Search This Blog

Showing posts with label Technology. Show all posts

Here's All you Need to Know About Instagram Reels; Launched Globally in Over 50 Countries


As TikTok fell prey to extensive criticism and was labeled as a 'threat to security' by governments, resulting in the banning of the popular video-sharing platform, the creators have long ago started weighing what's next!

In the wake of TikTok's future succumbing to uncertainties, Instagram has rolled out a new feature 'Reels', that appear to be in direct competition with what TikTok had to offer.

Starting today, Instagram is launching "Reels" feature for its users in more than 50 countries, it is seen as a remarkable and well-timed attempt by Instagram to capitalize upon the global turmoil in the creative sphere of social media. It's also a potential opportunity for Instagram to expand its identity from a photo app to a video entertainment platform.

With the expansion, now the feature will be available in major international markets including India, the U.S., the U.K., France, Brazil, Germany, Australia, Mexico, Spain, Argentina, Japan, and many others.

In a similar manner like TikTok, Instagram Reels will allow people to create mini-clips with music that they can share with their followers, these short-form videos will be discoverable while users browse the "Explore" tab on Instagram.

Reels let users record 15 seconds long video clips and add filters, effects, and popular music onto them, the feature is entirely embedded inside Instagram's original app and is not to be mistaken for being an add-on or a separate app. It is not a different world altogether like TikTok or Vine, but just 'yet another thing' one can do on Instagram.

While announcing the release of "Reels", the company said in a blog, "It's a new way to create and discover short, entertaining videos on Instagram."

"Reels invites you to create fun videos to share with your friends or anyone on Instagram. Record and edit 15-second multi-clip videos with audio, effects, and new creative tools. You can share reels with your followers on Feed, and, if you have a public account, make them available to the wider Instagram community through a new space in Explore. Reels in Explore offers anyone the chance to become a creator on Instagram and reach new audiences on a global stage."

How to Create Reels?


"Select Reels at the bottom of the Instagram camera. You'll see a variety of creative editing tools on the left side of your screen to help create your reel, including:"

"Audio: Search for a song from the Instagram music library. You can also use your own original audio by simply recording a reel with it. When you share a reel with original audio, your audio will be attributed to you, and if you have a public account, people can create reels with your audio by selecting “Use Audio” from your reel.

AR Effects: Select one of the many effects in our effect gallery, created both by Instagram and creators all over the world, to record multiple clips with different effects.

Timer and Countdown: Set the timer to record any of your clips hands-free. Once you press record, you’ll see a 3-2-1 countdown, before recording begins for the amount of time you selected.

Align: Line up objects from your previous clip before recording your next to help create seamless transitions for moments like outfit changes or adding new friends into your reel.

Speed: Choose to speed up or slow down part of the video or audio you selected. This can help you stay on a beat or make slow-motion videos." Instagram explained in the blog.

IBM announces 1000 STEM internship opportunities for students


Petrarch once said, "Sameness is the mother of disgust, variety the cure". And we as a society believe quite strongly in diversity, it is the core of our harmonious existence; even research proves that diverse companies produce 19% more revenue. Most companies today give considerable weightage to being diverse and inclusive, one of them being IBM.

IBM, a highly innovative and research-focused company has always been inclusive in its approach with its ingenious programs like "creating new pathways to science, technology, engineering and math careers with Pathways in Technology Early College High School also known as P-TECH".

 "The fight against racism and racial inequality is as urgent as ever. Despite much progress since the Civil Rights movement, Black people are still significantly affected by poverty, unemployment, segregated housing, and other injustices in the United States.", they wrote on their website.

And with the same thought, IBM has announced to provide 1000 internships for the United States P-TECH students instead of the 150 they used to earlier.

"At IBM, one way we are taking action in advocating for social justice and racial equality is by advancing education, skills, and jobs. Today, as part of our ongoing efforts, we are pleased to announce the creation of 1,000 paid internships for P-TECH students in the United States from now until December 31, 2021. This commitment is a 10x incremental increase from our most recent internship goals." announced the company.

P-TECH is a unique program by IBM, where students from grade 9-11 are prepared with STEM training, mentorship, and work experience. The students earn a high school diploma, a two-year associate degree and work experience, and ample opportunities to enter the tech field. STEM, a science, technology, engineering, and mathematics field has lead the global innovation bar but it is also a field where still minorities are much unrepresented and IBM steps to endeavor this issue with their 1000 free internships program.

 "We aspire to create more open and equitable pathways to employment for all regardless of background. It’s about generating the skills and training that lead to good jobs. We will continue the fight to bring new faces to the tech industry that truly reflect the demographics of our communities.", IBM writes on P-TECH programs announcing the new internship opportunities.

Litigation Firm Discovers a New Phishing Scam Falsely Purporting To Be From Leading UK Supermarket


A litigation firm discovered a new phishing scam falsely indicating to be from a leading UK supermarket Tesco. 

The scam had utilized SMS and email communication planned to fool customers into handling over their subtleties, and steal classified and payment data. 

The fraud started through an official-looking but fake Facebook page entitled 'Tesco UK' which shared images implying to be from a Tesco warehouse, showing stuffed boxes of HD television sets. 

As per Griffin Law, the litigation firm, the message stated: “We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.” 

The firm stated that at least some 100 customers had responded to the Facebook page or received an email.

