The best cyber story of December 2021

Apache Log4j Weakness

Also known as Log4Shell, the Apache Log4j vulnerability was the December Cybersecurity News Story and 2021 and probably the most significant of 2022. An error in the widely used Java logging library, it was first published on 9 December. The vulnerability was first discovered in Minecraft and allowed the application user to execute unauthorized remote code due to its use of the Java logging library.

Log4j is an open source software from the Apache Software Foundation. It records errors and routine system events and then communicates diagnostic messages about them to users and system administrators. An example of Log4j in action is when you click on a broken link or type a URL incorrectly, you get a 404 error message in your browser. The web server tells you that there is no such page and records events in a log using Log4j.

Log4j is the most popular Java logging library. It is used in many systems, including web applications, cloud platforms and email services. The Log4j library is embedded in every Internet application or service we know, including Amazon, Twitter, and Microsoft.

Due to the ubiquity of the Log4j library, the difficulty of manually fixing it, and the ease with which Log4Shell is used, the impact of vulnerabilities could be felt for years to come. Not surprisingly, it has been assigned the highest possible risk score – an intensity of 10.

Meanwhile, thousands of attempts to exploit this vulnerability were recorded just hours after it was released. This is certainly not uncommon because bad actors often want to exploit a newly revealed flaw before it can be massively remedied. Although in this case, the widespread use of Log4j and the fact that many companies do not know that part of their network implies that cybercriminals may have an unusually long window to try and maximize errors.

Users and administrators are requested to immediately apply mitigation controls, including the Log4j upgrade.

DHS announces cybersecurity bug bounty program

The US Department of Homeland Security has launched a bug bounty program to help identify and correct cybersecurity vulnerabilities in selected external-oriented DHS systems. First unveiled by the DHS Secretary at the Bloomberg Technology Summit, the ‘Hack DHS’ program will pay between $ 500 and 000 5000 depending on the severity of the vulnerability.

Unlike regular bounty programs that are open to all, participating researchers will be verified first before being invited to access the DHS system. Hack the DHS is based on the success of Hack the Pentagon, a pioneering federal program launched in 2016 that found more than 7,000 security loopholes.

Hack the DHS will have three phases, all of which will run until 2022. First, a virtual assessment where hackers are invited to analyze the DHS system. Second, a live hacking event. Third, vulnerability identification, review, and planning for future bounty programs. The program will be governed by the rules set by DHS’s CISA so that participants have to disclose all the information they have discovered which can be used to reduce and correct vulnerabilities they find.

The goal of the program will not only be the basis for future bug bounty plans but also serve as a blueprint that government agencies can use to strengthen their cybersecurity resilience.

Google Now lets you use images to search for things you don’t know how to Google

This site may earn authorized commissions from links on this page. Terms of use.

Like most tech-savvy people, we pride ourselves on our ability to successfully Google anything. Still, there are times when, for lack of a good word, un-Google qualifies. Maybe it’s a dudad you’ve found in your kitchen that you want to replace but don’t know what to call it. Or you want to know if the shirt you are photographing comes in a different color. To address this, Google now lets you combine words with images when searching for things. Previously you could search with a photo, but this is the first time you can add words to your query to improve results.

Google’s results when I wanted my fractal design case in white.

According to The Verge, Google is now launching this feature in beta for its Google Apps. It is available for both Android and iOS. It is part of the Google Lens technology that the company first unveiled in September last year. The process is very simple. First, fire up the app, tap the camera icon, and either take a photo or upload one. From there it determines what the object is and offers a number of “tabs” such as shopping, searching, dining, reading, and more. The clear part is that you can take a picture of something, then tap “Add to search” and change your results. For example I took a photo of my fractal design case, which marked it as a black PC, but not a fractal case. I then added “white” to the results and it showed me a variety of white ATX cases. It should be noted that this technology works best in things that you cannot describe, or you can only describe in vague terms. It’s definitely not perfect. It accurately detected my Logitech G502 mouse, but when I added “Wireless” to the search it showed me random rats. I also uploaded a picture of the ribs, and thought it was a war fly. A.

While this new feature is easy for most shoppers, Google representatives say the potential uses far outweigh the risks. In an interview with The Verge, a representative said he took pictures of the fingernail color work and added “tutorials”. This allows her to find ways to draw her nails in the same way. Although it does not seem to work very well with PCs. I uploaded a photo of a CPU and added “overclock” to the query. However, it showed me a picture of the CPU-Z screen for overclocked CPUs instead of how I should do it.

