ManageEngine Information Disclosure Flaw Exposes Keys

0
[ad_1]

ManageEngine, one of the most widely used IT infrastructure management platforms that offers more than 60 Enterprise IT management tools, has been discovered with an Information Disclosure vulnerability which is tracked as CVE-2023-6105.

This vulnerability affects multiple ManageEngine products, including ADManager, ADSelfService, M365 Manager, Endpoint Central, Service Desk, Access Manager, and many others. The severity of this vulnerability has been given as 5.5 (Medium).

CVE-2023-6105: ManageEngine Information Disclosure

This information disclosure vulnerability exposes encryption keys and exists on multiple ManageEngine products.

A low-privileged OS user with access to the host on an affected product can view and utilize the exposed key for decrypting the product database passwords, resulting in access to the ManageEngine product database.

Additionally, the encryption key is stored in the “CryptTag” configuration in <PRODUCT_INSTALLATION_DIR>\conf\customer-config.xml, and the usernames and passwords for ManageEngine product database can be found in the <PRODUCT_INSTALLATION_DIR>\conf\database_params.conf.

However, the database password can be decrypted using the encryption key from the XML file and the .conf file. An attacker with access to the product database can run OS commands with SYSTEM privileges or some administrative account privileges. 

Added to this, the threat actor can reset the password of an administrative user and view data contents that possess sensitive information. A has been published, which provides detailed information about the Python script used for decrypting the password and its output.

A complete report and proof of concept for this vulnerability has been published by Tenable, which provides detailed information about this vulnerability and its patches.

Affected Products

  • Service Desk Plus prior to version 14304
  • Asset Explorer prior to version 7004
  • Service Desk Plus MSP prior to version 14305
  • Support Center Plus prior to version 14304
  • Access Manager Plus prior to version 4310
  • PAM 360 prior to version 5700
  • Password Manager Pro prior to version 12300
  • OpManager prior to version 125632 on Windows and version 127243 on Linux
  • Firewall Analyser prior to version 125632 on Windows and version 127243 on Linux
  • Netflow Analyser prior to version 125632 on Windows and version 127243 on Linux
  • Network Configurations Manager prior to version 125632 on Windows and version 127243 on Linux
  • OpUtils prior to version 125632 on Windows and version 127243 on Linux
  • Creator On-Premise prior to version 2.0.0
  • Analytics Plus On-Premise prior to version 5300
  • ADSelfService Plus prior to version 6304
  • ADManager Plus prior to version 7210
  • ADAudit Plus prior to version 7251
  • Cloud Security Plus prior to version 4170
  • Data Security Plus prior to version 6126
  • Exchange Reporter Plus prior to version 5713
  • M365 Manager Plus prior to version 4539
  • M365 Security Plus prior to version 4539
  • SharePoint Manager Plus prior to version 4405
  • Recovery Manager Plus prior to version 6074
  • Log360 UEBA prior to version 4050
  • Endpoint Central prior to version 11.2.2322.01
  • Endpoint Central MSP prior to version 11.2.2322.01
  • Remote Monitoring and Management prior to version 10.2.11
  • Mobile Device Management prior to version 10.1.2204.2
  • Remote Access Plus prior to version 11.2.2328.01
  • OS Deployer prior to version 1.2.2331.1
  • Browser Security Plus prior to version 11.2.2328.01
  • Patch Manager Plus prior to version 11.2.2328.01
  • Vulnerability Manager Plus prior to version 11.2.2328.01
  • Application Control Plus prior to version 11.2.2328.01
  • Patch Connect Plus prior to version 90124
  • Device Control Plus prior to version 11.2.2328.01
  • Endpoint DLP Solution prior to version 11.2.2328.01
  • Secure Gateway Server prior to version 90091

Users of these ManageEngine products are recommended to apply vendor-specific patches for affected installations to prevent this vulnerability from getting exploited.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.


[ad_2]
Source link

Holiday Gift Guide 2023: Best Chromebooks

0
[ad_1]

Chromebooks used to be the afterthought when it came to laptops but they’ve grown over the years into fully fledged portable computers that do really anything a Windows or Mac laptop will do. They even come with some powerful components these days and you can play games on them. Not just Android games either. Full PC games from Steam and other PC clients.

Five years ago if you said Chromebooks would eventually be capable of accessing my Steam library and letting me play games from it, I’d have called you a liar. But that’s exactly what you can do with them these days. And they’re all the better for it. They also make excellent laptops for students of just about any age. So much so that many schools which provide laptops to their students use Chromebooks.

The point is, Chromebooks are great laptops no matter what you need a laptop for. Whether it’s coding, casual browsing, other work-related stuff, studying, and even gaming. And the best part is that many Chromebooks are actually quite affordable. They boot up in seconds and run fairly smooth too. With the holidays coming up and the shopping season in full swing, it might be time to think about what to get and if you’re looking at Chromebooks as an option, we’ve rounded up the best Chromebooks you can buy right now that you should consider. This is for a gift after all.

Best Chromebook Overall: ASUS Chromebook Flip CX5

ASUS Chromebook Flip CX5

A harmonious union of features, specs, build-quality, and reasonable pricing put this above all

Leave it to ASUS to create the best possible Chromebook you can currently buy right now. ASUS has a long history of quality computing products and it’s not surprising it creates the best overall Chromebook. Coincidentally ASUS is also our choice for the best overall gaming laptop. And it again comes down to a combination of reasonable pricing for the build quality and features you get.

