CISA catalog passed 1,000 known to be exploited vulnerabilities. Celebration time, or is it?

0
[ad_1]

The CISA Known Exploited Vulnerabilities catalog has grown to cover more than 1,000 vulnerabilities since its launch in November 2021.

On September 18, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) announced that its Known Exploited Vulnerabilities (KEV) catalog has reached the milestone of covering more than 1,000 vulnerabilities since its launch in November 2021.

This may seem like a lot, but with over 25,000 new vulnerabilities released in 2022 alone, it helps organizations to focus on the vulnerabilities that matter the most.

Many organizations are running a plethora of software and internet-facing devices, and vulnerabilities that can be used to exploit them are found every day. Everybody knows they need to patch, but deciding what to patch when, and then finding the time and resources to do it, are significant challenges.

CISA says that one of the reasons to launch the KEV catalog was to help organizations prioritize which vulnerabilities to address first.

“As a starting point, we know that the majority of vulnerabilities are never exploited by malicious actors.”

CISA issued Binding Operational Directive 22-01 in November 2021 which established the catalog and bound everyone operating federal information systems to abide by it.

Federal Civilian Executive Branch (FCEB) agencies are handed specific—and very tight—deadlines for when vulnerabilities must be dealt with. Specifically, the Directive requires those agencies to remediate internet-facing listed vulnerabilities within 15 days and all others within 25 days. 

For everyone else it’s an opportunity to filter out the vulnerabilities by something even more relevant than CVSS scores where the exploitability of a vulnerability is only a sub score.

Because it’s based on what criminals are actually exploiting, your organization might still want to feed the catalog into its patch management strategy.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. To be considered for the catalog, the first criterium a vulnerability has to meet is to have a unique CVE ID so organizations can know precisely which vulnerability it concerns. This is not as straightforward as it may seem. CISA works with vendors, open-source projects, and the CVE program to ensure that every vulnerability that is exploited in the wild is properly identified with a CVE ID.

The second criterium is proof of the active exploitation. This evidence needs to be from a credible source – a known industry partner, a trusted security researcher, or a government partner. Even then, sorting through vast amounts of data to distinguish genuine, malicious exploitation can prove to be a daunting task.

“We can find ourselves chasing whispers of exploitation in the wild that circulate online. Adding to the challenge is that some adversaries are elusive and sophisticated, leaving barely a trace of their digital footprints.”

And last but not least, an effective mitigation needs to be available. After all, it’s no use listing a vulnerability with a due date when there is no cure at hand.

It’s hard to find metrics to show what the effect of the KEV catalog is on malware infections and ransomware attacks, but what is clear is that the mean-time-to-remediate listed vulnerabilities was an average of nine days faster than for non-listed – and 36 days faster for internet-facing vulnerabilities.

CISA says it’s exploring options to add more informative fields, such as noting whether a specific vulnerability is being used by ransomware actors, which may be of particular use to sectors such as healthcare and education. It may help you further prioritize based on your threat model.


We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.


[ad_2]
Source link

Best wall chargers for the Pixel 8

0
[ad_1]

You get a lot with the Google Pixel 8. Well, you get a lot of stuff except for a charger in the box. That’s where the tech industry is heading, but who needs first-party chargers, anyway? There are a ton of amazing and fully-featured third-party wall chargers that you can get. Here’s a list of some of the best wall chargers that you can pick up for your Pixel 8.

Speaking of the Pixel 8, you can pick up your unit today. You can either pick up the Pixel 8 or the Pixel 8 Pro using the links below. These are the newest flagship phones from Google. With them, you get the latest version of Android, better performance, an improved camera experience, and much more.

Pre-order the Pixel 8 (Best Buy)

Pre-order the Pixel 8 Pro (Best Buy)

Best wall chargers for the Pixel 8

In this list, we’re going to go through different types of wall chargers with different features and benefits. As you can probably guess, these wall chargers could be used with devices other than your Pixel 8. Along with your phones, there are also chargers that you can use to charge your computer, so these are multi-purpose devices.

Google 30W USB-C – Fast Charging Pixel Phone Charger

Google 30W USB C Fast Charging Pixel Phone Charger

So, let’s start off with a simple one. This is a first-party Google wall charger for Pixel phones. It’s a 30W wall adaptor that’s designed specifically for Pixel phones. It’s not really impressive, but you know that you’re getting an optimized charging experience for only $25.

