One of the Messages apps most-used features, Tapbacks, got a big upgrade in iOS 18. The standard tapbacks were redesigned, and you can now use any emoji as a tapback. But theres one tapback fix thats become more needed than ever, and I hope Apple addresses it soon.The expansive growth of tapbacks in MessagesI dont know about you, but some of my Messages conversations are absolutely overrun by tapbacks.Certain group chats tend to be the worst offenders.Im on some group threads where practically every message sent gets several tapback reactions from others.Now that any emoji can be a tapback in iOS 18, any message someone sends can be paired with a relevant and/or humorous tapbackexacerbating the problem.Fortunately, the fix could be very easy for Apple.New setting could enable muting tapback alertsiOS already lets you mute any thread of your choosing. It offers two convenient options:You can swipe left on the conversation and hit the bell iconOr open the thread, tap the name/number at the top, and hit the Hide Alerts toggleWhat Id like is for a new toggle to be added.Just one little toggle: Hide Alerts for TapbacksThat way, I can still get notified when actual messages are sent inside a group chat, but tapbacks wont alert me.I wouldnt want to disable tapback alerts everywhere, just for several group chats where constant alerts make it hard to keep up with the conversation.This small addition to Messages info screen would do the trick.Do you have the same problem? Want Apple to add a new toggle for tapback alerts? Let us know in the comments.Best iPhone accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

They do not want those DMs made public. Don't SpeakIn one of the many copyright lawsuits it's facing, OpenAI is asking a judge to narrow the scope of discovery to limit insider communications from being aired in public.This latest forte in OpenAI's defense against the Authors Guild,which is alleging on behalf of writers including George R.R. Martin and John Grisham that the company used its members' copyrighted works without permission to train its AI models, shows that the firm really doesn't want its top researchers' documents making the rounds.The Guild recently requested that OpenAI submit extensive documents including text messages and social media DMs not only for the 24 initial "custodians" or insiders who are thought to have relevant pre-trial discovery information, but for eight additional figures as well, includingOpenAI cofounder Ilya Sutskever and researcher Jan Lieke, both of whom left OpenAI this year.Leaky ShipWhile this counter-suit doesn't seem to be specifically about inside baseball at OpenAI, recent news involving Sutskever highlights why the company may not want its former and current executives' communications leaked.Earlier this week, the sidelined cofounder toldReuters that the abilities of OpenAI's advanced large language models (LLMs) seem to be plateauing as the company seeks more and more training data and computing resources.Sutskever was, notably, the leading proponent of the briefly successful attempt to oust CEO Sam Altman last Thanksgiving, and spent half a year in limbo before ultimately leaving the firm and starting his own venture pursuing safe artificial general intelligence (AGI).Should his texts and DMs come out, even if just regarding copyrighted work, there could be some very embarrassing details in there which could be at least part of whyOpenAI is trying to make sure they never see the light of day.More on OpenAI: OpenAI Buys Porn Domain for Huge SumShare This Article

"The Russians believe that continued operations are safe but they cant prove to our satisfaction that they are."Take a LeakIn September, NASA's inspector general warned in a report that new cracks and leaks affecting the Russian segment of the aging International Space Station continued to be a "top safety risk."The leaks, which have plagued a module connecting the segment's docking port to its service module, have been around for years, as SpaceNews reports, forcing astronauts to keep the module's hatch closed most of the time.And while former astronaut and head of NASA's ISS Advisory Committee Bob Cabana said the leaks are leading to the "possibility of a catastrophic failure" during a recent meeting, as quoted by SpaceNews, Russia's counterparts have continued to downplay the severity of the situation."The Russians believe that continued operations are safe but they cant prove to our satisfaction that they are, and the US believes that its not safe but we cant prove to the Russians satisfaction that thats the case," Cabana said during the meeting.[not seeing anything recent]Hole MilkRoscosmos and NASA also disagreed on the possible cause of the ongoing leaks. Cabana revealed that Russian engineers have pointed to "high cyclic fatigue" caused by micro-vibrations. NASA, however, believes it's more complicated than that, with mechanical stresses, among other factors, slowly degrading the module's material.While Cabana continues to stress the severity of the situation, other NASA officials told the Washington Post last month that the leaks aren't a huge deal."Roscosmos has applied sealant to many of these areas of interest which has further reduced the leak rate," NASA spokesperson Kathryn Hambleton told WaPo at the time.Meanwhile, Roscosmos identified a whopping 50 "areas of concern," according to Hambleton, underlining the scope of the issue.In short, regardless of the disagreement over the leaks' cause or severity, it's yet another sign that the space station, which has been continuously occupied for just over 24 years, is seriously starting to show its age."The station is not young," said NASA astronaut Michael Barratt, who returned to Earth from the station last month, during a briefing last week, as quoted by SpaceNews. "Its been up there for quite a while. You expect some wear and tear, and were seeing that."Share This Article

