Best Verizon Phone for 2022 - CNET

These are the best phones available on Verizon right now.

from CNET https://ift.tt/VhCU7S6

Why 'Santa Should Phase Out Coal' for Naughty Kids This Christmas - CNET

One pediatrician has a plea.

from CNET https://ift.tt/CAzoypj

Latest Tech News

A vulnerability more serious than EternalBlue was sitting in Windows for some time, before being finally discovered and patched, experts have revealed. 

For those with shorter memory, EternalBlue was an NSA-built zero-day for Windows which gave birth to WannaCry, possibly the most devastating global ransomware threat to ever emerge.

Researchers from IBM, which discovered the flaw, said that it was even more potent as it resided in a wider range of network protocols, giving threat actors more flexibility when conducting their attacks.

Three-month headway

The flaw, tracked as CVE-2022-37958, isn’t exactly new, as it was discovered - and patched - three months ago. 

The news is that no one - not the researchers, not Microsoft issuing the patch - knew exactly how dangerous it really was. In reality, it allows threat actors to run malicious code without the need for authentication. Furthermore, it’s wormable, allowing threat actors to trigger a chain reaction of self-multiplying exploits on other vulnerable endpoints. In other words, the malware abusing the flaw could spread across devices like wildfire. 

Discussing the findings with Ars Technica, Valentina Palmiotti, the IBM security researcher who discovered the code-execution vulnerability, said an attacker could trigger the vulnerability via “any Windows application protocol that authenticates.”

“For example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop. Some other examples include Internet exposed Microsoft IIS servers and SMTP servers that have Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched.”

Read more

> NotPetya attack - three years on, what have we learned?

> Ethical hackers show that Windows 10 isn’t immune to WannaCry

> These are the best malware removal tools around

When Microsoft first patched it three months ago, it believed the flaw could only allow threat actors to grab some sensitive information from the device, and as such, labeled it as “important”. Now, the company amended the rating, labeling it as “critical”, with a severity score of 8.1.

Unlike EternalBlue, which was a zero-day and left security experts and software makers scrambling to build a fix, the patch for this flaw has been available for three months now, so its effects should be somewhat limited. 

• Here's our rundown of the best firewalls on the market today

Via: Ars Technica

from TechRadar - All the latest technology news https://ift.tt/SyeJmqP

Wyze Outdoor Cam v2 Review: Few but Impactful Improvements - CNET

It isn't much different or much more expensive than the previous outdoor camera from Wyze, but it's a noticeable upgrade nonetheless.

from CNET https://ift.tt/1Ay0TgF

Latest Tech News

Password sharing on streaming services is nothing new, and Netflix’s attempts to limit the practice in recent months are well-documented. Now, though, new piracy guidance issued by the British government suggests anyone sharing passwords in the UK could be in breach of copyright law – and even face criminal charges for fraud. 

As first reported by TorrentFreak, Britain’s Intellectual Property Office (IPO) has updated its piracy guidance to assert that “password sharing on streaming services” – which includes the likes of Netflix, Prime Video and Disney Plus – can legally be deemed an act that “break[s] copyright law.” 

TorrentFreak reached out to the IPO for clarification on the legalities of password sharing, and the agency replied as follows: “There are a range of provisions in criminal and civil law which may be applicable in the case of password sharing where the intent is to allow a user to access copyright protected works without payment.”

“These provisions may include breach of contractual terms, fraud or secondary copyright infringement depending on the circumstances," the IPO continued. 

In other words, those sharing streaming service passwords in the UK could legally be prosecuted for fraud and/or breaches of copyright law – though it’s worth noting that the likelihood, in our opinion, is very slim. 

(Image credit: Shutterstock / Elliott Cowand Jr)

For starters, the bar for what constitutes an act of fraud in the UK is low. The country’s 2006 Fraud Act notes that using the “services of a members’ club without paying and without being a member” is deemed fraud, as is posting “chargeable data or software over the internet without paying.” Both offences are commonplace – how many times have you reposted someone else’s work on social media? – and although the practice of password sharing could fall into either category, it’s highly unlikely that the Crown Prosecution Service would pursue anyone for wanting to share Stranger Things with their friends.

