Latest Gadgets News

Google Voice will now make it more easy for a user to ignore spam calls with the launch of a new update. Google has now added a warning to its Voice feature which will alert the user by flagging “Suspected spam caller” label on calls that may seem suspicious.

from Gadgets 360 https://ift.tt/vrHheN9

Fitbit Charge 5 and Luxe Can't Sync with Samsung Phones on Android 13 - CNET

Fitbit says a fix is coming in early 2023.

from CNET https://ift.tt/zWgydKn

Questions Swirl About Potential Twitter Hack Affecting 400M Accounts - CNET

Twitter hasn't commented, though some security researchers have voiced concerns.

from CNET https://ift.tt/E1PV0Mr

The Best Christmas Movies on Netflix - CNET

You should really check out Klaus if you haven't already.

from CNET https://ift.tt/BnkGIoX

The Best New Christmas Movies on Hallmark - CNET

Try The Holiday Stocking, Ghosts of Christmas Always and A Holiday Spectacular.

from CNET https://ift.tt/bypeHnR

Latest Tech News

Data breaches could be even more expensive next year, a new report from Acronis has claimed.

Based on data collected from more than 750,000 unique endpoints, distributed around the world, the company's report claims the average cost of a data breach is expected to hit $5 million by next year. 

To make matters even worse - the researchers expect the number of breaches to increase significantly, as well. The threats from malicious and phishing emails rose by 60% year-on-year, they said.

New solutions for new attack methods

Furthermore, social engineering attacks rose in the last four months of the year as well, and now account for roughly 3% of all attacks. Leaked or stolen passwords and other credentials were the triggers for almost half of all reported cybersecurity incidents in H1 2022. 

“The last few months have proven to be as complex as ever – with new threats constantly emerging and malicious actors continuing to use the same proven playbook for big payouts,” said Candid Wüest, Acronis VP of Cyber Protection Research. 

“Organisations must prioritize all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year. Attackers are constantly evolving their methods, now using common security tools against us – like MFA that many companies rely on to protect their employees and businesses.”

Read more

> Here are the best security suites available right now

> What is phishing and how dangerous is it?

> Everything you need to know about phishing

In the third quarter of the year, the proportion of phishing attacks against malware attacks increased by 1.3 times, and now make up more than three-quarters (76%) of all email attacks (up from 58% in the first half of the year). 

The majority of the victims were located in the United States, but businesses in Germany and Brazil were also heavily targeted. Endpoints in South Korea, Jordan, and China, were the biggest malware targets, too.

Drilling deeper into the different industries that threat actors targeted with phishing and malicious emails, the researchers discovered construction, retail, real estate, professional services, and finance, as the verticals most frequently attacked. 

• Check out the best firewalls around

from TechRadar - All the latest technology news https://ift.tt/mj3AUqk

'Weather Whiplash' Is the New Normal. What It's Like Living Through It - CNET

First came the fires this year, then the floods.

from CNET https://ift.tt/rvqBplQ

Latest Tech News

Many Citrix ADC and Gateway servers remain vulnerable to high-severity flaws that were reportedly patched by the company weeks ago, experts have claimed.

In early November 2022, Citrix uncovered and patched an “Unauthorized access to Gateway user capabilities” flaw, since tracked as CVE-2022-27510. Affecting both products, it allows an attacker to gain authorized access to target endpoints, take over the devices remotely, and bypass the device’s brute force login protection.

Roughly a month later, in mid-December, the company fixed an “Unauthenticated remote arbitrary code execution” flaw, since tracked as CVE-2022-27518. This one allows threat actors to execute malicious code on the target endpoint, remotely.

NSA warning

Both have a 9.8/10 severity score, and at least one of them was abused in the wild as a zero-day, researchers from NCC Group’s Fox IT team claim.

In fact, the US National Security Agency (NSA) warned in early December, that a hacking collective backed by the Chinese state was exploiting the latter vulnerability as a zero-day security flaw. 

