XSS Flaws In WordPress Plugins Exploited To Deploy Malware

andreasc
-
0
XSS Flaws In WordPress Plugins Exploited To Deploy Malware
[ad_1]

Researchers uncovered a new wave of malware attacks against WordPress websites, exploiting known XSS vulnerabilities in different WordPress plugins to deploy malware. Users must ensure updating their sites with the latest plugin releases to avoid the threat.

New Malware Campaigns Exploits XSS In Different WordPress Plugins

Reportedly, the threat actors have devised a new malware campaign leveraging the general practice of site admins, leaving their sites running with vulnerable plugin versions. In the recent campaign, the attackers exploited different cross-site scripting (XSS) vulnerabilities in three different WordPress plugins to deploy malware.

As explained in their post, researchers from the security team Fastly observed active exploitation of the following three XSS vulnerabilities.

  • CVE-2023-6961 (CVSS 7.2): A high-severity XSS affecting the WP Meta SEO plugin. The stored XSS impacted the ‘Referer’ header, allowing an unauthenticated adversary to inject arbitrary scripts on web pages that would execute following users’ page visits. The plugin developers patched this vulnerability with v.4.5.13.
  • CVE-2023-40000 (CVSS 8.3): Another high-severity vulnerability affecting the LiteSpeed Cache Plugin. The developers addressed this flaw with the plugin version 5.7.0.1, released in October 2023.
  • CVE-2024-2194 (CVSS 7.2): This high-severity stored XSS flaw affected the URL search parameter in the WP Statistics plugin. It impacted the plugin versions 14.5 and earlier, eventually receiving a patch with version 14.5.1

Fastly researchers observed a new JavaScript malware exploiting these flaws. As stated,

The attack payloads we are observing targeting these vulnerabilities inject a script tag that points to an obfuscated JavaScript file hosted on an external domain.

Specifically, this malware performs three main functions: installing PHP backdoors, creating rogue admin accounts, and setting up tracking scripts to monitor the targeted sites.

While the developers have adequately patched all three vulnerabilities, the active exploitation of the flaws in the wild clearly hints at the users’ ignorance about ensuring prompt site updates. Now that the threat is already in the wild, WordPress admins must ensure that these WP plugins (and all others running on their sites) are updated with the latest releases to receive all security fixes.

Let us know your thoughts in the comments.


[ad_2]
Source link

Advance Auto Parts customer data posted for sale

andreasc
-
0
Advance Auto Parts customer data posted for sale
[ad_1]

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers.

Allegedly the customer data includes:

  • Names
  • Email addresses
  • Phone numbers
  • Physical address
  • Orders
  • Loyalty and gas card numbers
  • Sales history

The data set allegedly also includes information about 358,000 employees and candidates—which is a lot more than are currently employed by Advance Auto Parts (69,000 in 2023).

The cybercriminal is asking $1.5 Million for the data set.

post by Sp1d3r offering data for sale
Cybercriminal offering Advance Auto Parts data for sale

Advance Auto Parts has not disclosed any information about a possible data breach and has not responded to inquiries. But BleepingComputer confirms that a large number of the Advance Auto Parts sample customer records are legitimate.

Interestingly enough, the seller claims in their post that the data comes from Snowflake, a cloud company used by thousands of companies to manage their data. On May 31st, Snowflake said it had recently observed and was investigating an increase in cyber threat activity targeting some of its customers’ accounts. It didn’t mention which customers.

At the time, everybody focused on Live Nation / Ticketmaster, another client of Snowflake which said it had detected unauthorized activity within a “third-party cloud database environment” containing company data.

The problem allegedly lies in the fact that Snowflake lets each customer manage the security of their environments, and does not enforce multi-factor authentication (MFA).

Online media outlet TechCrunch says it has:

“Seen hundreds of alleged Snowflake customer credentials that are available online for cybercriminals to use as part of hacking campaigns, suggesting that the risk of Snowflake customer account compromises may be far wider than first known.”

