming-revenue-is-up-49-percent-in-q2-mostly-thanks-to-the-activision-deal-222502444.html?src=rss

The House prepares an impeachment vote for Secretary Mayorkas as tensions mount on border talks on Capitol Hill. Retired four-star General Joseph Votel analyzes what a U.S. response to the recent drone attack in Jordan could look like. Sen. Kevin Cramer (R-N.D.) joins Meet the Press NOW to discuss border politics and the U.S. strategy in the Middle East.

A Microsoft manager claims OpenAI’s DALL-E 3 has security vulnerabilities that could allow users to generate violent or explicit images (similar to those that recently targeted Taylor Swift). GeekWire reported Tuesday the company’s legal team blocked Microsoft engineering leader Shane Jones’ attempts to alert the public about the exploit. The self-described whistleblower is now taking his message to Capitol Hill.

“I reached the conclusion that DALL·E 3 posed a public safety risk and should be removed from public use until OpenAI could address the risks associated with this model,” Jones wrote to US Senators Patty Murray (D-WA) and Maria Cantwell (D-WA), Rep. Adam Smith (D-WA 9th District), and Washington state Attorney General Bob Ferguson (D). GeekWire published Jones’ full letter.

Jones claims he discovered an exploit allowing him to bypass DALL-E 3’s security guardrails in early December. He says he reported the issue to his superiors at Microsoft, who instructed him to “personally report the issue directly to OpenAI.” After doing so, he claims he learned that the flaw could allow the generation of “violent and disturbing harmful images.”

Jones then attempted to take his cause public in a LinkedIn post. “On the morning of December 14, 2023 I publicly published a letter on LinkedIn to OpenAI’s non-profit board of directors urging them to suspend the availability of DALL·E 3),” Jones wrote. “Because Microsoft is a board observer at OpenAI and I had previously shared my concerns with my leadership team, I promptly made Microsoft aware of the letter I had posted.”

A sample image (a storm in a teacup) generated by DALL-E 3OpenAI

Microsoft’s response was allegedly to demand he remove his post. “Shortly after disclosing the letter to my leadership team, my manager contacted me and told me that Microsoft’s legal department had demanded that I delete the post,” he wrote in his letter. “He told me that Microsoft’s legal department would follow up with their specific justification for the takedown request via email very soon, and that I needed to delete it immediately without waiting for the email from legal.”

Jones complied, but he says the more fine-grained response from Microsoft’s legal team never arrived. “I never received an explanation or justification from them,” he wrote. He says further attempts to learn more from the company’s legal department were ignored. “Microsoft’s legal department has still not responded or communicated directly with me,” he wrote.

An OpenAI spokesperson wrote to Engadget in an email, “We immediately investigated the Microsoft employee’s report when we received it on December 1 and confirmed that the technique he shared does not bypass our safety systems. Safety is our priority and we take a multi-pronged approach. In the underlying DALL-E 3 model, we’ve worked to filter the most explicit content from its training data including graphic sexual and violent content, and have developed robust image classifiers that steer the model away from generating harmful images.

“We’ve also implemented additional safeguards for our products, ChatGPT and the DALL-E API – including declining requests that ask for a public figure by name,” the OpenAI spokesperson continued. “We identify and refuse messages that violate our policies and filter all generated images before they are shown to the user. We use external expert red teaming to test for misuse and strengthen our safeguards.”

Meanwhile, a Microsoft spokesperson wrote to Engadget, “We are committed to addressing any and all concerns employees have in accordance with our company policies, and appreciate the employee’s effort in studying and testing our latest technology to further enhance its safety. When it comes to safety bypasses or concerns that could have a potential impact on our services or our partners, we have established robust internal reporting channels to properly investigate and remediate any issues, which we recommended that the employee utilize so we could appropriately validate and test his concerns before escalating it publicly.”

“Since his report concerned an OpenAI product, we encouraged him to report through OpenAI’s standard reporting channels and one of our senior product leaders shared the employee’s feedback with OpenAI, who investigated the matter right away,” wrote the Microsoft spokesperson. “At the same time, our teams investigated and confirmed that the techniques reported did not bypass our safety filters in any of our AI-powered image generation solutions. Employee feedback is a critical part of our culture, and we are connecting with this colleague to address any remaining concerns he may have.”

Microsoft added that its Office of Responsible AI has established an internal reporting tool for employees to report and escalate concerns about AI models.

The whistleblower says the pornographic deepfakes of Taylor Swift that circulated on X last week are one illustration of what similar vulnerabilities could produce if left unchecked. 404 Media reported Monday that Microsoft Designer, which uses DALL-E 3 as a backend, was part of the deepfakers’ toolset that made the video. The publication claims Microsoft, after being notified, patched that particular loophole.

“Microsoft was aware of these vulnerabilities and the potential for abuse,” Jones concluded. It isn’t clear if the exploits used to make the Swift deepfake were directly related to those Jones reported in December.

