Search This Blog

Showing posts with label Technology. Show all posts

Total Cookie Protection Launched in The New Upgrade of Firefox

 

Mozilla's latest Firefox 86 has been rolled -out for desktop, Mac, Windows, and Linux platforms. The browser upgrade brings features like multiple image mode and video replay, backward and forward buttons. Total Cookie Protection has been integrated into the Strict Enhanced Tracking Protection (ETP) platform, which has been revealed on Tuesday with the launch of Firefox 86. Complete cookie protections were referred to as 'huge advance' in containing cookies that are placed into new 'cookie jars' by websites. 

Cookies are text files containing tiny pieces of information by which the computer can be detected. While intended to enhance the viewing experience on the website, it could also be used, despite any permission, to track online activities. Google now plans to destroy third-party cookies as part of its Sandbox privacy project on its Chrome web browser, an effort that aims to allow personal ads while restricting data detection. 

Mozilla uses the 'cookie jar' example to explain the current blocker, whereby each third-party that drops a cookie in the browser has all the collected knowledge limited to its own cookie jar. This stops trackers from monitoring the activities from site to site. In its battle to protect the privacy of people while accessing the internet, Mozilla's Total Cookie Protection is the most recent maneuver. Total cookie protection adds up to current Firefox attempts to prevent websites and online publicity providers from making a profile of one’s web history through using internet cookies as well as other computer scripts. 

“Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website,” Mozilla wrote in a blog post. 

The company wants to silo off each because the cookie data is exchanged on the pages. Online advertisers can then understand what websites users want to access so that they can try and send relevant ads. 

“In combining Total Cookie Protection with last month’s super cookie protections, Firefox is now armed with very strong, comprehensive protection against cookie tracking,” the company said. 

The Total Cookie Protection also provides an exception for non-tracking cookie-related scripts such as third-party login or password plugins.

The potential solution should therefore help avoid the breakdown of a website. Mozilla has taken a page in the "first party isolation" of Tor browser to develop total cookie protection, which also requires cookies to be segregated into the website domain.

Bitcoin Slips 17% to $45,000 as Caution Sweeps Over Crypto

 

Bitcoin, the world’s largest cryptocurrency slumped as much as 17 percent to $45,000 on Tuesday, sparking concerns from investors over the cryptocurrency’s sky-high valuations and its volatility in an unpredictable market. The cryptocurrency traded 13% lower, at $47,608.24, as of 11:45 p.m. in New York.

The value of the cryptocurrency has soared in 2021, with the price more than doubling this year to reach a record $58,350.41. Elon Musk, CEO of Tesla invested $1.5 billion in cryptocurrency this month and helped bitcoin to reach its market value above $50,000 but this investment may now lead to pressure on Tesla’s stock price as it has become sensitive to movements in bitcoin.

Craig Erlam, senior market analyst at OANDA stated that “the kind of rallies we’ve been seeing aren’t sustainable and just invite pullbacks like this.” Ether, the world’s second-largest cryptocurrency by market capitalization also slumped more than 17% and last bought $1,461, down almost 30% from last week’s record high.

As per the reports of CoinDesk, last week bitcoin hit $1 trillion in market value for the first time in the history - though it has now slumped below $900 billion. It’s marked value surged up from the news of Wall Street bank and the investment of large firms like Mastercard and Tesla. According to an online tool from the researchers at Cambridge University, bitcoin’s network consumes more electricity than Pakistan and it has a negative impact on the environment as well.

Meanwhile, Sumit Gupta, Co-Founder & CEO of CoinDCX said that “after reaching an all-time high of $58,000, Bitcoin saw a price correction today. This was expected as markets go through such correction cycles. However, the market showed signs of recovery after falling nearly 17%. Investments in Bitcoin, like any other asset, should be from a long-term perspective as the fundamentals are still going strong. Hence it is advised that investors buy the dips and hold with a long-term perspective.”

The Russian created Clubhouse for Android in one day

The former developer of the Android version of the application of the Russian social network VKontakte Grigory Klyushnikov created Clubhouse for Android and posted it in the public domain

The creator and former developer of VKontakte for Android, Grigory Klyushnikov, created an open-source version of the Clubhouse app for Android OS and published it on the largest web service for hosting IT projects and their joint development, GitHub. Klyushnikov announced this on his Twitter account.

The Clubhouse app is a social network based on voice communication without the possibility of recording and further dissemination of what is happening. It was launched in 2020 but became particularly popular in the Russian segment of the Internet in February 2021. The platform is only available to users of the iOS operating system. To use it, you must receive an invitation from an already registered user.

It took Klyushnikov a day and a half to develop the project, and he devoted most of his time to the interface and logic around the Agora SDK, the voice infrastructure that Clubhouse uses.

"I got tired of waiting for the clubhouse for android, and I wrote my own in one day," said Klyushnikov.

The description on GitHub says that the main functions work in the application. It's possible to join rooms, chat, view people's profiles, and subscribe to them. The app doesn't have moderation, notifications, or room creation.

Users can download and install the app's APK file. In turn, developers can import the program into Android Studio and click "run".

Klyushnikov wrote that he created the app in a day and a half, while he does not exclude that the official Clubhouse can block users of the Android version.

In addition, the developer advises using an iOS device for registration, and authorization on Android in an already created account.

