Just as Google announced it would be adopting virtual cards for shopping through Chrome, Apple is likely also implementing virtual cards in its Safari browser. The news comes from 9to5Macwhich is currently digging through the iOS 16 beta 3, released yesterday morning for developers. According to code the site has seen, Apple has apparently been working to implement virtual cards within Safari to keep your online shopping ventures secure across the board.

Virtual cards are offered by some banks as an option while shopping online so that your actual card and account information isn’t what’s making the rounds when data breaches occur. It also makes it easier for banks and other institutions to cancel a card on a whim. And it’s a more straightforward mechanism for providing one-time use cards.

While Apple Pay does use tokenization for transactions done through the app, those who don’t have access to or haven’t set it up will supposedly be able to use this virtual card method through Safari instead. Safari’s AutoFill will, according to 9to5Mac, Comply with virtual cards by hiding your card number as you shop, even if it’s already stored in the chain.

9to5Mac notes that since the feature is technically still in beta, it’s unclear whether it will only work with certain banks and cards. On its part, Google’s virtual card ability within Chrome will go live later this summer with support for Visa, American Express, and Capital One cards. Mastercard support is also slated to arrive later in the year. It’s not far off to imagine Apple will have similar partnerships when iOS 16 goes live.

While several companies already offer this kind of virtual transaction protection, including stripesome people might not want to go through a third party for the ability.

Apple’s iOS 16 beta is only available for developers, though a public beta is due sometime this month.

.

<p>The post Apple’s Version of Virtual Cards Could Be Coming in iOS 16 first appeared on harchi90.</p>

There’s some big news from Meta today. First, Meta is set to release its newest, mysterious, high-end virtual reality headset sometime this year. The company has been referring to the forthcoming VR hardware under the codename “Project Cambria,” but the actual headset will probably be called the “Meta Quest Pro,” according to a report from Bloomberg. Second, you won’t need a Facebook account to use it once its available, according to a statement from the company. That’s a major relief for Oculus true believers, who bought into VR before Facebook even rebranded itself and were then forced to migrate from Oculus to Facebook accounts in 2020, around the same time as the Quest 2 launch, to many headaches.

The Meta Quest Pro

The Quest Pro name first came to light inside the code of Meta’s iPhone app for managing connected VR headsets, spotted by a developer named Steve Moser—who then shared his finding with Bloomberg. “Pair Meta Quest Pro right controller,” is the code’s specific text.

The company formerly known as Facebook has been trying its hardest to highlight its foray into virtual reality. While it’s been investing in new VR headsets, Meta has simultaneously been abandoning other hardware products, like its now-dead smartwatch endeavor. The Quest 2 has easily been the most successful of these efforts, so it makes sense for the Cambria to adopt the Quest nomenclature when it hits the market. Still, it doesn’t quite mesh with what the company has said about Cambria in the past.

Meta Accounts Are on the Way

In another new step towards prioritizing VR, the company will be introducing Meta accounts next month. Previously, using Meta products like VR headsets required a Facebook account. But soon, users will reportedly be able to create a separate account, unrelated to Facebook, to engage with Meta’s existing (and future) VR hardware.

This will come as a major relief to those who purchased headsets from Meta/Facebook when the company still used Oculus accounts, as the shift to using Facebook for logging in caused no shortage of headaches when it took place in 2020, especially since it coincided with the Quest 2 launch. We just hope that nobody gets locked out of their new device in the shift to a new account system this time around.

our take

back to that future hardware: Facebook declined Gizmodo’s request for comment on the alleged new product moniker. If the accidental code reveal is accurate, though, there’s some irony to Meta dubbing its next headset Quest Pro.

The company currently only sells one headset, the $299 Quest 2. In a video from Meta’s Facebook Connect 2021 conference, Mark Zuckerberg went out of his way to distance the forthcoming Cambria headset from its predecessors. “This isn’t the next Quest. It’s going to be compatible with Quest, but Cambria will be a completely new, advanced and high-end product,” he said. Yet, Quest Pro sure sounds a lot like the next Quest, even if the connection is apparent in name alone.