Jones urges his representatives in Washington, DC, to take action. He suggests the US government create a system for reporting and tracking specific AI vulnerabilities — while protecting employees like him who speak out. “We need to hold companies accountable for the safety of their products and their responsibility to disclose known risks to the public,” he wrote. “Concerned employees, like myself, should not be intimidated into staying silent.”

Update, January 30, 2024, 8:41 PM ET: This story has been updated to add statements to Engadget from OpenAI and Microsoft.

This article originally appeared on Engadget at https://www.engadget.com/microsofts-legal-department-allegedly-silenced-an-engineer-who-raised-concerns-about-dall-e-3-215953212.html?src=rss

PayPal is laying off nine percent of its workforce, the company’s CEO Alex Chriss told staff in a letter on Tuesday that PayPal made public hours later. The decision will impact about 2,500 employees, who will find out their fate between today and the end of the week, Bloomberg reported earlier. PayPal's layoffs come almost exactly a year after the company fired more than 2,000 workers to keep costs down. 

Despite thousands of job cuts in 2023, layoffs at tech companies have continued into 2024. On the same day as PayPal's latest layoffs, Jack Dorsey's Block, the company that owns Cash App, Foundational, and Square, conducted its second round of layoffs in two months, cutting nearly a thousand people. Earlier this month, Google laid off more than a thousand workers in its Assisstant and hardware divisions, with CEO Sundar Pichai warning employees to brace for more cuts through the year. Discord, eBay, Riot Games, TikTok, Microsoft, iRobot, Amazon, Unity, and Duolingo, among others, have collectively cut thousands of jobs in January

PayPal was one of the earliest companies in online payments industry, but in recent years, rivals like Zelle and tech companies with deep pockets like Apple, have entered the space. The competition in the payments industry is putting pressure on PayPal. Bloomberg noted that four analysts have downgraded the company’s stock this month. The company will "continue to invest in areas of the business we believe will create and accelerate growth," Chriss said in the letter. 

PayPal's layoffs are happening despite the company's strong growth throughout 2023. The company's revenue as of September 2023 was $7.42 billion, an increase of more than eight percent compared to its revenue a year before. It beat earnings expectations and reported a "double digit growth" in the number of transactions that happened over its platform. The Information noted that Chriss, who took over as the company's CEO in September 2023, said in PayPal's last earnings call in November 2023 that its costs were "too high" and were "slowing us down."

This article originally appeared on Engadget at https://www.engadget.com/paypal-is-laying-off-2500-employees-214628203.html?src=rss

The CEOs of five social media companies are headed to Washington to testify in a Senate Judiciary Committee hearing about child safety. The hearing will feature Meta CEO Mark Zuckerberg, Snap CEO Evan Spiegel, TikTok CEO Shou Chew, Discord CEO Jason Citron and X CEO Linda Yaccarino.

The group will face off with lawmakers over their record on child exploitation and their efforts to protect teens using their services. The hearing will be live streamed beginning at 10 AM ET on Wednesday, January 31.

Though there have been previous hearings dedicated to teen safety, Wednesday’s event will be the first time Congress has heard directly from Spiegel, Yaccarino and Citron. It’s also only the second appearance for TikTok’s Chew, who was grilled by lawmakers about the app’s safety record and ties to China last year.

Zuckerberg, of course, is well-practiced at these hearings by now. But he will likely face particular pressure from lawmakers following a number of allegations about Meta’s safety practices that have come out in recent months as the result of a lawsuit from 41 state attorneys general. Court documents from the suit allege that Meta turned a blind eye to children under 13 using its service, did little to stop adults from sexually harassing teens on Facebook and that Zuckerberg personally intervened to stop an effort to ban plastic surgery filters on Instagram.

As with previous hearings with tech CEOs, it’s unclear what meaningful policy changes might come from their testimony. Lawmakers have proposed a number of bills dealing with online safety and child exploitation, though none have been passed into law. However, there is growing bipartisan support for measures that would shield teens from algorithms and data gathering and implement parental consent requirements.

This article originally appeared on Engadget at https://www.engadget.com/how-to-watch-the-ceos-of-meta-tiktok-discord-snap-and-x-testify-about-child-safety-214210385.html?src=rss

Block is the latest notable tech company to lay off hundreds of workers, according to reports. CEO Jack Dorsey is said to have informed employees that the company is firing a "large number" of them, with Cash App, Square and the foundational (i.e. operations) teams bearing the brunt of the impact. According to a Business Insider source, Block is letting go nearly 1,000 people.

Dorsey reportedly wrote in his memo that the company is becoming leaner. It laid off around 40 people from the Tidal team in December. Last year, Block said it planned to limit its headcount to around 12,000 workers, a reduction from the around 13,000 it had in late 2023. Engadget has contacted Block for confirmation of the layoffs.

While it was initially expected that the layoffs would take place over a period of months, executives reportedly opted against that in favor carrying them out at the same time. "Why is so much happening in one single day? All of these teams were confident in the direction they're taking, and were ready to take action within the same 2-3 weeks," Dorsey is said to have written in his memo. "We decided it would be better to do [it] at once rather than arbitrarily space them out, which didn't seem fair to the individuals or to the company. When we know we need to take an action, we want to take it immediately, rather than let things linger on forever."