Nov 16, 2024Ravie LakshmananVulnerability / Network SecurityPalo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild.To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP addresses that are accessible over the internet -136.144.17[.]*173.239.218[.]251216.73.162[.]*The company, however, warned that these IP addresses may possibly represent "third-party VPNs with legitimate user activity originating from these IPs to other destinations."Palo Alto Networks' updated advisory indicates that the flaw is being exploited to deploy a web shell on compromised devices, allowing threat actors to gain persistent remote access.The vulnerability, which is yet to be assigned a CVE identifier, carries a CVSS score of 9.3, indicating critical severity. It allows for unauthenticated remote command execution.According to the company, the vulnerability requires no user interaction or privileges to exploit, and its attack complexity has been deemed "low."That said, the severity of the flaw drops to high (CVSS score: 7.5) should access to the management interface be restricted to a limited pool of IP addresses, in which case the threat actor will have to obtain privileged access to those IPs first.On November 8, 2024, Palo Alto Networks began advising customers to secure their firewall management interfaces amid reports of a remote code execution (RCE) flaw. It has since been confirmed that the mysterious vulnerability has been abused against a "limited number" of instances.There are currently no details on how the vulnerability came to light, the threat actors behind the exploitation, and the targets of these attacks. Prisma Access and Cloud NGFW products are not impacted by the flaw.Patches for the vulnerability are yet to be released, making it imperative that users take immediate steps to secure access to the management interface, if not already.The advisory comes as three different critical flaws in the Palo Alto Networks Expedition (CVE-2024-5910, CVE-2024-9463, and CVE-2024-9465) have come under active exploitation, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). At this stage, there is no evidence to suggest that the activities are related.(This is a developing story. Please check back for more updates.)Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Nov 16, 2024Ravie LakshmananVulnerability / VPN SecurityA threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, DEEPPOST, and LightSpy."DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices," security researchers Callum Roxan, Charlie Gardner, and Paul Rascagneres said Friday.The malware first came to light earlier this week, when BlackBerry detailed the Windows-based surveillance framework as used by the China-linked APT41 threat actor to harvest data from WhatsApp, Telegram, Signal, WeChat, LINE, QQ, Skype, Microsoft Outlook, DingDing, Feishu, KeePass, as well as application passwords, web browser information, Wi-Fi hotspots, and installed software."Since their initial development of the LightSpy spyware implant in 2022, the attacker has been persistently and methodically working on the strategic targeting of communication platforms, with the emphasis on stealth and persistent access," the BlackBerry threat research team noted.The core component of DEEPDATA is a dynamic-link library (DLL) loader called "data.dll" that's engineered to decrypt and launch 12 different plugins using an orchestrator module ("frame.dll"). Present among the plugins is a previously undocumented "FortiClient" DLL that can capture VPN credentials."This plugin was found to exploit a zero-day vulnerability in the Fortinet VPN client on Windows that allows it to extract the credentials for the user from memory of the client's process," the researchers said.Volexity said it reported the flaw to Fortinet on July 18, 2024, but noted that the vulnerability remains unpatched. The Hacker News has reached out to the company for comment, and we will update the story if we hear back.Another tool that's part of BrazenBamboo's malware portfolio is DEEPPOST, a post-exploitation data exfiltration tool that's capable of exfiltrating files to a remote endpoint.DEEPDATA and DEEPPOST add to the threat actor's already powerful cyber espionage capabilities, expanding on LightSpy, which comes in different flavors for macOS, iOS, and now Windows."The architecture for the Windows variant of LightSpy is different from other documented OS variants," Volexity said. "This variant is deployed by an installer that deploys a library to execute shellcode in memory. The shellcode downloads and decodes the orchestrator component from the [command-and-control] server."The orchestrator is executed by means of a loader called BH_A006, which has been previously put to use as early as by a suspected Chinese threat group referred to as Space Pirates, which has a history of targeting Russian entities.That said, it's currently not clear if this overlap is due to whether BH_A006 is a commercially available malware or is evidence of a digital quartermaster that's responsible for overseeing a centralized pool of tools and techniques among Chinese threat actors.The LightSpy orchestrator, once launched, uses WebSocket and HTTPS for communication for data exfiltration, respectively, and leverages as many as eight plugins to record webcam, launch a remote shell to execute commands, and collect audio, browser data, files, keystrokes, screen captures, and a list of installed software.LightSpy and DEEPDATA share several code- and infrastructure-level overlaps, suggesting that the two malware families are likely the work of a private enterprise that has been tasked with developing hacking tools for governmental operators, as evidenced by companies like Chengdu 404 and I-Soon."BrazenBamboo is a well-resourced threat actor who maintains multi-platform capabilities with operational longevity," Volexity concluded. "The breadth and maturity of their capabilities indicates both a capable development function and operational requirements driving development output."