The next gen headset is set to include lots of new features. There will be more sensors to detect and reflect the users’ facial expression on their Metaverse avatar in real-time. Plus, the Quest Pro/Cambria headset will reportedly have high resolution, full color, mixed-reality passthrough—in theory allowing users to easily interact in both actual reality and Metaverse reality at the same time, at least as explained by Zuckerberg and the director of product for Meta’s VR branch, Angela Chang, in the conference video. Finally, the headset will use “pancake optics,” or a new type of slim, layered lens that will offer the “best optics ever in one of our headsets,” Chang said.

Meta hasn’t yet released an official price for new headset. Though, it’ll be sold for “significantly more” than $799, according to a report from UploadVR. And Bloomberg reported that the cost will be over $1,000. Apparently, you have to pay big to have as much fun(?) as the Zuck is having in this first look video—Quest Pro/Cambria conveniently blurred out.

But at least you won’t need to log in to the same service your Aunt shares her vacation photos on just to use it.

.

<p>The post You Won’t Need a Facebook Account to Use Meta’s ‘Quest Pro’ first appeared on harchi90.</p>

It looks like Mickey Mouse might need a refresher on digital security.

On Thursday morning The Happiest Place on Earth’s Instagram account was briefly taken over by a self-described “super-hacker” who claims to have sought revenge on Disneyland employees who supposedly mocked his “small penis.” The “hacker” possessed all the hallmarks of an unoriginal internet troll.

“WHO’S THE TOUGH GUY NOW JEROME,” the poster, who identified himself as David DO,” wrote according to a screenshot saved by CBS News. The offending posts reportedly began to pop up around 3:50 am Pacific time but appear to have been removed at the time of writing.

In addition to the above posts, which featured the image of a glasses-wearing young man with black hair and dark eyes, CBS Los Angeles notes three additional posts and one Instagram story featuring racial slurs and unhinged tangents. In some of those posts, the hacker reportedly used the n-word, while in others he reportedly claimed to have, “invented COVID and blamed it on Wuhan.” This supposed worldd-class hacker also claimed he was “working on COVID20.”

disneyand did not immediately respond to Gizmodo’s request for comment. Gizmodo reached out to several accounts on Instagram and Twitch that appear to match the image and handle of the poster and but we haven’t heard back.

The troll’s posts seemed limited to Disneyland’s Instagram account, which at the time of writing boasts 8.4 million followers. The most recent post on Disneyland’s account at the time involve a performance of The Lion Kingdated six days old.

If this was, in fact, a “hack” it will likely bring back bad memories for security workers in the Disney orbit. Back in 2019, the then recently launched Disney+ subscription streaming service fell victim to hackers who reportedly acquired users’ credentials and sold them on the dark web.

.

<p>The post Hacker Plasters Disneyland’s Instagram With Racial Slurs first appeared on harchi90.</p>

Android’s reputation as a platform that doesn’t care about user privacy is outdated: If you’re using a modern Android smartphone, you have a lot of control over which app can access your data, and in what contexts. Thanks to new privacy features, you can give an app access to your location for a limited time, for example. If you haven’t thought about app permissions in a while or are prone to giving apps any permission they want, you should do a privacy permissions audit.

Thanks to Google’s push for better privacy controls, most modern Android smartphones come with a dedicated Permissions Manager (starting from Android 12, it’s called Privacy Dashboard), which gives you a single place where you can choose which apps can access things like your call logs , camera, microphone, location, contacts, files, physical activity, and more.

open the “Settings” app on your Android smartphone, and go to privacy > Permission Manager (or Privacy Dashboard). Different manufacturers might use different phrases for this. If you don’t find the options, search for “permissions” in the Settings app.

You’ll see a list of all available permissions. Go through the list and see if anything is out of the ordinary. For example, Facebook asking for constant location access, or an obscure app looking at your call logs. Choose the app and then switch to “don’t allow” Know that some features require these permissions to work: If you return to the app, and notice something you enjoy isn’t working, consider allowing the permission again.

If you don’t want to block the app, you can fine-tune the permissions as well. For example, users running Android 10 and above can choose to share their location with an app only when it’s running. And if you’re running Android 11 and up, you can grant an app temporary access to things like your location, microphone, or camera. Android 12 takes it even further by only giving out approximate location so that no app can find your precise location (of course you shouldn’t use this setting for something like Google Maps, or a ride-sharing app).

