API Archives

Tech Optimizer

February 21, 2025

Self-managed multi-tenant vector search with Amazon Aurora PostgreSQL

Organizations are using generative AI and machine learning tools to extract value from unstructured data, employing specialized machine learning models to convert data into vectors for efficient searching and retrieval. Amazon Aurora PostgreSQL-Compatible Edition, with the pgvector extension, allows developers to create a vector store for generative AI applications. Multi-tenant architectures in software-as-a-service (SaaS) applications ensure tenant data isolation to maintain security and privacy. In a multi-tenant scenario, home survey requests are processed, and survey reports are stored in Amazon S3. Embedding models convert these documents into vector embeddings, which are stored in a vector store. There are two approaches to building a vector-based application: a self-managed approach, where developers handle data processing and queries, and a fully-managed option using Amazon Bedrock Knowledge Bases. The self-managed approach involves coding to process data, generate vector embeddings, and store them in Aurora. The architecture includes data ingestion via AWS Lambda, embedding conversion, SQL queries for data retrieval, and response enhancement using a large language model (LLM). Key terminologies include vector embeddings, embedding models, chunking, pgvector, HNSW index, and IVFFlat index. The process of creating a vector store involves configuring the Aurora PostgreSQL database, enabling the pgvector extension, and establishing a schema for the vector store. The vector table includes fields for UUID, vector embeddings, text chunks, metadata, and tenant identification. Data ingestion requires coding to convert data into embeddings and insert them into the database. Retrieval of vector data is crucial for enhancing prompts sent to LLMs, with various distance functions supported for identifying similar vectors. Multi-tenancy is enforced using row-level security in PostgreSQL, ensuring tenant data isolation. The process includes updating query functions to support tenant isolation and setting the current tenant ID for queries.

Tech Optimizer

February 21, 2025

Multi-tenant vector search with Amazon Aurora PostgreSQL and Amazon Bedrock Knowledge Bases

The article discusses the implementation of a multi-tenant vector store using Amazon Aurora PostgreSQL-Compatible Edition and Amazon Bedrock Knowledge Bases. It outlines a scenario where users request home surveys, and surveyors update findings stored in an Amazon S3 bucket. The process involves converting documents into vector embeddings for enhanced natural language queries through the Retrieval Augmented Generation (RAG) technique. Key steps include: 1. Ingesting data from S3 into Amazon Bedrock Knowledge Bases. 2. Using an embeddings model to convert documents into vector embeddings. 3. Storing vector embeddings, data chunks, and metadata in Aurora with pgvector. 4. Submitting natural language queries that are transformed into embeddings for retrieval from the vector store. 5. Forwarding relevant documents to a large language model for response generation. To set up the vector store, prerequisites include access to an Amazon Aurora PostgreSQL-compatible database, Amazon S3 for document storage, and Amazon Bedrock for managing knowledge bases. The article provides SQL commands for creating the necessary schema, vector table, and index in Aurora, as well as instructions for ingesting data and ensuring multi-tenant data isolation through metadata filtering. Best practices for deploying a multi-tenant vector store include optimizing chunk size, evaluating embedding models, and monitoring query performance. The article emphasizes the benefits of fully managed solutions to reduce operational complexity.

Winsage

February 21, 2025

Microsoft trims File Explorer’s Recent, Favorites, and Recommended content in Europe

Microsoft has released the Windows 11 24H2 Preview Build 26120.3281 in the Dev and Beta channels. This update removes several features from File Explorer, including the Recent, Favorites, and Recommended content sections, as well as the Details Pane, to comply with the EU's GDPR. The change primarily affects Entra ID users in the European Economic Area. The update also addresses the Location API, previously used by Cortana, which is now deemed unnecessary following Cortana's discontinuation. Microsoft has not clarified whether location data will still be stored online. These updates are currently in Preview and may not be included in the final version. Past updates have caused issues, such as disrupting sound output and making File Explorer unusable.

Winsage

February 21, 2025

New Windows 11 preview build improves privacy for European users

Microsoft's latest Windows 11 Insider Preview Build, 26120.3281 (KB5052086), introduces several privacy-focused changes. The Location History API has been removed, meaning Windows will no longer retain location data locally. Additionally, the update removes "account-based content" from File Explorer sections for users of Entra ID, aligning with GDPR regulations and affecting only customers in the European Union. Other features include improved OneDrive document resumption between devices and updates to the Recall feature, which will delete existing Recall snapshots.

