Adobe Coldfusion vulnerability used in attacks on government servers

0
[ad_1]

The Cybersecurity and Infrastructure Security Agency (CISA) put out a Cybersecurity Advisory (CSA) to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers.

Adobe ColdFusion is a platform for building and deploying web and mobile applications. It can often be found on internet-facing servers.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The exploited vulnerability is listed as CVE-2023-26360, which affects Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier). The vulnerability is an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

A patch for this vulnerability has been available since March 14, 2023. As we reported at the time, Adobe stated it was aware  that CVE-2023-26360 had been exploited in the wild in very limited attacks.

The due date for patching the vulnerability set by CISA was April 5, 2023. The problem is that the vulnerability also affects ColdFusion 2016 and ColdFusion 11 installations, which have reached end-of-life (EOL) and are no longer supported with security patches.

According to the CSA, CISA now has confirmation that the vulnerability has been used in attacks on two Federal Civilian Executive Branch (FCEB). An analysis of network logs has reportedly confirmed the compromise of at least two public-facing servers within agencies’ environments between June and July 2023. Both servers were running outdated versions of the software that were vulnerable due to several unpatched flaws.

The investigation learned that it was a reconnaissance attack, and there was no evidence of data theft or lateral movement in the network. After initial access, the criminals started process enumeration to obtain currently running processes on the web server and performed a network connectivity check, likely to confirm their connection was successful.

In the CSA, CISA shares several indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used in the two attacks. It is not clear whether they were done by the same threat actor.

Mitigation

CISA recommends organizations:

  • Upgrade all versions affected by this vulnerability.
  • Prioritize remediation of vulnerabilities on internet-facing systems.
  • Prioritize secure-by-default configurations, such as eliminating default passwords and implementing single sign-on (SSO) technology via modern open standards.
  • Employ proper network segmentation, to separate internet-facing servers from systems that are crucial or contain sensitive information.
  • Deploy application-aware network defenses to block improperly formed traffic and restrict content.

And a lot of other security measures that are less threat-specific.

From our end we’d like to add:

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.


[ad_2]
Source link

Android 14 update available for Galaxy Tab S9 FE, Galaxy M33

0
[ad_1]

Another day, another Samsung device received Android 14. Three of them, to be precise. The Galaxy Tab S9 FE, Galaxy Tab S9 FE+, and Galaxy M33 are all picking up the big update today, with One UI 6.0 on top. The company has already updated about 30 other Galaxy devices to Android 14.

Galaxy Tab S9 FE receives Android 14 less than two months after launch

Samsung released the Galaxy Tab S9 FE series on October 16. The two premium Fan Edition (FE) tablets came with Android 13 onboard. Less than two months after they first hit the market, the devices are jumping to Android 14. The Korean firm is rolling out the big update in Europe with the firmware build number X516BXXU1BWK9 for the base model and X616BXXU1BWK9 for the Plus.

The Galaxy Tab S9 FE and Galaxy Tab S9 FE+ are receiving the November 2023 Android security patch with this update. Last month’s security release contains more than 60 vulnerability patches, five of which are confirmed to be critical issues. However, these security fixes are of little interest in the grand scheme of things. After all, Android 14-based One UI 6.0 is a massive update with tons of goodies.

Samsung has made some UI adjustments to make the Quick Settings buttons more accessible. It has also updated the notification panel and improved system animations for a smoother user experience. Additionally, One UI 6.0 improves multi-tasking features, Samsung DeX, Samsung Keyboard, homescreen widgets, Calendar, Samsung Internet, Samsung Health, and Bixby Text Call. There are new camera features and editing tools too.

This is the first of four major Android OS updates Samsung promised for the Galaxy Tab S9 FE and Galaxy Tab S9 FE+. They will receive updates up to Android 17. If you have purchased the FE tablet, you can rest assured that it will get official software support for a long time. You can check for new updates through the Settings app on your Samsung device. Go to the Software update menu and tap on Download and install.

