Showing posts with label IT. Show all posts
Showing posts with label IT. Show all posts

Consideration! On the off chance that you utilize Amazon's voice aide Alexa in you savvy speakers, simply opening a blameless looking web-connection could let aggressors introduce hacking aptitudes on it and spy on your exercises distantly. 


Check Point cybersecurity analystsDikla Barda, Roman Zaikin and Yaara Shriki—today revealed extreme security weaknesses in Amazon's Alexa remote helper that could deliver it defenseless against various pernicious assaults. 

the "adventures could have permitted an aggressor to expel/introduce abilities on the focused on casualty's Alexa account, get to their voice history and procure individual data through expertise connection when the client conjures the introduced aptitude." 

"Shrewd speakers and menial helpers are typical for such an extent that it's not entirely obvious exactly how much close to home information they hold, and their job in controlling other keen gadgets in our homes," Oded Vanunu, head of item weaknesses research, said. 

"In any case, programmers consider them to be passage focuses into people groups' carries on with, allowing them the chance to get to information, listen in on discussions or lead different malignant activities without the proprietor staying alert," he included. 

Amazon fixed the weaknesses after the specialists uncovered their discoveries to the organization in June 2020. 

A XSS Flaw in One of Amazon's Subdomains :

Check Point said the blemishes originated from a misconfigured CORS strategy in Amazon's Alexa portable application, in this manner possibly permitting enemies with code-infusion capacities on one Amazon subdomain to play out a cross-area assault on another Amazon subdomain. 

Put in an unexpected way, fruitful misuse would have required only a single tick on an Amazon interface that has been uncommonly created by the assailant to guide clients to an Amazon subdomain that is powerless against XSS assaults. 

What's more, the specialists found that a solicitation to recover a rundown of all the introduced abilities on the Alexa gadget additionally restores a CSRF token in the reaction. 

The basic role of a CSRF token is to forestall Cross-Site Request Forgery assaults in which a pernicious connection or program causes a confirmed client's internet browser to play out an undesirable activity on a genuine site. 

This happens on the grounds that the site can't separate between real demands and manufactured solicitations. 

In any case, with the token under lock and key, a troublemaker can make substantial solicitations to the backend worker and perform activities for the casualty's benefit, for example, introducing and empowering another aptitude for the casualty distantly. 

To put it plainly, the assault works by provoking the client to tap on a noxious connection that explores to an Amazon subdomain ("track.amazon.com") with a XSS defect that can be abused to accomplish code-infusion. 

The assailant at that point utilizes it to trigger a solicitation to "skillsstore.amazon.com" subdomain with the casualty's accreditations to get a rundown of all introduced aptitudes on the Alexa account and the CSRF token. 

In the last stage, the endeavor catches the CSRF token from the reaction and utilizations it to introduce an ability with a particular aptitude ID on the objective's Alexa account, covertly evacuate an introduced expertise, get the casualty's voice order history, and even access the individual data put away in the client's profile. 

The Need for IoT Security :

With the worldwide brilliant speaker showcase size anticipated to reach $15.6 billion by 2025, the examination is another motivation behind why security is critical in the IoT space. 

As remote helpers become more unavoidable, they are progressively ending up being rewarding focuses for aggressors hoping to take touchy data and upset shrewd home frameworks. 

"IoT gadgets are innately helpless and still need sufficient security, which makes them appealing focuses to danger entertainers," the specialists finished up. 

"Cybercriminals are consistently searching for better approaches to break gadgets, or use them to contaminate other basic frameworks. Both the scaffold and the gadgets fill in as section focuses. They should be kept made sure about consistently to shield programmers from invading our shrewd homes."

Pakistan Bureau of Statistics (PBS) reported that this shows growth of 21.79 percent as compared to $535.940 million earned through provision of services during the corresponding period of fiscal year 2018-19,
The computer services raised by 25.35 percent from $391.770 million last year to $491.090 million during July-December (2019-20) during the period under review.
Among the computer services, the exports of hardware consultancy services witnessed increase of 90.45 percent, from $0.880 million to $1.676 million while the export of software consultancy services also raised by 11.68 percent, from $173.972 million to $194.289 million.
The export and import of computer software related services increased by 9.32 percent, from $149.540 million to $163.482 million whereas the exports of maintenance and repair of computer services decreased by 62.06, from $3.297 million to $1.251 million.
Meanwhile, the export of information services during the period under review increased by57.97 percent by going up from $0.690 million to $1.090 million.
Among the information services, the exports of news agency services increased by 106.90 percent, from $0.319 million to $0.660 million whereas the exports of other information services also increased by 15.90 percent, from $0.371 million to $0.430 million.
The statistics revealed that the export of telecommunication services increased by 11.89 percent, from $143.480 million to $ 160.540 million during current period.
the PBS data revealed about the telecommunication services that the export of call centre services also increased by 19.63 percent during the period as its exports increased from $49.665 million to $59.413 million whereas the export of other services also increased by 7.79 percent, from $93.815 million to $101.127 million during present year.


