AI LLM on flagship devices might be possible with new Qualcomm chip

0
[ad_1]

Meta might introduce AI LLM on flagship devices thanks to their Snapdragon chip. This will give users of this coming flagship device access to the AI tool without being connected to the internet. Asides from giving users quick access to this AI tool, integrating it into the device also brings a few benefits.

Qualcomm is one of the big tech companies that Meta is working with to make LlaMa 2 more accessible. The SoC manufacturing company took to its blog to announce how it’d put this AI innovation to use. According to Qualcomm, from 2024 they’d “make available LlaMa 2-based AI implementations on flagship smartphones and PCs.”

This means that the flagship Qualcomm chip to launch in 2024 will pack LlaMa 2 in it. Having this embedded in the chip will give smartphones direct access to the AI tool for use without an internet connection. Other tech products such as laptops, VR/AR headsets, and even cars that use Qualcomm processors will get this tool integrated into their system.

Benefits of AI LLM on flagship devices to launch sometime next year

Meta and Qualcomm are optimistic about the coming on-device LlaMa 2-based implementations. Qualcomm chips to launch in 2024 will pack this AI integration to the benefit of product end users. Netizens might however wonder how this integration will be of any benefit to them and in what areas will we see its application.

Qualcomm outlines 4 areas where this LlaMa 2-based implementation will be beneficial. At the top of the list is cost reduction, and this will help reduce or eliminate cloud per-query costs. Since LlaMa 2 will run on coming Snapdragon chips, there’d be no need to run the AI service on the cloud, hence reducing cost.

The next benefit on the list is reliability and performance, since the AI model will be able to run anywhere. This removes the need for unreliable cloud servers that risk facing network issues. Qualcomm also brags that with LlaMa 2 integrated into their coming processor, users won’t need an internet connection to access this tool.

With this integration, users won’t be afraid of their data getting to any cloud server as all operations are on-device. Due to this, AI LLM on flagship devices claims to have a private and secure operation. The last benefit of this integration, according to Qualcomm, is personalization.

Without risking user privacy, this onboard AI tool will be able to cater for needs effectively. AI is shaping the future of the internet, and this move by Meta and Qualcomm is making basic tools easily accessible to end users. By next year, you will get some AI functionalities on your Snapdragon-powered flagship device.


[ad_2]
Source link

Apple employee failed to immediately report zero-day Chrome vulnerability to Google

0
[ad_1]

A zero-day vulnerability is a software flaw that was unknown to the developer or vendor before they were alerted about it; this means that they had “zero-days” to fix it. Normally, a company that finds a zero-day vulnerability would tell the developer or the vendor even if they worked for a rival outfit. Why? Because it helps stop a malicious hacker, it helps clean up the industry, and because the company never knows when it might be on the other side of such a situation.

The other day, per 9to5Mac, an Apple employee discovered a zero-day vulnerability in Google Chrome but did not immediately report it to Google. When discussing the update to the Chrome Browser to fix the zero-day vulnerability, Google pointed out that the bug was discovered during a hacking competition called “Capture The Flag” (CTF) back in March. And now Google has patched the flaw although it can’t thank Apple for pointing out the issue to it.
So how did Google find out about the Zero-day vulnerability hanging over the head of its Chrome Browser? A Google employee wrote in a blog (via TechCrunch) that another participant in the CTF competition reported the bug on March 26th. What he wrote was that “This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022.”
TechCrunch eventually found a Discord channel where someone who claimed to be the Apple employee who found the vulnerability explained why he did not report it to Google. The person, who goes by the name of Gallileo, wrote on July 6th, “It took me 2 weeks working on it full time to root cause, write [the] exploit [Proof of Concept] and writeup the issue such that it can be fixed.”