The tech industry has shed tens of thousands of workers over the last year or so, including thousands this month alone across companies including Unity, Twitch, Amazon, Meta, Microsoft, eBay and Google. It also emerged on Tuesday that PayPal is firing around 2,500 people. 

This article originally appeared on Engadget at https://www.engadget.com/block-is-reportedly-laying-off-around-1000-workers-205319045.html?src=rss

OM System (formerly Olympus) has unveiled the OM-1 Mark II with largely the same specs as its predecessor, but several significant upgrades. Those include improved autofocus, particularly on the AI side, along with other quality-of-life improvements to stabilization, handling and more. 

The company has completed its OM System branding change, as there's no trace of the Olympus logo as seen on the OM-1. That said, the cameras are much the same inside. As before, it comes with a 20-megapixel (MP) stacked Micro Four Thirds sensor and TruePix X processor that allows for very fast burst shooting up to 50fps with continuous autofocus.

Those speeds haven't changed, but OM System boosted the camera's onboard RAM, allowing for some new features. The autofocus can now has a "Human detection" option that goes beyond just faces and eyes as before. The company says AF is also faster and more accurate (with and without subject detection), making it better for sports, wildlife and more.

OM System

It also features a deeper buffer, meaning you can shoot 256 RAW frames at 50fps before it fills, around double the OM-1 — ideal for action shooting. And while the previous model allowed for blackout-free shooting at the highest frame rates, it now works at slower speeds as well (12.5fps and 16fps) for photographers who prefer to work that way. 

The company has also used updated algorithms to boost in-body image stabilization up to 8.5 stops with supported lenses, better than any other camera on the market (Canon's latest models boast 8 stops of stabilization). And it now supports 14-bit RAW for multishot high-res mode, both in the 80MP tripod and the 50MP handheld modes, to improve dynamic range. 

One new function is called Graduated Neutral Density (GND) that builds on the previous model's Live ND (LND) mode. The latter isn't a true ND filter, but blends multiple short shots to simulate one. The graduated version lets you shoot a gradient exposure at any angle, while also controlling the mid-point and whether it has a soft, medium or hard edge.

Olympus

The body and control layout is much the same as before, but OM System has rubberized the command dials so they have a more tactile feel and work better when using gloves. That should be helpful, since the OM-1 is popular for bird and wildlife photography in all kinds of weather conditions.

Beyond that, specs and features are largely the same. You still shoot 4K video at up to 60 fps, in either 8-bit or 10-bit modes (1080p at 240 fps). And the OM-1 can output 12-bit Apple ProRes RAW video at up to 60 fps to an Atomos Ninja V or Ninja V+ external recorder without any pixel binning.

It comes with a 5.76-million dot 120Hz OLED viewfinder as before, along with a fully articulating display. There are dual SD UHS II card slots, but no CFexpress option. The battery delivers a solid 500 shots per charge, but that jumps to 1010 in "Quick Sleep" mode. Finally, you still get a small FL LM3 flash, designed mostly for fill or use with external flash units.

The OM-1 Mark II is arriving in late February for $2,400 (body only) and $3,000 in a kit with the OM System M.Zuiko Digital ED 12-40mm f/2.8 zoom lens (24-80mm full-frame equivalent). 

This article originally appeared on Engadget at https://www.engadget.com/om-systems-om-1-mark-ii-offers-improved-autofocus-and-stabilization-201810603.html?src=rss

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

A graphic depicting how 0ktapus leveraged one victim to attack another. Image credit: Amitai Cohen of Wiz.

Prosecutors say Noah Michael Urban of Palm Coast, Fla., stole at least $800,000 from at least five victims between August 2022 and March 2023. In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled.

The government says Urban went by the aliases “Sosa” and “King Bob,” among others. Multiple trusted sources told KrebsOnSecurity that Sosa/King Bob was a core member of a hacking group behind the 2022 breach at Twilio, a company that provides services for making and receiving text messages and phone calls. Twilio disclosed in Aug. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Shortly after that disclosure, the security firm Group-IB published a report linking the attackers behind the Twilio intrusion to separate breaches at more than 130 organizations, including LastPass, DoorDash, Mailchimp, and Plex. Multiple security firms soon assigned the hacking group the nickname “Scattered Spider.”

Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

A booking photo of Noah Michael Urban released by the Volusia County Sheriff.

0ktapus used newly-registered domains that often included the name of the targeted company, and sent text messages urging employees to click on links to these domains to view information about a pending change in their work schedule. The phishing sites used a Telegram instant message bot to forward any submitted credentials in real-time, allowing the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.

0ktapus often leveraged information or access gained in one breach to perpetrate another. As documented by Group-IB, the group pivoted from its access to Twilio to attack at least 163 of its customers. Among those was the encrypted messaging app Signal, which said the breach could have let attackers re-register the phone number on another device for about 1,900 users.