It is worth noting that the new social network Clubhouse is popular with Russian financiers.  So, on February 17, VTB Bank organized a discussion "Startups against corporations: war or peace?". Experts from large companies and startups discussed working together.

Alert for Smart Phone Users, How Their Data is Extracted by Apps Via Location Tracking

 

With more mobile apps entering the new world of smartphone users, only a few know about the dangers of the gizmo. A recent report demonstrated that enabling apps with required permissions and accessing these apps could contribute to the leakage of personal data via the phone tracking feature. The privacy impacts of some of the permissions provided to apps and services are not known by mobile users and researchers were able to classify what kind of data is being obtained from apps with tracking feature. 

Two researchers from the University of Bologna, Italy, and Benjamin Baron from University College London, UK, are indeed studying how the processing of these data could constitute an invasion of consumer privacy. To this end, the investigators have built a smartphone app – TrackingAdvisor – which captures user location simultaneously. The app may collect personal information from the same data and request users to provide input about the validity of information in terms of data sensitivity and to rate its importance. 

“Users are largely unaware of the privacy implications of some permissions they grant to apps and services, in particular when it comes to location-tracking information”, said Mirco Musolesi from the University of Bologna. 

These data contain confidential information, including the user's place of residence, preferences, desires, demographics, and personality information. Published in the ACM Proceedings for Interactive, Mobile, Wearable, and Ubiquitous Devices, via the TrackingAdvisor application used in the report, researchers were able to identify what personal information the software gathered and how vulnerable it is to privacy. 

The TrackingAdvisor app monitored more than 2,00,000 locations, found nearly 2,500, and collected over 5,000 pieces of personality and demographic data. Researchers discovered, among the data obtained, that confidential information was also collected on fitness, socio-economic status, race, and religion. 

“We think it is important to show users the amount and quality of information that apps can collect through location tracking”, Musolesi added. “Equally important for us is to understand whether users think that sharing information with app managers or marketing firms is acceptable or deem it a violation of their privacy”. 

According to the researchers, analyses like this pave the way for the advancement of tailored advertisement schemes, in particular, the data they consider is more sensitive for the consumers. Thanks to the previously established privacy settings, this could also lead to systems which, could automatically prevent the collection of sensitive data from third parties.

US Agencies Publish Advisory on North Korean Cryptocurrency Malware, AppleJeus

 

The Federal Bureau of Investigation (FBI) jointly with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury, released an advisory on North Korea's cyber-threat to cryptocurrency and on suggestions for mitigating. 

Operated with the US government allies, FBI, CISA and the Treasury assess that, Lazarus Group –advanced persistent threat (APT) actors assisted by these agencies in North Korea is targeting the consumers and firms through the dissemination of cryptocurrency trading apps, including crypto-currency exchange and financial service providers, that have been updated to cover. 

“This advisory marks another step by the U.S. Government to counter the ongoing and criminal North Korean global cryptocurrency theft scheme targeting finance, energy, and other sectors,” said CISA Acting Executive Assistant Director of Cybersecurity Matt Hartman. “The FBI, Treasury, and CISA continue to assess the evolving cyber threat posed by North Korea, cybercriminals, and other nation-state actors and are committed to providing organizations timely information and mitigations to combat these threats.” 

In the last year alone, these cyber actors attacked organizations for cryptocurrency theft, in more than 30 nations. These actors would undoubtedly see amended cryptocurrency trade applications as a way of bypassing North Korea's foreign sanctions—applications that allow them to gain access to cryptocurrency exchanges and loot cryptocurrency cash from victims' accounts. 

The US government refers to the North Korean Government's malicious cyber activity as HIDDEN COBRA. Malware and indicators of compromise (IOCs) have been identified by the United States Government to facilitate North Korean cryptocurrency robbery, which is called "AppleJeus" by the Cyber Security community. 

Although the malware was first found in 2018, North Korea has used several versions of AppleJeus. In the first place, HIDDEN COBRA actors used websites that seemed to host genuine cryptocurrency trading platforms, but these actors seem to be using other infection feature vectors, such as phishing, social networking, and social engineering, to get users to download the malware and to infect victims with AppleJeus. They are also using other infection vectors. Active AppleJeus Malware agencies in several areas, including energy, finances, government, industry, technology, and telecommunications, were targeted by HIDDEN COBRA actors. 

Ever since it was discovered, several variants of AppleJeus were found in the wild. Most of them are supplied as relatively simple applications from attacker-controlled websites that resemble legitimate cryptocurrency exchange sites and firms. 

“It is likely that these actors view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea — the applications enable them to gain entry into companies that conduct cryptocurrency transactions and steal cryptocurrency from victim accounts,” states the report. 

If consumers perceive that they have been affected by AppleJeus, the findings suggest victims creating new keys or transferring funds from corrupted crypto wallets, expelling hosts, running anti-malware tests on tainted devices, and notifying the FBI, CISA, or treasury.

Think Before Investing - A Mantra for Investors Who Bindly Follow the Tweets of Elon Musk

 

Elon Musk, who's currently the richest man on the earth –can his single tweet about investing or trading can affect the decision-making of millions of investors and traders around the globe? Surprisingly, the answer is yes, in the recent past many investors have invested their money in the shares of various companies by blindly following Elon Musk. 

