Latest Tech News

Hundreds of Android applications being distributed through the Google Play Store have been found leaking Application Programming Interface (API) keys, putting users at risk of identity theft and other threats.

The risks were found by cybersecurity researchers at CloudSEK, who used the company’s BeVigil security search engine to analyze 600 applications on the Play Store.

Overall, the team found half (50%) were leaking API keys of three top transaction and email marketing service providers, putting users at risk of fraud or scams.

MailChimp, SendGrid, MailGun

CloudSEK found the apps were leaking APIs from MailChimp, SendGrid, and Mailgun, allowing potential threat actors to send emails, delete the API keys, and even modify multi-factor authentication (MFA). CloudSEK has since notified the apps’ developers of its findings.

Between them, the apps were downloaded by 54 million people, which are now at risk. Most of the potential victims are located in the United States, with the UK, Spain, Russia, and India, also accounting for a hefty portion. 

“In modern software architecture, APIs integrate new application components into existing architecture. So its security has become imperative,” commented CloudSEK. “Software developers must avoid embedding API keys into their applications and should follow secure coding and deployment practices like standardize review procedures, rotate keys, hide keys and use vault.”

Read more

> Remove viruses and ransomware with the best malware protection services around

> AWS APIs can be abused to leak information

> These popular mobile apps are leaking some very valuable information

Between the three services, MailChimp is arguably the biggest, and by leaking MailChimp API keys, app developers would allow threat actors to read email conversation, exfiltrate customer data, grab email lists, run email campaigns of their own, and manipulate promotional codes.

Furthermore, hackers could authorize third-party apps connected to a MailChimp account. In total, the researchers identified 319 API keys, with more than a quarter (28%) being valid. Twelve keys allowed for email reading, it was added. 

Leaking MailGun API keys also allows threat actors to send and read emails, but also to get Simple Mail Transfer Protocol (SMTP) credentials, IP addresses, as well as various statistics. Furthermore, they’d be able to exfiltrate customer mailing lists, as well.

SendGrid, on the other hand, is a communication platform that helps companies deliver transactional and marketing emails through a cloud-based email delivery platform. With an API leak, hackers would be able to send emails, create API keys, and control IP addresses used to access accounts.

• Keep your business safe with the best endpoint protection

Via: Infosecurity Magazine

from TechRadar - All the latest technology news https://ift.tt/v3dseiT

Latest Gadgets News

OnePlus 11 5G and the OnePlus Buds Pro 2 are scheduled to launch at the company’s Cloud 11 event next year. The Shenzhen-based company, in an official announcement, revealed the details of the upcoming OnePlus Cloud 11 launch event, which is scheduled to take place on February 7, 2023.

from Gadgets 360 https://ift.tt/n0yjQOc

Apple TV Plus: Every New TV Show Arriving in December - CNET

Here's a complete list of shows coming in December.

from CNET https://ift.tt/axQD9MO

Latest Tech News

Apple is looking increasingly likely to miss its projected 2022 deadline for completing the transition to using its own silicon processors across the entirety of the Mac product line, with the enterprise-aimed Mac Pro being the last to follow.

As highlighted by Bloomberg’s Mark Gurman, the path to Mac Pros powered by Apple’s custom M-series chip, which would allow iOS apps to run natively in macOS, and otherwise result in increased performance gains and decreased power consumption, has been a difficult one.

Reasons cited for the delay include relocation of manufacturing to avoid additional tariffs on goods manufactured in China, continued redesigns of the M-chips to include an “Extreme” variant, and fears of skyrocketing costs to customers.

Mac Pro M2 delay

As addressed by Gurman, Apple’s plans to move its line of high end workstations to Apple silicon began with the introduction of its M1 chip in 2020. 

Plans were made for a unique processor that, across two configurations of the Mac Pro product, would combine the power of either two or four M1 Max chips, the most powerful chip available in the Macbook Pro line at the time.

However, the Mac line of computers has not benefited from simplicity, and the dual M1 Max chip, which became known as the M1 Ultra, ended up launching with the Mac Studio, a line marketed towards creatives and others who rely on resource-heavy processes.

