Unpatched Zephyr OS Expose Devices to DoS Attacks via IP Spoofing

andreasc
-
0
Unpatched Zephyr OS Expose Devices to DoS Attacks via IP Spoofing
[ad_1]
Unpatched Zephyr OS Expose Devices to DoS Attacks via IP Spoofing

Discover how cybersecurity researchers uncover vulnerabilities in Zephyr OS, a real-time operating system used in IoT and embedded devices — Learn about the risks of IP address spoofing and denial-of-service attacks and the importance of maintaining strong security measures in connected device environments.

Cybersecurity researchers at the Synopsys Cybersecurity Research Center (CyRC) have uncovered vulnerabilities within the Zephyr OS network stack, potentially leaving connected devices susceptible to IP spoofing (or IP address spoofing) attacks.

Zephyr OS, a widely used real-time operating system prevalent in the Internet of Things (IoT) and embedded devices, boasts extensive customizability and broad compatibility with multiple architectures and boards, catering to diverse applications.

One of Zephyr OS’s key features is its built-in network stack, which supports various networking protocols, including IPv4 and IPv6. This flexibility enables developers to create connected devices capable of seamless communication across different networks.

However, the CyRC identified a flaw in the Zephyr OS implementation, particularly concerning its handling of IP address spoofing attacks. IP address spoofing involves the creation of IP packets with falsified source IP addresses, often with malicious intent to deceive recipients into believing they are from legitimate sources.

The vulnerability originates from Zephyr OS’s failure to drop IP packets arriving from an external interface with a source address equal to the local host or the destination address, contrary to recommended security practices. Therefore, responses sent back to the fake source IP address bypass host-side IP address–based access control, potentially leading to unauthorized access or data manipulation.

Furthermore, the flaw exposes devices to denial-of-service attacks (DoS attacks), as responses handled by loopback interfaces can overwhelm the system, resulting in instability or crashes. The vulnerability shares a similar modus operandi with a recently identified attack known as Loop DoS, where IP spoofing is exploited, leaving devices susceptible to denial-of-service (DoS) attacks.

The affected versions include Zephyr OS v.3.5, v.3.4, and 2.7 (LTS v2), as well as other releases supporting IPv6 or IPv4. However, patches have been integrated into the main branch and specific release branches to mitigate these vulnerabilities.

According to CyRC’s blog post, the discovery credit for these vulnerabilities goes to the company’s Senior Software Engineer Kari Hulkko, who utilized the Defensics® fuzz testing tool with IPv4 and IPv6 protocol test suites. In response to the disclosure, Synopsys acknowledges the collaboration and responsiveness of the Zephyr OS team in addressing these vulnerabilities.

The timeline of events surrounding the disclosure and resolution of the vulnerabilities highlights the collaborative efforts of cybersecurity researchers and software maintainers to ensure the security and integrity of connected devices powered by Zephyr OS.

As IoT and embedded devices continue to grow in number, it’s essential to prioritize strong security measures to defend against threats and vulnerabilities found in operating systems like Zephyr OS.


[ad_2]
Source link

Samsung implements Google’s seamless updates on Galaxy A55 5G

andreasc
-
0
Samsung implements Google’s seamless updates on Galaxy A55 5G
[ad_1]

In November last year, we noticed “seamless updates” on Google’s Pixel devices starting to get a lot faster than before, and now it seems that Samsung has at least adopted this functionality. This is a feature for Android, also known as A/B system updates which lets you normally use the phone while the update gets installed in the background. After the March 2024 security patch update, the Galaxy A55 5G users have seen this Android feature in action which has been available in Google’s Pixel devices for a while.

The Samsung Galaxy A55 5G got the “seamless updates” feature before the Galaxy S24 series

The Mobile Indian noted that while updating, the Galaxy A55 5G now shows a two-stage installation process – ‘Downloading and Installing’ and ‘Verification’. It’s interesting to see that the company’s latest flagship lineup, the Galaxy S24, still requires users to restart their device and wait while the phone installs the updates.