Also in August 2022, several employees at email delivery firm Mailchimp provided their remote access credentials to this phishing group. According to an Aug. 12 blog post, the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

On August 25, 2022, the password manager service LastPass disclosed a breach in which attackers stole some source code and proprietary LastPass technical information, and weeks later LastPass said an investigation revealed no customer data or password vaults were accessed.

However, on November 30, 2022 LastPass disclosed a far more serious breach that the company said leveraged data stolen in the August breach. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information.

In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault. In that incident, the attackers exploited a security vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials. The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software.

As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion. On August 24, 2022, Plex’s security team urged users to reset their passwords, saying an intruder had accessed customer emails, usernames and encrypted passwords.

KING BOB’S GRAILS

A review of thousands of messages that Sosa and King Bob posted to several public forums and Discord servers over the past two years shows that the person behind these identities was mainly focused on two things: Sim-swapping, and trading in stolen, unreleased rap music recordings from popular artists.

Indeed, those messages show Sosa/King Bob was obsessed with finding new “grails,” the slang term used in some cybercrime discussion channels to describe recordings from popular artists that have never been officially released. It stands to reason that King Bob was SIM-swapping important people in the music industry to obtain these files, although there is little to support this conclusion from the public chat records available.

“I got the most music in the com,” King Bob bragged in a Discord server in November 2022. “I got thousands of grails.”

King Bob’s chats show he was particularly enamored of stealing the unreleased works of his favorite artists — Lil Uzi Vert, Playboi Carti, and Juice Wrld. When another Discord user asked if he has Eminem grails, King Bob said he was unsure.

“I have two folders,” King Bob explained. “One with Uzi, Carti, Juicewrld. And then I have ‘every other artist.’ Every other artist is unorganized as fuck and has thousands of random shit.”

King Bob’s posts on Discord show he quickly became a celebrity on Leaked[.]cx, one of most active forums for trading, buying and selling unreleased music from popular artists. The more grails that users share with the Leaked[.]cx community, the more their status and access on the forum grows.

The last cache of Leaked dot cx indexed by the archive.org on Jan. 11, 2024.

And King Bob shared a large number of his purloined tunes with this community. Still others he tried to sell. It’s unclear how many of those sales were ever consummated, but it is not unusual for a prized grail to sell for anywhere from $5,000 to $20,000.

In mid-January 2024, several Leaked[.]cx regulars began complaining that they hadn’t seen King Bob in a while and were really missing his grails. On or around Jan. 11, the same day the Justice Department unsealed the indictment against Urban, Leaked[.]cx started blocking people who were trying to visit the site from the United States.

Days later, frustrated Leaked[.]cx users speculated about what could be the cause of the blockage.

“Probs blocked as part of king bob investigation i think?,” wrote the user “Plsdontarrest.” “Doubt he only hacked US artists/ppl which is why it’s happening in multiple countries.”

FORESHADOWING

On Sept. 21, 2022, KrebsOnSecurity told the story of a “Foreshadow,” the nickname chosen by a Florida teenager who was working for a SIM-swapping crew when he was abducted, beaten and held for a $200,000 ransom. A rival SIM-swapping group claimed that Foreshadow and his associates had robbed them of their fair share of the profits from a recent SIM-swap.

In a video released by his abductors on Telegram, a bloodied, battered Foreshadow was made to say they would kill him unless the ransom was paid.

As I wrote in that story, Foreshadow appears to have served as a “holder” — a term used to describe a low-level member of any SIM-swapping group who agrees to carry out the riskiest and least rewarding role of the crime: Physically keeping and managing the various mobile devices and SIM cards that are used in SIM-swapping scams.

KrebsOnSecurity has since learned that Foreshadow was a holder for a particularly active SIM-swapper who went by “Elijah,” which was another nickname that prosecutors say Urban used.

Shortly after Foreshadow’s hostage video began circulating on Telegram and Discord, multiple known actors in the SIM-swapping space told everyone in the channels to delete any previous messages with Foreshadow, claiming he was fully cooperating with the FBI.

This was not the first time Sosa and his crew were hit with violent attacks from rival SIM-swapping groups. In early 2022, a video surfaced on a popular cybercrime channel purporting to show attackers hurling a brick through a window at an address that matches the spacious and upscale home of Urban’s parents in Sanford, Fl.

“Brickings” are among the “violence-as-a-service” offerings broadly available on many cybercrime channels. SIM-swapping and adjacent cybercrime channels are replete with job offers for in-person assignments and tasks that can be found if one searches for posts titled, “If you live near,” or “IRL job” — short for “in real life” job.

A number of these classified ads are in service of performing brickings, where someone is hired to visit a specific address and toss a brick through the target’s window. Other typical IRL job offers involve tire slashings and even drive-by shootings.

THE COM

Sosa was known to be a top member of the broader cybercriminal community online known as “The Com,” wherein hackers boast loudly about high-profile exploits and hacks that almost invariably begin with social engineering — tricking people over the phone, email or SMS into giving away credentials that allow remote access to corporate internal networks.

Sosa also was active in a particularly destructive group of accomplished criminal SIM-swappers known as “Star Fraud.” Cyberscoop’s AJ Vicens reported last year that individuals within Star Fraud were likely involved in the high-profile Caesars Entertainment an MGM Resorts extortion attacks.