The original fake Tesco Facebook page is currently listed as 'content unavailable.' It was the clueless users who had due to immense excitement shared the post helped it to spread before receiving an email offering them the opportunity to 'claim their prize.' 

A button in the message connected victims to a landing page to enter their name, place of residence, phone number, and the bank account details. 

Tim Sadler, Chief, Tessian, stated: As the lines between people in our ‘known’ network and our ‘unknown’ networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can’t trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people’s vulnerabilities." 

Although Sadler empathized with the people who are struggling financially in the wake of the [COVID-19] pandemic and henceforth the proposal of a free television could be appealing to them.

However, he advises the users to consistently scrutinize the authenticity of these certain messages and consistently confirm the requestor's offer before tapping on the link and refrain from asking for trouble.

VPN Services Reportedly Leaked Around 1.2TB User Data Containing Sensitive Information


A recent discovery by a tech service company has taken the world by storm. The VPN services may not be as protected and secure as they guarantee to be, the company reveals that around 894GB of client information and data from UFO VPN has been exposed on the web.

This was proved true for eight quite well-known VPN services that have purportedly released a mammoth 1.2TB of client information. These VPN applications are as yet accessible on the Google Play Store with just one removed until now.

The leaked info contains subtleties like accounts passwords, VPN session secrets/tokens, IP addresses of both client devices and servers, and even the operating system of the devices.

As per by Comparitech, the tech service company responsible for the discovery,  more than 20 million client entries are included in the logs every day.

The VPN specialist co-op was likewise informed regarding the information spill yet denied any such claims. UFO VPN said that the client logs are saved for traffic monitoring and that every last bit of it is 'anonymized'.

It was later found that there are seven more Hong Kong-based VPN administrations that have around 1.2TB of client information out in the open online.

The list incorporates FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN, and UFO VPN as well. Found by VPNmentor, it was discovered that all these VPN services share a typical Elasticsearch server and also the same recipient for payments, Dreamfii HK Limited.

The information uncovered from these VPN administrations contain sensitive data like home addresses, Bitcoin and PayPal payment details, email addresses and passwords, user names, and more. Dreamfii HK is expected to be the parent company for all these VPN services.

As of now, these VPN applications are as yet accessible on the Play Store, and only Rabbit VPN has been removed.

Pavel Durov called on Apple to oblige to install different application stores


Apple should allow users to install apps not only from its own App Store. This opinion was expressed by the founder of Telegram messenger Pavel Durov. According to him, Tim Cook (CEO of Apple) should be obligated to this at the legislative level.

The day before, high-ranking Telegram Manager, Vice President of the company founded by Pavel Durov, Ilya Perekopsky, spoke at a panel discussion with Russian Prime Minister Mikhail Mishustin and representatives of the IT industry in Innopolis. He said that Apple and Google are holding back the development of startups by charging a tax of a 30 percent Commission from app developers. Almost simultaneously with Perekopsky's speech, Durov published an article in which he called for Apple to be legally obliged to install an alternative App Store on the iPhone.

Durov is sure that if this is not done, then app developers, in particular, from Russia, will be forced to sell their startups for little money. At the same time, Apple's capitalization will only grow.
“Preventing two supranational corporations from collecting taxes from all of humanity is not an easy task. Corporations employ thousands of lobbyists, lawyers, and PR agents, and their budgets are unlimited. At the same time, app developers are scattered and scared, as the fate of their projects depends entirely on the favor of Apple and Google," wrote Pavel Durov.

The head of the TelecomDaily information and analytical agency Denis Kuskov noted that changing the market is quite difficult because these two companies are leading it. Therefore, Durov needs to accept this fact.

Durov recalled that in 2016, Apple banned the Telegram team from launching its own game platform: "We had to remove the telegram games catalog that we had already created and almost the entire platform interface, otherwise Apple threatened to remove Telegram from the AppStore." According to Durov, in a similar way the iPhone manufacturer does with many other developers.

Telegraph service was unblocked in Russia


Russia stopped blocking the popular Telegram messenger almost a month ago. However, the related Telegraph service continued to be blocked. Now Russia has also unblocked the Telegraph platform for publishing and creating articles. 

The Telegraph platform was launched by the Telegram team in November 2016. It is designed to quickly create and publish articles, notes, and other similar content, a link to which can then be easily shared. Registration is not required for publication.

The blocking of the Telegra[.]ph service in Russia began at the end of 2018, a little later than the Telegram messenger.

According to the Roskomsvoboda resource, which closely monitors the registry of blocked sites, all pages with the Telegra.ph domain, which were blocked in Russia by the decision of a particular authority, are now excluded from the blocking registry. The last two similar pages were removed from the blacklist only on July 11.

It is interesting to note, according to Press Secretary of the President of Russia Dmitry Peskov, the cancellation of restrictions on access to the Telegram messenger in Russia is perceived positively in the Kremlin, as it is in line with the course of President Vladimir Putin on the development of the high-tech industry.

The Press Secretary of the Head of State also noted as a positive fact the participation of heads of the company that owns the messenger in government events on the development of the IT industry.
Recall that in Russia since April 2018, Telegram was blocked for non-compliance with the requirements for providing encryption keys, but during the coronavirus pandemic, the government began to use the messenger to distribute official information. In this regard, the State Duma even introduced a bill to unblock Telegram.  On June 18, Roskomnadzor decided to remove restrictions on access to the messenger, the creator of which, Pavel Durov, congratulated the Russians on this event.