This charger has a singular USB-C port. So, if you want to use this charger, you’ll need a USB-C to USB-C cord. You can check some of these out in our list of best charger cords that you can buy. Since it’s simple and only has one port, this charger is rather compact. It’s not one of the chargers that will take up two outlets like other larger chargers. So, you’ll be able to plug it into an extension cord or power strip without any hassle.

You won’t only be able to charge your phone(s) with this charger, but you can also charge your Chromebook. It’s powerful enough to do so, though it might be slow depending on the model you have. In any case, 30W is a good wattage for a charger.

Google 30W USB-C – Fast Charging Pixel Phone Charger

Anker 100W 3-port USB-C GaN Charger

Anker 100W 3 port USB C GaN Charger

Anker is a household name when it comes to chargers and other deliverers of power. The company has a powerful 3-port charger that’s meant to charge more than just phones at $74.99. This charger has three ports on it, so you can charge more than one device at a time. There are two USB-C ports and one USB-A port.

This is a GaN (gallium nitride) charger. Without diving too deeply into the details, GaN technology allows for the company to make much more compact chargers that transfer much more energy. This is why it’s preferred over chargers that use silicon. So, you’re getting a compact charger that will deliver as much power as you need to charge your devices.

This is a 100W charger, so it delivers enough power to charge most phones at their maximum charging speeds. It’s even powerful enough to charge your Macbook. Chromebooks, and smaller Windows laptops. This is an all-in-one charging solution if you have multiple items that need to be charged.

Anker 100W 3-port USB-C GaN Charger

OtterBox 45W USB-C Wall Charger

OtterBox 45W USB C Wall Charger

Otterbox is a popular company that makes resilient phone cases. Well, while this company keeps your phones safe, it also keeps them charged. Otterbox has a powerful wall charger that can deliver a decently fast charging speed for your phone at just $19.99.

This charger has a USB-C port on the back, and it can deliver a 45W current to your phone. This will charge your Pixel phone to its maximum speed. Like most of the best chargers on the market, this charger also uses GaN technology. This is why this device is so compact.

While it’s a small charger, it’s still sturdy. Being made by Otterbox, it’s made from tough materials. So, you’ll be able to keep this charger for the long run. You won’t need to worry about getting another one for a while.

OtterBox 45W USB-C Wall Charger

Anker Prime 3-port 67W USB-C GaN Charger

Anker Prime 3 port 67W USB C GaN Charger

If you’re looking for a charger that’s both compact and powerful, then look no further than this one. This Anker Prime charger has three ports in total. There are two USB-C ports along with a USB-A port. This means that you’re not confined to only charging one device at a time. Also, the $59.99 price tag makes it a steal.

This is a powerful 67W charger. Several phones are coming out nowadays that take 67W charging, and that means that their charging is extremely fast. So, this charger will be able to charge most of your phones at their maximum wattage. This means that you’ll more than charge the Pixel 8 at its highest charging speed.

This is a small charger, but it has a ton of power. If you need to, this charger can charge your Macbook or other mobile computing device. It won’t power a full-on gaming laptop, but it’s strong enough to charge your Chromebook or small Windows laptop.

Anker Prime 3-port 67W USB-C GaN Charger

Sacrack 6-port 160W USBC Fast Charger

Sacrack 6 port 160W USBC Fast Charger

This charger is meant to take your charging to the next level. The Sacrack 6-port 160W USBC Fast Charger gives you an insane amount of charging power for only $29.99. It’s not the traditional charger that plugs directly into the wall. In fact, it has a dedicated cord that plugs into the wall for you. This is a safe bet, as the charger is quite big.

This is a 6-port charger, so you’ll be able to plug in up to 6 devices at once. There’s a powerful 65W USB-C port with two more USB-C ports. Under that, you have three USB-A ports. That’s a ton of ports for one device, and it’s there if you need some serious power.

That top USB-C port is perfect for charging your laptop if need be. With that, you can use the other chargers to keep your mobile devices charged. Also, since it has a dedicated cord, it will be able to extend to your location rather than you having to move your setup close to an outlet.

Sacrack 6-port 160W USBC Fast Charger

AILKIN USB Wall Charger 2-Pack

AILKIN USB Wall Charger 2 Pack

If you need a pair of chargers for cheap, then you should look at this pack of chargers. You get two chargers in the pack for just $15.99, and each one has two USB-A ports. That’s a great price for the value you’re getting.

