Showing only posts tagged Tech. Show all posts.

QNAP firmware update leaves NAS owners locked out of their boxes

Source

A recent firmware pushed to QNAP network attached storage (NAS) devices left a number of owners unable to access their storage systems. The company has pulled back the firmware and issued a fixed version, but the company's response has left some users feeling less confident in the boxes into …

Proton is taking its privacy-first apps to a nonprofit foundation model

Source

Enlarge (credit: Getty Images) Proton, the secure-minded email and productivity suite, is becoming a nonprofit foundation, but it doesn't want you to think about it in the way you think about other notable privacy and web foundations. "We believe that if we want to bring about large-scale change, Proton …

UK outlaws awful default passwords on connected devices

Source

Enlarge (credit: Getty Images) If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password "password." In fact, you're not supposed to have default passwords at all. A new version of the 2022 Product Security …

Framework’s software and firmware have been a mess, but it’s working on them

Source

Enlarge / The Framework Laptop 13. (credit: Andrew Cunningham) Since Framework showed off its first prototypes in February 2021, we've generally been fans of the company's modular, repairable, upgradeable laptops. Not that the company's hardware releases to date have been perfect—each Framework Laptop 13 model has had quirks and …

Avast ordered to stop selling browsing data from its browsing privacy apps

Source

Enlarge (credit: Getty Images) Avast, a name known for its security research and antivirus apps, has long offered Chrome extensions, mobile apps, and other tools aimed at increasing privacy. Avast's apps would "block annoying tracking cookies that collect data on your browsing activities," and prevent web services from "tracking …

Nginx core developer quits project in security dispute, starts “freenginx” fork

Source

Enlarge (credit: Getty Images) A core developer of Nginx, currently the world's most popular web server, has quit the project, stating that he no longer sees it as "a free and open source project... for the public good." His fork, freenginx, is "going to be run by developers, and …

CD-indexing cue files are the core of a serious Linux remote code exploit

Source

Enlarge / Cue files used to be much better-known, back when we all used CD-Rs to make legal backup copies of material that we owned outright. (credit: Getty Images) It has been a very long time since the average computer user thought about.cue files, or cue sheets, the metadata …

Google’s $30-per-month “Duet” AI will craft awkward emails, images for you

Source

Enlarge (credit: Getty Images / Benj Edwards ) On Tuesday, Google announced the launch of its Duet AI assistant across its Workspace apps, including Docs, Gmail, Drive, Slides, and more. First announced in May at Google I/O, Duet has been in testing for some time, but it is now available …

“Downfall” bug affects years of Intel CPUs, can leak encryption keys and more

Source

Enlarge / An 8th-generation Intel Core desktop CPU, one of several CPU generations affected by the Downfall bug. (credit: Mark Walton) It's a big week for CPU security vulnerabilities. Yesterday, different security researchers published details on two different vulnerabilities, one affecting multiple generations of Intel processors and another affecting the …

AI researchers claim 93% accuracy in detecting keystrokes over Zoom audio

Source

Enlarge / Some people hate to hear other people's keyboards on video calls, but AI-backed side channel attackers? They say crank that gain. (credit: Getty Images) By recording keystrokes and training a deep learning model, three researchers claim to have achieved upwards of 90 percent accuracy in interpreting remote keystrokes …

Encryption-breaking, password-leaking bug in many AMD CPUs could take months to fix

Source

Enlarge (credit: AMD) A recently disclosed bug in many of AMD's newer consumer, workstation, and server processors can cause the chips to leak data at a rate of up to 30 kilobytes per core per second, writes Tavis Ormandy, a member of Google's Project Zero security team. Executed properly …

Millions of PC motherboards were sold with a firmware backdoor

Source

Enlarge (credit: BeeBright/Getty Images) Hiding malicious programs in a computer’s UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden backdoor in …

Eufy publicly acknowledges some parts of its “No clouds” controversy

Source

Enlarge / Eufy's security arm has publicly addressed some of the most important claims about the company's local-focused systems, but those who bought into the "no clouds" claims may not be fully assured. (credit: Eufy) Eufy, the Anker brand that positioned its security cameras as prioritizing "local storage" and "No …