Meanwhile, a midrange offering has already utilized the advanced method to save users’ time and offer a better experience experience. This phone now installs the update in the background. After that, it needs a simple restart to complete the process. For reference, all other Samsung devices currently show the One UI installation screen for a while. The Galaxy A55 5G was reportedly faster in completing the update than the Galaxy S24 Plus. Notably, the latter one equips a much faster SoC.

It could be possible that the Galaxy A55 was the first. After they completed the implementation of the A/B updates in their system and they applied it right away. We will need to see how soon the users of other models (especially the high-end ones) get to experience this new feature.

How do A/B updates actually work?

The concept of seamless updates relies on the presence of two system partitions. When a seamless update is initiated, the new software is installed on the inactive partition. This is where the phone finally requires a reboot, to transition to the updated partition. Likely, it does not require the same amount of time that is needed to install the update.

Additionally, it was noted that these new A/B or seamless updates offer enhanced safety against installation errors. It essentially creates a copy of the system during the installation. It will be able to revert back to the previous version if necessary. However, on the flip side of the coin, it requires more system storage during the process.

Galaxy A55 5G seamless updates
Galaxy A55 5G seamless updates (Credit: Mishaal Rahman)

[ad_2]
Source link

Dyson 360 Vis Nav robot vacuum is now available in the US

andreasc
-
0
Dyson 360 Vis Nav robot vacuum is now available in the US
[ad_1]

After achieving success in the UK and Australian marketplaces, Dyson’s much-awaited 360 Vis Nav robot vacuum has finally landed on North American shores. This high-end vacuum cleaner replaces Dyson’s 2017 model called ‘360 Eye’ bearing advanced features and cutting-edge technologies of that time to provide efficient and exhaustive cleaning.

High-end Dyson 360 Vis Nav Vacuum is ready to clean houses in the US

At the heart of the Dyson 360 Vis Nav lies the all-seeing fisheye camera that can capture a full 360-degree perspective around it. This way, it allows the vacuum to create an accurate representation of your house including furniture placement. It also maps the areas where dust usually accumulates. Meanwhile, on the MyDyson app in Google Home and Alexa, one can easily change cleaning schedules or specify areas to relieve you of voice commands.

One thing that stands out about the Dyson 360 Vis Nav is its strong motor. This vacuum cleaner has a motor spinning at 11,000rpm with a suction power of 65 air watts (AW). Thus, it ensures thorough cleanliness for all surfaces. The device offers four distinct cleaning modes, including Auto, Boost, Quiet, and Quick, catering to diverse needs and preferences when it comes to tidying up.

Single charge usage, recharging, and pricing details

In terms of improvements, Dyson has increased battery life for the North American model to last up to 65 minutes per charge. Now, it also has a faster recharge time capped at just an hour and fifty-five minutes. With these advances, Dyson’s new product goes for USD 1,200/CAD 1,500 retaining its premium status among consumers who are willing to pay extra for the convenience factor.

The Dyson 360 Vis Nav has many cutting-edge functionalities and high-end performance. Its high price might put off some people. Nevertheless, as for the buyers who are in search of a cleaning technology that is of high quality and also convenient, they should consider the Dyson 360 Vis Nav as the best choice available in the market today.


[ad_2]
Source link

Threads begins official test of swipe gestures to “like” posts

andreasc
-
0
Threads begins official test of swipe gestures to “like” posts
[ad_1]

Threads is continuing on its path of testing features back-to-back in order to make it a more user-friendly and efficient platform. The latest test involves a feature that had already been spotted earlier this month: the ability to swipe on a post in order to tell the algorithm that you like it.

Even though we already knew this was underway, since it was already working for some users who spotted it a few weeks ago, the test is now official, as it has been formally announced by the usual parties: Mark Zuckerburg, Adam Mosseri (Head of Instagram) and the official Threads account.

As of right now, this is still a very limited release and only available to a select group of users. However, as Mosseri explained, the goal of this feature is to give users more control over their Threads experience.

