Latest Gadgets News

Elon Musk, in a tweet on Friday, announced his decision to reinstate some Twitter accounts, including those belonging to Kathy Griffin, Jordan Peterson & Babylon Bee. The Tesla CEO, however, mentioned that there has been no decision yet to bring back US former President Donald Trump to Twitter.

from Gadgets 360 https://ift.tt/7Hn0KDF

Latest Tech News

Cybersecurity researchers from Akamai have spotted a new phishing campaign that targets consumers in the United States with fake holiday offers. The goal of the campaign is to steal sensitive identity credentials like credit card information, and ultimately their money.

The threat actors are creating landing pages that impersonate some of the biggest brands in the US, including Dick’s, Tumi, Delta Airlines, Sam’s Club, Costco, and others.

The landing page, often hosted on reputable cloud services like Google, or Azure, directs users to complete a short survey, after which they’d be promised a prize. The survey would also be time-limited to five minutes, using urgency to draw people’s attention away from potential red flags. 

Unique phishing URLs

After completing the survey, the victims would be pronounced “winners”. The only thing they’d now need to do, in order to receive their prize, is to pay for the shipping. This is where they’d give away their sensitive payment information, to be later used by the attackers in different ways. 

However, what makes this campaign unique is its token-based system that allows it to fly under the radar and not get picked up by cybersecurity solutions. 

As the researchers explain, the system helps redirect each victim to a unique phishing page URL. The URLs differ based on the victim’s location, as crooks look to impersonate locally available brands. 

Read more

> Check out our list of the best malware removal tools right now

> Phishing attacks are getting more and more sophisticated

> The most popular brand for phishing attacks might surprise you

Explaining how the system works, the researchers said each phishing email contains a link to the landing page, that comes with an anchor (#). This is usually how visitors are navigated to specific parts of a landing page. In this scenario, the tag is a token, used by JavaSCript on the landing page, which reconstructs the URL. 

"The values being after the HTML anchor will not be considered as HTTP parameters and will not be sent to the server, yet this value will be accessible by JavaScript code running on the victim's browser," the researchers said. "In the context of a phishing scam, the value placed after the HTML anchor might be ignored or overlooked when scanned by security products that are verifying whether it is malicious or not."

"This value will also be missed if viewed by a traffic inspection tool."

Cybersecurity solutions overlook this token, helping threat actors keep a low profile. On the other hand, researchers, analysts, and other unwanted visitors, are kept away, as, without the proper token, the site won’t load. 

• Check out the best antivirus right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/wUzW5AC

Latest Tech News

Amazon Web Services is upping the ante on the security front with new and important changes for AWS and Identity and Access Management (IAM) users. Announcing the changes in a blog post published earlier this week, the company’s Liam Wadman and Khaled Zaky announced that users can now add more than one multi-factor authentication (MFA) device to AWS account root users, and IAM users in their AWS accounts. 

Up until now, there could only have been one MFA endpoint associated with root users or IAM users, but now Amazon brought it up to eight, a change which “raises the security bar”, as the authors put it. 

To register multiple MFA devices, in any combination of the currently supported MFA types, these are the steps:

• Sign in to the AWS Management Console
• If setting up for a root user, choose My Security Credentials.
• If setting up for an IAM user, choose Security credentials.
• For Multi-factor authentication (MFA), choose Assign MFA device.
• Select the type of MFA device that you want to use and then choose Next.

Available today

Having multiple MFA devices active doesn’t mean they all need to confirm someone’s login session, though. Only one MFA device is needed to sign in to the console, or to create a session through the AWS Command Line Interface (AWS CLI) as that principal, the authors explained.

Read more

> AWS will start offering some customers free USB security keys

> Your AWS S3 instance may not be as secure as you hope

> These are the best identity theft protection services available

Furthermore, this upgrade doesn’t warrant any changes in the permissions. Both root and IAM users in the accounts that manage MFA devices today can use their existing IAM permissions to enable extra devices. 

