This Taco Bell Discontinued Menu Item Is Back After Nearly a Decade - CNET

The Enchirito returned to the menu, but it won't be around for long.

from CNET https://ift.tt/VJkNOs6

The Leap Second Has Jumped the Shark - CNET

An international time standards group concludes that fine-tuning clocks to account for Earth's rotation is more trouble than it's worth.

from CNET https://ift.tt/d3wNrim

NASA Won't Change James Webb Telescope's Controversial Name - CNET

The agency releases its investigation into former NASA administrator James Webb.

from CNET https://ift.tt/P0zDLpe

Best Ellipticals for Low-Impact Workouts - CNET

Get the most effective workout with these cardio machines.

from CNET https://ift.tt/uEb9jfK

Best Android VPN 2022 - CNET

These are the best virtual private networks for protecting your privacy on your Android mobile device.

from CNET https://ift.tt/hcYzH5a

Don't Use a Knife to Slice Cake. This Tool Is Faster and Cleaner - CNET

Grab this one thing from your medicine cabinet to cut your cake, mess-free.

from CNET https://ift.tt/w6LQ2Ap

Best VPN for Windows - CNET

You don't have to compromise when looking for the best virtual private network.

from CNET https://ift.tt/p7UnCcB

Do You Need a Credit Card? - CNET

A credit card can benefit most people, but you need to be aware of the risks.

from CNET https://ift.tt/T902utJ

Dell Drops the Xbox Series S to All-Time Low of $235 With This Black Friday Deal - CNET

You can't beat this price on the all-digital, compact, next-gen console from Microsoft -- but it probably won't last long.

from CNET https://ift.tt/Z3nTqdc

Latest Tech News

The Hive ransomware group crossed a major milestone earlier this week, the Cybersecurity Infrastructure and Security Agency (CISA) said in a joint press release, published together with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS).

According to the statement, since June 2021 the group managed to infect more than 1,300 companies with its ransomware variant and raked in north of $100 million for its efforts. 

What’s more, the group doesn’t seem to take no for an answer. The three agencies discovered Hive reinfecting those victims that choose to restore their networks instead of paying the ransom demand. 

Reinfecting rebellious victims

"Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment," the press release reads.

Hive also casts a relatively wide net, when in search of new victims. While it is somewhat focused on Healthcare and Public Health (PHP) organizations, it does enjoy an occasional government entity, communications firm, or IT company. 

Read more

> Stay safe from malware with these best removal tools

> What is ransomware and how does it work?

> Weekend ransomware attacks might end up being more expensive

The three organizations are generally against paying the ransom demand, as that does not guarantee they’ll get the decryption key, or the stolen data back. On the flip side, it will most definitely motivate the group (and other, similar groups, too) to continue attacking, continue deploying ransomware, and continue asking for more money. 

Instead, they urge the victims to report the attack to their local FBI field office or reach out to CISA via email. 

These reports, it says in the release, will help law enforcement gather key data that’s needed to stay on Hive’s trail, disrupt potential future attacks, and ultimately - bring the threat actors to justice. 

Hive was first spotted in the early summer of last year. 

• These are the best firewalls right now

Via BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/vCdzGRb

Latest Gadgets News

Elon Musk, in a tweet on Friday, announced his decision to reinstate some Twitter accounts, including those belonging to Kathy Griffin, Jordan Peterson & Babylon Bee. The Tesla CEO, however, mentioned that there has been no decision yet to bring back US former President Donald Trump to Twitter.

from Gadgets 360 https://ift.tt/7Hn0KDF

Latest Tech News

Cybersecurity researchers from Akamai have spotted a new phishing campaign that targets consumers in the United States with fake holiday offers. The goal of the campaign is to steal sensitive identity credentials like credit card information, and ultimately their money.

The threat actors are creating landing pages that impersonate some of the biggest brands in the US, including Dick’s, Tumi, Delta Airlines, Sam’s Club, Costco, and others.

The landing page, often hosted on reputable cloud services like Google, or Azure, directs users to complete a short survey, after which they’d be promised a prize. The survey would also be time-limited to five minutes, using urgency to draw people’s attention away from potential red flags. 

Unique phishing URLs

After completing the survey, the victims would be pronounced “winners”. The only thing they’d now need to do, in order to receive their prize, is to pay for the shipping. This is where they’d give away their sensitive payment information, to be later used by the attackers in different ways. 

However, what makes this campaign unique is its token-based system that allows it to fly under the radar and not get picked up by cybersecurity solutions. 

As the researchers explain, the system helps redirect each victim to a unique phishing page URL. The URLs differ based on the victim’s location, as crooks look to impersonate locally available brands. 

Read more

> Check out our list of the best malware removal tools right now

> Phishing attacks are getting more and more sophisticated

> The most popular brand for phishing attacks might surprise you

Explaining how the system works, the researchers said each phishing email contains a link to the landing page, that comes with an anchor (#). This is usually how visitors are navigated to specific parts of a landing page. In this scenario, the tag is a token, used by JavaSCript on the landing page, which reconstructs the URL. 

