TikTok car theft challenge: Hyundai, Kia fix flaw

andreasc
-
0
TikTok car theft challenge: Hyundai, Kia fix flaw
[ad_1]

Hyundai and Kia have released a software update to fix a car theft hack that went viral on TikTok, and resulted in at least eight fatalities.

Car manufacturer Hyundai, and its subsidiary Kia, began rolling out a free software update on February 14, 2023, to address a flaw in their anti-theft software, which was highlighted in a social media challenge. The release of the update came nine months after an uptick in car theft of the affected models in the US. Outside the US, victims in Australia also came forward.

“The software updates the theft alarm software logic to extend the length of the alarm sound from 30 seconds to one minute and requires the key to be in the ignition switch to turn the vehicle on,” said the US National Highway Traffic Safety Administration (NHTSA). “The effort is in response to a TikTok social media challenge that has spread nationwide and has resulted in at least 14 reported crashes and eight fatalities.”

The “Kia Challenge” went viral on TikTok in August 2022. Thieves, known as “Kia Boys” or “Kia Boyz”, showed how to bypass Kia’s security system using simple tools like a screwdriver and a USB cable. It is said this method of thieving is so easy because many 2015-2019 Kias and Hyundais lack electronic immobilizers, which use electronic signals to deter thieves from hot-wiring cars.

The teens instructed viewers to forcefully remove the covering of the steering column (located just below the steering wheel) to expose a slot where a USB-A plug then comes into play.

From what we have gathered, the viral TikTok video was a snippet from a Tommy G YouTube documentary entitled Kia Boys Documentary (A Story of Teenage Car Theft). The scene in question was found in the last bit of the video.

Only cars that use keys seem susceptible to this kind of theft. Push-to-start cars, which are vehicles that you start by pushing a button, are immune.

“The software upgrade modifies certain vehicle control modules on Hyundai vehicles equipped with standard ‘turn-key-to-start’ ignition systems,” Hyundai said in a press release. “As a result, locking the doors with the key fob will set the factory alarm and activate an ‘ignition kill’ feature so the vehicles cannot be started when subjected to the popularized theft mode. Customers must use the key fob to unlock their vehicles to deactivate the ‘ignition kill’ feature.”

A total of 8.3 million cars are eligible for the free update. Owners of affected Hyundai and Kia models are encouraged to visit their local dealership to have the software upgrade installed. Updated vehicles also get a windshield decal indicating they’ve been equipped with anti-theft software.

Hyundai will also be releasing the patch in phases, the schedule of which you can view on their web page. For the February 14 release (part of Phase 1), owners of Hyundai 2017-2020 Elantra can receive the update. The model to receive the patch next is 2018-2022 Accent in June 2023 (part of Phase 2). The schedule for the remaining models is yet to be announced.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

Best Samsung Galaxy S23 Ultra Cases

andreasc
-
0
Best Samsung Galaxy S23 Ultra Cases
[ad_1]

The Galaxy S23 Ultra is likely going to get all of the attention this year, from buyers. And that’s because it is the best of the best from Samsung. It also has the S Pen, so it’s more of a hybrid between the Galaxy S and Galaxy Note line of phones. It starts at $1,199 so it’s not a cheap phone. That means that you’re going to want to keep it in good shape and protect it. Which you can do with a case. So we’ve rounded up the very best cases for the Galaxy S23 Ultra here.

Best Samsung Galaxy S23 Ultra cases

In this list, you’ll find cases from Samsung as well as third-party cases from companies like Caseology, Ringke and others. So here are the best cases for the Galaxy S23 Ultra.

Samsung Silicon Cover

1 1

Samsung’s Silicon Cover is the same case that they have been offering with its phones for years now. It’s a pretty simple case, made of silicon for the Galaxy S23 Ultra. It looks and feels great in the hand. The only thing is that, because it is a soft-touch material, it does collect dust like crazy. It is available in a ton of colors too.