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Companies are keeping their central data centers, but theyre also moving more IT to the enterprise edge. The result is a re-imagined concept of data center that includes the data center but also subsumes cloud and other edge-computing operations.In this expanded data center model, ITs role hasnt fundamentally changed. It must still implement, monitor and maintain data center operations, no matter where they occur.But since IT staff cant be at all remote locations at once, software and hardware technologies are being called upon to do the job of facilitating end-to-end data center management, no matter where that management is.Technologies to Facilitate Remote Data Center ManagementTo assist IT in managing the expanded data center, tools and technology solutions must do two key things: monitor and manage IT operations, functions and events; and automate IT operations.Here are five technologies that help:System on a chip (SOC). First conceived in the 1970s, system on a chip embeds processing, memory and, today, even security and artificial intelligence on a single chip. The chip powers a device or network endpoint.SOC can appear in a router, sensor, smartphone, wearable, or any other Internet of Things (IoT) device. The original selling point of SOCs was their ability to offload processing from the central data center and reduce latency when processing can be done locally.Related:Now, these SOC routers, devices, and access points come with embedded security that is WPA2/3 compliant and can encrypt data and block DNS attacks or suspicious websites. That security is complemented with AI that aids in threat detection and in some cases, threat mitigation, such as being able to automatically shut down and isolate a detected threat.To use SOC threat detection and mitigation at the edge, IT must:Ensure that the security ruleset on edge devices is in concordance with corporate-wide data center security policies; andEmploy an overarching network monitoring solution that can integrate the SOC-based security with central data center security and monitoring so every security action can be observed, analyzed, and mitigated from a single pane of glass in the central data center.Zero-trust networks. Zero-trust networks trust no one with unlimited access to all network segments, systems, and applications. In the zero-trust scheme, employees only gain access to the IT resources they are authorized for.Users, applications, devices, endpoints, and the network itself can be managed from a central point. Internal network boundaries can be set to allow only certain subsets of users access. An example is a central data center in Pittsburgh with a remote manufacturing plant in Phoenix. A micro network can be defined for the Phoenix plant that can only be used by the employees in Phoenix. Meanwhile, central IT has full network management, monitoring, and maintenance capability without having to leave the central data center in Pittsburgh.Related:Automated operations. Data and system backups can be automated for servers deployed at remote points, whether these backups are ultimately rerouted to the central data center or a cloud service. Other IT functions that can be automated with guidance from an IT ruleset include IT resource provisioning and de-provisioning, resource optimization, and security updates that are automatically pushed out for multiple devices.Its also possible to use remote access software that allows IT to gain control of a users remote workstation to fix a software issue.Edge data centers.Savings in communications can be achieved, and low-latency transactions can be realized if mini-data centers containing servers, storage and other edge equipment are located proximate to where users work. Industrial manufacturing is a prime example. In this case, a single server can run entire assembly lines and robotics without the need to tap into the central data center. Data that is relevant to the central data center can be sent later in a batch transaction at the end of a shift.Related:Organizations are also choosing to co-locate IT in the cloud. This can reduce the cost of on-site hardware and software, although it does increase the cost of processing transactions and may introduce some latency into the transactions being processed.In both cases, there are overarching network management tools that enable IT to see, monitor and maintain network assets, data, and applications no matter where they are. The catch is that there are still many sites that manage their IT with a hodgepodge of different types of management software.A single pane of glass. At some point, those IT departments with multiple network monitoring software packages will have to invest in a single, umbrella management system for their end-to-end IT. This will be necessary because the expanding data center is not only central, but that could be in places like Albuquerque, Paris, Singapore and Miami, too.ITs end goal should be to create a unified network architecture that can observe everything from a central point, facilities automation, and uses a standard set of tools that everybody learns.Are We There Yet?Most IT departments are not at a point where they have all of their IT under a central management system, with the ability to see, tune, monitor and/or mitigate any event or activity anywhere. However, we are at a point where most CIOs recognize the necessity of funding and building a roadmap to this uber management network concept.The rise of remote work and the challenge of managing geographically dispersed networks have driven the demand for network management system (NMS) solutions with robust remote capabilities, reports Global Market Insights, adding, As enterprises increasingly seek remote network management, the industry is poised for substantial growth.

