6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

andreasc
-
0
6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers
[ad_1]

The software supply chain is filled with various challenges, such as untracked security vulnerabilities in open-source components and inconsistent update uptake. 

The lighttpd vulnerability was silently fixed in 2018 without any CVE assignment in a single instance of vulnerability detection.

As a result, critical security patches are often lost on downstream software that relies on these elements.

Consequently, it is very difficult to trace every modification for possible problems without designated security advisories and CVE assignments, which creates gaps in vulnerability management across the supply chain.

Binary cybersecurity researchers recently discovered that Lighttpd, a 6-year-old security flaw, has impacted Intel and Lenovo servers.

6-year-old Lighttpd Flaw

While studying BMC safety, Binarly encountered a heap out-of-bounds read vulnerability (BRLY-2024-002) in the Lighttpd module of a discontinued Intel Server System product. 

The unpatched flaw, which was fixed silently multiple years ago without CVE, would not be addressed as it was no longer under support. 

This complexity and insecurity of firmware and software supply chains are well illustrated by the existence of vulnerabilities in third-party components that are left isolated for years, leading to long-term risks with destructing consequences for different sectors. 

Document
Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

While the expected life cycle reactions make sense, there is an underlying issue regarding ungoverned exposures in the supply chain that needs to be addressed promptly by taking proactive measures.

The finding also shows contradictions in the firmware supply chain, as some of the latest versions contain outdated third-party components that create additional risks for users.

Further research confirmed that Lenovo BMC firmware for HX3710, HX3710-F, and HX2710-E servers was similarly affected by this vulnerability.

Like Intel, their response noted that these servers had become end-of-life, making it difficult to release future security updates.

Coverages (Source – Binarly)

This situation highlights a more general problem of unpatched vulnerabilities in older products caused by the complexity of firmware supply chains and lifecycle management.

The silent fix does not include an advisory or CVE identifier to facilitate patch management processes that further complicate the problem. 

No prompt, significant information on security fixes makes effective handling of firmware and software supply chains impossible. 

Binary assigned identifiers BRLY-2024-002 and BRLY-2024-003 for the affected Intel and Lenovo BMC firmware, while BRLY-2024-004 was given to the vulnerable Lighttpd build.

This indicates that better vulnerability disclosure and coordination are required across the complicated supply chain ecosystem.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.


[ad_2]
Source link

Google Pixel 8a Leaks in all 4 colors

andreasc
-
0
Google Pixel 8a Leaks in all 4 colors
[ad_1]

This is the Google Pixel 8a.

The Google Pixel 8a will come in four colors: Obsidian, Mint, Porcelain, and Bay. These are all colors we’ve seen before on previous Pixel models; in fact, the Pixel 6a came in Mint, while the Pixel 8 Pro came in Bay. The Pixel 8a is expected to be announced at Google I/O in May and will be available shortly after that.

It appears that the Pixel 8a will be very close to the design of the Pixel 8 released last fall. Complete with a matte-textured back. We’re expecting the Google Pixel 8a to sport a 6.1-inch FHD+ 90Hz display once again, with the Tensor G3 processor that debuted in the Pixel 8 last fall, along with a 4,500mAh capacity battery. The camera front should include a 64-megapixel main camera and a 13-megapixel ultrawide sensor. Google massively upgraded the cameras on the Pixel 7a last year, so we don’t expect to see any major hardware upgrades for the cameras this year.

Releasing at Google I/O

For the most part, Google’s Pixel A-series has always been released at Google I/O in May, except for the Pixel 4a and 5a, which were a bit delayed due to the pandemic. However, the Pixel 6a and Pixel 7a were released at Google I/O in 2022 and 2023. So, we’re expecting the same thing for the Pixel 8a this time around.