That is just as true here with the Chromebook Flip CX5 and its smooth to the touch chassis. Which is also still durable and can hold up to the everyday abuse it might incur. We’re not saying it’s ok to beat this thing up. It’s still a regular consumer laptop and should be treated with care. But tossing it in your bag or onto the coffee table or night stand isn’t going to hurt it any. As long as you’re not actually tossing it. You get the idea.

Aside from build quality the Chromebook Flip CX5 is surprisingly quiet. Then again it is a Chromebook and it’s not like it’s packing a state of the art processor and graphics card that need noisy fans to keep the temperatures down. What most will probably appreciate with this Chromebook is its ability to be used in various different orientations. Use it like any other regular laptop. That’s what it’s for. But you can also flip the screen back to where the laptop sits in tent mode.

And this is going to be the perfect way to watch movies or TV shows if you’re taking a break while using it. Plus, it is a touchscreen so you won’t need to use the keyboard or trackpad for typing or clicking. You can even flip the screen all the way back until the laptop essentially becomes a tablet. Which is what you would want to do if you were browsing the web for some online shopping or maybe reading a book. ASUS has also packed this thing with 128GB of SSD storage and 8GB of RAM, along with two USB-C ports, one HDMI 2.1 port, and one USB-A port. There’s a headphone jack and a microSD card slot too. Plus Harman Kardon audio for decent sound.

All of that equals out to a pretty reasonable price of $649. Factor in the games like Minecraft which is now available on Chromebook, and access to Steam and other PC game stores through GeForce NOW which supports Chromebook as well, and you have yourself a great little machine. It’s not the most affordable Chromebook but it’s not extremely expensive either for what you get. And that’s why we picked it as our best overall Chromebook.

ASUS Chromebook Flip CX5 – Best Buy

Honorable Mention: Acer Chromebook Spin 514

Acer Chromebook Spin 514

Acer has put together a laptop that’s available at a similar price point to the ASUS model above and it comes with mostly the same specs. Although it does use eMMc for storage instead of SSD. This isn’t really a major issue but it won’t exactly be as fast as the SSD method. That aside you do get the same amount of storage at 128GB and it has 8GB of RAM too. Acer also designed the chassis in this really nice Mist Green color.

Additionally you won’t have to give up the convertible features either. You can flip the screen around to the back and use it as a tablet or put it in tent mode to watch video. One unconventional use that you might find enjoyable as well is laying the screen flat. This allows you to share the content on screen with others who may be sitting with you while still having access to the keyboard and trackpad.

Acer Chromebook Spin 514 – Best Buy

Best 2-in-1 Chromebook: Lenovo IdeaPad Duet 3

Lenovo IdeaPad Duet 3

A portable yet capable Chromebook that’s perfect for travel

The Lenovo IdeaPad Duet 3 is in a slightly weird space that’s not quite tablet and not quite Chromebook. It’s both, but also neither at the same time. Like we said it’s a little weird but ultimately this is also an awesome little device. Rest assured this is a full-fledged Chromebook with Chrome OS so it does everything any other Chromebook will. But it also has a few really neat tricks that you won’t find on any other Chromebook on this list. Let alone any other Chromebook on the market (unless it’s another version of Lenovo’s Duet).

The big thing here with the Duet 3 is that it comes with a keyboard cover. This solution is what turns this into a Chromebook and it also keeps both the screen and the back of the tablet protected. The Duet 3 will magnetically connect to the keyboard cover via some contact pins and it fits nice and snug but is also easy to pull away when you want to use it as a tablet. It has a built-in kickstand too.

Which you’ll need for propping this up like a laptop if you want to use it as such. Worth noting is that the kickstand isn’t built into the back of the tablet itself but rather it’s a separate cover that magnetically attaches to the back. You can then snap the kickstand part away to lean the Duet 3 screen back like you would a laptop.

What makes this such a nice device to use as a tablet compared to the other two Chromebooks we’ve listed above is its size. It has an 11-inch screen which is infinitely more portable and definitely easier to hold in the hand. And because you can detach both the keyboard and the kickstand cover it weighs less too. This makes it great for reading or browsing or even watching movies.

And just as good for playing games from the Play Store if games are your thing. Now it’s only got 4GB of RAM and it has a less powerful Snapdragon processor compared to the Intel and AMD processors used in the laptops above. So it will ultimately be a less powerful Chromebook. But it should be plenty powerful for most users anyway.

One nice little bonus if you like games is that it comes with one free month of access to Xbox Game Pass. But not just any tier of the service, Xbox Game Pass Ultimate. Which is normally a $14.99 per month subscription fee. You can use this to play Xbox console games in the cloud including newer titles like Starfield while you’re on the go. As long as the tablet stays connected to the internet while you want to play.

You will of course also need a compatible controller like the Xbox wireless controller. Which is what we’d recommend if you plan to use that Game Pass trial. Now for the best part, the price. The Duet 3 is only $269 right now because it’s on sale for Best Buy’s early Black Friday sale. And this is really kind of a steal. Normally it costs $379 which is still good for this kind of hybrid device. But $269 really makes it stand out.

Lenovo IdeaPad Duet 3 – Best Buy

Honorable Mention: ASUS Chromebook Flip CM3

ASUS Chromebook Flip CM3

This is still a 2-in-1 Chromebook but it loses a little bit of what makes the Duet 3 such a compelling device. Namely the ability to be used as a standalone tablet without the keyboard attached. This is going to impact the weight if you’re looking for something extra portable and lightweight. But overall it can still be used in a tablet orientation.

