Tag: Adobe

Posted on by

Photoshop now has an official free iPhone app

Adobe is bringing the Photoshop app to the iPhone along with key features such as the new Firefly AI suite that has everyone buzzing. According to a press release, Photoshop for iPhone brings free and premium offerings with a mobile-friendly design for artists and designers on the go.

Photoshop for iPhone has tons of tools that will be familiar to Photoshop users, plus plenty of Firefly-powered generative AI tools. It also supports just about every file type that you would work with in the desktop Photoshop app.

“We are excited to bring the limitless creative possibilities of Photoshop to mobile, making the app’s iconic image editing and design capabilities accessible for everyone from professional artists and designers to a whole new generation of creators trying Photoshop for the first time,” said Ashley Still, senior vice president, digital media at Adobe. “Photoshop’s new mobile and web apps unlock next-generation creativity, empowering creators to bring to life gorgeous photos, rich graphics, and incredible art anytime, anywhere.”

These are the Photoshop features available for free on iPhone:

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

  • User can create images and designs by combining, compositing, and blending images with core Photoshop tools and features, including selections, layers, and masks
  • Remove, recolor, or replace parts of an image with the intuitive Tap Select tool
  • Utilize removal tools like the Spot Healing Brush
  • Take advantage of Firefly features, including Generative Fill and Generative Expand, to add new elements to designs and quickly edit photos
  • Navigate across workflows with direct integration with creative apps, including Adobe Express, Fresco, and Lightroom
  • Add, replace, and create with a vast library of hundreds of thousands of free Adobe Stock assets

Image source: Adobe

The Premium offer, which costs $7.99/month or $69.99/annually, brings extra perks and access to a web plan:

  • Transition from Photoshop mobile to Photoshop on the web to create with added precision and control across workflows and surfaces
  • Expanded access to Firefly-powered tools, including Generate Similar and Reference image
  • Access more than 20,000 fonts or import additional options for limitless typography options
  • Make precise selections with enhanced precision of people and objects with Object Select
  • Isolate objects and make targeted adjustments with selection tools like magic Wand
  • Remove distractions with ease with Remove Tool, hide unwanted objects with Clone Stamp, and seamlessly fill a portion of an image with Content-Aware Fill
  • Control transparency, color effects, and add unique styles with Advanced Blend Modes
  • Lighten or darken areas of an image without affecting hue or saturation with Lighten and Darken.

Adobe says an Android version of Photoshop is coming soon. You can find Photoshop for mobile here.

Source

Posted on by

Top 10 cyber security stories of 2024

The year 2024 threw up another diverse crop of stories in the world of cyber security, with much to pay attention to, particularly in the realm of artificial intelligence (AI), which continued to dominate the headlines.

This year, we steer away from AI fear, uncertainty and doubt to focus on some of the other big issues, such as data privacy and protection, large scale breaches, and the tricky issues surrounding the security of widely used open source components.

There was also trouble at the mill for cyber security companies themselves, which often found themselves in the headlines, often after the privileged access afforded by their products and services was abused to attack their customers. Ivanti, Microsoft and Okta all make our top 10 this year – and we would be remiss not to mention CrowdStrike.

Here are Computer Weekly’s top 10 cyber security stories of 2024.

1. Leak of 26 billion records may prove to be ‘mother of all breaches’

At the end of January 2024, a data dump comprising 26 billion records and totalling more than 25GB in size was discovered by researchers. Dubbed the largest leak in history, and the “mother of all breaches”, the majority of the data related to Chinese social media platforms, but the likes of Adobe, Dropbox, LinkedIn, MyFitnessPal, Telegram and X were also included.

Much of the data appeared to have been compiled from various smaller leaks, likely a broker who intended to sell it on to others for use in identity theft, phishing attacks and account takeovers.

2. Okta doubles down on cyber in wake of high-profile breaches

In February, identity and access management (IAM) provider Okta announced plans to double its investment in security over the next 12 months and launched a Secure Identity Commitment. This came in the wake of the exploitation of its products and services during a series of cyber attacks during 2023, and earlier.