Now that you understand how permissions work in newer Android versions, go through the list of apps and revoke access as you see fit (and, if you’re using Android 11, make use of the new temporary permissions features).

.

<p>The post Do This Android App Privacy Audit, I Beg You first appeared on harchi90.</p>

Older Android phones are a known security risk, but recent research from Microsoft’s 365 Defender Research Team shows just how vulnerable the outdated devices are vulnerable to a serious form of malware known as “toll fraud.”

Toll fraud malware hides in normal-looking apps, quietly signing up users for premium subscription services through the user’s phone service. We’re not talking covert Netflix subs, here: Instead, victims are signed up for useless services that can cost hundreds of dollars or more each year.

Microsoft’s research shows devices running Android 9 and older are the most at risk for such attacks, but we’ve seen similar exploits affect newer versions of Android as well. Worse, hackers are constantly changing how these attacks work, allowing malicious apps to circumvent Google Play’s security measures. that means there could be scores of toll fraud apps (along with other types of malware) hiding in the Google Play Store listings right now—which is why it’s important for all Android users to know how to spot the problem before it becomes one.

What is toll fraud?

Microsoft has a comprehensive breakdown of how toll fraud works, but the common attack happens in three stages.

First, the user downloads a seemingly safe app from Google Play or a third-party app distributor. Once the app is installed, it updates itself with new, malicious code that would normally flag Google Play’s security checks.

Once updated, the app performs the second phase of the attack, which includes a few different steps, such as using fake login pages and a Wireless Application Protocol (WAP) to sign you up for the unwanted services. (WAPs are a legitimate tool apps use to sign users up for services through their phone service rather than through a payment card or other billing options, but they’re clearly prone to abuse.)

Since WAPs require a cellular connection, the fraudulent app will often wait for the infected device to use wireless data instead of wifi connections. In some cases, these apps will even force the phone to connect to cellular data, even if a wifi connection is available.

For the last part of the attack, the app intercepts and blocks SMS confirmation—the messages you’d normally receive after signing up to WAP services legitimately—so you won’t know anything is wrong until you check your phone bill and see the unexpected transactions.

How to prevent toll fraud malware attacks

Toll attacks like this happen silently in the background, making them extremely difficult to catch. Microsoft’s research team outlined ways Google can continue to enhance its security features to prevent toll fraud and similar forms of malware, but there are also few ways users can prevent these attacks on their own.

Obviously, the most important thing is to keep your devices updated with the latest versions of Android and all security patches. As we mentioned above, devices running Android 9 and earlier are the most at risk. If possible, update to Android 10 or later and install the latest security patches available to you.

Of course, updating to a newer version of Android isn’t possible for all devices, and buying a new phone to replace your outdated one may not be either. plus, whome seen similar attacks on newer versions of Android, such as the “Joker” malware; it’s also possible (indeed, likely) that new forms of toll fraud could target newer Android phones in the future.

That’s why you should always thoroughly vet an app before downloading. Read reviews (not just the top-rated, but the low ratings, too), research the app online, and only download apps from trusted sources. Similarly, installing a trustworthy anti-malware app may allow you to intercept sketchy apps before they can do anything.

That said, many shady apps do look legit, which is why you still need to watch for red flags after installing an app. Common characteristics of malicious apps and trojans include:

• Seemingly random login pages requesting to link a social media or email account.
• Unnecessary app permissions.
• Requests to install additional software or updates that don’t come through the Google Play store.

That’s not an exhaustive list, but they’re common indicators of an unsafe app. Be sure to check our guides front spotting other types of internet scams and malware for more tips.

[Android Central]

.

<p>The post Avoid These ‘Toll Fraud’ Apps on Android first appeared on harchi90.</p>

NFT Pokémon clone Axie Infinity went from being famous for players profiting off its “play-to-earn” gaming scam to infamous for getting hacked out of $540 million in cryptocurrency. Now according to a new report by The Block we know what made the security breach possible: a sophisticated phishing attempt socially engineered on LinkedIn that sounds like a deleted episode of Mr. Robot.