Another thing to consider is that this only comes with 32GB of eMMc storage. It bumps up to a 12-inch screen as well. Although this can play to its advantage since you end up with more screen real estate for taking notes or really anything else. That being said, it’s also on sale for $269 when it’s normally $329. So unless you really want the larger 12-inch display, the IdeaPad Duet 3 is the better option for a 2-in1 Chromebook device while it’s still available at the $269 discount.

ASUS Chromebook Flip CM3 – Amazon

Best Premium Chromebook: HP Dragonfly Chromebook Pro

HP Dragonfly Pro Chromebook

The Chromebook for those who want everything

Chromebooks aren’t usually sold as premium laptops but HP is trying to change that with the Dragonfly Chromebook Pro. This isn’t the first premium Chromebook that was ever released but it is the current option that has all the fancy and extra luxurious features you won’t find elsewhere. Top-notch screen? Check. Powerful speakers for music and video? Check. Performance that surpasses every other Chromebook on the market? Double check.

This thing even has an RGB backlit keyboard if that’s your thing. Though we suspect most might not be looking to buy this Chromebook for the RGB. Since that’s more of a gamer aesthetic and gamers looking to spend this kind of money are looking at proper gaming laptops. Still, it’s nice that it’s there because you can keep the keys backlit and certain colors might be easier for you to see in different light sources.

Or maybe you just prefer a certain color for the backlighting. Either way you have backlit keys here and not all Chromebooks will offer that. And really, at the price of this thing, RGB backlighting should be there. The HP Dragonfly Chromebook Pro runs at a cost of $999 so it’s anything but inexpensive. However, it’s most certainly worth if you want a Chromebook but also want one with exceptional performance and lots of extras.

The standout feature of this laptop really should be the high resolution display, and that’s what stands out for us the most. It comes with a 14-inch display so it rides that line between being just big enough to enjoy for consuming media and getting some work done on. But it’s not so big that it won’t fit in your backpack or be too heavy to carry around. It’s slim and sleek to boot. More important than the size though is the high resolution and brightness.

The resolution is 2,560 x 1,600 so colors and picture quality are going to be vivid, crisp, and vibrant. And the peak brightness is 1,200 nits which is far above what many other Chromebooks offer. This alone is really what helps colors pop off the screen. Which trust us, will matter if you’re watching content where color is important. It’s even more important if you’re using this for work and need something as color accurate as possible.

Oh, and it doesn’t hurt that glare will be nothing but an afterthought for you. When it comes to performance, the Dragonfly Pro Chromebook lives up to its price tag. Showing no signs of stutter or hiccups even with more demanding projects or activities.

That being said, the Dragonfly Pro Chromebook isn’t perfect. While it’s still excellent and the best premium Chromebook you can buy, it does miss the mark a little bit. For instance, you only have four USB-C ports to work with. There’s no HDMI and no USB-A. Furthermore there’s no ethernet or 3.5mm headphone jack. Ethernet aside, the other ports are almost standard across most other cheaper Chromebooks. At least when it comes to the headphone jack and USB-A. Then again these missing ports might not matter to you. And in the end you can always pick up adapters to use devices that need those ports if you really plan to use them.

HP Dragonfly Pro Chromebook – HP

HP Dragonfly Pro Chromebook (Renewed) – Amazon

Honorable Mention: Dell Latitude Chromebook

Dell Latitude Chromebook

While the HP Dragonfly Pro Chromebook is a better overall premium Chromebook, Dell’s Latitude Chromebook is a close second. It has an Intel Core i5 CPU inside with a large amount of storage at 256GB. It does lose half the RAM since it dumps down to 8GB and the screen isn’t as high resolution. It’s not quite as bright either. But it still carries a more sleek design than most and what it lacks from the HP laptop it makes up for with stuff the HP is missing. Like all those missing ports. And at a full price of $720 you save a little bit of money too.

Dell Latitude Chromebook – Best Buy

Best OLED Chromebook: Lenovo Chromebook Duet 5

Lenovo IdeaPad Duet 5

The portability with an OLED display is just a little bit magical

Take all of the goodness of the IdeaPad Duet 3 and cram an OLED display in it for some vibrant, immersive viewing, and you have the IdeaPad Duet 5. The Duet 3’s older, more mature sibling with just a little bit extra. While we still prefer the Duet 3 for a slightly more portable experience thanks to its smaller display and lighter build, the difference of those two factors isn’t much. So if the added size and weight don’t bother you, it’s definitely worth going for the Duet 5 to get the OLED panel. Because it’ll definitely make for a more enjoyable experience.

Games, movies, TV, and even browsing the web or scrolling through socials will be noticeably better. And because this is still part of the Duet family, it comes with those awesome keyboard and kickstand attachments. Both of which attach magnetically for a secure grip but can also be easy to detach quickly. Another thing that makes this more enjoyable than the Duet 3 is the fact the display is 13.3-inches. So there’s just a bit more screen real estate to work with. Having said that, the Duet 3 has a 2K display for some additional sharpness. Whereas the Duet 5 is Full HD.

