Learn About Texas Solar Panels, From Pricing to Incentives - CNET

If you're a Lone Star State resident looking to save some money on your energy costs, check out these solar alternatives.

from CNET https://ift.tt/sJAHfoi

VPN Demand Surges in Iran as Protests Continue, Study Shows - CNET

Fighting to overcome government censorship of Instagram and WhatsApp, Iranians are seeking out virtual private networks in overwhelming numbers.

from CNET https://ift.tt/Jr7Ly4a

Latest Tech News

Threat actors have found a way to disable antivirus solutions and other endpoint protection tools using an increasingly popular method. 

Cybersecurity researchers from Sophos recently detailed how the method, known as called Bring Your Own Vulnerable Driver, works, and the dangers it brings to businesses around the world.

According to the company’s research, ransomware operators BlackByte are abusing a vulnerability tracked as CVE-2019-16098. It is found in RTCore64.sys and RTCore32.sys, drivers used by Micro-Star’s MSI AfterBurner 4.6.2.15658. Afterburner is an overclocking utility for GPUs, that gives users more control over the hardware. 

Blocking the drivers

The vulnerability allows authenticated users to read and write to arbitrary memory, consequently leading to privilege escalation, code execution, and data theft - and in this case, helped BlackByte disable more than 1,000 drivers that security products need to run. 

“Chances are good that they will continue abusing legitimate drivers to bypass security products,” Sophos said in a blog post outlining the threat.

To protect against this new attack method, Sophos suggests IT admins add these particular MSI drivers to an active blocklist and make sure they aren’t running on their endpoints. Furthermore, they should keep a close eye on all drivers being installed on their devices, and audit the endpoints regularly to look for rogue injections without a hardware match.

Read more

> Installing gaming drivers might leave your PC vulnerable to cyberattacks

> Lazarus hackers target Dell drivers with new rootkit

> Protect from threats with the best malware removal solutions

Bring Your Own Vulnerable Driver might be a new method, but its popularity is rising, fast. Earlier this week, a notorious North Korean state-sponsored threat actor Lazarus Group was observed using the same technique against Dell. Cybersecurity researchers from ESET have recently seen the group approach aerospace experts and political journalists in Europe with fake job offers from Amazon. They would share fake job description pdfs, which are essentially old, vulnerable Dell drivers. 

What makes this technique particularly dangerous is the fact that these drivers aren’t malicious per se, and as such, are not flagged by antivirus solutions. 

• Here's our list of the best firewalls right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/5vnajGb

Best Keyboard Deals: Save on Mechanical, Bluetooth, Gaming Keyboards and More - CNET

Shop the best bargains out there on keyboards for every need and budget.

from CNET https://ift.tt/xezZPDm

Splatoon 3's Idols Are Holding a Live Concert on Oct. 9. - CNET

DJ K.K. from Animal Crossing is also performing.

from CNET https://ift.tt/6kFoKrf

Webb, Hubble Telescopes Team Up for Ethereal View of Dusty Galaxy - CNET

Break out the cosmic dust buster.

from CNET https://ift.tt/Pnjfr6i

Best Wireless Mouse Deals: Save on Travel, Gaming and Everyday Computing Mice - CNET

The best bargains out there right now on wireless mice for every need and budget.

from CNET https://ift.tt/t4GSQYr

How to Watch Astronauts Arrive at the ISS Aboard a SpaceX Dragon - CNET

The Crew-5 mission passengers safely made it to orbit Wednesday.

from CNET https://ift.tt/Zw9cklH

Latest Gadgets News

Google Pixel 7 and Pixel 7 Pro will be launched by the tech giant today at the ‘Made By Google’ event scheduled to begin at 10am ET (7.30pm IST). The Google event will launch a number of other products, including the Google Pixel Watch which was first teased by the company in May.

from Gadgets 360 https://ift.tt/xbiIq09

Android Owners, Watch Out for These 7 Shady VPN Apps - CNET

Virtual private network apps are supposed to protect your privacy, not put it at risk by requesting dangerous permissions.

from CNET https://ift.tt/w3Ea1jg

Latest Tech News

The White House have released a blueprint for an “AI bill of rights” that looks to increase the privacy and safety of American citizens who encounter automated systems.

The announcement of the blueprint, developed by the government’s Office of Science and Technology Policy (OSTP), looks to promote five key areas around AI safety: “Safe and Effective Systems”, “Algorithmic Discrimination Protections”, “Data Privacy”, “Notice and Explanation”, and “Human Alternatives, Consideration, and Fallback”.

The blueprint will apply to any automated systems that “have the potential to meaningfully impact the American public’s rights, opportunities, or access to critical resources or services,” the White House wrote. 

Regulating artificial intelligence

At a glance, the ideas in the blueprint are exactly the sort of thing the federal government should be looking to address as businesses and governments across the whole world moves toward automation in their processes. 

The trouble is that these are just ideas. It’s what the federal government believes should become legislation, but nothing in the blueprint is legally binding, and - fundamentally - nothing has changed.

The blueprint also takes the rise of artificially intelligent automation systems as an inevitability, rather than a threat to be opposed. 

The OSTP’s heart is in the right place as it looks to protect marginalised Americans from predictive policing (whereby an automated system may suspect a person of committing a crime before doing so, usually on the basis of ethnicity or gender), but it can do better than simply trusting that businesses will make its proposed changes to their automated systems.