Elon Musk, CEO of Tesla (TSLA) and SpaceX has more than 47 million followers on Twitter and his single tweet can lead to a never-seen-before surge in prices of holdings and stocks, his tweets regarding GameStop (GME), Shopify (SHOP), Signal boosted the stocks of these companies and on Internet, his influence is now termed as “The Musk Effect”.

Elon Musk’s tweet in the support of the Signal app helped the company to boost its stocks and in a single day, the company’s shares surged more than sixfold. In the support of Elon Musk’s tweet, millions of users switched to the Signal app which led to the crashing of the app for a short period. The market value of the Signal app was $390 million in three trading days given its surge in the Advance’s rally by more than 5100%. Some investors misinterpreted the tweet and invested in the shares of a company called ‘Signal Advance Inc.’

On January 27, the shares of video game retailer GameStop (GME) soared after Elon Musk tweeted “Gamestonk!!”, along with a link to Reddit’s WallStreetBets group. Shares of Polish game developers spiked 16% after Musk tweeted: “The esthetics of Cyberpunk are incredible btw….”, Cyberpunk 2077 is the company’s flagship game. Bitcoin (XBT) jumped as much as 14% last month after Musk added #bitcoin to his Twitter bio, similarly the shares of Canadian e-commerce firm Shopify (SHOP) saw a surge after Musk called it “great”. 

There are many instances when investors have misinterpreted the tweets of Musk, one such example is when Musk tweeted “Sandstorm is a masterpiece”, Sandstorm (SAND) is a Canadian gold miner and saw a surge in shares by 50% in premarket trading. Musk didn’t elaborate, leading many on Twitter to speculate he may have been referring to the 1999 techno song “Sandstorm” by a DJ named Darude and not the gold miner.

Elon Musk should be more cautious while choosing his tweet topics because many investors blindly follow anything he mentions on his Twitter account. In 2018, he had a confrontation with the Securities and Exchange Commission after he tweeted about his plans to take Tesla private, after that he negotiated with the SEC and stepped down as Tesla chairman and the company’s board consented to oversee his future relations with the company’s investors.

Ashley Ebersole, a partner with law firm Bryan Cave Leighton Paisner and a former SEC regulator and enforcement attorney stated, “you have a very vocal executive who enjoys putting out content on Twitter. If there was evidence of nefarious intent to pump up the price of something, the SEC would look at that. But absent that, people are going to tweet and there is no agency responsible for policing Twitter.”

Bitcoin Surpasses $50,000 Mark For The First Time Ever

 

The cost of Bitcoin on Tuesday hopped above $50,000, carrying its year-to-date gain to 74%. Ongoing interest from Wall Street institutions has added to the momentum. Bitcoin rose by as much as 4.9%, to $50,547.70. The cryptocurrency at that point pared gains slightly, exchanging at $48,853.99 as of 9 a.m. ET. After ending last year with a fourth-quarter surge of 170% to around $29,000, Bitcoin token leaped to $40,000 seven days after the fact. It took just nearly a month and a half to breach the latest threshold, buoyed by endorsements from the likes of Paul Tudor Jones, Stan Druckenmiller, and Elon Musk. Bitcoin exchanged for a few cents for quite a long while after its introduction more than a decade ago. 

Tesla Inc's. declaration that it added $1.5 billion in Bitcoin to its balance sheet was the most noticeable recent impetus, sending the cost up 16% on Feb. 8, the greatest one-day acquire since the Covid-19 inspired financial markets volatility in March. Optimism grew after Mastercard Inc. furthermore, Bank of New York Mellon Corp. moved to make it simpler for clients to utilize cryptocurrencies, while Bloomberg reported on Saturday that Morgan Stanley may add Bitcoin to its rundown of possible bets. 

Sustained interest from organizations decidedly affects Bitcoin's value, pushing it on an upward bend. In December of 2020, it touched an all-time high crossing $24,000 in valuation. This was a 224% expansion from where it began its excursion toward the start of the year. By the start of 2021, BTC had leaped to a $40,000 valuation. In the second seven-day stretch of May 2020 Bitcoin saw its third halving occurred since its inception, in this way getting a further drop in its assessed future supply, Sumit Gupta, CEO, and Co-Founder, CoinDCX said. 

The interest from huge players has upheld the narrative that institutional investors are increasingly interested in Bitcoin. This conviction has been a critical driver of the bewildering rally in the cost of Bitcoin. It has likewise helped other cryptocurrencies, for example, ether, the coin on the Ethereum network. Its cost was roughly flat on Tuesday, at $1,793, in the wake of hitting a record high above $1,870 over the course of the weekend.

Russia will adopt the state OpenRAN standards for the development of 5G

Already in the spring in Russia, within the framework of import substitution, national standards for telecommunication equipment Open Radio Access Network (OpenRAN) will appear. The standards will accelerate the development of domestic solutions for 5G networks.

Russia will be the first in the world to adopt the OpenRAN architecture as the basis for a national standard. Russian OpenRAN standards are created on the basis of specifications developed by the international O-RAN alliance (which includes major global telecom operators). Russian standards will be harmonized with the solutions created in the OpenRAN paradigm.

