At the Intersection of Technology and Real Life

Security Holes Opened Back Door To TCL Android Smart TVs

Michael York Reading, PA Syndicated Stories, The Security Ledger

A report by independent researchers warns that TCL brand Android smart TVs contained serious and exploitable security holes. It also raises questions about the China-based electronics firm’s ability to remotely access and control deployed devices.

The post Security Holes Opened Back Door To TCL Android Smart TVs appeared first on The Security…

Read the whole entry… »

Disney+ is launching in 42 additional countries and 11 territories in Europe, the Middle East and Africa this summer. Notable new countries include South Africa, Turkey, Poland and the United Arab Emirates. The streaming service is currently available in 64 countries, including the United States, Canada and the United Kingdom. Disney hasn’t specified the exact […] [...]

Europe clears Facebook-Kustomer with API access commitments

27 January 2022

The EU has cleared Meta/Facebook’s acquisition of CRM maker, Kustomer — accepting a set of commitments from the tech giant to allay competition concerns linked to the fact it also owns a suite of popular messaging apps frequently used by small businesses for customer outreach (aka Facebook Messenger, Instagram and WhatsApp). The Commission said Meta […] [...]

bloss, which connects expectant parents with experts, raises £1M pre-seed led by Antler

27 January 2022

bloss is a U.K. startup that connects would-be or existing parents to pre-vetted parenting experts. It has now raised £1million in a pre-seed round led by Antler, the early-stage VC, and is also backed by angels including Silicon Valley entrepreneur Narry Singh, footballer Andriy Shevchenko and British-Jamaican entrepreneur Alexandra Chong. The funds will be used […] [...]

Parthean cares about personal finance so you don’t have to

27 January 2022

The son of Iranian immigrants, Arman Hezarkhani spent his senior year of high school brainstorming a three-part thesis on what he wanted to dedicate his career to. First, he said that education is the most high-leverage way to make an impact on an individual, community and world. Second, he thinks that technology is the most […] [...]

The.com launches a low-code, collaborative website builder that uses customizable ‘blocks,’ not templates

27 January 2022

A startup with the easy-to-remember name of The.com aims to modernize website building while also ensuring that web creators get credit for their work. The company, which is today emerging from stealth with $4.4 million in seed funding in tow, has created what it calls a “low-code, website building platform” that aims to ditch the […] [...]

Why Black female CEOs lead 50% of the companies in our portfolio

27 January 2022

Companies led by Black women were abundant in our pipeline. The failure to invest was the only failure to be found. [...]

In blow to unicorns, the global IPO market continues to soften

27 January 2022

The IPO market is flatlining at an awkward moment. While private markets remain heavily risk-on, a key avenue for startup exits – and investor liquidity – is seemingly shut. What’s next for IPOs? [...]

As Finmark finds its footing, it moves up market and takes on additional investment

27 January 2022

When Finmark founder Rami Essaid built a previous startup, he saw firsthand how hard it is to build accurate financial models. When he sold that startup, Distil Networks, to Imperva 2019, he decided to build a new company that could help. Finmark, which launched in July 2020, helps companies build sophisticated financial models without having […] [...]

Renault Nissan Mitsubishi Alliance confirms plans to build 35 new EVs by 2030

27 January 2022

Nissan teased one of the first cars based on one those platforms, an all-electric compact that will be sold in Europe to replace the automaker's popular Micra. [...]

Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?

27 January 2022

There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn’t take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You’d think that this issue no longer [...]

Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions

27 January 2022

A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest [...]

Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices

27 January 2022

Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. " [...]

Hackers Using New Evasive Technique to Deliver AsyncRAT Malware

27 January 2022

A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted [...]

Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability

27 January 2022

Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to [...]

Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks

27 January 2022

A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with "strong technical capabilities," calling out the campaign's overlaps to that of a similar [...]

Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads

27 January 2022

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. The new mechanism, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users' browsing history for a given week into a handful of top [...]

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

27 January 2022

A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's [...]

Webinar: How to See More, But Respond Less with Enhanced Threat Visibility

26 January 2022

The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets [...]

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

26 January 2022

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a [...]

Tapping into the Power of the Security Community

26 January 2022

Massive growth in Zoom’s customer base as a result of the COVID 19 pandemic brought new business - but also new challenges and security requirements. Establishing a CISO Council gave those customers a voice and a seat at the table, writes CISO Jason Lee. The post Tapping into the Power of the Security Community appeared first on The Security...Read the whole entry... »Related StoriesEpisode 230: Are Vaccine Passports Cyber Secure?Spotlight: COVID Broke Security. Can We Fix It In 2022?Spotlight: COVID, Cloud Sovereignty and Other 2022 Trends with DigiCert [...]

Spotlight: COVID, Cloud Sovereignty and Other 2022 Trends with DigiCert

19 January 2022

What does 2022 have in store? Dean Coclin of DigiCert speaks with host Paul Roberts about the trends that will shape the New Year, from cloud sovereignty to the growing reliance on PKI to secure digital identities, DEVOPs and more. The post Spotlight: COVID, Cloud Sovereignty and Other 2022 Trends with DigiCert appeared first on The Security...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 230: Are Vaccine Passports Cyber Secure?Spotlight: Automation Beckons as DevOps, IoT Drive PKI ExplosionSpotlight: COVID Broke Security. Can We Fix It In 2022? [...]

