Amazon’s $1.7 billion acquisition of iRobot is under investigation by the European Commission

andreasc
-
0
Amazon’s $1.7 billion acquisition of iRobot is under investigation by the European Commission
[ad_1]

It’s no secret that Amazon’s quest to dominate almost every smart home segment has landed the company in regular trouble. Now, in a recent development, Amazon’s $1.7 billion acquisition of iRobot has come under scrutiny from the European Union’s regulatory body, the European Commission. It fears that this acquisition could result in restricted competition within the market for robotic vacuum cleaners, not only in the United States but also in Europe.

One of the major concerns for the commission stems from the fact that Amazon, as the controller of the biggest marketplace, could manipulate iRobot’s competitors from selling their robot vacuums on its platform. Additionally, the commission also fears that Amazon could manipulate search results, both paid and unpaid, in favor of iRobot’s products and charge significantly higher advertising fees to competing products, creating barriers to entry and limiting consumer choice.

Limiting access to Alexa

In this day and age of smart home products, voice-activated appliances have become a common phenomenon. However, with this new acquisition, the commission suspects that Amazon might limit its popular voice assistant, Alexa, to iRobot families only, stifling competition and ultimately leading to better sales for iRobot.

Furthermore, Amazon’s data privacy record is also of concern to the commission as this merger will grant the company access to iRobot’s data, which could lead to Amazon using it to enhance personalized advertising, giving them another unfair advantage over competitors and potentially compromising consumer privacy.

Although the matter is still under active investigation, the commission will make the final decision regarding the merger by November 15th. However, if successful, the acquisition will make iRobot part of Amazon’s ever-growing smart home family, which includes Ring, Blink, and Eero.

Amazon’s Response

When talking about the investigation, Amazon spokesperson Alexandra Miller stated, “We continue to work through the process with the European Commission and are focused on addressing its questions and any identified concerns at this stage.”

“iRobot, which faces intense competition from other vacuum cleaner suppliers, offers practical and inventive products. We believe Amazon can offer a company like iRobot the resources to accelerate innovation and invest in critical features while lowering prices for consumers.”


[ad_2]
Source link

Warning issued over increased activity of TrueBot malware

andreasc
-
0
Warning issued over increased activity of TrueBot malware
[ad_1]

CISA, the FBI, the MS-ISAC, and the CCCS have warned about increased activity of the TrueBot malware in the US and Canada.

In a joint advisory, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) have warned about newly identified TrueBot malware variants used against organizations in the US and Canada.

As we reported in our May 2023 ransomware review, ransomware groups like Cl0p gain access to a network and then sneakily deploy TrueBot malware and a Cobalt Strike beacon to infiltrate and creep around, grabbing data along the way.

At its core, Truebot is a Trojan.Downloader. Besides gathering system information, it is capable of downloading and executing additional payloads. As such, it is an ideal malware for IAB groups that want to plant a backdoor on a system and do some basic reconnaissance of the network. For those purposes, recent versions of Truebot collect the following: A screenshot, the computer name, the local network name, and active directory trust relations. Active Directory trust relations allow organizations to share users and resources across domains.

Previous TrueBot malware variants were primarily delivered by cybercriminals via malicious phishing email attachments. Newer versions allow cyber threat actors to also gain initial access through exploiting CVE-2022-31199, a remote code execution vulnerability in the Netwrix Auditor application. This allows the attacker to deploy the malware at scale within the compromised environment. Through exploitation of this CVE, cybercriminals can gain initial access, as well as the ability to move laterally within the compromised network.

The advisory explains how TrueBot has been observed in association with:

  • Raspberry Robin: a wormable malware with links to other malware families and various infection methods, including installation via USB drive.
  • FlawedGrace: a remote access tool (RAT) that can receive incoming commands [T1059] from a C2 server, which is typically deployed minutes after TrueBot malware is executed.
  • Cobalt Strike: a collection of threat emulation tools cybercriminals use for persistence and data exfiltration purposes.
  • Teleport: a custom data exfiltration tool.