Publicly aligning with such draconian action would also spell reputational disaster for streaming services that have actively encouraged password sharing in the past (as recently as 2017, Netflix tweeted “love is sharing a password").

However, while password sharing isn’t likely to put you behind bars in the UK or anywhere else any time soon, the British government’s official line on the legalities of such behavior will give Netflix the confidence – and the legal mandate – to follow through with its ambitious plans to introduce account sharing surcharges in 2023. 

It wouldn’t be a surprise to see the likes of Prime Video and Disney Plus follow suit, too, if Netflix’s drastic action reaps a significant revenue boost in the months following its rollout. 

For more Netflix-related content, check out our breakdown of Netflix's cheaper, ad-supported tier, as well as its new remote logout feature. 

from TechRadar - All the latest technology news https://ift.tt/6Z825PR

Latest Tech News

Hundreds of Android applications being distributed through the Google Play Store have been found leaking Application Programming Interface (API) keys, putting users at risk of identity theft and other threats.

The risks were found by cybersecurity researchers at CloudSEK, who used the company’s BeVigil security search engine to analyze 600 applications on the Play Store.

Overall, the team found half (50%) were leaking API keys of three top transaction and email marketing service providers, putting users at risk of fraud or scams.

MailChimp, SendGrid, MailGun

CloudSEK found the apps were leaking APIs from MailChimp, SendGrid, and Mailgun, allowing potential threat actors to send emails, delete the API keys, and even modify multi-factor authentication (MFA). CloudSEK has since notified the apps’ developers of its findings.

Between them, the apps were downloaded by 54 million people, which are now at risk. Most of the potential victims are located in the United States, with the UK, Spain, Russia, and India, also accounting for a hefty portion. 

“In modern software architecture, APIs integrate new application components into existing architecture. So its security has become imperative,” commented CloudSEK. “Software developers must avoid embedding API keys into their applications and should follow secure coding and deployment practices like standardize review procedures, rotate keys, hide keys and use vault.”

Read more

> Remove viruses and ransomware with the best malware protection services around

> AWS APIs can be abused to leak information

> These popular mobile apps are leaking some very valuable information

Between the three services, MailChimp is arguably the biggest, and by leaking MailChimp API keys, app developers would allow threat actors to read email conversation, exfiltrate customer data, grab email lists, run email campaigns of their own, and manipulate promotional codes.

Furthermore, hackers could authorize third-party apps connected to a MailChimp account. In total, the researchers identified 319 API keys, with more than a quarter (28%) being valid. Twelve keys allowed for email reading, it was added. 

Leaking MailGun API keys also allows threat actors to send and read emails, but also to get Simple Mail Transfer Protocol (SMTP) credentials, IP addresses, as well as various statistics. Furthermore, they’d be able to exfiltrate customer mailing lists, as well.

SendGrid, on the other hand, is a communication platform that helps companies deliver transactional and marketing emails through a cloud-based email delivery platform. With an API leak, hackers would be able to send emails, create API keys, and control IP addresses used to access accounts.

• Keep your business safe with the best endpoint protection

Via: Infosecurity Magazine

from TechRadar - All the latest technology news https://ift.tt/v3dseiT

Latest Gadgets News

OnePlus 11 5G and the OnePlus Buds Pro 2 are scheduled to launch at the company’s Cloud 11 event next year. The Shenzhen-based company, in an official announcement, revealed the details of the upcoming OnePlus Cloud 11 launch event, which is scheduled to take place on February 7, 2023.

from Gadgets 360 https://ift.tt/n0yjQOc

Apple TV Plus: Every New TV Show Arriving in December - CNET

Here's a complete list of shows coming in December.

from CNET https://ift.tt/axQD9MO

Latest Tech News

Apple is looking increasingly likely to miss its projected 2022 deadline for completing the transition to using its own silicon processors across the entirety of the Mac product line, with the enterprise-aimed Mac Pro being the last to follow.