These adapters are very compact, so they will fit any outlet without taking up too much space. While they’re small, they’re still able to give you some decent power. These are dual USB-C chargers with a total current output of 5V/2.1A. They’re not blazing fast speeds, but they’re not slow either. These chargers are meant to charge your devices without taking up too much space.

A fun aspect of these chargers is the selection of fun colors that they come in. They come in Black, Blue, Gold, Green, Pink, Pure Black (where the entire brick is black with no white accents), Purple, Rose Gold, Silver, and White. These are all nice colors, and they give the chargers a nice flair.

AILKIN USB Wall Charger 2-Pack

Anker 323 33W 2-port Charger

Anker 323 33W 2 port Charger

There are low-powered chargers and there are high-powered ones. However, there are those chargers that hit a sweet spot right in the middle. This is where the Anker 323 33W 2-port Charger stands. It’s a nice charger if you’re not looking for something over the top, but you still want a quality charger. It’s also priced decently at $24.99.

This charger has two ports; one is a USB-C port, and the other one is a USB-A port. As for the charger speeds, this charger delivers a decent 33W of power. That’s enough to give you some decent charging speeds. That’s definitely enough to charge the Pixel 8 at its maximum speed.

This is also a compact charger. It will be able to fit into any setup or workflow. That’s one of the best things about the design.

Anker 323 33W 2-port Charger

Qihop Adaptive Fast Charging USB Wall Charger 4-Pack

Qihop Adaptive Fast Charging USB Wall Charger 4 Pack

This is a pack for people looking for the most bang for their buck. This is a 4-pack of chargers that you can buy for only $15.99. These are pretty standard chargers that only take up one outlet.

You shouldn’t expect any wild charging speeds or additional features. These are just your run-of-the-mill phone chargers. You’ll want to get this pack if you want a charger with a handful to spare. So, if you’re just looking for chargers and nothing else, you can pick these up.

Qihop Adaptive Fast Charging USB Wall Charger 4-Pack


[ad_2]
Source link

Hidden fees might become a thing of the past with new FTC rule

0
[ad_1]

The new FTC rule is here to bring a lasting solution to hidden charges that businesses impose on customers. At the moment, this rule is open to criticism as the FTC is seeking comments from various agencies and the public. This rule is known as the Trade Regulation Rule on Unfair or Deceptive Fees, and it will be beneficial for online shoppers.

It turns out that the FTC did not just start working on this new rule, as it has been in the pipeline since last year. Ever since then, the FTC has received over 12,000 comments from various sources on the effects of these deceptive fees that certain businesses charge. Some of these comments form a supportive ground on which the FTC can stand and enforce this rule on businesses.

The FTC is now putting more pressure on ensuring that businesses stop any unfair and deceptive acts. These acts involve hiding extra charges from buyers during their online shopping experience. This has become a real issue for online shoppers, and it tends to make them spend more than their initial budget.

Details on how the new FTC rule might bring an end to hidden fees

If you shop online, there is a high possibility that you have come across hidden fees. These fees are annoying and can make some shoppers end their entire shopping experience because of their spending budget. For those shoppers who need the goods, they get to pay above their initial budget.

Lots of online stores use these hidden fees to attract customers to their business and then trap them. A person shopping for a pair of glasses might see them on a site for an affordable price, and this draws them in to make the purchase. Then at checkout, they get to see some extra fees that were never part of the initial pricing as listed on the site.

This action is unfair, and the FTC is now manning up to prevent businesses from using this tactic on their customers. Sales of tickets for the Taylor Swift Eras Tour put this action in the spotlight. Critics argued that the ticket sellers for this show were driving up ticket costs with hidden fees.

For this reason, the White House had to demand that the ticket sellers give users the full ticket price upfront. This might just be what the FTC aims to do with its new rule, as it might pressure online businesses to give shoppers the full price upfront. With this accurate pricing information, shoppers will be able to better plan their finances.

In the coming weeks, the FTC’s new rule will take effect as it aims to bring an end to hidden fees. Businesses that continue hiding the full prices of products on their websites might face a fine for such actions. What do you think about this new FTC rule, will it help improve your shopping experience?


[ad_2]
Source link

Spotify starts rolling out new tools for podcast creators

0
[ad_1]
Announced earlier this year, Spotify’s new creator tools for podcasters are now rolling out globally. Designed to help content creators to engage with their listeners in new ways, these new features are slowly making their way to Spotify users.