TechCrunch also says it found more than 500 credentials containing employee usernames and passwords, along with the web addresses of the login pages for Snowflake environments, belonging to Santander, Ticketmaster, at least two pharmaceutical giants, a food delivery service, a public-run freshwater supplier, and others.

Meanwhile, Snowflake has urged its customers to immediately switch on MFA for their accounts.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your exposure

While the Advance Auto Parts data has yet to be confirmed, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.


[ad_2]
Source link

Galaxy S24’s instant slo-mo feature to get HDR10+ support soon

andreasc
-
0
Galaxy S24’s instant slo-mo feature to get HDR10+ support soon
[ad_1]

Samsung introduced its latest flagship smartphones called the Galaxy S24, S24+, and the S24 Ultra earlier in January. Among the new hardware, the Galaxy AI editing tools are the biggest highlights of the new flagship trio. One of these AI-powered editing tools is called Instant Slow-Mo. As the name suggests, it is capable of slowing down regular videos to make them look like they were shot in the slo-mo mode.

At the moment, the Galaxy S24’s instant slo-mo feature only works on non-HDR10+ videos. However, this is going to change soon as the company will soon roll out an update to fix it. The new firmware will allow Galaxy S24’s instant slo-mo feature to offer HDR10+ video support.

The upcoming software update will allow the instant slo-mo feature to offer HDR10+ video support

While replying to a user on Samsung’s community website, a moderator confirmed that the instant slo-mo’s HDR10+ support is in the works. The moderator said that the support for HDR10+ videos has been implemented in the slo-mo functionality on the Galaxy S24. The upgraded feature will be released to the users via a new software update. As of now, there’s no word when this firmware update will be released. The moderator did mention that “we will notify you when the SW update is provided”.

After the update, Samsung will improve the Instant Slow-Mo feature on the Galaxy S24 series devices by adding support for HDR10+ videos. The feature will let you use Galaxy AI and Instant Slow-Mo features to view and edit a regular HDR10+ video. Currently, to use HDR10+ footage with the Galaxy AI, you must convert it into the SDR quality.

Several other improvements are planned for the Instant Slow-Mo feature

Apart from support for HDR10+ videos, Samsung also has several other improvements planned for the Instant Slow-Mo feature. Soon, the brand will be adding “.mov” file editing support in the built-in video editor of the Gallery app.

Also, you will soon be able to directly share the Instant Slow-Mo footage of any video by hitting the Share button. As of now, it is not possible as you first have to export the footage in order to share it with others.


[ad_2]
Source link

Google’s $2.3 Million Check to DOJ Ends Antitrust Jury Trial, But Case Continues

andreasc
-
0
Google’s $2.3 Million Check to DOJ Ends Antitrust Jury Trial, But Case Continues
[ad_1]

In an interesting turn of events, Google is not going to face a jury trial in the antitrust lawsuit brought by the US government. Reuters reports that the search engine giant has paid back the full amount of monetary damages sought by the Department of Justice in the lawsuit.

Google pays back the monetary damages sought by the DOJ to avoid jury trial

The antitrust lawsuit by the Department of Justice and eight states in the US sought to break up the search titan’s alleged ad tech monopoly. The Justice Department set a damages claim in the lawsuit and sought a trial by jury. However, Reuters reports that a jury trial won’t take place as Google filed a copy of a $2.3 million check. It will be enough to cover the monetary damages sought by the government three times, including interest, if necessary.

It’s worth mentioning that the US government initially claimed over $100 million in damages in the lawsuit. However, the Justice Department later requested less than $1 million while seeking a jury trial.

Google has allegedly paid the monetary damages without admitting any liability or wrongdoing. ”Contrived damages claim has disintegrated,” the company said in a statement on Friday, calling the case a ”meritless attempt to pick winners and losers in a highly competitive industry”, adds the report.

The bench trial is scheduled for September 9th

The US District Judge Leonie Brinkema in Alexandria, Virginia ruled on the matter on Friday. She has now set a non-jury bench trial for the lawsuit, which will take place on September 9th. Now, she will hear arguments from both parties directly to decide further on the case.

