Meta might introduce AI LLM on flagship devices thanks to their Snapdragon chip. This will give users of this coming flagship device access to the AI tool without being connected to the internet. Asides from giving users quick access to this AI tool, integrating it into the device also brings a few benefits.
Qualcomm is one of the big tech companies that Meta is working with to make LlaMa 2 more accessible. The SoC manufacturing company took to its blog to announce how it’d put this AI innovation to use. According to Qualcomm, from 2024 they’d “make available LlaMa 2-based AI implementations on flagship smartphones and PCs.”
This means that the flagship Qualcomm chip to launch in 2024 will pack LlaMa 2 in it. Having this embedded in the chip will give smartphones direct access to the AI tool for use without an internet connection. Other tech products such as laptops, VR/AR headsets, and even cars that use Qualcomm processors will get this tool integrated into their system.
Benefits of AI LLM on flagship devices to launch sometime next year
Meta and Qualcomm are optimistic about the coming on-device LlaMa 2-based implementations. Qualcomm chips to launch in 2024 will pack this AI integration to the benefit of product end users. Netizens might however wonder how this integration will be of any benefit to them and in what areas will we see its application.
Qualcomm outlines 4 areas where this LlaMa 2-based implementation will be beneficial. At the top of the list is cost reduction, and this will help reduce or eliminate cloud per-query costs. Since LlaMa 2 will run on coming Snapdragon chips, there’d be no need to run the AI service on the cloud, hence reducing cost.
The next benefit on the list is reliability and performance, since the AI model will be able to run anywhere. This removes the need for unreliable cloud servers that risk facing network issues. Qualcomm also brags that with LlaMa 2 integrated into their coming processor, users won’t need an internet connection to access this tool.
With this integration, users won’t be afraid of their data getting to any cloud server as all operations are on-device. Due to this, AI LLM on flagship devices claims to have a private and secure operation. The last benefit of this integration, according to Qualcomm, is personalization.
Without risking user privacy, this onboard AI tool will be able to cater for needs effectively. AI is shaping the future of the internet, and this move by Meta and Qualcomm is making basic tools easily accessible to end users. By next year, you will get some AI functionalities on your Snapdragon-powered flagship device.
A zero-day vulnerability is a software flaw that was unknown to the developer or vendor before they were alerted about it; this means that they had “zero-days” to fix it. Normally, a company that finds a zero-day vulnerability would tell the developer or the vendor even if they worked for a rival outfit. Why? Because it helps stop a malicious hacker, it helps clean up the industry, and because the company never knows when it might be on the other side of such a situation.
The other day, per 9to5Mac, an Apple employee discovered a zero-day vulnerability in Google Chrome but did not immediately report it to Google. When discussing the update to the Chrome Browser to fix the zero-day vulnerability, Google pointed out that the bug was discovered during a hacking competition called “Capture The Flag” (CTF) back in March. And now Google has patched the flaw although it can’t thank Apple for pointing out the issue to it.
So how did Google find out about the Zero-day vulnerability hanging over the head of its Chrome Browser? A Google employee wrote in a blog (via TechCrunch) that another participant in the CTF competition reported the bug on March 26th. What he wrote was that “This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022.”
Google reveals the story on the chromium bugs site
TechCrunch eventually found a Discord channel where someone who claimed to be the Apple employee who found the vulnerability explained why he did not report it to Google. The person, who goes by the name of Gallileo, wrote on July 6th, “It took me 2 weeks working on it full time to root cause, write [the] exploit [Proof of Concept] and writeup the issue such that it can be fixed.”
He went on to say that the flaw “…was reported on June 5th, through my company. Yes it was late, there are multiple reasons for that. I first had to find the person responsible, the report had to be signed off by people and then the person responsible was OOO (out of the office). It’s commendable that Chrome decided to fix it asap, but I think there wasn’t any real urgency. Only you and my team was aware of it and the issue is likely not that great in a real-world scenario (doesn’t work on Android, pretty visible since it freezes the Chrome GUI for a few seconds.”