In a separate malware analysis report, interested parties can find a comprehensive analysis of a recently discovered TrueBot executable.

Malwarebytes blocks the download URLs and detects Truebot as Malware.AI.{id.nr.}. Cl0p ransomware is detected as Malware.Ransom.Agent.Generic. But obviously prevention is better than remediation. The Malwarebytes web protection module blocks the C2 servers mentioned in the Malware Analysis Report.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Protect Yourself from the Canada Wildfires

andreasc
-
0
Protect Yourself from the Canada Wildfires
[ad_1]

The Amazon Smart Air Quality Monitor is a great way to protect yourself from smoke from the Canada wildfires. The monitor measures PM 2.5, a type of particulate matter that can be harmful to your health. It also measures carbon monoxide, humidity, and temperature. The monitor is easy to use and can be connected to your Amazon Alexa device.

Right now, the Amazon Smart Air Quality Monitor is on sale for roughly 33% off, that brings the price down to just $46.99. This is a great opportunity to protect yourself from smoke from the Canada wildfires. As the smoke moves down into the US.

Amazon Smart Air Quality Monitor – Amazon

Why you should buy the Amazon Smart Air Quality Monitor

The Amazon Smart Air Quality Monitor is a great way to keep track of the air quality in your home. It measures PM 2.5, carbon monoxide, humidity, and temperature. This information can help you make decisions about how to protect yourself and your family from harmful air pollutants.

Here are some of the reasons why you should buy the Amazon Smart Air Quality Monitor:

  • Measures PM 2.5: PM 2.5 is a type of particulate matter that is small enough to enter the lungs and cause health problems. The Amazon Smart Air Quality Monitor measures PM 2.5 levels in real time, so you can see how the air quality is changing throughout the day.
  • Measures carbon monoxide: Carbon monoxide is a colorless, odorless gas that can be deadly. The Amazon Smart Air Quality Monitor measures carbon monoxide levels in real time, so you can be alerted to any problems.
  • Measures humidity and temperature: Humidity and temperature can also affect your health. The Amazon Smart Air Quality Monitor measures humidity and temperature levels in real time, so you can make sure that your home is comfortable and safe.
  • Easy to use: The Amazon Smart Air Quality Monitor is easy to set up and use. Just plug it in, connect it to your Wi-Fi network, and download the Amazon Alexa app. You can then use the app to view air quality data, get alerts, and control the monitor’s settings.
  • Connects to Alexa: The Amazon Smart Air Quality Monitor can be connected to your Amazon Alexa device. This means you can use your voice to get air quality information, get alerts, and control the monitor’s settings.

If you are concerned about the air quality in your home, the Amazon Smart Air Quality Monitor is a great way to keep track of it. It is easy to use, affordable, and can be connected to your Amazon Alexa device. Order yours today!

Overall, the Amazon Smart Air Quality Monitor is a great way to protect your health and improve your quality of life. It is a small investment that can make a big difference.

Amazon Smart Air Quality Monitor – Amazon


[ad_2]
Source link

The Apple Vision Pro headset might only be available on an appointment basis

andreasc
-
0
The Apple Vision Pro headset might only be available on an appointment basis
[ad_1]

Ever since its announcement, the Apple Vision Pro headset has garnered widespread public interest, thanks in part to the company’s implementation of spatial computing and immersive AR experience. As a result, despite the steep $3500 price tag when compared to other offerings from Meta, many users are still looking to get their hands on the device. However, according to a new report from renowned Apple leaker Mark Gurman, the company will only make the Vision Pro headset available on a per-appointment basis.

You’ll need an appointment if you want the Apple Vision Pro

Gurman states that this decision is based on the fact that the Apple Vision Pro will cater to the specific needs of individuals, as people have different eyesight and head shape. Additionally, this approach will offer customers a unique and personalized experience by allowing them to try on the headset in specially designated sections within select Apple Stores, including those in Los Angeles and New York. Although this in-store experience will gradually expand to other locations in the US, international availability will begin at the end of 2024, starting with countries such as the United Kingdom and Canada, followed by Europe and Asia.