Samsung Silicon Cover – Samsung.com

Ringke Fusion

71pNKw8bD4L AC SL1500

  • Price: $14
  • Where to buy: Amazon

This case from Ringke is another good one for the Galaxy S23 Ultra. This is a clear case. So you won’t need to worry about it adding a lot of heft to your smartphone. That’s definitely good to see in this day and age. It’s clear, but it also comes in a matte-clear model and a smokey black model. The matte-clear might be the best option here, as traditional clear cases can get pretty disgusting quickly, due to fingerprints and other grease.

Ringke Fusion – Amazon

LK Protective Case

81qGXUpim7L AC SL1500

  • Price: $17
  • Where to buy: Amazon

Here’s another good looking clear case for the Galaxy S23 Ultra. This is from LK, who is pretty popular over on Amazon. But this one is military grade drop protection and won’t yellow. That’s something important to think about with clear cases, as they do tend to yellow after some time. But this one, apparently won’t. It also comes in a matte color, if you don’t want a 100% clear case.

AICase Rugged Case – Amazon

Caseology Nano Pop

51GQY1gfL AC SL1080

  • Price: $17
  • Where to buy: Amazon

The Nano Pop from Caseology is a newer collection of cases from the company, and they really “pop”. As you might expect from the name. This time around, it’s available in three colors: Black Sesame, Blueberry Navy, Avo Green. It’s a dual-layer case, which is going to offer a ton of protection for your new smartphone. It uses one color for the majority of the case, with the second being an accent color around the camera bump.

Caseology Nano Pop – Amazon

Samsung S-View Wallet Case

1 1

The Samsung S-View Wallet Case is another case that’s been around for quite some time. It basically is a flip case that has a small window in the corner to show you the time, date, battery percentage and some notifications. It does come in a slew of colors as well. So you can choose which one you want on your device.

Samsung S-View Wallet Case – Samsung.com

Samsung Frame Case

1 2

The Samsung Frame Case is a new case for Samsung this year, and it’s a quite interesting case. It’s available for all the Galaxy S23 models and it also comes in a few different colors too.

Samsung Frame Case – Samsung.com

Ringke Onyx

81YlGZj74zL AC SL1500

  • Price: $15
  • Where to buy: Amazon

The Ringke Onyx is one of my favorite cases for the Galaxy S23 Ultra. You see, it’s pretty minimal, and not very thick at all. And it does also have a textured back. Which makes it easier to hold onto. Of course, it has all of the cutouts for the usual things like the USB-C port, S-Pen slot and the speaker. So it’s a really good option to pick up.

Ringke Onyx – Amazon

Poetic Revolution Series

61kKeaepk1L AC SL1371

  • Price: $25
  • Where to buy: Amazon

Poetic is another popular one around these parts. The Revolution series is a really rugged case for the Galaxy S23 Ultra, which also has a built-in screen protector. And yes, the fingerprint sensor does work with this screen protector. So it’s a good option for a lot of people. Not to mention the fact that it does also have a built-in kickstand here.

teloxy Crystal Clear Case – Amazon

Caseology Skyfall

61Cseyw45yL AC SL1080

  • Price: $16
  • Where to buy: Amazon

Those looking for a clear case, the Caseology Skyfall is a great option. It is mostly clear, with a colored accent around the camera bump, and the frame. Caseology is available in two colors: matte black, and lilac purple. Which makes it a really great looking case, and one that won’t yellow either.

Caseology Skyfall – Amazon


[ad_2]
Source link

thinner bezels, USB-C & curvier design

andreasc
-
0
thinner bezels, USB-C & curvier design
[ad_1]

The iPhone 15 Pro is coming later this year, and thanks to 9to5Mac, we just got our first look at the phone. The site shared CAD-based renders for us to check out. These renders have been made by Ian Zelbo.

