Connect with us

Software

Petya Ransomware Devastates Ukraine and Infects Institutions Worldwide

blank

Published

on

NotPetya, GoldenEye, ransomware, cyberattack

On June 27, authorities worldwide confirmed that a ransomware, named Petya (aka, NotPetya or GoldenEye), infected a massive number of organizations and institutions across the world, over two thousand at last count. The attackers are demanding $300 (US) in Bitcoin for each infected machine to regain access to the encrypted files. Multiple sources, including the National Cyber Security Centre (UK), the Reporting and Analysis Centre (Switzerland), and the Federal Office for Information Security (Germany), confirmed that the virus is exploiting the Server Message Block vulnerability. This is the same vulnerability the WannaCry virus exploited last month.

The earliest confirmed reports came from Ukraine where the ransomware has disrupted the entire country’s infrastructure. The deputy Prime Minister, Rozenko Pavlo, confirmed infection of all government computers. The national power company and Ukraine’s national bank confirmed an attack that included disabling ATMs. Ukraine’s primary airport, Boryspil International, experienced computers and flight boards going down which interfered with all inbound and outbound flights. The cyber attack crippled the monitoring system for the Chernobyl exclusion zone. Authorities there are manually monitoring the radiation until they can bring the system back online.

Continued Russian Aggression Against Ukraine?

Some in the Ukrainian government are blaming Russia for the attack. They say that the cyber attack on the country is not a coincidence because June 28 is Ukraine’s Constitution Day. Furthermore, hours before the virus infected systems, a car-bomb assassinated a high-ranking Ukrainian intelligence officer, Colonel Maksim Shapoval. Taken in context of continued Russian aggression against the Ukraine, it is hard not to make this connection.

However, Russia denies orchestrating the ransomware attack. There is the fact that the Russian oil firm Rosneft confirmed that its servers were attacked. Other major targets include the Danish conglomerate Maersk, the largest container shipping company in the world, and the US pharmaceutical company Merck. Companies in Denmark and Spain have also confirmed attacks by the same virus.

Exploits and Patches

Early analysis shows that Petya is employing the NSA exploits EternalBlue and EternalRomance, as well as EsteemAudit. Microsoft has released patches for these exploits since March, so it is not known if these were insufficient to block the infection or if the affected institutions did not install the patches.

We will learn more over the next few days about the global extent of the attack, though it may be a month or two before we truly understand the economic and social costs.

Archaeology, technology, science, movies and TV shows, video games, government and politics, reading sci-fi and fantasy, '60s/70s classic rock. These are the areas in which I spend my days (somewhere in there are food and travel...).

Apps

Spotify evaluates video courses to provide instruction in various areas such as music creation and excel

blank

Published

on

blank

Netflix has established a distinct market presence in the domains of music streaming, podcast entertainment, and audiobooks. In its continuous endeavors to enhance user engagement and financial investment on its platform, Spotify is introducing a novel content category known as e-learning.

Spotify is now conducting an initial launch in the United Kingdom to assess the viability of introducing an online educational platform consisting of freemium video courses. The course, which is developed in collaboration with external entities such as the BBC and Skillshare, offers a minimum of two complimentary courses. The overall cost of the course often falls within the range of £20 to £80. Currently, the costs will remain consistent for both basic and premium users.

In an interview, Mohit Jitani, the product director for the education business based in London, stated that pricing decisions are being tested. “Our primary objective with this launch is to gain a comprehensive understanding of the demand,” he stated. “Next, we will enhance our approach to make it more captivating and stimulating.”

The content will be available on both Spotify’s homepage and browse tabs, namely under the “Courses” section. It may be accessed both online and through the Spotify mobile app.

The courses are positioned between YouTube, Master Class, and LinkedIn Learning. The videos in the current catalog encompass a diverse array of topics, ranging from music production to Excel proficiency. Additionally, there are lessons on developing online learning materials to empower musicians and other individuals to become “education creators.”

