Keyword search coming to Threads, Already testing in some regions

0
[ad_1]

Threads by Instagram continues its consistent roll out of features in order to become a true competitor to X/Twitter since its launch last month. One of the most glaring omissions since the app became available to download is the lack of a search feature, however, this will be changing soon.

It was confirmed today by Mark Zuckerberg via a post on Threads that a keyword search feature will be coming to the app soon. This was quickly followed with a post by Instagram Head, Adam Mosseri, who confirmed this and added that a test is underway in Australia and New Zealand.

Testing of the keyword search feature starts today and will be rolling out to other English-speaking regions soon. There was no specific timeframe provided for the rollout in stable but Mosseri did add that they are also working on adding more languages and requested feedback from those who are already testing the feature. This is pretty significant considering that, as it stands, the only thing you can search for in the app are other accounts.

The announcement comes just days after Threads rolled out its highly requested, but not fully featured, web app. It remains unclear how the addition of a web version of the app has helped the platform gain or retain users, but my guess is that the result has been positive considering the public feedback I’ve seen throughout the app in response to the feature rollout.
Threads struggled with user retention, after having a stellar launch, with its number of active daily users seeing a steep decline. Most blamed the lack of feature parity with the app Threads is trying to compete with — X, formerly known as Twitter, for the apps sudden downfall.

However, it appears that Zuck, Mosseri, and the Threads team are not sitting on their laurels and are instead working diligently to bring most of these features to the platform as soon as humanly possible. With the mostly highly requested features already implemented or on the way (Web client, Following feed, Keyword search), the team can now move on to working on the implementation of Direct messages, hashtags, and other features that the competition already offers.


[ad_2]
Source link

Cisco BroadWorks Software Flaw Let Attackers conduct XSS Attack

0
[ad_1]

Cisco released a fix for the medium impact vulnerability found on CommPilot Application Software, allowing cross-site scripting against the user interface.

The Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform.

The lack of file validation and broken access control on the vulnerable upload servlet allows any authenticated user to upload a file, which could be abused to run arbitrary code on the server.

Cisco’s BroadWorks Application Delivery Platform, BroadWorks Application Server (AS), and BroadWorks Xtended Services Platform (XSP) are affected by this vulnerability.

Vulnerability in detail:

The latest update for the Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability was published on August 30 by Cisco.

The web-based management interface does not properly validate user-supplied input, which lets an attacker exploit this vulnerability by persuading a user to click a crafted link. 

A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

They have released software updates that address this vulnerability, but no workarounds address it.

The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed-release information that is documented in this advisory.

Before upgrading devices, Cisco recommends its customers ensure that the memory and current hardware and software configurations will continue to be supported properly by the new release.

Fixed Release:

Cisco BroadWorks Application Delivery Platform with CommPilot-25, CommPilot-24, and CommPilot-23 ReleaseFirst Fixed Release
Release Independent (RI)RI 2023.06
Cisco BroadWorks Application Server Software ReleaseFirst Fixed Release
Earlier than 23.0Migrate to a fixed release.
23.0AP.as.23.0.1075.ap385295.Linux-x86_64.zip
24.0AP.as.24.0.944.ap385295.Linux-x86_64.zip
Release Independent (RI)RI 2023.06
Cisco BroadWorks Xtended Services Platform Software ReleaseFirst Fixed Release
Earlier than 23.0Migrate to a fixed release.
23.0AP.xsp.23.0.1075.ap385295.Linux-x86_64.zip
Release Independent (RI)RI 2023.08

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Philips Hue announces new and unique lights at IFA 2023

0
[ad_1]

Philips Hue has really made a splash at IFA 2023 in Berlin this week. In addition to announcing the new Secure Cameras, as well as the Matter update coming to the Hue Bridge next month, the company also announced a few new lights.

On tap this time around, is the Philips Hue MR16 smart bulb. This smart bulb can turn your conventional spotlights into smart lights anywhere in your home. It works on the same 12V low voltage as standard MR16 bulbs. Which makes them compatible with most transformers. The MR16 is going to be available in September and will cost $99 for a two pack of white and color ambiance bulbs.

Next up is the Philips Hue Perifo Track Lighting. This allows you to become your home’s personal lighting designer. This is a new line of lights from philips Hue that will include individual rails and lights that fit together to make a fully customizable track. You are able to choose the layout, length of the track and the light fixtures to get full control over the way you light your home. The Perifo Track Lighting will be available in September, with a starting price of $19.99 up to $299.