Swiping right on a post “likes” it, whereas swiping left will show the Threads algorithm that this isn’t something one is interested in. In other words, this is a way in which we can tell Threads what is relevant to us, what we want to see more of in the “For You” page, and what we want to see less of. Some users have commented that this is reminiscent of third party Twitter apps from back in the day, such as “Tweetbot ” or “Twitterrific.”

When the test actually began at the start of the month, the feature appeared to be limited to iOS only. It is unclear whether, at this stage, this has been opened up to Android users as well. Since this feature is only available to a small subset of users, and we happen not to have the feature available to us yet, we cannot confirm. Let us know in the comments if you have access to this feature on Android.


[ad_2]
Source link

Cross Tenant Microsoft 365 Migration

andreasc
-
0
Cross Tenant Microsoft 365 Migration
[ad_1]

What is a Cross Tenant migration, and why and when do you need it? Cross-tenant migration refers to the process of moving data, applications, and services from one Microsoft 365 tenant (or organization) to another. Whether due to mergers, acquisitions, restructuring, or strategic decisions, businesses often find themselves in situations where they need to consolidate or reorganize their tenant structures.

The different actors

When it comes to tenant-to-tenant migration within Microsoft 365, several key actors play crucial roles in ensuring a successful transition. Let’s explore them:

Microsoft Consulting Services (MCS): Organizations often collaborate with MCS to plan and execute tenant migrations. Their expertise ensures a smooth transition, addressing complexities and minimizing disruptions1.

Microsoft Partners: These skilled professionals specialize in tenant migrations. They work closely with organizations, offering tailored solutions and leveraging third-party tools for content migration1.

IT Administrators: Within the organization, IT administrators take charge of technical aspects. They oversee user accounts, data integrity, and configuration adjustments during the migration process.

Identity Architects: These architects design the identity framework for the new tenant. They handle user authentication, access permissions, and identity synchronization across tenants.

Data Migration Specialists: These experts focus on moving data—emails, files, SharePoint sites—from the source to the target tenant. They ensure data fidelity and minimal downtime.

Change Management Teams: Communication is key. Change management teams inform stakeholders about the migration, manage expectations, and guide users through the transition.

The different solutions: When it comes to cross-tenant Microsoft 365 migrations, several vendors and solutions can assist you in smoothly transitioning your users’ data. Here are some options:

Microsoft 365 Native Tools: Microsoft provides native tools and interfaces for cross-tenant mailbox and OneDrive migrations. 

Third-Party Migration Solutions: Several third-party vendors offer specialized migration tools for Microsoft 365 cross-tenant scenarios. These solutions provide additional features, flexibility, and support. 

Some popular vendors include:

Cloudiway:

Cloudiway specializes in cloud migration services, including Microsoft 365. Their platform is one of the most complete solutions and supports Microsoft cross-tenant migrations for mailboxes, OneDrive, Microsoft Teams, SharePoint, Intune and devices. Cloudiway emphasizes ease of use and efficient migration processes.

AvePoint:

AvePoint offers migration solutions for Microsoft 365, including cross-tenant scenarios. Their tools provide features like Mailbox, OneDrive, Microsoft Teams and SharePoint migrations. AvePoint’s solutions are known for their reliability and comprehensive support.

BitTitan: 

BitTitan is known for its MigrationWiz tool, which supports cross-tenant migrations for mailboxes, OneDrive, and Microsoft Teams.

Quest: 

Offers solutions like Quest On Demand Migration and Quest On Demand Migration for Email.

SkyKick: 

SkyKick provides automated migration tools for Microsoft 365, including cross-tenant scenarios.

ShareGate: 

Known for its ShareGate Desktop and ShareGate Migrate tools, which support SharePoint, Teams and OneDrive migrations. They have recently integrated mailbox migration.

CodeTwo:

CodeTwo offers migration solutions for Microsoft 365, including cross-tenant mailbox migrations.

