Just a few hours after releasing the latest iOS 18.2 beta for developers, a new public beta is here. iOS 18.2 public beta 3 arrives as one of the last releases before next months full launch. Heres whats new.Todays new public beta is the same software build as the developer beta 4 released earlier this afternoon.This latest build has little to offer in terms of new features or big changes. Just a few small new updates have been discovered:the Photos apps video scrubber now shows millisecondsCamera Controls accessibility settings have been added to the standard Camera Control settings hub, centralizing more options in one placeadded in the last beta but just discovered: you can now set a default Contactless App to replace Wallet inside Settings Appssmall design tweaks to Apple MailOverall, beta 3 is focused on performance improvements and bug fixes. Which makes sense, because were getting very close to Apple shipping the RC (release candidate) version of iOS 18.2.Apple has recently released weekly iOS 18.2 betas, but the company will likely take next week off due to the Thanksgiving holiday, meaning our next chance for a beta will be the week of December 2.Most likely, thats when well get the RC update ahead of a public launch the week of December 9.Highlights of iOS 18.2iOS 18.2 is a huge release for users, largely due to the highly anticipated new Apple Intelligence features. These include:Genmoji:Make your own custom emoji for use in any app.ChatGPT in Siri:Siri can tap into ChatGPTs knowledge, and you can even query ChatGPT directly.Image Playground: Create original AI images in animation, illustration, or sketch styles.Visual intelligence:Use iPhone 16s Camera Control to get relevant info from your physical environment.and moreBut there are also great additions outside of AI, such as a redesigned Mail app, new Find My features, Camera Control upgrades, and even more.If you havent yet joined the public beta program, you can do so now via beta.apple.com to install the pre-release software today.What are your favorite or most anticipated iOS 18.2 features? Let us know in the comments.Best iPhone accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

"There have got to be so many people who are so embarrassed to be repping him on the streets driving their Teslas and who want to completely disavow this guy."Drag RaceFor longtime Tesla owners, Elon Musk's increasing rightwing crusading has made their electric cars into mortifying red flags and now, a bunch are sticker-slapping back.As the climate change news siteHeatmap reports, a Hawaii-based sticker maker is doing a booming business selling bumper stickers to Tesla owners who, as one of his wares advertises, got their EVs "before we knew [Musk] was crazy.""I started making stickers on my own before the Elon sticker," explained Matthew Hiller, the Waikiki resident behind the popular Etsy shop "Mad Puffer Stickers."An aquarium employee who often makes "fish stickers" for work, Hiller said that he got the idea to start making his tongue-in-cheek accessories in 2023 when considering buying a Tesla of his own. After Musk purchased Twitter and started his "extreme censoring," however, the creative realized he definitely couldn't handle the heat that came with being associated with such a toxic brand and that gave him an idea."I figured, theres no wayIm buying a Tesla but there have got to be so many people who are so embarrassed to be repping him on the streets driving their Teslas and who want to completely disavow this guy," Hiller told Heatmap. "Because I know I would want to sell mine immediately after I saw what he was doing."Hiller's first sticker, a small run of the aforementioned "I bought this before we knew Elon was crazy," repeatedly went viral on social media and even ended up on news sites likeBusiness Insider and the Washington Post. Unsurprisingly, that meant he had to print way, way more."I would be selling five to seven a day," he said, "and then suddenly, there would be 50 a day because someone else talked about it on Reddit."Line Goes UpMore than a year in, Hiller says that the attention his anti-Musk stickers have gotten is "insane" and that in the aftermath of Donald Trump's electoral upset, sales are up "unbelievably.""I can barely keep up," he told Heatmap. "My full-time job is at the aquarium, and I come home and pack stickers until 11 p.m. Its just me and my wife doing it all."Obviously, there are lots and lots of cheap knockoffs being sold on Amazon and other such sites but considering that Hiller's are less than $10 a pop without Etsy's sale prices, getting an original is still a viable option.In a "ballpark" estimate, the sticker salesman said he's sold more than 10,000 units since last year, with an average of 180 going out per day."Its rough," Hiller said.More on anti-Musk sentiment: Elon Musk Responds to Concerns That His Political Antics Are Tanking Tesla SalesShare This Article