Philips Hue is also announcing the Centris, which is a unique and innovative combination ceiling spotlight that has colorful light. It has 350-degree adjustable spotlights available, and can be angled to highlight different parts of your room. Centris will also be available in September and start at $309 for a 2-spot pack and $489 for a 4-spot pack.

New generation of Philips Hue Festavia string lights is finally here

The Festavia string lights from Philips Hue has finally gotten updated this year. And it can be used both indoors and outdoors. This will help you create a pretty cozy indoor atmosphere on holidays and special occasions, as well as backyard barbecues and get-togethers. Philips Hue says that the new string lights come in three varieties. This includes 100 LEDs along an 8-meter cord, 250 LEDs along a 20-meter cord and 500 LEDs along a 40-meter cord.

Philips Hue says that the Festavia string lights will be available in September and will start at $119 for the 100 LEDs model. The 250 LEDs will be $219 and the 500 LEDs will cost $359.


[ad_2]
Source link

These JLab earbuds are tiny, and so is their price

0
[ad_1]

Earbuds are small, and no one was really asking them to be smaller. However, that didn’t stop JLab from further reducing their size. Today, JLab just unveiled the Jbuds Mini, according to Engadget, and they’re so small that the charging case can fit on a keychain.

The company announced the earbuds back in December 2022, so it’s definitely been a long time coming. While these earbuds are small, the company managed to retain a solid experience.

The JLab JBuds Mini are tiny, but they’re big where it counts

With such a small size, you’d expect these earbuds to skimp on the essentials, but that’s not really the case. The only main feature that the company cut was ANC (Active Noise Cancelation). Other than that, these buds can provide a solid experience.

They have a set of 6mm drivers to deliver the sound, so you won’t need to worry about a lack of power. While they don’t have ANC, they still offer transparency mode for when you need to listen to the world. This is done through a set of noise-cancelling microphones on the buds, and this will make calls much better.

This might sound a bit tedious with a pair of earbuds so small, but they do use touch controls. You can do pretty much anything you need using the touch controls such as control your music, summon the assistant of your choice, activate/deactivate transparency mode, etc.

If you’re worried about these earbuds’ endurance when it comes to battery life, you’d be pleasantly surprised with how long they last. While they’re practically microscopic, you’re able to get about 5.5 hours of battery life with about 20 hours with the included charging case. Those aren’t the best numbers, but they’re still pretty solid. They can get you through the day.

Other specs include Google’s Fast Pair technology. This will allow you to connect the earbuds to your Android device without having to dig into the Bluetooth settings. Lastly, these earbuds have IP55 water and dust resistance. This means that you don’t have to worry about your sweat ruining them if you’re working or working out with them on.

The JLab JBuds Mini will officially launch on September 1st and set you back only $40. They’ll come in Mint, Sage, Pink, Aqua, and Black colorways.


[ad_2]
Source link

YouTube Music rolls out redesigned Now Playing with comments section

0
[ad_1]

Long gone are the days when we had to hunt for music through friends, exchange tapes, or enjoy our favorite songs solely at concerts or parties. Now, we can pick from numerous streaming services vying for our attention by bringing in fresh features. While YouTube Music isn’t exactly famous for having the most cutting-edge features compared to rival apps, it has been moving forward nicely by at last including long-promised live lyrics– and now releasing even more updates.YouTube Music is introducing the newest redesign of the Now Playing interface on both Android and iOS (via 9to5Google). This update includes a comments section, as well as new buttons attached to the carousel. These buttons were previously hidden by default and needed users to tap on the artwork to access them.

The new design makes YouTube Music look even more like the main YouTube app, with the comments section being a copy of what you see on the main YouTube app. The carousel now features buttons to Like, Dislike, view or add Comments, Save, Share, Download the track, or switch to its Radio. Before, only four of these choices appeared when you tapped the album art.

For some time, YouTube Music might be the sole music streaming app with a live comments section until competitors catch up if they ever choose to. By enhancing the competitiveness of the YouTube Music app against its rivals, Google could be aiming to draw in more users.

One of the advantages of YouTube Music is that if you already have a YouTube Premium subscription, you get access to Music Premium as well (which means no ads, offline and with your screen off streaming). Or in other words, you can save money by not subscribing to other music streaming services. 