For the uninitiated, the DOJ and an alliance of states filed a lawsuit against Google last year. The lawsuit claimed that the search titan was unlawfully monopolizing the digital advertising market, apart from overcharging users. The case wants to end the company’s alleged dominance in the digital advertising business to allow for more competition.


[ad_2]
Source link

Little known feature quickly compares Apple Maps route with one created by Google Maps

andreasc
-
0
Little known feature quickly compares Apple Maps route with one created by Google Maps
[ad_1]
If there is one thing that iPhone users have that Android phone owners don’t, it is access to both Apple Maps and Google Maps. Apple Maps has matured over the last few years and there are some iPhone users who prefer it over Google Maps. And since Apple Maps is preinstalled on iOS, iPhone users needing directions probably find it easier to just open Apple Maps as opposed to running to the App Store and installing the iOS version of Google Maps.

As long as we are being cerebral about this, we can take an even deeper dive. Those switching to the iPhone from Android will probably install Google Maps since they are familiar with the app. Ditto for those who have been ping-ponging between iOS and Android multiple times. Suppose you wanted to compare the routes suggested by both Google Maps and Apple Maps for your journey to see if one of the two apps had some quicker way to get to your destination.

Let’s say you plan on driving from Salem, Mass. to the Apple Store in Fifth Avenue in New York City. Enter this information in Apple Maps and tap on the fastest option. Do not press on “GO.” You will see a page labeled Details that shows each turn that you will make. Scroll down to the bottom of the page and on the bottom right corner, you will tap on Share. You will then see two options available, Routing Apps and Print. Tap on Routing Apps to see all of the other navigation apps installed on your phone and a list of others available from the App Store.

Without having to retype the destination, you can compare directions suggested by Apple Maps to those chosen by Google Maps - Little known feature quickly compares Apple Maps route with one created by Google Maps

Without having to retype the destination, you can compare directions suggested by Apple Maps to those chosen by Google Maps

If you have Google Maps downloaded on your iPhone, you will see it at the top of the screen. Tap on “Open” and you will see the journey from Salem Mass. to the Big Apple’s Fifth Avenue Apple Store via Google Maps which shows a time of five hours and 9 minutes. Using the Recent Apps carousel, you can return to Apple Maps to find that it’s journey to the Fifth Avenue Apple Store will take you five hours and 21 minutes. But since both apps show the trip covering 228 miles, it is likely that the directions are the exact same. There is a slight difference in presentation; while Google Maps clearly shows that there are a couple of accidents along the way, Apple Maps shows an unexplained slowdown at those two locations.

Knowing that you can easily compare the navigation directions between Apple Maps and Google Maps without having to retype the destination address makes this a feature worth knowing about. In this case, comparing Apple Maps and Google Maps showed that the latter was 12 minutes faster. But since the mileage for the journey was exactly the same 228 miles for both apps, it is more likely that the time difference comes down to the two accidents and how long each app computes that it will take to clear the road. In other words, you can use either app and have the same driving experience.

Another reason for using this has to do with Apple Messages. If you were sent an address through Messages, clicking on the address link will open up the journey to that location using Apple Maps by default. Knowing the procedure that we explained to you in this story, you can quickly open Google Maps’ navigation to the same location and again, do it without having to retype the destination address.


[ad_2]
Source link

New Phishing Campaign Uses Stealthy JPGs to Drop Agent Tesla

andreasc
-
0
New Phishing Campaign Uses Stealthy JPGs to Drop Agent Tesla
[ad_1]

Spanish speakers beware! A new campaign using the Agent Tesla RAT targets Spanish-speaking individuals. Learn how to protect yourself from this and other malware attacks.

FortiGuard Labs has discovered a phishing campaign targeting Spanish-speaking individuals to spread a new Agent Tesla malware variant. The campaign uses various techniques to target Windows-based systems and deliver the core module, including MS Office vulnerabilities, JavaScript code, PowerShell code, and fileless modules, wrote FortiGuard Labs’ researcher Xiapeng Zhang in their report.

Here is how the attack works:

A Spanish-language phishing email posing as a SWIFT transfer notification from a large financial institution is sent to MS Windows users. The email, translated into English, appears to be a message with a disguised Excel attachment in OLE format with crafted embedded data that exploits the CVE-2017-0199 vulnerability. 