The Need for Smart Cities in the Post-Pandemic World


Due to coronavirus pandemic, there has been a lockdown worldwide, and it seems, the streets and the normal life has been put on hold. While many people have complained about not getting to go out and enjoy, some people have also cherished their times at home and say it is a good thing, as it has caused the betterment of the environment and planet earth. Going through this current phase, the common question is, 'What happens after all this ends?' And more importantly, 'The concept of smart cities making these improvements permanent.'


This lockdown showed the importance of technology during times of crisis and has raised the question about the future of smart cities. In Singapore, drones were used to ensure people followed the social distancing protocol. Whereas in North Carolina, drones had delivered emergency health supplies to hospitals and people at home. Daniel Rus, a scientist at MIT, and her lab designed a robot used to disinfect food banks in Boston.

In an interview with BBC News, Daniel said that robots are playing a vital role in the fight against the pandemic. According to her, robots might play an essential role in the future when smart cities are built. In the present times, the cities gather data from sensors all over the city, such as traffic lights, lamp posts, or cameras. The data obtained helps determine the AQI (Air Quality Index) and the traffic situation in an area, all of which allows the human life. The lockdown made people realize the importance of such data. For instance, for the first time, people want to know the transport that has come in and went out of the city. They want to know whether the people around them are healthy or not.

Therefore, the post coronavirus world should consider whether they need such technology or not; that is, should the electric vehicles mandated in cities as they offer a better environment? Companies are starting to think about the "Work from Home" concept, as they have realized the additional resources and money that is spent on offices.

Microsoft Office 365 Users Targeted By a New Phishing Campaign Using Fake Zoom Notifications



As people across the world struggle to survive the onslaught of the corona pandemic by switching to the work-from-home criteria, the usage and demand of cloud-based communication platform providing users with audio and videoconferencing services have seen a sudden upsurge.

Zoom is one such platform that has from the beginning of 2020 has seen an extremely high increase of new monthly active users after a huge number of employees have adopted remote working.

However recently Microsoft Office 365 users are being targeted by a brand new phishing campaign that utilizes fake Zoom notifications to caution the users who work in corporate environments that their Zoom accounts have been suspended, with the ultimate goal of stealing Office 365 logins.

Reports are as such that those targeted by this campaign are all the more ready to believe in such emails during this time since the number of remote workers participating in daily online meetings through video conferencing platforms, as Zoom has definitely increased because of stay-at-home orders or lockdowns brought about by the pandemic.

 As of now the phishing campaign mimicking automated Zoom account suspension alerts has received by more than 50,000 mailboxes based on details given by researchers as email security company Abnormal Security who recognized these continuous attacks.

The phishing messages spoof an official Zoom email address and are intended to imitate a real automated Zoom notification.

Utilizing a spoofed email address and an email body practically free from any grammar blunders or typos (other than a self-evident 'zoom' rather than 'Zoom account') makes these phishing messages all the more persuading and conceivably more viable.

The utilization of a lively "Happy Zooming!" toward the end of the email could raise a few cautions however, as it doesn't exactly fit with the rest of the message's tone.




As soon as the users click the "Activate Account" button, they are redirected to a fake Microsoft login page through 'an intermediary hijacked site'.

On the phishing landing page, they are asked to include their Outlook credentials in a form intended to exfiltrate their account subtleties to attacked controlled servers.

On the off chance that they succumb to the attackers' tricks, the victims' Microsoft credentials will be utilized to assume full control for their accounts and all their data will be ready for the picking, later to be utilized as a part of identity theft and fraud schemes like the Business Email Compromise (BEC) attacks.

Despite the fact that the US Federal Bureau of Investigation (FBI) had warned of BEC abusing popular cloud email services, like Microsoft Office 365 and Google G Suite through Private Industry Notifications issued in March and in April.

Even after this, Office 365 users are continuously targeted by phishing campaigns with the ultimate objective of reaping their credentials.

Regardless Microsoft has warned of phishers' ongoing movement to new types of phishing strategies, like consent phishing, other than conventional email phishing and credential theft attacks.

Microsoft Partner Group PM Manager Agnieszka Girling says, "While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services,"

The company additionally has made a legal move to destroy some portion of the attack infrastructure used to host malignant 365 OAuth apps utilized in consent phishing to seize victims' Office 365 accounts.

Google Loses Control Over Blogspot.in, Millions of Sites Inaccessible


Google-owned 'blogspot.in', a blogging website also known as "Blogger" has become inaccessible to Indian users as Google appears to have lost its ownership over the domain.

Blogger.com is a free platform used by millions of users for blogging. As it used to fall under Google's ownership, one could link it to various other Google products such as Picasa, Google AdSense, and social network, Google+. The simplicity in accessibility made blogger widely popular; users just need a Google account to activate blogger.

People who were using Blogger for posting blogs faced issues while accessing their blogs, meanwhile, a number of web pages within the Indian domain became unreachable. According to a report by the Next Web, the issue occurred because of Google losing its ownership over the URLs Blogspot.in, however, the time when Google lost its control over the domain is not clearly known.

Referencing from the Next Web's report on the matter, "Whatever the reason might be, if I host a site or blog with Google, I would expect a company of this size to keep up and know when their domain name ownership expires,"

"If you use a blog regularly, an alternative is to host it on your own domain. But everyone might not want to do that just to keep things easy. And you’d expect Google Webmaster to do better," read the report.