Table of comparison:

AvePointCloudiwayMicrosoftBitTitanQuestSkykickAvepointShareGateCodeTwo
SAASYesYesYesYesYesYesNoNo
MailsMaturityYes * 2012Yes 2022Yes  *2010Yes 2012Yes 2010Yes 2021Yes BetaYes 2012
DrivesYes *YesYes*YesNoYesYesNo
Maturity2012202220152015AvePoint2020
SharePointYesPartial SPMT (On-premises)No (librairies seulement)Yes *NoYes *Yes*No
Microsoft TeamsYes*2018 NoYes2020YesNoYes*2018Yes2021-22No
Teams Private messagesYesNoNoNoNoNoNoNo
SlackYes*NoNoNoNoYesNoNo
Slack Direct MessagesYesNoNoNoNoNoNoNo
Google ChatYesNoNoNoNoNoNoNo
LaptopsYesNoNoYesNoNoNoNo
IntuneYesNoNoNoNoNoNoNo
FreeBusy & GalsyncYesNoNoNoNoNoNoNo

* leader

Conclusion:

In the ever-evolving landscape of cloud collaboration, cross-tenant migrations have become a critical undertaking for organizations. Whether due to mergers, acquisitions, or strategic realignments, the need to seamlessly transition data between Microsoft 365 tenants is more prevalent than ever.

Vendor Selection Matters: Choosing the right migration solution is paramount. Evaluate vendors based on factors such as scope of migration, reliability, scalability, support, and ease of use. Consider both native Microsoft tools and third-party offerings.

Preparation Is Key: Properly prepare your source and target tenants. Establish trust relationships, configure identity mapping, and ensure that users are set up correctly in the destination tenant.

Data Integrity and Security: During migration, prioritize data integrity and security. Test thoroughly, monitor progress, and address any issues promptly.

Communication and Change Management: Keep stakeholders informed throughout the process. Effective communication minimizes disruption and ensures a smooth transition for end-users.

Post-Migration Validation: Validate data integrity, permissions, and functionality post-migration. Address any discrepancies promptly.

Remember, cross-tenant migrations are not just about moving data; they impact user productivity, collaboration, and overall business continuity. By following best practices and leveraging the right tools, organizations can navigate this complex journey successfully.

  1. Advantages of a Cloud VPS Server
  2. 4 Benefits of Cloud VPN to your Business
  3. How To Safeguard Your Data With Cloud MRP System
  4. Managed Cloud Hosting vs. Unmanaged Cloud Hosting
  5. Insights on Google Cloud Backup, Disaster Recovery Service

[ad_2]
Source link

Google Keep testing a floating toolbar and list-making with AI

andreasc
-
0
Google Keep testing a floating toolbar and list-making with AI
[ad_1]

Google Keep is testing two new features aimed at enhancing note-taking and list-making experiences. The first feature, ‘Help me create a list,’ brings generative AI capabilities to assist users in quickly creating shopping lists, to-do lists, packing lists, and more. This feature is a part of Google Workspace Labs, which is currently available to testers in English. There’s also another design revamp, currently under development.

‘Help me create a list’ in Google Keep and

Help me create a list‘ is one of the latest additions to Google Keep on Android, designed to assist users with common list-making with Gemini integration. With this feature, (upon tapping ‘Create’ in Keep) users get a “Help me create a list” button on the bottom right. Here they can simply type a prompt like “Packing list for a camping trip with 2 kids in summer” or “Groceries for a week for a vegetarian family of 3,” and Google Keep’s AI will generate a corresponding list.

Below the list, you will see a like and a dislike icon that represents a good and a bad suggestion. If the AI-generated suggestion appears to be inaccurate or inappropriate to you, and you select the dislike icon, you will get to select the issue you found and an option to explain it further.

Credit: Google

A new floating bottom toolbar in Google Keep

Meanwhile, TheSpAndroid shows that Google is also testing a newly designed floating bottom toolbar. This feature is also in the works and currently hidden under flags, which you can enable, given you use a rooted device. This new floating design will likely replace the existing toolbar that covers the whole width of the screen after it completes the testing phase.