He went on to say that the flaw “…was reported on June 5th, through my company. Yes it was late, there are multiple reasons for that. I first had to find the person responsible, the report had to be signed off by people and then the person responsible was OOO (out of the office). It’s commendable that Chrome decided to fix it asap, but I think there wasn’t any real urgency. Only you and my team was aware of it and the issue is likely not that great in a real-world scenario (doesn’t work on Android, pretty visible since it freezes the Chrome GUI for a few seconds.”

The original report, as noted, was dated March 26th and Google decided to reward the person who brought it to their attention with a “bug bounty” of $10,000. Who says that it doesn’t pay to be a bug exterminator? Also, it’s not unusual for flaws to be discovered during “Capture the Flag” hacker competitions.


[ad_2]
Source link

Fake ChatGPT and AI pages on Facebook are spreading infostealers

0
[ad_1]

AI services like ChatGPT, Google BARD, and Jasper are being abused to spread malware like BundleBot and Doenerium through Facebook.

In a recent discovery by cybersecurity firm Check Point Research (CPR), cybercriminals have been found using Facebook as a platform to deceive unsuspecting users into downloading malicious malware, ultimately leading to the theft of private information and passwords.

In this attack trend, scammers are taking advantage of the increasing interest in generative artificial intelligence-based (AI) applications, such as Google Bard and OpenAI’s ChatGPT, to lure users into their traps.

The latest discovery by CPR should not come as a surprise, as Facebook has a track record of being abused by cybercriminals. Its features have been abused over the years to spread malware, or worse, even ransomware.

Just a couple of days ago, Malwarebytes confirmed that a Vietnamese threat actor was stealing malware through META Business Accounts. The scam is also utilizing malicious Chrome browser extensions to successfully exfiltrate Facebook login credentials.

The Scam Operation:

The modus operandi of these cybercriminals involves creating fake Facebook pages or groups, posing as popular AI brands, and generating engaging content to attract users’ attention.

Once users interact with the content by liking or commenting, it appears on their friends’ feeds, further spreading the scam. The fraudulent pages then offer a new service or exclusive content via a link, which leads users to unknowingly download malicious malware designed to steal their online passwords, cryptocurrency wallets, and other sensitive information stored in their browsers.

Examples of targeted AI brands include Bard New, Bard Chat, GPT-5, G-Bard AI, and the popular AI brand Jasper AI. These scammers meticulously replicate legitimate pages, using bots and Vietnamese chat language to give the appearance of authenticity and credibility.

The Malicious Payload:

The malware delivered by these fake Facebook pages is identified as “Doenerium,” an infostealer previously observed in various scams. This malware operates stealthily to gather various types of information, including browser data like cookies, bookmarks, and browsing history.

According to CPR’s report, the malware also steals cryptocurrency wallet information, FTP credentials, and sessions from social and gaming platforms. The stolen data is then consolidated into an archive and uploaded to file-sharing platforms.

Sophisticated Scams and the Rise of BundleBot:

While some scams rely on open-source toolsets and free services, others adopt more sophisticated techniques. Check Point Research recently uncovered advanced campaigns that employ Facebook ads and compromised accounts to distribute a stealthy stealer-bot called BundleBot.

This new malware operates under the radar, making it challenging to detect and shut down these campaigns. BundleBot specifically targets stealing Facebook account information, making the campaigns self-sustaining.

The Rising Threat of Infostealers:

The rise in infostealer usage can be linked to the growth of underground markets, where initial access brokers focus on obtaining and trading access or credentials to compromised systems. As the value of data increases for targeted attacks like business email compromise and spear-phishing, the proliferation of infostealers has grown.

Protecting Against Scams:

As public interest in AI-based solutions continues to rise, it’s crucial for individuals and organizations to stay vigilant against cybercriminal tactics. Users can identify phishing and impersonation attempts by verifying the sender’s email or web address, looking for domain misspellings, and downloading software only from trusted sources. 

