These Weird Wordle Starter Words Practically Guarantee a Winning Streak - CNET

They're like cheat codes.

from CNET https://ift.tt/HITFcK1

Latest Tech News

Cybersecurity researchers from Trend Micro have recently spotted a new infostealer campaign, leveraging open-source software and file-sharing services to distribute malware. 

According to the company’s blog post, an unknown threat actor took the source code of an app called ResignTool, and modified it to carry the infostealer.

ResignTool is a macOS application used to change the signing information on .IPA files - archive files for iOS and iPad devices. Since it is open-source, the threat actor had no issues changing the app to carry malicious code. In this particular instance, the researchers said, the malware was designed to steal Keychain data.

Distribution via file-sharing services

Keychain is Apple's password management system. It was first introduced in macOS 8.6, but according to the researchers, it is still in current versions of the operating system. In addition to passwords, it contains other types of sensitive data, such as private keys, certificates and secure notes. 

To deliver the malware, the attackers used file-sharing services. According to the report, it is not uncommon for people to look for cracked and otherwise activated versions of commercial software, in order to save a few dollars on software licenses. 

Read more

> Here's another good reason never to use cracked software

> Here's another good reason not to download pirated software

> These are the best firewalls at the moment

However, these sites and their visitors are low-hanging fruit for cybercriminals, who have no problem uploading malicious versions of these programs (or outright impersonating them) to distribute the malware.

To safeguard their endpoints from potential infections, Trend Micro advises users to double-check the legitimacy of a file-sharing website and make sure to avoid downloading anything that sounds even remotely suspicious. 

“We also advise users to protect their Apple devices with products and services that safeguard applications and files,” the researchers concluded, suggesting that a strong antivirus, a firewall, or similar cybersecurity solution, might help to minimize the potential risk.

• Check out the best ID theft protection services out there

from TechRadar - All the latest technology news https://ift.tt/OExMbBH

Latest Gadgets News

Amazon on Wednesday said it has laid off some employees in its devices group as a person familiar with the company said it still targeted around 10,000 job cuts, including in its retail division and human resources.

from Gadgets 360 https://ift.tt/u4qOTyr

Two Batches of Blood Pressure Medicine Were Recalled - CNET

It's important to talk to your doctor before stopping or switching any blood pressure medication.

from CNET https://ift.tt/9Ag8teI

Latest Tech News

Speaking to the United State Congress, FBI Director Christopher Wray expressed “extreme” concern over China's ability to “weaponize” data belonging to TikTok's American users, Cyberscoop reported earlier this week. 

TikTok is currently one of the most popular social media platforms in the world, allowing users to create short-form videos (roughly 15 seconds in length) on any topic. 

However, TikTok is built and owned by ByteDance, a Chinese company, and that’s a problem for U.S. authorities, especially given the Chinese government’s control over data generated by local companies. Per Chinese law, the government can compel any company to hand over any data they hold on their servers. 

Problematic APIs

The company tried to appease the US government by moving users’ data to Oracle servers stored in the country last June, but a BuzzFeed News report published soon after claimed all of that data was still visible in China. 

During a House Homeland Security Committee hearing, Wray said that APIs ByteDance embeds in TikTok are a national security concern. According to him, Beijing could use them to “control data collection of millions of users or control the recommendation algorithm, which can be used for influence operations.”

Read more

> Check out the best privacy tools right now

> TikTok hack: Have billions of user records been exposed?

> More people than ever get news from YouTube and TikTok, yet still don't trust it

In other words, China could be seeking to sow division by influencing how US TikTok users view certain events and issues.

Social media companies are no stranger to influencer operations. Back in 2014, Facebook began tweaking its algorithm to only show specific types of posts to its users. Consequently, it was accused of manipulating its users on an emotional basis.

Wray went on to address that Chinese companies could pose stark security risks, as they “do whatever the Chinese government wants to do in terms of sharing information or serving as a tool of the Chinese government [...] that’s plenty of reason by itself to be extremely concerned."

While American legislators have so far stopped short of a ban, TikTok remains unbelievably popular, superseding Facebook, Instagram and Twitter amongst younger users, and it's unlikely they'll move away from the platform without being forced to find an alternative.