“ALPHV, an established ransomware-as-a-service operation thought to be based in Russia and linked to attacks on dozens of entities, claimed responsibility for Caesars and MGM attacks in a note posted to its website earlier this month,” Vicens wrote. “Experts had said the attacks were the work of a group tracked variously as UNC 3944 or Scattered Spider, which has been described as an affiliate working with ALPHV made up of people in the United States and Britain who excel at social engineering.”

In February 2023, KrebsOnSecurity published data taken from the Telegram channels for Star Fraud and two other SIM-swapping groups showing these crooks focused on SIM-swapping T-Mobile customers, and that they collectively claimed access to T-Mobile on 100 separate occasions over a 7-month period in 2022.

The SIM-swapping groups were able to switch targeted phone numbers to another device on demand because they constantly phished T-Mobile employees into giving up credentials to employee-only tools. In each of those cases the goal was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Allison Nixon, chief research officer at the New York cybersecurity consultancy Unit 221B, said the increasing brazenness of many Com members is a function of how long it has taken federal authorities to go after guys like Sosa.

“These incidents show what happens when it takes too long for cybercriminals to get arrested,” Nixon said. “If governments fail to prioritize this source of threat, violence originating from the Internet will affect regular people.”

NO FIXED ADDRESS

The Daytona Beach News-Journal reports that Urban was arrested Jan. 9 and his trial is scheduled to begin in the trial term starting March 4 in Jacksonville. The publication said the judge overseeing Urban’s case denied bail because the defendant was a strong flight risk.

At Urban’s arraignment, it emerged that he had no fixed address and had been using an alias to stay at an Airbnb. The judge reportedly said that when a search warrant was executed at Urban’s residence, the defendant was downloading programs to delete computer files.

What’s more, the judge explained, despite telling authorities in May that he would not have any more contact with his co-conspirators and would not engage in cryptocurrency transactions, he did so anyway.

Urban entered a plea of not guilty. Urban’s court-appointed attorney said her client would have no comment at this time.

Prosecutors charged Urban with eight counts of wire fraud, one count of conspiracy to commit wire fraud, and five counts of aggravated identity theft. According to the government, if convicted Urban faces up to 20 years in federal prison on each wire fraud charge. He also faces a minimum mandatory penalty of two years in prison for the aggravated identity offenses, which will run consecutive to any other prison sentence imposed.

Securing microservices can feel like herding cats, and in the dynamic world of .NET 8 the challenge of ensuring robust security looms large as developers embrace the agility and flexibility of this cloud-centric architectural style, but here's help.

We finally know for certain who will face off in Super Bowl 2024: The Kansas City Chiefs will play against the San Francisco 49ers in the biggest annual sporting event in the US. The game will take place in Las Vegas at the $1.9 billion Allegiant Stadium, with kick off at 3:30pm Pacific or 6:30pm Eastern on Sunday, February 11. The game will air on CBS, which means it’ll also be streaming live on Paramount+ since both are owned by Paramount Global. You can also watch it on cable, with a live TV streaming service and with the NFL's app on mobile. That’s all to say that you have plenty of options to watch, stream and otherwise enjoy the big game this year. Here are all the ways to watch Super Bowl LVIII in 2024.

How to watch Super Bowl 58

This year, the rights to air the biggest annual sporting event in the US goes to CBS… and Nickelodeon. Yep, the kids channel is hosting a live, family-friendly version of the event, complete with helpful thematic graphics and the cast of SpongeBob SquarePants and Dora the Explorer hosting, providing commentary and explaining the rules to the youngest NFL fans. If you don’t need sideline reports from Sandy Cheeks, regular versions of the game will appear on CBS, CBS Sports Network, Paramount+ and on the NFL+ mobile app.

How to watch the Super Bowl with cable or satellite TV

Cable and satellite subscribers can tune into their local CBS station. If your plan includes CBS Sports Network (or Nickelodeon), you can go that route, too. Here’s a list of local CBS stations and affiliates so you can find your channel.

How to stream Super Bowl 2024

Last year, the Super Bowl was a little more complicated to stream since the broadcaster (Fox) didn’t have an over-the-top streaming app. It’s easier this year: the standalone Paramount+ app lets subscribers watch the game live. Plans start at $6 per month and there’s currently a free seven-day trial, but there’s no telling if that deal will still be live right before the big event. Of course, most live TV streaming services will also have the game, either on your local CBS station or via CBSSN. Here are the providers that will show Super Bowl LVIII:

• YouTube with Live TV - $73 per month

• Hulu with Live TV - $77 per month

• Fubo - $80 per month

• DirecTV Stream (CBS and Nickelodeon) - $80 per month

• Philo (Nickelodeon only) - $25 per month

If you’re willing to pay, Paramount+ is the cheapest way to stream the Super Bowl this year, plus you’ll get other shows to watch when the game’s over.

Can I watch the 2024 Super Bowl for free?