  1. Fake ChatGPT Extension Hijacks Facebook Accounts
  2. Alert: Scammers Pose as ChatGPT in New Phishing Scam
  3. WormGPT – The Malicious ChatGPT Alternative Goes Viral
  4. 100,000 Hacked ChatGPT Accounts Discovered on Dark Web
  5. FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks

[ad_2]
Source link

US college students can now add their IDs to Samsung Wallet

0
[ad_1]

Samsung Wallet, like Google Wallet, is a useful app to store all your most important cards, and now that includes student IDs for college students. Samsung today announced officially that Samsung Wallet is adding student IDs to the app in partnership with colleges across the US.

So if you attend one of the compatible schools, you can store your ID inside of the app and use that anywhere you’d need the physical ID. Presumably this should work for anything around campuses where an ID might be needed. Though it’s not hard to imagine some schools having a policy or rule that requires the physical ID card.

There are of course some caveats. You’ll need to have a Galaxy smartphone to use the Samsung Wallet app. The app also has to be updated to the latest version. As this feature is part of an update. The good news is that the update should be live for users who meet that criteria. The only other thing you need is to be at a school where this is available.

Samsung Wallet with student IDs works at 68 colleges

There’s a lot of different educational institutions across the country, but Samsung Wallet’s new feature doesn’t just work at every single one of them. The company says that it’s started with 68 different locations. These are “colleges, universities, and higher education institutions across the nation.”

Samsung says this works at schools like Penn State, the University of Florida, Central Michigan University, University of North Alabama, and the Stevens Institute of Technology. It doesn’t give a full list of schools where the digital IDs are available though. Samsung says that if students want to know if their school supports it, they need to contact the school directly.

As for the compatible Galaxy devices, Samsung lists them on its Wallet FAQ page. As for features, the digital student IDs can be used for a number of things. Unlocking doors at dorm rooms, and in some cases for NFC-based payments. And there’s a built-in Power Reserve feature. With this, students tap their phone to use the ID even if the phone has turned off from low battery.


[ad_2]
Source link

A foldable Nothing smartphone is unrealistic for now, here’s why

0
[ad_1]

Since its inception, the startup smartphone brand Nothing has got some fans, and they are clamoring for a foldable smartphone. Despite these cries for a foldable device, Nothing’s CEO might have other plans for his brand. In the meantime, these plans have ‘nothing’ to do with developing or launching a foldable smartphone.

This point of view is not one that Carl Pei recently nurtured, as it has been his standpoint for quite a while. His view of the foldable smartphone industry and the actual nature of his company are major factors hindering the launching of a foldable smartphone. After the launch of the Nothing Phone 2, Carl Pei called foldable smartphones a “forced innovation.” 

According to him, smartphone manufacturers are forcing these devices on consumers worldwide. This claim is off-putting because Nothing’s smartphones come with a feature that not everybody might want. Carl Pei later clarified his standpoint, and it now sounds more understandable.

A clearer understanding of the Nothing CEO’s take on foldable smartphones

In a recent interview with The Verge, Carl Pei gave netizens a clearer understanding of his stance regarding foldable smartphones. From his explanation, the reason his company won’t develop a foldable device anytime soon is profitability. For them, the big question on their mind will be if they have a niche the device will cater to.

At the moment, Nothing is still working hard to establish its presence in the smartphone industry. Despite having two solid Android devices to their name, they still need to build a strong community of users. The launch of the Nothing Phone 2 brought the brand into America for the first time since its inception.

This goes to show that at the moment Nothing doesn’t have a community that might need foldable devices. So launching a foldable anytime soon might result in a waste of resources for the company. Foldable smartphones are not what the brand requires at this point to firmly establish their presence in the smartphone industry.

By sticking to the device form factor they have now and perfecting it, They will be able to achieve their dream. Once this is done, and they have secured a firm consumer base, the brand can then turn its attention to launching a foldable Nothing smartphone. Brands like Samsung, OPPO, Vivo, Huawei, and Honor just to mention a few, already have a strong consumer base and can afford to launch foldable devices.


