Latest Tech News

In news that shouldn’t really come as a surprise to anyone, most popular mobile applications collect sensitive personal data and share it with third parties, new research has claimed. 

TechShielder researchers analyzed apps with the most downloads in 2021, sifting through their privacy policies to better understand how they handle data harvesting, storing, and sharing.

As it turns out, 60% of the world’s most used mobile apps harvest, and keep, data generated through people’s private conversations. Furthermore, 80% collect data on messages their users send and receive. Finally, all apps gather at least the basic information, such as phone numbers, or email addresses. 

Storing cookies and user-generated content

Besides sensitive data, most apps also look to obtain cookies, small files that hold important information, such as login details. Almost two-thirds (60%) store data on user-generated content, while half (50%) have access to the photos and videos users keep on their endpoints. 

Society’s awareness of online privacy has skyrocketed in the past couple of years, ever since the general public got a better understanding of just how much money businesses earn from user data. As most companies transformed into data companies, the number of data breaches spiked, as well. 

Read more

> These apps are sharing a lot of your data online

> Android apps can now potentially lie about the data they collect

> These are the best business smartphones right now

That, consequently, led to more fraud and ultimately - more money lost. Law enforcement and legislators joined the fray, looking to protect the consumers with better legal frameworks (think GDPR) and faster reactions. 

Today, consumers are caught between sharing data with companies and getting more personalized offers and an overall better user experience on one hand, and keeping their private lives private and safe from potential cybercriminals engaging in identity theft. 

Businesses are caught between gathering data and using it to beat the competition on one hand, and cybercriminals looking to exploit their data protection weaknesses on the other.

• Here's our rundown of the best privacy tools out there

Via: VentureBeat

from TechRadar - All the latest technology news https://ift.tt/6C8OtIK

Best Noise-Canceling True Wireless Earbuds for 2022 - CNET

Looking for a set of true wireless earbuds with active noise cancellation? There are more options than Apple's AirPods Pro.

from CNET https://ift.tt/wEb1Ngs

Latest Tech News

Google Chrome is littered with potential security issues that could be putting millions of users at risk, a report has said.

New research from Atlas VPN citing data provided by the VulDB vulnerability database claims Google’s famed browser has so far had 303 discovered vulnerabilities, and is an “all-time leader with a total of 3,159 cumulative vulnerabilities.”

What’s more, of all the most commonly-used browsers around today, Chrome is the only one that already has already seen newly-discovered vulnerabilities in October 2022. 

Safari performing well

The report noted Mozilla’s Firefox browser had seen 117 vulnerabilities in 2022 so far, while Microsoft Edge has had 103 discovered year-to-date. 

The figures are 61% more than in the entirety of last year, with AtlasVPN noting that this is, "an unusually high number" for a browser with only 806 total vulnerabilities since its release.

Apple’s Safari, on the other hand, has had “some of the lowest vulnerability numbers in years”. The world’s second-largest browser had 26 documented vulnerabilities in the first nine months of the year, while cumulatively, it has had “just” 1,139 identified flaws. 

Read more

> This Google Chrome tool could actually be used to steal login data

> Google Chrome wants to make it easier to search your web history

> This is the best way to remove malware right now

Opera has had zero documented vulnerabilities this year, and a total of 344 flaws. 

While Atlas VPN did not say it in a definitive manner, it did state that Chrome, Edge, and Opera are all built on the Chromium engine, hinting that Chromium flaws might impact all of these browsers. 

To keep your endpoints safe, the company says, users should always make sure their browser is up to date, and should be extra careful when choosing which plug-ins to install. What’s more, they should always be wary of phishing, as cybercriminals will often use communications channels to distribute malicious code capable of exploiting various flaws in browsers. 

TechRadar Pro has reached out to Google for a comment on the findings, and will update this article if we hear back from them. 

• Check out the best firewalls around

from TechRadar - All the latest technology news https://ift.tt/ygd8D4h

Latest Tech News

The first trailer for Nintendo's animated Mario movie has finally arrived – and it comes packaged with the flick's official title. Oh, and Chris Pratt's poor attempt at sounding Italian.

Revealed during a Mario movie-specific Nintendo Direct on October 6, the teaser gives us our best look yet at the joint Nintendo-Universal animated flick ahead of its spring 2023 release. It also confirmed earlier leaks today (October 6) that the movie will be called The Super Mario Bros. Movie.

Check out the trailer via the latest Nintendo Direct – skip to the 4:00 mark to watch it – below:

The first look footage is more a teaser montage rather than an official trailer. In it, we see Boswer and his Koopa army descend from the heavens, easily see off a horde of penguins – who have been guarding one of the videogame series' infamous stars – and cackle at the face that no one will be able to stop the King of the Koopas.