One of the major issues faced by a million users was that the links that they have on put on several websites with the "Blogspot.in" domain became inaccessible. However, the blogs are still there, they were visible when users changed the URLs to blogspot.com. Chances are, this is just a temporary issue and would be taken care of by Google shortly, however, users who were using "Blogspot.in" domain will have to go through the trouble for now as the tech giant has not addressed the issue yet.

DDoSecrets Banned From Twitter ; But Has No Plans To Slow Down



For the past year and a half, a rather small group of activists known as Distributed Denial of Secrets, or DDoSecrets, has discreetly yet consistently released a flood of hacked and leaked documents, from Russian oligarchs' emails to the stolen communications of Chilean military leaders to shell company databases.

A few weeks ago, the group released its most prominent break yet: BlueLeaks, a 269-gigabyte collection of approximately a million police files provided to DDoSecrets by a source lined up with the hacktivist group Anonymous, spanning emails, audio files, and interagency updates pulled from law enforcement "fusion centers," which fill in as intelligence sharing hubs. 

As indicated by DDoSecrets, it speaks to the biggest ever release of hacked US police data. It might make DDoSecrets famous as the beneficiary to WikiLeaks' mission—or at least the one it clung to in its previously more optimistic years—and the inheritor of its ceaseless battles against critics and censors. "Our role is to archive and publish leaked and hacked data of potential public interest," writes the group's co-founder, Emma Best, a longtime transparency activist, in a text message interview. "We want to inspire people to come forward, and release accurate information regardless of its source." 

As the media's focus developed around the BlueLeaks release, Twitter proceeded to ban the group's account, referring to a policy that it doesn't permit the distribution of hacked data. 

The company caught up with a significantly progressively step, eliminating tweets that link to the DDoSecrets website, which keeps up an accessible database of the entirety of its leaks, and suspending a few accounts retroactively for linking to the group's material. 

Be that as it may, DDoSecrets, an organization with no proper address and whose careful budgeting runs for the most part on donations, is as yet strategizing a reaction and the best workaround to further 'publicize its leaks' —conceivably moving to Telegram or Reddit—however has no goal of letting the ban stop its work. Together with BlueLeaks, however, DDoSecrets has, for the first time went ahead to release a significant leak of documents from US organizations, upping the ante. 

Activists and journalists going through the documents promptly discovered evidence that the FBI had monitored the social accounts of protesters for local law enforcement and tracked bitcoin donations to protest groups. The leak likewise incorporates personally recognizable data about police officers and in any event, banking details. 

However, Best, who has teamed up with WikiLeaks previously, relates to the pronouns they/them, says that DDoSecrets has gained from WikiLeaks' mistakes just as its successes. 

 She additionally blames Assange explicitly for attempting to conceal the fact that specific documents are provided by state-sponsored hackers, as when he implied that the documents take from the Democratic National Committee and the Clinton Campaign may have originated from murdered Clinton staff member Seth Rich. 

DDoSecrets is additionally taking an altogether different tack from WikiLeaks in securing the anonymity of sources. As it has quit facilitating a WikiLeaks-style submission system on a server secured by the anonymity software Tor, as WikiLeaks and most other leaking sites have done. 

The methodology hints that the group considers principled hackers to be as its core sources as opposed to non-specialized leakers or informants within companies says Gabriella Coleman, a hacker-focused anthropologist at McGill University who composed a fundamental book on the hacktivist group Anonymous and is rather friendly with a portion of DDoSecrets' staff.

Nonetheless, as experts have spoken out on this issue it is clearly evident that the Twitter ban following its BlueLeaks publication represents a major setback for the group.

Firefox Web Browser Launching Its Own Paid VPN Service



The Firefox Private Network service launched in beta just the previous year as a browser extension for desktop versions of the Firefox web browser is all set to be renamed as Mozilla VPN.

According to a blog post, Mozilla VPN will move out of the beta and be available as a standalone service later this year with select regions, which will include the United States.

The VPN will be accessible for $4.99 every month and the user will have the option to utilize around five devices with a similar account. Mozilla specifies this pricing is just temporary yet has not clarified whether the price will be increased or new plans introduced for fewer devices.

Mozilla VPN will be launched as a standalone and system-wide VPN service for Android, iOS, Windows, ChromeOS, macOS, and Linux platforms throughout the next few weeks.

While the Android, iOS, Windows, and Chromebook clients will be available at first, Mozilla is likewise chipping away at Mac and Linux clients which have additionally been requested by the beta testers.

Mozilla, as opposed to other web browser makers like Opera, isn't offering the service for nothing. They claim that a paid service will permit the organization to continue offering the service without benefiting from users’ data.

The service, in its current form as Firefox Private Network, is fuelled by Mullvad VPN and has servers in excess of 30 nations. It runs on the WireGuard standard that offers more privacy and better execution when contrasted with customary standards like OpenVPN being another protocol; it may not be as steady as the 'legacy' ones.

In the event that the user wishes to be a part of the beta testing or express interest for the service to be accessible in their region, they can join the waitlist by signing up the official website of the Firefox Private Network VPN and they will be notified whenever Firefox Private Network is accessible for their device and region.