Last year, we did see a price increase for the Pixel 7a, which brought it closer to the price of the Pixel 8. The Pixel 7a’s MSRP is $499; we’d expect the price to either stay the same or go up to $549. In the past few years, Google has been increasing its prices by $50 each year for the a-series. Things are set to take a turn this fall, with Google reportedly launching three Pixel 9 models: Pixel 9, Pixel 9 Pro, and Pixel 9 Pro XL. So it’s possible that Google could keep the Pixel 8a under $500, which would be an incredible value.


[ad_2]
Source link

Huawei’s new MateBook X Pro 2024 ultrabook is ‘lighter than light’

andreasc
-
0
Huawei’s new MateBook X Pro 2024 ultrabook is ‘lighter than light’
[ad_1]

Huawei has announced a new ultrabook in its homeland, the MateBook X Pro 2024. This device was announced in China, though it will likely be coming to way more markets. That was the case with its predecessors, at least.

This is the most powerful laptop Huawei will announce this year. The Matebook X Pro series is the company’s top-end lineup. This laptop has a sizzling price tag, but it also has a lot to offer.

The Huawei MateBook X Pro 2024 is lighter than basically all of its direct competitors

The Huawei MateBook X Pro 2024 weighs only 980 grams (2.16lbs). It is 30% lighter than last year’s model, and that one was quite light. On top of that, the laptop is very thin at only 13.5mm when folded. Huawei’s CEO actually said that the device is “lighter than light”.

This laptop has a 14.2-inch display and weighs 980 grams (2.16lbs). For comparison’s sake, the Apple MacBook Pro has a 14.2-inch display too, and weighs 1.55kg (3.4lbs) to 1.62kg (3.6lbs), depending on the model. Huawei’s new ultrabook is even lighter than a 13-inch MacBook Air which weighs 1.24kg (2.7lbs).

Despite its lightweight and thin design, this ultrabook has a lot to offer. The new Intel Ultra 9 (185H) chip is included, and it’s 60% faster than the Core i7 (1360P) that was included in the previous model.

Its top-end configuration includes the Intel Ultra 9 SoC

Do note that the Intel Ultra 9 chip is included in the top-end model, the more affordable variant comes with the Intel Ultra 7 (155H) chip, which is also quite powerful. Both 16GB RAM and 32GB RAM models are available, and the storage goes from 1 to 2TB, depending on the model.

A 14.2-inch 3120 x 2080 display is included, and it supports touch input up to 10 fingers. It is an OLED display with 120Hz support, and its brightness goes up to 1,000 nits, which is outstanding for a laptop.

140W charging is also supported here, and it goes through a USB-C port

A truly gigantic trackpad is included, and a 70Wh Li-Po battery. The Huawei MateBook X Pro 2024 also supports 140W fast charging. Needless to say, that will get it up and running in no time. You’ll be charging it via a USB-C port.

There are two Thunderbolt 4 ports included as well, while Wi-Fi 6 (ax) and Bluetooth 5.3 are supported. There are four microphones here, and 6 speakers.

The Huawei MateBook X Pro 2024 comes in Inkstone Black, White, and Clear Blue Snow colors. Its pricing starts at CNY11,000 ($1,520), and goes up to CNY15,000 ($2,073) for the top-end model.

As mentioned already, the device will likely be making its way to more markets in the near future.


[ad_2]
Source link

TikTok tests AI ad creators: Are virtual influencers on the horizon?

andreasc
-
0
TikTok tests AI ad creators: Are virtual influencers on the horizon?
[ad_1]

If you have been following tech news, you have probably noticed that artificial intelligence (AI) is everywhere these days. Tech companies are all about integrating AI into their products and services, and social media platforms are right there with them. Take TikTok, for example – it is testing AI for ads, where AI-powered avatars could soon be making sponsored content for brands.

AI vs human influencers


The tech and business news outlet The Information (via The Verge) says that TikTok is planning to add an AI creator feature that could compete with the ads made by human influencers on the platform.


