Latest Tech News

Python developers are under attack once again, with attackers looking to steal Discord account details along with data stored in various browsers. 

Cybersecurity researchers from Snyk have recently spotted a dozen malicious packages, uploaded to PyPi, the biggest Python code repository out there, with more than 600,000 active users. 

The packages were uploaded almost a month ago, by a threat actor called “scarycoder”. They claim to provide the users with various functionalities, Roblox tools, thread management, and others. Instead, the researchers have found, all the packages do is steal sensitive information.

Stealing passwords 

Different packages are capable of stealing different things. Some are focused on data stored in browsers such as Google Chrome, Chromium, Microsoft Edge, Firefox, and Opera. The data includes stored passwords, browser history, cookies, and search history. Others are installing backdoors directly into the Discord client, stealing authentication tokens, Nitro status, billing information, and credit card data.

One of the malicious programs attacks Roblox, it was further said, stealing account cookies, user IDs, Robux balance, and Premium status. 

Read more

> Malicious Python packages dump your AWS secrets online

> Millions of us are using malicious browser extensions without realizing

> Learn or develop Python coding skills with the best Python online courses

PyPi’s administrators are relatively slow to respond, the publication states, adding that it’s probably not due to negligence, but rather due to the fact that the entire project is run by a handful of volunteers who simply can’t keep up with a tidal wave of malware uploads. 

Still, the slow response means many of Python developers will remain exposed to various viruses, malware, and other forms of attacks.

Experts from Spectralops recently found 10 malicious packages on the PyPi platform. All of these were given names that are almost identical to the names of legitimate packages in order to dupe developers into downloading, and adopting, the tainted ones. The practice is called typosquatting, and it’s quite a common occurrence in the developer community.

• These are the best firewalls right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/5eSHBl9

Latest Gadgets News

Lenovo launched the Lenovo Legion Y70 smartphone and Lenovo Xiaoxin Pad Pro 2022 tablet in China on August 18. The Lenovo Legion Y70 is powered by a Snapdragon 8+ Gen 1 SoC. Meanwhile, the Lenovo Xiaoxin Pad Pro 2022 offers two chipset options — a Snapdragon 870 SoC or a MediaTek Kompanio 1300T SoC.

from Gadgets 360 https://ift.tt/OjiEFkh

Student Loan Payments: Why Experts Think Biden Will Extend the Pause - CNET

Student loan payments will resume on Sept. 1 if the White House doesn't step in.

from CNET https://ift.tt/52jUzqv

Latest Tech News

Apple has released macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 which addresses two zero-day vulnerabilities being actively exploited in the wild. 

One of the flaws, affecting all three forms of the software is an out-of-bounds write vulnerability in the OS Kernel which can be abused to grant malicious applications highest privileges - in other words, an attacker could use it to fully take over a vulnerable endpoint. 

The second vulnerability, tracked as CVE-2022-32893, is an out-of-bounds write flaw in WebKit, Safari’s engine used by other apps with web access. This can also be used to take over a vulnerable device, as it allows threat actors to perform arbitrary code execution.

Keep your devices safe

The company said it had been tipped off to the flaws by an anonymous user tipped Apple off, adding that it improved had bounds checking for both bugs.

If your organization runs either Macs with macOS Monterey, iPhone 6s or later devices, all iPad Pros, iPad Air 2 and newer devices, iPads 5th gen and beyond, iPads  mini 4 and newer, or iPod touch 7th generation devices, you should patch immediately, especially because the flaws are being actively exploited.

Read more

> Apple rolls out emergency patch for gaping security hole in Macs, Watches

> Apple just patched a whole load of iPad, macOS and iPhone security bugs, so update now

> Remove viruses and ransomware with the best malware protection software around

Apple’s been quite busy fixing zero-day vulnerabilities in recent months. In January 2022, it fixed two such flaws, namely CVE-2022-22578, and CVE-2022-22594, which allowed arbitrary code execution with kernel privileges. A month later, it fixed another zero-day, affecting iPhones, iPads, and Macs, and allowing threat actors to crash the OS and run remote code execution.

In March, it patched CVE-2022-22674, and CVE-2022-22675, both zero-days abused to execute code with Kernel privileges.