The link of which is provided below: https://fpn.firefox.com/vpn/invite 

CSIRO's Data61 Developed Voice Liveness Detection 'Void' to Safeguard Users Against Voice Spoofing Attacks


Spoofing attacks that impersonate user's devices to steal data, spread malware, or bypass access controls are becoming increasingly popular as the threat actors expand their horizon with the improvisation of various types of spoofing attacks. Especially, voice spoofing attacks that have been on a rise as more and more voice technologies are being equipped to send messages, navigate through smart home devices, shop online, or to make use of net banking.

In a joint effort for the aforementioned concern, Samsung Research and South Korea's Sungkyunwan University and Commonwealth Scientific and Industrial Research Organisation's (CSIRO) Data61, came up with 'the voice liveness detection' (Void) to keep users safe against voice spoofing attacks.

In order to detect the liveness of a voice, Void gains insights from a visual representation of the spectrum of frequencies known as 'spectrograms' – it makes the functionality of void a little less complex compared to other voice spoofing methods that rely on deep learning models, as per Data61.

How Void helps in detecting hackers spoofing a system? 

The void can be inserted in consumers' voice assistance software or smartphones in order to spot the difference between 'a voice replayed using a speaker' and 'a live human voice', by doing so it can easily identify when a cybercriminal attempts to spoof a user's system.

While giving further related insights, Muhammad Ejaz Ahmed, a cybersecurity research scientist at Data61, told, “Although voice spoofing is known as one of the easiest attacks to perform as it simply involves a recording of the victim’s voice, it is incredibly difficult to detect because the recorded voice has similar characteristics to the victim’s live voice,” he said.

“Void is a game-changing technology that allows for more efficient and accurate detection helping to prevent people’s voice commands from being misused.”

One Of Tech Giant Oracle’s Many Start-ups Uses Tracking Tech to Follow Users around the Web


The multinational computer technology corporation Oracle has spent almost 10 years and billions of dollars purchasing startups to fabricate its own one of a kind ‘panopticon’ of users' browsing data.

One of those startups which Oracle bought for somewhat over $400 million in 2014, BlueKai, is scarcely known outside marketing circles; however, it amassed probably the biggest bank of web tracking data outside of the federal government.

By utilizing website cookies and other tracking tech to pursue the user around the web, by knowing which sites the user visits and which emails they open, BlueKai does it all.

BlueKai is supposedly known to depend intensely on vacuuming up a 'never-ending' supply of information from an assortment of sources to comprehend patterns to convey the most exact ads to an individual's interests.

The startup utilizes increasingly clandestine strategies like permitting websites to insert undetectable pixel-sized pictures to gather data about the user when they open the page — hardware, operating system, browser, and any data about the network connection.

Hence it wouldn't be wrong to say that the more BlueKai gathers, the more it can infer about the user, making it simpler to target them with ads that may lure them to that 'magic money-making click'.

Marketers regularly utilize this immense amount of tracking data to gather as much about the user as could reasonably be expected — their income, education, political views, and interests to name a few — so as to target them with ads that should coordinate their apparent tastes.

But since a server was left unsecured for a time, that web tracking data was spilling out onto the open internet without a password and at last ended up uncovering billions of records for anybody to discover.

Luckily security researcher Anurag Sen found the database and detailed his finding to Oracle through an intermediary — Roi Carthy, chief executive at cybersecurity firm Hudson Rock and former TechCrunch reporter.

Oracle spokesperson Deborah Hellinger says, “Oracle is aware of the report made by Roi Carthy of Hudson Rock related to certain BlueKai records potentially exposed on the Internet. While the initial information provided by the researcher did not contain enough information to identify an affected system, Oracle’s investigation has subsequently determined that two companies did not properly configure their services. Oracle has taken additional measures to avoid a reoccurrence of this issue.”

Subsequent to reviewing into the information shared by Sen, names, home addresses, email addresses, and other identifiable data was discovered in the database.

The information likewise uncovered sensitive users' web browsing activity — from purchases to newsletter unsubscribes.

While Oracle didn't name the companies or state what those additional measures were and declined to respond to the inquiries or comment further. In any case, it is clearly evident that the sheer size of the exposed database makes this one of the biggest security 'lapses' by this year.

SMS System Now A Long-Gone Era; Google Brings Out A New Update



With the rise of encrypted alternatives of SMS messages, WhatsApp, iMessage, and Signal, the SMS system has become a 'throwback to a long-gone era'. 

But ironically, that same SMS system has additionally been on the rise as the default delivery mechanism for most two-factor authentication (2FA) codes. 

The issue is being viewed as a critical one in light of the fact that an SMS is delivered to a phone number with no user authentication—biometric or password security efforts secure our physical devices, not our numbers, they are separated. 

What's more, this explanation alone clears a path for SIM-swapping, social engineering scams to take those six-digit codes, to malware that catches and exfiltrates screenshots of the approaching messages. For each one of those reasons, and a couple of additional, the advice is currently to avoid SMS-based 2FA if feasible for the user. 

But still,  if the user can tie 2FA to the biometric or password security of a known device, at that point this is a huge improvement. Apple does this splendidly. And Google is quick on making this the default also. 

In a blog post on June 16, Google confirmed “Starting on July 7 we will make phone verification prompts the primary 2-Step Verification (2SV) method for all eligible users.” 