Still, the feature holds a lot of promise for the future, as it is part of an “AI revolution” in search. Search director Lu Wang told The Verge that the service would eventually expand to video, and not just YouTube, which is owned by Google. It does not restrict search results to companies that have partnered for the purchase, but it can index any site.

Read now:

Tesla claims it will begin production of its Optimus Humanoid robot next year

Tesla’s Elon Musk says the company could start building its Optimus Humanoid robot by next year. This is despite the fact that the company is years behind schedule to be able to build its Tesla Roadster or Tesla Cybertruck electric car.

The revelation came during a Tesla cyber radio event yesterday, Musk said the company has “Hopefully a shot of being in production for version 1 of Optimus next year.”

He then said that the robot would be designed to do things that humans do not want to do.

It will improve our perception of what economics is … it will basically be able to do something that people don’t want to do. It will do it. It is going to bring an age of abundance. It may be hard to imagine, but as you watch Optimus evolve, and we make sure it’s safe, no Terminator stuff, it will transform the world to a greater degree than cars.

Of course, whether Tesla will be able to make this claim or not, we will have to wait for the future to know the answer. This seems highly unlikely, though, especially due to Tesla’s disability it can’t meet almost any of the deadlines it has set itself in the past.

This is an ambitious project and giving it an ambitious timeline does not mean that the mask will unfortunately be able to keep it in existence.

(Via: Electric)

You may choose to check out:

You can follow us TwitterOr like our Facebook page to keep yourself updated on all the latest developments on Instagram, and even Microsoft, Google, Apple, and the web.

Related stories

Like this post on Facebook

Thanks Samsung, this $ 100 bonus credit is beautiful

You have to wonder how long Samsung has been planning to continue this, but for now, Samsung has sweetened the deal it will get on its new Galaxy S22 line. On top of the inflated trade-in values ​​we prefer, they now offer bonus credits of up to 100 for accessory costs.

If you visit a Samsung store and buy a Galaxy S22 Ultra or Galaxy S22 +, you will see a 100 bonus credit for applying for all kinds of products. The Galaxy S22 gets a $ 50 credit.

Some of these accessories are already on sale, such as the Galaxy Watch 4 and the Galaxy Watch 4 Classic. When buying a Galaxy S22 device, Samsung is offering a 105 discount to start with the Galaxy Watch 4 Classic, so applying the $ 100 credit will get you a new phone and a Galaxy Watch 4 Classic for $ 144. The Galaxy Watch 4 is priced at as low as $ 75.

There are also other accessories bundles, as well as direct discounts on Galaxy Buds products, cases, chargers and more. Below is a preview of some of those deals

Samsung Accessory Deal

As I mentioned above, Samsung is still doing their trade-in thing. If you own Galaxy S21 Ultra or Galaxy Note 20 Ultra, Samsung will give you ছাড় 850 discount for Galaxy S22 Ultra or Galaxy S22 + Today. With that instant discount, a Galaxy S22 Ultra costs about $ 350. We’ve already talked a lot about Samsung’s trade-in program, so if you have any questions, check out this post.

In short, Samsung is still offering insane trade-in prices with bonus credits of up to $ 100 today, which brings already-discounted items like the Galaxy Watch 4 below $ 100. This is a good day to buy a new phone from Samsung.

$ 60 million settlement, ‘Zero Trust’ strategy, Reveal collapse and more

The best cyber story of January 2022

Morgan Stanley’s $ 60 million settlement for data breach

Financial services giant Morgan Stanley has agreed to pay $ 60 million to settle data security class-action lawsuits. The lawsuit, filed by about a dozen customers, claims that the company disclosed their personal information when on two occasions, it failed to properly retire the old information technology.

The breach was caused by the failure to remove the Personally Identifiable Information (PII) of about 15 million past and present customers from legacy systems in 2016 and 2019. Legacy systems were sold to third parties with encrypted data Morgan Stanley began informing customers about the breach in July 2020.

The company was fined $ 60 million by the Office of the Monetary Control (OCC) in October 2020 for the incident.

The White House memo instructed the adoption of the ‘Zero Trust’

The White House has launched a new cyber security strategy that seeks to reduce the threat of cyber attacks on government infrastructure. The strategy expresses the administration’s vision to move government agencies to a ‘zero-confidence’ cyber security model. Zero trust means devices and users will be allowed access to the network, limited to manual roles or tasks.