Image credit: Unsplash (Image credit: Unsplash)

Notably, the OSTP wants human oversight to be the “fallback” when automation fails, and never the primary implementation of a system, regardless of whether, in certain scenarios such as healthcare and insurance, that would make for a safer system.

Speaking to Wired, Annette Zimmermann, researcher of AI, justice and moral philosophy at the University of Wisconsin-Madison, believes that the blueprint failing to consider simply not deploying automation is the biggest threat to the right Americans have to justice.

“We can’t articulate a bill of rights without considering non-deployment, the most rights-protecting option,” she claimed.

Elsewhere in the world, legislation taking a hard line against AI’s role in people’s lives could be on the way.

READ MORE

 > Check out our list of the best endpoint protection right now

> AI’s role in the future of cybersecurity

> Many companies are investing in cloud and AI to spur on their business

This year, the European Parliament has deliberated on redrafting the European Union's AI Act, with some MEPs supporting a ban on predictive policing. A vote is expected to take place by the end of 2022, while those leading the amendment process have stated predictive policing “violates the presumption of innocence as well as human dignity.”

The White House’s proposals could be interesting to watch develop, but, in comparison with efforts in the EU, may not be enough, and ultimately lead to nothing.

•  Here’s a list of the best cloud firewalls right now 

from TechRadar - All the latest technology news https://ift.tt/s6vbDAZ

Pixel Watch: All the Rumors We Know Ahead of Google's Smartwatch Reveal - CNET

Google's October event is set to reveal the Pixel Watch's price, release date and other features.

from CNET https://ift.tt/uAN4oV2

Latest Tech News

Researchers have found that Google Chrome's Application Mode can be abused for phishing threats.

Used to offer ChromeOS users a clean, minimal interface for certain websites such as YouTube, when launched, Application Mode brings up a new browser window without the address bar, toolbars, or other familiar elements - even the taskbar displays the website favicon instead of the Chrome icon.

But this mode can be abused, cybersecurity researcher mr.d0x discovered. If an attacker manages to convince a user to run a Windows shortcut that runs a phishing URL with Chromium’s Application Mode feature, the user will only see what seems to be the login form for an app. In reality, though, it would be a phishing page that steals people’s login data. 

Shortcut files 

Ever since Microsoft moved to kill malicious Office files, cybercriminals have been pivoting towards Windows shortcut files (.LNK). 

Cybersecurity experts have since uncovered countless attack campaigns that successfully leveraged .LNK files to deliver all kinds of viruses and malware, from QBot, to BazarLoader, to anything in between. 

Explaining this new potential method, mr.d0x says an attacker could use a shortcut file to launch a phishing “applet” on the victim’s endpoint: 

Read more

> What is phishing and how dangerous is it?

> Everything you need to know about phishing

> Keep your devices safe with the best malware removal tools out there

• For Chrome:
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --app=https://example.com
• For Microsoft Edge
  "c:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --app=https://example.com

There are multiple ways to abuse this flaw, mr.d0x added, including having access to the target device, using a portable HTML file with the “-app” parameter embedded, or using the Browser-in-the-Browser technique to add a fake address bar. Finally, the attack can also be pulled off on macOS and Linux devices, he said. 

• Check out the best endpoint protection services around

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/rC9ObwT

How to Download Overwatch 2 and Set Up SMS Protect - CNET

You'll need to add a verified phone number to your Blizzard account to launch the game.

from CNET https://ift.tt/mGVoFYD

Latest Tech News

The latest update to Microsoft Edge is set to deliver some important security feature updates.

First up, the web browser has had a boost to its web defence that Microsoft says makes it “more reliable”. The update uses a rewritten ‘Microsoft Defender SmartScreen’ library, which was first introduced in Edge 103. This feature is exclusive to users running Edge on a Windows machine. 

As part of the improvement, the ‘NewSmartScreenLibraryEnabled’ policy is deprecated in Microsoft Edge 106, and will be considered obsolete in the next major release (107). 

Microsoft Edge 106

This follows the news that Edge will enter an ultra-high security mode when users navigate to less popular websites. The settings to enable this are in ‘Settings and more’ > ‘Settings’ > ‘Privacy, search, and services’, where users can pick from ‘Basic’, ‘Balanced’, and ‘Strict’. 

Microsoft’s developers have also been busy updating the work results feature in the browser’s address bar. 

The number of results that can be displayed has doubled from two to four, which should offer “greater visibility into the work content available to you as you search.” To get work results, you will need to enable the ‘AddressBarMicrosoftSearchInBingProviderEnabled’ policy.

Read more

> We've rounded up the best malware removal tools

> Microsoft Edge News Feed infiltrated by tech support scammers

> Microsoft's latest attempt to get you to ditch Google Chrome for Edge is bound to fail

Other updates to the latest version of Edge 106 include three new policies, two deprecated policies, and two that are now obsolete (‘OutlookHubMenuEnabled’ and ‘EdgeDiscoverEnabled’).

Microsoft Edge 106 is available in the Stable Channel now.

Earlier this year, we reported that Edge is finally on the up following the retirement of Internet Explorer. The browser passed the 10% global desktop market share in April 2022 and peaked at 10.92% in August 2022, however it still trails a long way behind Google Chrome at more than 67%.

Unlike Internet Explorer, Microsoft Edge can be installed on macOS and Linux devices as well as the Windows operating system. There are iOS and Android versions of the browser, too. 

• These are the best antivirus software and best ransomware protection tools

from TechRadar - All the latest technology news https://ift.tt/IjAlwy5