Their plan fundamentally is to switch Google account holders to this setting, forestalling the majority, essentially defaulting to an SMS message or voice call. 

Yet, there's a drawback with this too , in light of the fact that all devices a user is logged into will receive the prompt, and that will require some rejigging for families sharing devices. Furthermore, users who have security keys won't see a change.

Phone prompt 2FA


In the event that the phone prompt doesn't work for the user, they can get away to an SMS during the verification process—however, Google doesn't recommend this. 

Further explaining that this move is both progressively secure and simpler, “as it avoids requiring users to manually enter a code received on another device.” 

In taking the decision to make this the "primary technique" for 2FA, Google says “We hope to help [users] take advantage of the additional security without having to manually change settings—though they can still use other methods of 2-Step Verification if they prefer.” 

For an attacker to spoof this system they will require physical access to one of the user's already logged-on devices where they will see the prompt. Users will likewise have the option to audit and remove devices they no longer need to gain access to this security option. 

Also, on the grounds that the prompt hits all logged-on, authorized devices all at once—user will straight away know whether an attempt is being made to open their account without their knowledge. 

Nonetheles, with the increasing utilization of multi-device access to our various platforms, it is an extraordinary thought to utilize an authentication device to verify another logon and this step by Google has without a doubt emerged as an incredible one in the direction way which should be followed by others as well.

Threats to U.S. Space Systems Multiply Rapidly; a Novel Approach Emerges For Protection



The increasing vulnerability of U.S. space systems lately has incited its rivals to begin with their development of mechanisms for disabling space assets as a method of 'hobbling the joint force' and subverting the economic performance of the nation.

The purpose of this progression is the dependence of America's military forces which are spread across the world for communications, navigation, reconnaissance, and weather forecasts and that the most critical infrastructure sectors in the U.S. economy depend on space frameworks for fundamental administrations.

As of late certain reports from intelligence agencies indicate that enemies have now started focusing not only on satellites, but also on the ground stations that control them, the links between the satellites and the stations, and the ability of the users to access certain services, like the Global Positioning System.

The reports depict various ways in which the U.S. space capabilities may be debased, from electronic jamming of signs to high-power lasers that visually impair sensors to physical attacks on control centers.

It is clearly evident that the dangers to the U.S. space system are increasing consistently, and cyber-attacks offer the broadest exhibit of alternatives to the greatest grouping of troublemakers. 

Against that background, just the previous month a national-security contractor ManTech, came up with a 'novel approach' to deal with protecting military, intelligent, and commercial space assets against cyber-attacks.

Dubbed as Space Range, and it permits users to 'replicate' space networks in a controlled environment with the goal that their vulnerability to cyber aggression can be evaluated. The $2 billion company headquartered in Northern Virginia, has been doing this kind of work for quite a while. It had created the defense department's first cyber test range in 2009, and three years ago even launched an Advanced Cyber Range Environment.

Space Range, which began on May 4, is unique in the sense that it permits profoundly talented cyber experts to attacks exact replicas of satellites, ground stations, uplinks/downlinks, and so forth in a hyper-realistic environment that is air-gapped from the outside world.

As a company press release puts it that gives players the “ability to find hidden vulnerabilities, misconfigurations and software bugs on precise network replications.” The entire framework depends on a software-defined infrastructure model that can be reconfigured in hours as opposed to weeks.

That good news when time and money of the users is concerned, however, the most significant feature of Space Range is that it offers engineers and operators a protected and legitimate setting where to practically investigate the 'hardening' of their overhead resources against cyber-attack.

Nevertheless, with space quickly turning into a field of extraordinary competition, there isn't a lot of uncertainty that the Pentagon's recently introduced Space Force will be 'robustly funded' going ahead.

ManTech's Space Range will in no time, probably transform into a significant tool in assisting the government and industry to figure out where training and hardening outlays should be concentrated.

All Windows Versions Hit By A Vulnerability; Attackers Take Full Control Over Computer




A vulnerability that existed in every single current Window versions allowing an attacker to misuse the Windows Group Policy feature to assume full control over a computer was recently dealt with by Microsoft. The administrators of the multinational technology can remotely deal with the entirety of the Windows devices on a system through the Group Policy feature.

This element permits the administrators to make a centralized global configuration policy for their organization that is pushed out to the entirety of the Windows devices on their network. The vulnerability was quite a serious one as it was capable enough to influence all Windows variants since Windows Server 2008.

These Group Policies allow an administrator to control how a computer can be utilized, like 'disabling settings in apps, prohibiting apps from running, enabling and disabling Windows features, and even deploying the same wallpaper on every Windows computer.'


To appropriately apply these new policies, the gpsvc service or 'Group Policy Client' service, is configured to run with 'system' privileges, which gives the same rights and permissions from the Administrator account.

However, Microsoft has already fixed the 'CVE-2020-1317 | Group Policy Elevation Privilege Vulnerability' discovered by cybersecurity firm CyberArk, who found a symlink attack against a file utilized for Group Policy updates to have access to elevated privileges.

"This vulnerability permits an unprivileged user in a domain environment to perform a file system attack which in turn would allow malicious users to evade anti-malware solutions, bypass security hardening, and could lead to severe damage in an organization network. This vulnerability could impact any Windows machine (2008 or higher), to escalate its privileges in a domain environment," CyberArk state in their report.