With the exception of customers operating in AWS GovCloud (US) Regions, or the AWS China Regions, the new feature is now available, with no additional cost to use. 

Multi-factor authentication is widely considered one of the most important features of a secure account for any online services. This technology complements password managers and has been rolled out across billions of accounts worldwide including the biggest service providers - Google, Facebook, Microsoft and more.

• Here's the best password recovery software right now

from TechRadar - All the latest technology news https://ift.tt/gVebOa2

WhatsApp Launches Business Directory Feature, Lays Groundwork for In-App Purchases - CNET

Meta says eventually it wants to enable people to find, message and buy from a business within WhatsApp chats.

from CNET https://ift.tt/bOAHxY2

Latest Tech News

NVIDIA and Microsoft are collaborating on a new cloud-based AI-focused supercomputer, which they claim will be "one of the most powerful in the world" when complete.

The new machine will leverage the supercomputing infrastructure of Microsoft Azure combined with NVIDIA GPUs, networking, and AI software. It's set to contain ND- and NC-series virtual machines specifically designed for AI distributed training and inference. 

The companies claim the project represents the first public cloud to incorporate NVIDIA’s full AI stack and will add tens of thousands of NVIDIA A100 and H100 GPUs, NVIDIA Quantum-2 400Gb/s InfiniBand networking, and the NVIDIA AI Enterprise software suite to its platform.

How will it be used?

The firms said the new machine will be used to help enterprises train, deploy and scale AI, including large models.

NVIDIA is also set to utilize Azure’s scalable virtual machine instances to research and further advances in generative AI. 

READ MORE:

> Nvidia is making a 3D map of the universe with the world’s most powerful AI supercomputer

> HPE is building a rapid AI supercomputer powered by the world's largest CPU

> Our guide to the best workstations 

This is an emerging area of AI in which foundational models like Megatron Turing NLG 530B provide the basis for unsupervised, self-learning algorithms to create new text, code, digital images, video or audio.

The companies will also collaborate to optimize Microsoft’s DeepSpeed deep optimization software and NVIDIA’s full stack of AI workflows and software development kits, optimized for Azure, will be made available to Azure enterprise customers.

“AI technology advances as well as industry adoption are accelerating. The breakthrough of foundation models has triggered a tidal wave of research, fostered new startups and enabled new enterprise applications,” said Manuvir Das, vice president of enterprise computing at NVIDIA.

It's not just Microsoft that is looking towards Nvidia to power its latest AI innovations.

Oracle and Nvidia announced a collaboration at Oracle Cloud World 2022. It will see tens of thousands of Nvidia GPUs, such as the A100 and upcoming H100, supporting Oracle Cloud Infrastructure (OCI).

• Interested in hosting more of your AI projects in the cloud? Check out our guide to the best cloud hosting providers.

from TechRadar - All the latest technology news https://ift.tt/r8vkbG1

These Weird Wordle Starter Words Practically Guarantee a Winning Streak - CNET

They're like cheat codes.

from CNET https://ift.tt/HITFcK1

Latest Tech News

Cybersecurity researchers from Trend Micro have recently spotted a new infostealer campaign, leveraging open-source software and file-sharing services to distribute malware. 

According to the company’s blog post, an unknown threat actor took the source code of an app called ResignTool, and modified it to carry the infostealer.

ResignTool is a macOS application used to change the signing information on .IPA files - archive files for iOS and iPad devices. Since it is open-source, the threat actor had no issues changing the app to carry malicious code. In this particular instance, the researchers said, the malware was designed to steal Keychain data.

Distribution via file-sharing services

Keychain is Apple's password management system. It was first introduced in macOS 8.6, but according to the researchers, it is still in current versions of the operating system. In addition to passwords, it contains other types of sensitive data, such as private keys, certificates and secure notes. 

To deliver the malware, the attackers used file-sharing services. According to the report, it is not uncommon for people to look for cracked and otherwise activated versions of commercial software, in order to save a few dollars on software licenses. 