The original report, as noted, was dated March 26th and Google decided to reward the person who brought it to their attention with a “bug bounty” of $10,000. Who says that it doesn’t pay to be a bug exterminator? Also, it’s not unusual for flaws to be discovered during “Capture the Flag” hacker competitions.
AI services like ChatGPT, Google BARD, and Jasper are being abused to spread malware like BundleBot and Doenerium through Facebook.
In a recent discovery by cybersecurity firm Check Point Research (CPR), cybercriminals have been found using Facebook as a platform to deceive unsuspecting users into downloading malicious malware, ultimately leading to the theft of private information and passwords.
In this attack trend, scammers are taking advantage of the increasing interest in generative artificial intelligence-based (AI) applications, such as Google Bard and OpenAI’s ChatGPT, to lure users into their traps.
The latest discovery by CPR should not come as a surprise, as Facebook has a track record of being abused by cybercriminals. Its features have been abused over the years to spread malware, or worse, even ransomware.
Just a couple of days ago, Malwarebytes confirmed that a Vietnamese threat actor was stealing malware through META Business Accounts. The scam is also utilizing malicious Chrome browser extensions to successfully exfiltrate Facebook login credentials.
The Scam Operation:
The modus operandi of these cybercriminals involves creating fake Facebook pages or groups, posing as popular AI brands, and generating engaging content to attract users’ attention.
Once users interact with the content by liking or commenting, it appears on their friends’ feeds, further spreading the scam. The fraudulent pages then offer a new service or exclusive content via a link, which leads users to unknowingly download malicious malware designed to steal their online passwords, cryptocurrency wallets, and other sensitive information stored in their browsers.
Examples of targeted AI brands include Bard New, Bard Chat, GPT-5, G-Bard AI, and the popular AI brand Jasper AI. These scammers meticulously replicate legitimate pages, using bots and Vietnamese chat language to give the appearance of authenticity and credibility.
The Malicious Payload:
The malware delivered by these fake Facebook pages is identified as “Doenerium,” an infostealer previously observed in various scams. This malware operates stealthily to gather various types of information, including browser data like cookies, bookmarks, and browsing history.
According to CPR’s report, the malware also steals cryptocurrency wallet information, FTP credentials, and sessions from social and gaming platforms. The stolen data is then consolidated into an archive and uploaded to file-sharing platforms.
Sophisticated Scams and the Rise of BundleBot:
While some scams rely on open-source toolsets and free services, others adopt more sophisticated techniques. Check Point Research recently uncovered advanced campaigns that employ Facebook ads and compromised accounts to distribute a stealthy stealer-bot called BundleBot.
This new malware operates under the radar, making it challenging to detect and shut down these campaigns. BundleBot specifically targets stealing Facebook account information, making the campaigns self-sustaining.
The Rising Threat of Infostealers:
The rise in infostealer usage can be linked to the growth of underground markets, where initial access brokers focus on obtaining and trading access or credentials to compromised systems. As the value of data increases for targeted attacks like business email compromise and spear-phishing, the proliferation of infostealers has grown.
Protecting Against Scams:
As public interest in AI-based solutions continues to rise, it’s crucial for individuals and organizations to stay vigilant against cybercriminal tactics. Users can identify phishing and impersonation attempts by verifying the sender’s email or web address, looking for domain misspellings, and downloading software only from trusted sources.
Samsung Wallet, like Google Wallet, is a useful app to store all your most important cards, and now that includes student IDs for college students. Samsung today announced officially that Samsung Wallet is adding student IDs to the app in partnership with colleges across the US.
So if you attend one of the compatible schools, you can store your ID inside of the app and use that anywhere you’d need the physical ID. Presumably this should work for anything around campuses where an ID might be needed. Though it’s not hard to imagine some schools having a policy or rule that requires the physical ID card.