When playing out a group policy update that applies to the entirety of the devices in an organization, Windows will compose the new policies to a computer in a subfolder of the %LocalAppData% folder that any user, including a standard user, has permission.

Having full access to a file that is known to be utilized by a procedure with SYSTEM privileges, CyberArk found that they could come up with a symbolic link between the file to an RPC command that executes a DLL.

As the Group Policy Client service runs with SYSTEM privileges, when they endeavor to apply the policies in that file, it will rather execute any DLL the attackers need with SYSTEM privileges.

To trigger this vulnerability, a local attacker could execute the gpupdate.exe program, which plays out a manual group policy synchronization, and this command would then trigger the policy update and run an attacker's malevolent DLL.

As indicated by CyberArk, the full steps to ‘exploit’ this vulnerability would be as per the following:

  1. List the group policy GUIDs you have in C:\Users\user\AppData\Local\Microsoft\Group Policy\History\ 
  2. If you have multiple GUIDs check which directory was updated recently 
  3. Go inside this directory and into the sub-directory, which is the user SID. 
  4. Look at the latest modified directory; this will vary in your environment. In some cases, it can be the Printers directory. 
  5. Delete the file, Printers.xml, inside the Printers directory. 
  6. Create an NTFS mount point to \RPC Control + an Object Manager symlink with Printers.xml that points on C:\Windows\System32\whatever.dll 
  7. Open your favorite terminal and run gpupdate. 

"There you have it; an arbitrary create on arbitrary locations, you can also delete and modify system protected files by using this exploit. There is a small change in behavior that goes on based on your GPO objects (printers, devices, drives). Alas, all of them end up in EoP," CyberArk explains.

As this vulnerability affects millions, if not conceivably a billion devices, it's a very serious security flaw that ought to be addressed to by all Windows administrators as soon as possible.


Singapore’s Move to Facilitate Contact Tracing Amidst the Covid-19 Pandemic Rejected by Its Residents


While each country is attempting to stymie the outbreak of the disastrous coronavirus in different ways, Singapore attempted the same perhaps it wasn't a plan well thought off as the country attempted to come up with an inventive and a profoundly technological solution to battle the everyday rising cases of the virus.

Their arrangement included developing a wearable device that would be issued to each resident as an approach to facilitate contact tracing in the midst of the COVID-19 pandemic, however, the move, unfortunately, wasn't well-received by the citizens as it started an open objection with respect to their worries about their privacy.

An online petition titled “Singapore says 'No' to wearable devices for COVID-19 contact tracing", has thus to date, garnered in excess of 17,500 signatures.

The online petition describes the usage of such devices as "conspicuous encroachments upon our privileges to protection, individual space, and opportunity of development".

In words of Wilson Low, who started the petition on June 5, "All that is stopping the Singapore government from becoming a surveillance state is the advent and mandating the compulsory usage of such a wearable device. What comes next would be laws that state these devices must not be turned off [or] remain on a person at all times -- thus, sealing our fate as a police state.”

Singapore's Minister-in-Charge of the Smart Nation Initiative and Minister for Foreign Affairs, Vivian Balakrishnan, said during a parliament session Friday that while the government had introduced a contact tracing app earlier, TraceTogether, a wearable device was essential as it would not rely upon somebody possessing a smartphone.

His team however is developing and would “soon roll out a portable wearable device" keeping in mind the existing issues with the application, which didn't function well on Apple devices as the iOS operating system would suspend Bluetooth scanning when the app was running in the background.

He said that if the devices are proved to work viably, then they may be issued to each resident in Singapore, yet didn't expressly say that the government would make it obligatory for everybody to utilize it.

Wilson, however, was very determined upon proving his point as he wrote, “Even if we're not, we recognize the potential creation of a two-tiered society -- those who wear the devices versus [those] do who do not -- therein, and an open pass to engage in yet another form of prejudice and societal stratification.”

Later including, "The only thing that stops this device from potentially being allowed to track citizens' movements 24 by 7 are: if the wearable device runs out of power; if a counter-measure device that broadcasts a jamming signal masking the device's whereabouts; or if the person chooses to live 'off the grid' in total isolation, away from others and outside of any smartphone or device effective range.”

Numerous different residents also came to his support as they very openly expressed their concerns with respect to the potential execution of wearable devices, further taking to Balakrishnan's Facebook page to ask the legislature against taking this course.

One user Ian Chionh went so far as to accusing the government of utilizing the coronavirus as "an excuse" to put a tracking device on all residents on Facebook.

Wilson had likewise referenced something similar to these worries adding that "The government looks to the COVID-19 pandemic as the perfect excuse to realize what it has always envisioned for us, this country's populace: to surveil us with impunity, to track us without any technological inhibitions, and maintain a form of movement monitoring on each of us at all times and places. And to do so by decreeing it compulsory for all law-abiding persons to become 'recipients'."

Aside from TraceTogether, the Singapore government utilizes an advanced digital check-in tool, SafeEntry, to facilitate its contact tracing efforts.

The system gathers visitors' very own data, either through QR codes or barcode scans whenever they enter a venue, like supermarkets and workplaces. Information gathered through SafeEntry is retained for 25 days, just like TraceTogether's data retention policy.

The TraceTogether app was updated just the previous week to incorporate the registration of passports numbers for travelers visiting Singapore and barcode scans to support SafeEntry.