The attachment contains an embedded OLE hyperlink, opened automatically once the victim starts the Excel file. Later, it automatically downloads an RTF document, which is opened by the Word program.

New Phishing Campaign Uses Stealthy JPGs to Drop Agent Tesla
The phishing email and the embedded OLE hyperlink to an online RTF document (Credit: FortiGuard Labs)

Another vulnerability exploited in this attack is CVE-2017-11882, a Remote Code Execution vulnerability in Microsoft Office’s Equation Editor component, allowing attackers to execute arbitrary code on a victim’s computer by overriding a return address in the stack.

This Agent Tesla variant is a powerful, versatile 32-bit, .NET-based Remote Access Trojan (RAT) granting attackers complete control over infected devices.  Once installed, it can steal sensitive information from 80 software applications, focusing on login credentials, banking details, and email contacts.

Additionally, it checks if the email client is Thunderbird, cookies from a wide range of web browsers such as Chromium-based and Mozilla-based browsers, system clipboard data, computer name, OS/CPU/RAM information, and saved credentials. It can also spy on you by capturing keystrokes and screenshots. The malware is assigned a critical severity level. 

As per the report published by FortiGuard Labs, the Agent Tesla core module is a fileless module downloaded by a malicious JavaScript base64-encoded Powershell code as a normal JPG file from this URL: 

uploaddeimagens[.]com[.]br/images/004/773/812/original/js.jpg?1713882778.

This module is never saved in the local folder, making it difficult for researchers to detect. Surprisingly, this variant uses FTP protocol for data submission, unlike past variants that used HTTP POST and SMTP protocols.

Moreover, it “detects whether it’s running in an analysis environment, like sandboxes, virtual machines, etc., or where there is AV software running, like Avast, Comodo, etc.,” Zhang noted.

To stay protected, be cautious of phishing emails, update the operating system regularly, use strong passwords, and invest in reputable anti-malware solutions.

  1. Agent Tesla, Taskun Malware Targeting US Education Orgs
  2. Agent Tesla variant steals passwords from, browsers, VPNs
  3. Konni RAT Exploiting Word Docs to Steal Data from Windows
  4. Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs
  5. Hackers Use Word documents to drop NetSupport Manager RAT

[ad_2]
Source link

Outstanding noise cancelling on a budget

andreasc
-
0
Outstanding noise cancelling on a budget
[ad_1]

Huawei has been releasing impressive earphones for years. The company’s latest entry is a mid-range pair of earbuds, the Huawei FreeBuds 6i, which I’m here to review. I’ve been using these earbuds for well over two weeks at this point, and I have to say… they’re good. The Huawei FreeBuds 6i earbuds are basically everything you’ll need in the audio aspect, as long as you’re not too demanding on the audio output front. I’m getting ahead of myself, though, of course. We’ll take things one step at a time, and check out the design of these earbuds first. We’ll follow that with the sound quality, and everything that entails, and so on. There’s plenty to talk about, of course, so let’s get down to it.

Table of contents

Huawei FreeBuds 6i Review: Hardware / Design

The Huawei FreeBuds 6i comes in three color options, Black, Purple, and White. I’ve had the chance to use the latter, the white model. All color variants are made out of plastic, but not all of them have the same finish. The white model I’ve used comes with a glossy plastic finish, which is not my favorite, to say the least. The fact that the case is white-colored does help, however, as it hides fingerprints really well. I believe the other two color options have a matte finish on the outside, at least as far as the case is concerned.

The charging case is small, and that’s great

With that being said, the build quality is really good. The case doesn’t feel cheap despite glossy plastic, and neither do the earbuds themselves. The lid is also well-made, nothing creaks, and everything feels solid. The case has an LED indicator on the outside which signalizes the battery level of the earbuds themselves, and the case. It’ll show you the level of the earbuds when they’re in, and the battery level of the case when they’re out. This is not only a carrying case, but a charging case too. Speaking of which, it’s very small, which is great. It is smaller than the case for Huawei’s flagship Huawei FreeBuds Pro 3 earbuds.