Almost. If you buy an indoor digital antenna, which hooks up to the coaxial port on your TV set, you can grab the game broadcast from your local CBS affiliate at no extra cost. It’ll let you watch your local NBC, ABC, PBS and FOX networks, too.

Can I watch the 2024 Super Bowl on mobile?

The NFL+ mobile app is airing the Super Bowl, but only on your smartphone or tablet (PC access and casting isn’t supported for primetime games, which includes the Super Bowl). So if you’re watching solo, this could be a good option. A subscription goes for $7 per month and it also provides NFL Network content with 24/7 football news.

Who is performing at the Super Bowl 2024 halftime show?

For some, the action in between the two halves of the game is what really matters. Mega stars have headlined the halftime show for decades now, with performances by Rihanna, Shakira, Lady Gaga, Prince, The Rolling Stones and Beyonce garnering almost as many headlines as the game itself. This year, Usher, who's timing the release of his latest album to drop just two days before the game, will light up the stadium with a set. Before the game, Reba McEntire will sing the national anthem and Post Malone will follow that up with a rendition of "America the Beautiful."

This article originally appeared on Engadget at https://www.engadget.com/how-to-watch-super-bowl-2024-133039872.html?src=rss

Volvo's EX30 EV was a hit from the get-go thanks in part to the use of technology, along with the relatively low $35,000 price tag. However, its reliance on that tech is apparently catching up to it (much as it has for other recent vehicles), as the automaker has delayed deliveries in Europe due to software bugs, Automotive News has reported. 

"We confirm that Volvo is working tirelessly to resolve the problem," the company told Automotive News Europe. "Important progress has been made but the software version 1.2 does not yet meet all the requirements necessary to be released." The problem apparently couldn't fixed over the air, so updates needed to be done at dealerships.

Volvo didn't explain exactly what the error was, but customer correspondence stated that the 1.2 software "contains, among other things, some Google certifications and key updates." I encountered several glitches (Google Maps stopped working, for instance) when testing a pre-production model in Barcelona.

Steve Dent for Engadget

The vehicle has experienced multiple delays that have lasted around two weeks. Volvo has apparently resolved the issues and the EVs are ready to be driven off dealers' lots as soon as they're fixed, according to Automotive News. "We want the best possible experience for our EX30 customers," Volvo said in a statement.

The EX30 generated a lot of interest thanks to a charming design, low starting price, solid performance, decent range and use of eco-friendly materials. All models sold to start with will be built in China, so the vehicle isn't eligible for federal US tax credits. 

As the company subsequently announced, though, some models will be be built later on in Volvo's Ghent, Belgium plant. The EX30 is key to Volvo's plans to boost sales by 69 percent and sell 1.2 million cars as early as next year. 

This article originally appeared on Engadget at https://www.engadget.com/volvo-pauses-deliveries-of-its-ex30-due-to-software-issues-132019346.html?src=rss

Apple recently announced the changes it's making to the App Store in order to comply with the European Union's Digital Markets Act (DMA) that goes into full effect on March 7. The company's critics quickly denounced its plans and requirements for alternative app stores, with Spotify calling the changes a "total farce." Microsoft's Xbox is one of the latest companies to call out Apple's compliance plans. In response to a post on X by Spotify CEO Daniel Ek talking about the changes at Apple, Xbox president Sarah Bond said the company's new policy is "a step in the wrong direction" and that she hopes it listens to feedback to create a "more inclusive future for all."

We believe constructive conversations drive change and progress towards open platforms and greater competition. Apple's new policy is a step in the wrong direction. We hope they listen to feedback on their proposed plan and work towards a more inclusive future for all. https://t.co/mDRI5KPJf6

— BondSarahBond (@BondSarah_Bond) January 29, 2024

Under DMA rules, platform owners like Apple and Google have to open up their systems to competing app stores. Apple, however, requires these alternative app stores to have stringent rules and moderation tools comparable to its own. Their operators will also need to be able to prove that they have access to a minimum amount of around $1.1 million in credit that they can use to pay developers. Apple has a new rule for developers, as well, requiring them to pay a Core Technology Fee of €0.50 (around 54 cents) per install after an app reaches a 1 million download threshold for the year. That rule applies whether the app is distributed through Apple's App Store or through an alternative marketplace. 

Epic Games CEO Tim Sweeney said Apple's plan "is a devious new instance of Malicious Compliance." He added that Apple is essentially forcing developers to choose between App Store exclusivity and a new "also-illegal anticompetitive scheme rife with new Junk Fees on downloads," as well as new taxes on payments the company doesn't process itself. The App Store is a massive business for Apple, which takes a 15 to 30 percent commission from developers' earnings. For the fiscal year of 2022, for instance, Apple said the App Store ecosystem "facilitated $1.1 trillion in developer billings and sales." 

Epic pulled Fortnite from the App Store in 2020 after violating its rules on purpose and offering discounts to players making purchases outside of Apple's ecosystem. The developer recently announced that it's bringing Fortnite back to the iPhone and iPad in Europe this year after the DMA takes effect and that it's launching its own store for iOS. Spotify, which has also been a vocal critic of Apple, plans to launch its own in-app payment system for iOS users in Europe, as well. 

