BBC affected by malware gang attack

andreasc
-
0
BBC affected by malware gang attack
[ad_1]

A cyber attack against document transfer app MOVEit has resulted in data breaches of several high-profile UK organizations and businesses. Those affected includes the British Broadcasting Company (BBC), health and beauty retailer Boots and UK-based airline British Airways. 

The attack involved the exploitation of a critical vulnerability in MOVEit’s infrastructure which allows malicious actors to break into company networks and steal data. The vulnerability was flagged by security researchers and the US government on June 1. The US Cybersecurity and Infrastructure Security Agency (CISA) urged all MOVEit clients to check for indications that malicious actors had gained unauthorized access to their networks over the past 30 days and to download and install the software patch released by MOVEit to address the issue. 

On June 5, payroll provider Zellis issued a statement that its third-party provider, MOVEit, had been the victim of a cyber attack, leading to data breaches for some of its customers. Zellis’ customers include a number of high-profile companies such as Dyson, Harrods, Sky, Land Rover and Jaguar. According to Zellis, however, only a “small number of [its] customers [were] impacted by this global issue”. 

Once Zellis became aware of the attack, the company disconnected its server that utilizes MOVEit software and engaged an external cyber security company to conduct a forensic investigation into the cyber attack and to further monitor its systems. The Information Commissioner’s Office (ICO), the Data Protection Commission (DPC) and the National Cyber Security Center (NCSC) in both the UK and Ireland have also been contacted regarding the cyber security incident.

The attack against MOVEit was allegedly carried out by ransomware gang Clop. Clop ransomware was first identified in February 2019. The gang has appeared to be getting more active in the past few months, with more victims’ details posted to the Clop malware leaks site, including a cyber attack carried out against cyber security company Fotra GoAnywhere.


[ad_2]
Source link

KeePass Vulnerability Could Expose Master Password In Plaintext

andreasc
-
0
KeePass Vulnerability Could Expose Master Password In Plaintext
[ad_1]

The popular password manager KeePass had a severe security vulnerability exposing users’ master passwords in cleartext. Following the bug report, the service patched the flaw with the subsequent KeePass release, along with numerous other feature upgrades.

KeePass Vulnerability Could Leak Master Passwords

A security researcher with alias “vdohney” found a serious security issue affecting the KeePass password manager. Specifically, exploiting the vulnerability could let an adversary to gain access to KeePass master passwords in plaintext.

As explained in the researcher’s bug report, the default KeePass settings could allow a user to extract the master password from the process memory dump. Executing this activity didn’t require code execution, nor did it receive any impact from the memory source.

Given a process memory dump, I am able to reconstruct the master password. It doesn’t matter whether the workspace is locked or not, it works regardless. The memory source also isn’t important – for example, it can be a pagefile (swap) or the hibernation file. No code execution is needed, just the memory alone.

Also, the security flaw would remain there even after locking the workspace. The researcher noted this phenomenon as violating KeePass’s claim to close the database file after locking the workspace.

Specifically, the issue existed with the SecureTextBoxEx class. After a user typed the KeePass master password, the tool would expose the master password characters in leftover strings.

Alongside sharing the details in the report, the researcher also demonstrated the flaw (CVE-2023-32784) in the proof-of-concept shared on GitHub.

KeePass Patched The Flaw

While the vulnerability seemed severe, interestingly, it didn’t affect passwords when pasted from the clipboard. Instead, it only worked with passwords typed manually. (Though, copying passwords and leaving them on the clipboard is another bad security practice.) Also, the vulnerability didn’t expose the first character of the master password but rather the following characters only.

Nonetheless, to eliminate any security risks, Dominik Reichl, KeePass’ creator and developer, addressed the issue with the latest release. As explained in his response to vdohney, KeePass now uses the Windows API functions for “getting/setting the text of the text box” instead of creating managed strings. Also, the tool now creates dummy fragments in the process memory to prevent determining the correct fragments.

The developers released these fixes with KeePass version 2.54. Besides this bug fix, the new password manager version includes several improvements and feature upgrades.

Some noteworthy changes include the storage of Triggers, global URL overrides, password generator profiles, and other settings to the enforced configuration file, adding a dialog with the “Enforce Options” setting, and enhancing the Export confirmation dialog boxes.