Read more

> Here's another good reason never to use cracked software

> Here's another good reason not to download pirated software

> These are the best firewalls at the moment

However, these sites and their visitors are low-hanging fruit for cybercriminals, who have no problem uploading malicious versions of these programs (or outright impersonating them) to distribute the malware.

To safeguard their endpoints from potential infections, Trend Micro advises users to double-check the legitimacy of a file-sharing website and make sure to avoid downloading anything that sounds even remotely suspicious. 

“We also advise users to protect their Apple devices with products and services that safeguard applications and files,” the researchers concluded, suggesting that a strong antivirus, a firewall, or similar cybersecurity solution, might help to minimize the potential risk.

• Check out the best ID theft protection services out there

from TechRadar - All the latest technology news https://ift.tt/OExMbBH

Latest Gadgets News

Amazon on Wednesday said it has laid off some employees in its devices group as a person familiar with the company said it still targeted around 10,000 job cuts, including in its retail division and human resources.

from Gadgets 360 https://ift.tt/u4qOTyr

Two Batches of Blood Pressure Medicine Were Recalled - CNET

It's important to talk to your doctor before stopping or switching any blood pressure medication.

from CNET https://ift.tt/9Ag8teI

Latest Tech News

Speaking to the United State Congress, FBI Director Christopher Wray expressed “extreme” concern over China's ability to “weaponize” data belonging to TikTok's American users, Cyberscoop reported earlier this week. 

TikTok is currently one of the most popular social media platforms in the world, allowing users to create short-form videos (roughly 15 seconds in length) on any topic. 

However, TikTok is built and owned by ByteDance, a Chinese company, and that’s a problem for U.S. authorities, especially given the Chinese government’s control over data generated by local companies. Per Chinese law, the government can compel any company to hand over any data they hold on their servers. 

Problematic APIs

The company tried to appease the US government by moving users’ data to Oracle servers stored in the country last June, but a BuzzFeed News report published soon after claimed all of that data was still visible in China. 

During a House Homeland Security Committee hearing, Wray said that APIs ByteDance embeds in TikTok are a national security concern. According to him, Beijing could use them to “control data collection of millions of users or control the recommendation algorithm, which can be used for influence operations.”

Read more

> Check out the best privacy tools right now

> TikTok hack: Have billions of user records been exposed?

> More people than ever get news from YouTube and TikTok, yet still don't trust it

In other words, China could be seeking to sow division by influencing how US TikTok users view certain events and issues.

Social media companies are no stranger to influencer operations. Back in 2014, Facebook began tweaking its algorithm to only show specific types of posts to its users. Consequently, it was accused of manipulating its users on an emotional basis.

Wray went on to address that Chinese companies could pose stark security risks, as they “do whatever the Chinese government wants to do in terms of sharing information or serving as a tool of the Chinese government [...] that’s plenty of reason by itself to be extremely concerned."

While American legislators have so far stopped short of a ban, TikTok remains unbelievably popular, superseding Facebook, Instagram and Twitter amongst younger users, and it's unlikely they'll move away from the platform without being forced to find an alternative.

• Protect your browsing with the best VPNs on the market

from TechRadar - All the latest technology news https://ift.tt/ldGWofq

Latest Gadgets News

US crypto investors sued FTX founder Sam Bankman-Fried and several celebrities who promoted his exchange including NFL quarterback Tom Brady and comedian Larry David, claiming they engaged in deceptive practices to sell FTX yield-bearing digital currency accounts. The proposed class action filed on Tuesday night in Miami alleges that FTX yield-bearing accounts were u...

from Gadgets 360 https://ift.tt/8onvR0E

'Fleishman Is in Trouble' Turns the Missing Wife Trope On Its Head - CNET

Streaming on Hulu on Thursday, Fleishman is in Trouble stars Jesse Eisenberg, Claire Danes and Lizzy Caplan.

from CNET https://ift.tt/dp5A3ia

Latest Tech News

IBM has given its Watson Internet of Things (IoT) platform users an ultimatum: move over to another service or face disconnection. 