Even as good as the display is though, the best part we think is the battery life. The Duet 3 is up to 10 hours which is already pretty good. But the Duet 5 pumps the battery life up to 12 hours at maximum. Even with a larger display the Duet 5 skates by with more time on the clock from a single charge. And there’s a good chance that’s going to make a big difference if this is your tablet/laptop for basically everything. Students or professionals for example will definitely benefit from having a couple extra hours of use.

Whether it’s late-night cramming for a test or pure entertainment at the end of a long day. Speaking of work, you should be able to do more tasks at once with the Duet 5 since it has 8GB of RAM instead of 4GB like on the Duet 3. And as any long-time user of the Chrome browser will know, the more RAM the better.

As with all of these devices, the Duet 5 is great but that doesn’t mean perfect. Its strengths can also work against it depending on your own personal needs or desires for a Chromebook. For instance, the larger 13.3-inch display being an OLED panel is great for school and/or work. And if you decide to play games on this bad boy (it comes with a one-month trial of Xbox Game Pass Ultimate too by the way), you’ll be happy for the size. But some might find it just a smidge too big for tablet use.

Though we suppose that really all depends on personal preference. Like we mentioned earlier, we prefer the Duet 3 because the 11-inch screen is still pretty nice for school and work, and it’s more portable. But you might want the larger screen. Either however, is a great option. Especially if ultra portability is one of your main goals. It’s a pretty good value at $500 but because Best Buy has started its Black Friday deals early, the Duet 5 is currently down to $329 and that price makes this a really good buy.

Lenovo IdeaPad Duet 5 – Best Buy

Best Chromebook for Gaming: ASUS Chromebook Vibe CX55 Flip

ASUS Chromebook Vibe CX55 Flip

A 144Hz display makes this unmatched for all your cloud gaming needs

Gaming on Chromebooks is starting to make some headway beyond the slate of Android games you can pick up from the Play Store. And NVIDIA GeForce NOW has a big part in driving this sector of Chromebooks forward. Sitting at the top of the heap for gaming is the 15-inch Chromebook Vibe CX55 Flip from ASUS. Its larger 16-inch variation (the Chromebook Flip CX5) is our pick for best overall Chromebook. But this model is tailored more towards gaming and those gaming-centric features are definitely going to make a difference. While mostly aesthetic, the backlit WASD keys can be a nice touch.

Personally this makes it easier to identify the keys if I ever happen to look down at the keyboard. Which admittedly isn’t often but it does happen from time to time. And as I play games late a lot it’s often dark and this can help keep them easy to find. Though rest assured the entire keyboard is backlit with RGB and not just the WASD keys. Of course, the RGB backlit keyboard isn’t what really makes this the best Chromebook for gaming. Because really most modern Chromebooks can play games as they should all be compatible with GeForce NOW.

The reason this is the best one is because of the fast refresh rate and the ethernet port. This is hardly the only Chromebook with an ethernet port but it’s the pairing with the fast refresh rate that set ASUS’s Chromebook Vibe CX55 Flip apart from the pack.

With a refresh rate of 144Hz, the CX5 is faster than competing gaming Chromebooks. Both Acer’s Chromebook 516 GE and Lenovo’s IdeaPad Gaming Chromebook have 120Hz displays. Which doesn’t sound like much but it definitely can make a difference in the heat of the moment. Worth noting is that GeForce NOW will support the 144Hz refresh rate too if you’re subscribed to the Ultimate tier membership. Speaking of which, buyers of this Chromebook also get free access to the top tier membership for three months. The offer is only valid through January 2024 though. So that means you’ll want to claim the offer before then so you don’t miss out.

And if you’re worried about gaming in the cloud on a laptop, you shouldn’t be as long as your connection is fast and reliable enough. Some key features that will help this are this laptop’s support for WiFi 6E and the included ethernet port. That way you can game over fast WiFi and then jack in with an ethernet cable when it’s available. One thing I’ve noticed that most Chromebook’s won’t offer is an anti-ghosting keyboard. This allows for faster multi-key input so you can make quick reactions in whatever game you’re playing.

At a price of $699 it’s not the least expensive Chromebook out there. But compared to actual gaming laptops you’ll save potentially hundreds of dollars. What’s nice is that since this relies mostly on playing games in the cloud, you’ll get a lot more battery life out of this than you would a regular gaming laptop. About 9 to 10 hours on a single charge. Which is enough to game all day before having to plug this thing in.

That being said, we wouldn’t leave the charger at home if you plan to be out all day. All of that aside, there’s currently no better option for gaming when it comes to Chromebooks. So if gaming is your ultimate goal when choosing a Chromebook, the Chromebook Vibe CX55 Flip is your absolute best option. Although if you can forfeit the high refresh rate and the anti-ghosting backlit keyboard, you have some other solid choices for less money.

ASUS Chromebook Vibe CX55 Flip – Best Buy


[ad_2]
Source link

Google will use AI to help you find that perfect Christmas gift

0
[ad_1]

It’s the holiday season, so the pressure is on to buy the perfect gift for your loved one. While the tradition of gift-giving goes back millennia, Google is here to reinvent the wheel and use AI to help you with your Christmas shopping. According to a new report, Google’s SGE will also help you find the perfect gifts for your loved ones.

If you don’t know what Google’s SGE is, it stands for Search Generative Experience. This feature has been in testing for a while, and you may have seen it before. When you search for something on Google, you’ll see a section above the search results with an AI-generated summary of what you searched for. Say, if you search “What is malware?” in Google, above the pages that would otherwise inform you of this, Google SGE will give you a quick and concise answer to that question.