Now that both the vulnerability PoC and the respective patch have arrived publicly, all KeePass users must update their devices immediately with the latest KeePass releases to remain safe from potential attacks.

Let us know your thoughts in the comments.


[ad_2]
Source link

Hublot intros a $5,400 smartwatch with Wear OS 3

andreasc
-
0
Hublot intros a $5,400 smartwatch with Wear OS 3
[ad_1]

 

Hublot has announced yet another ultra-expensive smartwatch, this one costs $5,400, and it comes with Wear OS 3 pre-installed. The watch is called the Hublot Big Bang E Gen 3, which is a mouthful.

The Hublot Big Bang E Gen 3 is a $5,400 Wear OS smartwatch

Hublot kicked off this smartwatch series in 2020, and this is the latest offering. This is a 44mm watch, and it’s built using “microblasted and polished ceramic”, as the company wanted to achieve a textured look. Ceramic is well-known for its durability, and it is also considered a premium material in today’s tech products.

This is a circular smartwatch, with a button on the right-hand side. That button doubles as a rotating crown, and it does protrude quite a bit. The watch comes in black and white colors, as you can see in the provided images.

The Snapdragon Wear 4100+ SOC fuels this smartwatch, which is a bit surprising. That SoC is quite dated at this point, and we expected to see something newer on the inside, especially considering the price tag. The Snapdragon W5+ would be nice to see.

It has all the sensors you’d expect

You will get a heart rate monitor here, an accelerometer, a gyroscope, an ambient light sensor, and more. Bluetooth is also a part of the package, of course, as is Wi-FI connectivity, an NFC chip, and a GPS module.

There is a 1.39-inch 454 x 454 AMOLED screen included on the front here. That display has a 327 PPI, and it’s protected by ‘sapphire crystal’. There are 11 digital watch faces included here.

The Hublot Big Bang E Gen 3 is water resistant (it’s 3 ATM rated), but don’t go swimming with it. A 400mAh battery is also included here, and considering what SoC the company used here, and that battery capacity, this smartwatch will hardly go over a day’s worth of battery life. We do hope Hublot manages to surprise us, though.

This watch comes in two color variants

A rubber strap is also included in the package, with a ‘One Click’ system from Hublot. The black variant is officially called ‘Black Magic’, while the white one has a ‘White Ceramic’ name.

The Hublot Big Bang E Gen 3 is already available to purchase in the US. You’ll have to part with $5,400 in order to get it, though.

Buy the Hublot Big Bang E Gen 3 (Hublot)


[ad_2]
Source link

Apple announces ‘NameDrop’ feature for contact information sharing

andreasc
-
0
Apple announces ‘NameDrop’ feature for contact information sharing
[ad_1]

Apple had plenty to say during WWDC 2023. During the conference, it announced its much-rumored headset, the Apple Vision Pro, along with a new version of its smartwatch OS, while it also talked about iOS 17. Apple actually announced some new features for iOS 17 and its apps, and one such feature is ‘NameDrop’, a feature for contact information sharing.

‘NameDrop’ is a feature Apple announced during WWDC, and it’s here for contact information sharing

Do note that this feature will also work on the Apple watch, though, so it’s not exclusive to iOS. This feature will become available this fall, along with a new iOS version, iOS 17.

NameDrop is basically an extension of AirDrop, in a way. AirDrop allows you to share files with other Apple devices, while NameDrop will do the same things, but with contact information.

So, how does this work exactly? Well, all you have to do is bring two iPhones close together, and voila. Your personalized ‘Contact Posters’ and phone numbers will be transferred in a two-way transfer.

It is also worth noting that iOS 17 will allow you to share files by just putting two iPhones together. Moreover, the transfer won’t stop when you leave the AirDrop range. It will continue over the Internet, so you won’t have to worry about it.

You’ll also be able to bring two iPhones together to listen to music, watch a movie & play a game

Apple also said that you’ll be able to bring two iPhones together to listen to music, watch a movie, or even play a game using SharePlay. The company obviously wanted to make things as simple as possible.

This software update will be coming in the Fall, as a software update for a bunch of iPhones. All iPhones from iPhone Xs and later will get the update. The upcoming iPhone 15 series devices will ship with iOS 17 out of the box, of course. We still don’t know the exact launch date, though.