During these appointments, Apple will first ensure that the headset fits correctly on the user’s head, and in the case of a prescription, the company will then provide lens inserts. However, it is important to note that these lens inserts will reportedly cost $300. Furthermore, the company is also developing an iPhone app and a physical scanning machine that will ensure the right fit for every head size and prevent any external light from interfering with the user’s field of view.

Production issues are still a major concern

Although Apple’s stated reasoning behind the appointment-based availability is to cater to the specific needs of individuals, the real reason may be attributed to production issues surrounding the Apple Vision Pro headset. This is because the company is facing significant production challenges, particularly with the EyeSight feature, which uses internal cameras to replicate the wearer’s eyes on the front of the headset. Moreover, the Vision Pro’s two micro-OLED displays manufactured by Sony and TSMC are also experiencing low yields, further complicating the process.


[ad_2]
Source link

Malwarebytes Browser Guard introduces three new features

andreasc
-
0
Malwarebytes Browser Guard introduces three new features
[ad_1]

Malwarebytes Browser Guard introduces three new features: Content control, import & export, and historical detection statistics

Malwarebytes Browser Guard is our free browser extension for Chrome, Edge, Firefox, and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It’s the world’s first browser extension to do this while also identifying and stopping tech support scams. 

An often heard misconception is that people think they don’t need Browser Guard since they already have Malwarebytes Premium or a firewall, but since Browser Guard comes in the form of a browser extension it can offer protection to the browser that other means of protection do not have access to.

new Browser Guard dashboard

This is also true the other way around: It can only protect the browsers that have it installed as an extension. It can’t protect other parts of the system or other applications. So while there is an overlap, you need both to optimize protection.

New features

The Malwarebytes engineers have been hard at work to make Browser Guard even better, and we can now announce three new features for Premium users:

  • Content Control: With this, you can dial up your control of your browsing experience and define what’s appropriate for you. Fully customize the content you want to block while you – or your kids – are browsing.
  • Import and Export: Use your preferences and customized rules with all your browsers, even on other devices. This helps you to experience a consistent and clean web experience. Discover on this video how to transfer Malwarebytes Browser Guard settings to another browser.
  • Historical Detection Statistics: View past detections and see what we’ve protected you from.  

 screenshot of the new statistics feature

Please note that these new features are only available for Windows systems.


[ad_2]
Source link

Evernote canned most of its US-based employees

andreasc
-
0
Evernote canned most of its US-based employees
[ad_1]

Evernote is a popular note-taking platform that’s been around for quite some time. The company has been doing pretty well over the past couple of years, but that doesn’t mean that it’s not safe from lay-offs. According to a new report, Evernote laid off most of its US-based employees.

Evernote is one of the oldest note-taking platforms still around. It launched back in 2008, and it offered some amazing features for the time. Now, there’s a lot more competition out there like Google Keep Notes and Bundled Notes. However, Evernote has been able to drag itself out of its mid-2010s slump.

Evernote laid off most of its US employees

Evernote was created in America, but it was sold to the Italian company Bending Spoons in November of last year. Bending Spoons is a mobile developer, and Evernote stated that it will use Bending Spoons’ app expertise to bring in new features.

In February, Evernote laid off 129 employees, and Bendy Spoons stated that the company’s way of business was “unsustainable in the long term.” Now, a few months later, more people at Evernote are finding themselves without a job.

Evernote states that its now-former employees were told on July 5th that they were laid off. While that’s a bummer, the company provided them a severance package. Those laid-off employees will get 16 weeks of severance pay along with a performance bonus and a year’s worth of health insurance. This will help them stay afloat while they pursue other jobs.