Big tech companies are asking more employees to work from home as the novel coronavirus outbreak continues to spread.
Facebook (FB)Google (GOOG)Twitter (TWTR) and Amazon (AMZN) have implemented remote working policies for many or all of their employees around the globe.
Google parent company Alphabet is recommending that all employees in North America, Europe, Africa and the Middle East work remotely.
    Twitter has made working from home mandatory for all workers globally. The company is also in communication with its San Francisco staffers after an employee from that office developed symptoms consistent with coronavirus, though no official diagnosis has been made, according to a company spokesperson.
    Facebook is extending work from home guidance to all employees globally whose jobs allow them to do so, company spokesperson Anthony Harrison . Amazon is recommending that employees in the Seattle and Bellevue, Washington areas, the San Francisco Bay Area, New York, New Jersey, Massachusetts, Madrid and Italy work from home if their jobs allow.
    While many companies have asked employees in certain cities to work from home or tested out large scale work from home measures, Google was among the first to ask that employees throughout the continent do so.
    Late last week, GoogleAmazon (AMZN)Microsoft (MSFT) and Facebook (FB) all began encouraging employees in Seattle to work from home as the coronavirus outbreak, also called COVID-19, spread in Washington state.
    Since then, coronavirus cases have continued to balloon in the United States. As of Wednesday, there were more than 1,200 cases reported in the country, and nearly 40 people had died.
    Many schools and universities have transitioned to online classes and Harvard has even asked students to leave campus housing within a matter of days. Growing numbers of major events have been canceled or postponed — including campaign rallies for Democratic presidential hopefuls Joe Biden and Bernie Sanders.

    Google

    Google on Tuesday asked North America employees to work from home through April 10.On Wednesday, a Google spokesperson , that staffers in Europe, Africa and the Middle East will also be asked to work remotely starting on March 12, until further notice.
    "Out of an abundance of caution, and for the protection of Alphabet and the broader community, we now recommend the you work from home if your role allows," the Tuesday email from Chris Rackow, Google's vice president of global security, reads in part.
    Alphabet employs nearly 120,000 full-time workers globally, according to its 2019 annual report. It does not break out the number of employees in each region.
    Google also has offices in Asia and the South Pacific, but did not respond to a request for comment on whether it is asking employees in that region to work from home as well.
    Rackow's email said Google is "carefully monitoring the situation and will update the timeline as necessary."
    Last week, Google announced it would compensate hourly employees affected by reduced office hours, such as cafe workers, for all of the hours they would have worked without the coronavirus disruption.
    Google also says it is developing a fund to provide sick leave pay to non-full time employees who currently don't have the benefit and are affected by coronavirus. The company said in a Wednesday blog post that while most non-full time employees and contractors already have sick leave benefits, some companies that Google contracts with are still rolling them out to their staffs.
    "This fund will mean that members of our extended workforce will be compensated for their normal working hours if they can't come into work (because of coronavirus symptoms)," the company said.
    Google was also forced to cancel its biggest event of the year, the annual developer conference Google I/O, which had originally been scheduled for mid-May.

    Twitter

    Twitter on Wednesday updated its work-from-home policy from "strongly encouraged" to "mandatory" for all employees globally, according to a company blog post.
    On Thursday, a company that Twitter's San Francisco office has been closed after an employee who works there showed symptoms consistent with coronavirus.
    "As of now, there has been no official diagnosis," the spokesperson said in a statement. "We've notified our employees and are following the advice of public health officials to prioritize everyone's health and safety. We closed our San Francisco office as our team completes a thorough and deep cleaning."
    Twitter has also said it plans to pay the labor costs for normal working hours to contractors and hourly workers who are not able to do their jobs from home as long as the remote working policy is in place.
    The company is providing reimbursement to parents for additional daycare expenses caused by the outbreak, as well as for home office set up expenses.

    Facebook

    Facebook said Thursday it is encouraging all employees globally to work from home.
    "We are extending our global guidance to allow anyone whose job allows them to do so, to voluntarily work remotely through Friday, April 10," .