As you can guess, this is a bit of a controversial tool, as it limits the traffic to thousands of websites. That’s a topic that’s continuing to develop at this time.

Google will use AI to help you with your Christmas shopping

One thing about generative AI is its ability to provide you with advice on pretty much any subject. Just type in the question, and you will get a useful answer delivered to you. Well, what’s to stop it from suggesting great Christmas presents for you to buy? With Google SGE, that’s exactly what will happen.

When you go on to Google, do a search for ideas for Christmas presents. You can use queries like “gift ideas for a 7-year-old who wants to be an inventor” or something like “a gift idea for my cousin who loves kites.” Google will use generative AI to ascertain what you’re wanting, and provide suggestions of what to buy.

You’ll see a bunch of results categorized into different sections. Each section will have a collection of items that you can buy. Google won’t simply tell you what to buy, it will surface links to different shopping sites to buy those products. That’s good news, as it directs more traffic to these websites.

If you have Google SGE, you can start searching for your ideal Christmas presents now. It’s live for the web version, and the mobile version on Android and iOS.


[ad_2]
Source link

Hackers Can Now Exploit a Security Flaw in Zoom Client

0
[ad_1]

The popular video messaging platform Zoom has discovered multiple vulnerabilities affecting Zoom Clients. These vulnerabilities might allow an unauthorized user to carry out denial-of-service, privilege escalation, and information disclosure attacks.

To receive the most recent security updates and bug fixes, Zoom advises users to update to the most recent version of the Zoom software.

High Severity Vulnerabilities Impacting Zoom Clients

Improper Authentication – CVE-2023-39215

With a CVSS Base Score of 7.1 and a High severity vulnerability listed as CVE-2023-39215, improper authentication in Zoom clients may enable an authenticated user to utilize network access to perform a denial of service attack.

Affected Products:

  • Zoom Desktop Client for Windows before version 5.15.5
  • Zoom Desktop Client for macOS before version 5.15.5
  • Zoom Desktop Client for Linux before version 5.15.5
  • Zoom VDI Client before version 5.14.12
  • Zoom VDI Client before version 5.15.4
  • Zoom Mobile App for Android before version 5.15.5
  • Zoom Mobile App for iOS before version 5.15.5
  • Zoom Meeting SDK’s before version 5.15.5

Exposure of Sensitive Information – CVE-2023-39214

A high-severity vulnerability with a CVSS Base Score of 7.6 is identified as CVE-2023-39214. It involves the exposure of sensitive data in Zoom Client versions before 5.15.5, which could enable a denial of service via network access for an authenticated user.

Affected Products:

  • Zoom Desktop Client for Windows before version 5.15.5
  • Zoom Desktop Client for macOS before version 5.15.5
  • Zoom Desktop Client for Linux before version 5.15.5
  • Zoom Mobile App for Android before version 5.15.5
  • Zoom Mobile App for iOS before version 5.15.5
  • Zoom Rooms for iPad before version 5.15.5
  • Zoom Rooms for Android before version 5.15.5
  • Zoom Rooms for Windows before version 5.15.5
  • Zoom Rooms for macOS before version 5.15.5

Client-Side Enforcement of Server-Side Security – CVE-2023-36535

Before version 5.14.10, client-side enforcement of server-side security in Zoom clients may have allowed an authenticated user to enable information exposure via network access.

This high-severity vulnerability was identified as CVE-2023-36535 and has a CVSS Base Score of 7.1.

Affected Products:

  • Zoom Clients for Windows before version 5.14.10
  • Zoom Desktop Client for macOS before version 5.14.10
  • Zoom Desktop Client for Linux before version 5.14.10
  • Zoom VDI Host and Plugin before version 5.14.10
  • Zoom Mobile App for Android before version 5.14.10
  • Zoom Mobile App for iOS before version 5.14.10
  • Zoom Rooms for iPad before version 5.14.10
  • Zoom Rooms for Android before version 5.14.10
  • Zoom Rooms for Windows before version 5.14.10
  • Zoom Rooms for macOS before version 5.14.10

Medium and Low-Severity Vulnerabilities Impacting Zoom Clients

Improper Authorization (CVE-2023-43582), Insufficient Control Flow Management (CVE-2023-43588), Cryptographic Issues (CVE-2023-39199), Buffer Overflow (CVE-2023-39206, CVE-2023-39204, CVE-2023-36532), Improper Conditions Check (CVE-2023-39205), 

Client-Side Enforcement of Server-Side Security (CVE-2023-39218), Improper Input Validation (CVE-2023-39217).

Update Now!

Users are advised to stay safe by installing the most recent updates or getting the most recent Zoom software which includes all security updates.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.


[ad_2]
Source link

Hackers Steal Data of UK Customers

0
[ad_1]

As per Samsung, the data breach was a result of a vulnerability in a third-party business application.

Samsung has notified its customers in the United Kingdom that a data breach has exposed the personal information of thousands of individuals. The breach impacted customers who made purchases on the company’s UK online store between July 1, 2019, and June 30, 2020.

The company discovered the breach on November 13, 2023, and determined that an unauthorized individual exploited a vulnerability in a third-party business application to access customer data. Samsung has not disclosed the identity of the hacker.

The affected personal information may include names, addresses, phone numbers, and email addresses. Samsung has assured its customers that financial information and passwords were not accessed in this breach.