Meanwhile, we get our first look at Mario, who appears to have been whisked to the Mushroom Kingdom by accident. We suspect that'll have something to do with one of those pesky warp pipes. We also hear what Chris Pratt's Mario sounds like – and it's, well, not good, to put it mildly.

Anyway, Mario soon runs into a Toad that looks an awful lot like Captain Toad, who leads him towards Princess Peach's castle. The final part of the teaser is reserved for Luigi, who's got himself into a spot of both with some Dry Bones. Oh, Luigi, you silly thing.

The first teaser for the Illumination-developed movie follows hot on the heels of its official poster reveal, which made its way online on October 4. Back then, Nintendo fans poured over the strikingly beautiful one sheet, although many called Nintendo and Universal out for, well, the lack of junk in Mario's trunk:

Tune in at 1:05 p.m. PT on 10/6 for a #NintendoDirect: The Super Mario Bros. Movie presentation introducing the world premiere trailer for the upcoming film (no game information will be featured).📽️: https://t.co/I868SmSpV2 pic.twitter.com/hqlO0SfLbeOctober 4, 2022

See more

The Mario movie came in for other criticism when its voice cast was announced in September 2021. Back then, Nintendo and Universal revealed that Pratt (Marvel, Jurassic World) would voice the legendary videogame character. That led to backlash from a large section of Mario's fanbase, who reacted in multiple ways to the two studios for not letting Charles Martinet, who has famously voiced Mario for 30 years, lend his vocal talents to the character. Instead, Martinet will appear in numerous cameo roles in the film.

Pratt is joined by an all-star voice cast including Charlie Day as Luigi, Anya Taylor-Joy as Princess Peach, Jack Black as Bowser, Keegan Michael-Key as Toad, and Seth Rogen as Donkey Kong. 

Meanwhile, the Mario film's script has been penned by Matthew Fogel (The Lego Movie 2, Minions: The Rise of Gru), with Aaron Horvath and Michael Jelenic (both Teen Titans Go!) on directing duties.

The Super Mario Bros. Movie opens on April 7 in the US and April 28 in Japan.

For more Nintendo-based content, check out our Nintendo Switch review and Super Mario Odyssey review. Alternatively, check out the cheapest Nintendo Switch bundles and deals you can buy right now ahead of Amazon's 2022 Early Access Sale.

from TechRadar - All the latest technology news https://ift.tt/nKstMEF

Latest Tech News

Creating fake social media accounts to trick people is hardly a new tactic, but there’s something sinister about this new campaign that makes it stand out from the crowd.

An in-depth analysis posted to the KrebsOnSecurity blog claims cybercriminals have been using artificial intelligence (AI) to create profile pictures of non-existent people, and pairing that information with job description stolen from actual people on LinkedIn. 

That way they’re creating fake profiles which, for most people, are almost impossible to identify as fake.

Numerous use cases

Users have spotted a growing trend where suspicious accounts attempt to access various invite-only LinkedIn groups. Group owners and administrators are only able to spot what’s going on after getting dozens of such requests at once, and seeing that almost all of the profile pictures look the same (as in, same angle, same face size, similar smile, etc.).

The researchers say they have reached out to LinkedIn’s customer support, but so far, the platform hasn’t found its silver bullet. One of the ways it’s going about this challenge is requesting certain companies send a full employee list, and then banning all accounts that claim to be working there.

Besides not being able to determine who is behind this onslaught of fake professionals, the researchers are also struggling to understand what the point of it all is, exactly. Apparently, most of the accounts aren’t monitored. They aren’t posting things and aren’t responding to messages. 

Read more

> LinkedIn has a problem with fake profiles

> An elaborate LinkedIn scam led to one of the largest heists in crypto history

> Here's our rundown of the best antivirus programs right now

Cybersecurity firm Mandiant believes hackers are using these accounts to try and land roles in cryptocurrency firms, as the first stage in a multi-stage attack whose goal is to drain the company’s funds. 

Others think this is part of the old romance scam, where victims are lured by pretty pictures into investing into fake crypto projects and trading platforms. 

Furthermore, there is evidence of groups such as Lazarus using fake LinkedIn profiles to distribute infostealers, malware, and other viruses, among job seekers, especially in the cryptocurrency industry. And finally, some believe the bots could be used in the future to amplify fake news. 