    Amazon

    Amazon is recommending that employees from several areas work remotely if their jobs allow.
    "We continue to work closely with public and private medical experts to ensure we are taking the right precautions as the situation continues to evolve," 
    The company is continuing to pay hourly workers — including more than 10,000 food service, janitorial, security and other hourly staff in its Washington offices — from the areas affected by the remote working policies. It is also offering extra paid time off for employees who contract the virus.
    Amazon announced Tuesday it is subsidizing one month rent for the Seattle and Bellevue area small businesses that operate inside of its buildings. The company also created a $5 million relief fund for local small businesses affected by the outbreak.
    TikTok said Wednesday it plans to open a content moderation transparency center in its US office to address concerns over the security and privacy of its short video platform.
    Why it matters: The Chinese-owned app faces increasing scrutiny from US lawmakers concerned about content censorship and the potential that personal information from its American users may be shared with the Chinese government.
    • TikTok has seen massive growth and has become particularly popular among teens. The app, together with its Chinese version Douyin, was downloaded more than 738 million times in 2019, making it the second most-downloaded app in the world.
    • The scrutiny it faces in the US bears similarities to what social app Grindr faced prior to its sale to US investors. Splitting TikTok off would deal a significant blow to parent company Bytedance’s valuation, the world’s most valuable startup, last valued at $78 billion in late 2018 according to marketing intelligence firm CB Insights.
    Details: TikTok plans to set up a content moderation center in its Los Angeles office to show outside experts how the app moderates content on the platform, the company said in a statement Wednesday.
    • Experts will be able to observe how the company’s content moderators review videos uploaded to the platforms and identify potential violations, as well as see how user complaints are handled, according to the statement.
    • The center will open in early May. It will focus on TikTok’s content moderation in the initial phase and will be expanded to include insight into its source code, as well as efforts around data privacy and security, the company said.
    • The company also announced that it has hired cybersecurity veteran Roland Cloutier as its chief information security officer who will join the company in April. Cloutier was the chief security officer at payroll-services firm ADP, according to his Linkedin profile.
    • “Our landscape and industry is rapidly evolving, and we are aware that our systems, policies and practices are not flawless, which is why we are committed to constant improvement,” TikTok US General Manager Vanessa Pappas said in the statement.
    Context: TikTok has stepped up efforts in recent months to address concerns over its alleged content censorship in the US and its ties to the Chinese government.
    • The company released in December its first-ever transparency report, saying that it did not receive any requests in the first half of 2019 for user information from the Chinese government including law enforcement agencies.
    • The Guardian reported in September that TikTok instructs its moderators to censor videos that are deemed politically sensitive by the Chinese government, citing leaked documents detailing the platform’s guidelines. The company said in November that the guidelines were retired in May.

    cybersecurity-hacking-7
    There's a new report out on cyberattacks against the US. 
    The US is at risk for cyberattacks both small and catastrophic, according to a report out Wednesday by a US congressional panel. After months of study, the bipartisan Cyberspace Solarium Commission is calling for wide-ranging cybersecurity changes, including government reforms and better collaboration with the private sector.
    "A major cyberattack on the nation's critical infrastructure and economic system would create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast," read a letter from the organization's co-chairmen, Sen. Angus King of Maine and Rep. Mike Gallagher of Wisconsin.
    The solution is to deter more attacks to begin with, the lawmakers said. That means encouraging better norms around the world, taking away easy targets in US infrastructure, and finding new ways to retaliate against hacks. To get there, the roughly 182-page report makes more 80 recommendations around a six core pillars. Among the recommendations are establishing a National Cyber Director and that Congress should pass a national data security and privacy protection law.
    The report addresses ongoing concerns that the US is vulnerable to destabilizing cyberattacks. More than stealing data or spying on US businesses and government agencies, cyberattacks cause destruction. Ransomware, for example, can lock up valuable systems that keep hospitals or cities running, and often permanently destroys valuable data. Other attacks could take out utilities like electricity or water but would be limited to specific regions because the US has a fragmented system for delivering these services.
    To deter these attacks, the US needs to build up resilience, the lawmakers said, or "the capacity to withstand and quickly recover from attacks that could cause harm or coerce, deter, restrain, or otherwise shape U.S. behavior."
    The Cyberspace Solarium Commission was founded in 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences," according to its website.
    The world's biggest gaming event, E3, has been cancelled over fears surrounding the spread of coronavirus.
    The event, due to take place 9-11 June in Los Angeles, had been highly anticipated, ahead of PlayStation and Xbox console launches later this year.
    Organisers said it had been cancelled "after careful consultation" over "the health and safety of everyone in our industry".
    And they were "exploring options" for an "online experience" in June.
    "This might lead to some permanent change to events like E3," said Piers Harding-Roll, from Ampere Analysis.
    Such major expos "were already struggling to define themselves in the rapidly changing landscape of games" he said.
    "Next year, E3 may well be quite different."