AH Huawei FreeBuds 6i image 5

You’ll be charging the charging case via the Type-C port at the bottom

The case also has a Type-C port at the bottom, for charging. It does not support wireless charging, however, so keep that in mind. It has a pebble shape, and I simply love that, and its size. The earbuds themselves, on the other hand, are smaller than the FreeBuds 5i. Noticeably smaller, actually, in terms of the stem. That’s great. They have a touchpad on the side, for music control, and it works great, but we’ll talk more about that later on. You also get several different sizes of silicone tips, in case the ones that come pre-installed don’t fit your ears. You can mix and match too if needed, of course.

AH Huawei FreeBuds 6i image 8

Both the earbuds and the case are quite light

Both the case and the earbuds themselves are very light. Each earbud weighs 0.3 grams, while the case weighs 1 gram. The case measures 48.2 x 61.8 x 27mm, while each of the two earbuds measures 31.4 x 21.3 x 23.7mm. All in all, the build quality is really good, there’s really not much to complain about here.

Huawei FreeBuds 6i Review: Sound & Call Quality

The Huawei FreeBuds 6i earbuds come with an 11mm quad-magnet dynamic driver. They have a frequency response range from 14Hz to 40Hz. The specs are not bad at all, and the sound is actually good overall, but… it’s not great. In other words, you’ll get what you pay for here, that’s for sure, but don’t expect these to compete with the premium offerings out there… like Huawei’s FreeBuds Pro 3, for example.

The music output is… not the best, but it’s not bad at all

What do I mean exactly? Well, the sound is a bit flat compared to the Huawei FreeBuds Pro 3. That is my initial point of comparison, of course. Don’t take that the wrong way, though. It’s not bad, not at all, I’m just taking a point of reference. The vast majority of people will be happy with the output but don’t expect to get a ton of tiny details in songs. There’s also not much bass here. You can improve things via the AI Life app we’ll talk about, via dedicated sound profiles, but the difference is not that big. The bass preset didn’t really make much of a difference. I was able to boost the vocals that way, however.

AH Huawei FreeBuds 6i image 43

These earbuds have oustanding noise cancelling, and are great for listening to podcasts

The Huawei FreeBuds 6i are great for listening to podcasts, for example, but they’re not the best option for music. If you compare them to earbuds that are on the same price level, however, well, they become more viable in the songs department too. As I said, they’re not bad, at all, as long as you’re not nitpicky about audio, and you didn’t get used to a more premium sound experience.

Where they do shine is active noise cancellation. These earbuds can dynamically boost noise cancellation based on the environment you’re in. They did a fantastic job even when I was in a very noisy coffee shop, and near a very busy road. To be quite honest, I was a bit surprised in that regard. They did a better job in terms of ANC than some much more expensive earbuds I’ve used over the years.

They’re also great for voice calls

What about phone calls? This is another section in which these earbuds shine. The Huawei FreeBuds 6i earbuds have a triple microphone setup on them. They can also push out the noise in the background and focus on your voice thanks to some AI, and that worked really, really well. In most situations, they were able to push out the background noise and people I’ve talked to didn’t have any complaints. They work even better in quieter environments. I was also able to hear people I talked to clearly, and used ANC when I was in noisier environments, so there was no issue there, none whatsoever. These earbuds are fantastic for voice calls if you ask me.

Touch controls work as intended

Each of the two earbuds has a touch section on them which reacts to finger taps. That way you can control the music that is playing on your phone, or whatever else you’re listening to. By default, you can double-tap to play or pause, on either earbud. Triple tapping will move you to the next song, and that also goes for both earbuds. If you press and hold, you’ll be able to cycle through noise control options. So you can choose between normal, noise canceling, and awareness modes. Swiping across the touch pads controls the volume, you can increase or decrease it.

AH Huawei FreeBuds 6i image 13

Now, do note that you can change most of those actions in the AI Life app. You can set the left earbud, for example, to go back a song when you triple-tap it, instead of moving you forward. What you can’t change is the press and hold and swipe options, those are set in stone, basically.