Android 14 is available for more M-series phones

Samsung’s M-series mid-range phones aren’t available as widely as the A-series. They are primarily sold in price-sensitive markets such as India. These phones get decent support from the company. It has already updated the Galaxy M53 to Android 14. The Galaxy M33 is now following suit. The update is currently available in Russia and Ukraine with the build number M336BXXU5DWK6. A wider rollout should follow soon.


[ad_2]
Source link

The US seemingly doesn’t want China to get NVIDIA AI chips

0
[ad_1]

The tensions between the United States and China are not just happening on the shores of Taiwan; they have expanded to the semiconductor industry. Given the significant impact of chips on both countries’ national security, the US administration has imposed sanctions on potential cheap deals with China, especially chips with AI capabilities.

While most companies tried not to violate the sanctions, a possible chip deal between NVIDIA and China has prompted the US government to interfere and react. According to PC Gamer (via Fortune), US Commerce Secretary Gina Raimondo threatened that if NVIDIA continues redesigning its AI chips to meet China’s demands, she is going to “control it the very next day.”

The US Commerce Secretary Gina Raimondo blocks Nvidia chip deal with China

Speaking at the Reagan National Defence Forum in California on Saturday, Raimondo said, “We cannot let China get these chips. Period.” She added they want to deny China from accessing the US’s most cutting-edge technology. To do so, Raimondo is asking Congress to allocate more funds to the Commerce Department’s Bureau of Industry and Security. The agency oversees US exports to other countries.

“I have a $200 million budget. That’s like the cost of a few fighter jets. Come on,” Raimondo noted. “If we’re serious, let’s go fund this operation like it needs to be funded.”

Raimondo also addressed American companies, saying they should respect the bans established against particular countries. More importantly, export bans that were imposed on semiconductors. Raimondo added CEOs of chip companies were “a little cranky” with her after imposing export bans because it affected their revenue. However, she said protecting US national security is more important than short-term revenue.

Nvidia is modifying its chips to comply with US export restrictions

Among others, Nvidia is caught redesigning some of its AI chips to be exported to China (via Videocardz). While the Nvidia’s H100/A100 HPC accelerators were subject to restrictions, the chip maker launched modified H800/A800 chips for China. This fall, the Commerce Department updated the semiconductor limitations list to prevent Nvidia’s redesigned chips from being exported to restricted countries. As expected, the chip-making introduced HGX H20, L20, and L2 chips to bypass the ban.

Following the US restrictions on exporting RTX 4090 graphic cards, Nvidia started working on a modified version of it, RTX 4090D. This version is said to be exclusive to China market, and “D” in its name supposedly stands for Dragon. Well, it should not be surprising to soon see RTX 4090D GPU on the US export ban list.

Nvidia and the US government are in the midst of a tug of war. Meanwhile, Chinese companies are reportedly buying US chip-making equipment to produce in-house chips. This will help Chinese to reduce the country’s reliance on imported chips.


[ad_2]
Source link

Windows 10 gets its own extended security updates program

0
[ad_1]

The day that Windows 10 machines will get their last security updates is set for October 14, 2025. So if you want to stay secure, you’d have to upgrade to a newer version. Either to Windows 11, which is not all that different, but more demanding when it comes to system requirements. Or to the rumored Windows 12 which might be out by then.

Despite the fact that Windows 11 has been around for a while, market share would have it that Windows 10 is still far more popular. Windows 11 shows a slight increase in usage, but not a very significant one.

Market share of desktop Windows versions worldwide

Which is strange, since apart from the surprising Copilot introduction, Windows 10 hasn’t seen any major changes. But some people don’t like changes that much. Once they are used to something they want to keep it that way.

So, it makes sense that, similar to the extended security updates program Microsoft offered Windows 7 users years ago, it will now introduce a similar extension program for Windows 10.

The extended security update (ESU) program for Windows 10 is mentioned almost as a footnote in the options users have when end of support (EOS) for Windows 10 comes to light. The suggestions Microsoft offers first are:

  • Upgrade eligible PCs to Windows 11.
  • Purchase new Windows 11 machines.
  • Migrate to the cloud and subscribe to Windows 365.

