Pure Storage Data Breach Following Snowflake Hack

andreasc
-
0
Pure Storage Data Breach Following Snowflake Hack
[ad_1]

Pure Storage has confirmed that a third party temporarily gained unauthorized access to a Snowflake data analytics workspace.

This workspace contained telemetry information used by Pure Storage to provide proactive customer support services.

The exposed data includes company names, LDAP usernames, email addresses, and the Purity software release version number.

Incident Details

Following a thorough investigation, Pure Storage revealed that the compromised workspace did not contain sensitive information such as passwords for array access or any data stored on customer systems.

The company emphasized that such information is never communicated outside of the array and is not part of telemetry data.

Consequently, the telemetry information cannot be used to gain unauthorized access to customer systems.

Pure Storage swiftly blocked any further unauthorized access to the compromised workspace.

The company has also reported no evidence of unusual activity on other elements of its infrastructure.

Analyze any MaliciousURL, Files & Emails & Configuration With ANY RUN Start your Analysis

Pure Storage is actively monitoring its customers’ systems and has not detected any unusual activity targeting their Pure systems.

Customer Communication and Assurance

Pure Storage is in contact with affected customers, who have reported no unusual activity targeting their systems.

The company has engaged a leading cybersecurity firm to conduct a preliminary investigation, which has validated Pure Storage’s conclusions regarding the information in the compromised workspace.

Pure Storage remains committed to providing timely and transparent updates to its customers.

The company will continue to monitor the situation closely and, as necessary, use its communication channels to provide important updates.

While the breach has raised concerns, Pure Storage’s prompt response and ongoing monitoring efforts have helped mitigate potential risks.

The company reassures its customers of its dedication to maintaining the security and integrity of its systems.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo


[ad_2]
Source link

HTC U24 Pro is official, and it’s not a high-end phone, as expected

andreasc
-
0
HTC U24 Pro is official, and it’s not a high-end phone, as expected
[ad_1]

The HTC U24 Pro has been announced by the company. Not many people expected it to be a high-end phone, as its processor surfaced not long ago, and that turned out to be true. This is a mid-range smartphone.

The HTC U24 Pro is official with mid-range specs

Having said that, it does seem like a really good mid-range offering, at least on paper. Before we get down to specs, let’s take a look at its design. The phone has a curved display with thin bezels and a centered display camera hole.

Its back side is proportionally curved to the front, while there’s glass on the back. Three cameras sit in the top-left corner of the phone’s back. The thing is, two are separated under one camera island, while the third one sits below them.

The HTC U24 Pro has a matte texture so that it’s less prone to fingerprints. HTC also once again used the so-called ‘double-sided corner design’, which make the phone easier to grip and use.

The Snapdragon 7 Gen 3 processor fuels this handset

The Snapdragon 7 Gen 3 processor fuels this handset. That is Qualcomm’s mid-range 4nm chip, so a rather modern chip. A 6.8-inch fullHD+ (2436 x 1080) OLED display is included here. It supports a 120Hz refresh rate and the Gorilla Glass Victus protection.

HTC included 12GB of LPDDR5 RAM inside of this phone. Users can choose between 256GB and 512GB of UFS 3.1 flash storage here, while the storage is expandable via a microSD card.

Android 14 comes pre-installed, while there are two SIM card slots here. An audio jack is also included, a fingerprint scanner sits under the display. The phone is also IP67 certified for water and dust resistance.

A 4,600mAh battery is included, while 60W charging is supported

A 4,600mAh battery is included here too. The phone supports 60W wired charging, along with 15W wireless charging. Reverse wireless charging is also on offer here, 5W charging. The phone does support 5G, while Bluetooth 5.3 is also on offer.

There is a 50-megapixel main camera (f/1.88 aperture, OIS, EIS) is backed by an 8-megapixel ultrawide unit (f/2.2 aperture). A 50-megapixel telephoto camera (2x optical zoom, f/2.2 aperture) also sits on the back. A 50-megapixel selfie camera (f/2.45 aperture) is also a part of the package.

The HTC U24 Pro could stay exclusive to HTC’s homeland

The HTC U24 Pro measures 167.1 x 74.9 x 8.98mm, while it weighs 198.7 grams. The phone comes in Space Blue and Twilight White color options. It is priced at 18,990 Taiwan dollars, which translates to $586, for the 256GB storage option. The 512GB storage model is a bit more expensive. Chances are this phone will remain exclusive to Taiwan, but we’ll see.


[ad_2]
Source link

Google Meet add-ons are coming to Android devices

andreasc
-
0
Google Meet add-ons are coming to Android devices
[ad_1]
After making them available on desktop devices, Google announced that Meet add-ons are finally coming to Android phones and tablets. This means that Android users can now install and use third and first-party apps directly from within the Meet app.