You are probably wondering if the touch pads work as intended, though. The answer to that question is… yes, very much so. They’re very responsive, so that’s not an issue whatsoever. All you need is to tap on the upper portion of the earbud step, and you’ll get the action you want. That was an issue on some models in the past, but it no longer is. I was able to get it right basically every time, which is great. So, no complaints here, none whatsoever.

Huawei FreeBuds 6i Review: Battery

There is a 55mAh battery included in each of these two earbuds. The charging case has a 5,100mAh battery on the inside. You can get about four full charges out of the case, which is not bad at all. What is not the best, however, is the battery life of the earbuds themselves, unfortunately. I left the dynamic ANC mode on for a full cycle, and that provided me with 4 hours of battery life. Needless to say, that’s not the best. I’ve used earbuds with worse ANC battery life, of course, but this is definitely not the best considering the competition. If you do turn off ANC, you can go up to around 6 hours. Though it will all depend of course. Realistically, if you use ANC only sometimes, you can get 5 hours of battery life, that’s not a problem.

AH Huawei FreeBuds 6i image 39

The battery life is not the best, but it’ll likely be more than enough for most of you

Now, this may not seem the best on paper, but truth be said, it doesn’t matter all that much. Why? Well, chances are that the vast majority of you won’t use these earbuds with ANC on for over 4 hours straight. If that is the case, then I understand the problem. However, the vast majority of you will not, and that makes it a non-issue, basically. They can fully charge in around 40 minutes in the charging case, by the way, which is not slow at all. The charging case itself takes around an hour to fully charge. By the way, it charges via a Type-C cable, wireless charging is not supported.

Huawei FreeBuds 6i Review: Software

It’s worth saying that you don’t need to install Huawei’s app in order to use these earbuds. We strongly recommend you do that, however. Why? Well, you can’t customize the touch gestures without the app, and the same goes for audio output modes. The AI Life app does give you the ability to do that. If you use a non-Huawei smartphone, you’ll need to get the AppGallery from the official website, and once it installs, you’ll be able to get the AI Life app from it. AI Life is not available in the Google Play Store. You can, alternatively, sideload the APK from an APK repository, of course.

Touch controls are customizable

I’ve already talked about touch controls earlier in the article. Well, this APK allows you to customize the vast majority of them. You should use these, as they work exceptionally well, so adjusting them to fit your usage is a smart move. Using audio modes is also not a bad idea, as some of them will do a good job of adjusting the output. These are not the best-sounding earbuds out there, so you can improve the audio output this way. Some will work better than others, but still, the app gives you the ability to access them and play around with them. Some additional settings are also available, of course.

Huawei FreeBuds 6i: Should you buy it?

Are the Huawei FreeBuds 6i earbuds a good purchase at their price tag? Well, yes, but they’re not for everyone, of course. These earbuds are class-leading as far as active noise cancellation (ANC) goes. What I mean by that is you likely won’t find a pair of earbuds with a similar price tag to have such great noise canceling. They’re also great for podcasts, and voice calling. The music playback is not the best, though it’s not bad, just don’t expect a flagship-like performance. The battery life could also be better, but chances are this will be more than enough for most of you. As long as you’re not planning on using these earbuds for more than 4 hours with ANC on you’ll be good to go. They have a great design and a very compact charging case. I can easily recommend them, to be quite honest, as even the tradeoffs made here are not that big. As long as you’re not an audiophile, chances are you’ll be happy with what they have to offer.

AH Huawei FreeBuds 6i image 17

You should buy the Huawei FreeBuds 6i if you:

…are on a budget, and can’t get the top-end pair
…need great active noise cancelling
…don’t like large carrying/charging cases for earbuds
…listen to a lot of podcasts, and like to talk via your earbuds
…use touch gestures a lot

You shouldn’t buy the Huawei FreeBuds 6i if you:

…want the absolute best battery life earbuds can provide
…are used to outstanding music playback


[ad_2]
Source link

Aussie Food Giant Patties Foods Leaks Trove of Data

andreasc
-
0
Aussie Food Giant Patties Foods Leaks Trove of Data
[ad_1]

Data leak at Australian fast food giant Patties Foods exposes critical customer data! Learn what information may be exposed, the potential risks, and what you can do to protect yourself if you’re a customer.