[ad_2]
Source link

A week in security (May 29 – June 4)

andreasc
-
0
A week in security (May 29 – June 4)
[ad_1]

Last week on Malwarebytes Labs:

Stay safe!

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Android 13 is now installed on 14.7% of active devices

andreasc
-
0
Android 13 is now installed on 14.7% of active devices
[ad_1]

The latest Android distribution numbers are in. Google stopped sharing such numbers as it did before, but we can still check them out thanks to the Android Studio. Android 13 is now installed on 14.7% of active devices.

Android 13 is now installed on 14.7% of active devices

That number rose since the last time we talked about Android OS distribution numbers, but Android 11 is still leading the pack. Now, do note that these numbers are based on devices connected to the Play Store during a given seven-day period, hence the reference to ‘active devices’.

Android 13 was installed on 12.1% of active devices in April, while that number jumped to 14.7% in June. Android 12, 11, and 10 have all seen slight declines, but Android 11 is still leading the pack.

Android 11 is currently installed on 23.1% of active devices worldwide. What is interesting from these numbers, is that Android 8.0 Oreo is the only other version of Android (other than Android 13) that grew from April to June. It grew from 6.7% to 8.3%, for whatever reason. Compared to January, however, this is also a decline, as it held 9.5% of the market in January.

June 2023 Android distribution numbers

Apple also shared its iOS distribution numbers recently

Apple did share its iOS distribution numbers recently, in case you’d like to check those out. There’s really no point in comparing the two, as Apple releases updates for its devices only. Google releases Android for tons of devices worldwide, and it’s up to OEMs to adapt and upgrade their offerings.

Having said that, the Android 14 launch is not that far away at this point. The Pixel 8 series will ship with Android 14 out of the box later this year. Those devices are expected to launch in October.

Android 13 will certainly see further growth before Android 14 lands, though we’re not expecting huge changes in the coming months.


[ad_2]
Source link

Apple announces some neat additions with iPadOS 17

andreasc
-
0
Apple announces some neat additions with iPadOS 17
[ad_1]

Apple just held its WWDC event, and it announced some new and exciting stuff for Apple users. Among the announcements, Apple announced some new features that are coming to iPadOS 17. This wasn’t the biggest update to the operating system, but there are some neat additions.

At Android Headlines, we have other coverage of what was announced during WWDC. If you are curious about what was announced, you can check it out on AndroidHeadlines.com. There was a lot of neat stuff announced, so you might want to check it out.

Apple announces new the new features coming with iPadOS 17

Widgets have been around for a while, but they are still relatively new for Apple products. The company introduced them a while back for iPads, but they were mostly only for showing you information. With iPadOS 17, you will be able to actually interact with your widgets. You will be able to set tasks as complete on to-do list widgets, set timers using timer widgets, Etc.

Another neat addition is the implementation of the lock screen customizations on iOS. With them, you can adjust the overall aesthetic of your iPad’s lock screen. Also, you can even add widgets onto your iPad’s lock screen.

If you’re looking for insight into your health, Apple is introducing a health app for iPadOS. You’ll be able to view your health across the iPad, iPhone, and Apple Watch. All the information is synced up, so you’ll be able to view your health in real-time.

If you’re looking for productivity features, then these will appeal to you. First off, the iPad will use AI technology to detect text fields inside of PDFs. You will be able to use autofill to fill out PDFs if you need to.

Speaking of PDF files, there’s a new addition coming to the Notes app. You will be able to view PDF files inside the Notes app. They will sit in their own little section in the app. Users are able to annotate and mark up PDF files right in the Notes app.

Also, users are able to collaborate in real-time using the notes app. Two people can edit the same note at the same time using two different iPads. The changes will show up simultaneously on both iPads as they work.

These are some great additions to the software, and they will definitely boost your iPadOS experience. If you want to read the full list of new features, you can check out the full press release here.


[ad_2]
Source link

5 unusual cybersecurity tips that actually work

andreasc
-
0
5 unusual cybersecurity tips that actually work
[ad_1]

It’s time to shake off that special feeling, start lying, forget everything you’ve been told about passwords, spin up a million email addresses, and start throwing away computers for fun.

So, you’re on top of your software updates, you use a password manager, you’ve enabled two-factor authentication wherever you can, you’ve got BrowserGuard installed, and you’re running Malwarebytes Premium.