For those unfamiliar with the Axie grift, developer Sky Mavis developed an Ethereum-linked sidechain called the Ronin Network and grafted on a game about battling and breeding cute monsters called Axie Infinity. Borrowing mechanics from the likes of Pokémon, neopetsand Hearthstone, players were invited to earn Ethereum-based cryptocurrencies in-game by grinding, and for a while it was turning a huge profit as fresh players poured their time and money into the platform. Then earlier this year the enterprise hit all sorts of snagsfrom stagnating growth to currency inflation and, not least of all, one of the biggest crypto hacks of all time.

Developer Sky Mavis revealed back in April that the security breach was made possible by an employee who was “compromised” by an “advanced spear-phishing attack.” “The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes,” the company wrote at the time.

The Block now reportsbased on two sources with direct knowledge of the incident, that the employee in question was a senior engineer on Axie Infinity and the means of infiltrating their computer was a job offer that was too good to be true.

according to The Blockfraudsters representing a fake company approached the engineer through LinkedIn, encouraged them to apply for a job, held multiple rounds of interviews, and eventually made a job offer that included an “extremely generous compensation package.” But the offer was contained in a PDF file.

After the mark downloaded it, spyware was reportedly able to infiltrate the Ronin Network’s systems and grant hackers access to four of the five nodes (out of nine total) they needed to cash out. Access to the fifth was obtained through something called the Axie DAO—a separate organization which Sky Mavis had enlisted to help with the influx of transactions during the height of Axie Infinity‘s popularity. Sky Mavis had failed to remove DAO’s access from its systems after its help was no longer needed.

One of the much-heralded appeals of blockchain technology is its ability to make databases public and accessible to all while still keeping them secure. But any locked door, no matter how strong, is only as secure as the person holding the key to it. here with Axie Infinity, the vulnerability of Sky Mavis’ employees was compounded by careless shortcuts it took to stay on top of the game’s meteoric growth last fall. (Sky Mavis has since increased its total validator nodes to 11, with long-term plans to have over 100.)

Of course, in the meantime the company still needs to pay back everyone who lost money in the hack. In April, it raised another $150 million, partly in a bid to make its existing playerbase whole again. That same month, the FBI identified North Korea hackers “Lazarus Group” as the culprits behind the Axie Infinity hit. The federal law enforcement agency also recently Warning companies against accidentally hiring North Korean hackers as remote IT specialists.

.

<p>The post Phishing Scam Reportedly Behind $540 Million Axie Infinity Hack first appeared on harchi90.</p>

no matter what browser you use on your Androidit accumulates junk files over time. Left unchecked, those files can take up anywhere between 100s of megabytes to multiple gigabytes of storage space. it not only slows down your browser, but can also affect the speed of your phone, and the solution is easy: periodically clear the junk files from your browsers.

How to clear the cache from your Android browsers

Each browser has different steps when it comes to clearing cache and junk files. We’ll cover the popular browsers below.

Chrome

Open the browser, tap the three-dotted Menu button, and go to History > Clear Browsing Data.

From here, make sure that the time range option is set to “all time” Next, choose the “Cookies and site data” and “Cached images and files” options. tap “Clear Data” to get rid of all the saved data.

Samsung Internet

If you use a Samsung smartphone, you might use their bundled browser. Open the browser and tap the three-lined Menu in the bottom-right corner. Ghe to Settings > Personal Data > Delete browsing data. Choodie the “Cookies and site data” and “Cached images and files” options. tap “delete data” and confirm from the popup.

Firefox

Tap the three-dotted Menu button in the top-right and go to Settings > Delete browsing data. Choose the “Cookies” and “Cached images and files” options. then tap “Delete browsing data.”

How to clear the cache for any Android app

What if you’re using a niche browser like Brave or Opera? look in the History section in Settingsand you’ll see the option for clearing junk files there.

There’s also a global option for clearing cache that works for any app, including browsers, but we wouldn’t suggest you use this for apps like your bank or password managers, since you’d risk losing important data: open the Settings app on your Android phone, go to Apps & Notifications (or Apps) > App Infoand choose the app you wantthen go to the “Storage and Cache” section and tap “Clear Cache” All the temporary files will be deleted instantly.

.