"Brilliant. No notes."AI GoreCoca-Cola drew criticism for rolling out an uninspired and lazily AI-generated holiday advertisement this year.The ad is pretty much exactly the kind of insipid corporate sludge you'd expect from AI: predictable, unimaginative and vaguely uncanny.Fortunately, Redditors took matters into their own hands, celebrating tooth-rotting soft drinks with a far more "unhinged" take on Coke's concept.The result harkens back to the glowy days of AI gore, when Will Smith glitchily "eating" a bowl of spaghetti went mega-viral, withunsettling mishmashes of morphing body appendages and explosions. At one point, a polar bear even yeets its offspring into an icy lake for no discernible reason."Brilliant,"one Redditor assessed. "No notes."Out of TouchCoke contracted three separate AI studios for its cheap-looking ad, and it didn't take long for netizens to call out the company for brazenly replacing human artists with bland AI."FUN FACT: Coca-Cola is red because its made from the blood of out-of-work artists!" Alex Hirsch, the creator of the Disney TV show "Gravity Falls," tweeted in a tongue-in-cheek post.It's only the latest in a string of companies relying on cheap generative AI for its ads. Earlier this year, the corporate husk of Toys "R" Us was flamed for a similar effort.Perhaps it would've served Coke better to lean into the limitations of the tech. During this year's Super Bowl half-time, after all, its sports drink brand Bodyarmor released a nausea-inducing generative AI ad in an attempt to make a point about offering its customers a "real" product.At least, the ad passed the low bar of being somewhat entertaining to watch, which can't be said of its latest cringe-inducing attempt."They should've made it more self-aware and comical, it would've had a better reception IMO," one Redditor argued."Tough for the marketing department to make a self-aware ad when they are all out of touch in the first place," another replied.Share This Article

Nov 21, 2024Ravie LakshmananArtificial Intelligence / Software SecurityGoogle has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library."These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets," Google's open-source security team said in a blog post shared with The Hacker News.The OpenSSL vulnerability in question is CVE-2024-9143 (CVSS score: 4.3), an out-of-bounds memory write bug that can result in an application crash or remote code execution. The issue has been addressed in OpenSSL versions 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, and 1.0.2zl.Google, which added the ability to leverage large language models (LLMs) to improve fuzzing coverage in OSS-Fuzz in August 2023, said the vulnerability has likely been present in the codebase for two decades and that it "wouldn't have been discoverable with existing fuzz targets written by humans."Furthermore, the tech giant noted that the use of AI to generate fuzz targets has improved code coverage across 272 C/C++ projects, adding over 370,000 lines of new code."One reason that such bugs could remain undiscovered for so long is that line coverage is not a guarantee that a function is free of bugs," Google said. "Code coverage as a metric isn't able to measure all possible code paths and statesdifferent flags and configurations may trigger different behaviors, unearthing different bugs."These AI-assisted vulnerability discoveries are also made possible by the fact that LLMs are proving to be adept at emulating a developer's fuzzing workflow, thereby allowing for more automation.The development comes as the company revealed earlier this month that its LLM-based framework called Big Sleep facilitated the detection of a zero-day vulnerability in the SQLite open-source database engine.In tandem, Google has been working towards transitioning its own codebases to memory-safe languages such as Rust, while also retrofitting mechanisms to address spatial memory safety vulnerabilities which occur when it's possible for a piece of code to access memory that's outside of its intended bounds within existing C++ projects, including Chrome.This includes migrating to Safe Buffers and enabling hardened libc++, which adds bounds checking to standard C++ data structures in order to eliminate a significant class of spatial safety bugs. It further noted that the overhead incurred as a result of incorporating the change is minimal (i.e., an average 0.30% performance impact)."Hardened libc++, recently added by open source contributors, introduces a set of security checks designed to catch vulnerabilities such as out-of-bounds accesses in production," Google said. "While C++ will not become fully memory-safe, these improvements reduce risk [...], leading to more reliable and secure software."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Nov 21, 2024Ravie LakshmananFinancial Fraud / Data BreachThreat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers."They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher Jan Michael Alcantara said in a report shared with The Hacker News."New techniques used by NodeStealer include using Windows Restart Manager to unlock browser database files, adding junk code, and using a batch script to dynamically generate and execute the Python script."NodeStealer, first publicly documented by Meta in May 2023, started off as JavaScript malware before evolving into a Python stealer capable of gathering data related to Facebook accounts in order to facilitate their takeover.It's assessed to be developed by Vietnamese threat actors, who have a history of leveraging various malware families that are centered around hijacking Facebook