Leading Australian food service provider and fast-food giant Patties Foods, is facing a data leak controversy after Website Planet reported exposure of sensitive customer information due to an unprotected database.

Reportedly, cybersecurity researcher Jeremiah Fowler discovered two non-password-protected databases containing 524,000 documents belonging to Patties Foods Limited, a renowned producer of edible products such as meat pies, sausage rolls, frozen fruits, etc. 

The first database exposed a logging server with 496,296 records, including system errors, warnings, indexing operations, search queries, and cluster health status. The second exposed a separate cloud storage database with 25,800 invoices and distribution records in.pdf and.xls formats. Exposed internal logging records also contained project management software Jira’s support tickets, with information on issues and support requests’ status.

Further probing revealed that the IP address was managed by Provenio.ai, which facilitates AI-powered productivity for Australian companies’ supply chain back-office. Fowler sent a responsible disclosure to Provenio, and the company restricted access to both databases within two hours, thanked him and confirmed they were taking this incident “very seriously.”

The exposed databases contained a vast amount of information, including vendor, contact, email, invoices amounting to a “significant sum,” and banking details like account numbers, invoice amount, supplier number and name, invoice number and amount, approval code, communication between Patties and Provenio, and employee names, which could be valuable information for cybercriminals. 

Database Mess Up: Aussie Food Giant Patties Foods Leaks Trove of Data
Screenshot from the leaked data provided to Hackread.com by WebsitePlanet.

The duration of the exposure and potential access to these records remain unknown. However, if unauthorized access occurs, the information can put consumers at risk of scams like invoice fraud, which involves the manipulation of invoices to deceive businesses. Furthermore, criminals can exploit data leaks to launch fraudulent schemes by using non-public internal information, such as billing details and contact information.

In a statement to Hackread.com, Patties Foods confirmed that the leaked information was not maliciously accessed in any way.

“We have been notified by ProvenioAI, one of our third-party suppliers, that there was a temporary exposure to some of their systems which was quickly resolved. According to ProvenioAI, there has been no breach or no evidence that information has been maliciously accessed. We take cyber security extremely seriously and are working closely with ProvenioAI to ensure all data remains secure. We can confirm there has been no breach to Patties Food Group’s systems and there is no cause for concern.’’

Patties Foods

By exploiting a company’s trust in its vendors, criminals can deceive businesses into making unwarranted payments. The presence of spreadsheets and invoices containing fleet and transportation information could provide criminals with additional inside information to enable fraudulent activities.

This incident occurred at a time when the Australian Cyber Security Centre (ACCC) warned about the risk of invoice scams targeting citizens by sending victims altered payment requests. In 2023, Australians reported losing $16.2 million to payment redirection scams.

Patties Foods customers should monitor their bank statements for suspicious activity, especially credit card transactions, change passwords for accounts used at the store, and be cautious of phishing attempts through unsolicited emails.

  1. Aussie Travel Agency Data Leak Puts Tourists at Risk
  2. Hackers Demand Ransom from Hacked Aussie Food Company
  3. User data exposed in Australia’s 2nd-largest telecom firm breach
  4. Aussie govt emergency service hacked to send fake warning alerts
  5. Aussie Defence Force Communications Service Hit by Ransomware Attack

[ad_2]
Source link

Google will start deleting location history

andreasc
-
0
Google will start deleting location history
[ad_1]

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from “Timeline”—the feature that, previously named “Location History,” tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they’ve been in the past.

In an email, Google told users that they will have until December 1, 2024 to save all travels to their mobile devices before the company starts deleting old data. If you use this feature, that means you have about five months before losing your location history.

Moving forward, Google will link the Location information to the devices you use, rather than to the user account(s). And, instead of backing up your data to the cloud, Google will soon start to store it locally on the device.

