Researchers Highlight Security Issues With Email Forwarding

andreasc
-
0
Researchers Highlight Security Issues With Email Forwarding
[ad_1]

A team of researchers has shared details about the existing security lapses in email forwarding protocols that allow email spoofing. The researchers could easily spoof domains of government, media, and other organizations.

Security Flaws In Email Forwarding

Researchers from UC San Diego, USA, Stanford University, USA, and University of Twente, Netherlands, have elaborated on the inherent security risks associated with email forwarding.

Specifically, they demonstrated the incapability of existing authentication protocols to prevent spoofing attacks.

Presently, the following three security measures exist (and are commonly used) to prevent email spoofing.

  • Sender Policy Framework (SPF): Specifies the IP addresses allowed for sending emails for a domain and the subsequent actions (such as marking spam) if an unauthorized IP address is used.
  • DomainKeys Identified Mail (DKIM): binds the email message to a sender domain via cryptographic signatures. However, it doesn’t verify the sender.
  • Domain Message Authentication, Reporting, and Conformance (DMARC): combines SPF and DKIM protocols to mitigate the underlying security issues that each fails to address separately.

These three protocols usually succeed in preventing email spoofing and spamming to a larger extent by appropriate sender authentication. However, the researchers observed that no security measures ensure the same for email forwarding.

Since such messages involve multiple parties, instead of the simple sender and recipient otherwise, verifying the sender gets tricky. Hence, spoofing sender email domains gets possible, even for trusted email sending domains, such as government IDs. That’s mostly because of the absence of a unified security measure for protecting forwarded emails, despite the ubiquity of this practice.

The attack exploited three security issues: relaxed forwarding validation, Authenticated Received Chain (ARC) implementation vulnerabilities, and abusing mailing lists. In their study, the researchers analyzed 20 different email forwarding services and could spoof prominent domains like “state.gov,” “washingtonpost.gov,” and more. They also delivered spoofed emails to popular providers like Gmail, Zoho, and Microsoft Outlook.

Recommended Mitigations

Besides demonstrating the security lapses in email forwarding, the researchers have also recommended mitigations to prevent such abuses. Specifically, they advise mailing services to disable open forwarding, which will prevent laundering, remove relaxed validation policies, and enhance mailing list security.  Moreover, they also suggest revising RFC standards, improving UI notifications, and developing robust testing tools.

The researchers have shared the details of their study in a research paper scheduled for presentation at the 8th IEEE European Symposium on Security and Privacy.


[ad_2]
Source link

FCC confirms some Moto G Stylus 5G 2023 specs, launch imminent

andreasc
-
0
FCC confirms some Moto G Stylus 5G 2023 specs, launch imminent
[ad_1]

Motorola is gearing up to launch a new stylus pen-equipped smartphone. The device will debut as the Moto G Stylus 5G 2023. Leaks and rumors have already revealed its design and a few key specs. While we still don’t have an official launch date, the phone has now surfaced on the FCC website to confirm those rumors. This also suggests the Lenovo-owned company will take the wraps off the handset sooner than later.

Moto G Stylus 5G 2023 appears on the FCC website

FCC has certified the Moto G Stylus 5G 2023 with the model numbers XT2315-1, XT2315-4, and XT2315-5, which we’ve known all along (via). The documents published by the regulatory body revealed that the handset will come in both single and dual-SIM variants and boast LTE, 5G, Bluetooth, Wi-Fi, and NFC wireless connectivity options. The device appears to get a 5,000mAh battery, unchanged from last year. Motorola may sadly limit it to just 10W of maximum wired charging speed, once again unchanged from the 2022 model.

While the listing doesn’t tell us anything more, earlier leaks have suggested that the Moto G Stylus 5G 2023 will feature a 50MP primary rear camera. In fact, a leaked render earlier this month showed “50MP” printed on the camera bump, so there’s no doubt about that anymore. Last year’s model also featured a primary rear camera of the same resolution. Elsewhere, we are expecting 6GB of RAM and 256GB of onboard storage. Motorola may offer more memory and storage configurations, though.

Motorola may be keeping most of the key specs unchanged from last year, but the upcoming handset will get a minor design shift. The Moto G Stylus 5G 2023 will replace the vertical rounded rectangular camera bump on the back with a squircle housing. We may also get only two rear cameras this time around, one fewer than the 2022 model. Additionally, the company is opting for a matte look over a glossy finish this year. The back panel is still curved while we continue to get a flat screen.