Android users can find Meet add-ons in the Activities panel, along with features like polls and Q&A. Keep in mind that desktop add-ons that aren’t available on mobile will be categorized as “Unavailable.”

Google announced that visibility of all add-ons is controlled by a dedicated setting, which has separate toggles for the visibility of Google add-ons and featured third-party add-ons. Admins can review their configuration by heading to Apps / Google Workspace / Settings for Google Meet / Meet video settings.
Add-ons can be found in the Activity panel, Credits - Google - Google Meet add-ons are coming to Android devices

Add-ons can be found in the Activity panel, Credits – Google

It’s also important to mention that the setting handles add-on availability for both the desktop and Android app, which means that how the setting is configured will determine what types of add-ons users will see.

If you’re an end user, you don’t have to do anything. Your admin must configure your experience, which means you may or may not be able to access add-ons in Google Meet with your Android device.

According to Google, this feature is rolling out right now and it will take up to two weeks to reach everyone. However, “Scheduled Release domains” won’t get it until June 24-27. The search giant confirmed add-ons should be available to all Google Workspace customers.

[ad_2]
Source link

Upgrade Your PHP Installations for A Critical RCE Flaw Patch

andreasc
-
0
Upgrade Your PHP Installations for A Critical RCE Flaw Patch
[ad_1]

Researchers have discovered a serious remote code execution vulnerability affecting PHP installations. As observed, this RCE flaw threatens Windows systems, thus requiring an immediate patch with the latest PHP versions.

A Simple PHP RCE Flaw Poses Severe Threat to Windows Servers

Sharing the details in a blog post, DEVCORE researchers warned users of the remote code execution (RCE) flaw in PHP that risks Windows servers.

The vulnerability is basically a bypass for a previously patched flaw, CVE-2012-1823. First reported in 2012, this 12-year-old vulnerability affected the PHP-CGI query string parameter. An unauthenticated adversary could exploit the flaw for various malicious purposes, including triggering a denial of service, viewing source code, and executing arbitrary codes. Describing the vulnerability, the advisory read,

When PHP is used in a CGI-based setup (such as Apache’s mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.

Upon discovery and bug report, the vulnerability received a fix with PHP versions 5.4.3 and 5.3.13.

However, after over a decade, DEVCORE researchers found that bypassing the patch remains possible, allowing RCE attacks. This bypass became possible due to Windows’ Best-Fit feature of encoding conversion. An adversary could enter specific character sequences to execute arbitrary codes via argument injection attack.

While DEVCORE researchers haven’t shared more details, watchTowr’s blog post elaborates on it alongside sharing the exploit. They even called it a “nasty bug with a very simple exploit.”

Patch Your Systems Now

The new vulnerability, CVE-2024-4577, affects almost all existing PHP versions, receiving a fix with PHP versions 8.3.8, 8.2.20, and 8.1.29, respectively. Typically, the researchers found Windows-based PHP installations running in the Chinese (traditional and simplified) and Japanese locales and all XAMPP installations vulnerable. Nonetheless, they believe that the flaw might also impact other locales.

Hence, users running PHP versions 8.3.x, 8.2.x, and 8.1.x earlier than the patched releases must upgrade their systems immediately to receive the fix. Besides, where an immediate system upgrade isn’t feasible, researchers advise users to deploy mitigations described in their advisory.

Let us know your thoughts in the comments.


[ad_2]
Source link

Google is killing the Fitbit web dashboard, replaces it with mobile app

andreasc
-
0
Google is killing the Fitbit web dashboard, replaces it with mobile app
[ad_1]
Google announced that effective July 8, 2024, the Fitbit.com dashboard will be replaced with the Fitbit app. Basically, this means that the web browser will no longer offer access to the web dashboard, so Fitbit users will have to fully rely on the mobile app when for tracking and management purposes.

We launched Fitbit with the Fitbit.com web dashboard to offer users a new way to interact with and log their data. Since then, we introduced the Fitbit app, a robust health and wellness app that includes the features users love about our Fitbit.com web dashboard and many other features that were exclusively developed for the app.

According to Google, the data and features of the Fitbit.com dashboard are available in the Fitbit app, but that is simply not true. There are plenty of features that many owners of Fitbit smartwatches are using right now on the Fitbit.com web dashboard that aren’t present in the mobile app.

For instance, you can’t keep track of the calories left to eat based on activity. Also, you can’t create meals or add a missed workout, just like you can’t see any pace charts. These are just some of the features that the Fitbit web dashboard offers to its users and the mobile app doesn’t.

Unfortunately, it’s unlikely that Google will add these features to the mobile app or even improve it to a point that’s actually useful, so our advice is to switch to another smartwatch brand (i.e. Garmin).