If you’re doing all of that you’re already winning at security. But you want more, because you know that security is a journey and not a destination, and, let’s face it, you’re reading an article about five unusual cybersecurity tips: You’re hooked.

It’s time to innovate and get weird. It’s time to shake off that special feeling, start lying, forget everything you’ve been told about passwords, spin up a million email addresses, and start throwing away computers for fun.

It’s time for five unusual cybersecurity tips that actually work:

1. Lie

Generally speaking, the fewer pieces of data you hand out, the safer you are. If a site is asking for data you don’t want to share, remember: Sometimes it’s OK to lie.

If a site wants a phone number and you don’t want them to call you, fake it. (00000000000 is surprisingly effective.) If the site won’t accept your made up number, don’t worry. Lists of fake numbers that look right for your country but don’t work are a short Google search away. It works for other data too, even fake credit card numbers—you won’t be able to buy anything with one, but neither will anyone who steals it.

2. Stop thinking you’re special

Everyone is a star in their own story, so when we unexpectedly get a message from a lonely young Russian lady who’s recently moved to our town, a Nigerian Prince promises us riches, “Keanu Reeves” follows us on Instagram, or we stumble upon the crypto-opportunity of a lifetime, our exceptionalism can kick in.

If it happened to somebody else, we’d be sceptical, but when it happens to us…well, we had a feeling our luck was about to turn! Burst that bubble. If something looks too good to be true, it isn’t because you’re special, it’s because it IS too good to be true. Sorry.

3. Forget strong passwords

For years you’ve been told to make unreadable passwords with a of mix uppercase letters, lowercase letters, and wacky characters. That is still important, but reusing passwords over and over again is actually much worse than having lots of different, weaker, passwords.

If a thief can steal your password from anywhere, they will try to use it everywhere, and if the same password works everywhere, you’ve lost everything. Your goal should be to create a new password for each service you use. Focus on simply avoiding really awful passwords, like “password” or “12345”, and save the unreadable passwords for things that really matter, like your bank.

4. Use endless email addresses

Look at your inbox for a few minutes and you’ll probably start to wonder “how did they get my email address?” In between the messages from friends and colleagues, and the newsletters you signed up for but never read, there is always a smattering of speculative nonsense from people who have no business using your email address.

One way of getting on top of that problem is to use different email address for each account you sign up for. Apple will do this for you with its Hide My Email feature, and if you use Gmail you can just add a “+” to the name part of your address followed by anything you like, e.g. john.doe+malwarebytes@gmail.com.

Each unique address should only get messages from the site where you used it. If any other sites use it, you know that your data has been leaked, stolen or sold. If that happens, block the email address and consider closing your account on that site.

5. Throw your computer away

If you want to say super-safe, just browse the internet using a computer with no sensitive data on it, and throw it away when you’ve finished, simple!

OK, it sounds expensive, but you can do it for free with tools like Oracle’s VirtualBox. Virtual Machines (VMs) are computers made of software instead of plastic, metal, and silicon, that run on your computer just like any other program. You can run Windows, your web browser of choice, and all your other favourite apps inside a VM, where they are totally isolated from your real computer.

Like trips to Vegas, whatever happens on a VM stays on a VM. And because VMs can be cloned, rolled back, or destroyed with a mouse click, if anything bad happens on yours you can simply trash it and start a new one.

If you’ve got an unusual cybersecurity tip, we’d love to hear it. Leave it in the comments below.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

‘Panels’ is a deeply customizable sidebar app

andreasc
-
0
‘Panels’ is a deeply customizable sidebar app
[ad_1]

I’ve been using sidebar apps for years, from time to time. Recently, I stumbled upon an app called ‘Panels’, and decided to give it a go. Fast forward a couple of weeks, and the app basically managed to surprise me… in a good way.

‘Panels’ is a deeply customizable sidebar app for Android

Think of ‘Panels’ as a clear canvas sidebar app that you can call upon in a way you want, on any screen. For example, my trigger is located in the bottom right portion of the display, but on the right side, not the bottom, due to navigation gestures.

I set up a number of app shortcuts on my main ‘Panels’ screen, so that I can launch my favorite apps no matter what I’m doing. The second screen is my widget for financial expenses, for example, but you can set up anything you want.

Do note that the app is free, but you’re limited in terms of the number of pages you can use. If you pay up, however, you’ll be able to use over two pages or panels, once you call upon this sidebar app.