Spotlight: ShardSecure on Protecting Data At Rest Without Encryption

14 January 2022

Host Paul Roberts speaks with Marc Blackmer of ShardSecure about that company’s new approach to protecting data at rest, which relies on fragmenting and scattering data to make it impossible to steal. The post Spotlight: ShardSecure on Protecting Data At Rest Without Encryption appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 230: Are Vaccine Passports Cyber Secure?Tapping into the Power of the Security CommunitySpotlight: COVID, Cloud Sovereignty and Other 2022 Trends with DigiCert [...]

Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos

29 December 2021

In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the critical, remote code execution flaw in the Log4j open source library. Mark talks about how the Internet community can come together ahead of the next vulnerability to make sure the...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 232: Log4j Won’t Go Away (And What To Do About It.)Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug HuntingSpotlight: COVID, Cloud Sovereignty and Other 2022 Trends with DigiCert [...]

Leonardo DRZ wins first ever TCG CodeGen Developer Challenge

23 December 2021

President and Chairman of Trusted Computing Group (TCG), Dr. Joerg Borchert, shares the news regarding TCG's first ever CodeGen Developer Challenge. The post Leonardo DRZ wins first ever TCG CodeGen Developer Challenge appeared first on The Security Ledger with Paul F. Roberts. Related StoriesSpotlight: How Secrets Sprawl Undermines Software Supply Chain SecuritySpotlight: Automation Beckons as DevOps, IoT Drive PKI ExplosionSpotlight: E-Commerce’s Bot and Mouse Game [...]

Episode 232: Log4j Won’t Go Away (And What To Do About It.)

17 December 2021

In this episode of the podcast (#232), Tomislav Peričin of the firm ReversingLabs joins us to talk about Log4Shell, the vulnerability in the ubiquitous Log4j Apache library. Tomislav tells us why issues related to Log4j won’t be going away anytime soon and how organizations must adapt to deal with the risk it poses. The post Episode 232: Log4j...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 233: Unpacking Log4Shell’s Un-coordinated Disclosure ChaosSpotlight: How Secrets Sprawl Undermines Software Supply Chain SecurityEpisode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting [...]

Episode 231: Solving the US’s Endemic Cybersecurity Worker Shortage

10 December 2021

Rodney Petersen, the director of the National Initiative for Cybersecurity Education (NICE) talks about the massive shortage of information security workers at the United States - estimated at more than 400,000 workers. The post Episode 231: Solving the US’s Endemic Cybersecurity Worker Shortage appeared first on The Security Ledger with Paul F....Read the whole entry... »Click the icon below to listen. Related StoriesSpotlight: How Secrets Sprawl Undermines Software Supply Chain SecuritySpotlight: COVID, Cloud Sovereignty and Other 2022 Trends with DigiCertEpisode 232: Log4j Won’t Go Away (And What To Do About It.) [...]

How to Overcome Threat Detection and Response Challenges

8 December 2021

In this Expert Insight, Jack Naglieri, the founder and CEO of Panther Labs, talks about the many challenges of enterprise-scale threat detection and response. Jack provides some steps organizations can take to prepare themselves for the future. The post How to Overcome Threat Detection and Response Challenges appeared first on The Security Ledger...Read the whole entry... »Related StoriesTapping into the Power of the Security CommunitySpotting Hackers at the Pace of XDR – From Alerts to IncidentsSpotlight: ShardSecure on Protecting Data At Rest Without Encryption [...]

Spotlight: How Secrets Sprawl Undermines Software Supply Chain Security

1 December 2021

Mackenzie Jackson, the Developer Advocate at GitGuardian joins Paul to discuss how “secrets sprawl” on sites like GitHub threatens software supply chains. The post Spotlight: How Secrets Sprawl Undermines Software Supply Chain Security appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 232: Log4j Won’t Go Away (And What To Do About It.)Spotlight: Your IoT Risk Is Bigger Than You Think. (And What To Do About It.)Spotlight: Automation Beckons as DevOps, IoT Drive PKI Explosion [...]

Episode 230: Are Vaccine Passports Cyber Secure?

11 November 2021

In this episode of the podcast (#230) Siddarth Adukia, a regional Director at NCC Group, joins host Paul Roberts to talk about the (cyber) risks and (public health) rewards of vaccine passport systems: how they work, how they can be compromised and what to do about it. The post Episode 230: Are Vaccine Passports Cyber Secure? appeared first on ...Read the whole entry... »Click the icon below to listen. Related StoriesSpotlight: COVID, Cloud Sovereignty and Other 2022 Trends with DigiCertTapping into the Power of the Security CommunitySpotlight: COVID Broke Security. Can We Fix It In 2022? [...]