This mass layoff only affected the company’s US and Chile-based employees, it seems. The reason behind this might not be completely driven by the current economic situation. It appears that Bending Spoons is most likely doing this to strengthen its European workforce. If that’s the case, then it might hire more people in European countries.

At this point, we don’t know how many people were laid off, and we don’t know how many people are still in the States. Only time will tell if this is going to help the brand.


[ad_2]
Source link

New report highlights the stress of being a tech executive

andreasc
-
0
New report highlights the stress of being a tech executive
[ad_1]

Everyone knows that being a tech executive comes with a certain level of stress, but the ostensible payoffs seem to be worth it. Well, a new report (via Business Insider) highlights how bad it can actually get. It seems that most tech executives’ jobs are causing them extreme mental distress and bodily harm because of unhealthy coping mechanisms.

The stress of being a tech executive comes from different places

This report comes from All Points North, a Colorado-based addiction treatment center. The establishment surveyed 501 executives from several tech firms with more than 1,000 employees between April 27th and May 15th this year. The findings are pretty bad.

Fear and stress

A big part of the stress these leaders are feeling is from the fear of losing their jobs. Since last year, major tech companies like Google, Meta, Amazon, Microsoft, and many more have been on a lay-off spree, shedding tons of employees. Of those surveyed, about 38% have experienced fear due to the more recent layoffs. 77% of them say that these recent layoffs have negatively impacted their mental health.

The fear isn’t only coming from the layoffs; executives are also feeling stress about something else that happened last year, the rise of generative Artificial Intelligence. Tools like ChatGPT threaten to put thousands- if not millions- of upper-level workers out of their jobs. 31% of the executives worry that AI will replace them in their position. 74% say that this fear has negatively affected their mental health.

Unhealthy coping mechanisms

While working in an office can cause some bodily harm, sometimes what we do to cope with the stress can make things worse. The report found that many of these workers are using different controlled substances to cope with the stress.

A staggering 78.8% of the people report that they’re taking some sort of controlled substance to deal with the stress. They’re either taking medication prescribed by their doctor or otherwise. 48% of the people say that they use some substance nearly every day to deal with the stress, and 36% say that their work environment has contributed to their substance use.

37% and 31% say that their substance usage has increased due to the recent layoffs and the rise of AI, respectively. These substances include drugs like Codeine, Oxytocin, Vicodin, and other codeine and morphine derivatives. They also include alcohol and smoking. You can see the full report here.

This report is a real eye-opener, and it shows how the current environment in the tech industry is having an impact on the workers. With layoffs due to the falling economy and rising AI, it’s proving to be too much for those under the fear of being laid off.

It’s sad to see, and only time will tell if it will get worse.


[ad_2]
Source link

MOVEit Transfer fixes three new vulnerabilities

andreasc
-
0
MOVEit Transfer fixes three new vulnerabilities
[ad_1]

CISA has warned users about three new vulnerabilities in Progress Software’s MOVEit Transfer software.

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about three new vulnerabilities in Progress Software’s MOVEit software. A cybercriminal could exploit some of these vulnerabilities to obtain sensitive information.

In the advisory, CISA encouraged users to review Progress’ MOVEit Transfer article and apply the updates.

The MOVEit file transfer software has been making headlines over the last two months. Earlier vulnerabilities in the software have been used by the Cl0p ransomware gang to make hundreds of victims, and new victim names are published on the Cl0p leak site every single day.

Since the alarm was first raised, the software has been under scrutiny and more vulnerabilities have since been found. This, unfortunately, is not unexpected, and no doubt many software packages would reveal vulnerabilities with so many researchers looking at them.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs patched in this update are:

CVE-2023-36934 (Critical): In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CVE-2023-36932 (High severity): In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CVE-2023-36933 (High severity): In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.

Before implementing the fix it is important to make sure you are on MOVEit Transfer 2020.1.6 (12.1.6) or later version of 2020.1 (12.1) and follow the instructions in the MOVEit article.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.