• These are the best firewalls around

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/uJMhDKH

Latest Gadgets News

Telecom Minister Ashwini Vaishnaw said on Thursday that he had requested telecom operators in the country to prepare for the rollout of 5G services. India's biggest ever auction of telecom spectrum recently concluded, with the Department of Telecom received a record Rs 1.5 lakh crore worth of bids.

from Gadgets 360 https://ift.tt/kLQoD6z

Snap Reportedly Done With Its Camera Drone Pixy - CNET

The selfie drone debuted earlier this year.

from CNET https://ift.tt/yMaOlrv

NASA Outlines Game Plan for Upcoming Artemis I Lunar Launch - CNET

On Aug. 29, here's what could go down.

from CNET https://ift.tt/iSYv0XJ

Latest Tech News

This year's Apple iPhone 14 will hit earlier than last year, according to Mark Gurman, the most accurate Apple information leaker on the planet, and picked up by friends at The Verge. While the iPhone 13 made a late-September appearance, the new Apple iPhone 14 will show up just after the U.S. Labor Day holiday at a September 7th event. The phone will go on sale a week from the following Friday, on September 16th. 

Apple is expected to go large at this year's iPhone launch, by which we mean the new model will be a large-screen phone and not an update to the Apple iPhone 13 mini. Rumors suggest Apple will launch an Apple iPhone 14 and a large-screen iPhone 14 Max.

A separate "Pro" class will see further upgrades to processing, camera, and other features: The Apple iPhone 14 Pro and the iPhone 14 Pro Max. The phones without the "Pro" designation are expected to remain on last year's Apple A15 Bionic chip. If an upgraded A16 chip is announced, it may only be used on these "Pro" devices.

Analysis: A good sign of good supply

Last year's phone launch came just a bit later in September, but could have slipped even further due to supply chain issues. We have seen a number of phone launches late this summer and have heard little complaint about supply problems. Even though the Apple iPhone 14 is launching only a week or so earlier than last year, we still take this as a good sign that the industry is finding a balance to supply consumers without hiking prices or causing huge delays.

Quite a bit of information about the new Apple iPhone 14 has leaked out already, and you can take a deep dive into every tidbit at our explainer. Apple is also expected to announce a new Apple Watch 8 at the September event. You can read our reviews of the best Apple Watches currently available.

from TechRadar - All the latest technology news https://ift.tt/95cdfIg

Latest Gadgets News

Genesis announced on Wednesday that it was cutting 20 percent of its workforce. The crypto broker also announced that it was naming COO Derar Islim as the interim head, who will replace outgoing CEO Michael Moro. The New York-based company is the latest in the cryptocurrency space to be hit by the so-called "crypto winter"

from Gadgets 360 https://ift.tt/48HSd2C

Latest Gadgets News

The Delhi High Court has granted time to the government to inform the court whether it is working on regulation related to the de-platforming of users on social media, after hearing a batch of petitions related to suspension and deletion of accounts of users, including Twitter users. The Cenre will have to state its stand on September, when the matter will be heard by...

from Gadgets 360 https://ift.tt/xm7TIWU

Your Posture Might Matter When You're Swallowing Pills - CNET

Whatever you do, you probably don't want to lie on your left side.

from CNET https://ift.tt/cPNmTuR

Latest Tech News

Oracle has begun auditing the algorithms of social media giant TikTok in order to ensure they are not being manipulated by Chinese authorities.

As reported by Axios, the US cloud giant has already started examining both TikTok’s algorithms and content moderation models following long-running concerns about collusion between the Chinese government and TikTok parent company ByteDance.

It comes shortly after TikTok migrated American users' data to servers owned by Oracle US in an attempt to lessen worries about possible snooping and manipulation.

TikTok scrutiny

A TikTok spokesperson told Axios that the new partnership would allow Oracle to carry out, "regular vetting and validation" of the company's content recommendation and moderation models. 

Past reports had claimed that TikTok blocks or marks down certain videos critical of the Chinese government, as well as censoring videos that mention subjects such as Tibetan independence or the Tiananmen Square massacre.

The reviews should mean Oracle can examine how TikTok's algorithms surface content "to ensure that outcomes are in line with expectations and that the models have not been manipulated in any way," the spokesperson added.

Providing Oracle with such visibility, "will ensure that content continues to be flagged and actioned appropriately based on our Community Guidelines and no other factors."

READ MORE:

> TikTok could soon add in-app shopping

> TikTok in serious trouble over data collection, again

> Keep your internet activity private with the best free VPN services

The move is the latest in a line of  TikTok attempts to help reassure the US government over fears that user data was being manipulated.