Motorola may not launch an LTE model this year

Motorola’s stylus pen-equipped smartphone came in both LTE and 5G cellular variants last year. But that may not be the case this year. The company may only launch a 5G model of the Moto G Stylus 5G 2023. That’s because last year’s LTE model came in February, while the 5G model came in April. We are almost past February now and there’s no sign of a new LTE-only Moto G Stylus. The 5G-enabled version, on the other hand, appears to be on track for an April launch. You never know unless things are official, though. We will let you know as soon as we have more information.


[ad_2]
Source link

On average, here’s how much a Samsung employee earns, annually

andreasc
-
0
On average, here’s how much a Samsung employee earns, annually
[ad_1]

Have you ever wondered what the average Samsung employee’s annual earning is? If yes, then this article will provide you with the answers that you need to quench your curiosity. The earnings reflected in this article show the average earnings of employees at Samsung’s South Korean office.

Included in the collation process to get the average figure are also execs with the South Korean tech giant. The estimate was curated by market tracker Korea CXO Institute, and it covers employee earnings from 2022. This firm relied on data it gathered from a recent audit report.

The audit not only revealed the average Samsung employee’s annual earnings, but also the company’s workforce. Over the past three years, the company has lost a good amount of workers. This has led to a sharp decline in the annual earnings of Samsung employees.

A report shares an annual earning estimate for Samsung employees

From the available report, the annual earning of Samsung employees clocks at $99,700. This is the average annual earning of the employees and execs at the Samsung headquarters. Market tracker Korea CXO Institute also says that Samsung’s sales-to-labor cost ratio decreased last year.

A total of $12 billion was spent by the South Korean tech giant on labor costs. The money was to over 113,604 Samsung workers, made up of employees and execs. This is less than what the company paid its workers in 2021 due to the shortage of workers and the reduction in labor costs.

Also, Samsung’s in-house board members earned an average of $3.3 million each. While the registered board members earned an average of $17.1 million collectively. Lastly, six outside directors at Samsung all earned a total of $532,749 last year.

Samsung also experienced a growth in their number of workers, with more people joining the workforce. Some staff members stopped working with Samsung last year, but they are fewer than those that joined. Among the new employees are some top players in their fields that will help grow Samsung’s business during their stay at the company.


[ad_2]
Source link

Hacker Claim Telecom Provider Data Stolen

andreasc
-
0
Hacker Claim Telecom Provider Data Stolen
[ad_1]
Hacker Claim Telecom Provider Data Stolen

Telus, a Canadian national telecommunications company is looking into whether employees’ data as well as the source code for the system were stolen and then sold on a dark web marketplace.

Subsequently, the threat actor published screenshots that appear to depict the company’s payroll data and private source code repositories.

“We are investigating claims that a small amount of data related to internal Telus source code and select Telus team members’ information has appeared on the dark web,” Richard Gilhooley, director of public affairs at Telus said in an email. 

“We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

EHA

Source Code, Employee Data Stolen

A threat actor offered what they claimed to be TELUS’ employee list (including names and email addresses) for sale on a data breach forum on February 17.

“Today we’re selling email lists of Telus employees from a very recent breach. We have over 76k unique emails and on top of this have internal information associated with each employee scraped from Telus’ API”, the forum post says.

The post provides what looks to be a list of email addresses for Telus employees as proof. “It isn’t known if these are the current or former staff — or even real”.

Later on Tuesday, February 21, the same threat actor published a new forum post with an offer to sell TELUS’ private GitHub repositories, source code, and payroll data.

“In the repositories are the backend, frontend, middleware [information,] AWS keys, Google auth keys, Source Code, Testing Apps, Staging/Prod/testing, and more!” says the seller’s latest post.

Forum post with TELUS sample data set
The claimed TELUS data and source code are posted in a second forum post

The seller also stated that the company’s “sim-swap-api,” which is supposed to allow attackers to conduct SIM swap attacks, was included in the stolen source code.

Despite the malicious attacker calling this a “Full breach” and stating that they will sell “anything related to Telus,” it is still too soon to say whether an event actually happened at TELUS or whether a breach at a third-party vendor actually occurred.

“It’s important to note that it’s not clear whether the data being sold is real”, commented Brett Callow, a British Columbia-based threat analyst for Emsisoft. 

“If it is real, this is a potentially serious incident which exposes Telus’ employees to increased risk of phishing and social engineering and, by extension, exposes the company’s customers to risk”. 