[ad_2]
Source link

Multiple Splunk Enterprise Flaws-Attackers Execute Arbitrary Code

0
[ad_1]

Splunk Enterprise has multiple vulnerabilities that can lead to Cross-site Scripting (XSS), Denial of Service (DoS), Remote code execution, Privilege Escalation, and Path Traversal. The severities of these vulnerabilities range between 6.3 (Medium) to 8.8 (High). 

Splunk has addressed these vulnerabilities and has released security advisories for patching them.

CVE-2023-40592: Reflected Cross-site Scripting (XSS)

An attacker can exploit this vulnerability by sending a crafted web request on the “/app/search/table” endpoint leading to the execution of arbitrary commands on the Splunk Platform. This vulnerability exists due to improper input validation. The CVSS score for this vulnerability is given as 8.4 (High). 

CVE-2023-40593: Denial of Service (DoS)

A threat actor can exploit this vulnerability by sending a malformed SAML (Security Assertion Markup Language) request to the /saml/acs REST endpoint, which can cause a Denial of Service (DoS). 

This vulnerability exists due to the fact that the SAML XML parser does not fail the signature validation for the malformed URI. The CVSS score for this vulnerability is given as 6.3 (Medium).

CVE-2023-40594: Denial of Service (DoS

The printf function has improper expression validation in combination with commands like fieldformat. An attacker can exploit this vulnerability to perform a Denial of Service (DoS). The CVSS score for this vulnerability has been given as 6.5 (Medium).

CVE-2023-40595: Remote Code Execution

A threat actor can execute arbitrary code on the Splunk Enterprise platform by sending a specially crafted query that can serialize untrusted data. The CVSS score for this vulnerability is given as 8.8 (High).

CVE-2023-40596: Splunk Enterprise on Windows Privilege Escalation

This vulnerability arises due to an insecure path for the OPENSSLDIR build definition. Splunk Installation creates DLL files and the build system specifies internal build definition. If no build definition is provided, the build system uses the local directory when building the DLL files.

OPENSSLDIR build definition is not provided at build time, resulting in its insecure path getting encoded into the affected DLL files. A threat actor can exploit this to create a directory structure on the Splunk Enterprise instance, thereby installing malicious code that can escalate privileges. The CVSS score for this vulnerability is given as 7.0 (High).

CVE-2023-40597: Absolute Path Traversal

An attacker with write access to the drive on Splunk Enterprise instances can exploit this vulnerability by using the runshellscript.py script. This script has insufficient user validation that lets attackers run a script on the root directory of another disk on the machine.

This can be used to perform absolute path traversal to execute arbitrary code on a separate disk. The CVSS score for this vulnerability has been given as 7.8 (High).

Affected Products and Fixed versions

VulnerabilitiesCVEProductVersionComponentAffected VersionFix Version
Reflected Cross-site Scripting (XSS)CVE-2023-40592Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.118.2.12
Splunk Enterprise9Splunk Web9.0.0 to 9.0.59.0.6
Splunk Enterprise9.1Splunk Web9.1.09.1.1
Splunk CloudSplunk Web9.0.2305.100 and below9.0.2305.200
Denial of Service (DoS)CVE-2023-40593Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.118.2.12
Splunk Enterprise9Splunk Web9.0.0 to 9.0.59.0.6
Splunk CloudSplunk Web9.0.2305.100 and below9.0.2305.200
Denial of Service (DoS)CVE-2023-40594Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.118.2.12
Splunk Enterprise9Splunk Web9.0.0 to 9.0.59.0.6
Splunk Enterprise9.1Splunk Web9.1.09.1.1
Splunk CloudSplunk Web9.0.2305.100 and below9.0.2305.200
Remote Code ExecutionCVE-2023-40595Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.118.2.12
Splunk Enterprise9Splunk Web9.0.0 to 9.0.59.0.6
Splunk Enterprise9.1Splunk Web9.1.09.1.1
Splunk CloudSplunk Web9.0.2305.100 and below9.0.2305.200
Windows Privilege EscalationCVE-2023-40596Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.118.2.12
Splunk Enterprise9Splunk Web9.0.0 to 9.0.59.0.6
Splunk Enterprise9.1Splunk Web9.1.09.1.1
Absolute Path TraversalCVE-2023-40597Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.118.2.12
Splunk Enterprise9Splunk Web9.0.0 to 9.0.59.0.6
Splunk Enterprise9.1Splunk Web9.1.09.1.1
Splunk CloudSplunk Web9.0.2305.100 and below9.0.2305.200

As per the Splunk Security Advisories, users of these products are recommended to upgrade to the latest version to fix these vulnerabilities.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Philips Hue is getting into the Home Security market with new Smart Cameras

0
[ad_1]

Philips Hue has just announced their first smart security cameras. They are simply called “Secure Camera”, and the name makes a lot of sense, since these are end-to-end encrypted. They also work with Philips Hue’s smart lights to help scare off intruders.