According to experts, the cost of network solutions for cellular operators will decrease by ensuring the compatibility of equipment from different manufacturers, which is important for each mobile subscriber.

"In the context of the development of 5G networks, the technology may be in demand, as it will reduce capital expenditures on the construction of infrastructure", said Daria Kolesnikova, a representative of Tele2 cellular communications. 

The operators support the initiative, but they are not yet ready to use an open network architecture as there is currently no commercially available equipment based on the OpenRAN Alliance specifications.

However, experts expect the commercial launch of OpenRAN no earlier than in three to five years due to concerns related to information security and compatibility of existing solutions. So far, the entire infrastructure of operators is built on imported equipment, and the transition to open standards is associated with risks of unstable network operation.

"Open RAN is a key technology for modern mobile networks, it will enable faster deployment of 5G networks", said Olga Baranova, Chief Operating Officer of Orange Business Services in Russia and the CIS. However, the formation of national standards requires the participation of all market players: telecom equipment manufacturers, vendors, operators, content providers, specialized associations and alliances, scientists, equipment and software developers, as well as representatives of relevant ministries.

Almost 80% Of Indians Consider Moving To Alternatives After “Take It or Leave It Policy” WhatsApp

 

WhatsApp, the most popular messaging platform is suffering from the biggest storm with its users because of its new set of policies, although WhatsApp (organization) has stalled its upcoming terms and conditions until May. Even in India, WhatsApp users are jumping on alternatives including Telegram and signal messaging platforms. 

As well as the Indian government has strongly recommended Facebook-owned platform to re-consider upcoming policies. 

India alone comprises a large number of WhatsApp's userbase. Recently in response to cyberMedia Analysis (CMR) research, 79% of WhatsApp users are only in eight cities of India, including Delhi, Mumbai, Kolkata, Chennai, Bengaluru, Hyderabad, Pune, and Ahmedabad. Out of this huge percentage, 28% of people are reconsidering to depart the platform after the execution of its ‘take it or depart it coverage’ in Might 2021. 

Further, 51% of users have stated that they are reconsidering whether they should use this platform or not and would choose Telegram as its alternative or other messaging apps whereas 28% of respondents stated that they are not going to proceed with WhatsApp in any respect. 

In new terms and conditions of WhatsApp, it will share credentials of people with its parent company ‘Facebook’. Although the company has stated that it will not affect your private chat lives with your family and friends in any approach. The larger concern is that there is no specific technique that will decide this out. The new policies are not applied on the European market due to its (EU’s) stern privateness pointers that WhatsApp has obeyed to adjust. 

The government of India has explicitly highlighted in its response to WhatsApp, “the platform can’t unilaterally put in such coverage in its greatest market and that WhatsApp is obliged to respect the privateness of its largest person base”. 

“What’s outstanding is, most Indians (76%) had been conscious of the coverage,” Prabhu Ram, Head, Trade Intelligence Group (IIG), CMR instructed Monetary Categorical On-line. 

“WhatsApp has been the default messaging software for shoppers, much more than the conventional SMS. It was free, it was intimate, and it was one thing we owned. However now due to this take it or depart its coverage, the shoppers have gotten conscious that it was not free, in any case.” He added.

Malicious Operations Hide Under The Google Chrome Sync Feature

 

Lately, the threat actors have detected a technique where they can use the sync feature of Google Chrome to transmit commands and steal data from infected systems, circumvent conventional firewalls and other network protections to infected browsers. Chrome sync is a Chrome browser feature that stores copies of a Chrome user's bookmarks, browsing history, browser passwords, and extension settings on Google's cloud servers. This function is used to synchronize the aforementioned data with various devices of a user so that the user still has access to his new Chrome information everywhere. 

On Thursday 4th of January, Bojan Zdrnja, a Croatian security researcher, shared his discovery, wherein a malicious Chrome extension exploited the Chrome sync as a way to connect with a remote command and control (C&C) server and to exfiltrate the details from compromised browsers during the latest incident reaction. 

In addition, Zdrnja added that the attackers had gotten access to a victim's device during the incident he investigated, however, because the data they tried to steal was inside the worker's portal, therefore they downloaded Chrome extension on the user’s system and loaded it in Developer's Mode. It included malicious code that abused Chrome's synchronized functionality to allow attackers to monitor the infected browser, which was used as a security add-on by security company Forcepoint. 

Zdrnja claimed that the purpose of this unique attack was to use the extension to "manipulate data in an internal web application that the victim had access to." 

"While they also wanted to extend their access, they actually limited activities on this workstation to those related to web applications, which explains why they dropped only the malicious Chrome extension, and not any other binaries," Zdrnja stated in a report. 

"In order to set, read or delete these keys, all the attacker has to do is log in with the same account to Google, in another Chrome browser (and this can be a throwaway account), and they can communicate with the Chrome browser in the victim's network by abusing Google's infrastructure," he added, wherein data stored in the key field could be anything. For instance, data obtained from the infected browser may be malicious extensions or commands the attacker desires to run the extension at an infected workstation (for example, usernames, passwords, cryptographic keys, or more).

Although the stolen content or corresponding commands are transmitted via Chrome's infrastructure, no process can be inspected or blocked in the majority of corporate networks, which are normally authorized to run and transfer data unimpeded by the Chrome browser. 