"The values being after the HTML anchor will not be considered as HTTP parameters and will not be sent to the server, yet this value will be accessible by JavaScript code running on the victim's browser," the researchers said. "In the context of a phishing scam, the value placed after the HTML anchor might be ignored or overlooked when scanned by security products that are verifying whether it is malicious or not."

"This value will also be missed if viewed by a traffic inspection tool."

Cybersecurity solutions overlook this token, helping threat actors keep a low profile. On the other hand, researchers, analysts, and other unwanted visitors, are kept away, as, without the proper token, the site won’t load. 

• Check out the best antivirus right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/wUzW5AC

Latest Tech News

Amazon Web Services is upping the ante on the security front with new and important changes for AWS and Identity and Access Management (IAM) users. Announcing the changes in a blog post published earlier this week, the company’s Liam Wadman and Khaled Zaky announced that users can now add more than one multi-factor authentication (MFA) device to AWS account root users, and IAM users in their AWS accounts. 

Up until now, there could only have been one MFA endpoint associated with root users or IAM users, but now Amazon brought it up to eight, a change which “raises the security bar”, as the authors put it. 

To register multiple MFA devices, in any combination of the currently supported MFA types, these are the steps:

• Sign in to the AWS Management Console
• If setting up for a root user, choose My Security Credentials.
• If setting up for an IAM user, choose Security credentials.
• For Multi-factor authentication (MFA), choose Assign MFA device.
• Select the type of MFA device that you want to use and then choose Next.

Available today

Having multiple MFA devices active doesn’t mean they all need to confirm someone’s login session, though. Only one MFA device is needed to sign in to the console, or to create a session through the AWS Command Line Interface (AWS CLI) as that principal, the authors explained.

Read more

> AWS will start offering some customers free USB security keys

> Your AWS S3 instance may not be as secure as you hope

> These are the best identity theft protection services available

Furthermore, this upgrade doesn’t warrant any changes in the permissions. Both root and IAM users in the accounts that manage MFA devices today can use their existing IAM permissions to enable extra devices. 

With the exception of customers operating in AWS GovCloud (US) Regions, or the AWS China Regions, the new feature is now available, with no additional cost to use. 

Multi-factor authentication is widely considered one of the most important features of a secure account for any online services. This technology complements password managers and has been rolled out across billions of accounts worldwide including the biggest service providers - Google, Facebook, Microsoft and more.

• Here's the best password recovery software right now

from TechRadar - All the latest technology news https://ift.tt/gVebOa2

WhatsApp Launches Business Directory Feature, Lays Groundwork for In-App Purchases - CNET

Meta says eventually it wants to enable people to find, message and buy from a business within WhatsApp chats.

from CNET https://ift.tt/bOAHxY2

Latest Tech News

NVIDIA and Microsoft are collaborating on a new cloud-based AI-focused supercomputer, which they claim will be "one of the most powerful in the world" when complete.

The new machine will leverage the supercomputing infrastructure of Microsoft Azure combined with NVIDIA GPUs, networking, and AI software. It's set to contain ND- and NC-series virtual machines specifically designed for AI distributed training and inference. 

The companies claim the project represents the first public cloud to incorporate NVIDIA’s full AI stack and will add tens of thousands of NVIDIA A100 and H100 GPUs, NVIDIA Quantum-2 400Gb/s InfiniBand networking, and the NVIDIA AI Enterprise software suite to its platform.

How will it be used?

The firms said the new machine will be used to help enterprises train, deploy and scale AI, including large models.

NVIDIA is also set to utilize Azure’s scalable virtual machine instances to research and further advances in generative AI. 

READ MORE:

> Nvidia is making a 3D map of the universe with the world’s most powerful AI supercomputer

> HPE is building a rapid AI supercomputer powered by the world's largest CPU

> Our guide to the best workstations 

This is an emerging area of AI in which foundational models like Megatron Turing NLG 530B provide the basis for unsupervised, self-learning algorithms to create new text, code, digital images, video or audio.

The companies will also collaborate to optimize Microsoft’s DeepSpeed deep optimization software and NVIDIA’s full stack of AI workflows and software development kits, optimized for Azure, will be made available to Azure enterprise customers.

“AI technology advances as well as industry adoption are accelerating. The breakthrough of foundation models has triggered a tidal wave of research, fostered new startups and enabled new enterprise applications,” said Manuvir Das, vice president of enterprise computing at NVIDIA.

It's not just Microsoft that is looking towards Nvidia to power its latest AI innovations.

Oracle and Nvidia announced a collaboration at Oracle Cloud World 2022. It will see tens of thousands of Nvidia GPUs, such as the A100 and upcoming H100, supporting Oracle Cloud Infrastructure (OCI).

• Interested in hosting more of your AI projects in the cloud? Check out our guide to the best cloud hosting providers.

from TechRadar - All the latest technology news https://ift.tt/r8vkbG1