Back then, in an official blog post, chief security and trust officer at Citrix Peter Lefkowitz claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved.

Sometimes referred to as Manganese,  this group of threat actors has apparently explicitly targeted networks running these Citrix applications to break through organizational security without first having to steal credentials via social engineering and phishing attacks. 

Read more

> Citrix urges admins to patch these dangerous flaws immediately

> NSA warns Citrix devices are under attack from Chinese hackers, so update now

> Check out the best SMB server options at the moment

The researchers have also said that while the majority of endpoints had been patched since the release of the fixes, there are “thousands” of vulnerable servers out there. As of November 11 2022, at least 28,000 Citrix servers were found to have been at risk.

“We hope this blog creates extra awareness for these two Citrix CVEs and that our research on version identification contributes to future studies,” the researchers concluded.

• These are the best firewalls around

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/2v6WXx9

4 Prime Membership Perks That Make Your Amazon Echo More Useful in 2023 - CNET

Here are all the perks you get when you have an Amazon Echo and Prime membership.

from CNET https://ift.tt/RZQPtDW

Why 2022 Was Taylor Swift's Most Epically Creative Year Yet - CNET

Commentary: The star has truly entered her Renaissance woman of the arts era.

from CNET https://ift.tt/Y7omtST

Heating an Older Home Is Expensive. Here's How to Slash Your Bill - CNET

We've got some easy tips to help you keep your older or period property warmer this winter.

from CNET https://ift.tt/xTNCHto

You May Be Owed Money From a False Advertising Settlement if You Use Wesson Oil - CNET

A federal judge gave preliminary approval in November to a $3 million payout to consumers who purchased Wesson Oil.

from CNET https://ift.tt/CNIHPbh

LG to Unveil New, Flat Smartphone Camera Module at CES - CNET

The new camera includes a telephoto lens with up to 9x zoom and takes the "bump" out of smartphone cameras.

from CNET https://ift.tt/KEFdAIM

Latest Tech News

A new malware variant has been detected that is capable of listening to a users’ calls, recognizing a callers’ gender and identity, and even recognizing, to some degree, what’s being said. 

Fortunately, the good news is that the malware is part of a research experiment done by white hats and poses no risk to smartphone users (at the time).

Researchers from five universities in the United States - Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University - teamed up and built EarSpy. 

Abusing the hardware

EarSpy is a side-channel attack that abuses the fact that smartphone speakers, motion sensors, and gyroscopes, had gotten better over the years.

The malware tries to read the data captured by motion sensors, as the endpoint’s ear speakers reverberate during a conversation. In earlier years, this wasn’t a viable attack vector as the speakers and sensors weren’t that powerful. 

To prove their point, the researchers used two smartphones - one from 2016, and one from 2019. The difference in the amount of data gathered was quite obvious.

To test if the data could be used to identify the caller’s gender and recognize the speech, the researchers used a OnePlus 7T device, and a OnePlus 9 device.

Read more

 > Some of the most basic Android apps might be spying on you more than you'd think

> Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping

> These are the best privacy tools right now 

Caller gender identification on the former was between 77.7% and 98.7%, while the caller’s identification between 63.0% and 91.2%. Speech recognition danced between 51.8% and 56.4%.

“As there are ten different classes here, the accuracy still exhibits five times greater accuracy than a random guess, which implies that vibration due to the ear speaker induced a reasonable amount of distinguishable impact on accelerometer data,” the researchers explained in the whitepaper.

The researchers were also able to guess the caller’s gender quite well on the OnePlus 9 smartphone (88.7% on average), but identification fell to an average of 73.6%. Speech recognition fell between 33.3% and 41.6%.

•  Here’s our take on the best Android antivirus apps today

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/oR42zLq

The First COLA Increase Comes to SSI Beneficiaries This Week - CNET

Next year's cost-of-living adjustment arrives at the end of December for Supplemental Security Income recipients.

from CNET https://ift.tt/JxBAp86