The iPhone 15 Pro CAD renders give us the very first look at the device

For those of you who are wondering, these renders are based on CAD files given by Apple to factories in Asia. CAD-based renders are usually shared by @OnLeaks but now come from a different source.

Such renders usually end up being quite accurate, so it’s easily possible this is what the iPhone 15 Pro will look like. The most noticeable design change comes in the form of a Type-C USB port at the bottom. The Lightning port is gone.

iPhone 15 Pro CAD based design 3

Apple already implemented Type-C to some other devices, including iPads, so it was only a matter of time before it arrives to iPhones. The EU’s decision to streamline charging ports may have something to do with it, though.

It will feature more curves, and a thicker camera bump

Now, another difference you’ll notice is the phone’s curvature. To be more accurate, in the curvature of the phone’s edges. You’ll notice the change both on the metal frame, and the glass. Let’s hope this change will make the phone more comfortable to hold and use, when not in a case.

The source also notes that the camera bump is thicker than it was before, and that is easily visible in the provided images. It still looks similar to the one on the iPhone 14 Pro, but it’s thicker. This could mean that we’ll get larger sensors on the inside.

iPhone 15 Pro CAD based design 2

We may also get solid-state buttons here, and thinner bezels too

It also seems like the rumors regarding solid-state buttons were true. The volume rockers look set to be capacitive buttons, not physical ones. We, of course, cannot be sure, but it sure seems like it. The same will happen with the power/lock button, if it happens with the volume buttons, of course, The mute switch is still here, though.

Now, if you take a look at the image provided below this paragraph, you’ll see the difference in bezel thickness. The bezels on the iPhone 15 Pro seem to be considerably thinner. The phone will retain the same 6.1-inch display size, but will be physically a bit smaller because of the thinner bezels.

iPhone 15 Pro CAD based design 4

All in all, the iPhone 15 Pro will look very similar to its predecessor, but with noticeably thinner bezels, more curves, a thicker camera bump, USB-C, and different buttons, it seems. So, it may look similar at first, but it’ll surely feel different.


[ad_2]
Source link

Google accepts to give clearer info to EU customers on its services to comply with EU regulations

andreasc
-
0
Google accepts to give clearer info to EU customers on its services to comply with EU regulations
[ad_1]

Big tech giants such as Google, Apple, and Amazon, often find themselves scrutinized by lawmakers, especially in Europe. Now, the EU has managed to make Google agree to something the EU has been pushing for: some transparency. Engadget reports that Google has agreed to provide clearer information to users on the Google Store, Google Play Store, Google Hotels, and Google Flights in Europe.

Google to give clearer info to users in Europe


The news comes from a press release by the EU Commission. Google will have to show whether it is an intermediary or it is selling products directly, it will also have to better inform customers about deliveries, returns, repairs, and more.

These moves are set in place so Mountain View can comply with EU regulations. These regulations have come up after a dialogue with the Consumer Protection Cooperation Network (CPC). The dialogue started all the way back in 2021.

EU commissioner for justice Didier Reynders said that EU customers are entitled to clear, complete information and that Google’s commitments to doing the mentioned above changes are a step in the right direction.

Google Flights and Google Hotels will have to indicate to customers whether they’re selling directly, or only acting as an intermediary for other companies. But that’s not all. These two search services have to also state what was used as a reference price for discounts that they show, and clarify that the reviews on Google Hotels aren’t verified.

All in all, these two services will have to comply with the same transparency rules followed by other platforms like Expedia.com (which is an online travel agency).

As we already mentioned above, two more services of Google are affected by the new changes. The Google Store will have to provide clear information on delivery prices, right of withdrawal, and repair or replacement options, and all of that info has to be “pre-contractual”, meaning before a contract was made.

Also, Google should make it easier to find info on vendors, such as legal name and address, as well as methods of contact.

Google will have to make it clear to developers on the Google Play Store that they have obligations under the Geo-blocking Regulation to make their apps accessible EU-wide. Basically, apps should be available across Europe. Also, means of payment from any country in the European Union have to be accepted in apps.