While there are numerous online learning platforms available on the internet that offer interactive content and various media formats, including startups that aim to become the “Spotify for education” when searching for that term, Spotify’s educational strategy primarily revolves around providing one-way, on-demand video.

According to Jitani, certain courses may include supplementary material, albeit primarily in the form of additional documents rather than assessments or other forms of engagement. The individual refrained from providing an update regarding the potential implementation of gamification by Spotify in the future, as well as the potential inclusion of games in their future plans.

The initial collaborators for Courses include Skillshare, which will prioritize creative pursuits; PLAYvirtuoso, which offers courses in the music industry; BBC Maestro, which provides Master Class-like content; and Thinkific, which caters to individuals seeking to develop their abilities through online learning programs. According to Jitani, Spotify intends to customize its offerings through its course, taking into consideration the preferences and search queries of its users on the site. However, upon examining the catalogs of these individual suppliers, it becomes evident that the topics encompass a considerable range and depth.

According to Jitani, valuable insights would be gained into individuals’ genuine interests, leading to the emergence of numerous sectors centered around these topics. Subsequently, we will proceed to locate the most optimal content.

Third-party publishers who give Spotify a license own the content. However, the videos will be stored and purchased directly on Spotify’s platform. Regarding the distribution of money, the creator, publisher, and Spotify will each receive a portion of the sales, while content partners will be responsible for managing the payments made to the creators.

Spotify has not provided details regarding the allocation of the cut to specific individuals, nor has it indicated whether it will potentially provide any type of reduction or further advantage to existing premium members on the platform.

What is the purpose of education? What is the reason for choosing the UK?
The aforementioned action indicates Spotify’s strategic approach to further expanding its business operations, with the concurrent objective of establishing a trajectory towards enhanced profitability and improved profit margins. According to Jitani, the United Kingdom has been selected as the target market due to its significant market size and existing high level of engagement on a global scale.

Spotify experiences significant fluctuations in its financial performance within the current market. The company experienced three instances of workforce reductions in the previous year, and its financial performance has been predominantly unprofitable rather than successful. Notably, in February, the company reported a net loss of $81 million in its quarterly profits.

Indeed, the realms of online learning and professional development may appear unappealing for a firm mostly recognized for music streaming. However, there are three specific domains where it is logical.

As Spotify’s podcasting business expands, it is accumulating substantial data on user activities on the platform. It has identified a strong association between popular podcasts on Spotify and educational material.

According to Spotify, almost 50% of Spotify Premium customers have engaged with educational or self-help-oriented podcasts. Spotify has the capability to employ suggestion-surfacing techniques, similar to those employed for music and podcasts, in order to engage in cross-promotion. Consider, for instance, a podcast featuring a “business guru” who is now endorsing a paid course featuring that individual. Spotify is wagering that one will facilitate the sale of the other.

In addition, Spotify has been actively developing solutions aimed at assisting content creators in effectively managing and expanding their revenue streams. Providing educational materials focused on business management or enhancing music production aligns with this objective.

Furthermore, there is the video component. Spotify has been endeavoring to expand its presence in the video industry for nearly ten years.

That has not yet resulted in becoming a competitor to YouTube or Netflix. The company’s most recent earnings call included a single mention of video, with CEO Daniel Ek providing a vague description of video podcasting as “growing in a healthy way.”. However, earlier this month, it introduced music videos in specific regions, and now we are making a sincere endeavor to produce informative videos. It may still find its rhythm.

Continue Reading

iOS

Apple has introduced a new fee for apps in response to the EU’s gatekeeper rules

blank

Published

on

blank

Apple has unveiled a series of upcoming updates to iOS in the European Union, which will include a new fee for developers. These changes are part of the iPhone maker’s efforts to comply with the Digital Markets Act (DMA), the bloc’s competition reform initiative.