Starting today, three main perks are available for podcasters, which will provide them with more opportunities to be discovered, grow, and, eventually, monetize their content.

  • Manage your presence on Spotify by customizing your show page
  • See exclusive insights into how your show gets discovered on Spotify with impression analytics
  • Explore more ways to monetize your content via Spotify for Podcasters

The most important new feature aimed at podcasters is the ability to fully customize their “show page.” It will make it easier for podcast creators to point new listeners to their best episode or recommend other content on Spotify.The “show page” will also include a so-called “Best place to start” tab where creators can feature one episode more prominently, thus offering listeners a slice of their content.

Additionally, Spotify announced that it’s bringing a new way to curate content recommendations on show pages with a feature called “Host recommendations.” If you’re a podcaster, you can now choose up to two pieces of content from other creators on Spotify and pin them to the top of the “More like this” tab.


Furthermore, Spotify has launched new analytics for creators monetizing through Ambassador Ads, Automated Ads, and podcast subscriptions. It’s now possible to track earnings, as well as measure the performance of ad campaigns and subscriptions.

Finally, Spotify introduces “impression analytics,” a new feature that will (hopefully) help creators understand how their show gets discovered on the streaming service.

Thanks to the new feature, creators can now see the total number of impressions for their shows and the individual episodes over a 30-day period. Initially, three sources will be taken into consideration: Spotify Home, Spotify Search, and Spotify Library.

These are just some of the creator tools that Spotify promised to bring to the platform at Podcast Movement Denver, but more will be added including the ability to customize your own bio and link out to social channels, a new way to view auto-generated transcripts, and the option to enable a better read-along experience for listeners.


[ad_2]
Source link

New CISA Advisories Highlight Vulnerabilities in Top ICS Products

0
[ad_1]

It is important for users and administrators of ICS systems to take steps to mitigate the vulnerabilities identified in the CISA advisories.

The Cybersecurity and Infrastructure Security Agency (CISA) released nineteen Industrial Control Systems (ICS) advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

The advisories cover a wide range of ICS products and vendors, including Siemens, Mitsubishi Electric, Hikvision, and Schneider Electric. The vulnerabilities identified in the advisories range in severity from low to critical. Some of the vulnerabilities could allow attackers to gain unauthorized access to ICS systems, disrupt operations, or even cause physical issues.

CISA encourages users and administrators of ICS systems to review the newly released advisories for technical details and mitigations. Here are some of the key vulnerabilities identified in the CISA advisories:

  • Siemens SIMATIC CP products: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a remote code execution attack.
  • Siemens SCALANCE W1750D: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a buffer overflow attack.
  • Siemens SICAM A8000 Devices: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a SQL injection attack.
  • Mitsubishi Electric MELSEC-F Series: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a cross-site scripting (XSS) attack.
  • Hikvision Access Control and Intercom Products: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a buffer overflow attack.
  • Schneider Electric IGSS: This vulnerability could allow an attacker to gain unauthorized access to ICS systems through a SQL injection attack.
ICSA-23-285-08 Siemens SINEC NMS
ICSA-23-285-15 Advantech WebAccess
ICSA-23-285-06 Siemens SICAM PAS/PQS
ICSA-23-285-16 Schneider Electric IGSS
ICSA-23-285-02 Siemens SCALANCE W1750D
ICSA-23-285-07 Siemens RUGGEDCOM APE180
ICSA-23-285-05 Siemens Simcenter Amesim
ICSA-23-285-12 Weintek cMT3000 HMI Web CGI
ICSA-23-285-03 Siemens SICAM A8000 Devices
ICSA-23-285-01 Siemens SIMATIC CP products
ICSMA-23-285-02 Santesoft Sante FFT Imaging
ICSA-23-285-04 Siemens Xpedition Layout Browser
ICSMA-23-285-01 Santesoft Sante DICOM Viewer Pro
ICSA-23-243-03 PTC Kepware KepServerEX (Update A)
ICSA-23-285-10 Siemens Tecnomatix Plant Simulation 
ICSA-23-285-13 Mitsubishi Electric MELSEC-F Series
ICSA-23-285-11 Siemens Mendix Forgot Password Module
ICSA-23-285-14 Hikvision Access Control and Intercom Products
ICSA-23-285-09 Siemens CPCI85 Firmware of SICAM A8000 Devices

CISA recommends that users and administrators of ICS systems take the following steps to mitigate these vulnerabilities:

  • Monitor ICS systems for suspicious activity.
  • Develop and implement an incident response plan.
  • Apply security patches from vendors as soon as they are available.
  • Implement a layered security approach that includes network segmentation, firewalls, and intrusion detection systems.