Responding to KrebsOnSecurity’s research, LinkedIn said it was considering the idea of domain verification, to tackle the growing problem: “This is an ongoing challenge and we’re constantly improving our systems to stop fakes before they come online,” LinkedIn said in a written statement. 

“We do stop the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and scams. We’re also exploring new ways to protect our members such as expanding email domain verification. Our community is all about authentic people having meaningful conversations and to always increase the legitimacy and quality of our community.”

• These are the best privacy tools around

Via: KrebsOnSecurity

from TechRadar - All the latest technology news https://ift.tt/6aK0erk

Learn About Texas Solar Panels, From Pricing to Incentives - CNET

If you're a Lone Star State resident looking to save some money on your energy costs, check out these solar alternatives.

from CNET https://ift.tt/sJAHfoi

VPN Demand Surges in Iran as Protests Continue, Study Shows - CNET

Fighting to overcome government censorship of Instagram and WhatsApp, Iranians are seeking out virtual private networks in overwhelming numbers.

from CNET https://ift.tt/Jr7Ly4a

Latest Tech News

Threat actors have found a way to disable antivirus solutions and other endpoint protection tools using an increasingly popular method. 

Cybersecurity researchers from Sophos recently detailed how the method, known as called Bring Your Own Vulnerable Driver, works, and the dangers it brings to businesses around the world.

According to the company’s research, ransomware operators BlackByte are abusing a vulnerability tracked as CVE-2019-16098. It is found in RTCore64.sys and RTCore32.sys, drivers used by Micro-Star’s MSI AfterBurner 4.6.2.15658. Afterburner is an overclocking utility for GPUs, that gives users more control over the hardware. 

Blocking the drivers

The vulnerability allows authenticated users to read and write to arbitrary memory, consequently leading to privilege escalation, code execution, and data theft - and in this case, helped BlackByte disable more than 1,000 drivers that security products need to run. 

“Chances are good that they will continue abusing legitimate drivers to bypass security products,” Sophos said in a blog post outlining the threat.

To protect against this new attack method, Sophos suggests IT admins add these particular MSI drivers to an active blocklist and make sure they aren’t running on their endpoints. Furthermore, they should keep a close eye on all drivers being installed on their devices, and audit the endpoints regularly to look for rogue injections without a hardware match.

Read more

> Installing gaming drivers might leave your PC vulnerable to cyberattacks

> Lazarus hackers target Dell drivers with new rootkit

> Protect from threats with the best malware removal solutions

Bring Your Own Vulnerable Driver might be a new method, but its popularity is rising, fast. Earlier this week, a notorious North Korean state-sponsored threat actor Lazarus Group was observed using the same technique against Dell. Cybersecurity researchers from ESET have recently seen the group approach aerospace experts and political journalists in Europe with fake job offers from Amazon. They would share fake job description pdfs, which are essentially old, vulnerable Dell drivers. 

What makes this technique particularly dangerous is the fact that these drivers aren’t malicious per se, and as such, are not flagged by antivirus solutions. 

• Here's our list of the best firewalls right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/5vnajGb

Best Keyboard Deals: Save on Mechanical, Bluetooth, Gaming Keyboards and More - CNET

Shop the best bargains out there on keyboards for every need and budget.

from CNET https://ift.tt/xezZPDm

Splatoon 3's Idols Are Holding a Live Concert on Oct. 9. - CNET

DJ K.K. from Animal Crossing is also performing.

from CNET https://ift.tt/6kFoKrf

Webb, Hubble Telescopes Team Up for Ethereal View of Dusty Galaxy - CNET

Break out the cosmic dust buster.

from CNET https://ift.tt/Pnjfr6i

Best Wireless Mouse Deals: Save on Travel, Gaming and Everyday Computing Mice - CNET

The best bargains out there right now on wireless mice for every need and budget.

from CNET https://ift.tt/t4GSQYr

How to Watch Astronauts Arrive at the ISS Aboard a SpaceX Dragon - CNET

The Crew-5 mission passengers safely made it to orbit Wednesday.

from CNET https://ift.tt/Zw9cklH

Latest Gadgets News

Google Pixel 7 and Pixel 7 Pro will be launched by the tech giant today at the ‘Made By Google’ event scheduled to begin at 10am ET (7.30pm IST). The Google event will launch a number of other products, including the Google Pixel Watch which was first teased by the company in May.

from Gadgets 360 https://ift.tt/xbiIq09

Android Owners, Watch Out for These 7 Shady VPN Apps - CNET

Virtual private network apps are supposed to protect your privacy, not put it at risk by requesting dangerous permissions.

from CNET https://ift.tt/w3Ea1jg