This change is, as you might suppose, put in place so all users will get to have the same rights and access the same content from anywhere in the European Union.

For now, the official date of the implementation of these changes has not been announced: neither by the European Commission nor by Google. Actions from regulations like this one, as some of you may know, may take months if not years to be implemented.

However, given the fact these requirements don’t seem too complicated to put in place, we might be looking at a smaller time frame for their implementation – but as anything policy, we can’t be sure until an official deadline has been set.

The Consumer Protection Cooperation Network, or the CPC will start to monitor the implementation of the commitments taken by Google. The CPC is a network of authorities who are responsible for the enforcement of consumer protection laws put in place by the European Union.

The biggest change that Google will have to tackle is the geo-blocking part. At the moment Google lets you change your country or region in the Play Store once a year. However, in doing so you might lose the content you’ve actually acquired before, in your previous country of residence. This is marked by the press release as an area where Google is still not fully compliant with the Geo-blocking Regulation.


[ad_2]
Source link

Mortal Kombat ransomware forms tag team with crypto-stealing malware

andreasc
-
0
Mortal Kombat ransomware forms tag team with crypto-stealing malware
[ad_1]

It’s like a choose your own adventure game gone horribly wrong.

An “unidentified actor” is making use of these two malicious files to cause combo-laden mayhem on desktops around the world, according to new research from Talos.

The tag-team campaign serves up ransomware known as Mortal Kombat, which borrows the name made famous by the video game, and Laplas Clipper malware, a clipboard stealer. Depending on the flow of infection, targets can expect to find a demand for payment to unlock encrypted files or sneaky malware looking to grab cryptocurrency details from system clipboard functions.

These attacks have been taking place since December 2022 and have no specific target, with small and large organisations affected, as well as individuals. The infection chain is kick-started by an email harbouring a malicious attachment.

The email is cryptocurrency themed, and claims that a payment of yours has “timed out” and will need resending. Given how long it can take some cryptocurrency payments to be processed, this is likely to raise the curiosity of recipients.

The email comes with a dubious zip attachment containing a BAT loader that begins the infection process when it’s executed. The BAT loader kicks off a chain of events that results in the download and execution of the ransomware or the clipper malware, from one of two URLs. (The analysis by Talos does not include how it decides which to deploy, so it could be targeting or just random chance.)

It’s like a choose your own adventure game gone horribly wrong.

Laplas Clipper

Laplas Clipper is a form of Trojan, and it takes a very smart approach to cryptocurrency theft. Regular clipboard-swiping malware waits for a user to copy a cryptocurrency address (which looks like a long password) and then switches it out for an address owned by the scammer. The end result is that the victim sends their payment to the attacker instead of the intended recipient.

Laplas switches out to wallet addresses which look similar to the correct, intended destination. Rather than carrying a stack of addresses with it, it phones home, contacting its Command and Control (C2) server via HTTP GET for a close match.

It’s also able to generate imitation addresses for a wide variety of cryptocurrencies including Monero, Bitcoin, Ethereum, Solana, and even Steam trading URLs. This is, of course, very bad news for people who do a lot of wallet address copying and pasting.

In this instance, it creates both persistence on the infected machine via the AppData\Roaming\ folder and a Windows scheduled task which means Clipper activates “every minute for 416 days”. This essentially grants non-stop monitoring of a system. It then acts as mentioned above, switching out genuine wallet addresses for bogus imitations.

Malwarebytes detects Laplas Clipper as Trojan.Clipper.

Mortal Kombat ransomware

Mortal Kombat Ransomware is based on Xorist Commodity ransomware. According to Talos, it has mainly been seen in the US, as well as the Philippines, the UK, and Turkey. This type of ransomware is created via a builder program. The builder allows for a reasonable amount of customisation, which includes warning messages, desired file extension, wallpaper addition, the file extension used on encrypted files, and so on.