But how much will the ESU program cost you? Microsoft says that pricing will be provided at a later date. But if the costs for Windows 7 were any indication, the first year came at $70 and doubled each consecutive year, so the third (and last) year was priced at $280. And that was just for security updates. ESUs do not include new features, customer-requested non-security updates, or design change requests.

What will be different this time is that home users will also be able to buy the ESU subscriptions.

Jason Leznek, Principal Product Manager for Windows Servicing and Delivery said:

“Stay tuned for more ESU program updates as we approach availability, including an ESU program for individual consumers.”


Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.


[ad_2]
Source link

Samsung Galaxy S24 is one more step closer to launch

0
[ad_1]

Samsung‘s Galaxy S24 series has picked up another regulatory certification on its way to launch. The upcoming flagship lineup has been certified by Indonesia’s TKDN, also known as Domestic Component Level. It is an approval for selling the phones in the country. Samsung has already obtained similar approvals from several other regulatory bodies, including the FCC in the US, KRT in South Korea, and BIS in India.

The Galaxy S24 series receives TKDN certification ahead of launch

The Indonesian regulatory agency certified the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra with the model numbers SM-S921B, SM-S926B, and SM-S928B, respectively. These are the global versions of the phones—sold in Europe, Asia, Africa, and a few other regions. The US versions have the suffix “U” in place of “B,” while the Korean versions have “N.”

The latest certification listing for the 2024 Samsung flagship lineup doesn’t reveal anything about the phones. Regulatory approvals seldom do, with the FCC being one of the few exceptions. However, there is hardly a thing we don’t already know about the Galaxy S24 lineup. Leaks have revealed all the design changes and key specifications of the three flagship models.

For starters, the Galaxy S24 Ultra could switch to a flat display with narrow and symmetric bezels. The edges are slightly curved but the device retains its boxy design. The other two models look identical to their predecessors. The bump-less rear camera array, which Samsung calls the “Signature Galaxy Design” and used on every phone this year, carries over unchanged to the 2024 phones.

In terms of specs, the Galaxy S24 and Galaxy S24+ will be powered by the Exynos 2400 in Europe, India, Africa, Korea, and a few other markets. Samsung will ship the phones with the Snapdragon 8 Gen 3 in the US and China. The Ultra model will get the Snapdragon chip globally. The latter phone replaces the 10x optical zoom camera with a 5x unit. On-device AI features are Samsung’s USP for the 2024 flagship lineup.

Samsung will unveil the phones in January

Samsung has yet to officially announce the launch date for the Galaxy S24 series. However, leaks have revealed that too. The new flagships are said to arrive on January 17, 2024, with the launch event taking place in San Jose, USA. The company may open pre-orders for the phones immediately after the Galaxy Unpacked event. General sales may begin on January 30. Stay tuned for the official announcement.

Samsung Galaxy S24 TKDN certification


[ad_2]
Source link

Save $250 off the XGIMI Halo+ 1080p Projector Now

0
[ad_1]

Best Buy has a pretty sweet deal going on right now, saving you $250 off of the regular price of this XGIMI Halo+ projector. That brings the price down to just $599. It’s a pretty impressive price for this projector, mainly because it is portable.

Now you might think “portable projector?” and it’s true. It’s a new trend we’ve been seeing with projectors over the last few years, where companies are putting batteries inside their projectors. Making it easier to move around for movie nights, go camping, and so forth. And the XGIMI Halo+ is the latest in that line. Of course, as with any portable projector, the battery isn’t long. It’ll last about two and a half hours on a full charge. It’s about enough time to watch a movie.

Reviews state that the picture on this projector is not the best. However, remember this is a sub-$1,000 projector with a built-in battery. So we won’t be getting the best-looking color out of this one. It is a 1080p projector with HDR support. It is technically 4K compatible because it can upscale the pixels, and when you’re looking at an image this large, 4K will look more like 1080p anyway.

Unfortunately, I/O is a bit limited here. You are looking at a single HDMI port and a single USB port. So this will be good for plugging in a PS5 that you can game on and watch your favorite movies and TV shows from Netflix, Hulu, Max, and more. But for this reason, it likely isn’t good in an entertainment center.