advertising and business accounts to fuel other malicious activities.The latest analysis from Netskopke shows that NodeStealer artifacts have begun to target Facebook Ads Manager accounts that are used to manage ad campaigns across Facebook and Instagram, in addition to striking Facebook Business accounts.In doing so, it's suspected that the intention of the attackers is not just to take control of Facebook accounts, but to also weaponize them for use in malvertising campaigns that further propagate the malware under the guise of popular software or games."We recently found several Python NodeStealer samples that collect budget details of the account using Facebook Graph API," Michael Alcantara explained. "The samples initially generate an access token by logging into adsmanager.facebook[.]com using cookies collected on the victim's machine."Aside from collecting the tokens and business-related information tied to those accounts, the malware includes a check that's explicitly designed to avoid infecting machines located in Vietnam as a way to evade law enforcement actions, further solidifying its origins.On top of that, certain NodeStealer samples have been found to use the legitimate Windows Restart Manager to unlock SQLite database files that are possibly being used by other processes. This is done so in an attempt to siphon credit card data from various web browsers.Data exfiltration is achieved using Telegram, underscoring that the messaging platform still continues to be a crucial vector for cybercriminals despite recent changes to its policy.Malvertising via Facebook is a lucrative infection pathway, often impersonating trusted brands to disseminate all kinds of malware. This is evidenced by the emergence of a new campaign starting November 3, 2024, that has mimicked the Bitwarden password manager software through Facebook sponsored ads to install a rogue Google Chrome extension."The malware gathers personal data and targets Facebook business accounts, potentially leading to financial losses for individuals and businesses," Bitdefender said in a report published Monday. "Once again, this campaign highlights how threat actors exploit trusted platforms like Facebook to lure users into compromising their own security."Phishing Emails Distribute I2Parcae RAT via ClickFix TechniqueThe development comes as Cofense has alerted to new phishing campaigns that employ website contact forms and invoice-themed lures to deliver malware families like I2Parcae RAT and PythonRatLoader, respectively, with the latter acting as a conduit to deploy AsyncRAT, DCRat, and Venom RAT.I2Parcae is "notable for having several unique tactics, techniques, and procedures (TTPs), such as Secure Email Gateway (SEG) evasion by proxying emails through legitimate infrastructure, fake CAPTCHAs, abusing hardcoded Windows functionality to hide dropped files, and C2 capabilities over Invisible Internet Project (I2P), a peer-to-peer anonymous network with end-to-end encryption," Cofense researcher Kahng An said."When infected, I2Parcae is capable of disabling Windows Defender, enumerating Windows Security Accounts Manager (SAM) for accounts/groups, stealing browser cookies, and remote access to infected hosts."Attack chains involve the propagation of booby-trapped pornographic links in email messages that, upon clicking, lead message recipients to an intermediate fake CAPTCHA verification page, which urges victims to copy and execute an encoded PowerShell script in order to access the content, a technique that has been called ClickFix.ClickFix, in recent months, has become a popular social engineering trick to lure unsuspecting users into downloading malware under the pretext of addressing a purported error or completing a reCAPTCHA verification. It's also effective at sidestepping security controls owing to the fact that users infect themselves by executing the code.Enterprise security firm Proofpoint said that the ClickFix technique is being used by multiple "unattributed" threat actors to deliver an array of remote access trojans, stealers, and even post-exploitation frameworks such as Brute Ratel C4. It has even been adopted by suspected Russian espionage actors to breach Ukrainian government entities."Threat actors have been observed recently using a fake CAPTCHA themed ClickFix technique that pretends to validate the user with a 'Verify You Are Human' (CAPTCHA) check," security researchers Tommy Madjar and Selena Larson said. "Much of the activity is based on an open source toolkit named reCAPTCHA Phish available on GitHub for 'educational purposes.'""What's insidious about this technique is the adversaries are preying on people's innate desire to be helpful and independent. By providing what appears to be both a problem and a solution, people feel empowered to 'fix' the issue themselves without needing to alert their IT team or anyone else, and it bypasses security protections by having the person infect themselves."The disclosures also coincide with a rise in phishing attacks that make use of bogus Docusign requests to bypass detection and ultimately conduct financial fraud."These attacks pose a dual threat for contractors and vendors immediate financial loss and potential business disruption," SlashNext said. "When a fraudulent document is signed, it can trigger unauthorized payments while simultaneously creating confusion about actual licensing status. This uncertainty can lead to delays in bidding on new projects or maintaining current contracts."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