Once installed on a system, Mortal Kombat targets a large selection of files for encryption, based on their file extensions. It also drops a ransom note and changes the wallpaper for the PC. According to The Record, the wallpaper features the character Scorpion from…you guessed it…Mortal Kombat.

There is nothing subtle about this particular ransomware threat. Talos notes that files in the recycle bin are not spared from attack.

Applications and folders are removed from Windows startup, and indicators of infection are discreetly tidied up and removed. The ransom note reads as follows, pushing those impacted towards communication with the attackers via instant messaging:

YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED. DON’T WORRY YOUR FILES ARE SAFE. TO RETURN ALL THE NORMALLY YOU MUST BUY THE CERBER DECRYPTOR PROGRAM. PAYMENTS ARE ACCEPTED ONLY THROUGH THE BITCOIN NETWORK. YOU CAN GET THEM VIA ATM MACHINE OR ONLINE.

Instructions are then provided to download the aforementioned chat program, add the attackers as a “friend”, and begin communication.

Malwarebytes detects Mortal Kombat ransomware as Malware.Ransom.Agent.Generic.

Mortal Kombat Ransomware detection

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

YouTube Kids is merging with the main YouTube app

andreasc
-
0
YouTube Kids is merging with the main YouTube app
[ad_1]

YouTube Kids has been a safe bet for parents who wanted to plop their children down in front of their iPad to entertain them. This app filters and funnels child-friendly content for children to watch. Now, the Youtube Kids app is merging with the main YouTube app.

So, the standalone YouTube Kids app will be going away, but parents shouldn’t worry. They’ll still have a place for their children to watch their favorite kid-friendly content.

YouTube Kids is merging with the main YouTube app

This news comes from The Streamable. Folks who use YouTube Kids on game consoles, smart TVs, or streaming devices will find a difference. The YouTube Kids app will be gone. Instead of being a standalone app of its own, it will live within the main YouTube app.

When you open the YouTube app, you’ll be able to enter the Kids app from within the main app. If you use the kid’s app, then you should know that you’re able to make a kid’s profile.

When you open the main YouTube app, you’ll be able to select the kid account from the account picker. Then, you’ll be taken to the safe space on YouTube. The only issue is that there is an extra step. That can be an issue for parents who let their kids access YouTube Kids on their own.

Now, their child needs to go through the main app. They run the risk of seeing content that their parents don’t want them to see.

However, as noted by The Streamable, this could make YouTube Kids more accessible. While the YouTube app is available across a ton of platforms, YouTube Kids isn’t supported on a lot of platforms. Well, now that YouTube Kids is merging with YouTube proper, this will put this app on more platforms.

This is rolling out, so there’s a chance that you won’t see it right away. If you don’t see it, then you’ll want to wait a few days.


[ad_2]
Source link

MLB Network & MLB.TV are leaving YouTube TV

andreasc
-
0
MLB Network & MLB.TV are leaving YouTube TV
[ad_1]

In another jab to sports lovers, YouTube TV has confirmed that MLB Network and MLB.TV are not returning to the service for the 2023 season. YouTube TV sent out an email today to subscribers, informing them of this change.

The email stats that they had recently informed members of the deal expiration for the MLB Network on January 31, 2023. Now the email is also clarifying that this does also include MLB.TV add-on and standalone channel on YouTube TV. Starting on February 16, 2023, MLB.TV content will no longer be available on YouTube TV. And you will no longer be charged, those that were on the monthly plan were also refunded during the off season.

Honestly, this isn’t that big of a deal. It just means that you can no longer buy MLB.TV and watch it through YouTube TV. You weren’t getting a discount by doing it through YouTube TV, just the ability to watch through YouTube TV really. So you can still sign up for MLB.TV from the MLB itself.