• Protect your browsing with the best VPNs on the market

from TechRadar - All the latest technology news https://ift.tt/ldGWofq

Latest Gadgets News

US crypto investors sued FTX founder Sam Bankman-Fried and several celebrities who promoted his exchange including NFL quarterback Tom Brady and comedian Larry David, claiming they engaged in deceptive practices to sell FTX yield-bearing digital currency accounts. The proposed class action filed on Tuesday night in Miami alleges that FTX yield-bearing accounts were u...

from Gadgets 360 https://ift.tt/8onvR0E

'Fleishman Is in Trouble' Turns the Missing Wife Trope On Its Head - CNET

Streaming on Hulu on Thursday, Fleishman is in Trouble stars Jesse Eisenberg, Claire Danes and Lizzy Caplan.

from CNET https://ift.tt/dp5A3ia

Latest Tech News

IBM has given its Watson Internet of Things (IoT) platform users an ultimatum: move over to another service or face disconnection. 

That’s according to The Register, which got its hands on a customer email claiming end of life for the IoT platform.

“Please note, devices will be unable to connect to the MQTT and HTTP endpoints and existing connections will be shut down. All remaining customers using this service should plan to move to alternative services before that time,” the statement read.

IBM's Watson woes

The Watson IoT platform was created to provide one central location for the management and monitoring of IoT devices, and has partnered with companies including Adesto Technologies, Geniatech Inc, and IOTech Systems, all of which are available to view on IBM’s partner finder website.

IBM is giving customers just one year to move to another IoT management platform, as the December 31, 2023 end date draws nearer.

READ MORE

> Check out our list of the best cloud backup services right now

> Google Cloud is closing IoT Core, leaving user devices stranded

> Ubuntu 22.10 is here to boost IoT developers and enterprise users alike

Earlier this year, we reported that Google Cloud would also be closing its IoT Core. The company was under the impression that its “customers’ needs could be better served by [its] network of partners that specialize in IoT applications and services”, however the tech giant has been taking steps to make customers’ transitions less taxing. 

In a blog post, the cloud computing giant explained that “if a deprecation or breaking change is inevitable, then the burden is on [it - the company] to make the migration as effortless as possible.”

TechRadar Pro has contacted IBM to hear whether the company will be taking similar measures.

This isn’t the only Watson-branded product that IBM has decided to ditch, as in January it sold off Watson Health. IBM CEO Arvind Krishna later said that this was because it had failed to acquire the requisite vertical expertise in the healthcare sector, according to The Register.

• These are the best cloud hosting providers right now

from TechRadar - All the latest technology news https://ift.tt/Mw7orlG

Angry Taylor Swift Fans Struggle to Snag Tour Tickets, Blame Ticketmaster - CNET

"Ticketmaster is in fact not a sexy baby," one fan says as the ticket site cites "historically unprecedented" demand.

from CNET https://ift.tt/FodX8ES

Latest Tech News

India’s Ministry of Electronics and IT has removed a ban against the official website of popular media player application VLC Media Player that was instigated in February 2022.

As reported by TechCrunch, the announcement of the ban being lifted came not from the ministry, but from New-Delhi based advocacy group Internet Freedom Foundation (IFF), which provided the developers of VLC, VideoLan, with “legal support”.

The lifting of the ban may mark an end to the saga, although VideoLAN will no doubt continue searching for answers around a debacle that the company claims may have broken Indian law.

VideoLAN’s VLC ban response

It’s unclear whether VideoLAN filing a legal notice via the IFF last month, demanding a response from the Indian government, had any bearing on proceedings. 

In it, VideoLAN claimed that, according to India’s 2009 IT Blocking Rules, the government was legally required to provide a reason for the ban. Although the ban is no longer in place, it most likely still is. 

READ MORE

> Check out our list of the best free VPNs right now

> The cone is gone: VLC Media Player silently banned in India

> India’s restrictive VPN law should be a warning to us all

As part of the notice, VideoLAN requested a fair hearing to dispute the ban, and although that’s no longer necessary, the company may still feel aggrieved and decide to initiate legal proceedings.

Another bizarre implication of the ban is that it seems to go against the Indian government’s pledge to use open-source software as part of the ongoing Digital India initiative.

The ban itself was superficial, and easily circumvented by a VPN, as it only applied to the website where VLC is available, videolan.org. 

However, VideoLAN president and lead VLC developer Jean-Baptiste Kempf has previously told TechCrunch that the ban, introduced by several internet service providers (ISPs), was damaging to VLC’s reputation, as well as to new users, because they may have been pushed to websites that host potentially compromised versions of VLC.