[ad_2]
Source link

Chrome to offer more options when syncing tab groups

0
[ad_1]

When you sign into your Google account using Chrome on a new device, you don’t have to worry about transferring your data. Based on your settings, all your data will sync, so you’ll be able to pick up where you left off. Now, Chrome is going to give you more control over how it syncs your tab groups.

If you don’t know about tab groups, here’s a little rundown. You might really like this feature. If you are the type of person who needs to have a bunch of tabs open, there’s a way that you can organize them. You can organize your tabs into tab groups.

When you make a tab group, you’ll see a colored dot appear next to the left-most tab in the group. You’ll also see a line under all of the tabs in the group. The line’s color will match the color of the dot. If you right-click the dot, you’ll be able to give the group a name.

This is also a space saver, as when you click on the dot/group name, it will compress to the size of the group’s name. If you want to make a group, select the tabs, right-click, and click on the Add to new group button.

Chrome will give you more control over how it syncs tab groups

This feature is only for the latest version of Chrome Canary (v. 117), so the average user won’t see it. Back in January, @Leopeva64 spotted a toggle that would enable your tab groups to be synced along with your other data. However, this feature would sync your saved tabs and your active tabs at the same time. There was no option to sync them separately.

This would have been a bummer because you might only want to move your saved tabs groups and not your current active tabs. However, it appears that the company changed its mind about this. Leopeva64 saw just recently that Chrome will give you the option to sync them separately.

We’re not sure when Camary version 117 will get a stable release, but it’s good to see that the feature will give you more control.


[ad_2]
Source link

Hackers Turn Exchange Servers into Malware C&C

0
[ad_1]
Exchange Servers Malware

Turla, also known as Secret Blizzard, KRYPTON, and UAC-0003, is an Advanced Persistent Threat (APT) group that has been associated with Russia’s Federal Security Service (FSB).

This group has gained fame for its sophisticated and persistent cyber threat activities.

The threat actors, known for targeting Western interests, were recently involved in disrupting the Snake cyber-espionage botnet through Operation MEDUSA, among other attacks.

The cybersecurity researchers at Microsoft Threat Intelligence and the government’s computer emergency response team of Ukraine CERT-UA recently warned about Turla targeting the defense industry and Microsoft Exchange servers with CAPIBAR (aka DeliveryCheck, GAMEDAY), a new malware in their recent attacks.

Microsoft Warns of Exchange Server Attacks

Here below, we have mentioned all the tweets that Microsoft Threat Intelligence tweets:-

Hackers Targeting Exchange Servers

The phishing emails with malicious macros contained within the  Excel XLSM attachments initiate the attacks, and activating macros runs a PowerShell command, imitating a Firefox browser updater through a scheduled task.

For the deployment of malicious payloads and execution of the received commands, the scheduled task downloads the CAPIBAR malware. While this task also connects the malware to the C&C server under the control of the threat actor after launching it in memory.

Attack flow (Source – CERT-UA)

The backdoor allows threat actors to exfiltrate data via Rclone after infecting devices. Notably, CAPIBAR transforms the Microsoft Exchange server into a command and control server, setting it apart from other threats.

With the help of a PowerShell module, “Desired State Configuration” the Microsoft Exchange server-side component is installed.

While this module is used by admins to apply standardized server configurations to devices automatically, creating default templates for several devices with settings that are identical in nature.

Turla threat actors use DSC to auto-load a base64-encoded Windows executable, converting Exchange into a malware server. Not only that even, Microsoft and CERT-UA also noted KAZUAR backdoor drop.