The email from Samsung to the impacted user said, “On 13 November 2023, it was determined that an unauthorized individual exploited a vulnerability in a third-party business application we use and that some personal information of certain customers who made purchases on SEUK’s eCommerce site between July 1, 2019, and June 20, 2020, was affected.”

Email sent by Samsung to UK customers – Screenshot: Michael Valentine @KwyjiboUK – via X (Twitter).

It’s worth noting that Samsung confirmed to Hackread.com that only its UK customer base was affected by the data breach. Users in the United States, Canada, South Korea, and elsewhere have no cause for concern.

Samsung has reported the incident to authorities, including the UK’s Information Commissioner’s Office, responsible for enforcing the UK General Data Protection Regulation (UK GDPR).

This data breach is separate from the one that Samsung announced in September 2022, impacting only the company’s US customers. The incident resulted in the breach of private user data, including names, dates of birth, product registration data, demographic information, and contact numbers.

The latest announcement is not an isolated incident. Samsung has a history of being targeted by hackers due to its large-scale customer base, with over 992.4 million active Samsung smartphone owners in 2020. Previously, the South Korean technology giant was hacked by Lapsus$ hackers, who leaked the company’s source code online in March 2022.

Nevertheless, the latest Samsung data breach announcement is a reminder of the importance of protecting personal information. Consumers should take steps to protect themselves from identity theft and fraud, such as using strong passwords, avoiding phishing scams, and regularly reviewing their financial statements.

  1. Research claims Samsung Galaxy Store apps spread malware
  2. Hackers can hijack Samsung phones by knowing phone number
  3. Hackers used Samsung website to access Sprint’s customer data

[ad_2]
Source link

The Android 14 update is breaking some Android Auto music apps

0
[ad_1]

Driving is more fun when you have good music playing, but recently some Android Auto users can’t fully relate to this. Following the Android 14 update, some users of the Android Auto service on their vehicles have had a hard time accessing their music streaming apps. Aside from navigation, music streaming is one feature that users of the app benefit from during their daily commute.

Users of the app that are facing this issue report that it all started after they updated to Android 14. After the update, linking their smartphone to their vehicle’s infotainment system didn’t pull up music streaming. They explain that their music streaming apps accessible on their vehicle via Android Auto have randomly gone silent.

Now this isn’t an issue that is affecting just one music streaming app but a host of apps. Most of the apps that users report that are facing this issue are commonly used among drivers. Various car models are also facing this issue, so it isn’t something that just one car model is facing.

A fix might be in the works for the Android Auto music app issue Android 14 users are experiencing

From the reports, it is clear that Pixel users are the majority that are facing this issue. Google has long started to roll out the Android 14 update to Pixel smartphones. This update seems to make music apps on Android Auto not function properly, and some users are experiencing this.

Some people facing this issue have come out to speak about their experiences. Each one of them is finding it hard to play music from the music apps they have on Android Auto. This leads them to embark on rides without any music, and this isn’t ideal for some rides.

Those facing this issue are quite frustrated and have come online to air their thoughts. Google is now gathering the reports they are giving to identify and solve the problem. At the moment, there is a fix for this bug that is affecting some Android Auto users.

However, there seems to be some effort on Google’s part to solve the problem as effectively as possible. It’s also good to note that not all Android Auto users are facing this issue. Additionally, not all Pixel users are facing this same issue, but there are some quick temporary fixes for those facing this issue.

These temporary fixes include restarting the song or reconnecting the device to the car’s infotainment. At the moment, the issue fluctuates as it doesn’t always mute the audio from various music apps. In the coming week, Android Auto users might see a lasting fix to this issue from Google.


[ad_2]
Source link

Bally Sports likely to Shut Down Next Year

0
[ad_1]

Bally Sports has been a hot topic this year, as their owner Diamond Sports Group goes through bankruptcy court. And now the latest out of the hearing that happened just yesterday, says that Sinclair expects Bally Sports to shut down next year, at the end of the 2024 MLB season.

But here’s where things get interesting, Diamond Sports Group doesn’t agree, and objected to that idea. Diamond Sports Group is the division within Sinclair that owns Bally Sports. Sinclair’s outside counsel, David Selign said during the hearing that “Sinclair folks who original acquired Diamond, they’re kind of bummed, they’re bummed that this business that they put in a billion and a half of equity value in, is now going to shut down. There’s going to be people losing their jobs….Diamond’s business is going away.”

What makes things interesting is that the new contract Bally Sports negotiated with the NBA may come to an end early. If Bally Sports is unable to reach a deal with Spectrum in February, the NBA could walk away from the TV contract entirely.

Bally Sports has not announced plans to shut down

It’s important to note that Bally Sports has not announced any plans to shut down, and people familiar with the matter have stated they see a path forward to exit bankruptcy without shutting down. Obviously, a lot can change between now and the end of the 2024 MLB Season next October.

However, Bally Sports has already given up the rights to a number of teams, because they couldn’t afford to pay their fees. Currently, Bally Sports has rights to 15 NBA teams, 12 NHL teams, and 11 MLB teams.

Scripps Sports has also shown that it has interest in getting the rights to local teams if Bally Sports does indeed shut down. Back in October, Scripps stated that they do have deals to step in if Bally Sports does drop local teams. Scripps Sports President, Brian Lawlor stated that they are “talking to the leagues every week. I don’t think any of them are hoping it’s all going to blow up, people would like to see existing conracts get to the end of those contracts and have time to thoughtfully figure out what’s the right next step.”