<p>The post The Simplest Way to Make Your Android Run Faster first appeared on harchi90.</p>

If you use Google Chrome on Windows or Android, you need to update ASAP. there’s a new browser update for each platform that includes patches for newly discovered security vulnerabilities. The bad news: One of these security flaws has a known exploit, meaning your browser and its data are at risk unless you update now.

Google confirmed these updates on its Chrome Release blogs for windows and Android. Windows users will need to update to version 103.0.5060.114, while Android users will see version 103.0.5060.71. The company says these updates patch four security vulnerabilities in Chrome for Windows and three vulnerabilities in Chrome for Android. Oddly, however, Google omitted one of the vulnerabilities from its list:

• [$TBD][1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
• [$7500][1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at SSL on 2022-06-16
• [$3000][1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 (Desktop only)

While it’s important to protect yourself from all security bugs possible, it’s really the first of these three that is the most concerning, as Google confirmed in its update log there is a known exploit for CVE-2022-2294 in the wild. When an exploit for a security vulnerability exists, it means at least somebody knows how to take advantage of the bug, if they haven’t done so already. that’s dangeroussince the likely billion of Chrome users on Windows and Android will be at risk until the bug is patched and their devices are updated.

CVE-2022-2294 is a buffer overflow vulnerability. It occurs when a program tries to write more data to a memory location than that location can accept, causing it to overflow into another space. These vulnerabilities are not uncommon, but when they are discovered, malicious users can take advantage of them. If Chrome isn’t fully updated on your PC or Android device, you are at risk.

While Google isn’t publicly aware of exploitations for the other vulnerabilities at this time, it’s likely such exploits will be discovered eventually. The longer you wait to update, the more vulnerabilities there will be to content with.

For some reason, these security flaws don’t seem to affect Mac or iOS users. As such, you won’t see a new Chrome update on these platforms just yet.

How to update Google Chrome on Windows and Android

To protect your browser and your data, update Chrome now. To do sofront Windows, click the three dots in the top-right corner of the browser window, then choose Help > About Google Chrome. Allow Chrome to look for a new update. if one is available, choose “Relaunch” to install the update to your browser.

To update the app on Android, head to the Google Play Store. Search for Google Chrome, then choose “Update” next to the app. If you have automatic updates enabled, the app may update on its own: If you only see an “Open” option, you’re all set.

[How-To Geek]

.

<p>The post Update Chrome ASAP on Android and Windows first appeared on harchi90.</p>

Remember last week? It happened about 34 years ago, so if you don’t, I understand. But last Thursday, the official EA Twitter account tweeted a bad joke about single-player games that led to an internet-wide roasting and eventually an apology from the battlefield publisher And apparently, EA is still dealing with angry employees who felt the tweet was an insult to them, their staff, and the games they are making.

A new report from USA Today sheds some light on how the terrible tweet came about, what the reaction to it was internally at EA, what plans were pitched to handle the situation, and the ongoing aftermath of it all. The whole mess is both equally confusing and funny.

According to the report, an hour after the tweet went live last week, it landed in EA’s internal Slack chat room, where employees and social media staff began sharing all the roasts and angry responses (some from current EA execs) that were popping up all over. As negative reactions spiraled out of control and the discourse began, folks at EA began formulating a plan to turn the tweet into a positive. It just wasn’t a good one.

The initial plan was to get all the other EA social media accounts to start dunking on the tweet while hopefully drawing more attention to the various single-player games the publisher has in the works. But some staff pointed out that this “roasting EA strategy” would just reinforce the narrative online that EA’s own studios and teams hate the company. And so, after many social media managers backed out of that plan, it fell apart.

“The most agreed-on idea was to take responsibility for it and apologize,” one source told USA Today. However, this apology ended up being an equally embarrassing tweet saying people who play single-player games were actually 11s.

But while the internet moved on to its next target, higher-ups at EA are continuing to deal with the fallout from the tweet. USA Today reports that the FIFA publisher is hosting roundtable discussions and team meetings with executives who felt the joke was an insult to the games they’re working on and the staff making them.

As for how this happened, well it turns out EA’s official Twitter account isn’t run by anyone from EA or its social teams. According to sources who spoke to USA Todayit’s very likely that the person who tweeted the soon-to-be-infamous joke had no idea how poorly it would be received online.