These new cameras puts Philips Hue into direct competition with Ring and Nest. Which is a bit interesting, especially since Ring has had some issues as of late with security. While Hue says that these cameras are end-to-end encrypted.

Hue says that these cameras are capable of recording in 1080p and provide night vision. Making them great to put around your home. As mentioned, you can also connect these to other Philips Hue lights around your home, and Hue also has the Secure Floodlight Camera, where the floodlight will automatically turn on when it sees movement.

The Philips Hue Secure Cameras will come in wired and battery models, costing €200 and €250 respectively. US pricing has not yet been released, but those do convert to about $218 and $273, respectively. The Hue Secure Floodlight Camera does come in at €350.

That’s not all from Philips Hue at IFA 2023

Philips Hue is all about security at IFA this year. And has also debuted a few new contact sensors. These will alert you to doors and windows opening. You can also program these to work with Hue lights, so that the lights can be switched on or off as the sensors detect doors being opened. This is good for intruders, or also having the lights turn on automatically when you walk through the door. The contact sensors are available in black or white for €40 or €70 for a pack of two.

Finally, Philips Hue has also updated its app to add a new Security Center. This is going to allow you to trigger alarms from there, flash lights and even sound the siren on the Secure Camera. The new feature also gives you a quick and easy way to call local authorities.

All of these products will be launching this fall.


[ad_2]
Source link

Hackers Hiding Malicious Word Files within PDFs

0
[ad_1]

KEY FINDINGS

  • Hackers are using polyglot files to embed malicious Word documents within PDFs.
  • These files can appear in one format but can be interpreted as another, depending on the application.
  • The MalDoc in PDF attack can evade conventional detection mechanisms, such as PDF analysis tools, sandboxes, and antivirus software.
  • However, it can be detected by certain analysis tools, such as ‘OLEVBA.’
  • To protect yourself from this attack, disable macros in Microsoft Office and use a multi-layered security approach.

Security experts at Japan’s computer emergency response team (JPCERT) have uncovered a novel cyberattack technique dubbed ‘MalDoc in PDF.’ This innovative method involves embedding malicious Word files within PDF documents, allowing hackers to spread malware while evading conventional detection mechanisms.

The technique relies on the concept of polyglot files, which appear as one format but can be interpreted as another, depending on the application. Japan’s computer emergency response team (JPCERT) investigation into the ‘MalDoc in PDF’ attack capitalizes on polyglots – files containing two distinct formats that can be executed as different types, depending on the opening application. In this case, hackers utilize both PDF and Word document formats, allowing the malicious file to function in either format.

By leveraging polyglot files, cybercriminals create documents that appear harmless in one format but contain malicious code in another. In the ‘MalDoc in PDF’ attack, a PDF document conceals a Word file housing a VBS macro. When opened in Microsoft Office as a .doc file, the macro downloads and installs an MSI malware file on vulnerable systems.

However, it’s important to note that this attack relies on macros being enabled on the victim’s computer; disabling macros remains an effective security measure.

For your information, A polyglot file is a type of computer file that is designed to be valid and functional in multiple formats or applications simultaneously. Essentially, it’s a single file that can be interpreted differently depending on the software that opens it.

This characteristic is often exploited by attackers to create files that appear harmless in one context but contain malicious code in another, thus bypassing security measures that may not be capable of detecting the hidden malicious content.

The ingenuity of the ‘MalDoc in PDF’ can lead to confusion for PDF analysis tools, sandboxes, and antivirus software, which might fail to detect the embedded malicious components. However, certain analysis tools, like ‘OLEVBA,’ can still identify the concealed threats, suggesting that a multi-layered security approach remains effective.