New Mac app wants to record everything you do—so you can “rewind” it later

Source

Enlarge / Rewind reportedly lets you search your Mac's usage history for what you've seen, said, or heard. (credit: Rewind AI) Yesterday, a company called Rewind AI announced a self-titled software product for Macs with Apple Silicon that reportedly keeps a highly compressed, searchable record of everything you do locally …

New Mac app wants to record everything you do—so you can “rewind” it later [Updated]

Source

Enlarge / Rewind reportedly lets you search your Mac's usage history for what you've seen, said, or heard. (credit: Rewind AI) Yesterday, a company called Rewind AI announced a self-titled software product for Macs with Apple Silicon that reportedly keeps a highly compressed, searchable record of everything you do locally …

OpenSSL 3 patch, once Heartbleed-level “critical,” arrives as a lesser “high”

Source

Enlarge / The fallout of an OpenSSL vulnerability, initially listed as "critical," should be much less severe than that of the last critical OpenSSL bug, Heartbleed. An OpenSSL vulnerability once signaled as the first critical-level patch since the Internet-reshaping Heartbleed bug has just been patched. It ultimately arrived as a …

Cloudflare’s CAPTCHA replacement lacks crosswalks, checkboxes, Google

Source

Enlarge / CAPTCHAs are meant to prevent these kinds of browsing scenarios, not train us all to better recognize vehicles and infrastructure in grainy photos. (credit: Getty Images) Cloudflare has recently made an audacious claim: We could all be doing something better with our lives than deciding which images contain …

Apps can pose bigger security, privacy threat based on where you download them

Source

Enlarge (credit: https://www.gettyimages.com/detail/news-photo/blinkee-city-rental-scooter-is-seen-in-warsaw-poland-on-news-photo/1031626648 ) Google and Apple have removed hundreds of apps from their app stores at the request of governments around the world, creating regional disparities in access to mobile apps at a time when many economies are becoming increasingly dependent on …

10 malicious Python packages exposed in latest repository attack

Source

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images) Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries …

Small businesses count cost of Apple’s privacy changes

Source

Enlarge (credit: Kentaroo Tryman | Getty Images ) Small businesses are cutting back marketing spending due to Apple’s sweeping privacy changes that have made it harder to target new customers online, in a growing trend that has led to billions of dollars in lost revenues for platforms like Facebook. Apple …

DuckDuckGo wants to stop apps tracking you on Android

Source

Enlarge / Gabriel Weinberg, creator of DuckDuckGo. (credit: Washington Post | Getty Images) At the end of April, Apple’s introduction of App Tracking Transparency tools shook the advertising industry to its core. iPhone and iPad owners could now stop apps from tracking their behavior and using their data for personalized …

Researcher refuses Telegram’s bounty award, discloses auto-delete bug

Source

Enlarge (credit: Joshua Sortino ) Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time—and an offered $1,159 (€1,000 …

Hundreds of scam apps hit over 10 million Android devices

Source

Enlarge / Never put a GriftHorse on your phone. (credit: John Lamparsky | Getty Images) Google has taken increasingly sophisticated steps to keep malicious apps out of Google Play. But a new round of takedowns involving about 200 apps and more than 10 million potential victims shows that this longtime problem …

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Source

Enlarge (credit: Aurich Lawson | Getty Images) Apple has released several security updates this week to patch a "FORCEDENTRY" vulnerability on iOS devices. The "zero-click, zero-day" vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists …

Nude hunt: LA phisherman accessed 4,700 iCloud accounts, 620K photos

Source

Enlarge / The Internet is unfortunately packed full of criminals seeking to steal sexual (or sexualizable) images from privately held cloud backup accounts. (credit: 1905HKN via Getty Images / Jim Salter ) The LA Times reported this week that Los Angeles man Hao Kuo "David" Chi pled guilty to four federal felonies …

page 1 | older articles »