While Pixars movies are available to stream on Disney+, the animation studio has made very little content exclusively for Disney+ in the last few years. Some of the streaming shows thatlook like Pixar work were made by others, like theMonsters at Work show (based onMonsters Inc. and Monsters University) which was technically produced outside of Pixar. Thus far theyve made some Forky shorts, a series of brief cartoons about Dug fromUp, aCars on the Road show, and thats about it.But Pixar has two full-fledged Disney+ series coming to streaming in the next three months. The first isDream Productions, and its the first TV series set in theInside Out universe. The film takes place between the two films,and spins off the brain workers, first introduced in the originalInside Out, who create Rileys dreams.That includes the director of dreams, played by Paula Pell, reprising her role fromInside Out.Joining her are Richard Ayoade and several of the voices fromInside Out including Amy Poehler as Joy, Lewis Black as Anger, Phyllis Smith as Sadness, plus Tony Hale and Liza Lapira as the current voices of Fear and Anger. (Rileys new emotions fromInside Out 2 dont appear because the show is set before its events occurred.)You can watch the trailer for the show below:READ MORE: Every Pixar Movie, Ranked From Worst to BestHere is the series official synopsis:Taking place in between the events of Inside Out and Inside Out 2 is Pixar Animation Studios Dream Productions, an all-new series about the studio inside Rileys mind where dreams really do come trueevery night, on time and on budget. Riley is growing up and when her memories need some extra processing, Joy and the rest of the Core Emotions send them to Dream Productions. Acclaimed director Paula Persimmon (voice of Paula Pell) faces a nightmare of her own: Trying to create the next hit dream after being paired up with Xeni (voice of Richard Ayoade), a smug daydream director looking to step up into the big leagues of night dreams.Dream Productions premieres on Disney+ on December 11. The series will run for four episodes. Pixars first totally originalseries for Disney+,Win or Lose, premieres on February 19, 2025.Sign up for Disney+ here.Get our free mobile appThe 25 Best Sequel TitlesThese sequels all share one thing in common: They all have really good titles.

ResponsibilitiesDevelop and maintain user-facing features using Vue.js, JavaScript, and TailwindCSS.Collaborate with backend developers to ensure seamless frontend-backend integration.Utilize tools like Node.js and Vue CLI to set up and manage projects.Deploy applications on static hosting platforms (e.g., Netlify, Vercel).Write clean, maintainable, and efficient code while adhering to best practices.Hiring ProcessApplication: Submit your applicating and confirm your availability for this role.Test Task: Shortlisted candidates will receive a test task (On the email you've applied with). You will:Set the start time.Propose a budget for the task.Specify a completion timeframe.Confirm the tasks start.Final Selection: The candidate with the best performance will join us for ongoing front-end tasks. Related Jobs See more Front-End Programming jobs

Time zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), AKST (UTC -9), HST (UTC -10)About Us:Crisis Control Solutions LLC is a Miami-based company specializing in risk mitigation and crisis management services. We provide innovative solutions to businesses, offering digital products, online courses, and expert consulting. Our mission is to empower businesses and individuals to navigate uncertainty with confidence.Role Overview:We are seeking a talented and driven Social Media Expert to join our team remotely. This part-time position is ideal for a creative individual with a passion for digital marketing and social media. The selected candidate will help boost our online presence, drive sales of our digital products, and position our founder as a leading speaker in the U.S.Key Responsibilities:Digital Product Sales: Manage and optimize the sales of our digital products on platforms like SamCart and Online Courses.Social Media Campaigns: Create and execute engaging online marketing campaigns across LinkedIn, Facebook, and other platforms to increase brand awareness and conversions.Founder Promotion: Develop and implement strategies to position the company founder as a prominent speaker in the U.S. market.Performance Tracking: Monitor and analyze campaign performance, providing actionable insights for improvement.Content Creation: Design and publish engaging content (e.g., posts, ads, and videos) to attract and retain an online audience.Requirements:Based in Florida and authorized to work in the U.S.Proven experience in social media management and digital marketing.Familiarity with platforms like LinkedIn, Facebook, SamCart, and online course tools.Excellent communication skills and creativity.Ability to work independently and manage time effectively.Basic graphic design and video editing skills are a plus.