YouTube TV is one of the few without MLB.TV

Now, surprisingly, YouTube TV is one of the few without MLB.TV for the 2023 season. Surprisingly, DIRECTV Stream, FuboTV and Sling TV all have it available, but it’s not available on the base plan. For DIRECTV Stream, you’ll need to pay $99, fuboTV will charge you the $86 per month for the plan plus $11 per month for the add-on. While Sling TV will charge you $40 per month plus the $11 per month for the add-on.

A bit surprising to see it pulled from YouTube TV entirely. Instead of just being moved to an add-on, at least for the MLB Network. Since MLB.TV was already a standalone purchase. Perhaps this is the move that the MLB is going to be making in the future with contracts at these other streamers expiring. Similar to what Bally Sports did, before it launched Bally Sports Plus.


[ad_2]
Source link

Spotify users have found a way to stalk each other on the platform

andreasc
-
0
Spotify users have found a way to stalk each other on the platform
[ad_1]
Having your favorite tunes at the tip of your fingers simply can’t be ignored nowadays, and that’s precisely why Spotify has become a staple app. But have you stopped to consider that your listening history may be a type of user data? Well, if that is the case, is it PII (personal identifiable information) and is it dangerous for you when others have it?The Wall Street Journal published an overview of the creative ways that Spotify users are utilizing Listening History — a feature likely intended to simply help users get back to that track they missed out on liking or adding to the appropriate playlist.

Well, as it turns out, it’s linked to one of the ways to stalk another Spotify user. Some prominent snoopers have made full-blown guides with best practices, while others have shared heartbreaking stories about finding out how their — now ex — girlfriend was having an affair. Yes, through Spotify.

Turns out that if someone likes a song that your SO is listening to too fast, it may be an indication of something sinister going on behind the scenes. Or it might just be paranoia.
Well, see, here’s the thing: you can choose whether you’d like Listening History to be a private endeavor or not. And many people have no clue that there’s a toggle within Spotify’s settings, under the Social category. And before you rush to check: it’s off by default.

If you turn it on, though, users from the mobile app will be able to check out what you’ve listened to lately and browse through all of your public playlists. And if they follow you, and they are logged in on PC, they can even see what you are listening to in real time.

You’ve been granted the power to eliminate stalkers, if you happen to suspect the presence of such entities. The resolution is quite obvious: block them! That way, even if your stuff is public, they won’t be able to see any of it… Until they make a new account, of course. And given that Spotify has a free service model too, that’s not out of the question.

On the surface, this seems like the latest fad, which showcases the online adaptability of younger generations. However, if some of these snoopers are truly finding success through seemingly absurd tactics, how long do we have to wait until malicious actors become capable of tracking potential victims through listening habits alone?

Well, we can’t say if that’ll happen and we sure hope that it doesn’t, but if Netflix or Shudder ever make a horror movie like that, we’re expecting a prominent credit — both in-scene and in-credits. Until then, always remember to check the Settings section of your most-used apps.

[ad_2]
Source link

How Log Monitoring Prevents Web Attacks?

andreasc
-
0
How Log Monitoring Prevents Web Attacks?
[ad_1]
Log Monitoring

Security logging and monitoring failures feature in the OWASP Top 10 list, moving up to #9 from #10 in the 2017 list. Why so?

Because logging and monitoring failures hinder your effective threat detection.

If the website risks are not logged properly, flaws will go unnoticed and unaddressed. And the longer it takes to identify and stop threats, the higher the damage and costs.

Given the importance, website log monitoring is critical to detect and respond to web attacks

EHA

An Introduction to Website Logs

Website logs are text files that contain time-stamped immutable records of events. All websites, applications, network devices, operating systems, servers, etc., automatically write and maintain log files.