As highlighted by Bloomberg’s Mark Gurman, the path to Mac Pros powered by Apple’s custom M-series chip, which would allow iOS apps to run natively in macOS, and otherwise result in increased performance gains and decreased power consumption, has been a difficult one.

Reasons cited for the delay include relocation of manufacturing to avoid additional tariffs on goods manufactured in China, continued redesigns of the M-chips to include an “Extreme” variant, and fears of skyrocketing costs to customers.

Mac Pro M2 delay

As addressed by Gurman, Apple’s plans to move its line of high end workstations to Apple silicon began with the introduction of its M1 chip in 2020. 

Plans were made for a unique processor that, across two configurations of the Mac Pro product, would combine the power of either two or four M1 Max chips, the most powerful chip available in the Macbook Pro line at the time.

However, the Mac line of computers has not benefited from simplicity, and the dual M1 Max chip, which became known as the M1 Ultra, ended up launching with the Mac Studio, a line marketed towards creatives and others who rely on resource-heavy processes.

An M2 Ultra chip promising additional performance gains is reportedly in development, but hopes for a further M2 Extreme chip, that Gurman speculates would likely have offered “up to 48 CPU cores and 152 graphics cores” by being four M2 Max chips stuck together seem, according to him, to be dead in the water.

The biggest barriers to Mac Pros running on appears to be cost of production, and to customers. 

The complex nature of the architecture of the most powerful Apple silicon, that would give Mac Pros their unique selling point, is expensive enough without production having been relocated to Texas during the Trump presidency.

The two primary reasons for the move were for Apple to evade increased tariffs on Chinese imports and uphold a public commitment to grow the US economy - both of which point to a PR exercise, and one that is costing them the ability for a painless switching to its own silicon.

Gurman claims that an M2 Extreme version of a Mac Pro would “probably” cost “at least” $10,000 per unit, which would not be cost-effective even regardless of an ongoing recession.

Read more

> Check out our list of the best business Macs right now

> Sorry Apple fans, the next MacBook Pro likely won't get M2 Pro or M2 Max chips

> Apple announces the new super-efficient M2 chip at WWDC 2022

Putting aside the conjecture, the Mac Pro is in a difficult place as a product. It has to offer better performance than all other Macs, which is complicated by the existence of the Mac Studio, but is a niche offering, only especially relevant to enterprise customers that need the extra power.

At the moment, only Intel-powered Mac Pros continue to only be available. There will probably be another entry in the line, but it may not appear for some time, and still not be powered exclusively by Apple's own silicon.

•  Here’s our list of the best mobile workstations right now 

from TechRadar - All the latest technology news https://ift.tt/RaSp4Wx

Latest Gadgets News

Samsung Galaxy A04 and Galaxy A04e are launched in India. The handsets ship with a MediaTek Helio P35 SoC coupled with up to 4GB of RAM, a 5,000mAh battery, and more. Samsung Galaxy A04e is available in Black, Blue, and Copper color options.

from Gadgets 360 https://ift.tt/LqDYG4M

Scientists Now Know Why Coyotes Unexpectedly Killed a Human in 2009 - CNET

When a pack of coyotes attacked a hiker in 2009, it became the first recorded instance of coyotes killing an adult in North America.

from CNET https://ift.tt/gkZ04oR

Apple's iPhone 15 Isn't the Only Exciting Phone Coming in 2023 - CNET

Samsung, Google and OnePlus have new phones in the works too. Here are the top ones to watch based on rumors so far.

from CNET https://ift.tt/CzWu6jR

Cardinals vs. Broncos Livestream: How to Watch NFL Week 15 Online Today - CNET

Want to watch the Arizona Cardinals take on the Denver Broncos? Here's everything you need to stream Sunday's afternoon game on Fox.

from CNET https://ift.tt/ELAylhe

You Can Order Free COVID Tests From USPS Again. Here's How - CNET

The Postal Service will start shipping tests to households on Monday. Learn how many you can get and when they'll arrive.

from CNET https://ift.tt/sjJNryp

DoorDash, Uber Eats or Grubhub: This Is the Cheapest Way to Get Your Lunch - CNET

We did the math to find the most affordable food delivery app.

from CNET https://ift.tt/olAWhft