“The alleged exposure of the private Github repositories, supposedly including a sim-swap API, represents an additional tier of potentially significant risk.”

Network Security Checklist – Download Free E-Book


[ad_2]
Source link

Google Podcast And YouTube Music podcasts will not merge

andreasc
-
0
Google Podcast And YouTube Music podcasts will not merge
[ad_1]

We just got word that YouTube Music was going to finally bring the ability to listen to podcasts. This seems in line with the company’s ongoing push into the podcast market. However, Google announced that YouTube Music Podcasts and Google Podcasts will not merge.

Since 2021, YouTube has been working on becoming a podcasting platform. The company brought in Kai Chuck to head the podcasting venture, but it took a while before we could see anything come to light. Last year, YouTube unveiled a podcasts page that showed you recommended podcasts based on what’s popular and your watch history.

Recently, we just got the news that YouTube was going to bring podcasts to YouTube Music. That’s not altogether unexpected, but it was definitely a long time coming. YouTube Music was the replacement for Google Play Music (which offered podcasts), but it didn’t bring over its ability to play podcasts. Instead, people could listen to their favorite podcasts using the Google Podcasts app released back in 2018.

Google Podcasts and YouTube Podcasts will not merge

One thing about Google is that it has a tendency to have redundant services running at the same time. It eventually merges them, and this is what we expected the company to do this time around. Since Google owns YouTube, we suspected a transition period. However, according to 9To5Google, Google announced that it’s not going to merge Google Podcasts and YouTube Podcasts.

This could be a good idea, as the transition between Google Play Music and YouTube Music was rough for some people. While YouTube Music has grown in the last couple of years, there are a bunch of people who still miss Google Play Music. The platform has some features that YouTube Music didn’t adopt.

So, moving podcast services might create the same sort of issues. While Google does own YouTube, YouTube is still its own company, and it’s going to do things differently than Google. So, keeping them separate is a good idea.


[ad_2]
Source link

iPhone 15 Pro Max design shown early, along with its dimensions

andreasc
-
0
iPhone 15 Pro Max design shown early, along with its dimensions
[ad_1]

One of the most prominent tipsters out there, Ice Universe, just shared with everyone the design of the iPhone 15 Pro Max. Before we begin, do note that this phone may be referred to as the iPhone 15 Ultra at launch.

The iPhone 15 Pro Max design and the phone’s specifications have been revealed

9to5Mac already shared CAD-based renders of the iPhone 15 Pro and iPhone 15, and Ice Universe is here to add to that with the iPhone 15 Pro Max. In the gallery below, you’ll not only see CAD-renders, but processed CAD-based renders that give us a better look at the phone.

Looks-wise, there’s not much changed here. At first glance, many people would struggle to tell the difference. The thing is, its bezels will be thinner, while the phone itself will be thicker than its predecessor.

On top of that, physical buttons from the past model will be replaced with solid-state buttons. Apple will also use Titanium for the phone’s frame, it seems. A Type-C USB port will sit at the bottom.

It will look similar to its predecessor, but with several upgrades worth noting

So, even though the phone will look very similar to its predecessor, there are some changes to pay attention to. The Dynamic Island is still be included on the front, and the rear camera design will remain unchanged too.

The tipster did share the exact dimensions too. He claims that the phone will measure 159.86 x 76.73 x 8.25mm (11.84mm with the camera bump). So, it will be slightly shorter, and narrower than its predecessor, but also thicker.

This will be the first iPhone, along with all of its siblings in the series, to include a Type-C USB port at the bottom. The iPhone 15, iPhone 15 Plus, and iPhone 15 Pro will also feature it.

All three of these phones will become official in September this year. Do note that Apple could release the iPhone 15 Pro Max as the iPhone 15 Ultra, or may add a 5th device to the lineup named ‘Ultra’. The latter rumor is less probable, though.


[ad_2]
Source link

LumaFusion is now available on ChromeOS and Android

andreasc
-
0
LumaFusion is now available on ChromeOS and Android
[ad_1]

Android is a great platform, but every Android user has felt the plight of iOS users often getting better apps- just try finding a suitable Garage Band alternative Android! However, the iOS hit LumaFusion is coming to Android and ChromeOS, according to 9To5Google.

LumaFusion is an insanely popular and powerful video editing program that debuted on iOS. It shows the power of optimization, as users are met with a ton of useful features to edit their videos.