Marco Addino, Managing Director, AccentureNovember 15, 20244 Min ReadPanther Media GmbH via Alamy StockWithout doubt, todays society relies on the semiconductor industry. After all, can you imagine a world without smartphones, cars, power stations, and televisions? We, as people, and the global economy more broadly, rely on continued innovation from the chips the industry produces. But there are challenges facing these companies across the board -- design, manufacturing and demand. Talent is in increasingly short supply, and on top of that geopolitical tensions and onshore manufacturing add another layer of complexity. The industry keeps having hurdles to cross, one after another it seems. Only recently, another problem for the industry made the headlines when Hurricane Helene hit Spruce Pine, one of the worlds most important locations for semiconductor, raising questions about the impact it would have.It's already tough enough for semiconductor companies to deal with and resolve these issues, but they are appearing while generative AI has made the need for innovation a must do now, not a must do at some point. The question is whether the semiconductor industry can reinvent itself quickly enough for this new generative AI moment. Accenture analysis found reinventors (those companies that have already built the capability for continuous reinvention) increased revenues by 15 percentage points over other companies between 2019 and 2022. We expect that gap in revenue growth between reinventors and the rest to increase by 2.4 times to 37 percentage points by 2026, so theres a clear opportunity for them. Yet our survey of global semiconductor executives found that 71% believe it will take at least three years for the semiconductor industry to deploy generative AI at scale. The industry could do with that timeframe accelerating somewhat.Related:The Challenges AheadIts not going to be easy, however, of course it wont. But semiconductor companies need to use generative AI across the entire spectrum -- spanning design and manufacturing, through sales and marketing, to customer service --to seize opportunities for innovation in both the short- and long-term. Adapting that broad view across the value chain is a must to reinvent the value chain, however daunting that may initially seem.There are other concerns too, such as IP. In fact, 73% of executives cite IP concerns as the biggest barrier to generative AI deployments. Then theres of course the cost issue and the need to balance technical debt with investments for the future, both of which, are necessary.Once leaders grapple with how those challenges can be overcome, theres another pressing challenge and thats having the right talent in place to deploy these applications successfully.Related:Most semiconductor companies are already fully aware of that and are doing everything they can to accelerate gaining new talent and reskilling their existing workforce. However, the speed with which generative AI is changing the way businesses work means they must also get support from across their ecosystem to ensure they have all critical skills in place.It's Time for Leaders to Place Their BetsThe industry needs to move forward with two workstreams running in parallel. First, CEOs and other business leaders must make no regrets moves; those use cases with the lowest risk, shortest time to show results and therefore, value. For example, Generative AI-enabled field service assistants would allow field service engineers to perform root cause analyses faster and recommend repair methods based on machine data, therefore reducing downtime and accelerating production. It also provides immediate access to information that helps technicians increase their knowledge, therefore helping with the skills gap. Generative AI can also be used in other areas, such as sales and marketing where it can improve the quality and level of personalization of the content to drive more personalized campaigns.Related:At the same time, strategic bets need to be decided upon to support the long-term goals of the business. An example of this is in process engineering. Generative AI-enabled applications that incorporate historical process parameter data to create more efficient designs for semiconductor equipment and wafer development. These tools can use drawings, text, images and more to create customized outputs that engineers can use to augment experiments, allowing for a more objective approach to experimental design. These strategic bets will be the things that will offer the highest value. They may well take some time to roll out, but they could pave the way for total reinvention and therefore, competitive advantage.Whether the no regret moves or strategic bets, the guiding principle is choosing the right use cases, at the right point and at the right time. Every semiconductor companys generative AI journey is different, but the approaches will be similar. All companies must establish a solid data foundation, have the necessary skills in place, and importantly, have the right ecosystem in position. Those that come out on top wont just be the best player, but the businesses that put the right connections in place.About the AuthorMarco AddinoManaging Director, AccentureMarco Addino is a managing director in Accentures high tech industry practice leading the companys semiconductor business in EMEA, and is the client account lead for Italy, Central Europe and Greece, responsible for building and growing strategic relationships in the region. He is experienced in high complexity products engineering, supply chain and operations, large scale digital and technology transformations, organizational design, post-merger integration, and the design and implementation of platform business models.See more from Marco AddinoNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Yet anotherStar Wars movie