An M2 Ultra chip promising additional performance gains is reportedly in development, but hopes for a further M2 Extreme chip, that Gurman speculates would likely have offered “up to 48 CPU cores and 152 graphics cores” by being four M2 Max chips stuck together seem, according to him, to be dead in the water.

The biggest barriers to Mac Pros running on appears to be cost of production, and to customers. 

The complex nature of the architecture of the most powerful Apple silicon, that would give Mac Pros their unique selling point, is expensive enough without production having been relocated to Texas during the Trump presidency.

The two primary reasons for the move were for Apple to evade increased tariffs on Chinese imports and uphold a public commitment to grow the US economy - both of which point to a PR exercise, and one that is costing them the ability for a painless switching to its own silicon.

Gurman claims that an M2 Extreme version of a Mac Pro would “probably” cost “at least” $10,000 per unit, which would not be cost-effective even regardless of an ongoing recession.

Read more

> Check out our list of the best business Macs right now

> Sorry Apple fans, the next MacBook Pro likely won't get M2 Pro or M2 Max chips

> Apple announces the new super-efficient M2 chip at WWDC 2022

Putting aside the conjecture, the Mac Pro is in a difficult place as a product. It has to offer better performance than all other Macs, which is complicated by the existence of the Mac Studio, but is a niche offering, only especially relevant to enterprise customers that need the extra power.

At the moment, only Intel-powered Mac Pros continue to only be available. There will probably be another entry in the line, but it may not appear for some time, and still not be powered exclusively by Apple's own silicon.

•  Here’s our list of the best mobile workstations right now 

from TechRadar - All the latest technology news https://ift.tt/RaSp4Wx

Latest Gadgets News

Samsung Galaxy A04 and Galaxy A04e are launched in India. The handsets ship with a MediaTek Helio P35 SoC coupled with up to 4GB of RAM, a 5,000mAh battery, and more. Samsung Galaxy A04e is available in Black, Blue, and Copper color options.

from Gadgets 360 https://ift.tt/LqDYG4M

Scientists Now Know Why Coyotes Unexpectedly Killed a Human in 2009 - CNET

When a pack of coyotes attacked a hiker in 2009, it became the first recorded instance of coyotes killing an adult in North America.

from CNET https://ift.tt/gkZ04oR

Apple's iPhone 15 Isn't the Only Exciting Phone Coming in 2023 - CNET

Samsung, Google and OnePlus have new phones in the works too. Here are the top ones to watch based on rumors so far.

from CNET https://ift.tt/CzWu6jR

Cardinals vs. Broncos Livestream: How to Watch NFL Week 15 Online Today - CNET

Want to watch the Arizona Cardinals take on the Denver Broncos? Here's everything you need to stream Sunday's afternoon game on Fox.

from CNET https://ift.tt/ELAylhe

You Can Order Free COVID Tests From USPS Again. Here's How - CNET

The Postal Service will start shipping tests to households on Monday. Learn how many you can get and when they'll arrive.

from CNET https://ift.tt/sjJNryp

DoorDash, Uber Eats or Grubhub: This Is the Cheapest Way to Get Your Lunch - CNET

We did the math to find the most affordable food delivery app.

from CNET https://ift.tt/olAWhft

The Rising Cost of Pregnancy: What Can Parents Do About It? - CNET

Pregnant parents find their own solutions to high out-of-pocket costs when health insurance falls short.

from CNET https://ift.tt/h65AiUf

12 Kitchen Tools Under $25 I Can't Live Without -- and How to Use Them - CNET

These must-have items are everything I want in a workhorse tool. They're inexpensive, versatile and easy to store, use and clean.

from CNET https://ift.tt/nGhBdDF

The Absolute Best Fantasy Movies on Netflix - CNET

Netflix's fantasy options range from pure magic to touching allegories of the human condition.

from CNET https://ift.tt/UGkm3x6

On Twitter, Suspended Journalists' Accounts Begin Reappearing - CNET

After conducting a public poll via Twitter, Elon Musk says the suspensions are being lifted.

from CNET https://ift.tt/YGOLT29

Best High-Speed Internet Service Providers - CNET

When only the fastest home internet service will do, look to these top ISPs for gigabit and multi-gigabit internet plans.

from CNET https://ift.tt/QLoK1Na