The company’s leadership said that as a security leader it recognised it needed to work a lot harder to stop ne’er-do-wells from taking advantage of the identity data its customers entrust to it.

3. Widespread Ivanti vulnerabilities make waves

Another cyber company was in the news at the start of 2024, Ivanti, a specialist in asset, identity and supply chain management found a series of vulnerabilities in its Policy Secure network access control (NAC), Ivanti Connect Secure secure socket layer virtual private network (SSL VPN), and Ivanti Neurons for zero-trust access (ZTA) products caused concern at organisations worldwide after being exploited by a threat actor.

The three vulnerabilities in question enabled attackers to access privileged data and obtain elevated access rights on their victims’ systems.

4. Open source alert over intentionally placed backdoor

In April, users of the open source XZ Utils data compression library narrowly avoided falling victim to a major supply chain attack, after evidence of an apparently intentionally placed backdoor in the code was revealed. The malicious code, embedded in versions 5.6.0 and 5.6.1 of the library, enabled unauthorised access to affected Linux distributions.

It later emerged that the dodgy code was placed there by a malicious actor who intentionally worked hard over a long period to gain the trust of the projects’ developers. The security of widely used open source components was to be one of the big themes of the year.

5. Microsoft beefs up cyber initiative after hard-hitting US report

In May, Microsoft doubled down on its Secure Future Initiative (SFI), expanding the programme – which set out to address the software and vulnerability issues frequently exploited by threat actors – in the wake of a damning US government Cyber Safety Review Board (CSRB) report.

Redmond said the rapid evolution of the threat landscape underscored the severity of the threats that face both its own operations and those of its customers, and admitted that given its central role in the world’s IT ecosystem, it had a “critical responsibility” to earn and maintain trust.

6. CrowdStrike update causes worldwide chaos

The biggest IT story of 2024 – arguably – was not strictly speaking a security incident, but appears here since it originated at a security company. On 19 July, IT pros all over the UK and beyond awoke to a fast spreading IT outage downing key systems, originating at cyber firm CrowdStrike after it pushed a flawed rapid response update to key threat detection sensors that caused Windows computers to enter a so-called boot loop.

The extensive disruption caused no major security incidents at the time, but the ramifications continue to this day, with CrowdStrike execs facing legal repercussions and even being called to account for the incident in front of politicians. As with the XZ Utils scare a couple of months previously, the CrowdStrike incident shows again the importance of paying close attention to one’s code.

7. Campaigners call for evidence to reform UK cyber laws

Those who have been following the CyberUp campaign for legal reform over the past few years will know well the difficulties the group has had in convincing Britain’s politicians that the time has come to reform the outdated Computer Misuse Act of 1990, which – thanks to archaic wording in regard to the offence of “unauthorised” access to a computer – puts security professionals in the UK at risk of prosecution simply for doing their jobs.

With Keir Starmer moving into 10 Downing Street, the campaign team seized the opportunity to launch a fresh call for evidence and views during the summer, saying that about a third of UK security firms had experienced monetary losses due to the law, putting at risk £3bn of the sector’s £10.5bn annual contribution to the economy.

8. NCSC celebrates eight years as Horne blows in

In eighth place on the Computer Weekly list, the National Cyber Security Centre celebrated its eighth birthday this year, although its new leader, Richard Horne, who took up the post in October, is only the organisation’s third official CEO.

Eight years may not be a particularly long time – the Brexit referendum was eight years ago – but the cyber security landscape has changed radically in that time, and looking ahead, as the interdependency between security and intelligence would become more critical, and the risks and opportunities of new technologies and more sophisticated threats increase, the NCSC’s work to get better at addressing the security of those technologies and how to use them to the UK’s advantage continues.

 9. Zero-day exploits increasingly sought out by attackers

In November, the NCSC and its US equivalent, CISA, published new annual data revealing that of the 15 most exploited vulnerabilities of 2023, the majority were zero-days compared with less than half in 2022. The trend has continued through 2024, and the NCSC warned that defenders need to dramatically up their game when it comes to vulnerability management and patching.