JPCERT shares a Yara rule to aid in identifying files that deploy this method. This rule checks for patterns indicative of both PDF and Word document formats within the same file, offering a way to spot potential threats. 

  1. Hackers abusing Google App Engine to spread PDF malware
  2. 5 PDF Tricks You Should Know To Improve Document Productivity
  3. Banking Malware Delivered via Macro in PDF Embedded Word Document

[ad_2]
Source link

Google sends invites for Pixel 8 event on October 4

0
[ad_1]

It’s that time of year. Techtember, and Techtober are finally here. Google has just sent out invites for the Pixel 8 event, just a day after Apple sent out invites for its iPhone 15 event.

Google will be taking the stage in New York City to announce the new Pixel 8 and Pixel 8 Pro. We could see a few other goodies announced here. It is getting time to replace the Pixel Buds, so maybe we can get a new pair of Pixel Buds at this event.

Along with the Pixel 8 series, we’ll also be seeing the Tensor G3 for the first time. This is going to be Google’s third-generation Tensor chipset, made specifically for Pixels. Hopefully, it’ll be the start of something great for Google, as Tensor hasn’t been so great in the first two generations.

What’s coming on October 4?

Typically, this fall event is where Google will announce its latest flagship devices. In previous years, we have seen more than just two phones at this event. But so far, that’s all we’re confident with saying is arriving at this event. We could see some other products like a new pair of Pixel Buds, or a Chromecast with Google TV. Sometimes, Nest will get in on the fun and release some new products too.

This is going to be like Christmas for Android fans, as Pixel is still a very popular product for Android fans. Especially the cameras on the Pixel, as well as the Google software. Google is also likely to announce some new software features that are exclusive to Pixel, but likely won’t launch on older Pixels in October. Those will likely come in the next Pixel Feature Drop which is in December, or even a bit later.

We’ll find out more on October 4 when Google takes the stage at 10AM ET sharp. Rick Osterloh might have some surprises for us, which would be great to see.

Screenshot 2023 08 30 at 12 08 38 PM


[ad_2]
Source link

How does mobile streaming hold up against the other options?

0
[ad_1]

We’ve reached a point now where media is as often streamed as it is owned. Buying albums has become a more niche pastime in the face of services like Spotify, and Netflix paved the way for a number of other streaming services that are currently dominating the TV and film world.
Thanks to all of that, we now expect that all of our latest devices will be optimized for streaming, whether that’s smartphones, tablets, or full-size PCs. So how well do the latest mobile devices stack up to their stationary peers?

The Visuals

As far back as we’ve even had video capabilities on our mobile phones, there has been an expectation that we’re trading visual quality for convenience. A smartphone naturally can’t put out the same graphics as a PC GPU that’s four times the size of it, after all. Thanks to some cunning engineering, however, you’d be hard-pressed to see a major difference these days beyond the smaller screen.

Smartphone image 8934839348

We’ve seen an increasing number of media platforms optimizing for mobile streaming, such as in the online casino world which has been a champion of mobile-first presentation for a long time. The streamed games you find there such as roulette and blackjack come through in full high-definition video like you’re in the room with the host, making it no surprise that a live blackjack offer for new customers at somewhere like Paddy Power proves popular with mobile players.

The Connection

Unless you’ve been living under a rock for the past few years, you’ll know that 5G is the newest and biggest technology when it comes to mobile connections. This is particularly critical for streaming as those higher-quality graphics inevitably take up more data and more bandwidth. While fibre broadband looks set to keep the edge over wireless connections for a while to come yet, the two have never been closer in terms of speed.

Speedtest image 83498389384

More and more, it’s coming down to how you use it. If you’re streaming indoors with minimal movement then broadband is still a better option, but as soon as any movement is involved then 5G is a solid option now with comparable speed as long as coverage allows.

The Controls

This is probably the one area where mobile streaming inherently can’t compete with a PC. Even with a more basic keyboard and mouse, you’re going to have many times more control options than can be crammed into a small screen. We have had multi-touch screen technology for over a decade but compared to pressing a big chunky button that says ‘play’ or ‘pause, most tend to find ‘old-fashioned’ way more user-friendly for the time being. With that said, we’ve been on the verge of several hands-free options for years now so this may switch up in the near future.

The short answer about mobile streaming is that it still may be behind very slightly compared to desktop, laptop or even smart TV options, but those differences are becoming less and less obvious with every year that goes by.


[ad_2]
Source link