As I pointed out years ago, Location History allowed me to “spy” on my wife’s whereabouts without having to install anything on her phone. After some digging, I learned that my Google account was added to my wife’s phone’s accounts when I logged in on the Play Store on her phone. The extra account this created on her phone was not removed when I logged out after noticing the tracking issue.

That issue should be solved by implementing this new policy. (Let’s remember, though, that this is an issue that Google formerly considered a feature rather than a problem.)

Once effective, unless you take action and enable the new Timeline settings by December 1, Google will attempt to move the past 90 days of your travel history to the first device you sign in to your Google account on. If you want to keep using Timeline:

  • Open Google Maps on your device.
  • Tap your profile picture (or initial) in the upper right corner.
  • Choose Your Timeline.
  • Select whether to keep you want to keep your location data until you manually delete it or have Google auto-delete it after 3, 18, or 36 months.

In April of 2023, Google Play launched a series of initiatives that gives users control over the way that separate, third-party apps stored data about them. This was seemingly done because Google wanted to increase transparency and control mechanisms for people to control how apps would collect and use their data.

With the latest announcement, it appears that Google is finally tackling its own apps.

Only recently, Google agreed to purge billions of records containing personal information collected from more than 136 million people in the US surfing the internet using its Chrome web browser. But this was part of a settlement in a lawsuit accusing the search giant of illegal surveillance.

It’s nice to see the needle move in the good direction for a change. As Bruce Schneier pointed out in his article Online Privacy and Overfishing:

“Each successive generation of the public is accustomed to the privacy status quo of their youth. What seems normal to us in the security community is whatever was commonplace at the beginning of our careers.”

This has led us all to a world where we don’t even have the expectation of privacy anymore when it comes to what we do online or when using modern technology in general.

If you want to take firmer control over how your location is tracked and shared, we recommend reading How to turn off location tracking on Android.

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.


[ad_2]
Source link

Free Magic Editor reaching more Google Pixel & Galaxy devices

andreasc
-
0
Free Magic Editor reaching more Google Pixel & Galaxy devices
[ad_1]

The rollout of the free version of Magic Editor is already reaching a wider audience, starting with users of Samsung Galaxy devices and older Pixel models. Magic Editor is a tool integrated into the Google Photos app. It brings powerful editing capabilities thanks to the power of generative AI.

Magic Editor rolling out widely to older Pixel and Samsung Galaxy devices

Magic Editor debuted with the Google Pixel 8 series in October 2023. This April, the company confirmed that it would be available to all Google Photos users soon. The rollout for Pixel devices of previous generations began in mid-May, but it was staggered. Now, the company is expanding the rollout not only to more Pixel models, but also to Samsung devices.

Once it is available on your device, you can access Magic Editor after opening an image in the Google Photos app, tapping on “Edit,” and then on the purple icon located in the lower left area of the UI (above the “Cancel” button). The feature uses generative AI to modify elements in an image (change their placement, size, etc.), remove them, and fill in missing areas. There are also extra possibilities like editing the sky and more.

It’s noteworthy that there are usage limitations for non-Pixel devices. For example, on your Samsung phone, you can only save up to 10 edits per month. However, you can remove this limitation if you pay for a Google One plan. On the other hand, Pixel device users can enjoy unlimited edits.

Magic Eraser and other editing options now free for everyone

Although both are AI-powered features, Magic Editor and Magic Eraser are two different ones. As its name suggests, Magic Eraser is focused on removing elements from an image. On the other hand, Magic Editor can also do this, but it adds multiple other possibilities. Magic Eraser was one of those options locked behind a paywall, requiring purchasing a Google One plan to use it.

That said, this option is now available for free, and not just for Pixel and Samsung users. Currently, Magic Eraser is free-to-use on my Nothing Phone (2), along with other options that were previously also paid. These include Sky suggestions, Color pop, Color focus and HDR effect, among others. However, Magic Editor is not yet available on my device. The good side of Magic Eraser is that it has no usage limit even for free users. So, it’s great to have it available without the requirement of a Google One paid plan.


[ad_2]
Source link
1...163164165...1,471Page 164 of 1,471