Microsoft Exchange server-side component (Source – CERT-UA)

Moreover, this cyberespionage tool enables threat actors to perform several illicit activities like execute JavaScript, extract data from event logs, and steal credentials from various programs such as:-

  • Browsers
  • FTP clients
  • VPN software
  • KeePass
  • Azure
  • AWS
  • Outlook

Based on Turla’s distinctive tactics, techniques, and KAZUAR use, this activity (UAC-0024) is confidently linked to Russia’s FSB-led group (UAC-0003, KRYPTON, Secret Blizzard). Apart from this, all the malicious samples were distributed to aid threat detection.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


[ad_2]
Source link

YouTube Music: Everything You Need To Know

0
[ad_1]

YouTube Music is Google’s latest attempt at making a streaming music service, and it’s actually a pretty good alternative to Spotify, Apple Music and Amazon Music. YouTube Music actually debuted way back in 2015, meaning it is now around seven years old. However, it was missing a lot of features when it first launched, and then later relaunched in 2018 with many more features and saw the end of Google Play Music.

YouTube is already one of the biggest names in media, so YouTube Music is likely going to be one of the biggest streaming services out there. So here’s everything you need to know about YouTube Music.

What is YouTube Music?

YouTube Music is Google’s second attempt at making a streaming service. Back in 2011, Google announced Google Play Music and offered streaming music for just $7.99 per month at first. Fast-forward to 2015 when Google debuted YouTube Music, and essentially had two different streaming music services. Google Play Music and YouTube Music. Though the writing was on the wall for Google Play Music.

Google then relaunched YouTube Music in 2018 along with bundling it with YouTube Premium for $12.99 per month.  Though you can also still pay for it separately. However, adding ad-free YouTube to the Music service means that it’s much more valuable than its competitors.

YouTube Music boasts over 50 million songs in its catalog. Which is among the most of the biggest streaming music services.

Screenshot 2023 07 20 at 8 27 41 AM

How much does it cost?

YouTube Music ranges from free to $17 per month, depending on the plan you get.

YouTube Music by itself is available free with ads running every three to six songs, and you don’t get access to a lot of other features that the service has. If you do opt to pay, it’s $5.49 per month for students, $11 per month for everyone else and $17 per month for families (up to 5 users).

That’s pretty much the same price as its competitors, like Spotify, Amazon Music, Apple Music and others. So it’s not a bad price, but not an incredibly good price either.

Update: On July 20, 2023, Google announced a price increase for YouTube Music. It has gone up by a buck per month to $10.99. For the annual plan, it’s now $109.99, and the Student plan is now $5.49.

Is YouTube Premium included?

You can get YouTube Premium included with Music – though you can’t get Premium without Music. So if you get the full YouTube Premium package, it’s going to cost you $7 per month for a student, $12 per month for everyone else and $17 per month for families.

This is the plan that we recommend if you’re going to go with YouTube Music. As you’re paying $2 more per month and getting background playback, downloads and ad-free YouTube. Which given the amount of ads on YouTube, having ad-free YouTube is definitely worth the extra $2 per month.

YouTube Music free vs Premium tiers

Much like Spotify, YouTube Music does have a free and a paid tier of its music service. The free tier of YouTube Music isn’t quite the same as what Spotify offers. For example, you get more than just ads. You also cannot play music in the background, at least on the Android app. The easy way around this is to use the desktop web version, as you can still play it in the background as long as the tab is open.

With the free version, you also do not get any recommendations, or the ability to stream new music. So you’re basically limited to the playlists that YouTube Music has already created. That might be enough for some, but likely not for everyone.

What features does YouTube Music have?

YouTube Music doesn’t really have many features that you wouldn’t find elsewhere with other streaming services. But YouTube Music does do a really good job with discovery, almost as good as Spotify, to be quite honest.

Ad-free listening

If you sign up for YouTube Music Premium, you’re going to get ad-free listening. So you won’t hear any ads on your music, or between your music. You’ll also get background playback, which you don’t get on the free version.

This is one of those features that you’d expect with a paid music service, however, so this is not a big surprise. But definitely good to see, since we know how much YouTube and Google loves ads.