The idea is for TikTok to develop virtual influencers who can promote and sell products on the platform. These AI avatars would use scripts written by advertisers or sellers from TikTok Shop. However, it is still early days, and the feature isn’t live yet, so it might change as the company tests things out.


The Information’s sources have said that TikTok’s team has tested these AI avatars but found they are not quite ready to go live and haven’t pulled in as many e-commerce sales as human influencers. However, TikTok thinks these AI creators could still work well alongside their human creators.

What does this mean for TikTok’s human creators?


It is still a big question how TikTok will manage the money side of things, like how it will split sponsorship dollars between virtual influencers and real ones or how it will make sure that using AI doesn’t take away opportunities from real people.


If TikTok decides to roll this out, it will need to be careful not to upset its users, especially since it just asked them to help fight off a potential ban by Congress in the US. 

In March 2024, the US House of Representatives passed a bill titled the “Protecting Americans from Foreign Adversary Controlled Applications Act.” This legislation aims to compel ByteDance, the China-based parent company of TikTok, to sell its US operations. If ByteDance fails to comply, TikTok could face a ban from US app stores and might even be completely blocked from operating in the US.

[ad_2]
Source link

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

andreasc
-
0
DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN
[ad_1]

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user privacy across the web.

This innovative offering combines a VPN service with additional privacy features integrated into DuckDuckGo’s existing privacy-focused browser.

A Closer Look at Privacy Pro’s Features

DuckDuckGo’s Privacy Pro is not just another VPN.

It’s a comprehensive privacy solution that protects users from various online threats.

Here’s what subscribers can expect:

Privacy Pro includes an anonymous VPN service built for speed, security, and simplicity.

Users can secure their internet connection with just one click, effectively hiding their location and device IP address from the sites they visit.

The VPN offers full-device coverage and can be used simultaneously on up to five devices.

In addition to the VPN, Privacy Proactively seeks out and removes users’ details from data broker sites.

Document
Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

These sites are known for storing and selling personal information, which can lead to identity theft and unwanted spam.

By removing this information, Privacy Pro helps users take control of their digital footprint.

Spread Privacy, a leading online privacy website, recently published a blog post announcing the launch of DuckDuckGo’s Privacy Pro. This 3-in-1 service includes a Virtual Private Network (VPN) and other privacy features.

Should the worst happen and a user’s identity be stolen, Privacy Pro provides a dedicated advisor to assist in restoring stolen accounts, recovering financial losses, and correcting credit reports.

This level of support is a significant addition to the service, offering peace of mind in the face of identity theft.

non-logging VPN secures your Internet connection on up to five devices at once
non-logging VPN secures your Internet connection on up to five devices at once

DuckDuckGo has priced Privacy Pro competitively at $9.99 per month or $99.99 per year.

Since obtaining these services separately could cost over $30 per month, Privacy Pro offers significant savings.

It’s a strategic move that positions DuckDuckGo as a cost-effective option in the privacy service market.

Comparison With Other Services

Compared to other privacy services, DuckDuckGo’s Privacy Pro stands out for integrating multiple privacy tools into one platform.

Most VPN services do not offer additional features like personal information removal or identity theft restoration.

Furthermore, DuckDuckGo’s commitment to not logging or storing data that can connect users to their online activity sets it apart from competitors who may not have such stringent privacy policies.

Identity Theft Restoration is standing by to help

Currently, Privacy Pro is available exclusively to residents of the United States.

However, DuckDuckGo has plans to expand the service to other regions in the future. Interested users can sign up at duckduckgo.com/pro.

DuckDuckGo’s unwavering commitment to user privacy is at the core of Privacy Pro.

Privacy Pro is designed with data minimization in mind. It ensures that users’ VPN activities are not logged and cannot be tied to their identities or other activities on DuckDuckGo.

With the launch of Privacy Pro, DuckDuckGo continues to build on its reputation as a privacy-centric company.

By offering a multi-faceted service that goes beyond the capabilities of a standard VPN, DuckDuckGo is providing users with a powerful tool to protect their online privacy.