In September, the EU classified Apple as one of six “gatekeepers” under the DMA, identifying the iOS App Store and Safari browser as “core platform services.” The regulation places a set of responsibilities and limitations on gatekeepers. Apple is being compelled to accept sideloading of apps, along with other alterations. The gatekeepers must comply with the DMA by March 7, which is the deadline.

Today, Apple announced the availability of iOS 17.4 in beta. According to Apple, this update will assist developers in getting ready for the upcoming changes to its mobile platform. To meet the EU’s compliance deadline, these changes will go into effect next month.

During a background briefing with journalists prior to the beta launch, Apple revealed that it has dedicated significant time and effort to developing its solution in order to meet the requirements of the DMA. However, it also cautioned that certain modifications may introduce additional vulnerabilities for users. This echoes a well-established concern about sideloading, as it has the potential to compromise the security and privacy of iOS users.

Apple has announced upcoming changes for iOS developers who distribute apps in the European Economic Area (EEA). These changes include:

  • Exciting developments have emerged in the realm of distributing iOS apps, with the introduction of fresh APIs and tools that empower developers to make their iOS apps available for download from various alternative app marketplaces.
  • Introducing a cutting-edge framework and APIs that empower developers to build their own app marketplaces. With this innovative solution, marketplace developers can effortlessly install apps and seamlessly handle updates on behalf of other developers, all within their dedicated marketplace app.
  • Introducing new frameworks and APIs that empower developers to utilize different browser engines is expanding the possibilities for browser apps and apps with in-app browsing experiences beyond just WebKit.
  • A form is available for developers to submit requests for interoperability with iPhone and iOS hardware and software features.

There was new information last week regarding an offer that Apple made to the EU in an effort to end an antitrust investigation involving Apple Pay. Today, it was indicated that the proposed changes to contactless payments on iOS are in line with industry standards. These changes include new APIs that enable developers to utilize NFC technology in their banking and wallet apps across the EEA. Additionally, users will have the ability to choose a third-party contactless payment app or an alternative app marketplace as their default option.

As with the various changes Apple is introducing today, it will be the responsibility of the European Commission to evaluate their compliance with the DMA and determine if they meet the legal requirements.

If EU regulators determine that Apple’s modifications do not align with the DMA, it may result in substantial fines amounting to 10% of their global annual turnover and compel Apple to reconsider their approach.

Introducing fresh business terminology and an additional fee for essential technology.

Alongside the various DMA-focused changes that developers will have access to, Apple is also rolling out new business terms in Europe. These terms include the implementation of a new fee known as the “Core Technology Fee.”

This appears to be designed to guarantee that Apple can still receive a portion of the revenue in certain situations, even if developers choose to go beyond its controlled environment. This could include distributing their apps through other app stores or directing users to their own websites to make payments for additional content.

According to Apple, iOS apps that are downloaded from the App Store or another app marketplace will incur a fee of €0.50 for each initial installation per year if the number of installations exceeds 1 million.

Developers who wish to utilize the newly announced features, such as the option to distribute their apps through different app stores, are required to agree to the updated business terms.

“The new business terms for apps in the EU are crucial to meet the DMA’s requirements for alternative distribution and payment processing,” stated Apple in a press release. Apple’s fee structure is designed to acknowledge the various ways in which they contribute to the success of developers’ businesses. This includes providing distribution and discovery opportunities on the App Store, secure payment processing, a trusted mobile platform, and a range of tools and technology to facilitate the creation and sharing of innovative apps with users worldwide.

As part of the new business terms, Apple is adjusting the percentage it receives from digital purchases made on iOS apps in its App Store. This adjustment applies to transactions involving digital goods and services, with a reduced cut of 17%. Additionally, for the majority of developers and subscriptions after their first year, Apple will only take a 10% share.

Apple will charge a payment processing fee of an extra 3% for iOS apps on the App Store that wish to utilize their own payment technology.

However, developers have the option to utilize a different payment service provider within their app or direct users to their website for payment processing without incurring any extra charges from Apple.