Among some of the most heavily exploited CVEs were some that are now widely known, including infamous issues in Progress Software’s MOVEit Transfer, Log4Shell and Citrix, many of them dating back years.

10. US TikTok ban imminent after appeal fails

At the end of 2024 came the news that TikTok is likely to be banned in the US in mere weeks after a Washington DC appeal court rejected representations from the China-owned social media platform, which claimed its First Amendment rights were being violated.

Legitimate concerns about the firm’s data protection and privacy practices – and the possibility that the data TikTok holds may be exploited by the Chinese government – lie at the core of the potential ban which would have global ramifications and impact millions of users, influencers and businesses alike.

Somewhat ironically, given he once tried to ban it himself, the platform’s best hope for a reprieve may now lie with president-elect Donald Trump, who will undoubtedly be an impactful force in the cyber security world in 2025.

Source

Posted on by

AWS on using GenAI to speed up legacy VMware and Microsoft datacentre migrations

Amazon Web Services (AWS) has set out how its investments in artificial intelligence (AI) chips and software are saving customers money and helping them migrate their legacy Windows and VMware workloads off-premise much quicker.

AWS CEO Matt Garman used the opening keynote at the public cloud giant’s Re:Invent customer and partner conference in Las Vegas, which is the first he has delivered since taking over the company reins in June 2024, to talk up the potential for generative AI (GenAI) to digitally transform the way that businesses operate. He also talked at length about the work that goes into ensuring the AWS cloud infrastructure is equipped to cope with the growing demand from its customers for the compute power they need to run AI and GenAI workloads.

As previously reported by Computer Weekly, the demand for GenAI workloads from its customers was recently cited as the reason for a “significant re-acceleration” in AWS’s annual growth rate, with the company reporting a 19.1% year-on-year uptick in revenue during its third-quarter results.  

Garman touched on Amazon’s 14-year-long collaboration with Nvidia, which he said has enabled it to roll out a succession of increasingly more powerful graphics processing unit (GPU) instances based on the latter’s technology so it can keep pace with its customers’ AI demands.

The company has also doubled down on the creation of its own AI silicon – namely its family of Tranium chips – to support a wider range of instances that are designed to improve the cost performance of running compute-intensive workloads. To this point, Garman used the keynote to announce that the second generation of Tranium instances had now become generally available, claiming the latest iteration can deliver “30-40%” better price performance than “current GPU-powered instances”.

This is based on feedback from early adopters of the technology, with Garman naming Adobe as among the customers who have seen some “promising” early wins with the technology.

Another is AI-focused software engineering startup Poolside, who has reportedly committed to training all future versions of their large frontier model on Tranium 2. The company is also anticipating the move will generate savings in the region of 40%. “Databricks is one of the largest data and AI companies in the world,” he said. “[It] plans to use Trainium 2 to deliver better results and [to] lower the total cost of ownership for our joint customers by up to 30%.” 

Opening up about Amazon’s use of GenAI

The conversation later moved on to how GenAI is also changing the way that AWS operates, with particular focus on how its own offerings are helping to speed up the time it takes to refactor legacy, on-premise workloads and ready them for migration to the public cloud.

Central to this bit of the discussion was Amazon Q, which is the company’s generative AI chatbot assistant that is designed for in-house use by software developers, business analysts and contact centre employees to make the work they do more efficient.

The migration of customer workloads out of private datacentres and into the public cloud is a process that fuelled the company’s growth for a decade or more after its inception in 2006.

However, despite the company previously acknowledging that a large proportion of enterprise workloads remain on-premise, it was an area that was markedly less talked about during the keynote, until Garman flagged how Amazon Q can assist with this task.

“Our goal at AWS is to help every builder be able to innovate, [and] we want to free you from the undifferentiated heavy lifting to really focus on those creative things that make your building unique … [and] generative AI is a huge accelerator of this capability,” he said.

As an example, he talked about how Amazon Q Developer, an iteration of the chatbot specifically designed to help developers speed up their CodeDeploy processes, is helping customers deploy faster, more secure and better-quality software updates.