Now, there’s a workaround that still allows users to access the Fitbit.com dashboard, even though visiting the web page redirects them to a page that advises them to download the mobile app on their Android or iOS device.

Just below the links that send you to the mobile app on the App Store and Google Play, there’s another link that sends you to the web dashboard. Make sure to click the “If you miss the old look, head over to the browser view” link and you should be able to access the Fitbit.com web dashboard (see picture above).

The issue is that we don’t know how long this will remain live. It’s possible that Google will completely remove it on July 8, so think of it as a temporary solution.


[ad_2]
Source link

Microsoft Urged Windows Admins To Patch For MSMQ RCE Flaw

andreasc
-
0
Microsoft Urged Windows Admins To Patch For MSMQ RCE Flaw
[ad_1]

Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver.

The CVE for these vulnerabilities has been assigned with CVE-2024-30080 and CVE-2024-30078

The severity for these vulnerabilities was given as 9.8 (Critical) and 8.8 (High), respectively.

However, Microsoft has released patches and security advisories to address these vulnerabilities.

Both of these vulnerabilities were credited to Cyber Kunlun.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

CVE-2024-30080: Microsoft Message Queuing (MSMQ) RCE

This vulnerability exists due to a Use-After-Free condition in Microsoft Message Queuing that could allow an authenticated threat actor to execute remote code on a vulnerable system. 

However, to exploit this vulnerability, the threat actor must send a specially crafted malicious MSMQ packet to an MSMQ server, which will execute remote code on the server.

This vulnerability existed in multiple Windows Server and Windows OS versions, including Windows Server 2008, 2012, 2016, 2022, Windows 10 22H2, 21H2, and Windows 11 21H2, 22H2, and 23H2. Microsoft has categorized this vulnerability as (Critical).

CVE-2024-30078: Windows Wi-Fi Driver RCE

This vulnerability exists due to improper input validation, which could allow an unauthenticated threat actor to send malicious networking packets to an adjacent system consisting of a Wi-Fi networking adapter, resulting in remote code execution on the system.

However, to exploit this vulnerability, a threat actor must be within the target system’s range to send and receive radio transmissions.

This vulnerability also existed in multiple Windows products, including Windows Server 2019, 2022, 2008, and 2012, and Windows 10 22H2, 21H2, and Windows 11 21H2, 22H2, and 23H2.

Users of these products should upgrade their Windows to the latest versions to prevent threat actors from exploiting these vulnerabilities.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 


[ad_2]
Source link

Google Meet update brings Material 3 design, more visual changes coming next year

andreasc
-
0
Google Meet update brings Material 3 design, more visual changes coming next year
[ad_1]
Google is trying to streamline the in-call experience in Meet by rolling out a new design that modernizes and improves the app on the surface. The so-called Material 3 Design System is now rolling out to Google Meet users across the globe, but this is just the first update that improves the look and feel of the app.The search giant announced that it will continue to release updates over the course of the next year, which will not only bring design improvements, but it will also make it easier for Google Meet users to discover and access meeting features quicker and in a more intuitive way.

This week’s update specifically changes the lower of in-call controls in Meet. As seen in the picture below, the controls now feature refreshed colors and dynamics shapes to highlight when the user is muted or when the controls are active.

As pointed out by Google, these are just visual changes, so no functionality has been added or removed. Google Meet users should be able to see the changes in this update while using the app on the web and picture-in-picture mode.

The changes are also visible when using Meet within other apps like Docs and Slides, as well as when watching a live stream from a browser and using meeting room hardware within conference rooms.

The new design is rolling out starting today, but it will take around two weeks to reach everyone. According to Google, the changes will be available to all Google Workspace customers and users with personal Google accounts.


[ad_2]
Source link

YouTube rolls out the ability to let audiences choose the right video thumbnail

andreasc
-
0
YouTube rolls out the ability to let audiences choose the right video thumbnail
[ad_1]
YouTube has just announced the Thumbnail Test & Compare functionality is now rolling out to all creators with access to advanced features. The deployment will continue over the coming weeks, so be patient if you don’t see the feature yet in the YouTube Studio segment of the app.

As the name suggests, the new feature allows YouTube creators to upload up to three video thumbnails to test with viewers to help pick a winner. Once the thumbnails are uploaded, YouTube will show them evenly across a video’s viewers, and then select a winning thumbnail based on which one generates the most watch time share.

However, YouTube says that it may take a few days or up to two weeks to get finalized results from the uploaded thumbnails. This is affected by a wide range of factors including the amount of impressions videos get and how different the thumbnails are.

When the test is complete, YouTube creators should see a “Winner” label, especially if a thumbnail clearly outperformed the other ones. If there’s no clear winner, the first thumbnail will be selected and shown to the audience.