has been pulled from yet another planned release date.Disney and Lucasfilm had penciled in thea newStar Wars film for release in theaters on December 18, 2026, a little over two years from now. But now, according to multiple media reports, that is not happening. Instead, Disney will be releasing a newIce Age animated feature on that date. (Disney acquiredIce Age in their purchase of 20th Century Fox.)PerVariety, while it was never confirmed exactly what this project would be, Sharmeen Obaid-Chinoywas previously announcedas the director of an upcoming Star Wars film followingDaisy Ridleys Rey after the events of 2019s Star Wars: The Rise of Skywalker. Back in October, it was reported that this project had lost its screenwriter,with the departure of Steven Knight.LucasfilmLucasfilmloading...READ MORE: 12 Actors Wasted inStar WarsRolesAlthough Lucasfilm has released a steady stream of TV projects to Disney+ since 2019, it is now five years and counting since the lastStar Wars feature film came to theaters. In that time a whole slew of projects have been announced or rumored and come to nothing, including aRogue Squadron movie directed by Patty Jenkins, a mystery project from Marvels Kevin Feige, and entire trilogies of movies from Rian Johnson andGame of Thrones Benioff and Weiss.https://screencrush.com/new-star-wars-trilogy/Withyet another Star Warsfilmat least delayed (if not permanently postponed) that means the earliest well see a newStar Wars film in theaters is May of 2026 when the movie version ofThe Mandalorianis supposed to debut. And Disney has anotherStar Wars movie of some sort scheduled for Christmas of 2027 at least tentatively. You are forgiven if at this point you are skeptical aboutanyof theseStar Wars projects ever seeing the light of day.Get our free mobile appEvery Star Wars Movie, Ranked From Worst to BestHere is every theatrical Star Wars movie, ranked from the worst to the best.

Time zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), AKST (UTC -9), HST (UTC -10), GMT (UTC +0), CET (UTC +1), EET (UTC +2), AST (UTC -4), FKST (UTC -3), NST (UTC -3:30)QUALIFICATIONSThis is a technology job that accommodates humanities people and relies more fully on your competencies than your formal experiencemaking it a rare opportunity thats perfect for at least sophomores, new grads, career transitioners, and those seeking an exciting remote careerYoure the sort of person who is exceptional at generating copy intuitivelyYouve also got the metacognitive awareness to show your work. In addition, youre the sort of person with a deep interest in linguisticsRESPONSIBILITIES:As a Remote AI Content Evaluator, you will be working closely with a team of other trainers, within protocols developed by the worlds leading AI researchers training the AI to read, write, summarize knowledge, and interpret meaningYour job is to train, evaluate, and test the AIs conversation skills, continuously equipping it to fulfill that purposeYoull spend the bulk of your time generating examples of ideal conversations, acting as both the User and the AI for the AI to learn from, collecting sources helping it read large swaths of humanitys documented knowledge and distinguish between what is presented as fact vs. context vs. patterns of behaviorFor example, you will be discerning the accuracy of the facts that the AI is outputting, but also the accuracy with which they interpret themAs the project grows over time, youll spend time actively trying to break the AI by forcing mistakes and improving the way these AI models recoverThis is absolutely critical to its safety, accuracy, and useYoull document breaks and have the opportunity to recommend improvements to the training methods themselves to both our team and our clientBenefits:Compensation & CareerPay begins between $22.50 / hour and its made on Mondays. Related Jobs See more All Other Remote jobs

Thousands of people across the world come to EDUopinions to research schools every day. Its where they get advice, inspiration, and plan for what matters most. Our mission is to help those prospective students find their ideal schools and create their dream futures. In your role, youll be challenged to take on work that upholds this mission and pushes EDUopinions forward.EDUopinions is looking for Student Ambassadors who want to gain invaluable social media marketing and content creation experience. Being an EDUopinions Ambassador means representing EDUopinions and creating an authentic experience for our audience prospective students looking for university rankings and reviews.The Ambassador Program is responsible for bringing honest student reviews to the EDUopinions platform by creating social networking and student outreach campaigns to achieve database objectives. Our goal is to build an inclusive and diverse online student community that provides advice and feedback regarding the university experience at different higher education institutions around the world.An EDUopinions Ambassador will work alongside the Reviews Manager and other student ambassadors, getting exposure in social media campaign strategy and user-generated content creation and gaining firsthand experience in a remote start-up environment. This is a contract role.ResponsibilitiesThink creatively about new ways to engage students through online and offline channelsEncourage students and alumni to share their honest opinions regarding their studies.Provide feedback on challenges and opportunities.QualificationsEnjoys talking to students and grads about higher educationExperience in and understanding of social media platformsMotivated self-starter who takes initiativeBenefitsPartners set their own schedules and are paid based on performance.Fully remote team.Hands-on experience with social media marketing, online networking, and campaign performance dashboard. Related Jobs See more All Other Remote jobs