The Trump administration had taken a hard line against TikTok and ByteDance, with a 2020 ruling by a US national security panel ordering the company to divest its US operations, alleging that the data of US users could find its way into the hands of the Chinese government.

However, the Biden administration has looked to work with the company, which has launched Project Texas, a wide-ranging attempt to persuade US lawmakers that user data is safe.

Along with moving US user data to Oracle's facilities, TikTok has also separated its US operation backend functions and code as part of Project Texas.

• Here's our pick of the best privacy tools around today

from TechRadar - All the latest technology news https://ift.tt/bTCqwkY

Working Toward Public Service Loan Forgiveness? You Have a New Student Loan Servicer - CNET

If your account has not been transferred yet, it will be moved this summer.

from CNET https://ift.tt/plWTh1F

Latest Tech News

Microsoft is preparing to release a new cloud-based workstation service for developers, dubbed Microsoft Dev Box.

The new managed service will allow developers to create a pre-configured machine in the cloud, without the need to set up a physical workstation. 

The new service has been in private preview since May 24, but is now widely available in public preview.

Microsoft Dev Box

Microsoft Dev Box supports any developer IDE, SDK, or tool that runs on Windows, and allows developers to target any development workload that can be built on Windows, including desktop, mobile, IoT and web applications.

Further, Microsoft Dev Box allows users to build cross-platform apps using Windows Subsystem for Linux and Windows Subsystem for Android. And developers can also use remote access virtual desktop tools to run dev boxes from devices running non-Windows operating systems such as macOS, Android, iOS or a web browser.

Customers have the option to choose from 4 vCPU / 16GB to 32 vCPU / 128GB SKUs, depending on the size of the applications they are working with.

Using Azure Active Directory groups, IT admins also can grant access to sensitive source code and customer data on a project-by-project basis, which Microsoft claims will eliminate the need to ship hardware to short-term contractors and help keep development more secure.

READ MORE:

> Microsoft to offer developers powerful workstations in the cloud

> Our list of the best laptops for developers right now

> Microsoft is making a big change to some of its developer tools

Microsoft hasn't yet indicated when the tool is set to hit general availability or how much it will ultimately cost.

However, during the current trial period, organizations will get the first 15 hours of the 8vCPU and 32 GB Memory SKU for free every month, along with the first 365 hours of the Storage SSD 512 GB SKU.

Beyond that, Microsoft says organizations pay only for what they use with a consumption-based pricing model.

• Just starting out? Check out our lists of the best HTML courses and best JavaScript courses

from TechRadar - All the latest technology news https://ift.tt/A1Bye65

Latest Tech News

A new strain of dangerous ransomware has evolved to target Android devices, researchers are warning. 

Experts from Cleafy have analyzed the fifth and latest version of the popular Android banking trojan SOVA, and discovered multiple new features, including the ability to encrypt locally stored files. 

According to the researchers, the malware uses AES encryption to add the .enc extension to all files and prevent the user from accessing them. 

Developing the trojan

"The ransomware feature is quite interesting as it's still not a common one in the Android banking trojans landscape. It strongly leverages on the opportunity arises in recent years, as mobile devices became for most people the central storage for personal and business data," Cleafy says.

The fifth version of the trojan is not fully developed, the researchers added, but warned it is nevertheless ready for mass deployment. 

SOVA’s owners have been aggressively developing their product for the past couple of months. So far this year, the tool has seen numerous new tools introduced, including two-factor authentication interception, as well as new injections for multiple global banks. It has also seen virtual network computing (VNC) capabilities for on-device fraud. This feature, however, still seems to be under construction.

Read more

> Ransomware attacks are on the rise, so make sure your business is protected

> Ransomware is more of a threat to businesses than ever before

> Keep your business safe with the best endpoint protection

SOVA is currently capable of targeting more than 200 banks worldwide, as well as numerous cryptocurrency exchanges, and digital wallets. It is capable of taking screenshots, performing taps and swipes, stealing files from compromised endpoints, and adding overlay screens for various apps. It can also steal cookies froM Gmail, Gpay, as well as Google Password Manager.

So far, ransomware was only reserved for desktop devices and servers, as its operators were mostly interested in targeting companies and corporations. It seems as the threat actors are looking to diversify, as businesses get better at protecting their premises and keeping airgapped backups. 

• Here's what we think are the best Android phones you can buy today

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/IpF96Vw