It features three primary buttons: one for taking a note, another for creating a list, and a third for creating a drawing or picture note. This streamlined design conserves screen space, particularly in landscape mode. This new floating design in Google Keep is actually very similar to the floating toolbar recently introduced in the Google Chat app, suggesting a consistent design language across Google apps.

The introduction of these features marks Google’s ongoing efforts to enhance the functionality and user experience of Google Keep. While the ‘Help me create a list’ feature aims to simplify list-making tasks, the floating bottom toolbar is a design revamp probably inspired by Google’s Material You design language.


[ad_2]
Source link

Fitbit Labs will give you the AI-powered training coach of the future

andreasc
-
0
Fitbit Labs will give you the AI-powered training coach of the future
[ad_1]

Google has just announced, amid other things in a feature-length video, that Fitbit Labs will come with an AI-powered training coach. This is just one of many different ways AI is being incorporated into everyday activities at a rapid pace. Fitbit, acquired by Google in 2021, currently provides a plethora of fitness gadgets and wearables. The AI coach, powered by Google’s flagship AI Gemini, will analyze data and provide feedback.

Fitbit Labs turns to AI for managing your health

The Fitbit Labs program is being designed to help users track their health using AI. It will be available very soon if reports are to be believed, and Pixel owners will be given priority access. What this will do is use AI to analyze a Fitbit user’s health metrics. This means combining both LLMs and image generation models to provide a futuristic experience. The AI will go through and understand a user’s health history, even providing charts for the user. It will then use this data to coach the user, providing advice in a conversational manner.

All the way back in 2023 just before Google’s product launch event, James Park – co-founder of Fitbit – had this to say. “We’ve always talked about being able to help people connect different pieces of their health data together and get insights from it, so I think that’s the first step.” James Park and other co-founder Eric Friedman recently left Google, leading some to wonder whether they didn’t agree with the direction Google was taking it.

A strong push for AI in the medical domain is underway

It’s not just portable coaches AI is being used for when it comes to the healthcare industry. Ever since AI has gained public popularity, Google has been hard at work integrating it into healthcare. For example, people can now simply use Google Lens to photograph health conditions and get immediate answers on what they’re looking at. Google is also confident in its AI’s abilities to generate reports from 2D and 3D medical scans.

A personal coach on Fitbit trackers and smartwatches will greatly increase the allure of these products. Whatever this AI says isn’t to be taken as legal medical advice, of course. But this will really help a lot of people get the most out of their Google Fitbit wearables. This will also help people make changes to their lifestyle that really benefit their health. All without the need of a doctor.


[ad_2]
Source link

Threads rolls out beta program to share your posts out to the Fediverse

andreasc
-
0
Threads rolls out beta program to share your posts out to the Fediverse
[ad_1]
Threads by Instagram is one step closer to becoming a part of something bigger. Starting today, selected users can try out a beta feature that links Threads directly to the Fediverse.

The Fediverse is a fairly new concept in social networking, similar to a vast, interconnected network of independent servers. Unlike traditional social media platforms, which a single company controls, the Fediverse is decentralized and allows users more control over their own data and interactions. An example of one such platform right now is Mastodon, which has been one of the pioneers of this growing movement.

With the new beta, Threads users who are over 18 years old and have public profiles can opt in to share their content on the Fediverse. Also, if you use Mastodon or another Fediverse-compatible platform, you will now be able to follow Threads users that are part of the beta, interact with their posts, and share them.

For now, the beta doesn’t allow for viewing replies and follows from the Fediverse on Threads, but you’ll be able to see the total number of likes and boosts from both Threads and the Fediverse. However, this functionality will be available at a later time.

Threads is also working on full compatibility with ActivityPub, the open-source protocol that powers much of the Fediverse. This means that soon, the interaction between Threads and Fediverse apps will be even more seamless.