The researcher recommended businesses to use Chrome company and community decision assistance to block and monitor the plugins that could be installed on a browser, prohibiting rogue extensions, such as the one he investigated, from being installed.

Putin instructed to develop additional requirements for foreign IT companies

Russian President Vladimir Putin instructed his administration and the government to develop proposals for additional requirements for foreign IT companies operating in RUnet. The order of the Russian leader was published on the Kremlin's website on January 28.

It is noted that such an order was given by the head of state following the meeting of the Presidential Council for the Development of Civil Society and Human Rights, held on December 10, 2020.

According to the text, "the Administration of the President of the Russian Federation should prepare together with the government of the Russian Federation and submit proposals to establish additional requirements for foreign technology companies operating in the Russian segment of the information and telecommunications Internet network, including companies that open representative offices on the territory of the Russian Federation".

The deadline for completing the order is August 1.

In addition, Putin instructed the government to develop a draft concept for the protection of human rights in the digital space, which includes measures to improve the digital literacy of Russian citizens and train them in information security and digital hygiene skills. This order must also be implemented by August 1.

On January 22, the Public Chamber of the Russian Federation announced its intention to send a letter to the State Duma with a request to legally oblige foreign IT companies to open their representative offices in Russia.

Earlier, the Deputy Chairman of the Security Council, Dmitry Medvedev, called it possible to disconnect Russia from the global network. At the same time, he noted that Moscow is ready for such a scenario. According to him, Russia can ensure the autonomy of its Internet segment.

Rasmus Myhrberg Won The Award For #1 "New Tool of the Year"!

 

Simple, a time tracking software wins #1 New Tool of the Year (2020). Major tech website "Stackshare" recently announced its winners in the 7th Annual Stackshare Awards and independent creator Rasmus Myhrberg won the award for #1 "New Tool of the Year"! The year 2020 was full of surprises and innovations. Covid-19 pandemic, followed by lockdown across the world compelled users to work from home. It meant that "remote tools" were trending in 2020.  

Stackshare says, "We saw a massive uptick in traffic to Stackups (comparisons) for Zoom, Google Meet, Discord, and tons of other tools that people were researching to make working from home easier. Yet amidst all of this, 2020 may actually go down as the year of the freelancer, thanks to Simple's creator Rasmus Myhrberg, a Swedish designer and founder." 

"Fortunately, software developers and engineers all over the world were able to not only keep working during the lockdown but many ended up working even more. With everyone working outside of the office, it probably shouldn't be a big surprise that a tool to make sure you keep track of your work time is number one. Simple is exactly what it sounds like: a dead-simple way to track tasks and how long you're spending on them. Simple syncs in real-time across your devices: mobile, desktop, and tablet." 

About the Company 

Simple was founded by Swedish designer Rasmus Myhrberg. Simple is an app built with a great passion for user experience and customer satisfaction. Mr. Rasmus had worked as a freelancer for many years but couldn't find a good time tracking application, which is a must for freelancers, he struggled with managing his tasks and time. The time trackers that he used were complicated and he was in need of something simpler and yet effective. Simple was founded to fulfill all these needs and now it is used by many freelancers on a daily basis. According to Rasmus, Simple is more than a time tracker software, and with its easy technology, there is a better future to look forward to. He believes in a future where "revenue isn't the main priority, but simplicity and experience is." 

In a conversation with E-Hacking news, Ramus said "Winning the award as an independent creator is a huge achievement. This has never been done before, as far as I’m aware. Other tools in the list have been developed by companies like Google, Microsoft, Amazon, and Netflix, to name a few." He further adds, "another particular thing is the big difference in score. Simple had more than double the score of #2 and ten times more than Google Tables on #16. In previous years it has been much more even. Since everyone went into lockdown due to COVID-19, launching Simple this year was perfect timing and one of the factors to its success."

Google Researcher Groß Identifies the BlastDoor Device in Apple iOS 14

 

Last year, Apple rolled out iOS 14 with many new features, tighter privacy laws, and elements that make the iPhone smarter, introducing to the iPhone and iPad versions a new safety mechanism primarily for the detection of malware attacks from the iMessage network. The BlastDoor Security Sandbox tool was launched in an upgrade to the iOS 14 in September 2020 and discovered that the MacOS 11.1 was running on the M1 powered Mac Mini after reverse engineering and is meant to protect parsing of untrusted data from messaging client iMessage. The service is claimed to be written in swift, a standard memory-safe language that is "significantly harder" for introducing classic vulnerabilities to memory manipulation into the codebase — in this iMessage.

The BlastDoor device, concealed inside iOS 14, has been identified by Samuel Groß, a security researcher with the Project Zero team of Google. The prosecutor wrote a blog post on the scope of the current framework to protect consumers from bad actors.

The main function of BlastDoor is to unpack and process incoming messages in a secure and isolated environment where any malicious code embedded in a message cannot communicate with, disrupt, or recover user data on the underlying operating system. The BlastDoor service only functions for iMessage, so it reads all the obtained data as a connection. When a link is submitted via iMessage, a sample of a webpage will first be made of the sending system and metadata (such as title and page descriptor) gathered until the link is bundled into a folder. This archive is then encrypted and directly submitted to iCloud servers with a temporary key. Once the connection is received, the keys sent to the receiver will be decoded. All this exists inside the operation BlastDoor. 

