The largest collection of stolen passwords ever has been leaked to a notorious crime marketplace, according to cybersecurity researchers at Cybernews. This leak, dubbed RockYou2024 by its original poster “ObamaCare,” holds a file containing nearly 10 billion unique plaintext passwords. Allegedly gathered from a series of data breaches and hacks accumulated over several years, the passwords were posted on July 4th and hailed as the most extensive collection of stolen and leaked credentials ever seen on the forum. “In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” the researchers told Cybernews. “Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.” Credential stuffing attacks are among the most common methods criminals, ransomware affiliates, and state-sponsored hackers use to access services and systems. Threat actors could exploit the RockYou2024 password collection to conduct brute-force attacks against any unprotected system and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the research team said. This could affect online services, cameras and hardware This could affect various targets, from online services to internet-facing cameras and industrial hardware. “Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” the team concluded. However, despite the seriousness of the data leak, it is important to note that RockYou2024 is primarily a compilation of previous password leaks, estimated to contain entries from a total of 4,000 massive databases of stolen credentials, covering at least two decades. This new file notably includes an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. RockYou2024 added approximately 1.5 billion passwords to the collection, spanning from 2021 through 2024, which, though a massive figure, is only a fraction of the reported 9,948,575,739 passwords in the leak. Thus, users who have changed their passwords since 2021 may not have to panic about a potential breach of their information. That said, the research team at Cybernews stressed the importance of maintaining data security. In response to the leak, they recommend immediately changing the passwords for any accounts associated with the leaked credentials, ensuring each password is strong and unique and not reused across different platforms. Additionally, they advised enabling multi-factor authentication (MFA), which requires an extra form of verification beyond the password, wherever possible, to strengthen cyber security. Lastly, tech users should utilize password manager software, which securely generates and stores complex passwords, mitigating the risk of password reuse across multiple accounts.

Google's new generation of flagship smartphone Pixel 9 series is expected to be officially released in mid-August, and the new machine is likely to be equipped with ultrasonic fingerprint recognition technology for the first time to replace the original optical fingerprint recognition. According to core intelligence, Google Pixel 9 series will use the same Qualcomm 3D Sonic Gen 2 ultrasonic fingerprint recognition sensor as the Samsung Galaxy S24 Ultra. This ultrasonic technology under the screen fingerprint sensor is Qualcomm released at the CES2021 conference, compared with the previous generation of solutions, the module thickness is further reduced to 0.2mm, while the scanning area is expanded to 8mm×8mm, that is, the recognition area is increased by 77%. This will also allow users to realize fingerprint recognition without having to point their fingertips 100% accurately at the identification area indicated on the screen.

LONDON, July 9 (Reuters) - U.S.-based hedge fund Elliott Associates on Tuesday urged a London court to overturn a verdict supporting the London Metal Exchange's (LME) cancellation of nickel trades partly because the exchange failed to disclose documents. The LME annulled $12 billion in nickel trades in March 2022 when prices shot to records above $100,000 a metric ton in a few hours of chaotic trade. Elliott and market maker Jane Street Global Trading brought a case demanding a combined $472 million in compensation, alleging at a trial in June last year that the 146-year-old exchange had acted unlawfully. London's High Court ruled last November that the LME had the right to cancel the trades because of exceptional circumstances, and was not obligated to consult market players prior to its decision. Lawyers for Elliott told London's Court of Appeal that the LME belatedly released documents in May detailing its "Kill Switch" and "Trade Halt" internal procedures. It also newly disclosed an internal report that Elliott said detailed potential conflicts of interest at the exchange. "It was troubling that one gets disclosure out of the blue in the Court of Appeal for the first time," Elliott lawyer Monica Carss-Frisk told the court. Jane Street Global did not appeal the ruling. "If we had had them (documents) in the proceedings before the divisional court, we may well have sought permission to cross examine." LME lawyers said the new documents were not relevant. "The disclosed documents do not affect the reasoning of the divisional court or the merits of the arguments on appeal," the exchange said in documents prepared for the appeal hearing. "Elliott's appeal is largely a repetition of the arguments which were advanced, and rightly rejected." The LME said it had both the power and a duty to unwind the trades because a record $20 billion in margin calls could have led to at least seven clearing members defaulting, systemic risk and a potential "death spiral". Elliott said the ruling diluted protection provided by the Human Rights Act and also wrongly concluded the LME had the power to cancel the trades.