In addition, Apple announced that developers will have the option to continue with its current business terms. This means that they can still collect a commission on in-app purchases made through apps on the App Store, with the standard rate being 30% (or 15% for small businesses).

Developers can choose their own terms and still have access to the App Store’s payment processing technology and distribution platform in the EU, according to Apple.

According to the new business terms, the tech giant predicts that the majority of developers will either decrease or keep the fees they owe.

Additionally, it indicates that a very small percentage of developers will be required to pay the Core Technology Fee for their EU apps. This fee is specifically aimed at apps that have achieved significant popularity, such as being installed on millions of iOS devices.

Apple is defending the implementation of the new fee by stating that it accurately represents the worth of its technology platform and services, which are separate from the App Store’s capabilities and distribution.

Although the DMA requires app stores to allow sideloading, it does not enforce any particular business models on them. Yet, it is uncertain if Apple’s strategic adjustments to its business terms in the EU, along with the options it is offering to developers, will meet the approval of regulators.

According to Article 6(12) of the DMA:

The gatekeeper shall apply fair, reasonable, and non-discriminatory general conditions of access for business users to its software application stores, online search engines and online social networking services listed in the designation decision pursuant to Article 3(9).

In order to avoid violating the DMA, Apple will have to convincingly argue that the framework it has developed is “equitable, rational, and unbiased.”

As part of its updates, Apple is introducing several new features to its platform. These features include notarization for iOS apps, which involves a thorough review process to ensure platform integrity and user protection. It will include both automated checks and human reviews. Apple is also implementing app installation sheets, which provide users with concise descriptions and functionality overviews before downloading an app. Additionally, Apple will require marketplace developers to meet ongoing requirements to safeguard users and developers. Lastly, Apple is enhancing its malware protections to prevent iOS apps from launching if they are found to contain malware after installation.

During the last press event, Apple emphasized that the modifications mandated by the EU would introduce whole new vulnerabilities for iOS users.

The business emphasized the security concern of allowing iOS applications to install other apps on the user’s device, which Apple refers to as “marketplace apps.” This is considered a typical method for malware attacks. While its reps said that there has never been a prevalent consumer malware assault on iOS up until now,.

Developers who agree to Apple’s new business rules will have the opportunity to create alternative app stores, also known as marketplace applications. However, they will still be required to go through Apple’s app review process and fulfill certain criteria that aim to safeguard consumers and developers.

Additional modifications are forthcoming, addressing various DMA requirements regarding Apple’s App Store and Safari browser. Some of these changes appear to be aimed at prompting iOS users to exercise caution before choosing any non-Apple alternatives. One such change involves the introduction of a choice screen, which will allow iOS users to designate their default browser. This screen will present a range of competing browsers alongside Apple’s Safari browser. Furthermore, developers will now have the capability to offer browsers that are not reliant on the WebKit browser engine. Apple has introduced new labels on the App Store product pages to notify users when an app they are downloading uses a different payment processing system. Additionally, in-app disclosure sheets will inform users when they are no longer making transactions with Apple and when a developer is directing them to use an alternative payment processor. Apple has introduced new procedures for reviewing apps. These procedures aim to ensure that developers provide accurate information about transactions involving alternative payment processors. Additionally, Apple has expanded the data portability feature on its Data & Privacy site. This allows users in the European Union to access and export new data about their App Store usage to an authorized third party.

One strategy Apple may use to encourage customers to continue using its own payment technology for third-party applications is by notifying iOS users when they are no longer doing transactions with Apple. However, Apple may argue that this is only an “equitable and rational” cautionary message sent to its customers when they go outside its controlled environment.

The DMA grants gatekeepers the authority to implement “strictly necessary and proportionate” actions to safeguard the integrity of the hardware, software, or operating systems they offer. This includes protecting against potential risks posed by third-party apps and stores as well as complying with the interoperability requirements mandated by the DMA. It’s crucial to remember that the gatekeeper must justify any measures taken.