Since several security analysts had previously found out that the iMessage service did an inadequate job of sanitizing incoming user data, the need for a service such as BlastDoor was evident. In the last three years, several incidents have occurred in which security researchers or real-world attackers have discovered and exploited iMessage Remote Code Execution (RCE) problems to hack them by transmitting a simple email, picture, or video to a computer. 

In 2019, Groß and his fellow security researcher Natalie Silvanovich discovered "zero interaction" faults in iMessage, which could allow attackers to read the contents of iPhone files without any note or message. The BlastDoor device is likely to fix these problems.

Furthermoore, Groß stated in the blog post, "Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole."

The Streamer for Gamer Nvidia Shield Tv Detected with Security Bugs

 

Computer gaming giant that goes by the motto of “level up experience more”, Nvidia detected bugs in its Shield TV. This gaming company is an American multinational technology company headquartered in California, USA. Nvidia is an artificial intelligence computing giant. The foremost work of Nvidia is to design graphics processing unit (GPU) for the gaming world and the professional market. They also develop the system on a chip unit for the mobile computing and automotive market.

In recent times, Nvidia acknowledged three security bugs in the Nvidia Shield TV which could have proved to be harmful and may permit services denial with rights escalation and data loss of the user. Nvidia Shield TV has been developed for gamers to play smart house, PC games from the PC console to television, and stream on and off the local and online internet servers. Better said, it’s a “set-top gadget” used for gaming. Subsequently, for the video-friendly graphics processing unit (GPU) monitor device, Nvidia solely published a security alert for a security bug cluster detected. 

Nvidia Shield TV interface, the NVDEC part of the hardware-dependent decoder encompasses a high– severity by CVE- 2021- 1068. Such bugs arise in the hardware when the actors can write or read from a memory location that is outside the scope of the intended boundary of the buffer. This issue later may lead to a service denial or the escalation of privileges. It has a fair rating of 7.8 CVSS.

The remaining two bugs do not hold high- severity. The flaw CVE- 2021- 1069 was detected in the NV host feature and could easily cause the data to be lost due to the null point reference. Whereas another bug CVE- 2021- 1067 endures in the application of the RPMB command status. In the RPMB command, the actors can write to the Write Protect Configuration Block, which also may lead to a service denial or the escalation of privileges. By using the upgrade note that appears on the notification screen, or via the Settings>About>System update, users can download and install the software update to secure a system. It will prevent them from any further loss of data by the detected bugs.

Russian IT company reportedly lost contract in USA because of serving sites with content from Trump supporters

The CEO of the Russian provider DDoS-GUARD Evgeny Marchenko explained why the American CoreSite refused to work with his company.

DdoS-Guard, a company registered in Rostov-on-Don, has lost access to partner data centers in the United States. The reason for this was the fact that the company provided services to protect the websites of supporters of Donald Trump. This is reported by the Telegram channel Mash.

According to the founder of the company, Yevgeny Marchenko, the formal reason was to provide hosting to a site associated with the Hamas movement.

"The story began in November last year. One of our partners found out that we are working with a website related to the Hamas movement, which is banned in the United States. We immediately stopped cooperation, but the story was continued at the beginning of the year," said Marchenko.

Already on January 7, CoreSite announced that cooperation with DDoS-Guard was terminated, explaining the same reason - cooperation with Hamas.

"We conducted an internal investigation and found out that one of our partners distributed information to supporters of the current President Trump. Moreover, the content was distributed by a Canadian company. It all looks like an attempt to find at least some Russian company and by any means make a scandal that suggests that Russians support Trump," added Marchenko.

Also, the owner of DdoS-Guard noted that Hamas is now quietly working with the American company.

The DDoS-Guard company has already been repeatedly accused of supporting not entirely legitimate sites, but no measures were taken against them.

DDoS-Guard was founded in 2011 by Evgeny Marchenko and Dmitry Sabitov. The company provides traffic filtering services to protect against DDoS attacks to retail and corporate customers on the basis of its own network of filtering nodes located in several countries. DDoS-Guard also acts as a provider of secure hosting services. The company's head office is located in Rostov-on-Don.

Recall that almost all IT companies are against US President Donald Trump. The reason was the attack by his supporters on the Capitol, which took place on January 6. Many felt they were prompted to do so by Trump's words. After that, his accounts were blocked on almost all major social networks.

SAP Issued Warning and Updates Regarding the Serious Flaws with the Code Injection

 

A German multinational software corporation SAP ( Systems Applications and Products in Data Processing ) is known for developing software solutions that work on managing business operations as well as customer relations. SAP is the name of their software as well as of the company that works on this technology. SAP provides “future-proof Cloud ERP (Enterprise Resource Planning) solutions that will power the next generation of business.” With its advanced capabilities, SAP can boost your organization's efficiency and productivity by automating repetitive tasks, making better use of your time, money, and resources. 

SAP has published some 14 new updates or the Security Note on the 2020 December Patch Day. Whereas in January 2021 they published another set of 7 new Security Notes, later providing their new updates as well. Five of the seven have the highest severity rate of the Hot News. Later in the month, they made a proclamation where they published 10 advisories to a document of flaws ad fixes for a range of serious security vulnerabilities. In the congregation of asserted vulnerabilities, the most important issue bears a CVSS score of 9.9 in the SAP Business Warehouse. 