Note, though, that this integration is entirely optional. You don’t have to share your Threads content just because you use the app. However, if you’re curious about the Fediverse, you can join the beta by heading to your Threads Account Settings and turning the “Fediverse sharing” toggle on.


This move highlights a growing trend towards open, user-centric social media experiences. Through its integration with the Fediverse, Threads demonstrates its openness to collaborating with other platforms, giving users more control over their connectivity and choices.


[ad_2]
Source link

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

andreasc
-
0
Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now
[ad_1]

Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2 and 2023.1, as well as unsupported versions which will need an upgrade before patching.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs patched in these updates are:

CVE-2023-41724 (CVSS score 9.6 out of 10), which allows an unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

This vulnerability was reported to Ivanti by the NATO Cyber Security Centre. Ivanti says it’s not aware of any customers being exploited by this vulnerability at the time of disclosure. The attack option is limited because an attacker without a valid Transport Layer Security (TLS) client certificate enrolled through Ivanti Endpoint Manager Mobile (EPMM) cannot directly exploit this issue on the internet.

Ivanti says its customers can access the patch (9.17.1, 9.18.1 and 9.19.1) via the standard download portal.

CVE-2023-46808 (CVSS score 9.9 out of 10) which allows an authenticated remote user to perform file writes to ITSM server. Successful exploitation can be used to write files to sensitive directories which may allow attackers to execute commands in the context of a web application’s user.

The patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes. On-premise customers are advised to act immediately to ensure they are fully protected. Ivanti says it is not aware of any customers being exploited by this vulnerability prior to public disclosure.

The patch is available on the Ivanti Neurons for ITSM downloads page for each respective 2023.X version. This will require upgrading to 2023.X to apply the patch.

The vulnerabilities have a 2023 CVE because of a reservation made towards the end of 2023, when they were first found and reported. It is Ivanti’s policy that when a CVE is not under active exploitation to disclose the vulnerability when a fix is available, so that customers have the tools they need to protect their environment.

Get patching!

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.


[ad_2]
Source link

Qualcomm shows us Snapdragon 8 Gen 4 reference device by accident

andreasc
-
0
Qualcomm shows us Snapdragon 8 Gen 4 reference device by accident
[ad_1]

Qualcomm actually showed off the Snapdragon 8 Gen 4 reference device by accident. The company did that in a YouTube video. In this video, Qualcomm aimed to show people how it developed the Snapdragon X Elite, the Snapdragon 8 Gen 4 was not supposed to be a part of the picture.

The Snapdragon 8 Gen 4 reference device was spotted in Qualcomm’s very own video

This reference device was spotted by @Za_Raczke, a tipster. The codename ‘Pakala’ is also shown in the video, which is the codename for the Snapdragon 8 Gen 4 processor.

The design of this reference device is not really all that noticeable. It’s a device with a dark blue chassis and has several stickers and labels on it. It’s a generic device that Qualcomm is using to test out the chip.

It’s interesting to see that Qualcomm itself ended up showing us this, most likely by accident. There’s also a possibility that Qualcomm didn’t care enough to strip the video of all Snapdragon 8 Gen 4 references. It’s not exactly like major details were revealed or anything like that.

This chip is coming in October

Qualcomm’s executive did confirm that the Snapdragon 8 Gen 4 is coming in October, though. That detail was shared during the Mobile World Congress (MWC) in Barcelona last month.

We also know that the Snapdragon 8 Gen 4 will come with custom Oryon cores. This will be the first time that Qualcomm is using its custom cores in a chip. The Snapdragon 8 Gen 4 is also tipped to ditch the efficiency cores altogether, so that’ll be interesting.

This chip is expected to be produced on TSMC’s 3nm ‘N3E’ process. Various improvements are expected, though it will be interesting to see how will it run without efficiency cores… if that ends up being the case.

As a side note, Qualcomm recently announced the Snapdragon 8s Gen 3 chip. Click here if you’d like to know more about it.


[ad_2]
Source link
1...287288289...1,471Page 288 of 1,471