This division of Scripps is actually fairly new, having only been formed in January of this year. However, it has already signed broadcast deals for the Las Vegas Golden Knights and the Arizona Coyotes of the NHL. It has also made a deal to put WNBA games on Friday Nights on its Ion Network. A problem that Scripps Sports is running into is the resistance by distributors to carry independent and digital channels that are now carrying the games of teams that are popular locally. Scripps does see opportunity with the sports business, hence why they launched Scripps Sports in January.


[ad_2]
Source link

Wireshark 4.2.0 Released: What’s New!

0
[ad_1]

Wireshark, a leading network packet analyzer, has released version 4.2.0, which brings bug fixes, protocol updates, major API changes, codec support, and several new features. It is still a widely used and popular tool for network protocol analysis.

Network administrators and security experts use packet analyzers like Wireshark to examine network packets and find solutions, which makes it a useful tool for businesses in a wide range of sectors.

What’s new in Wireshark 4.2.0?

Wireshark 4.2.0 has several new features and updates, such as:

  • Wireshark supports dark mode on Windows.
  • A Windows installer for Arm64 has been added.
  • Packet list sorting has been improved.
  • Wireshark and TShark are now better at generating valid UTF-8 output.
  • A new display filter feature for filtering raw bytes has been added.
  • Display filter autocomplete is smarter about not suggesting invalid syntax.
  • Tools › MAC Address Blocks can look up a MAC address in the IEEE OUI registry.
  • The enterprises, manuf, and services configuration files have been compiled for improved start-up times.
  • The installation target no longer installs development headers by default.
  • The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs).
  • Wireshark can be compiled on Windows using MSYS2. 
  • Wireshark can be cross-compiled for Windows using Linux.
  • Tools › Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.
  • Windows installer file names now have the format Wireshark-<version>-<architecture>.exe.
  • Wireshark now supports the Korean language.
  • RTPDump is the new file format decoding.

Bug Fixes

The following issues have been addressed:

  • RTP players do not play audio frequently on Windows builds with Qt6 (Issue 18413)
  • The playback marker does not move after resuming with Qt6 (Issue 18510)

Removed Features and Support

  • The prior support in the TShark -e option for showing column text via the column title has been removed generally with the addition of universal and consistent filtering support for column text.
  • The bundled script “dtd_gen.lua” that was disabled by default has been removed from the installation. It can be found in the Wireshark Wiki under “Contrib”.
  • The Wi-Fi NAN dissector filter name has been changed from ‘nan’ to ‘wifi_nan’.

New Protocol Support

Aruba UBT, ASAM Capture Module Protocol (CMP), ATSC Link-Layer Protocol (ALP), DECT DLC protocol layer (DECT-DLC), DECT NWK protocol layer (DECT-NWK), DECT proprietary Mitel OMM/RFP Protocol (also named AaMiDe), Digital Object Identifier Resolution Protocol (DO-IRP), Discard Protocol.

FiRa UWB Controller Interface (UCI), FiveCo’s Register Access Protocol (5CoRAP), Fortinet FortiGate Cluster Protocol (FGCP), GPS L1 C/A LNAV navigation messages, GSM Radio Link Protocol (RLP), H.224, High Speed Fahrzeugzugang (HSFZ), Hypertext Transfer Protocol version 3 (HTTP/3), ID3v2.

IEEE 802.1CB (R-TAG), Iperf3, JSON 3GPP, Low-Level Signalling (ATSC3 LLS), Management Component Transport Protocol (MCTP), Management Component Transport Protocol – Control Protocol (MCTP CP), Matter home automation protocol, Microsoft Delivery Optimization, Multi-Drop Bus (MDB).

Non-volatile Memory Express – Management Interface (NVMe-MI) over MCTP, RDP audio output virtual channel Protocol (rdpsnd), RDP clipboard redirection channel Protocol (cliprdr), RDP Program virtual channel Protocol (RAIL), SAP Enqueue Server (SAPEnqueue), SAP GUI (SAPDiag), SAP HANA SQL Command Network Protocol (SAPHDB), SAP Internet Graphic Server (SAP IGS), SAP Message Server (SAPMS).

SAP Network Interface (SAPNI), SAP Router (SAPROUTER), SAP Secure Network Connection (SNC), SBAS L1 Navigation Messages (SBAS L1), SINEC AP1 Protocol (SINEC AP), SMPTE ST2110-20 (Uncompressed Active Video), Train Real-Time Data Protocol (TRDP).

UBX protocol of u-blox GNSS receivers (UBX), UDP Tracker Protocol for BitTorrent (BT-Tracker), UWB UCI Protocol, Video Protocol 9 (VP9), VMware HeartBeat, Windows Delivery Optimization (MS-DO), Z21 LAN Protocol (Z21), Zabbix, ZigBee Direct (ZBD), Zigbee TLV.

Updated Protocol Support

JSON: The dissector now has a preference to enable/disable the “unescaping” of string values.

JSON: The dissector now supports “Display JSON in the raw form.

IPv6: The dissector has a new preference to show some semantic details about addresses (default off).

IPv6: The dissector now supports dissecting the Application-aware IPv6 Networking (APN6) option in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH), including all three types of APN ID, which are 32-bit, 64-bit and 128-bit in length.

XML: The dissector now supports display characters according to the “encoding” attribute of the XML declaration and has a new preference to set the default character encoding for some XML documents without the “encoding” attribute.