This article originally appeared on Engadget at https://www.engadget.com/xbox-president-thinks-apples-eu-app-store-plan-is-a-step-in-the-wrong-direction-130551604.html?src=rss

Samsung’s 2024 flagship has landed. The S24 Ultra has a new titanium frame, improved telephoto cameras and is jam-packed with new AI smarts and features. It’s also more expensive than ever.

It’s the AI features not hardware that mark this year’s S23 series, though. AI tools range across text and translation, photography and search. A lot of these AI abilities are already available from other services, like ChatGPT and Bard, but this is crammed into the S24 series at the base level, so from the Notes app you can summarize, auto-format, spellcheck or translate your missives, on the go. (Transcription is also, apparently, very impressive, but that might be the journalist in me getting excited.)

Engadget

Factor in a much faster chip, a brighter display and even longer battery life and the S24 Ultra makes a case for upgrading. It’s just a pricey one.

— Mat Smith

The biggest stories you might have missed

Our favorite microSD card is on sale for only $11 right now

How to buy a monitor

Neuralink’s brain chip has been implanted in a human, Elon Musk says

Former Call of Duty chief Johanna Faries is Blizzard’s new president

​​You can get these reports delivered daily direct to your inbox. Subscribe right here!

Amazon abandons billion-dollar deal to buy Roomba maker, iRobot It was due to the EU’s anti-competitive concerns.

Amazon and iRobot, maker of the Roomba vacuum line, just announced they are dropping their proposed merger. They announced the potential acquisition back in August 2022, and in November, the European Commission raised formal concerns over the potential impact on competition. The companies didn’t mention the formal investigation in the announcement. Now the deal isn’t going through, iRobot says it’s laying off about 350 employees, which represents 31 percent of the company’s workforce. Colin Angle, founder, CEO and chair of the iRobot board of directors is also stepping down as chair and CEO.

Continue reading.

Suicide Squad: Kill the Justice League bug beats the game for you It was pulled offline an hour after launch. Rocksteady

Rocksteady’s new third-person action shooter Suicide Squad: Kill the Justice League was pulled offline just one hour after launch after players encountered a bizarre bug that immediately beats the game. It locked players out of all story missions, including tutorials, in a race to reach the end credits. It also makes it impossible to receive trophies and achievements, but the biggest issue may be the inability to play any of the $70 game. The developer says it’s working on a fix.

Continue reading.

Japan’s SLIM lunar probe returns to life The solar panels recharged after the sun’s orientation shifted.

Japan’s lunar lander has regained power, nine days after it landed on the Moon’s surface nearly upside down and switched off. JAXA (Japan Aerospace Exploration Agency) said a change in the sun’s position allowed the solar panels to receive light and charge the probe’s battery, so JAXA could reestablish communication. In any case, the mission was deemed a success, as the primary goal was a precision landing. It did just that, hitting a spot just 55 meters (180 feet) of its target. Just... the wrong way up.

Continue reading.

Japan will no longer require floppy disks for submitting some official documents Yes, it’s 2024. Why do you ask? Reuters

Back on Earth, and in 2022, Japan’s Minister of Digital Affairs Taro Kono urged various branches of the government to stop requiring businesses to submit information on outdated forms of physical media. The Ministry of Economy, Trade and Industry (METI) is one of the first to make the switch. Kono’s staff identified some 1,900 protocols across several government departments that still require floppy disks, CD-ROMs and even (!) MiniDiscs.

Continue reading.

This article originally appeared on Engadget at https://www.engadget.com/the-morning-after-the-verdict-on-samsungs-galaxy-s24-ultra-121505918.html?src=rss

Yelp just released a substantial app update with more than 20 new features, and several of these tools are packed with, wait for it, AI. The biggest news for regular users is the addition of summaries of business automatically written by AI, which Yelp says will help people find the perfect restaurant or service to meet their needs.

There’s also new visuals for the home feed and revamped search experience, which the company says will also help users find that perfect dinner spot. This home feed incorporates AI to provide more relevant content to users and will also display images from nearby restaurants that match previous user queries, in addition to videos posted by local businesses.

The AI tomfoolery extends to business users. The app now offers business owners “AI-powered smart budgets” to optimize ad spending. There’s also new data insights available for business owners that deliver “valuable market and competitive” information.

Yelp

Yelp’s expanding the Recognitions feature to encourage user engagement. Now, users can earn official kudos by regularly reviewing certain types of foods. You can nab one of these coveted digital trophies by reviewing three restaurants that offer the same type of cuisine in one year. You’ll find these credentials in the Achievements section on the app.

The update’s only available on iOS for now, but Yelp says an Android version will be released in the coming months. This isn’t the first time the service has dipped its toes into the wading pool of AI. Back in April, the company announced it was integrating AI and natural language models to improve search.