Yes, Android users were left in the dust with it, but the company did say that it plans on making it available on Android and ChromeOS eventually. This was back in October of 2021, and the company later released a beta version on ChromeOS.

Now, the wait is over, as LumaFusion is available on ChromeOS and Android

Programs are usually available on iOS first and trickle down to Android later. That’s just the nature of the beast. There’s a lot less variation with iOS than with Android. So, Lumafusion coming to Android and ChromeOS sounds like a feat.

Obviously, you’ll want to be mindful of your device’s performance and limitations. If you’re running something like a Pixel 7 Pro or a Galaxy S23 Ultra, then you should not have any issues with it. However, if you’re rocking a $200 mid-range phone, you will have a slower time.

Since LumaFusion is a serious video editor for serious content creators, it will cost serious money (well, for an app). Downloading it from the Google Play Store will cost you a cool $29.99. That’s definitely a lot if you’re looking for an app to casually edit videos. However, LumaFusion offers a feature set that makes you feel like you’re using a professional video editor.

Aside from the typical editing features that you can use anywhere, you have the benefit of unlimited keyframes if you want to animate parts of your video. You’re able to have up to six video layers at the same time which is insane for a mobile program. If you’re looking to use a green screen, well this program also has a chroma key tool.

That’s only a handful of the features that you can look forward to if you buy LumaFusion. If you’re using a Chromebook, Google is also offering 25% off, so that’s great if you’re on ChromeOS.

Buy LumaFusion


[ad_2]
Source link

iPhone 15 Plus renders reveal thinner bezels & Dynamic Island

andreasc
-
0
iPhone 15 Plus renders reveal thinner bezels & Dynamic Island
[ad_1]

The iPhone 15 Plus CAD-based renders are in, thanks to 9to5Mac. The source already shared iPhone 15 and iPhone 15 Pro CAD-based renders, and it’s now back with the iPhone 15 Plus as well. It’s worth noting that the iPhone 15 Pro Max renders have also been shared in the meantime, by Ice Universe.

The iPhone 15 Plus renders have also surfaced, and point to thinner bezels

These renders have been put together by Ian Zelbo, as was the case with the previous ones. Having said that, as expected, the iPhone 15 Plus will include a Dynamic Island. All phones in the series will feature it, and the same goes for a Type-C USB port.

If you take a look at the two images provided below this paragraph, you’ll see the iPhone 14 Plus and iPhone 15 Plus side-by-side. You will notice slightly thinner bezels, and the addition of the Dynamic Island.

iPhone 14 Plus and iPhone 15 Plus CAD 1

The phone will be almost the same exact size as the iPhone 14 Plus

The source also shared the dimensions of the new model. The iPhone 15 Plus will measure 160.87 x 77.76 x 7.81mm. The iPhone 14 Plus measures 160.84 x 78.07 x 7.79mm. These differences are almost negligible, they will be almost exactly the same in terms of size.

The iPhone 15 Plus will still feature an aluminum frame, just like its predecessor, and a glass back. It will likely keep the exact same display size as its predecessor, which means it will include a 6.7-inch display. There’s a slight chance it may be bumped up to a 6.8-inch panel, as the iPhone 15 is said to include a 6.2-inch display. That panel is 0.1 inches larger than the one on the iPhone 14.

All four iPhone 15 series smartphones are expected to arrive in September this year. That’s when Apple usually releases its next-gen iPhones, so there you have it.


[ad_2]
Source link

TCL brings its TCL 40 series phones to MWC 2023, new tablets

andreasc
-
0
TCL brings its TCL 40 series phones to MWC 2023, new tablets
[ad_1]

TCL introduced us to its TCL 40 series of phones at CES 2023, and they were able to garner some acclaim. This is the next slew of mid-range phones from the company. Now, the TCL 40 series phones are making an appearance at MWC 2023 along with some interesting tablets.

 The TCL 40 series phones are at MWC 2023

Starting off with TCL’s new handsets, these are the next slew of phones that won’t break the bank. We have three new phones called the TCL 40 X 5G, TCL 40 XL 5G, and TCL XE 5G.

TCL 40XL 5G (May 2023 From $149)

First, we have the TCL XL 5G. This is the most affordable model of the set with a 6.75-inch HD+ display with a 60Hz refresh rate. It uses the MediaTek G37 SoC.
It comes with 4GB of RAM and 128GB of storage.

