How to Watch, Stream Georgia vs. Ohio State in the Peach Bowl Today Without Cable - CNET

The Bulldogs and Buckeyes meet in Atlanta on New Year's Eve in the semifinals of the College Football Playoff.

from CNET https://ift.tt/ejz3tHp

Credit Card Mistakes You Shouldn't Repeat in 2023 - CNET

Improve your finances in the new year by avoiding some of the most common credit card mistakes.

from CNET https://ift.tt/zTQr7YH

How to Watch, Stream Michigan vs. TCU in the Fiesta Bowl Today Without Cable - CNET

The Wolverines and Horned Frogs meet in the desert on New Year's Eve in the semifinals of the College Football Playoff.

from CNET https://ift.tt/TvVRh0Z

Trump Tax Returns Released Online via Ways and Means Committee - CNET

After years of roadblocks, the former president's tax forms are available to view.

from CNET https://ift.tt/u4eEhjn

Taylor Swift Just Had Her Most Epically Creative Year Yet - CNET

Commentary: The star has truly entered her Renaissance woman of the arts era.

from CNET https://ift.tt/vBbpeRS

Latest Tech News

Cryptocurrency trading platform 3Commas has confirmed it suffered a data breach that saw API data stolen.

As per the announcement, an unknown threat actor posted 3Commas’ API database to Pastebin, on December 28. 

After analyzing the database, the company confirmed its authenticity, saying “at this point, 3Commas can unfortunately confirm that some of 3Commas’ users’ API data (API keys, secrets and passphrases) have been disclosed by a third party”. 

Stolen money

While the leaks revolve around API data at the moment, 3Commas’ does not exclude the possibility of other data being taken, as well: “Currently and to the best of our knowledge only API data have been disclosed as part of this incident. As a likely consequence the hacker(s) may use or may have used the API data to connect your exchange accounts to his/their account and/or initiate unauthorized trades,” it says.

In a notice sent to its users via email and a blog post, the company says it has made strides to protect its users and their funds, and reported the issue to relevant law enforcement agencies, including the FBI. 

As per a BleepingComputer report, a set of 10,000 API keys were leaked, which is just 10% of the 100,000-big database. These keys are usually used by 3Commas bots to automatically interact with crypto exchange platforms, make trades and generate profit, without user interaction.

Reacting to the news, 3Commas urged all supported exchanges (including some of the biggest ones - Binance, Coinbase, and Kucoin) to revoke all API keys connected to the platform. The company also urged all users to reissue their keys on all linked endpoints personally.

Read more

> Huge crypto exchange hack sees $600m stolen

> Binance says at least $100 million stolen in blockchain attack

> Check out the best ID theft protection solutions right now

Investigating the leak further, the company eliminated the possibility of this being an inside job: “Only a small number of technical employees had access to the infrastructure, and we have taken steps since November 19 to remove their access,” the company said in a Twitter post. 

“Since then, we have implemented new security measures, and we will not stop there; we are launching a full investigation in which law enforcement will be involved,” the company added.

But the damage has already been done. Apparently, threat actors have been abusing leaked API keys since November, and have managed to steal some $6 million worth of cryptocurrencies so far. 

• These are the best firewalls right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/GOtsZ1U

Latest Gadgets News

Google Voice will now make it more easy for a user to ignore spam calls with the launch of a new update. Google has now added a warning to its Voice feature which will alert the user by flagging “Suspected spam caller” label on calls that may seem suspicious.

from Gadgets 360 https://ift.tt/vrHheN9

Fitbit Charge 5 and Luxe Can't Sync with Samsung Phones on Android 13 - CNET

Fitbit says a fix is coming in early 2023.

from CNET https://ift.tt/zWgydKn

Questions Swirl About Potential Twitter Hack Affecting 400M Accounts - CNET

Twitter hasn't commented, though some security researchers have voiced concerns.

from CNET https://ift.tt/E1PV0Mr

The Best Christmas Movies on Netflix - CNET

You should really check out Klaus if you haven't already.

from CNET https://ift.tt/BnkGIoX

The Best New Christmas Movies on Hallmark - CNET

Try The Holiday Stocking, Ghosts of Christmas Always and A Holiday Spectacular.

from CNET https://ift.tt/bypeHnR

Latest Tech News

Data breaches could be even more expensive next year, a new report from Acronis has claimed.