Apple has announced another update that would allow developers to provide a streaming game app store.

In response to Apple’s action, Epic Games, which had previously filed a lawsuit against the tech giant in the United States on the terms of the App Store, expressed their disapproval. They referred to their offering in the European Union as “malicious compliance” and criticized it for including excessive and unnecessary costs.

Continue Reading

Software

NordPass Review: The Pinnacle of Password Management

blank

Published

on

blank

In the ever-expanding realm of digital security, managing passwords efficiently is paramount. As someone who values both security and convenience, I explored several password management solutions and found NordPass to stand out as the best among the competition. With its seamless user experience, robust security features, and commitment to user privacy, NordPass has established itself as a leader in the crowded field of password management.

User-Friendly Interface: Intuitive and Accessible

NordPass impresses right from the start with its clean and intuitive user interface. Navigating the platform is a breeze, making it suitable for users with varying levels of technical expertise. The setup process is straightforward, allowing users to import existing passwords or generate new ones effortlessly.

The browser extension seamlessly integrates with popular browsers, offering a hassle-free experience when saving and autofilling passwords. The vault’s organized layout ensures easy access to stored credentials, and the password health feature provides valuable insights into the strength of existing passwords, encouraging users to enhance their security practices.

Secure Password Generation and Storage: Cutting-Edge Encryption

NordPass employs state-of-the-art encryption to safeguard user data. Utilizing the XChaCha20 encryption algorithm, NordPass ensures that sensitive information stored in the vault remains secure from prying eyes. The zero-knowledge architecture means that NordPass has no access to user passwords, reinforcing the commitment to user privacy.

The password generator tool is a standout feature, allowing users to create complex, unique passwords with ease. It considers password requirements of various websites and applications, tailoring generated passwords accordingly. This proactive approach to password security demonstrates NordPass’s dedication to helping users strengthen their online defenses.

Seamless Cross-Platform Integration: Accessibility Anytime, Anywhere

NordPass offers a synchronized experience across multiple devices and platforms. Whether using Windows, macOS, Android, or iOS, the seamless integration ensures that users have access to their passwords whenever and wherever needed. The synchronization process is swift and reliable, eliminating the frustration of dealing with outdated or inaccessible passwords.

Furthermore, the ability to securely share passwords with trusted individuals enhances collaboration without compromising security. This feature is particularly useful for families or teams who need to manage shared accounts without revealing sensitive login details.

Secure Notes and Personal Information Storage: Beyond Passwords

NordPass goes beyond mere password management by offering a secure space for storing sensitive notes and personal information. This feature allows users to keep confidential information, such as credit card details and secure notes, in the same encrypted vault as their passwords. This consolidated approach simplifies digital security, providing users with a comprehensive solution for safeguarding various types of sensitive data.

Competitive Pricing and Value: Affordable Security

NordPass delivers exceptional value for its cost, making it an attractive option for users seeking a balance between affordability and premium features. The subscription plans cater to individual users, families, and business teams, ensuring that a wide range of users can benefit from NordPass’s robust security features without breaking the bank.

Customer Support: Responsive and Knowledgeable

NordPass takes customer support seriously, providing 24/7 assistance to address any queries or concerns users may have. The support team is knowledgeable and responsive, ensuring that users receive timely and effective solutions to their issues. This commitment to customer satisfaction adds another layer of trust to the NordPass experience.

Conclusion: NordPass Reigns Supreme in Password Management

In the realm of password management, NordPass shines as a beacon of excellence. With its user-friendly interface, cutting-edge encryption, seamless cross-platform integration, and competitive pricing, NordPass outpaces its competitors. The commitment to user privacy and security is evident in every aspect of the service, making NordPass the top choice for individuals and businesses alike. For those seeking a reliable, intuitive, and secure password management solution, NordPass stands as the pinnacle of the industry.

Continue Reading

Trending