This phone has a triple camera setup. There’s a 50MP main camera that’s accompanied by a 2MP depth camera and a 2MP macro camera. Finishing off the specs, we have a large 5000mAh battery.

TCL 40 XL 3

TCL 40XE 5G (June 2023 From $169)

Next, we have the TCL 40 XE 5G. This is the middle child of the group with a 6.56-inch HD+ display with a 90Hz refresh rate. It uses the MediaTek Dimensity 700 SoC that’s backed up by 4GB of RAM and 64GB of storage.

It has a triple-camera setup with a 13MP main camera, a 2MP depth camera, and a 2MP macro camera. As for the battery, we’re looking at a large 5000mAb battery.

TCL 40 XE 5G 3

TCL 40X 5G (June 2023 From $199)

Lastly, we have the TCL 40 X, this phone has a 6.56-inch display with an HD+ resolution that runs at 90Hz. It’s powered by the decent MediaTek Dimensity 700 SoC, and it’s backed up by 4GB of RAM and 64GB of expandable storage.

This phone has the same camera package as the TCL 40 XL 5G. Also, all of these phones use TCL’s NXTVISION display technology for better visuals.

TCL 40 X 5G 1

TCL’s new tablets

TCL also showed us its new tablets at MWC 2023. First, we gave the TCL Tab 11. This tablet comes with a decent-sized 10.95-inch IPS LCD display with a resolution of 2000 x 1200. It’s just over 1080p resolution, and it produces 16.7 million colors.

It’s powered by the MediaTek Helio P60T SoC which should give you decent power. That’s backed up by 4GB of RAM and 128GB of storage.

As for the other internals, we’re looking at an 8000mAh battery, a quad-speaker setup, and two microphones. As for the cameras, there’s an 8MP rear camera and an 8MP front camera. Lastly, it comes with Android 13 out of the box.

The TCL Tab 11 will launch in May 2023 at $179 ($209 for the LTE version).

TCL TAB 11 2

The last tablet is the TCL NXTPAPER 11. This tablet’s specs are identical to the TCL Tab 11. The main thing about this table is the use of TCL’s NXTPAPER 2.0 display technology. This ensures a great viewing experience from any angle. Also, it’s 150% brighter than NXTPAPER 1.0.

The TCL NXTPAPER 11 will launch in Europe and other regions in May 2023 starting at $249.

TCL NXTPAPER 11 2


[ad_2]
Source link

DOJ says Google ‘systematically destroyed’ chat evidence to escape antitrust lawsuits

andreasc
-
0
DOJ says Google ‘systematically destroyed’ chat evidence to escape antitrust lawsuits
[ad_1]

The US Department of Justice (DOJ) has accused Google of destroying internal chat records that were required for an antitrust investigation. According to federal laws, the companies should preserve the communications that might help investigators in antitrust cases. Google allegedly violated this law.

The DOJ has brought Big Tech under its radar in recent years. The department is trying to keep these companies accountable for their antitrust violations and abusing competition. Back in 2020, the DOJ filed a lawsuit against Google over “unlawfully maintaining monopolies.” The destroyed chat records were reportedly related to this case.

As per the filing details, Google allegedly “systematically destroyed” written communications every 24 hours. This is while the company was required in mid-2019 to change its chat defaults and keep a record of communications. The DOJ also claims Google destroyed chat records even after the lawsuit was filed, and only a few employees kept their chat histories.

DOJ puts Google in hot water over deleting chat evidence

The Department of Justice is also accusing Google of lying to the government. Google has told the agency that it has “put a legal hold in place” to suspend the auto-deletion of chats. However, the DOJ found this claim to be false as the company stopped deleting chats this week when the agency said it would file a motion for sanctions. After this warning shot, Google was forced to “permanently set to history on.”

In Epic Games’ lawsuit against Google, the video game maker claimed that Google employees prefer to talk about sensitive materials in chats because they feel safer. The search giant, however, continued to withhold its policy from the government even after the Epic Games confrontation.

According to DOJ’s deduction, Google has violated the federal rule of civil procedure by deleting chat records. The agency is now asking for a hearing to discuss sanctioning the company.

In response to allegations, Google is refuting the DOJ claims. The company spokesperson told The Wall Street Journal that they’d produced over 4 million documents for this case. The team have also “conscientiously worked for years to respond to inquiries and litigation.”


[ad_2]
Source link
1...1,4001,4011,402...1,452Page 1,401 of 1,452