“I’m 99 percent sure the person who posted the tweet and their manager don’t even know about the single-player games comment from a decade ago,” one source told USA Today. (The comment they reference was the infamous 2010 quote from then-EA Games president Frank Gibeau, saying that single-player games were “finished.”)

Further, that source says that the staff running the Twitter account are “all new” and that most of them “aren’t really game industry people” and likely had no idea about EA’s long, bad history with single-player games.

It seems wild that the official Twitter account for one of the largest video game publishers in the world isn’t run by people who have a working knowledge of video games and the industry, but then again, when do large corporations make logical decisions?

.

<p>The post EA’s Terrible Meme Tweet Angered Many Devs, Execs first appeared on harchi90.</p>

While it’s true that the Android lock screen could use a little perking up since Apple revealed what it’s doing for iOS, this isn’t what we were thinking. according to TechCrunchmobile ad company, Glance, is planning to launch its lock screen platform on Android devices in the US within the next two months.

According to the report, Glance has been in talks with US wireless carriers and it plans to launch on several smartphones as soon as next month. TechCrunch’s source is a person “familiar with the matter” who requested anonymity as “the deliberations are ongoing and private.”

Glance did not immediately respond to Gizmodo’s request for comment and we’ll update this post when we hear back.

Glance is a subsidiary of InMobi, a mobile marketing platform based in India. It’s been referred to as India’s first unicorn startup due to its fundraising success. It even managed to secure Google as an investor a few years back.

Glance comes pre-installed on a heaping helping of Android devices overseas, including Samsung’s budget line of smartphones. It’s not an Android app in the traditional sense, meaning you can hop into the Google Play store and download it. Instead, it rests on top of the Android OS as a sort of overlay. Glance is also a major part of Pragati OS, a custom version of Android developed between Google and Jio for affordable smartphones like the Jio Phone Next.

Glance exists primarily as a dynamic lock screen. Once you turn on the phone screen, you’ll see updated content, like a different wallpaper, news headlines, and video. But it also displays advertisements, and although they’re not blaring on the screen like the pop-up ads of the internet yesterday, they are annoying enough that you can quickly surface message board threads of users trying to disable the ability. While browsing for this story, I even came across this Realme India support account on Twitter apologizing for the lack of ability to disable Glance altogether.

While you can unlock the phone to bypass the content, Glance is programmed to allow you to continue scrolling through to interact with different panels featuring content you might actually want, like news and original video. Beyond its captive audience approach, the company seems to believe it has potential with an “entice you to stay awhile” model. Earlier this year, Glance launched an Android TV experience for Indian customers, promising users the ability to “interact directly in real-time with their favorite stars on their television home screens.”

Despite the perceived success in other corners of the world, it’s worrying that Glance is setting its sights on the United States. Low-end and mid-range device users already get the short end of the stick when buying a smartphone through a carrier. The phone models offered to be low performing and delayed on essential software updates. Imagine dealing with all that on top of bloatware advertisements and unsolicited content that you can’t unbundle or deactivate.

Nothing has been officially announced from Glance’s side, but the existence of advertising on Android smartphones has become a genuine concern over the past few years. To offer an anecdote, I’ve been using the OnePlus 9 since last summer, and the official company app constantly pushes through promotions and things of that sort in the notification shade. The same thing occurred on some Samsung devices, which showed advertising popping up all over the company’s stock apps, including Samsung Health and the Galaxy Store. Fortunately, there’s a fix coming through in Android 13 that blocks out all unwanted pings in the pull-down notification shade the minute you install an app, but that doesn’t fix the core issue.

If more companies find that users are willing to tolerate this kind of forced advertisement, it could hurt the already frayed reputation of the Android platform. That could spell good news for Apple, which has managed to maintain parity in iOS between the “cheaper” models of the iPhone and its latest marquee units while gaining market share. Google is primarily in the ad business and the Android platform is, at least in part, about data collection that feeds ad targeting. Pushing users to invest in an Apple phone that isn’t riddled with bloatware could be a self-own that it really doesn’t need.

.

<p>The post Your Next Android Phone’s Lock Screen Could Be Filled With Ads first appeared on harchi90.</p>