SIP: The dissector now has a new preference to set the default charset for displaying the body of SIP messages in raw text view.

HTTP: The dissector now supports dissecting chunked data in streaming reassembly mode. Subdissectors of HTTP can register themselves in the “streaming_content_type” sub-dissector table to enable streaming reassembly mode while transferring in chunked encoding. 

CFM: The dissector has been overhauled and updated to the level of IEEE std 802.1Q-2022 and ITU-T Rec.

New and Updated Codec support

  • Adaptive Multi-Rate (AMR), if compiled with opencore-amr.

Major API Changes

  • Lua function “package.prepend_path” has been removed.
  • Added reassemble_streaming_data_and_call_subdissector() API for easier reassembly of non-TCP high-level protocol streaming data.
  • Some of the API now uses C99 types instead of GLib types.

Installation packages and the source code for Wireshark can be downloaded from.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.


[ad_2]
Source link

Alarm system cyberattack leaves those in need struggling to call for help

0
[ad_1]

An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption.

Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023.

Tunstall, among others, provides services and systems to allow smart monitoring in various healthcare settings. One of the services provides sick or disabled persons, and the elderly with an alarm button that can be used in case of an emergency.

Under normal circumstances, the control room would relay the distress call to a caregiver so they can check on and provide help.

The alarm button systems are used in situations where people that require care are not constantly surrounded by caregivers, like care homes that provide independent living, elderly who live at home but need the ability to call for help, and people with a heightened risk of falling.

It’s unknown what the exact nature of the cyberattack is. In case of a ransomware attack, it is unlikely that any group will claim responsibility or demand a ransom. These types of services are usually the type that they want to avoid for fear of repercussions.

Estimates say that tens of thousands of people are unable to reach the control room at the press of a button and will have to call an emergency number instead.

Tunstall says it’s worked hard to remediate the situation. It has engaged a specialized cybersecurity company to investigate the situation. Meanwhile it advised clients to keep their mobile phones handy so they can reach out in case of an emergency. At the moment the first services have been brought back online and the hope is that soon everything will be fully functional again.

Some organizations that use Tunstall’s system say they have provided their clients with the direct number they would need to call when they need help. But obviously pressing a button is a lot easier when you are in distress than having to call a phone number.

How you can call without having to unlock your phone first

Having the number pre-programmed and available at the press of a button makes things a bit easier if you do need to call for help via your phone. If you have or are someone who may need immediate help and you don’t have an alarm button or it doesn’t work, there are methods to make it easier to use your phone to raise help.

iPhones provide an “Emergency” option on the lock screen. Tapping it opens an on-screen keyboard, which allows you to dial a number. The restriction with this option however, is that it is designed primarily to call emergency numbers. Another option is to use the smart assistant by saying ‘Hey Siri’, and then ask it to call one of your contacts or a phone number. 

Some Android phones offer the option to add emergency contacts. Activating Emergency SOS requires you to save at least one emergency contact to your phone. This will need to be done first. Please note that Android phones’ menus may differ from vendor to vendor and version to version.

  • Open the Settings app.
  • Scroll down and tap Safety & emergency. On some types this menu can be found in the Advanced Settings menu.
  • Tap Emergency contacts > Add contact
  • Select one or more emergency contacts from your contact list.
  • Now you can enable Emergency SOS
  • In Safety & emergency, toggle the Use Emergency SOS and set the Use Emergency SOS slider to enabled
  • Confirm the setting and select what information you want to share.
  • You will need to provide the app with the necessary permissions.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

HONOR Magic6 to include 1-inch camera sensor, but not from Sony

0
[ad_1]

The HONOR Magic6 series is coming, and based on the latest rumor, a 1-inch camera sensor could be a part of the package. The thing is, that rumor claims that it won’t come from Sony.

Many companies used the Sony IMX989 1-inch camera sensor, and that sensor has proven to be outstanding. The OPPO Find X6 Pro used it, as did the Xiaomi 13 Pro and Xiaomi 13 Ultra, and more.

The HONOR Magic6 series is tipped to include a 1-inch camera sensor from OmniVision

The thing is, OmniVision is preparing its own 1-inch camera sensor, as we heard earlier this month. That camera sensor is allegedly called ‘OV50K’, and it could actually debut on the HONOR Magic6 series.

This info comes from Digital Chat Station, actually, one of China’s more prolific tipsters. That gives it some credibility, of course. We’re just not sure if the base Magic6 model will use it, or the more expensive one(s).

The OmniVision OV50K will have plenty of competition in the market. Aside from the Sony IMX989, Sony also announced its LYTIA dual-stacked sensors, which are not technically 1-inch sensors, but have other advantages.

More and more companies are starting to use OmniVision sensors for primary cameras, though. They were usually used as secondary cameras in higher-end phones, but a shift could be coming.

It remains to be seen if the OmniVision OV50K will end up being as good as expected

It remains to be seen if the OmniVision OV50K is any good, though, as it hasn’t even launched yet. The HONOR Magic6 series is not coming anytime soon, though. The Magic5 series arrived in February this year, so chances are we’ll have to wait until Q1 2024 to get the Magic6 series.

The Snapdragon 8 Gen 3 will fuel the Magic6, at least one of the models. We’re expecting high-end specs across the board, as was the case with the Magic5. Also, the Magic6 series will have a huge focus on the cameras, based on what we’ve seen in the past models.


[ad_2]
Source link