    The hype train derailed

    Analysis by Marc Cieslak, gaming reporter
    Got a new game to tell people about? Do it at E3. Got a new console to flog? E3 is the first stop the hype train calls at.
    Over the course of its life, E3 has morphed from a trade-only event that helped retailers to figure how many physical copies of a game they wanted to buy, into a circus of organised chaos.
    In recent years, the public has been allowed in, hoping to catch a glimpse of (or spend hours queuing to play) a pre-release game demo on the show floor. Multi-million dollar press conferences became the norm.
    But industry observers have suggested that E3 has struggled to remain relevant in the last few years.
    Opening up to the public was part of an attempt to regain some former glory. But the harsh reality is that E3 is an expensive show to exhibit at, costing many millions of dollars for those that do.
    Sony, which is launching its Playstation 5 console in time for the Christmas season, had already decided not to attend, for the second year in a row.
    Nintendo has also shifted to making its announcements in a global online live-stream - but, like many developers, it has maintained a presence at E3 for hands-on demonstrations.
    Those are open to the public - and often involve game controllers being passed from person to person as thousands mingle on the show floor.
    Microsoft's Head of Xbox, Phil Spencer, tweeted that while the company had planned on appearing at E3, it would now hold a digital event.

    Latest casualty

    Dozens of major technology events have been cancelled in recent weeks as the virus has spread around the world and public health officials have warned people against gathering in large numbers.
    The Game Developers Conference, SXSW, Mobile World Congress, and Google and Facebook's major conferences are among the casualties.
    Major events that have yet to be cancelled include:
    • Bafta Games AwardsThe British Academy awards ceremony, on 2 April, in London
    • WWDC: Apple's Worldwide Developers Conference, on 3-7 June, in San Jose, California
    • NAB: The annual broadcaster and media trade show, on 18-22 April, in Las Vegas,
    Other events, such as the Ted talks series, have been postponed or shifted online.

    'Upload demos'

    The gaming media was left frustrated with organisers after the personal information of more than 2,000 journalists was published on E3's website last year.
    Media captionE3 2019 round-up: Keanu, Xbox and more
    And, on Wednesday, gaming journalist Laura Kate Dale tweeted: "With last year's E3 scaring away press... many publishers [are] likely to learn this year how cost-effective live-streamed events can be.
    "I wouldn't be shocked if we look back at 2020 as the year E3 died."
    Meanwhile, Brian Crecente, a former games journalist turned consultant, said: "Why not have E3 without the E3?"
    "All of the big companies stream their press conferences anyway.
    Fitness, wallpaper, and lost item-finding startups could have a big new competitor baked into everyone’s iPhones. Leaks of the code from iOS 14 that Apple is expected to reveal in June signal several new features and devices are on the way. Startups could be at risk due to Apple’s ability to integrate these additions at the iOS level, instantly gain an enormous install base and offer them for free or cheap, as long as they boost sales of its main money maker, the iPhone.
    It’s unclear if all of these fresh finds will actually get official unveiling in June versus further down the line. But here’s a breakdown of what the iOS 14 code obtained by 9To5Mac’s Chance Miller shows and which startups could be impacted by Apple barging into their businesses:

    Fitness – Codename: Seymour

    Apple appears to be preparing a workout guide app for iOS, WatchOS and Apple TV that would let users download instructional video clips for doing different exercises. The app could potentially be called Fit or Fitness, according to MacRumors‘ Juli Clover, and offer help with stretching, core training, strength training, running, cycling, rowing, outdoor walking, dance and yoga. The Apple Watch appears to help track your progress through the workout routines.
    The iOS Health app is already a popular way to track steps and other fitness goals. By using Health to personalize or promote a new Fitness feature, Apple has an easy path to a huge user base. Many people are afraid of weight and strength training because there’s a lot to learn about having proper form to avoid injury or embarrassment. Visual guides with videos shot from multiple angles could make sure you’re doing those push ups or bicep curls correctly.
    Apple’s entrance into fitness could endanger startups like Future, which offer customized workout routines with video clips demonstrating how to do each exercise. The $11.5 million-funded Future  actually sends you an Apple Watch with its $150 per month service to track your progress while using visuals, sounds and vibrations to tell you when to switch exercises without having to look at your phone. By removing Future’s human personal trainers that text to nag you if you don’t work out, Apple could offer a simplified version of this startup’s app for free.
    Apple Fitness could be even more trouble for less premium apps like Sweat  and Sworkit that provide basic visual guidance for workouts, or Aaptiv that’s restricted to just audio cues. Hardware startups like Peloton, which offers off-bike Beyond the Ride workouts with live or on-demand class, and Tempo’s giant 3D-sensing in-home screen for weight lifting, could also find casual customers picked off by a free or cheap alternative from Apple.
    There’s no code indicating a payment mechanism, so Apple Fitness could be free. But it’s also easy to imagine Apple layering on a premium feature like remote personal training assistance from human experts or a wider array of exercises for a fee, tying into its increasing focus on services revenue.