Web logs contain events such as

  • Hits to the website
  • Views of HTML documents, images, and other objects
  • Who is visiting the site?
  • Where are they visiting from?
  • Visitors’ activities on the site

Types of Website Logs 

There are different kinds of website logs based on the source of logs and their nature. Here are some examples:  

Web Server Logs

They record all activities related to a specific web server over a defined time period. They offer an unfiltered look at the website traffic and all requests to the server. Stored as text documents in the database, they are created automatically.

It constantly collects server data to provide organizations insights on when, how, and by whom the server is used. These website server logs contain raw data and can be customized to produce other reports. 

The types of server logs that can be produced are: 

  • Error Logs 
  • Access Logs
  • Referrer Logs

Activity Logs 

They are user-friendly and readable logs. They inform the organization about all the activities taken by every user on the website. 

Why is Website Logging So Important? 

Prevent Website Attacks 

Improved website security logs and monitoring would also play a role in prevention. It aids in the detection and response of breaches.

Some logging and monitoring flaws include the following issues:

  • Insufficient, unclear, or no logging of auditable events
  • Website logs not being examined for malicious activities
  • Improper storage of logs
  • Inadequate/ unclear error messages
  • Not using real-time log monitoring and alerting systems

The best logging and monitoring tools offer real-time alerts and insights on website changes, errors, and gaps. Thereby enabling you to prevent a wide range of attacks and data breaches. 

Detecting Anomalous/ Suspicious Behaviour

Website and web server logs offer a complete record of all events and activities happening on the website. Hence, you can seamlessly track user journeys and behavior on the site. It includes:

  • Time spent by users
  • Pages on which users spent time
  • Actions performed
  • Uploads/ downloads
  • Navigational patterns
  • Failed processes

By analyzing the logs, you can identify anomalies and suspicious behaviors of users. You can stop various attacks, including injections, bot attacks, and DDoS.  For instance, many failed login attempts often indicate a bot attack.

Gaining Visibility into Website Changes 

With a good log management and monitoring solution, website logs enable you to monitor any website changes closely. Some of the activities that logs offer visibility into are: 

  • Changes to core website files
  • Privilege escalation
  • Changes in user roles and permissions 
  • Addition, deletion, and updates to blog posts
  • File uploads 
  • Activation, deactivation, and modification of plugins and themes

Regulatory Compliance 

Most regulatory frameworks, including GDPR, HIPAA, PCI-DSS, etc., require organizations to maintain and monitor website logs.  

Debugging the Application 

Logs also provide details about the path of your code. This way, you can unearth errors and bugs in your application.

They enable you to discover errors that occur in runtime and fix them. So, website logs are useful in debugging the application. 

Monitor Website Health

With key metrics and insights, logs enable you to continuously monitor the health of your website. For instance, by using error rate insights, you can quickly identify and fix problems. 

Website logs also tell you what is happening behind the scenes and when it happened. Suppose something goes wrong with the systems/ applications or networks. In that case, you will have detailed records of all actions before the anomaly.

You can also perform forensic analysis and identify the root cause of issues. If the systems behave normally, you can find how applications react and perform. Enabling you to finetune and improve performance. 

Conclusion 

Website logs are imperative for threat detection and prevention.  They help to strengthen your website’s security, availability, and performance. 


[ad_2]
Source link

Two Supreme Court cases could change the Internet as we know it

andreasc
-
0
Two Supreme Court cases could change the Internet as we know it
[ad_1]

The Supreme Court’s reconsideration of Section 230, a law that’s been the foundation for the way in which we have used the Internet for decades, could trigger major changes.

The Supreme Court is about to reconsider Section 230, a law that’s been the foundation of the way we have used the Internet for decades.

The court will be handling a few cases that at first glance are about online platforms’ liability for hosting accounts from foreign terrorists. But at a deeper level these cases could determine whether or not algorithmic recommendations should receive the full legal protections of Section 230.

The implications of removing that protection could be huge. Section 230 has frequently been referred to as a key law, which has allowed the Internet to develop to what it is now. Whether we like it or not.