 The very first note addressed CVE-2021-21465 which according to SAP is multiple issues in the Database Interface. These bugs are an SQL Injection with a missing authorization check which should have featured a CVSS score of 6.5. A SQL Injection is basically a code injection technique that might at times destroy the database interface. One of the most common hacking technique used by hackers is SQL Injection. In the SQL Injection, another thing that was missing was Onapsis, a firm that secures Oracle and SAP applications. These missing authorization checks would easily exploit to read any table of a database. 

 Mentioning that minimum privileges are required for successful exploitation, Onapsis in a blog quoted, “An improper sanitization of provided SQL commands allowed an attacker to execute arbitrary SQL commands on the database which could lead to a full compromise of the affected system,” SAP decided to fix such bugs b disabling the function module and applying the patches that will result in abandoning of all the applications that call this function module. 

 Another serious issue, other than the aforementioned issue, is a code injection flaw in both Business Warehouse and BW/4H4NA , that addresses as CVE-2021-21466. This issue is a result of insufficient input validation. Such flaws are misused to inject malicious code that gets stored persistently as a repot. These issues potentially affect the confidentiality, integrity, and availability of systems. The remaining three from the total five updates are fixes for the programs released in 2018 and 2020. 

 Further SAP added as a warning, “An issue in the binding process of the Central Order service to a Cloud Foundry application” that could have allowed “unauthorized SAP employees to access the binding credentials of the service”.

Computing Giant Intel Launches New Processors with Ransomware Detection Features

 

One of the biggest computing giants of the world – Intel has utilized the power of technology and has launched four new series of processors in the Consumer Electronics Show 2021. They affirmed the users that these processors would offer a “Premium PC experience” that would also provide some additional and distinct features. 

Intel is known for its products that are apropos for this era devoted to technology. The digitalization of things is accelerating at an incredible pace. The base of this technology is persuasive computing that gave Intel the idea to build up a processor that has the best features to date in the market. Of the four series launched, one of them is the vPro series. It goes by the name Intel 11th Gen Core vPro series. 

Intel at the launch added that its 11th Gen Core vPro line offers the best performance in a thin a light form factor. It comes with added security features like the Intel Hardware Shield which as per the company is the industry’s first silicon-based AI threat detection to prevent ransomware and crypto-mining attacks. The company says that the Intel Control-Flow Enforcement technology shuts down an entire class of attacks. The new CPU also promises better battery performance.

Intel further announced its partnership with Boston-based Cybereason security firm. This partnership is expected to provide advanced security and support for the announced new features and its security software in the first half of 2021.

The special features that come with the vPro series are the HS (Hardware Shield) technology and the TDT (Threat Detection Technology). These come underneath the various protective antivirus layers of the software that enables the hardware to stay protected from any ransomware attacks. Another accentuate part is that both of the technologies perform on the CPU directly. 

The main intention of Intel behind adding such features is that these technologies allow it to share its data with proper security of the software and allowing it to detect if any malware had entered the software. The malwares that were unnoticed and were not detected by the antivirus will now be sensed by the new features. 

While declaring that “it detects ransomware and other threats that leave a footprint on the Intel CPU performance monitoring unit”, Intel stated in the press release,” Intel TDT uses a combination of CPU telemetry and ML heuristics to detect attack-behavior”

"Not Amazon" Canadian Website Takes on the Online Giant

The e-commerce giants, with their evidently endless collection and drive to deliver convenience along with affordable prices, have become an all-too-familiar and essential service for many consumers at the height of the ongoing global pandemic. 

While small businesses and local retailers have been ending up with nothing in this pandemic, the worldwide lockdowns, and restrictions, have been fruitful for the e-commerce market, especially for the Seattle-based e-commerce giant Amazon, which has made humongous profits in billions. 

The pandemic has proved as mounting inequity between people and markets, and it was brought into focus by Ali Haberstroh. As the pandemic deepened, offline markets were closed but online shopping continued which consequently created inequality that was highlighted by one Canadian woman who expressed her disapproval as she fought back for the cause. 

“I just hate how much Jeff Bezos and Amazon are making billions off the backs of working-class people,” said Ali Haberstroh. “It seems to me they’re putting money over the wellbeing of people.” 

It was in late November 2020 when the snow was painting Ali Haberstroh’s apartment into a white house when the idea occurred to her. At the time, Canada was about to shut the market again as the second wave of lockdown hit the Canadian lanes in an attempt to curb rising COVID-19 cases. 
In anticipation, Toronto’s vintage clothing owner who is a friend of Ms. Haberstroh’s had put together names of other local vintage shops offering product curbside pickup and deliveries instead of shutting doors. 

“It was a wake-up call,” Ms. Haberstroh, 27, said of the list, which reminded her how large retailers like Walmart, Costco, and Amazon had thrived during the pandemic while much smaller, local businesses had been increasingly forced to discontinue their operations. “I thought if there is one tiny thing I can do to help, then I should get on it.” 

Being as inspired as she was by this idea, Haberstroh readied herself to build a more comprehensive list; following up, she has created an Instagram post, tagging independent businesses, and shopkeepers across Toronto. Moreover, she came up with a new website by the name “Not-Amazon.ca” — a URL that she had bought for $2.99. 