Tech Optimizer

February 20, 2025

PostgreSQL flaw exploited as zero-day in BeyondTrust breach

Rapid7's vulnerability research team reported that a security flaw in PostgreSQL was exploited as a zero-day vulnerability to infiltrate BeyondTrust's network in December, involving two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, along with a stolen API key, leading to unauthorized access to 17 Remote Support SaaS instances. In early January, the U.S. Treasury Department disclosed a compromise of its network, with attackers using the stolen API key to access its BeyondTrust instance, linked to the Silk Typhoon cyber-espionage group. The attackers targeted critical offices within the Treasury, including CFIUS and OFAC, and accessed the Office of Financial Research systems. CISA added CVE-2024-12356 to its Known Exploited Vulnerabilities catalog on December 19, mandating federal agencies to secure their networks. On January 27, Rapid7 uncovered another zero-day vulnerability in PostgreSQL, CVE-2025-1094, which allows SQL injection attacks due to mishandling of invalid UTF-8 characters. Rapid7 found that exploiting CVE-2024-12356 for remote code execution requires CVE-2025-1094, and while BeyondTrust classified CVE-2024-12356 as command injection, Rapid7 suggests it is an argument injection vulnerability. They identified a method to exploit CVE-2025-1094 for remote code execution in BeyondTrust systems independently of CVE-2024-12356, noting that BeyondTrust's patch for CVE-2024-12356 does not resolve the root cause of CVE-2025-1094 but prevents exploitation of both vulnerabilities.

AppWizard

February 20, 2025

GTA 5 is getting a huge free update for PC players

Rockstar Games will release an enhanced version of GTA 5 for PC on March 4, 2025, free of charge. This version will feature additional content for GTA Online, significant technical upgrades, improved support for higher resolutions, aspect ratios, and frame rates, as well as enhancements like ambient occlusion, global illumination, ray-traced shadows, and reflections. It will support AMD's FSR1 and FSR3, and Nvidia's DLSS 3 for better performance. Loading times will be significantly faster due to SSDs and the DirectStorage API. The game will also support the PS5's DualSense controller and include Dolby Atmos for improved audio. GTA Online will see new vehicles, modes, and access to the GTA+ subscription program. Minimum hardware requirements include 16GB of RAM, an Nvidia RTX 3060 or AMD Ryzen 5 3600 CPU, and an SSD. Players can transfer their single-player and multiplayer progress to the new version.

BetaBeacon

February 19, 2025

aPS3e: Best Android PS3 Emulator – Play PS3 Games on Your Phone Now!

aPS3e is an Android PS3 emulator designed to bring PlayStation 3 gaming to mobile devices.

AppWizard

February 19, 2025

OnePlus 13 is the latest Android phone with Instagram’s ‘Night Mode’ camera

OnePlus 13 users can now use Night Mode in Instagram, enhancing low-light photography and videography within the app. This feature, previously available only on select Samsung Galaxy and Google Pixel devices, utilizes Android’s Camera Extensions API. Night Mode activates automatically in low-light conditions, indicated by a moon icon. Users can capture images by launching the Instagram camera, waiting for Night Mode to engage, and holding the shutter button steady for a few seconds. This integration allows for a seamless experience without needing to switch between apps, building on OnePlus's existing Night Mode capabilities.

Winsage

February 19, 2025

Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots

Cybersecurity experts at FortiGuard Labs have identified a new variant of the Snake Keylogger, known as AutoIt/Injector.GTY!tr, which targets Windows users and has blocked over 280 million infection attempts worldwide, particularly in China, Turkey, Indonesia, Taiwan, and Spain. The malware spreads primarily through phishing emails with malicious attachments or links and focuses on popular web browsers to steal sensitive information by logging keystrokes, capturing credentials, and monitoring clipboard activity. It exfiltrates data to its command-and-control server via email and Telegram bots. The malware uses AutoIt scripting to create standalone executables that evade antivirus detection. It installs itself by dropping "ageless.exe" in the %Local_AppData%supergroup folder and "ageless.vbs" in the %Startup% folder to ensure persistence. The malware employs process hollowing to inject its payload into a legitimate .NET process, allowing it to hide from detection. Additionally, the Snake Keylogger can retrieve the victim’s geolocation and extract sensitive information from browser autofill systems, including credit card details. It utilizes various techniques for data collection, credential access, defense evasion, and exfiltration, posing a significant threat to Windows users.

Winsage

February 19, 2025

New Snake Keylogger infects Windows using AutoIt freeware

A new variant of the Snake Keylogger is targeting Windows users in Asia and Europe, utilizing the AutoIt scripting language for deployment to evade detection. This malware, built on the Microsoft .NET framework, infiltrates systems through spam email attachments, logging keystrokes, capturing screenshots, and collecting clipboard data to steal sensitive information like usernames, passwords, and credit card details from browsers such as Chrome, Edge, and Firefox. The keylogger transmits stolen data to its command-and-control server using methods like SMTP email, Telegram bots, and HTTP POST requests. The executable file is an AutoIt-compiled binary that unpacks and executes the keylogger upon opening. The keylogger replicates itself in the %Local_AppData%supergroup directory as ageless[.]exe and places a file named ageless[.]vbs in the Startup folder to ensure it runs automatically on system reboot. This persistence mechanism allows continued access to the infected machine without requiring administrative privileges. Once activated, the keylogger injects its payload into a legitimate .NET process, specifically targeting RegSvcs.exe through process hollowing. It logs keystrokes using the SetWindowsHookEx API with a low-level keyboard hook, capturing sensitive information. Additionally, it retrieves the victim's public IP address by pinging hxxp://checkip[.]dyndns[.]org for geolocation purposes.