The initial document of the strategy was published by the Office of Management and Budget (OMB) as a memorandum addressed to the heads of all agencies and executive departments. Government agencies have 30 days to appoint an implementation leader and 60 days to file an implementation plan.

Cyber ​​attacks in Ukraine

Amid growing military tensions between Russia on the one hand and Ukraine and NATO on the other, the Ukrainian government was the subject of a major cyber attack. It attacked about 70 websites, including the cabinet, the treasury, the state service, seven ministries and the national emergency service. Malicious malware was also planted in government agencies.

Hours after the attack, access to most of the affected sites was restored. The Ukrainian government has blamed Russia for the attack. According to a Ukrainian official, the hackers used the administrator credentials belonging to the website developer.

The fall of Reveal?

REvil was the target of a multi-government security operation led by the FSB, Russia’s domestic intelligence service, a criminal group linked to some of the most notable ransomware attacks in recent years. The raids led to the arrest of 14 people and the seizure of more than 1 1 million in assets.

Incidents involving the group include attacks in 2021 on the colonial pipeline, JBS USA and Kaseya. The FSB said it had broken the revelation and filed a complaint against members in response to information provided by the United States.

Cyber ​​security review for Chinese companies before foreign IPOs

The Cyberspace Administration of China (CAC), the country’s cyberspace regulator, has announced that platform companies need to test their cybersecurity by holding the data of one million or more users before listing their shares abroad. Companies are expected to apply for review before submitting their listing application to foreign regulators.

The purpose of the test is to assess the risk of company data being accessed, controlled, manipulated or otherwise influenced by a foreign government. Companies deemed a threat to national security will be barred from being listed abroad. The new rules will be effective from February 15.

Paramount has announced that Star Trek NFT is obscenely expensive

This site may earn authorized commissions from links on this page. Terms of use.

From the beginning, Star Trek has been exploring the ultimate frontier – a place where no one has gone before with courage. Paramount, which owns Trek IP, has now assigned that language to ৷ Push NFTs to the new platform, Which it plans to launch on April 9 in partnership with Recur ৷ Early feedback from fans has been overwhelmingly negative, but like it or not, Star Trek content is coming to Metaverse. When the metavars will actually exist, it is still in the air.

With the launch of the Star Trek Continuum project, you’ll be able to pony up $ 250 to buy an algorithmically generated Starship. And if you’re hoping to get an iconic ship like the Constitution Class, popularized by Oz Enterprise, be prepared to drop a lot of cash. The $ 250 “Captain Pack” includes a ship, and the constitution drop rate is very low. You have an 11% chance of amending a constitution or constitution (as seen in previous movies), but less popular classes like Oberth and Soyuz are more common. If you want a guaranteed constitution, you need to buy Admiral Pack, which you can only do if you purchase one. Separate Known as a Recur Pass of NFT $ 350 (current price). The Galaxy Class doesn’t seem to be an alternative to this drop either, so if you want the NCC 1701-D Vibe you’ll need to buy an extra pack later. The Ferengi Alliance must approve the scheme.

What you will be able to do with these unique items is as vague as the Paramount subsequent NFT project. There will be an “experimental hub” for holding first-season NFTs and there will be more types of NFT content such as characters in future seasons, and you’ll be able to go on some kind of mission. Paramount further hinted that other features from Nickelodeon and Paramount Pictures will be coming to in the future.

$ 250 for a random starship? Pass (What even Is That design? – Ed)

It’s all obscure because “Metavers” and “Web 3” don’t exist yet. These experiences and the basic technology to make them possible are still many years away. We now have a blockchain that can assign “ownership” of these digital items. You rely on the platform to give them a price and set a reasonable purchase price. In this case, I think they must have missed the mark on the second point. Charging 250 for a single NFT item, with no functionality, would be a solid sale for any Phantom – and Especially For Star Trek.

One of the basic elements of the stories told in the trek is the post-scarcity society. We hear time and time again that the people of the Federation are no longer concerned with the acquisition of material resources, but with the advancement of themselves and of humanity as a whole. This is a big part of what makes Star Trek so optimistic and appealing to its fans, which is basically the entire editorial staff of Extremetech. Turning this favorite franchise into an NFT machine is, at best, deaf-mute.

Read now:

Apple Document releases new dual USB-C35W charger that has not been released yet

Apple may be ready to release a new dual USB-C power adapter that is rated for 35W after a brief look at the company’s website.