    AirTags – find your stuff

    Apple appears to be getting closer to launching its long-awaited AirTags, based on iOS 14 code snippets. These small tracking tags could be attached to your wallet, keys, gadgets or other important or easily lost items, and then located using the iOS Find My app. AirTags may be powered by removable coin-shaped batteries, according to MacRumors.
    Native integration with iOS could make AirTags super-easy to set up. They also could benefit from the ubiquity of Apple devices, as the company could let the crowd help find your stuff by allowing AirTags to piggyback on the connectivity of any of its phones, tablets or laptops to send you the missing item’s coordinates.
    Most obviously, AirTags could become a powerful competitor to the vertical’s long-standing frontrunner, Tile. The $104 million-funded startup sells $20 to $35 tracking tags that locate devices from 150 to 400 feet away. It also sells a $30 per year subscription for free battery replacements and 30-day location history. Other players in the space include Chipolo, Orbit and MYNT.
    But as we saw with the launch of AirPods, Apple’s design expertise and native iOS integrations can allow its products to leapfrog what’s in the market. If Air Tags get proprietary access to the iPhone’s Bluetooth and other connectivity hardware, and if they’re quicker to set up, Apple fans might jump from startups to these new devices. Apple also could develop a similar premium subscription for battery or full AirTag replacements, as well as bonus tracking features.

    South by Southwest festival cancelled over coronavirus:

    One of America's most famous music festivals, South by Southwest, has been cancelled due to coronavirus fears.
    Organisers of the annual event in Austin, Texas, said they had no choice but to call it off for the first time in its 34-year history.
    The move was ordered by Austin Mayor Steve Adler, who declared "a local disaster".
    The US coronavirus death toll stands at 14, but over 200 people have been confirmed sickened nationwide.
    All but one of the deaths have occurred in Washington state.
    Despite the Austin mayor's declaration of a local disaster - a largely administrative step - none of the six coronavirus cases recorded so far in Texas are in the state capital.
    The World Health Organization says nearly 100,000 people worldwide have contracted the coronavirus. More than 3,000 people have died - the majority in China.
    In a statement on Friday, SXSW said it was "devastated" by the news, but respected the decision.
    Event organisers said: "'The show must go on' is in our DNA, and this is the first time in 34 years that the March event will not take place.
    "We are now working through the ramifications of this unprecedented situation."
    Some of the event's biggest exhibitors - including Apple, Amazon, Twitter and Facebook - had already pulled out.
    The 10-day event attracts leading figures from the spheres of technology, music and media to mingle in the Texas capital.
    Last year SXSW drew nearly 74,000 people with over 19,000 coming from outside the US.
    In 2018, visitors spent $350m (£270m) during the festival, according to a study commissioned by event organisers.
    The event's organisers had been under pressure to call it off. A petition to that effect on change.org received 55,000 signatures.
    Several other large tech conferences have been cancelled in recent weeks including Google's Cloud Next conference, Mobile World Congress and the Game Developers conference.

    What's happening with the quarantined cruise ship?

    Meanwhile, US Vice-President Mike Pence, who is co-ordinating the nation's response to the outbreak, confirmed that 21 people had tested positive for the coronavirus on a cruise ship that had been quarantined off the California coast.
    He said 46 people aboard the Grand Princess had been swabbed - 19 crew and two passengers were found to be infected.
    There are 3,500 people on the vessel, including more than 2,400 passengers, who have been confined to their cabins.
    According to the New York Times, those aboard the vessel only learned the results of the tests while watching cable news.
    The Grand Princess' captain reportedly apologised to them over the loudspeaker, saying he had received no prior notice of the news briefing.
    Authorities halted the cruise liner after learning that three previous passengers had been stricken with coronavirus.
    One was a 71-year-old man who died this week in a hospital near Sacramento, California.
    Another is gravely ill with Covid-19 in the San Francisco area. A woman from the Canadian province of Alberta has also tested positive.
    Meanwhile, two health screeners at Los Angeles international airport have tested positive for the coronavirus, Reuters news agency reports, and have been told to self-isolate until 17 March.