Effortless discovery

One feature that Spotify has and does really well with is discovery. Whether that’s prompting you to add more songs to your playlists, mixing playlists just for you, or even surfacing other songs that you might like, it just does a really good job. YouTube Music has greatly improved over the years. Discovery is very good and makes it easy to populate a new playlist, with songs that you like and played quite a bit.

Screen Shot 2022 03 24 at 10 10 13 AM

Supermix

The Supermix or sometimes called “My Mixtape” has about 100 songs that spans across your tastes in music, and it is continually updating. When you first start using YouTube Music, you’ll notice it updating daily or even more often. But as you get into using YouTube Music and using it for quite some time, it may not change as often, as YouTube Music knows what kind of music you like and listen to.

You can download your Supermix too – in fact that is the only playlist I have downloaded and usually use it in the car, as I don’t need to worry about choosing a specific song. YouTube Music allows you to limit how many songs are downloaded too, so it does not take up all of your phone’s storage. Which is super smart.

YouTube Music also has other mixes for you, including different My Mixes, and a Discover Mix that has new music for you to discover. This is a playlist that YouTube Music thinks has music you’ll love.

Screen Shot 2022 03 24 at 9 54 29 AM

Where is YouTube Music available?

As of early 2022, YouTube Music is available in over 95 countries. These include:

  • American Samoa
  • Argentina
  • Aruba
  • Australia
  • Austria
  • Bahrain
  • Belarus
  • Belgium
  • Bermuda
  • Bolivia
  • Bosnia & Herzegovina
  • Brazil
  • Bulgaria
  • Canada
  • Cayman Islands
  • Chile
  • Colombia
  • Costa Rica
  • Croatia
  • Cyprus
  • Czech Republic
  • Denmark
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Estonia
  • Finland
  • France
  • French Guyana
  • French Polynesia
  • Germany
  • Greece
  • Guadeloupe
  • Guam
  • Guatemala
  • Honduras
  • Hong Kong
  • Hungary
  • Iceland
  • India
  • Indonesia
  • Ireland
  • Israel
  • Italy
  • Japan
  • Kuwait
  • Latvia
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Malaysia
  • Malta
  • Mexico
  • Netherlands
  • New Zealand
  • Nicaragua
  • Nigeria
  • North Macedonia
  • Northern Mariana Islands
  • Norway
  • Oman
  • Panama
  • Papua New Guinea
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Qatar
  • Romania
  • Russia
  • Saudi Arabia
  • Serbia
  • Singapore
  • Slovakia
  • Slovenia
  • South Africa
  • South Korea
  • Spain
  • Sweden
  • Switzerland
  • Lebanon
  • Taiwan
  • Thailand
  • Turkey
  • Turks and Caicos Islands
  • U.S. Virgin Islands
  • Ukraine
  • United Arab Emirates
  • United Kingdom
  • United States
  • Uruguay
  • Venezuela

How does it compare to the Competition?

If you’re looking to switch to YouTube Music from a competitor like Spotify or Apple Music, you may be wondering how it stacks up to the competition, well, it stacks up pretty well. Though Spotify is still the best option for most people, due to the amount of features it has – remember Spotify is a music streaming company first, and doesn’t have its hand in many other areas like Google and Apple do.

One thing that YouTube Music does lack though, is Podcasts being included in the platform. Spotify has podcasts included, making it a one-stop shop for all of your audio needs. However, there is Google Podcasts, but that would require another app to be used. Of course, Spotify does also have some exclusive podcasts like Joe Rogan and Michelle Obama.

YouTube Music also lacks in audio quality, where it maxes out at 256kbps, and Spotify’s 70 million song library can hit 320kbps. Most people won’t notice a difference with that, but if you do use the right equipment, you can tell a small difference in the audio quality there. Though Neither is as good as Apple Music’s Spatial Audio. Or Amazon Music’s HD music selection – which are included in their prices.

YouTube Music has less songs than the competition, but still has a ton. Apple Music has 90 million, Spotify has 70 million and Amazon Music has 75 million. Though at those numbers, there’s not a huge difference.