No such power adapter has been made available to date as it is a product that will be announced in the near future.

9 to 5 Mac The adapter first appears in Apple Support documents, but it’s not clear if it’s a product reference that is in progress but has been canceled, or if we can expect an announcement in the future.

Use the Apple 35W dual USB-C port power adapter and a USB-C cable (not included) to charge your device. Connect a USB-C cable to either port of the power adapter, extend the electrical wiring (if required), then plug the power adapter tightly into the power outlet. Make sure the power outlet is easily accessible for disconnection. Connect the other end of the cable to your device.

This adapter will have two ports it is a big deal that if anyone wants to get this type of charger they have to go for third party solution. There are many, many different options on the table but those who want the official part of Apple are still out of luck. It is possible that this is going to change, however.

If this charger supports 35W charging, it is possible that it will be able to charge an iPhone 13 as well as a modern Apple Watch faster, which will benefit many users.

You may choose to check out:

You can follow us TwitterOr like our Facebook page to keep yourself updated on all the latest developments on Instagram, and even Microsoft, Google, Apple, and the web.

Related stories

Like this post on Facebook

The Pixel 6 Pro will surprise 6 months of response

Earlier this week, we saw the Pixel 6 and Pixel 6 Pro now again, both coming to their 6-month anniversary. We’ve talked about our positive reviews, the initial negative feedback from vocal early adopters, Google’s struggle with software updates, and how things seem to have calmed down in recent weeks, perhaps indicating some stability and happiness in the Pixel 6 world. I also mentioned that after reviewing all kinds of phones like Galaxy S22 Ultra and OnePlus 10 Pro recently, I am happy to be back to the Pixel 6 Pro and would still recommend it.

After sharing these thoughts, I have to admit that I was nervous about the reaction from the people around me. Once I asked what everyone’s experience was with the Pixel 6 or Pixel 6 Pro, I was expecting a majority opinion focusing on how bad Google’s new phones are. I thought so because of the huge crowds around reddit and around Twitter that wouldn’t hesitate to tell you that Google’s phones are a dumpster fire. But it did not happen at all.

Reading through the 100+ comments in response to that article, it’s easy to see that most people who own a Pixel 6 or Pixel 6 Pro are actually quite satisfied. In fact, as far as I’m concerned most people are quite happy with their phones.

Pixel 6 Lovers

I can continue with those positive feedback, but you should get points from these few. Really a lot of people are suggesting that they haven’t noticed the bugs and bugs that many claim in Internet spaces are affecting most of the Pixel 6 phones.

Whether it’s the different ways we use our phones, the location and the network connections change, good luck versus bad luck, or the elite group of users who hang out in DL (), I was To tell the truth Most people are amazed at how positive these phones are.

That said, many people have acknowledged that phones aren’t perfect and that there have been problems, but there have been some improvements with recent updates. In my estimation, noticing improvement is probably the 2nd most common response from our readers.

Pixel 6 Pro fixed

Of course, not everyone likes these phones. Some people have gotten into so much trouble that they can’t wait to switch to another phone like Samsung. From the network and Bluetooth bugs to the Pixel 6 line calling it the “1st Generation Tech” and a “beta” product, it hasn’t run smoothly as suggested by many above.

Pixel 6 Pro Haters

This story has presented an interesting response, to say the least. If you look at Android blogs, Reddit and Twitter, you will find that Google has really whipped up the Pixel 6 line. At least in the vicinity of these parts though in reality it does not seem to happen. That rough vocal minority.

Russia-Ukraine factor, Red Cross data breach, $ 24 million ransomware loss

The best cyber story for February 2022

Another month. Another cyber attack. If anyone is under the illusion that 2022 will probably see a slowdown in cyber attacks as opposed to 2021, February decisively resolves that notion. The bomber struck shortly after noon in front of a crowd of mourners.

Ukraine government and bank website crash

Tensions between Ukraine and Russia eventually escalated into Russian aggression in Ukraine. Military conflict has dominated the headlines, but the war could spill over into the cyber sphere. Several websites of banks and government departments in Ukraine crashed in late February after the DDOS attack. Also, HermeticWiper malware was used against targets in Ukraine to make the data of infected devices unusable.

Ukrainian officials have blamed Russia for the attacks in the past. The latest cyber attacks on Ukraine come as authorities and cyber security experts in the United States, Canada and Europe raise their cyber alerts as they prepare for possible attacks by Russia-affiliated hacking groups.