There are of course some caveats. You’ll need to have a Galaxy smartphone to use the Samsung Wallet app. The app also has to be updated to the latest version. As this feature is part of an update. The good news is that the update should be live for users who meet that criteria. The only other thing you need is to be at a school where this is available.
Samsung Wallet with student IDs works at 68 colleges
There’s a lot of different educational institutions across the country, but Samsung Wallet’s new feature doesn’t just work at every single one of them. The company says that it’s started with 68 different locations. These are “colleges, universities, and higher education institutions across the nation.”
Samsung says this works at schools like Penn State, the University of Florida, Central Michigan University, University of North Alabama, and the Stevens Institute of Technology. It doesn’t give a full list of schools where the digital IDs are available though. Samsung says that if students want to know if their school supports it, they need to contact the school directly.
As for the compatible Galaxy devices, Samsung lists them on its Wallet FAQ page. As for features, the digital student IDs can be used for a number of things. Unlocking doors at dorm rooms, and in some cases for NFC-based payments. And there’s a built-in Power Reserve feature. With this, students tap their phone to use the ID even if the phone has turned off from low battery.
Since its inception, the startup smartphone brand Nothing has got some fans, and they are clamoring for a foldable smartphone. Despite these cries for a foldable device, Nothing’s CEO might have other plans for his brand. In the meantime, these plans have ‘nothing’ to do with developing or launching a foldable smartphone.
This point of view is not one that Carl Pei recently nurtured, as it has been his standpoint for quite a while. His view of the foldable smartphone industry and the actual nature of his company are major factors hindering the launching of a foldable smartphone. After the launch of the Nothing Phone 2, Carl Pei called foldable smartphones a “forced innovation.”
According to him, smartphone manufacturers are forcing these devices on consumers worldwide. This claim is off-putting because Nothing’s smartphones come with a feature that not everybody might want. Carl Pei later clarified his standpoint, and it now sounds more understandable.
A clearer understanding of the Nothing CEO’s take on foldable smartphones
In a recent interview with The Verge, Carl Pei gave netizens a clearer understanding of his stance regarding foldable smartphones. From his explanation, the reason his company won’t develop a foldable device anytime soon is profitability. For them, the big question on their mind will be if they have a niche the device will cater to.
At the moment, Nothing is still working hard to establish its presence in the smartphone industry. Despite having two solid Android devices to their name, they still need to build a strong community of users. The launch of the Nothing Phone 2 brought the brand into America for the first time since its inception.
This goes to show that at the moment Nothing doesn’t have a community that might need foldable devices. So launching a foldable anytime soon might result in a waste of resources for the company. Foldable smartphones are not what the brand requires at this point to firmly establish their presence in the smartphone industry.
By sticking to the device form factor they have now and perfecting it, They will be able to achieve their dream. Once this is done, and they have secured a firm consumer base, the brand can then turn its attention to launching a foldable Nothing smartphone. Brands like Samsung, OPPO, Vivo, Huawei, and Honor just to mention a few, already have a strong consumer base and can afford to launch foldable devices.
When you sign into your Google account using Chrome on a new device, you don’t have to worry about transferring your data. Based on your settings, all your data will sync, so you’ll be able to pick up where you left off. Now, Chrome is going to give you more control over how it syncs your tab groups.
If you don’t know about tab groups, here’s a little rundown. You might really like this feature. If you are the type of person who needs to have a bunch of tabs open, there’s a way that you can organize them. You can organize your tabs into tab groups.
When you make a tab group, you’ll see a colored dot appear next to the left-most tab in the group. You’ll also see a line under all of the tabs in the group. The line’s color will match the color of the dot. If you right-click the dot, you’ll be able to give the group a name.
This is also a space saver, as when you click on the dot/group name, it will compress to the size of the group’s name. If you want to make a group, select the tabs, right-click, and click on the Add to new group button.
Chrome will give you more control over how it syncs tab groups
This feature is only for the latest version of Chrome Canary (v. 117), so the average user won’t see it. Back in January, @Leopeva64 spotted a toggle that would enable your tab groups to be synced along with your other data. However, this feature would sync your saved tabs and your active tabs at the same time. There was no option to sync them separately.
This would have been a bummer because you might only want to move your saved tabs groups and not your current active tabs. However, it appears that the company changed its mind about this. Leopeva64 saw just recently that Chrome will give you the option to sync them separately.
We’re not sure when Camary version 117 will get a stable release, but it’s good to see that the feature will give you more control.
Turla, also known as Secret Blizzard, KRYPTON, and UAC-0003, is an Advanced Persistent Threat (APT) group that has been associated with Russia’s Federal Security Service (FSB).
This group has gained fame for its sophisticated and persistent cyber threat activities.
The threat actors, known for targeting Western interests, were recently involved in disrupting the Snake cyber-espionage botnet through Operation MEDUSA, among other attacks.
The cybersecurity researchers at Microsoft Threat Intelligence and the government’s computer emergency response team of Ukraine CERT-UA recently warned about Turla targeting the defense industry and Microsoft Exchange servers with CAPIBAR (aka DeliveryCheck, GAMEDAY), a new malware in their recent attacks.
Microsoft Warns of Exchange Server Attacks
Here below, we have mentioned all the tweets that Microsoft Threat Intelligence tweets:-
Microsoft has identified targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard (KRYPTON, UAC-0003) leveraging DeliveryCheck, a novel .NET backdoor used to deliver a variety of second stage payloads. https://t.co/mWoyzOoydF
— Microsoft Threat Intelligence (@MsftSecIntel) July 19, 2023
DeliveryCheck is distributed via email as documents with malicious macros. It persists via a scheduled task that downloads and launches it in memory. It also contacts a C2 server to retrieve tasks, which can include the launch of arbitrary payloads embedded in XSLT stylesheets.
— Microsoft Threat Intelligence (@MsftSecIntel) July 19, 2023
Microsoft has observed that following initial infection, the threat actor deploys open-source tools such as rclone to collect and exfiltrate files or, in some cases, deploys a fully-featured Secret Blizzard implant known as Kazuar.
— Microsoft Threat Intelligence (@MsftSecIntel) July 19, 2023
The threat actor specifically aims to exfiltrate files containing messages from the popular Signal Desktop messaging application, which would allow the actor to read private Signal conversations, as well as documents, images, and archive files on targeted systems.
— Microsoft Threat Intelligence (@MsftSecIntel) July 19, 2023
In our investigation, we also observed the actor targeting Microsoft Exchange servers to install server-side components of DeliveryCheck using PowerShell Desired State Configuration (DSC), as further detailed here: https://t.co/lTYXII9XCv
— Microsoft Threat Intelligence (@MsftSecIntel) July 19, 2023
DSC generates a Managed Object Format (MOF) file (further detailed here: https://t.co/AmAzXmbZfG) containing a PowerShell script that loads the embedded .NET payload into memory, effectively turning a legitimate server into a malware C2 center.
— Microsoft Threat Intelligence (@MsftSecIntel) July 19, 2023
Microsoft Defender Antivirus detects this threat as the following malware: Trojan:Win32/DeliveryCheck, Trojan:MSIL/DeliveryCheck, Trojan:ASP/DeliveryCheck, Trojan:Script/DeliveryCheck, Trojan:Script/Kazuar, and Trojan:MSIL/Kazuar.
— Microsoft Threat Intelligence (@MsftSecIntel) July 19, 2023
We are grateful to CERT-UA for their continued partnership to investigate cyber threats. Microsoft continues to partner closely with the international cybersecurity community to investigate and defend against advanced cyber operations and malware.
— Microsoft Threat Intelligence (@MsftSecIntel) July 19, 2023
Hackers Targeting Exchange Servers
The phishing emails with malicious macros contained within the Excel XLSM attachments initiate the attacks, and activating macros runs a PowerShell command, imitating a Firefox browser updater through a scheduled task.
For the deployment of malicious payloads and execution of the received commands, the scheduled task downloads the CAPIBAR malware. While this task also connects the malware to the C&C server under the control of the threat actor after launching it in memory.
Attack flow (Source – CERT-UA)
The backdoor allows threat actors to exfiltrate data via Rclone after infecting devices. Notably, CAPIBAR transforms the Microsoft Exchange server into a command and control server, setting it apart from other threats.
With the help of a PowerShell module, “Desired State Configuration” the Microsoft Exchange server-side component is installed.
While this module is used by admins to apply standardized server configurations to devices automatically, creating default templates for several devices with settings that are identical in nature.
Turla threat actors use DSC to auto-load a base64-encoded Windows executable, converting Exchange into a malware server. Not only that even, Microsoft and CERT-UA also noted KAZUAR backdoor drop.
Microsoft Exchange server-side component (Source – CERT-UA)
Moreover, this cyberespionage tool enables threat actors to perform several illicit activities like execute JavaScript, extract data from event logs, and steal credentials from various programs such as:-
Browsers
FTP clients
VPN software
KeePass
Azure
AWS
Outlook
Based on Turla’s distinctive tactics, techniques, and KAZUAR use, this activity (UAC-0024) is confidently linked to Russia’s FSB-led group (UAC-0003, KRYPTON, Secret Blizzard). Apart from this, all the malicious samples were distributed to aid threat detection.
YouTube Music is Google’s latest attempt at making a streaming music service, and it’s actually a pretty good alternative to Spotify, Apple Music and Amazon Music. YouTube Music actually debuted way back in 2015, meaning it is now around seven years old. However, it was missing a lot of features when it first launched, and then later relaunched in 2018 with many more features and saw the end of Google Play Music.
YouTube is already one of the biggest names in media, so YouTube Music is likely going to be one of the biggest streaming services out there. So here’s everything you need to know about YouTube Music.
What is YouTube Music?
YouTube Music is Google’s second attempt at making a streaming service. Back in 2011, Google announced Google Play Music and offered streaming music for just $7.99 per month at first. Fast-forward to 2015 when Google debuted YouTube Music, and essentially had two different streaming music services. Google Play Music and YouTube Music. Though the writing was on the wall for Google Play Music.
Google then relaunched YouTube Music in 2018 along with bundling it with YouTube Premium for $12.99 per month. Though you can also still pay for it separately. However, adding ad-free YouTube to the Music service means that it’s much more valuable than its competitors.
YouTube Music boasts over 50 million songs in its catalog. Which is among the most of the biggest streaming music services.
How much does it cost?
YouTube Music ranges from free to $17 per month, depending on the plan you get.
YouTube Music by itself is available free with ads running every three to six songs, and you don’t get access to a lot of other features that the service has. If you do opt to pay, it’s $5.49 per month for students, $11 per month for everyone else and $17 per month for families (up to 5 users).
That’s pretty much the same price as its competitors, like Spotify, Amazon Music, Apple Music and others. So it’s not a bad price, but not an incredibly good price either.
Update: On July 20, 2023, Google announced a price increase for YouTube Music. It has gone up by a buck per month to $10.99. For the annual plan, it’s now $109.99, and the Student plan is now $5.49.
Is YouTube Premium included?
You can get YouTube Premium included with Music – though you can’t get Premium without Music. So if you get the full YouTube Premium package, it’s going to cost you $7 per month for a student, $12 per month for everyone else and $17 per month for families.
This is the plan that we recommend if you’re going to go with YouTube Music. As you’re paying $2 more per month and getting background playback, downloads and ad-free YouTube. Which given the amount of ads on YouTube, having ad-free YouTube is definitely worth the extra $2 per month.
YouTube Music free vs Premium tiers
Much like Spotify, YouTube Music does have a free and a paid tier of its music service. The free tier of YouTube Music isn’t quite the same as what Spotify offers. For example, you get more than just ads. You also cannot play music in the background, at least on the Android app. The easy way around this is to use the desktop web version, as you can still play it in the background as long as the tab is open.