If you want ad-free YouTube, then YouTube Music is going to be the right choice for you. Unless you’re okay with spending $12 per month for ad-free YouTube and then paying for another music subscription.

YouTube Music Playlists DG AH 2020

Should I sign up for YouTube Music?

If you’re already a big YouTube user, then it is a no-brainer. And while the competitors out there are quite good, the fact that you can get ad-free YouTube Premium with YouTube Music makes it a much more valuable subscription than Spotify or Apple Music right now.

You can sign up for YouTube Music by clicking here, and also check out the features that are available.


[ad_2]
Source link

Google limits internet access to limit cyberattack risk

0
[ad_1]

The bigger they are, the harder it is for them to avoid cyberattacks. Google is a major company, and it’s a large target for hackers. This is why Google is limiting internet access for certain employees.

Cyberattacks are happening every five minutes, it seems, and large companies have the most to lose when they’re hacked. They have important information from millions of people, including their payment information, banking information, and home addresses just to name a few. That’s the reality of being a big company in the 21st century.

Google is limiting internet access for certain employees

Companies try all sorts of methods to stave off cyberattacks, and Google has a new one. According to CNBC, Google is limiting internet access for certain key employees. The company developed a program where 2,500 employees were selected. These employees’ computers lost access to the internet.

While this was the case, the employees did not enjoy that idea and gave feedback. After that, the company revised the program and allowed people to opt out of it. Also, Google opened the plan to volunteers who wanted to join.

Those who opted in will not be able to access the internet from their computer unless they’re accessing certain Google services like Gmail or Google Drive. Some employees will even lose the ability to install apps and run administrative commands.

Being able to download and install apps opens the door for malware to sneak in. A person could accidentally download an application loaded with malware.

Limiting internet access sounds like a good idea. Having access to the internet gives hackers the ability to infiltrate their computers and grab all sorts of sensitive data. We know that some, if not most, of the positions at the company require the Internet to run. However, there are some posts that don’t. We’ll need to wait to see if this method is effective.


[ad_2]
Source link

Oracle Patches 32 Critical Flaws in MySQL, WebLogic, & VirtualBox

0
[ad_1]

Oracle has released a list of security patches for more than 130+ products. These products were used in several industries, including banking, communication, enterprise, development, and others. 

Oracle has released the severity rating and categorized them as critical, high, medium, and low based on their CVSS 3.1 score. Over 508 new security patches and CVE IDs were released, of which 76 of them had Critical severity.

Patches and Products

The latest update for Oracle Financial Services Applications included approximately 147 patches, with 115 of them being susceptible to remote exploitation through network access.

This update addressed over 18 high-risk vulnerabilities that were deemed critical.

Oracle Communications recently received 77 security patches, with 57 of them being remotely exploitable.

Among these patches, there were over 10 critical severity vulnerabilities and 41 high severity vulnerabilities that have been successfully patched.

Recently, Oracle Fusion Middleware was patched with 60 security updates, 40 of which were identified as remotely exploitable. Among these updates, 9 were considered critical and 24 were deemed of high severity.

There are a total of 40 security patches for Oracle Communications Applications, out of which 30 can be exploited remotely. Analytics has 32 security patches, with 23 vulnerabilities that can also be exploited remotely.

MySQL has 21 security patches, with 11 of them remotely exploitable. Furthermore, a dozen products and third-party patches were released by Oracle. These products were related to JavaSE, Retail applications, Construction engineering, E-Business Suite, PeopleSoft, Siebel, etc.

In addition to these, several lists of CVE IDs with High, medium, and low severities were released by Oracle as part of its July 2023 patch.

For detailed information on the affected products, CVE IDs, fixed versions, and CVSS base score, please follow the Oracle security advisory.

Users of these products are recommended to upgrade to the latest version to prevent threat actors from exploiting them.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


[ad_2]
Source link