This article originally appeared on Engadget at https://www.engadget.com/yelps-new-ai-features-include-auto-generated-business-summaries-among-other-updates-120010725.html?src=rss

Apple's latest Watch Series 9 is back down to its lowest price ever, just in time to help you keep going with those January fitness goals. You can grab the 41mm Pink model with the light pink sport loop for just $309, for a savings of 23 percent ($90) off the list price. If you're looking for another color, the Midnight and Silver models are on sale for $329, still saving you a substantial 18 percent ($70) off the regular price. 

The Apple Watch Series 9 is a solid addition to the lineup, scoring an excellent 92 in our review thanks to new features like Raise To Speak and Double Tap. Raise to Speak allows you to lift your wrist to activate Siri, with requests now processed right on the watch instead of going through another device. In other words, you can still use Siri when offline or away from your phone.

Double Tap is a more interactive feature, letting you tap your index finger and thumb together (the ones on the same side as the watch) twice to complete specific actions. You can use it to answer or end calls or reply with dictation, among other commands — meaning you'll need to touch your watch face less often.

The Apple Watch Series 9 is also powerful for health and fitness — for one, it monitors your heart rate and will send a notification if it notices any irregularities. It also tracks your sleep stages and overall well-being through features like temperature sensing. Plus, it's water-resistant, so you needn't worry about sweat.

There is one downside, as you might be aware. Apple was forced to disable a key new feature, the blood oxygen monitor, due to a patent dispute with a medical company. That issue has now been resolved, though, and you probably won't miss the feature much — especially at those prices. 

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.

This article originally appeared on Engadget at https://www.engadget.com/apple-watch-series-9-falls-back-to-a-low-of-309-115531352.html?src=rss

Gogoro is best known for its battery swapping tech, but its new scooter may be one of the quickest and highest-tech models available. The flagship Pulse can accelerate from 0 to 32MPH in just 3.05 seconds thanks to the company's "Hypercore" tech that delivers 378nm of torque to the back wheel. At the same time, it's fitted with a 10.25 HD touch display that offers turn-by-turn navigation and more. 

The first thing that stands out with the Pulse is the new angular and modern design that differs from past models that were more on the retro side. It also has the benefit of reducing non-essential drag and using airflow to cool the electric motor, according to Gogoro. 

The new 9kW Hyper Drive powertrain features a new hybrid water and air dual-cooling system, allowing the H1 motor to hit up to 11,000 RPM. And while it boosts performance, it's also supposed to reduce energy consumption, the company wrote. 

Gogoro

It uses an active-matrix lighting system with 13 separate LED units. Each of those actively switch on to adapt to the rider's speed, turns and even weather conditions, presumably to improve visibility in traffic. As you drive it faster, the active-matrix headlights also extend further down the road and the active-corner lighting "provides wider bands of light aimed in the direction of each turn," Gogoro says. 

The 10.25-inch panoramic touch display is something you don't see on too many scooters. Along with the turn-by-turn navigation with real-time traffic information, it comes with a new iQ Touch HD system that display battery swap locations, speeds, power levels and more, while letting you select from different ride modes. Gogoro claims it's the first two-wheeled vehicle to be powered by Qualcomm's new Snapdragon QWM2290 digital chassis. 

Riders will be able to unlock and start the Pulse using their iPhone by adding the scooter key to their Apple Wallet. You'll also be able to use Apple's Find My feature to locate the scooter if it's stolen or lost. 

Gogoro is based in Taiwan, and now operates in nine markets including India, The Philippines, China, Japan, Korea, Singapore, Indonesia and Israel. The company has yet to announce a price for the Pulse, but it'll start shipping in Taiwan in late Q2 2024. 

This article originally appeared on Engadget at https://www.engadget.com/gogoros-new-flagship-pulse-is-a-sporty-high-tech-scooter-102014298.html?src=rss

You will soon find a kid-friendly section inside OpenAI's newly opened store for custom GPTs. The company has joined forces with Common Sense Media, a nonprofit organization that rates media and technology based on their suitability for children, to minimize the risks of AI use by teenagers. Together, they intend to create AI guidelines and educational materials for young people, their parents and their educators. The two organizations will also curate a collection of family-friendly GPTs in OpenAI's GPT store based on Common Sense's ratings, making it easy to see which ones are suitable for younger users. 

"Together, Common Sense and OpenAI will work to make sure that AI has a positive impact on all teens and families," James P. Steyer, founder and CEO of Common Sense Media, said in a statement. "Our guides and curation will be designed to educate families and educators about safe, responsible use of ChatGPT, so that we can collectively avoid any unintended consequences of this emerging technology."

According to Axios, the partnership was announced at Common Sense's kids and family summit in San Francisco, where OpenAI CEO Sam Altman shot down the idea that AI is bad for kids and should be kept out of schools. "Humans are tool users and we better teach people to use the tools that are going to be out in the world," he reportedly said. "To not teach people to use those would be a mistake." The CEO also said that future high school seniors would be able to operate at a higher level of abstraction and could achieve more that their predecessors with the help of artificial intelligence. 

This article originally appeared on Engadget at https://www.engadget.com/openai-and-commonsense-media-team-up-to-curate-family-friendly-gpts-074228457.html?src=rss