[ad_2]
Source link

You can now switch back to the older version of TweetDeck

andreasc
-
0
You can now switch back to the older version of TweetDeck
[ad_1]

Twitter seems to have rolled back the last week’s forced TweetDeck update. Several users have confirmed that they can now go back to the older and much better version of the tool. The older version of the app is available to all TweetDeck users here at Android Headlines as well. The company hasn’t officially announced anything, though.

TweetDeck, which can be called Twitter on steroids, offers advanced features that cater to the needs of power users. It’s an official Twitter tool. The company has been working on a big overhaul of the tool since July 2021, and it finally debuted last week. But the update came with a huge limitation. Twitter made it paid feature that users can unlock with a Twitter Blue subscription. Free users could only try it for a month.

Worse yet, many people didn’t like the updated version. Meanwhile, Twitter removed its legacy APIs, breaking the older TweetDeck interface. This forced everyone to the new interface. Thankfully, the company has restored those APIS, and the age-old and much-loved TweetDeck is back. You can go into your TweetDeck Account settings, select the TweetDeck version, and switch back with ease.

Twitter even lets you opt out of the new TweetDeck. Unfortunately, this may be a temporary reversal that the company made to fix some internal issues. That’s because it hasn’t officially announced this change. We have little hope that it would allow users to continue using the older TweetDeck when the new version is here with a paywall. Nonetheless, as long as it’s here, you can use it.

The latest API changes from Twitter also restore third-party apps

Earlier this year, Twitter banned third-party apps citing API rules. It blocked free access to its legacy APIs, effectively rendering those apps unusable. But the latest API changes from the company seem to have restored the apps. Roberto Doering, the developer of a third-party Twitter app called Harpy, recently discovered that switching to the “old v1 API” gets the app working again (via The Verge).

However, this doesn’t mean they will maintain Harpy again. Twitter is likely to close doors to its legacy APIs again, so there is no point wasting resources on it. The company said last week that it removed legacy APIs to block tech companies from scraping its data to train AI models. Due to this very reason, it also imposed a limit on the number of tweets users can see in a day. Twitter says it’s a temporary measure but hasn’t confirmed when the limits will be lifted.


[ad_2]
Source link

Revolut looses $20 million in a major cyberattack

andreasc
-
0
Revolut looses $20 million in a major cyberattack
[ad_1]

Over the past few years, it’s no surprise that threat actors have ramped up their efforts to infiltrate companies and gain unauthorized access. Now, in a recent development, Revolut has reportedly fallen victim to a significant cyberattack, resulting in a loss of over $23 million in company funds.

As reported by the Financial Times, the threat actors exploited an undisclosed vulnerability in Revolut’s payment systems, which allowed them to take advantage of discrepancies between the company’s U.S. and European systems. By exploiting this bug, anyone could initiate a transaction that would later be declined, prompting Revolut to issue a refund for the money that was never transferred.

How did the attack work?

Although the exact details remain unknown since the company hasn’t released specific information about the vulnerability to avoid potential copycat attacks, the attack did not involve malware. Instead, cybercriminals encouraged people to make expensive transactions, knowing that the company would decline them, thus paving the way for a refund. The threat actors then withdrew the cash from ATMs.

However, it is important to note that the bug was first discovered in late 2021, but before Revolut could address it, organized criminal groups took advantage of the situation. And although the company has made efforts to recover some of the funds by tracing and pursuing those who withdrew cash, the incident still caused a net loss of around $20 million for the company.

Going forward

While the company’s lack of efforts in addressing a two-year-old security vulnerability raises some serious concerns, Revolut has launched an active investigation to catch the perpetrators behind the cyberattack. Moreover, the company will also undergo a comprehensive security review and implement additional measures to prevent future breaches.

However, this attack once again highlights the ever-growing importance of implementing robust security practices for companies. This includes regularly patching and updating systems and implementing stringent security measures to protect against emerging threats.


[ad_2]
Source link
1...1,0991,1001,101...1,476Page 1,100 of 1,476