•  Explore our round-up of the best NAS & media server distros for Linux right now 

from TechRadar - All the latest technology news https://ift.tt/rKiC3m0

Disney World Raises Ticket Prices, Report Says - CNET

Your ride on Space Mountain is about to cost you a few more dollars.

from CNET https://ift.tt/XpEodCB

Pokemon Scarlet and Violet: All Version-Exclusive Pokemon and Differences - CNET

Here are all the biggest differences between the upcoming Pokemon games.

from CNET https://ift.tt/0BjVEsK

Latest Tech News

Microsoft’s latest cumulative updates that were released earlier this week for Windows 11 broke a vital business security feature. The fix has not yet been published, but Microsoft expects to have one ready in the coming weeks.

As reported by BleepingComputer, the Redmond software giant recently acknowledged certain issues with the Kerberos authentication protocol after November's Patch Tuesday.

"After installing updates released on November 8, 2022, or later on Windows Servers with the Domain Controller role, you might have issues with Kerberos authentication," Microsoft said.

Failing to sign in

"When this issue is encountered you might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text," the company explained.

BleepingComputer readers reported that the update breaks Kerberos, the default authentication protocol for domain-connected Windows endpoints, days previously.

One explained that the protocol breaks “in situations where you have set the ‘This account supports Kerberos AES 256 bit encryption’, or 'This account supports Kerberos AES 128 encryption’ Account Options set (i.e., msDS-SupportedEncryptionTypes attribute) on user accounts in AD."

Read more

> These are the best firewalls right now

> Microsoft fixes Kerberos-related authentication issues in Windows Server

> Emergency Windows 10 update plugs a serious security hole

According to the report, some of the Kerberos authentication scenarios include domain user sign-in failing and affecting Active Directory Federation Services authentication in the process, Remote Desktop connections using domain users failing to connect, and several others.

The affected platforms include most Windows versions since Windows 7 (Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2, Windows 11 21H2), and some Server version (Windows Server 2008 SP2, Windows Server 2022)-.

Home customers and users not enrolled in an on-premises domain are not affected by this bug, it was added. Furthermore, the flaw doesn’t impact non-hybrid Azure Active Directory environments, as well as those without an on-prem Active Directory server.

• Check out the best Linux distros for privacy and security out there

from TechRadar - All the latest technology news https://ift.tt/Jx8LghI

X-37B Space Plane: Space Force's Record-Setting Orbiter - CNET

The uncrewed spacecraft stays in orbit for months at a time, engaged in a range of experiments.

from CNET https://ift.tt/tJTrlxU

Latest Tech News

Several cybersecurity experts have highlighted potential data security issues ahead for attendees of the FIFA World Cup Qatar 2022.

The Norwegian government’s Head of Security Øyvind Vasaasen told NRK: “It's not my job to give travel advice, but personally I would never bring my mobile phone on a visit to Qatar", likening the scope of official apps to giving someone the keys to your house. 

Those wanting to make a trip to the Middle East to experience the tournament live will need to install a Covid-19 tracker dubbed "Ehteraz" on their smartphones, alongside "Hayya", a compulsory ticketing and transport app.

How do the apps work?

Vasaasen alleged that Ehteraz claims access “to several rights on your mobile, like access to read, delete or change all content on the phone, as well as access to connect to WiFi and Bluetooth, override other apps, and prevent the phone from switching off to sleep mode”.

Naomi Lintvedt, a research fellow at the University of Oslo's Faculty of Law, opined that if she were an employer, she wouldn't allow employees to work from their phones in Qatar.

READ MORE:

> Watch out - that Android security update may be malware

> This Android security flaw could let hackers follow all your movements

> Our guide to the best Android apps of 2022 

In addition, France’s data protection authority CNIL suggested in Politico to "travel with a blank smartphone … or an old phone that has been reset” and that “special care should be taken with photos, videos, or digital works that could place you in difficulty with respect to the legislation of the country visited". 

UK regulators have also recognized the issue. A spokesperson from the UK Information Commissioner's Office (ICO) told The Register that it is "aware of media reports on this matter and we will consider the potential impact on the privacy rights of UK citizens", recommending that football fans check out the agency's data rights page.

The ICO didn’t offer any opinion on whether or not it was a good idea to bring a secondary "burner phone" for protection. 

• Keep unwanted guests away from your smartphone with the best Android antivirus apps

Via The Register

from TechRadar - All the latest technology news https://ift.tt/K5HSxgl