Garman then went onto announce several new features that were being added to Amazon Q Developer that will generate unit tests, documentation and code reviews on behalf of developers, so they can spend more time each day writing code than dealing with the admin associated with it.

Addressing the legacy

The software is also reducing the amount of time they have to spend managing legacy applications, it is claimed.

“One of [the software’s] most powerful capabilities we already have is [its ability to] automate Java version upgrades,” said Garman. “What it can do is transform a Java application from an old version of Java to a new version in a fraction of the time it would take to do manually. This is work that no developer loves to do, but is critically important.”

According to Garman, integrating this capability into Amazon’s own internal systems saw it “migrate literally tens of thousands of production applications” to Java 17 in a “small fraction of the time” it would typically take. “The estimate from our teams is this saved us 4,500 developer years … [and] this is a mind-blowing amount of time saved, and because we’re now running on modern Java, we can use less hardware, too. So, we saved $260m a year through this process.”

Java upgrades are one thing, but – in Garman’s opinion – a migration that a lot of enterprises want assistance with is moving from Windows to Linux. And this is something AWS can assist with now through the preview release of a new version of Amazon Q Developer.

“Customers love an easy button to get off of Windows,” he said. “They’re tired of constant security issues, the constant packing or patching, all the scalability challenges that they have to deal with, and they definitely hate the onerous licensing costs.

“But we do recognise today that this is hard. Actually, modernising away from Windows is not easy, [but] with Q Developer, modernising windows just got a lot easier … [as it allows you] to transform .Net applications that are running on Windows to Linux in a fraction of the time.”

Signature IT

As an example, Garman flagged digital transactions, signing software company Signature IT, and the work it has done to modernise its legacy .Net applications and migrate them from Windows to Linux. “It was a project they estimated was going to take six to eight months, [and] they actually completed it in just a few days,” he said. “That is a game-changing amount of time.”

But it’s not just Windows workloads that enterprises are having a hard time modernising. “Windows is not the only legacy platform in the datacentre that is slowing down all your modernisation efforts … oftentimes it is VMware workloads that customers would really love to modernise to cloud-native services,” said Garman.

“VMware is deeply entrenched in many datacentres, and has been for a really long time. And what happens is … because it’s been there for a long time, there ends up [being] this kind of spaghetti mess of interconnected applications.”

“[So] really the hardest part about modernising is finding out what are the dependencies of those applications,” he said. “And the migrations are error-prone, because it’s hard to understand if you move something, if it is going to break something else. And again, of course, licensing is expensive.”

To assist with this, Q Developer also has capabilities that will allow VMware-based datacentre workloads to be reconfigured to become cloud-native, with the system able to identify the dependencies and create a migration plan for the user.

“[This] really reduces a ton of the migration time, and significantly it reduces [the organisation’s] risk,” said Garman. “It also launches agents that can convert on-premise VMware network configurations into modern AWS equivalents. This takes what used to be months and months of work into hours to weeks.”

The next complex datacentre migration project the company is looking to simplify for enterprises, with the help of Amazon Q, concerns mainframes, which Garman described as “by far the most difficult to migrate to the cloud”.

“When you talk to customers, just the effort of trying to analyse, document and plan mainframe modernisation is often too much, [and] people give up [because] it’s too hard. Turns out, Q can help with this, too,” he said.

The software has a number of agents in it that are able to do mainframe code analysis, refactor applications and create documentation in real time for legacy COBOL code so enterprises can fill in any knowledge gaps about what it might do.

“Most customers will tell you their mainframe migration will probably take three to five years … but planning a project for three to five years is nearly impossible,” said Garman. “A lot of the time, they just don’t get done.”

And while it’s beyond the capabilities of Amazon Q to make mainframe migrations a “one-click” job right now, he said early testing suggests the software could significantly accelerate the pace of these projects.

“We think Q can actually turn what was going to be a multi-year effort into a multi quarter effort, cutting by more than 50% the time to migrate mainframes,” said Garman. “If you can take a multi-year effort and bring it down to a couple of quarters, that’s something that people can really get their heads around. And customers are incredibly excited about this.”

Source