NEW DELHI, July 9 (Reuters) - India's beleaguered Paytm (PAYT.NS), opens new tab has secured approval from a government panel that oversees investments linked to China to invest 500 million rupees ($6 million) in a key subsidiary, three sources with direct knowledge of the matter said. The approval, which still has to be vetted by the finance ministry, will remove the main stumbling block to the unit, Paytm Payment Services, resuming normal business operations. Paytm Payment Services is one of the biggest remaining parts of the fintech firm's business, accounting for a quarter of consolidated revenue in the financial year ended March 2023. A separate unit, Paytm Payments Bank, was wound down this year by order of the central bank due to persistent compliance issues, triggering a meltdown in Paytm's stock. The government panel had earlier held back approval due to concerns about the 9.88% stake in Paytm held by China's Ant Group. India has intensified scrutiny of Chinese businesses since a 2020 border clash between the two countries. All in all, Paytm has been waiting for the nod from the government panel for about two years and without it, it would have had to also wind down its payment services business, which was forbidden from taking on new customers in March 2023. Once the approval has been formalised, it will be able to seek a so-called "payment aggregator" licence from the Reserve Bank of India. The sources, two of whom are government sources, declined to be identified as the decision has not been formally announced. India's foreign, home, finance and industries ministries, whose representatives sit on the panel, did not reply to emails seeking comment. A Paytm spokesperson said the company does not comment on market speculation. "We will continue to make disclosures in compliance with our obligations under the SEBI Regulations, and will inform the exchanges when there is any new material information to share," the spokesperson said.

Use of AI is certainly the hottest topic in the tech industry and every major and minor player in this industry is using AI in some way. Tools like ChatGPT can help you do a wide range of task and even help you generate images. The other thing is - Voice Cloning. OpenAI recently introduced a voice engine that can generate clone of your voice with just 15 seconds of your audio. There is no shortage of voice cloning tools on the web which can help you do the same. The newest tech giant which is going to use AI to clone your voice is - TikTok. We all know TikTok, posting short videos with filters, effects and all other kind of things. So TikTok found a way to use the voice cloning AI in its app. TikTok is working on this feature, which does not seem to really have a proper name, it just references it as "Create your voice with AI" and "TikTok Voice Library". In the latest version of TikTok I came across some strings which indicates that TikTok is working on it. I was also able to access the initial UI which introduces the feature and was able to see the terms and condition of "TikTok Voice Library" which user have to accept in order to use the feature. Here are the screenshots from the app- As you can in the screenshot above, this is the initial screen which a user will see for the first time they access this feature. Tiktok claims that it can create an AI verison of your voice in just 10 seconds. The generated AI voice clone can be used with text-to-speech in TikTok videos. It also outline the process of how it will work. You have to record yourself speaking and TikTok will process the voice and use information about your voice to generate your AI voice. When it comes to privacy, your AI voice will stay private and you can delete it anytime. Tapping the "Continue" button brings "TikTok Voice Library Terms" screen which a user should definitely read, you can see here and read as well - How it will work After agreeing to terms and conditions I was introduced with a screen where TikTok will show some text and user have to press the record button while reading the text. Now unfortunately I did not see any text. This is probably because the feature is not fully ready or the backend from which it fetches the text is not live yet. Manually pressing the record button and saying random things also shows an error. So, it's also not possible to provide any sample voice generated with it and see how it compares to other voice cloning competitors. If it starts working someday, it will process your recorded voice and generate AI version of your voice. Here is a screenshot of that screen - My guess is that whenever the feature starts working, users have to clone voice only one time and the saved AI voice can be used through the text-to-speech method to add voice in your videos. You just have to type the words, choice is yours :p