ICS systems are used to control critical infrastructure, such as power grids, water treatment systems, and transportation networks. A successful cyber attack on an ICS system could have devastating consequences.

It is important for users and administrators of ICS systems to take steps to mitigate the vulnerabilities identified in the CISA advisories. In addition to the steps recommended by CISA, organizations that operate ICS systems should also consider the following:

  • Conduct regular security assessments of ICS systems to identify and address vulnerabilities.
  • Develop and implement a security awareness training program for employees who use ICS systems.
  • Keep ICS systems isolated from the internet and other untrusted networks.
  • Use strong passwords and enable multi-factor authentication for all ICS systems.

By taking these steps, organizations can protect their ICS systems from cyberattacks, especially the increasingly prevalent cybersecurity threat of ransomware attacks, and minimize the risk of disruption to their operations.

  1. CISA Publishes List of Free Cybersecurity Tools and Services
  2. Major ransomware attack cripples largest gas pipeline in the US
  3. GreyEnergy: New malware targeting energy sector with espionage
  4. Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk
  5. Crit.IX: Flaws in Honeywell Experion DCS, Posing Risk to Critical Industries

[ad_2]
Source link

Test shows that the PIxel 8 has one of the best displays on a phones

0
[ad_1]

Google’s Pixel phones are great, but they’re not glorified much for their displays. Well, that might change this year, as the new Pixel 8 was just put through the DXOMARK test, and the numbers are good. According to the test results, the Pixel 8 has one of the best displays on the market.

A large part of the reason that people pick up phones is because of their displays; that’s especially true for Galaxy phones. We’re not only talking about the pretty colors. There are other factors such as viewing angles, brightness, readability, etc. that have an effect on the overall experience.

This is why DXOMARK does its display tests. They dive into all of the important aspects of the phone’s display to give an overview of its quality. All of the most popular devices get the same treatment.

According to DXOMARK, the Pixel 8 has one of the best displays on a smartphone

While Pixel phones aren’t really known for their displays, they do have nice displays in general. This year, Google went the extra mile for the display and introduced its Actua Display technology. The Pixel 8 Pro has a Super Actua Display. These displays promise amazing clarity and brightness.

As for the actual test, DXOMARK grades the display on six aspects: Readability, Color, Video, Motion, Touch, and Artifacts. It scored 161 points out of a possible 162 (161/162) for Readability, 163/164 for Color, 156/162 for Video, 138/155 for Motion, 160/168 for Touch, and 122/161 for Artifacts.

All of those scores are very high with the lowest one being the Artifacts score. Even that one isn’t too bad. 122 out of 161 is about 75%. This means that Google did a great job of calibrating this display in order to create an all-around great experience.

In fact, DXOMARK ranked this phone as #1. That means a lot because DXOMARK also scored the latest Galaxy phones and the latest iPhones as well. You won’t go wrong with any of those options in terms of display tech but you know that you’ll get the best experience with the Pixel 8.

If you’re interested in ordering this phone or its Pro counterpart, you can click the links below. The Pixel 8 starts at $699 and the Pixel 8 Pro starts at $999.

Pre-order the Pixel 8 (Best Buy)

Pre-order the Pixel 8 Pro (Best Buy)


[ad_2]
Source link

Google will let you generate images right from Search

0
[ad_1]

Google is pushing AI into more of its products. In fact, it’s hard to tell where Google ends and AI begins. The company just announced a new AI function that most people on the AI image scene will like. According to an announcement, you will be able to generate images right from the search bar.

Right now, if you’re trying out the AI Labs, then you should be familiar with seeing AI-generated results when you type something in. They’re at the very top of your results. If you don’t see these, then you’ll need to sign up for the Labs program. This program will give you early access to new AI features that the company is working on.

Google will let you generate images right from Search

If you want to generate an image, there are plenty of image generators out there that you can choose like DALL-E, Stable Diffusion, MidJourney, and many more. However, if you want to use those tools, you’ll need to navigate to those sites. Google is looking to offer a more straightforward way of generating images. It’s putting the ability right into Search. So, you’ll have access to it right when you open the browser.