There are a number of options included here, you can be very specific with your settings

You can set it to pop up from the bottom, from the side. You can even edit how many rows and columns will it have. You’re not limited to app shortcuts, of course, you can use your favorite widgets, and more. You can even resize them to a desired size.

The developer even went as far as allowing you to change the backgrounds of your panels, mess with the font, use notification badges, and so much more. It’s really difficult to list all the options here

It’ll likely take you some time to set up this app properly for your usage, but once you do, it’s all worth it. It did improve my productivity, that’s for sure.

As the app is free, it doesn’t really cost you anything to try it out. If you’re interested, we’ve included a download link below: it’ll take you directly to the Google Play Store. You’ll also find some official screenshots in the gallery, as well as an official promo video.

Panels (Google Play Store)


[ad_2]
Source link

How to make the most of your Android phone?

andreasc
-
0
How to make the most of your Android phone?
[ad_1]

In the age of smartphones, Android devices have become an essential part of our daily lives. From communication and productivity to entertainment and shopping, our Android phones offer a vast array of features. However, are you truly harnessing the full potential of your device? In this article, we will explore some innovative and counter-intuitive tips to help you make the most of your Android phone while saving money along the way. Prepare to unlock a world of possibilities!

Embrace the Power of Automation (£100 savings per year)

One often overlooked aspect of Android phones is their automation capabilities. By utilizing apps like Tasker, IFTTT, and Automate, you can automate routine tasks and optimize your phone’s performance. Tom Church, Co-Founder of LatestDeals.co.uk, shares his thoughts on this: “Automation not only saves you time but can also save you money. By setting up automated actions, you can ensure your phone is always in power-saving mode when the battery is low, thus reducing the risk of costly battery replacements.”

Optimize Your Data Usage (£200 savings per year)

Mobile data plans can be expensive, but with a few adjustments, you can make the most out of your Android phone without breaking the bank. Disabling background data usage for non-essential apps and compressing images and videos before sharing them can significantly reduce data consumption. According to Tom Church, “Optimizing data usage is a smart move to cut down on your monthly expenses. By being conscious of your data consumption and making small changes, such as enabling data-saving modes, you can save a significant amount of money on excessive data charges.”

 Turn Your Phone into a Personal Budgeting Tool (£500 savings per year)

Your Android phone can become a valuable tool in managing your finances. Take advantage of personal finance apps available on the Play Store to track expenses, create budgets, and analyze spending habits. Tom Church suggests, “Harnessing the power of personal finance apps is a game-changer. By being aware of your spending patterns and using apps that provide discounts and coupons, you can make smarter purchasing decisions and maximize your savings potential.”

Extend Battery Life with Dark Mode (£50 savings per year)

Dark Mode is a simple yet effective feature available on most Android phones. By enabling Dark Mode, you can reduce battery consumption, ultimately saving money on repairs or replacements. Tom Church explains, “Dark Mode not only prolongs your battery life but also reduces eye strain. It’s a win-win situation. Plus, you don’t have to worry about spending extra money on battery replacements as frequently.”

Utilize Android’s Built-in Accessibility Features (£150 savings per year)

Android phones come with a range of accessibility features designed to assist users, but they can also benefit the average user in unexpected ways. Features like “TalkBack” and “Live Caption” can enhance your experience without relying on third-party apps, saving both money and storage space. Tom Church emphasizes, “Built-in accessibility features are often underrated. They provide convenience and accessibility to everyone, without the need for additional paid apps. It’s a cost-effective way to make the most of your Android phone.”

So, what are you waiting for? Take out your Android phone, start exploring these tips, and unlock a world of possibilities while saving money along the way. Embrace the power of automation, optimize your data usage, turn your phone into a personal budgeting tool, extend battery life with Dark Mode, and make the most of Android’s built-in accessibility features. Your Android phone is not just a device; it’s a gateway to a smarter, more cost-effective way of life. In the wise words of Tom Church, “Your Android phone is a powerful tool that can help you save money in ways you might not have imagined. By utilizing these innovative tips, you’ll be amazed at how much you can optimize your phone’s performance and your overall financial well-being.” Happy exploring and saving!


[ad_2]
Source link
1...1,1921,1931,194...1,471Page 1,193 of 1,471