This is a decent projector for the regular price, and now it’s even cheaper. So, it’s a great time to grab one with the upcoming holiday get-togethers.

Buy at Best Buy


[ad_2]
Source link

Hackers Employ AI to Launch Highly sophistication Attacks

0
[ad_1]

It has been observed that threat actors are using AI technology to conduct illicit operations on social media platforms.

These malicious actors employ several tactics and automated bots to achieve their nefarious goals, which can pose a serious threat to online security and privacy.

  • Spread disinformation
  • Manipulate public opinion
  • Escalate isolating content

These AI-driven tactics enable the rapid dissemination of misleading narratives, contributing to the escalation of online misinformation campaigns.

Cybersecurity researchers at Insikt Group recently identified “Doppelgänger,” a Russia-linked influence network conducting a sophisticated operation.

Doppelgänger

The operators of this network employ advanced obfuscation techniques and potentially utilize generative AI to craft deceptive news articles, targeting audiences in the following countries via fake news sites and social media accounts:-

  • Ukraine
  • The United States
  • Germany
Doppelgänger articles dated Nov. 10, 2023, impersonating UNIAN (Source – Recordedfuture)

Insikt Group found a campaign hitting Ukraine, using many fake social media accounts for Coordinated Inauthentic Behavior (CIB). 

They shared bogus articles mimicking Ukrainian news, spreading anti-Ukraine narratives on:-

Doppelgänger hit the US and Germany with fake copies of 6 legitimate news outlets’  in later campaigns. 

For the US, it fueled divisions before the 2024 election, pushing anti-LGBTQ+ views, criticizing the military, and intensifying political separations over Ukraine.

Doppelgänger influence assets (Source – Recordedfuture)

In Germany, it targeted economic and social problems to deteriorate the trust in leadership and boost the nationalist emotions.

Doppelgänger aimed at the US with three fake news outlets:-

  • Electionwatch[.]live: Generates AI-driven political content.
  • Mypride[.]press: Stirs anti-LGBTQ+ sentiments.
  • warfareinsider[.]us: Critiques US military and foreign policy from a politicized stance.

Campaigns

Here below, we have mentioned all the campaigns identified by the security analysts:-

  • Campaign 1: Doppelgänger Impersonates Ukrainian News Organizations to Influence Ukrainian Audiences
  • Campaign 2: Doppelgänger Seeking to Influence US Audiences with Inauthentic News Outlets Leveraging AI and Divisive Commentary on Social Issues and US Military
  • Campaign 3: Doppelgänger Seeking to Influence German Audiences with Grim Outlook on European Migration Movements, German Economic Outlook

Ongoing collaboration and public reporting are crucial to counter malicious influence. Media should vigilantly monitor brand abuse, issue takedowns, and boost online literacy.

Due to its continued evolution and use of AI, Doppelgänger’s exposed activities hint at lasting societal impacts, like corrupting trust and heightened polarization.


[ad_2]
Source link

Some OnePlus 12R specs revealed ahead of global launch

0
[ad_1]

The OnePlus 12R will launch globally next month, and some of its specs have been revealed. Before we get into it, it’s worth noting that the company’s ‘R’ series of devices was exclusive to India until now. That will change with the OnePlus 12R. The phone is expected to launch globally next month, alongside the OnePlus 12.

The OnePlus 12R is coming to global markets, and some of its specs got revealed early

The OnePlus 12 did launch yesterday, in China, but its global launch will follow in January. 1NormalUsername pointed to the fact that the OnePlus 12R will launch next to the OnePlus 12.

Having said that, Digital Chat Station, a well-known tipster, has just revealed some specs for the OnePlus Ace 3. That device will be known as the OnePlus 12R, it will just be rebranded. So… we basically have the OnePlus 12R info here

Based on this info, the OnePlus 12R will feature a 6.78-inch 1.5K BOE display. That will be the BOE X1 panel, so the same display as the OnePlus 12, basically. It will be curved, by the way. The tipster did note that the peak brightness and dimming scheme will be roughly the same as on the OnePlus 12.