When you gain access to this feature, all you’ll have to do is type your query into the search bar. Right under the search bar, you’ll see the results being generated right before you. Just like the AI-generated results, the images will show up above your actual search results.

Google SGE image GIF

You’ll see a set of four images pop up in the results. when you click on one, you’ll see a side panel slide in from the right. Right under the image, you’ll see an Edit button. Once you click on that button, you’ll see the side panel change to show you a text field. This is where you can make edits to your query and regenerate the image.

Google has some safeguards in place to help keep the tool safe. For starters, it won’t generate images that violate the company’s prohibited use policy for generative AI. This means that violent, controversial, and sexually explicit will be blocked, which is a good thing. Also, it will not generate images that depict notable people.

One thing that we like to see is that Google is adding metadata to the images so that people know that they’re AI-generated. This is rolling out to people testing out the SGE Labs starting Thursday.


[ad_2]
Source link

You can now troubleshoot battery and network issues on the Google Pixel 8 series via a new app

0
[ad_1]
Google is rolling out a new Pixel Troubleshooting app that can help you identify and fix battery and network problems on your phone. The app is only available on the Pixel 8 and Pixel 8 Pro for now, but Google may make it available to older Pixel phones in the future.

The Pixel Troubleshooting app functions as a system app. This means that it does not work as a standalone app, but instead, its tools can found within the settings of the phone. It is designed to provide intelligent diagnostics and troubleshooting for common issues like battery draining too quickly or connectivity problems, and then either suggests resolutions in easy steps or enables users to share diagnostic data with Pixel Care support agents.

The Battery Diagnostics section of the app gives you multiple options that might best describe your battery issues. It then lets you run diagnostic tests depending on your issue and presents support information on how to fix it. For example, if you are experiencing battery drain, you can run a test to check for apps that are using too much battery. The app will also provide you with tips on how to improve your battery life.

The network troubleshooter section of the app gives you tips to improve connectivity and contact Pixel support. For example, if you are having problems connecting to Wi-Fi, the app can help you troubleshoot the issue.
To use the diagnostic tools, open the Settings menu and either go to Battery > “Battery diagnostics” for the battery portion or “Network and Internet” for the network troubleshooter. Both options will run a scan and identify any potential problems. Finally, if it finds any problems, it will provide you with recommendations for how to fix them.

The Pixel Troubleshooting app is a tardy addition to the Pixel lineup, but a gladly received one when you consider that Apple has had a similar tool for some time now. Hopefully, this tool doesn’t remain a Pixel 8 series exclusive and eventually trickles down to older models as well.


[ad_2]
Source link

LinkedIn Phishing Scam Exploits Smart Links to Steal Microsoft Accounts

0
[ad_1]

Cofense cybersecurity researchers have noticed a sudden uptick in phishing messages sent via LinkedIn, as they observed around 800 emails sent between July and August 2023.

KEY FINDINGS

  • A new LinkedIn phishing scam targets users to steal their Microsoft account login credentials.
  • Phishing actors are exploiting LinkedIn’s Smart Link feature to evade email security mechanisms and redirect users to phishing pages designed to steal financial data.
  • The Smart Links feature is part of LinkedIn Sales Navigator and Enterprise and allows users to send up to 15 documents with a single trackable link.
  • Phishing actors are interested in exploiting Smart Links to make their phishing emails seem legitimate and appear to be sent by a trusted source apart from bypassing email protections.
  • This campaign targets diverse industries, but the most prominent targets are the finance and manufacturing sectors.

If you use LinkedIn to connect with your colleagues or industry experts, then you should feel alert because, in the newly discovered phishing campaign, threat actors are abusing a legitimate feature of LinkedIn to send authentic-looking phishing emails.

According to a report from email security firm Cofense, the feature exploited in this campaign is Smart Links, part of the LinkedIn Sales Navigator and Enterprise service. Phishers are abusing it to steal payment data. They exploit Smart Links to bypass email protection mechanisms and deliver malicious lures into the email inboxes of Microsoft users. Cofense

Cofense cybersecurity researchers have noticed a sudden uptick in phishing messages sent via LinkedIn, as they observed around 800 emails sent between July and August 2023. These emails were sent through 80 unique Smart Links and mostly lured users with payments, essential documents, security notifications, or recruitment-related messages.

According to Cofense’s blog post, all the messages contained an embedded link/button to redirect the victim to a malicious website where the attackers compel them to give away personal/financial data or login credentials. 