As digital threats evolve, services like Privacy Pro could become essential for internet users who value privacy and security.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.


[ad_2]
Source link

5 Best CAPTCHA Plugins for WordPress Websites

andreasc
-
0
5 Best CAPTCHA Plugins for WordPress Websites
[ad_1]
5 Best CAPTCHA Plugins for WordPress Websites

As of 2024, the internet hosts over 1.89 billion websites, with approximately 835 million utilizing WordPress as their Content Management System (CMS). This represents about 43.3% of all websites globally.

Not only do these stats represent the expanding reach of the internet, but they also make WordPress a lucrative target for cybercriminals and spammers. While WordPress security tips are widely discussed to keep cybercriminals at bay, spamming is something not every website owner, especially newbies, is familiar with.

In this article, we will discuss five CAPTCHA solutions for WordPress and how a CAPTCHA plugin works.

Here’s an updated list of five effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities:

  1. Captcha Plus: This plugin offers multiple CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) options, including image-based, math-based, and Google reCAPTCHA. It’s known for its high performance and ease of customization, although it may be a bit overwhelming for beginners.
  2. Google reCAPTCHA: Perhaps the most well-known, this plugin uses advanced technology to differentiate humans from bots without disrupting the user experience. It’s seamlessly integrated into your forms and is supported by major form builders like WPForms.
  3. Really Simple CAPTCHA: As the name suggests, this plugin keeps it straightforward. It’s not as feature-rich as others, but it’s highly effective at blocking spam and is compatible with many form plugins​.
  4. hCaptcha: Offers a robust bot detection system and comes in both free and pro versions. The pro version includes advanced features like custom challenge creation and detailed analytics. It integrates well with a variety of forms and page builders, making it a versatile choice​.
  5. Securimage-WP: Great for those who prioritize a balance between strong security measures and maintaining user-friendliness. It integrates easily with popular form plugins like Contact Form 7 and Gravity Forms​.

Honorable Mention: Akismet Anti-spam: Spam Protection

Although not a CAPTCHA plugin, Akismet Anti-spam is a plugin designed to protect websites, particularly those using WordPress, from spam. Developed by Automattic, the same company behind WordPress.com, Akismet works by filtering out spam comments and form submissions.

It uses automated algorithms and community feedback to identify and block spam, helping keep websites clean and free from unwanted content. Akismet effectively reduces the time and effort needed to moderate spam, allowing website owners to focus on creating and managing content rather than dealing with spammy submissions.

How does a CAPTCHA plugin work

A CAPTCHA plugin works by presenting a challenge to website users to verify that they are human and not automated bots. Typically, this challenge involves completing a task that is easy for humans to do but difficult for bots to replicate, such as identifying distorted text, selecting certain images, or solving a simple puzzle.

The plugin then validates the user’s response, allowing access to the website if the challenge is completed correctly. This helps prevent automated bots from engaging in activities such as spamming forms, creating fake accounts, or launching malicious attacks on the website including DDoS attacks.

  1. New AI tool aims to make CAPTCHA a thing of the past
  2. Facebook captcha wants users to upload a clear photo of them
  3. Proton CAPTCHA: Privacy-First CAPTCHA Defense Against Bots

[ad_2]
Source link

Leica Leitz Phone 3 is official with 1-inch type camera sensor

andreasc
-
0
Leica Leitz Phone 3 is official with 1-inch type camera sensor
[ad_1]

The Leica Leitz Phone 3 is now official. As its name indicates, this is the third smartphone in the series. The last one was announced in 2022, while the first one arrived a year before that. Leica skipped 2023 entirely.

Yes, Leica collaborates with smartphone OEMs, primarily with Xiaomi these days. Still, the company does release its own smartphone from time to time. Its availability tends to be quite limited, though. This model is also made by Sharp, just like the previous ones.