Once again, global greenhouse-gas emissions are projected to hit a new high in 2024. In this time of shifting political landscapes and ongoing international negotiations, many are quick to blame one country or another for an outsize role in causing climate change. But assigning responsibility is complicated. These three visualizations help explain why and provide some perspective about the worlds biggest polluters. Greenhouse-gas emissions from fossil fuels and industry reached 37.4 billion metric tons of carbon dioxide in 2024, according to projections from the Global Carbon Budget, an annual emissions report released last week. Thats a 0.8% increase over last year. Breaking things down by country, China is far and away the single biggest polluter today, a distinction it has held since 2006. The country currently emits roughly twice as much greenhouse gas as any other nation. The power sector is its single greatest source of emissions as the grid is heavily dependent on coal, the most polluting fossil fuel. The US is the worlds second-biggest polluter, followed by India. Combined emissions from the 27 nations that make up the European Union are next, followed by Russia and Japan. Considering a countrys current emissions doesnt give the whole picture of its climate responsibility, though. Carbon dioxide is stable in the atmosphere for hundreds of years. That means greenhouse gases from the first coal power plant, which opened in the late 19th century, are still having a warming effect on the planet today. Adding up each countrys emissions over the course of its history reveals that the US has the greatest historical contributionthe country is responsible for about 24% of all the climate pollution released into the atmosphere as of 2023. While its the biggest polluter today, China comes in second in terms of historical emissions, at 14%. If the EUs member states are totaled as one entity, the group is among the top historical contributors as well. According to an analysis published November 19 by the website Carbon Brief, China passed EU member states in terms of historical emissions in 2023 for the first time. China could catch up with the West in the coming decades, as its emissions are significant and still growing, while the US and EU are seeing moderate declines. Even then, though, theres another factor to consider: population. Dividing a countrys total emissions by its population reveals how the average individual in each nation is contributing to climate change today. Countries with smaller populations and economies that are heavily reliant on oil and gas tend to top this list, including Saudi Arabia, Bahrain, and the United Arab Emirates. Among the larger nations, Australia has the highest per capita emissions from fossil fuels, with the US and Canada close behind. Meanwhile, other countries that have high total emissions are farther down the list when normalized by population: Chinas per capita emissions are just over half that of the US, while Indias is a small fraction. Understanding the complicated picture of global emissions is crucial, especially during ongoing negotiations (including the current meeting at COP29 in Baku, Azerbaijan) over how to help developing nations pay for efforts to combat climate change. Looking at current emissions, one might expect the biggest emitter, China, to contribute more than any other country to climate finance. But considering historical contributions, per capita emissions, and details about national economies, other nations like the US, UK, and members of the EU emerge as those experts tend to say should feature prominently in the talks. What is clear is that when it comes to the emissions blame game, its more complicated than just pointing at todays biggest polluters. Ultimately, addressing climate change will require everyone to get on boardwe all share an atmosphere, and were all going to continue feeling the effects of a changing climate. Notes on data methodology: Emissions data is from the Global Carbon Project, which estimates carbon emissions based on energy use. Territorial emissions take into account energy and some industry, but dont include land use emissions. Data from the European Union is the sum of its current 27 member states. The bloc is represented together because the EU generally negotiates together on the international stage. Historical emissions for some countries are disaggregated from former borders, including the former USSR and Yugoslavia. The per capita emissions map uses official World Bank boundaries, with the exception of Taiwan, which has separate emissions data in the Global Carbon Project. Western Saharas energy data are reported by Morocco, so its emissions are included in that total. Per capita emissions for Morocco are also used for Western Sahara on the map. More detailed information about the Global Carbon Project methods (including the particulars on how territorial emissions are broken down) is available here.

High Street Rental Auctions aim to tackle empty properties and revitalise town centres through council interventionSource: ShutterstockAccording to the government, one in seven high street properties currently stands vacantCouncils will be granted new legal powers from 2 December to auction leases for long-vacant high street properties, as part of measures introduced under the Levelling Up and Regeneration Act 2023. The initiative, termed High Street Rental Auctions (HSRAs), is intended to address the persistent problem of empty commercial premises in city, town, and village centres.Under the new regulations, local authorities can intervene if properties have been vacant for more than 365 days within a two-year period. The initiative aims to bring these spaces back into use by auctioning leases for one to five years, making them accessible to businesses and community organisations.Local Growth Minister Alex Norris said the powers will put local communities first and help reinvigorate struggling town centres. High streets are the beating heart of our communities. But for too long, too many have been neglected, with more and more empty lots and boarded-up shopfronts, he stated.According to the government, one in seven high street properties currently stands vacant, and HSRAs are seen as a means of countering this trend.The government will highlight the initiative at an HSRA showcase event today in Wolverhampton. The event will feature insights from early adopter councils, which are tasked with piloting the scheme and providing best practice guidance for other authorities.