The report’s author, Cofense cyber threat intelligence analyst Nathaniel Raymond, noted that this campaign most probably exploits newly created or compromised business accounts on LinkedIn to deliver malicious lures and forces users to provide their Microsoft account details.

Clicking on viewing document opens a fake Microsoft login page that steals credentials (Image credit: Cofense)

For your information, this feature allows businesses to promote ads or websites and redirect users to their desired domains. This tool lets business account holders contact LinkedIn users via trackable ‘smart’ links. The sender can track who interacted with their messages and in what manner. Therefore, this tool is ideal for pitch testing and enhancing the process.

The smart link includes the LinkedIn domain with a parameter and an eight-alphanumeric character ID. However, adversaries have added new information, such as the recipient’s email ID, to autofill the phishing page the victim gets redirected to.

Employees at a wide range of organizations are targeted in this campaign, including manufacturing, financial, energy, construction, insurance, health, mining, consumer goods, and technology. But manufacturing and financial organizations were the top targets.

“Despite finance and manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and smart links to carry out the attack.”

Nathaniel Raymond – Cofense

To protect yourself against malicious phishing links, you must be wary of emails from unknown users, even if the email came from an authentic source or domain. Only click on links embedded in the email if you believe the email is legit, and if you are unsure, a good idea is to contact the sender directly to verify it. Use a reliable password manager to create unique passwords for online accounts and enable 2FA on all of them.

  1. New LinkedIn phishing campaign found using Google Forms
  2. Fake LinkedIn job offers scam spreading More_eggs backdoor
  3. Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack
  4. Ducktail Malware Exploits LinkedIn to Hack Facebook Business Accounts
  5. Hackers Used Fake LinkedIn Job Offer to Hack Off $625M from Axie Infinity

[ad_2]
Source link

Pushing Streaming to the Max

0
[ad_1]

It might be hard to believe, but the first Fire TV launched nearly a decade ago, in April 2014. Since then, we’ve seen quite a few devices come through Amazon’s virtual store shelves, and the company has pretty much settled on Fire TV Sticks and the Cube.

This year, Amazon refreshed its 4K lineup, with a new Fire TV Stick 4K and 4K Max. Now I have been reviewing both devices, but the bigger changes are on the Fire TV Stick 4K Max, so that’s what we’re going to focus on here. Though, both have pretty small changes, all things considered. The biggest changes include a new, more powerful processor and support for WiFi 6E, which is going to provide faster streaming with less buffering, thanks to the faster speeds.

The 4K lineup of Amazon’s Fire TV Sticks start at $49.99, with the Fire TV Stick 4K Max being $59.99. Let’s find out if it is worth picking up or not, in our full review.

Amazon Fire TV Stick 4K Max Review: Design

Surprisingly, there are some changes to the design of the Fire TV Stick 4K Max this year (also the regular 4K model). It now has more of a rounded profile, compared to it being pretty flat with sharp corners on all of the previous models.  This is actually a design change that I was not expecting, until I opened the box. Because let’s face it, the design of a streaming stick really doesn’t matter in the long run. It’s going to end up behind your TV, and you’ll never see it until you need to unplug it or do any other trouble shooting. But this is a nice design change.

Now as to why this change was made, it’s unclear. It doesn’t appear to add any more space inside the Fire TV Stick, but this could end up giving Amazon more space for things like WiFi 6E. It’s still a plastic body here, with a HDMI port on one end, and a micro USB port on the side. Surprisingly, Amazon is sticking with micro USB here. Apparently the EU hasn’t gone after Amazon for USB-C yet, like they did with Apple. I was annoyed at first that this had micro USB again, but Amazon does give you the micro USB cable and a wall charger in the box, so it’s not the end of the world.

The new Alexa Voice Remote is included

With the Fire TV Stick 4K Max, you are also getting the latest Alexa Voice Remote in the box. This includes an actual power button in the top-left corner. This is really useful, especially if you have the Fire TV Stick plugged into the HDMI-CEC port on the back of your TV, which allows it to control the TV as a whole. There’s also a dedicated blue button for Alexa, so she is not listening to you all the time. Just when you want.

On top of that, you have all of the usual buttons, like home, menu, back, play/pause, forward, rewind. And there are also buttons for Live TV, as well as channels and volume. These are things that were added with the previous update to the remote, so it’s good to see that here.