Why Spotify can’t afford to lose Joe Rogan

27 January 2022

Photo by Carmen Mandato/Getty Images This story originally ran in Hot Pod, The Verge’s preeminent audio industry newsletter. You can subscribe here for more scoops, analysis, and reporting. You’ve probably seen this by now, but to catch you up if not: On Monday, Neil Young issued an ultimatum to Spotify: keep Joe Rogan or me. It can’t have both on the service. “I am doing this because Spotify is spreading fake information about vaccines — potentially causing death to those who believe the disinformation being spread by them,” he wrote in a now-deleted letter, according to Rolling Stone. The chief… [...]

Polar Grit X Pro review: a fitness watch that matches your fit

27 January 2022

It’s not perfect, but there’s a lot to like for outdoorsy athletes Continue reading… [...]

Warner Music Group is launching a metaverse concert hall where you can pay to be its neighbor

27 January 2022

A Snoop Dogg experience inside The Sandbox. | The Sandbox Warner Music Group will open an outpost in virtual world The Sandbox, and it hopes music buffs will express their fandom by acquiring nearby property. In an announcement, WMG described its new home as a “combination of musical theme park and concert venue.” It will work with The Sandbox to host concerts and other “musical experiences.” But so far, it’s only discussed one specific event: a special sale of digital real estate called Land, which Sandbox users can buy “coveted” plots of in March. Concerts have become a fixture of… [...]

Epic will keep giving away free games in 2022

27 January 2022

More free games are on the way to add to your backlog. | Illustration by Alex Castro / The Verge One of the hallmarks of the Epic Games Store is its regular offerings of free games, and the company confirmed in a blog post that it will continue give games away in 2022. Some of the games Epic has offered in the past have been quite notable, including Control, Civilization VI, and even the store-crashing Grand Theft Auto V, so it seems likely the company will make some good freebies available this year. Epic also announced that its store has… [...]

Search Party found enlightenment in the doomsday cult of fandom

27 January 2022

HBO Max Have you seen this woman? Continue reading… [...]

Roborock’s S7 Plus is the first hybrid robot vacuum and mop worth buying

27 January 2022

The S7 is the best robot vacuum that can also mop, but skip the “Rock Dock” auto-empty station Continue reading… [...]

Elon Musk says ‘don’t forget about my robots’ as Roadster, Semi, Cybertruck deadlines slip

27 January 2022

The Tesla Bot concept. | Image: Tesla What’s more important to Elon Musk? A hugely successful business selling critically lauded electric vehicles or the sci-fi dream of a humanoid robot that doesn’t exist outside of a slide deck? Well, if you’re familiar with Musk’s modus operandi, you won’t be surprised that Musk has declared the latter — a non-existent robot — to be Tesla’s “most important product development” in a recent earnings call. Discussing the company’s product map for the years ahead, Musk noted that the Roadster and Semi (originally set to launch in 2020) and Cybertruck (first slated for… [...]

Master & Dynamic MG20 review: pricey doesn’t mean good

27 January 2022

A deluxe headset that should cost considerably less Continue reading… [...]

The Verge’s 2022 Valentine’s Day gift guide

27 January 2022

Photo by Alex Castro / Amelia Holowaty Krales These gift ideas ran Cupid’s arrow right through us Continue reading… [...]

Amy Klobuchar leads her final assault on Big Tech’s power

27 January 2022

Antitrust reform is on the horizon, and tech is spooked Continue reading… [...]

Now Physical Jobs Are Going Remote, Too

27 January 2022

Advances in artificial intelligence and other technology allow machines to be operated from far away. The trend could spell trouble for workers. [...]

6 Apps for Saving and Budgeting Your Money

27 January 2022

Penny-pinch your way to financial peace of mind. [...]

How to Build a Better Metaverse

27 January 2022

Second Life creator Philip Rosedale wants to prevent the Facebook-ization of virtual reality. [...]

Which iPhone Should You Buy (or Avoid) Right Now?

27 January 2022

Picking the right phone has gotten so much harder. Our breakdown of Apple’s lineup can help. [...]

Synthetic Voices Want to Take Over Audiobooks

27 January 2022

As computer-generated voices become more sophisticated, the number of audiobooks—including from Amazon, Microsoft, and Google—is set to explode. [...]

Did Eating Meat Really Make Us Human?

27 January 2022

For decades, scientists thought that being more carnivorous set our ancestors along their evolutionary path. New evidence casts doubt on this theory. [...]

The Capitalist Trap of Pig Organ Transplants

27 January 2022

The “miracle” pig heart transplant plays with the expectations of desperate patients and makes clear how the system values certain lives over others. [...]

How to Watch the 2022 Winter Olympics

27 January 2022

Whether you’re into snowboarding or curling, here’s how to follow the big events in Beijing. [...]

How to Travel Solo During the Pandemic

26 January 2022

The way we travel may be changing with the spread of Covid-19, but here are ways to stay informed and stay as safe as possible. [...]

Guardians of the Galaxy Made Me Love Linear Games

26 January 2022

Open worlds can be fantastic, but they can also be exhausting. [...]

Security Holes Opened Back Door To TCL Android Smart TVs

Related Stories

Related Posts

Tapping into the Power of the Security Community

Apple Patches ‘Actively Exploited’ iOS Security Flaw

This Week in Apps: Commission battles, Twitter NFTs and Epic’s appeal begins