The are two cases waiting to be heard by the Supreme Court are Gonzalez v. Google and Twitter v. Taamneh. Both seek to draw big tech into the war on terror. The plaintiffs in both suits rely on a federal law that allows any USA national who is injured by an act of international terrorism to sue anyone who knowingly provided substantial assistance to whoever carried it out. The reasoning is that the platforms, Google and Twitter, provided assistance to terrorists by giving them the ability to recruit new members.

Section 230 is the provision that has, until now, protected those platforms from the negative consequences of user-generated content.

Section 230

Section 230 is a section of Title 47 of the United States Code that was enacted as part of the Communications Decency Act (CDA) of 1996, which is Title V of the Telecommunications Act of 1996, and generally provides immunity to websites from the negative effects of third-party content.

What’s in question is whether providers should be treated as publishers or, alternatively, as distributors of content created by its users.

Before the Internet, a liability line was drawn between publishers of content and distributors of content. A publisher would be expected to have awareness of the material they published and could be held liable for it, while a distributor would likely not be aware and as such would be immune.

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

Section 230 protections have never been limitless though, and require providers to remove material illegal on a federal level, such as in copyright infringement cases.

It all became a bit more complicated when online platforms—and social media in particular—started using algorithms that are designed to keep us occupied. These algorithms make sure that we are presented with content we have shown an interest in. The goal is to make us spend as much time on that platform as possible while the platform earns advertising dollars. While the content was not created by the platform, the algorith definitely does the bidding of the platform.

In the early days (cases that played out before the turn of the century) moderation was seen as an editorial action which shifted a platform from a distributor role into a publisher role, which didn’t exactly help to get some form of moderation started.

In modern times, now that moderation has become the norm on social platforms, the scale of content moderation decisions that need to be taken is immense. Reportedly, within a 30-minute timeframe, Facebook takes down over 615,000 pieces of content, YouTube removes more than 271,000 videos, channels and comments, and TikTok takes down nearly 19,000 videos.

Possible implications

Section 230, from an Internet perspective is an ancient law, written at a time when the Internet looked very different than it does today. Which brings us back to the algorithms that have people scrolling social media all day. One of the consequences of these algorithms noticing a preference for a particular subject is that they will serve you increasingly extreme content in that category.

Making platforms liable for the content provided by their users is likely to make everything a lot slower. Imagine what will happen if every frame of every video has to be analyzed and approved before it gets posted. We would soon see rogue social media platforms where you can’t sue anyone because the operators are hiding behind avatars on the Dark Web or in countries beyond the reach of US extradition treaties.

It could even have a chilling effect on freedom of speech, as social media platforms seek to avoid the risk of getting sued over the back and forth in a heated argument.

And what about the recent popularity surge we have seen in chatbots? Who will be seen as the publisher when ChatGPT and Bing Chat (or DAN and Sydney as their friends like to call them) uses online content to formulate a new answer without pointing out where they found the original content?

Let’s not forget sites that have an immense userbase, like Reddit, which largely depend on human volunteer moderators and a bit of automation to keep things civilized. Will those volunteers stick around when they can be blamed for million dollar lawsuits against the site?

Even easily overlooked services like Spotify could be facing lawsuits if their algorithm suggested a podcast that contains content considered harmful or controversial.

The Halting Problem

Stopping bad things from happening on platforms like Google and Twitter is an admirable ambition, but it is probably impossbile. Even if they were able to fully automate moderation, they would quickly run into the halting problem associated with decision problems.

A decision problem is a computational problem that can be posed as a yes–no question of the input values. So, is this content allowed or not? That sounds like a simple question, but is it? Turing proved no algorithm exists that always correctly decides whether, for a given arbitrary program and input, the program halts when run with that input. This is called the halting problem.

A direct derivative of the halting problem is that no algorithm will always make the correct decision in a decision problem as complicated as content moderation.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link
1...1,4171,4181,419...1,452Page 1,418 of 1,452