With the free version, you also do not get any recommendations, or the ability to stream new music. So you’re basically limited to the playlists that YouTube Music has already created. That might be enough for some, but likely not for everyone.
What features does YouTube Music have?
YouTube Music doesn’t really have many features that you wouldn’t find elsewhere with other streaming services. But YouTube Music does do a really good job with discovery, almost as good as Spotify, to be quite honest.
Ad-free listening
If you sign up for YouTube Music Premium, you’re going to get ad-free listening. So you won’t hear any ads on your music, or between your music. You’ll also get background playback, which you don’t get on the free version.
This is one of those features that you’d expect with a paid music service, however, so this is not a big surprise. But definitely good to see, since we know how much YouTube and Google loves ads.
Effortless discovery
One feature that Spotify has and does really well with is discovery. Whether that’s prompting you to add more songs to your playlists, mixing playlists just for you, or even surfacing other songs that you might like, it just does a really good job. YouTube Music has greatly improved over the years. Discovery is very good and makes it easy to populate a new playlist, with songs that you like and played quite a bit.
Supermix
The Supermix or sometimes called “My Mixtape” has about 100 songs that spans across your tastes in music, and it is continually updating. When you first start using YouTube Music, you’ll notice it updating daily or even more often. But as you get into using YouTube Music and using it for quite some time, it may not change as often, as YouTube Music knows what kind of music you like and listen to.
You can download your Supermix too – in fact that is the only playlist I have downloaded and usually use it in the car, as I don’t need to worry about choosing a specific song. YouTube Music allows you to limit how many songs are downloaded too, so it does not take up all of your phone’s storage. Which is super smart.
YouTube Music also has other mixes for you, including different My Mixes, and a Discover Mix that has new music for you to discover. This is a playlist that YouTube Music thinks has music you’ll love.
Where is YouTube Music available?
As of early 2022, YouTube Music is available in over 95 countries. These include:
American Samoa
Argentina
Aruba
Australia
Austria
Bahrain
Belarus
Belgium
Bermuda
Bolivia
Bosnia & Herzegovina
Brazil
Bulgaria
Canada
Cayman Islands
Chile
Colombia
Costa Rica
Croatia
Cyprus
Czech Republic
Denmark
Dominican Republic
Ecuador
Egypt
El Salvador
Estonia
Finland
France
French Guyana
French Polynesia
Germany
Greece
Guadeloupe
Guam
Guatemala
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Ireland
Israel
Italy
Japan
Kuwait
Latvia
Liechtenstein
Lithuania
Luxembourg
Malaysia
Malta
Mexico
Netherlands
New Zealand
Nicaragua
Nigeria
North Macedonia
Northern Mariana Islands
Norway
Oman
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Poland
Portugal
Puerto Rico
Qatar
Romania
Russia
Saudi Arabia
Serbia
Singapore
Slovakia
Slovenia
South Africa
South Korea
Spain
Sweden
Switzerland
Lebanon
Taiwan
Thailand
Turkey
Turks and Caicos Islands
U.S. Virgin Islands
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Venezuela
How does it compare to the Competition?
If you’re looking to switch to YouTube Music from a competitor like Spotify or Apple Music, you may be wondering how it stacks up to the competition, well, it stacks up pretty well. Though Spotify is still the best option for most people, due to the amount of features it has – remember Spotify is a music streaming company first, and doesn’t have its hand in many other areas like Google and Apple do.
One thing that YouTube Music does lack though, is Podcasts being included in the platform. Spotify has podcasts included, making it a one-stop shop for all of your audio needs. However, there is Google Podcasts, but that would require another app to be used. Of course, Spotify does also have some exclusive podcasts like Joe Rogan and Michelle Obama.