Amazon Fire TV Stick 4K AM AH 1

There are still four buttons at the bottom of the remote, as is usually the case with streaming devices. These include Amazon Prime Video, Netflix, DIRECTV Stream and Peacock.

On the Amazon store page, these buttons are all blacked out, which leads me to believe that these will likely change over the course of it’s life. And the bottom two buttons have a black background, versus the colored backgrounds that the Prime Video and Netflix logos get. Which is very likely possible, depending on which streaming services are paying more for this placement. But I wouldn’t expect to see Prime Video move.

Amazon Fire TV Stick 4K Max Review: Performance

One of the big reasons to get the Fire TV Stick 4K Max is going to be the performance. You see, with most streamers and TVs with streaming software built-in (like Fire TV, Google TV/Android TV and Roku), the hardware is usually lacking. Which results in the software performing pretty slow after a few months. But that is not the case with the Fire TV Stick 4K Max.

Sure, I’ve only had this Fire TV Stick for a couple of weeks at this point, but it’s still just as speedy as the day I unboxed it. I was also using the older Fire TV Stick 4K Max for quite some time before this one landed on my doorstep. And was quite impressed with its performance. This new model seems to be even more powerful.

Inside, there is a new 2GHz quad-core processor, and Amazon has also doubled the storage. Those are two things that really needed to be upgraded on the original Fire TV Stick 4K Max. So it’s good to see that here. It’s still only 16GB of storage, but it would be really great to see that double to 32GB on future streaming sticks. Especially with everyone and their dog starting their own streaming service now.

This is going to be the fastest and best-performing Fire TV Stick on the market. So if you’re experiencing a slow Fire TV Stick, this is the one to get.

Amazon Fire TV Stick 4K Max Review: Apps & Software

The Fire TV experience hasn’t changed a whole lot here on the Fire TV Stick 4K Max. It’s still Fire TV which everyone pretty much knows and loves. But one feature they did bring over is the Fire TV Ambient Experience. This was available on its own Fire TV sets like the Omni Fire TV. And it’s actually a really good feature.

Amazon Fire TV Stick 4K AM AH 9

The Ambient Experience basically gives you a nice background like Apple TV or Google TV, with a choice of three widgets towards the bottom. These widgets will look a lot like what you see on an Echo Show or other Alexa smart display. These widgets include Weather, music, news and much more. You can then press the up arrow on your remote to expand them to full screen. It’s actually pretty neat, because it’ll tell me when a package has been delivered, or when someone is at the door, since I have a Ring Video Doorbell.

Fire TV can still control your smart home, this is largely thanks to Alexa being included here. Just say “Alexa, turn on the lights” and you’ll be all set. You’ll also get notifications when your Amazon package has been delivered, as well as when your Alexa-compatible cameras see something, or someone’s at the door. If you’re invested in the Amazon ecosystem, the Fire TV Stick 4K Max is a really good purchase.

Of course, Fire TV does have a ton of app support. This includes Amazon Prime Video, Hulu, Netflix, YouTube TV, Tubi and much more. It does also have a Live TV button available, which will show you the Live TV channels for every streaming Live TV service you have installed. So that could be YouTube TV, Tubi TV, Pluto TV and Frndly TV. All in one spot. Which is really convenient, instead of opening each app to find something to watch.

It’s not the best software on a streaming device, I still believe that goes to the Apple TV. And that’s largely because it’s simple and there’s no ads. So you just get your apps front-and-center and don’t see a big ad taking up half of the TV screen. But the software is very responsive and easy to navigate which is very important on a TV.

Amazon Fire TV Stick 4K AM AH 5

Should you buy the Amazon Fire TV Stick 4K Max?

Now for the million dollar question. Should you buy the new Amazon Fire TV Stick 4K Max? Well, that depends. If you already have the older Fire TV Stick 4K Max, I’d say no. The only real upgrades you’d see here is the extra storage and WiFI 6E support. If those are two things you really want, then yes, it’s a good upgrade. But I’d urge you to wait until Black Friday, where it will likely be about half price.

Those coming from other Fire TV Sticks, yes, the Fire TV Stick 4K Max is definitely worth it. It is a much better Fire TV product, and performs way better. Not to mention that extra storage which will definitely come in handy here. The only other Fire TV product you should not upgrade from would be the Fire TV Cube. Which is just as powerful, if not more powerful since Alexa is always listening to you.


[ad_2]
Source link