The Leica Leitz Phone 3 will likely stay exclusive to its launch market

The Leica Leitz Phone 3 was announced in Japan, and it’s easily possible it’ll stay exclusive for that market. As you can see in the provided images, a flat display is used, with a centered display camera hole.

The sides of the phone are flat all over, while its corners are rounded. The backplate is slightly curved towards the sides. Speaking of which, that’s not glass on the back, but seemingly a more grippy material. We’re not sure what it is exactly, though.

It includes a 47.2-megapixel 1-inch Type sensor

The company used a 47.2-megapixel 1-inch Type sensor. It comes with a 19mm equivalent f/1.9 lens. On the front, you’ll find a 12.6-megapixel unit with an f/2.3 aperture lens and a 78-degree FoV.

The Snapdragon 8 Gen 2 SoC fuels this smartphone. This is quite interesting, as we expected the Snapdragon 8 Gen 3. Perhaps this phone was expected to launch last year? Who knows.

This handset also includes a 6.6-inch IGZO OLED display with a 2730 x 1260 resolution. It offers a 240Hz refresh rate, and its maximum brightness level is 2,000 nits.

A 5,000mAh battery is also included, and you also get access to expandable storage

Leica included 12GB of RAM inside the device, along with 512GB of expandable storage. A 5,000mAh battery is also a part of the package. Android 14 comes pre-installed here. The device is IP65/IP68 rated for water and dust resistance.

The phone does include some Leica tricks in the software, and it even includes a widget that alerts you an hour before sunset and after sunset so that you can take your best pictures. As you can see, a lens cam is also a part of the package.

This phone will go on sale in Japan in a week, on April 19. Don’t expect it to arrive in more markets, though.


[ad_2]
Source link

Best Buy announces Google-powered AI for customer service

andreasc
-
0
Best Buy announces Google-powered AI for customer service
[ad_1]

Best Buy announced plans to use artificial intelligence (AI) in new ways to improve the customer service experience. The retailer is working with partners Google Cloud and Accenture to develop AI-powered virtual agents. It is also developing tools to help customers and employees.

A key part of the strategy is the launch later this year of an AI assistant that customers can interact with online or over the phone. The generative AI-powered virtual agent will be able to troubleshoot technical issues, handle shipping changes, and manage subscriptions. Best Buy says it aims to resolve queries quickly and efficiently by understanding customer needs.

Best Buy will use Google’s generative AI models, such as Gemini, to develop customer virtual agents. Using Google Cloud’s Vertex AI platform, Best Buy will train and deploy these conversational agents.

Best Buy partners with Google Cloud to advance AI-driven service operations

For customer service agents, Best Buy will provide real-time AI-generated recommendations to guide conversations. The technology also analyzes past interactions to improve future guidance. This allows agents to focus on addressing unique customer needs, while standard questions are answered automatically.

According to Thomas Kurian, CEO of Google Cloud, early results show a 5% reduction in interaction time with greater data consistency. “Our collaboration with Best Buy will help customers better interact with the Best Buy brand and services, and employees will have more sophisticated tools to help customers,” he said in a blog post.

Store employees will also benefit from a new AI assistant accessible via mobile. It provides on-demand access to company policies, product resources and installation guides. The goal is to empower employees to better serve customers on the sales floor or in their homes.

In addition, Best Buy’s AI optimizes delivery logistics by suggesting more effective scheduling of truck routes and technician visits. With automated planning, the company believes it can fulfill more orders per day at a lower cost.


[ad_2]
Source link

Hiding the blue checkmark on X will no longer be an option

andreasc
-
0
Hiding the blue checkmark on X will no longer be an option
[ad_1]

Since buying Twitter and transforming it into X, Elon Musk and his team have been busy rolling out a bunch of new features such as video and audio calls or job listings, subscription plans, and other updates over the past year. Now, they’re making another change, though it’s a smaller one this time.Tech media outlet Engadget reported that X will soon stop letting users hide their blue verification checkmarks, whether they’re paying for a premium account or not. The app began telling users that the option to hide their checkmarks in X Premium will be removed soon.
This update follows a move where X started giving blue checkmarks to “influential” users who have at least 2,500 followers and subscribe to a premium plan.