Introduced as a local list to help keep small businesses alive, 'Not Amazon' was created “so you don’t have to give any money to Amazon this year!” her Instagram post read. 

“At first it started off as a bit of a joke, with the name, but soon I really wanted to make it like Amazon, having everything in one place,” she said. “I didn’t want people to have an excuse not to shop local.” 

So far, the website “Not-Amazon.com” has accumulated more than half a million page views and is witnessing the participation from 4,000 businesses across Toronto, Halifax Calgary, and Vancouver. 
Furthermore, the cause is seen to have gained worldwide acceptance as thousands of stores owner await their submission to this site along with Ms. Haberstroh’s approval. 

“In a big city like Toronto, where it feels like most businesses are local, I think it’s so easy to think these things will be here forever,” said Ms. Haberstroh, who works as a social media manager at a marketing firm and plans to expand her rebellious project 'Not Amazon' to even more cities. “You don’t think that they’re going to go anywhere.” 

 “Small businesses have always made Toronto magical. They’re what makes this city what it is. And so I think we owe it to them to keep them alive.” She added.

New Laws for Drone Users Across Europe and UK

 

As of December 31, 2020, the new European Drone Regulations spread out by the European Union Aviation Safety Agency (EASA) will come into power, making the way for an epoch of harmonization across the 27 EU Member States as well as Iceland, Norway, Liechtenstein, and the UK. The set of new rules clarify where drones can be flown, just making it simpler to follow/trace the owners. The UK Civil Aviation Authority (CAA) issued the rules, they have anticipated that there will be an escalation in the number of drone clients after they eliminated the differentiation among recreational and business applications.

At first, these drones didn't need to be enlisted because of their sub-250g weight, yet this prerequisite has now been extended out to all drones with a camera. This implies proprietors of those drones, or any with a camera, should enlist their drone with the Civil Aviation Authority (CAA) and get an Operator ID. All drone proprietors in the UK will require two IDs before flying outside: the Flyer ID, which includes breezing through a short online assessment, and an Operator ID, which means enrolling your drone at an expense of £9 every year. 

Three new classifications will consider the drone you have and where you mean to fly it, this will, at last, make it workable for novice drone pilots without a qualification. These categories are Open, Specific, and Certified. These have various prerequisites as far as training is concerned and the kinds of drones you can utilize. Recreational flying will be covered by the 'Open' category. 

Open category: The Open Category is for what are viewed as generally low-risk flights and will apply to the sort of consumer drones that most of the novice drone pilots use. It further has three subcategories – A1, A2, and A3.
 • A1 - drones weighing under 250g (0.55lb) can be flown over individuals. 
 • A2 - drones weighing more than 250g however under 2kg should be flown at least 50m (164ft) away from individuals. 
 • A3 - drones weighing more than 2kg should be flown well away from individuals. 

Specific category: The Specific Category covers drone flights that represent more danger than the 'Open' Category and requires a degree of planning, similar to all current commercial activities. The CAA will distribute a bunch of pre-characterized situations and danger assessments.

Certified category: The Certified Category identifies with complex tasks, for example, those where parcels or even individuals are conveyed by the drone. This category is profoundly trained professionals and won't apply to the vast majority of drone pilots.

Elliott Corke, director of Global Drone Training, said, “We would encourage people to read the manual and practise somewhere safe first.”

LiveLaw and Bar & Bench, Two Websites Which Revolutionized Legal Readings

Last year in November, Supreme Court of India Justice DY Chandrachud commented during a case hearing, he said "I will tell you something in a lighter vein, instead of wading through the pleadings before us, I thought I will check LiveLaw or other platforms for the documents. Justice Chandrachud's remark comes as an acknowledgment of the significant impact that law/legal news websites have over Indian court hearings in recent years. Especially two websites, 'LiveLaw' and 'Bar and Bench' have done great work for their in-depth coverage of court hearings.  

Despite Television Coverage being banned in court proceedings, the coverage from these two websites gives information about real-time ground coverage via a live Twitter tweet about proceedings. Besides this, the legal websites are appreciated for their speedy coverage of news upload of not only judgments and court orders, but also about pleadings and petitions related to cases. It comes as a good initiative because until now, the legal resources were available only from lawyers pertaining to specific issues. "LiveLaw’ and ‘Bar & Bench’ have revolutionized legal reporting by tweeting about proceedings in real-time, bringing them to the screens of general readers," reports Scroll.  

LiveLaw and Bar and Bench's readership are not limited to only judges and lawyers. The two websites have millions of readers and hundreds of thousands of followers on social media, they have revolutionized common people's access to law proceedings. The extensive coverage of court proceedings comes with criticism, that much is obvious. Few people think that real-time ground coverage of legal proceedings has undermined the court's integrity among the general public. 

The Scroll reports "While India’s various courts started uploading their judgments online around 2010, the exchanges between the lawyer and the judge were rarely available to people beyond the courtroom. Litigants struggled to understand the trajectory even of their own cases." "Lay readers now follow the intricacies of important matters as they unfold. Many have realized that even if the functioning of real-life courts isn’t quite as dramatic as the way they are depicted in the movies, the proceedings can often be very compelling," it says.