The Snapdragon 8 Gen 2 will fuel the device, while 100W charging will be supported

The Snapdragon 8 Gen 2 will fuel the OnePlus 12R. A 5,500mAh battery will be included on the inside, while the phone will support 100W wired charging. The charger will be included in the box, and wireless charging seemingly won’t be supported.

The tipster also said that the phone will have a “metal mid-frame body”, in other words, a frame made out of metal. That’s basically everything that Digital Chat Station revealed.

The OnePlus Ace 3 did surface on Geekbench earlier this month, hinting at a 16GB RAM variant. Android 13 ran on that model, though chances are that the OnePlus 12R will ship with Android 14 and OxygenOS 14 out of the box.

Both the OnePlus 12 and OnePlus 12R could launch on January 23, that’s the rumored date.


[ad_2]
Source link

Original Apple iPhone SE is now listed as ‘Vintage’

0
[ad_1]

Apple launched the original iPhone SE back in 2016, and the phone is now listed as ‘Vintage’. It has been placed on the ‘Vintage’ products list by Apple itself, as MacRumors spotted.

The original iPhone SE is now a ‘Vintage’ product

Apple considers a product ‘vintage’ if it has been more than five years, but less than seven years since the distribution stopped. At the seven-year mark, Apple basically discards the product as ‘obsolete’.

There are some things to note for phones placed on the ‘Vintage’ list, though. Apple does not guarantee it will be able to fix it. The same goes for Apple Authorized Service Providers. If there are parts, sure, they’ll take care of it, but there are no guarantees.

If a phone ends up being placed on the ‘Obsolete’ list, well, the company or the authorized services will decline the repair request. At that point, they cannot order parts for the devices. That’s another reason for the ‘obsolete’ tag.

None of this is surprising, of course. The iPhone SE has been around for a long, long time at this point. It is based on the iPhone 5s, which is a design that looks very dated at this point in time.

The first iPhone SE had a 4-inch display, 2GB of RAM, and a tiny battery

It included a 4-inch LCD display with an 1136 x 640 resolution. The Apple A9 chip was included under the hood, along with 2GB of RAM. A 1,624mAh battery was used on the inside, and the same goes for a 12-megapixel main camera.

The other two iPhone SE versions that Apple released, the 2020 and 2022 versions, are based on the iPhone 8. They’re a bit bigger, and look a bit more modern in comparison. The ‘Vintage’ tag does not apply to them, just the original iPhone SE model.

The company’s ‘Vintage’ iPhone list now includes eight products. The iPhone 4, iPhone 5, iPhone 5s, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, and iPhone SE are included there.

The ‘Obsolete’ list includes 13 products, all iPhones ranging from the official one, to the iPhone 5c that launched way back in 2013.


[ad_2]
Source link

Spammers could take over the Threads search results, that’s why there isn’t a chronological search

0
[ad_1]

If you’re not one of the people who comprised the 82% that chose to drop out of Threads weeks after its summer debut, you’re probably still hanging around at Meta’s X/Twitter clone.

Probably, you’re wondering why there’s no chronological search at your disposal.

Here’s Instagram and Threads head Adam Mosseri who took a moment of his busy schedule to explain things. According to him, this would create substantial safety loopholes:

In a video post, Mosseri explains that “if something happens in the world”, spammers and bad actors “can pummel the search results page by just adding the right word with their spam links” (via Android Headlines).

Mosseri says that there are a few ways to combat this, like having a search results page that takes into account both chronology and quality. However, Mosseri said that Threads being the arbiter of which results are worthy of appearing would bring censorship concerns. With all this in mind, he didn’t rule it out in the future.

Just don’t expect search results at Threads to be listed in the order in which they were posted – at least not in the very near future.

“It’s just not as straightforward as people like to make it out to be,” Mosseri said. “But we are definitely exploring all of the options.”

Meanwhile, the Threads team is busy implementing other goods in the X/Twitter clone. Just last week, Threads said they’re on to improve the search functionality by expanding the availability of keyword search. This feature, now widely accessible, enables users to effortlessly find conversations centered on specific topics, fostering more engaging and informed discussions.

In mid-November, a far more important thing was made possible: Threads users can now finally delete their profile separately from Instagram.


[ad_2]
Source link