If you’re a YouTube creator, keep in mind that this test is optional, which means that regardless of test results, you can always manually select the video thumbnail you want to use even if it wasn’t the winning option.
Video Thumbnail

Unfortunately, this is only available on YouTube Studio on a computer, although YouTube says that it will explore the possibility of bringing it on mobile devices. It’s also important to mention that creators can only test thumbnails on public long-form videos, live stream archives saved as videos, or on podcast episodes.

Also, it’s not possible to test thumbnails on videos that are set as for “Made for Kids,” videos made for mature audiences, or on private videos.

YouTube creators can make sure they can use this feature by going to the “Feature eligibility” section in the channel setting in Studio and checking if they see “Enabled” next to the “Advanced features” section.


[ad_2]
Source link

Pixel Fold 2 and Pixel 9 case renders show likely designs

andreasc
-
0
Pixel Fold 2 and Pixel 9 case renders show likely designs
[ad_1]

The Pixel Fold 2 and Pixel 9 have shown up in a few renders from a case manufacturer, detailing what both phones will probably look like from a design standpoint. It’s worth pointing out that this isn’t the first time that these phones have shown up in renders. Both devices have appeared in leaked CAD renders before. The main difference here is that the renders are coming from a case manufacturer so you can see what those cases look like while on each device.

However, they still add to the evidence that these are likely the final designs for Google’s upcoming devices. The renders come from accessory manufacturer Thinborne (spotted by GizChina). Thinborne will be releasing at least one case type for these phones – a ‘Thin case’ using 600D Aramid Fiber with MagSafe compatibility. In addition to the designs popping up again, Thinborne also appears to be suggesting multiple variants of the Pixel 9.

The Pixel 9 case renders point to three different models

It was expected that Google would release a new Pixel 9 standard and a Pixel 9 Pro. It’s been doing this with the last three generations of Pixel phones since the Pixel 6. But new details on Thinborne’s shop page for Google cases suggest Google will also be releasing a “Pixel 9 Pro XL” model.

Google used to use “XL” in the name of its Pixel devices but stopped after the Pixel 4 series. With the Pixel 5, it only released the standard model before launching the Pixel 5a as the more budget-friendly option. Then with the Pixel 6, it swapped the XL label for the Pro label. This sort of made more sense given the additional features and the larger screen. Whereas XL really only suggested the larger screen.

It seems Google may be moving back to including an XL model for its phones. However, it isn’t quite clear if that is accurate. Or what the differences between the Pro and Pro XL might be if Google is indeed releasing both in addition to the standard Pixel 9. It is worth reiterating that the Pixel 9 Pro XL rumor has popped up before as well. So this is just additional evidence that it may be coming.

Google Pixel Fold 2 Thinborne case


[ad_2]
Source link

Testing of Android 15’s automatic theft detection begins in Brazil

andreasc
-
0
Testing of Android 15’s automatic theft detection begins in Brazil
[ad_1]

Google has begun testing Android 15’s automatic theft detection features, starting from Brazil. Smartphone theft is one of the major concerns in many countries including Brazil where approx. 2 phones get stolen per minute. That’s why Google tapped into Brazil as its initial ground for testing the automatic theft detection features it announced at the I/O conference last month.

Google begins testing of Android 15’s automatic theft detection feature in Brazil

The automatic anti-theft features fall under the umbrella of larger privacy and security improvements Google is planning with Android 15. Not to forget, there are some other features too like a password-locked vault which Google calls “private space.” The name itself speaks for its function, users can use it to keep their sensitive data safe and secure. However, the theft detection feature for Android that has undergone testing in Brazil as a part of Android 15 is a bit different.

The anti-theft detection feature has its Google-version name, the company terms it as “Theft Detection Lock.” So, you must be wondering what goes behind this security feature that tackles smartphone theft, right? First of all, the automatic theft detection feature uses Google’s AI. Using artificial intelligence, the new anti-theft feature detects if someone has snatched your phone from your hand. And, if the feature determines the movement associated with theft, it will immediately lock the device’s screen.

Different sensors in your Android smartphone help determine if there’s any theft attempt

One must be wondering how the automatic theft detection feature can detect all the movement and stuff. Well, all that is possible, thanks to different sensors in your Android smartphone like a gyroscope and accelerometer. Based on the changes in the smartphone’s positioning and motions, Google’s algorithm can predict that the device has been snatched.

That said, there’s another possibility to it as well. In addition to relying upon smartphone sensors, the feature can also detect theft attempts if someone tries to use the device in a different network altogether. Lastly, the new anti-theft feature is available for beta testing in Brazil.

Android 15 automatic theft detection feature
Image credit: Google Brazil

[ad_2]
Source link
1...139140141...1,471Page 140 of 1,471