Toyota To close Factory in Japan

Toyota Motor Corporation, one of the world’s largest car manufacturers by size, revenue and market cap, has suspended factory operations in Japan for at least a day in response to a cyber attack on suppliers of electronic components and plastic components.

The attacker and the motive are still unclear. The Japanese prime minister has vowed to investigate whether the incident was linked to the Russia-Ukraine conflict. The attack comes just days after Japan joined its allies in imposing sanctions on Russia and aiding Ukraine.

Red Cross data infringement

Even humanitarian agencies are not safe. A sophisticated attack has compromised sensitive information from the International Committee of the Red Cross (ICRC). The hackers obtained the names, contact and location information of more than half a million people receiving services from the ICRC, as well as details of about 2,000 volunteers.

The attackers mounted an unpatched vulnerability on an authentication module.

Sinclair’s $ 24 million ransomware loss

The Sinclair Broadcast Group, which owns the second-largest number of TV stations in the United States, has announced an irreparable loss of $ 24 million for the October 2021 ransomware attack. The release was part of the company’s fourth quarter financial results report.

No ransom was paid, the company said. The losses included the cost of event management, the impact on advertising revenue, and the likelihood of paying insurance. The investigation and recovery work is still going on so in the end the total damage may be more.

Other attacks

Other major cyber attacks that have occurred, been discovered or significant developments announced in February include the UK Ministry of Foreign Affairs, giant chipmaker Nvidia, dozens of European petroleum product storage terminals, UK-based snack maker KP Snacks, the world’s largest NFT marketplace, Insurers Aon, NFL’s San Francisco 49ers, Media Group News Corp and Vodafone Portugal.

Researchers have developed a ‘loss memory’ for neuromorphic chips

This site may earn authorized commissions from links on this page. Terms of use.

Check the date – this doesn’t seem to be the April Fools’ joke. Feng Zhao and Brandon Suoka, research engineers at WSU’s School of Engineering and Computer Science, have developed a “honey memorizer” that they hope to use extensively as a key component of neuromorphic hardware. Their report was published in the Journal of Physics.

The process is deceptively simple. First, the researchers hardened and processed a sample of honey. They then compress it into two metallic electrodes. The design is known as the Portmanteau of ‘Memorister’, ‘Memory’ and ‘Resistor’.

What this invention is a memristor, instead of two adhesive pieces of metal, honey itself is a physical property. In particular, Memristor materials have a voltage-dependent resistance. Their structural changes, by contrast, create a kind of physical history of electrical activity throughout the memory. Honey fits that description, since it varies in reverse between a viscous liquid and a crystalline solid. For that reason, honey can serve as a physical history. This is what makes honey honey candidates for use in neuromorphic systems.

Humming sound

Researchers have high hopes for their honey memory that, as neuromorphic hardware, it will be able to surpass a level competitor or even “traditional” Von Neumann architecture. But they also identify their inventions as renewable, biodegradable, non-toxic, low-energy and even antibacterial. “Honey is not wasted,” says author Feng Zhao. “It has a very low moisture concentration, so bacteria can’t survive in it. That means these computer chips will be very stable and reliable for a very long time.”

“When we want to dispose of devices using computer chips made of honey, we can easily dissolve them in water,” he added. “Because of these special properties, honey is very useful for building renewable and biodegradable neuromorphic systems.”

A memoryist designed for neuromorphic computing that is renewable, biodegradable, non-toxic, low-energy and antibacterial, as well as for reducing e-waste?  Give me the pinch, I'm definitely dreaming.

There are some obstacles that they must overcome. The electrical and thermal limitations of the device may be the most important. Zhao and Suoka offer honey memorizers as an ingredient for the neuromorphic system because they work at low energy. A major selling point of neuromorphic systems is that they run in dozens of watts, as opposed to hundreds of watts that a consumer or server CPU can draw. Honey memorizers can handle a maximum of twenty watts and have corresponding thermal boundaries.

Neuromorphic computing is not suitable for all tasks. It is unlikely that we will see neuromorphic processors in desktop hardware anytime soon. Instead, neuromorphic architectures such as Intel’s Lohi lend themselves to big-data research.

In addition to his team work on honey, Zhao hopes to continue exploring other renewable and biological solutions for the use of neuromorphic computing. One possible target: the proteins and sugars found in aloe vera leaves.

John Sullivan, Wikipedia feature image

Read now: