Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. Dubbed 'Kr00k' and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device. The attacker does not need to be connected to the victim's wireless network and the flaw works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption, to protect their network traffic. "Our tests confirmed some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k," ESET researchers said. According to the researchers, the Kr00k flaw is somewhat related to the KRACK attack, a technique that makes it easier for attackers to hack Wi-Fi passwords protected using a widely-used WPA2 network protocol. Before proceeding to details of the new Kr00k attack, it's important to note that: The vulnerability does not reside in the Wi-Fi encryption protocol; instead, it exists in the way vulnerable chips implemented the encryption, It doesn't let attackers connect to your Wi-Fi network and launch further man-in-the-middle attacks or exploitation against other connected devices, It doesn't let attackers know your Wi-Fi password, and also changing it wouldn't help you patch the issue, It doesn't affect modern devices using WPA3 protocol, the latest Wi-Fi security standard. However, it does let attackers capture and decrypt some wireless packets (several kilobytes), but there's no way to predict what data it will include, Most importantly, the flaw breaks encryption on the wireless layer but has nothing to do with TLS encryption that still secures your network traffic with sites using HTTPS. Now you might be wondering what the Kr00k attack then let attackers do? In brief, a successful attack merely degrades your security a step towards what you'd have on an open Wi-Fi network. Thus, what sensitive information attackers can capture from a vulnerable device is totally depends upon the lack of the next layer of network traffic encryption i.e., visiting non-HTTPS websites. The attack relies on the fact that when a device suddenly gets disconnected from the wireless network, the Wi-Fi chip clears the session key in the memory and set it to zero, but the chip inadvertently transmits all data frames left in the buffer with an all-zero encryption key even after the disassociation. Therefore, an attacker in near proximity to vulnerable devices can use this flaw to repeatedly trigger disassociations by sending deauthentication packets over the air to capture more data frames, "potentially containing sensitive data, including DNS, ARP, ICMP, HTTP, TCP, and TLS packets." Besides this, since the flaw also affects chips embedded in many wireless routers, the issue also makes it possible for attackers to intercept and decrypt network traffic transmitted from connected devices that are not vulnerable to Kr00k, either patched or using different Wi-Fi chips. ESET researchers reported this issue to both affected chip manufacturers, Broadcom and Cypress, last year, as well as many affected device manufacturers who are responsible for developing a patch to mitigate the problem via software or firmware updates for their users. Apple has already released patches for its users, some should have issued advisory or security patches at the time of publication, and other vendors are still testing the issue against their devices. Source: /
Osaka prefectural police have seized about 5,800 bicycle seats from a rental storage facility and have arrested a truck driver on theft charges, they said Friday. Hiroaki Suda, 57, was arrested on Feb. 13 after a security camera caught him stealing two bike seats worth roughly 8,000 yen ($73) on Nov. 29 and 30 at a train station and a parking lot for bicycles in Higashiosaka, east of Osaka. Suda has admitted to the charges, with the police quoting him as saying, "I began to steal bike seats about 25 years ago in Tokyo and Osaka to relieve stress at work and, gradually, collecting them turned out to be fun." The police were surprised to seize that many bike seats, and suspect that Suda stole them while driving from city to city. Source:
International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. "At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," Marriott said in a statement. "We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests." The incident exposed guests' personal information such as contact details (name, mailing address, email address, and phone number), loyalty account information (account number and points balance), and additional information such as company, gender, dates of births, room preferences, and language preferences. The hospitality giant said an investigation into the breach was ongoing, but said there was no evidence that Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver's license numbers were compromised. Marriott has also set up a self-service online portal for guests to check whether their personal details were involved in the breach, and what categories of information were exposed. In addition, it's offering affected users an option to enroll in IdentityWorks, a personal information monitoring service, free of charge for 1 year. The company has already taken the step of disabling the passwords of Marriott Bonvoy members who had their information potentially exposed in the incident, and they will be notified to change their passwords during the next login, as well as prompted to enable multi-factor authentication. The incident follows a 2014 compromise of Starwood Hotels guest reservation database, which was acquired by Marriott in 2016. The breach, which exposed personal details of over 339 million guests globally, wasn't detected until November 2018, leading to it paying a fine of £99 million ($123 million) to the UK's data privacy regulator Information Commissioner's Office under GDPR laws. "The kinds of information disclosed in the latest Marriott breach might seem innocuous, but it is precisely this kind of intelligence that enables threat actors to better target attacks on consumers," Gerrit Lansing, STEALTHbits' Field CTO told The Hacker News via email today. "Simply: the more I know about you, the better chance I have of fooling you. Compromised credentials remain one of the top vectors for this kind of compromise, and strong authentication before accessing sensitive information one of the best defenses." Source:
1. More data centers Data center expansion has been on the horizon of many business heads simply for the reason that expanding their reach to other cities or countries gives them a local advantage and helps them deal with latency issues of data networks. Alibaba Cloud’s entry in India was one such strategic move that was geared towards giving a better service to their Indian customers and expanding their business horizon in the same region. Banks and financial institutions are comfortable with providing real estate capital to cloud providers who seek to build more data centers because of the ROI this industry has given over the years. Which is why it is safe to say that this trend will continue and probably be the top trend for 2018 as well. 2. Acquisitions and consolidations There are moves with intent, and then there are moves which are intense. The number of strategic moves done by AWS, Google, Microsoft are quite a few in this calendar year. But, number hasn’t always been a measure of profitability. Many organizations made a move with an intent to grab a larger chunk of the market. But, some moves made a lot of difference. Like Microsoft’s acquisition of Cycle Computing which gave the former’s customers a benefit of computing ‘big data jobs’. This move was surely intense since Microsoft swept this deal right under the noses of their competitors with a strong pursuit strategy. Another trend that is likely to be the talk of the industry is acquisition of foreign companies for market diversification. SUSE’s acquisition of Aptira in the APJ ( Australia Pacific & Japan) region has taken the APAC region by storm. With this acquisition, both parties will consolidate their complementing portfolios to provide a holistic solution to their customers in the region. We see this trend worth mentioning as well. 3. More innovative products on the shelf The cloud industry has been brave with the products that they have launched this year. That is because innovation collectively has been a key ingredient to their product mix apart from filling the need gap for their customers. Datrium’s Cloud DVX, Microsoft’s Azure stack for Indian SMEs, SIMA Solution’s IBM integrated SIMA Cloud are some products that can be named as we speak of innovation. The birth of these products has been mostly because challenging situations were thrown at the parent organizations by their customers when it came to satisfaction and user experience of the product. This shows that customers really are looking for newer solutions that cater to their needs when it comes to cloud. Definitely a trend that we will continue to see next year. What a simplified cloud could look like for the average SMB who is looking for web hosting must definitely check out ResellerClub’s hosting plans. 4. Rise and rise of IoT Connected devices are the future. Today, more or less with all the devices like watches, cars, home appliances and laptops being integrated together, storing data on the cloud has become imperative. The IoT (Internet of Things) industry has also seen a positive demand-supply with growing awareness of consumers towards integrated services. IoT provides minute behavioural insights to businesses and helps them learn more about consumers. With this data, a business can build relevant customer experiences with the help of automation and smart tools. 5. Container systems to prevail Cloud industry relationship with container management systems is nothing less than blooming. They give developers the freedom to create measurable and predictable environments that work in silos. They run almost anywhere and provide the same benefit all over. With respect to cloud, their role of enabling developers build, store, run and orchestrate production has made them popular with decision-makers and developers alike. Hence, the cloud hosting provider advocates container management systems to business who have an in-house tech team. Kubernetes has emerged as a favourite for many big guns including Google, Oracle and others. It would hardly take time for smaller enterprises to lap it up. A trend that will evolve in 2018 we say. Are we missing out on anything? Not really. We could also see other cloud computing trends in terms of data center acquisition to expand global footprint or even malware protection companies partnering with cloud companies to provide the latter’s customers with secure cloud environments. Along with these cloud computing trends, we also predict that hybrid cloud will be more popular since organizations now prefer on-premise cloud services in addition to public and private cloud. The defence and security industry has also adapted to the cloud slowly by accepting that the data stored on cloud could be safe. We hope that our predictions come true for 2020. Source:
Researchers at the University of Kent are the latest establishment to have studied this growing problem. The extensive study involved them looking at data from nearly every single medical practice in England, and they found that fluoride may be increasing the risk for hypothyroidism, or an underactive thyroid, a condition in which the thyroid gland fails to produce enough hormones, resulting in symptoms such as fatigue, obesity and depression. The study, published in the Journal of Epidemiology and Community Health, included the largest population ever to be analysed in relation to fluoride consumption. Source: /
Jak to obecnie z hostingami jest. Drzewiej serwery były tańsze nie było tyle ataków na strony, stare dobre czasy. Ale czasy się zmieniają. Obecnie z tzw. shared hostingami (hostingami współdzielonymi) jest tak że co chwile znika jedna firma świadcząca usługę a zaraz pojawia się nowa. Często firmy nowe jak i te dobrze nam znane używają marketingowych kłamstw typu nielimitowana przestrzeń albo nielimitowane odsłony. W głębi tak

Services issued by ZOJ.ME

ZOJ.ME Is a place for viral news from internet, blog competitions and tutorials.
All Rights Reserved ©2019/2020 Jeremi ErtY'wek | Hosted on Google servers.