That’s according to The Register, which got its hands on a customer email claiming end of life for the IoT platform.

“Please note, devices will be unable to connect to the MQTT and HTTP endpoints and existing connections will be shut down. All remaining customers using this service should plan to move to alternative services before that time,” the statement read.

IBM's Watson woes

The Watson IoT platform was created to provide one central location for the management and monitoring of IoT devices, and has partnered with companies including Adesto Technologies, Geniatech Inc, and IOTech Systems, all of which are available to view on IBM’s partner finder website.

IBM is giving customers just one year to move to another IoT management platform, as the December 31, 2023 end date draws nearer.

READ MORE

> Check out our list of the best cloud backup services right now

> Google Cloud is closing IoT Core, leaving user devices stranded

> Ubuntu 22.10 is here to boost IoT developers and enterprise users alike

Earlier this year, we reported that Google Cloud would also be closing its IoT Core. The company was under the impression that its “customers’ needs could be better served by [its] network of partners that specialize in IoT applications and services”, however the tech giant has been taking steps to make customers’ transitions less taxing. 

In a blog post, the cloud computing giant explained that “if a deprecation or breaking change is inevitable, then the burden is on [it - the company] to make the migration as effortless as possible.”

TechRadar Pro has contacted IBM to hear whether the company will be taking similar measures.

This isn’t the only Watson-branded product that IBM has decided to ditch, as in January it sold off Watson Health. IBM CEO Arvind Krishna later said that this was because it had failed to acquire the requisite vertical expertise in the healthcare sector, according to The Register.

• These are the best cloud hosting providers right now

from TechRadar - All the latest technology news https://ift.tt/Mw7orlG

Angry Taylor Swift Fans Struggle to Snag Tour Tickets, Blame Ticketmaster - CNET

"Ticketmaster is in fact not a sexy baby," one fan says as the ticket site cites "historically unprecedented" demand.

from CNET https://ift.tt/FodX8ES

Latest Tech News

India’s Ministry of Electronics and IT has removed a ban against the official website of popular media player application VLC Media Player that was instigated in February 2022.

As reported by TechCrunch, the announcement of the ban being lifted came not from the ministry, but from New-Delhi based advocacy group Internet Freedom Foundation (IFF), which provided the developers of VLC, VideoLan, with “legal support”.

The lifting of the ban may mark an end to the saga, although VideoLAN will no doubt continue searching for answers around a debacle that the company claims may have broken Indian law.

VideoLAN’s VLC ban response

It’s unclear whether VideoLAN filing a legal notice via the IFF last month, demanding a response from the Indian government, had any bearing on proceedings. 

In it, VideoLAN claimed that, according to India’s 2009 IT Blocking Rules, the government was legally required to provide a reason for the ban. Although the ban is no longer in place, it most likely still is. 

READ MORE

> Check out our list of the best free VPNs right now

> The cone is gone: VLC Media Player silently banned in India

> India’s restrictive VPN law should be a warning to us all

As part of the notice, VideoLAN requested a fair hearing to dispute the ban, and although that’s no longer necessary, the company may still feel aggrieved and decide to initiate legal proceedings.

Another bizarre implication of the ban is that it seems to go against the Indian government’s pledge to use open-source software as part of the ongoing Digital India initiative.

The ban itself was superficial, and easily circumvented by a VPN, as it only applied to the website where VLC is available, videolan.org. 

However, VideoLAN president and lead VLC developer Jean-Baptiste Kempf has previously told TechCrunch that the ban, introduced by several internet service providers (ISPs), was damaging to VLC’s reputation, as well as to new users, because they may have been pushed to websites that host potentially compromised versions of VLC.

•  Explore our round-up of the best NAS & media server distros for Linux right now 

from TechRadar - All the latest technology news https://ift.tt/rKiC3m0