YouTube Music also lacks in audio quality, where it maxes out at 256kbps, and Spotify’s 70 million song library can hit 320kbps. Most people won’t notice a difference with that, but if you do use the right equipment, you can tell a small difference in the audio quality there. Though Neither is as good as Apple Music’s Spatial Audio. Or Amazon Music’s HD music selection – which are included in their prices.
YouTube Music has less songs than the competition, but still has a ton. Apple Music has 90 million, Spotify has 70 million and Amazon Music has 75 million. Though at those numbers, there’s not a huge difference.
If you want ad-free YouTube, then YouTube Music is going to be the right choice for you. Unless you’re okay with spending $12 per month for ad-free YouTube and then paying for another music subscription.
Should I sign up for YouTube Music?
If you’re already a big YouTube user, then it is a no-brainer. And while the competitors out there are quite good, the fact that you can get ad-free YouTube Premium with YouTube Music makes it a much more valuable subscription than Spotify or Apple Music right now.
You can sign up for YouTube Music by clicking here, and also check out the features that are available.
The bigger they are, the harder it is for them to avoid cyberattacks. Google is a major company, and it’s a large target for hackers. This is why Google is limiting internet access for certain employees.
Cyberattacks are happening every five minutes, it seems, and large companies have the most to lose when they’re hacked. They have important information from millions of people, including their payment information, banking information, and home addresses just to name a few. That’s the reality of being a big company in the 21st century.
Google is limiting internet access for certain employees
Companies try all sorts of methods to stave off cyberattacks, and Google has a new one. According to CNBC, Google is limiting internet access for certain key employees. The company developed a program where 2,500 employees were selected. These employees’ computers lost access to the internet.
While this was the case, the employees did not enjoy that idea and gave feedback. After that, the company revised the program and allowed people to opt out of it. Also, Google opened the plan to volunteers who wanted to join.
Those who opted in will not be able to access the internet from their computer unless they’re accessing certain Google services like Gmail or Google Drive. Some employees will even lose the ability to install apps and run administrative commands.
Being able to download and install apps opens the door for malware to sneak in. A person could accidentally download an application loaded with malware.
Limiting internet access sounds like a good idea. Having access to the internet gives hackers the ability to infiltrate their computers and grab all sorts of sensitive data. We know that some, if not most, of the positions at the company require the Internet to run. However, there are some posts that don’t. We’ll need to wait to see if this method is effective.
Oracle has released a list of security patches for more than 130+ products. These products were used in several industries, including banking, communication, enterprise, development, and others.
Oracle has released the severity rating and categorized them as critical, high, medium, and low based on their CVSS 3.1 score. Over 508 new security patches and CVE IDs were released, of which 76 of them had Critical severity.
Patches and Products
The latest update for Oracle Financial Services Applications included approximately 147 patches, with 115 of them being susceptible to remote exploitation through network access.
This update addressed over 18 high-risk vulnerabilities that were deemed critical.
Oracle Communications recently received 77 security patches, with 57 of them being remotely exploitable.
Among these patches, there were over 10 critical severity vulnerabilities and 41 high severity vulnerabilities that have been successfully patched.
Recently, Oracle Fusion Middleware was patched with 60 security updates, 40 of which were identified as remotely exploitable. Among these updates, 9 were considered critical and 24 were deemed of high severity.
There are a total of 40 security patches for Oracle Communications Applications, out of which 30 can be exploited remotely. Analytics has 32 security patches, with 23 vulnerabilities that can also be exploited remotely.
MySQL has 21 security patches, with 11 of them remotely exploitable. Furthermore, a dozen products and third-party patches were released by Oracle. These products were related to JavaSE, Retail applications, Construction engineering, E-Business Suite, PeopleSoft, Siebel, etc.
In addition to these, several lists of CVE IDs with High, medium, and low severities were released by Oracle as part of its July 2023 patch.
For detailed information on the affected products, CVE IDs, fixed versions, and CVSS base score, please follow the Oracle security advisory.
Users of these products are recommended to upgrade to the latest version to prevent threat actors from exploiting them.