The nation however has begun with easing the restrictions, initially set up to check the spread of the virus - in phases as more and more businesses wish to resume with their operations over the following month.

Google Brings Up Nest for Advanced Protection Program, Will Provide Protection for High-Profile Targets like Politicians and Journalists


Due to a recent increase in device hacks, Google has decided to strengthen up its Nest security protections. The Nest smart home devices will provide account protection to the users that are always a high potential target. These can be journalists and politicians. The Advanced Protection Program was launched in 2017. When signing up for Google services, the program offered additional account protection features. The features were- restricting third-party access, providing malware protection, and offering security keys to prevent cyberattacks.


According to Google, the Nest has been launched because of top requests from the users. Smart home devices have become an easy target for hackers; it is because they are connected through the internet but lack basic safety protections. It has compelled the Government and the states to aid developers of these devices in increasing the security. If the hackers attack a smart home device and have access to it, they can control the camera, or infect the device using Botnet, which can turn off websites through junk traffick. However, Nest devices are considered to be the safest of all, but even they are vulnerable to hacking attacks.

After a series of cyberattacks against the nest devices were reported earlier this year, Google mandated Nest users to use the two-factor authentication. According to Google, the user accounts were not breached but said that the hackers could be using stolen passwords to target other Nest users in different breaches. We know that two-factor authentication provides an extra layer of security to the users, but according to Google, the new security improvements will be even better and more reliable.

According to the Washington Post, "tech companies have been aware of the threat of credential stuffing for years, but the way they think about it has evolved as it has become a bigger problem. There was once a sense that users should take responsibility for their security by refraining from using the same password on multiple websites. But as gigantic dumps of passwords have gotten more frequent, technology companies have found that it is not just a few inattentive customers who reuse the same passwords for different accounts — it's the majority of people online."

Apple Plans to Expand Cloud-Based Services, Enters Cloud Computing Space


Apple is planning to invest more in streamlines and increasing its cloud-based and software services like iCloud, Newsplus, and Apple Music. The expansion will go along with devices like iPads, MacBooks, and iPhones. To be entirely sure about the reliability of the cloud-based service on all the Apple devices, the company has decided to rely on AWS (Amazon Web Services) and the cloud division. AWS, as you might know, is a subunit of Amazon that offers cloud-space solutions. According to CNBC's findings, Apple is said to pay Amazon $30 Million monthly for its cloud-based services. It also means that Apple is one of the biggest customers of AWS.


Nevertheless, Apple hasn't confirmed whether it uses Amazon's cloud services besides its iCloud. According to experts, Apple also has some of its cloud services on Google. Amazon transformed the management of the data center and hosting of the applications when it brought the AWS. Being the first one to offer services like these, AWS is currently ranked top in the world of cloud hosting. Since recent times, Google Cloud and MS Azure are also trying to increase their presence in cloud-space services.

"As a matter of fact, AWS crossed the $10 billion quarterly revenue mark in Q1 2020, bringing in revenue of $10.2 billion with a growth rate of 33%. AWS accounted for about 13.5% of Amazon's total revenue for the quarter, which is on the higher end. Google Cloud, which includes Google Cloud Project (GCP) and G-Suite, generated $2.78 billion in revenue in the first quarter this year, which marked as a 52% increase over the same quarter a year ago. Microsoft does not reveal Azure revenue, but it announced that its Azure revenue grew by 59% in Q1 2020 over the same quarter a year ago," says Taarini Kaur Dang from Forbes.

As it seems, Apple knows the importance of the high-end cloud support needed for offering the best services to its customers. Similar to other tech biggies, Apple has its cloud space team called ACI (Apple Cloud Infrastructure). Noticing Apple's recent advancements, it is fair to believe that Apple might revolutionize the cloud-space world.

Is Data Science loosing all that hype?


All over the world companies are making cuts, the COVID-19 has lead to a major economic downfall, and companies are struggling to stay afloat by reassessing their strategies and priorities. This has made companies realize the actual value of data science in business and things are not looking good. There have been mass cuts and layoffs in tech industries including data scientists and AI specialists and many are saying that the hype over data science is finally coming down.

Over the last five years the data science field has bloomed with a soaring speed and talent in data science has increased exponentially but it is expectant of companies to let this department go as when we look at direct business value, data science, unfortunately, don't add much - they fail to make the essential need-to-be list. Hence, the demand for data scientists will significantly decrease in the foreseeable future.

Dipanjan Sarkar, a Data Science Lead at Applied Materials talks about AI and lose business models saying, “The last couple of years, the economy had been doing quite well, and since every company wanted to join the AI race, they started pulling up these data science teams. But, they didn’t do the due diligence in hiring. They didn’t have a clear vision in mind as to how their AI strategy is actually going to help. Companies may think that they’re not getting any tangible value from large data science teams. This can trigger a move to cut down the staff, which may be non-essential ".

Most of the core business is done by engineering and manual processes and data science just adds the cherry on top. AI, machine learning, and data science are only valuable if t data science creates money or save it. Companies currently are focusing on cash curves and ventures like data science have become big questions thus when companies make cuts, data scientists will be the first to let go.

"People need to understand that data science is nothing special than any other IT related field. Furthermore, it is a non-essential work. I firmly believe that data science people will get fired first than engineers in any company’s worst situation (like Covid-19 pandemic),” according to Swapnil Jadhav, Principal Scientist (Applied Research) at DailyHunt.