Elon Musk says this change is supposed to be a perk, but not everyone’s happy about it. Some users, especially those who were already verified before, don’t like the blue badge popping up on their profiles because it might look like they’re paying for something that used to be free.


Originally, the blue checkmark was a way to show an account was officially verified and belonged to a public figure like a celebrity, politician, or journalist. It was free and based on certain criteria.

 
Under Musk, this checkmark became part of the X Premium (formerly Twitter Blue) package, meaning anyone who pays for it gets one. This has caused some backlash because it made verification seem like something you could buy, lowering its value. This could be why the option to hide the checkmark was originally included.


Despite the reasons users might have for wanting to hide it, X is moving forward with removing the ability to do so. This update is still rolling out, so it might not be visible on all accounts just yet.

[ad_2]
Source link

Deepfake Technology To Impersonate as LastPass CEO

andreasc
-
0
Deepfake Technology To Impersonate as LastPass CEO
[ad_1]

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio deepfake technology.

This incident underscores the urgent need for heightened cybersecurity awareness and the implementation of robust verification processes within organizations.

The Rise of Deepfake Technology

Deepfake technology, which employs generative artificial intelligence to create hyper-realistic audio or visual content, has been a growing concern among cybersecurity experts for several years.

Initially associated with political misinformation campaigns, the technology’s potential for harm has expanded into the private sector, with fraudsters leveraging it for elaborate impersonation schemes.

The technology’s accessibility has dramatically increased, with numerous websites and applications enabling virtually anyone to craft convincing deepfakes.

Historically, deep fakes have been used in high-profile fraud cases, such as a 2019 incident where a UK company’s employee was tricked into transferring funds to a fraudster impersonating the CEO through voice-generating AI.

Document
Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

More recently, a finance worker at a Hong Kong-based multinational was deceived into sending $25 million to perpetrators using video deepfake technology to impersonate key company officials during a video call.

The LastPass Incident: A Close Call

The recent attempt on a LastPass employee represents a significant escalation in using deepfake technology for corporate fraud.

The employee received multiple calls, texts, and at least one voicemail via WhatsApp, all featuring an audio deepfake of the company’s CEO.

The fraudulent communication was immediately suspicious to the employee due to its occurrence outside normal business channels and the presence of social engineering red flags, such as undue urgency.

Screen capture displaying the WhatsApp attempted contact using deepfake audio as part of a CEO impersonation

Screen capture displaying the WhatsApp attempted contact using deepfake audio as part of a CEO impersonation.

Fortunately, the LastPass employee did not engage with the fraudulent messages and promptly reported the incident to the company’s internal security team.

This swift action allowed LastPass to mitigate any potential threat and use the incident as a case study to enhance awareness of deepfake technology’s dangers within the company and the broader cybersecurity community.

The incident serves as a critical reminder of the importance of verifying the identity of individuals claiming affiliation with a company, especially when contacted through unconventional channels.

LastPass’s proactive approach in sharing details of the attempted fraud aims to encourage other organizations to remain vigilant and educate their employees about cybercriminals’ evolving tactics.

In response to the growing threat posed by deepfake technology, LastPass is collaborating with intelligence-sharing partners and other cybersecurity entities to share knowledge about such tactics.

This collective effort is crucial for staying ahead of fraudsters and safeguarding the integrity of corporate communications and transactions.

The attempted deepfake call targeting a LastPass employee is a stark illustration of the sophisticated methods employed by cybercriminals in the digital age.

It highlights the imperative for continuous education, vigilance, and developing secure verification protocols to protect against the ever-evolving threats posed by malicious actors in the cyber realm.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.


[ad_2]
Source link
1...185186187...1,452Page 186 of 1,452