Based on data collected from more than 750,000 unique endpoints, distributed around the world, the company's report claims the average cost of a data breach is expected to hit $5 million by next year. 

To make matters even worse - the researchers expect the number of breaches to increase significantly, as well. The threats from malicious and phishing emails rose by 60% year-on-year, they said.

New solutions for new attack methods

Furthermore, social engineering attacks rose in the last four months of the year as well, and now account for roughly 3% of all attacks. Leaked or stolen passwords and other credentials were the triggers for almost half of all reported cybersecurity incidents in H1 2022. 

“The last few months have proven to be as complex as ever – with new threats constantly emerging and malicious actors continuing to use the same proven playbook for big payouts,” said Candid Wüest, Acronis VP of Cyber Protection Research. 

“Organisations must prioritize all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year. Attackers are constantly evolving their methods, now using common security tools against us – like MFA that many companies rely on to protect their employees and businesses.”

Read more

> Here are the best security suites available right now

> What is phishing and how dangerous is it?

> Everything you need to know about phishing

In the third quarter of the year, the proportion of phishing attacks against malware attacks increased by 1.3 times, and now make up more than three-quarters (76%) of all email attacks (up from 58% in the first half of the year). 

The majority of the victims were located in the United States, but businesses in Germany and Brazil were also heavily targeted. Endpoints in South Korea, Jordan, and China, were the biggest malware targets, too.

Drilling deeper into the different industries that threat actors targeted with phishing and malicious emails, the researchers discovered construction, retail, real estate, professional services, and finance, as the verticals most frequently attacked. 

• Check out the best firewalls around

from TechRadar - All the latest technology news https://ift.tt/mj3AUqk

'Weather Whiplash' Is the New Normal. What It's Like Living Through It - CNET

First came the fires this year, then the floods.

from CNET https://ift.tt/rvqBplQ

Latest Tech News

Many Citrix ADC and Gateway servers remain vulnerable to high-severity flaws that were reportedly patched by the company weeks ago, experts have claimed.

In early November 2022, Citrix uncovered and patched an “Unauthorized access to Gateway user capabilities” flaw, since tracked as CVE-2022-27510. Affecting both products, it allows an attacker to gain authorized access to target endpoints, take over the devices remotely, and bypass the device’s brute force login protection.

Roughly a month later, in mid-December, the company fixed an “Unauthenticated remote arbitrary code execution” flaw, since tracked as CVE-2022-27518. This one allows threat actors to execute malicious code on the target endpoint, remotely.

NSA warning

Both have a 9.8/10 severity score, and at least one of them was abused in the wild as a zero-day, researchers from NCC Group’s Fox IT team claim.

In fact, the US National Security Agency (NSA) warned in early December, that a hacking collective backed by the Chinese state was exploiting the latter vulnerability as a zero-day security flaw. 

Back then, in an official blog post, chief security and trust officer at Citrix Peter Lefkowitz claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved.

Sometimes referred to as Manganese,  this group of threat actors has apparently explicitly targeted networks running these Citrix applications to break through organizational security without first having to steal credentials via social engineering and phishing attacks. 

Read more

> Citrix urges admins to patch these dangerous flaws immediately

> NSA warns Citrix devices are under attack from Chinese hackers, so update now

> Check out the best SMB server options at the moment

The researchers have also said that while the majority of endpoints had been patched since the release of the fixes, there are “thousands” of vulnerable servers out there. As of November 11 2022, at least 28,000 Citrix servers were found to have been at risk.

“We hope this blog creates extra awareness for these two Citrix CVEs and that our research on version identification contributes to future studies,” the researchers concluded.

• These are the best firewalls around

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/2v6WXx9

4 Prime Membership Perks That Make Your Amazon Echo More Useful in 2023 - CNET

Here are all the perks you get when you have an Amazon Echo and Prime membership.

from CNET https://ift.tt/RZQPtDW