technology-news.space - All about the world of technology!

  • Artificial Intelligence
  • Data Management & Statistics
  • Information Technology
  • Internet of Things
  • Networking
  • Robotics
  • Network
    • *** .SPACE NETWORK ***
      • art-news
      • eco-news
      • economic-news
      • family-news
      • job-news
      • motor-news
      • myhome-news
      • politic-news
      • realestate-news
      • scientific-news
      • show-news
      • technology-news
      • traveller-news
      • wellness-news
    • *** .CLOUD NETWORK ***
      • sportlife
      • calciolife
    • *** VENTIDI NETWORK ***
      • ventidinews
      • ventidisocieta
      • ventidispettacolo
      • ventidisport
      • ventidicronaca
      • ventidieconomia
      • ventidipolitica
    • *** MIX NETWORK ***
      • womenworld
      • sportlife
      • foodingnews
      • sportingnews
      • notiziealvino
Search
Login

technology-news.space - All about the world of technology!

Menu
Search

HOTTEST

  • A mysterious group of hacktivists has poisoned the DNS records of several Sri Lankans (.lk) websites on Saturday and redirected users to a web page detailing various social issues impacting the local population.
    While most of the affected domains were websites for local businesses and news sites, two high-profile domains for Google.lk and Oracle.lk, were also impacted, readers told ZDNet on Saturday.
    The following message was displayed on Google.lk for a few hours before authorities intervened. The message highlights issues with the local tea-growing industry, freedom of the press, the alleged corrupt political class and judicial system, and racial, minority, and religious issues.

    Image: ZDNet
    This attack took place on Saturday, February 6, just two days after Sri Lanka’s official national independence day, on February 4, which explains the nationalistic message.
    NIC.lk, the administrator of the country’s national LK top-level domain space, confirmed the attack on Saturday in a message posted on its website.
    “An issue with the .LK Domain Registration System arose early in the morning of Saturday, February 6th, which affected a few domains registered in .LK,” the organization said. “This issue was attended to expeditiously, and the matter was resolved by approx. 8.30 a.m.”
    The Telecommunications Regulatory Commission of Sri Lanka also confirmed the incident in a tweet on its account.


    Details about the attack and the number of impacted domains have not been made public. A NIC.lk spokesperson did not respond to a request for comment sent by ZDNet on Sunday.
    The attack didn’t go unnoticed in Sri Lanka, and several users tweeted about it over the weekend, even if the incident was active for only a few hours.

    Users in #SriLanka hv complained that https://t.co/bFifSYuMZa domain is being redirected to a site which highlights issues faced by teaworkers in #lka. Expert @aselawaid tweeted this appears to be a major domain level hijack which seems to be redirected to a propaganda page.
    — Jamila Husain (@Jamz5251) February 6, 2021

    This is the second cyber-security-related incident that impacts the NIC.lk organization. In 2013, hackers used an SQL injection attack to breach its database and steal data about .lk domain owners. More

  • The New South Wales government has announced a cybersecurity vulnerability management centre will be established in Bathurst. To be operated by Cyber Security NSW, the centre will be responsible for detecting, scanning, and managing online vulnerabilities and data across departments and agencies when operations commence in July. Minister for Customer Service Victor Dominello said the […] More

  • Cisco announced recently that it will not be releasing software updates for a vulnerability with its Universal Plug-and-Play (UPnP) service in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers.The vulnerability allows unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.”This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition,” Cisco said in a statement. “Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.”The vulnerability only affects the RV Series Routers if they have UPnP configured but the UPnP service is enabled by default on LAN interfaces and disabled by default on WAN interfaces.The company explained that to figure out if the UPnP feature is enabled on the LAN interface of a device, users should open the web-based management interface and navigate to Basic Settings > UPnP. If the Disable check box is unchecked, UPnP is enabled on the device.Cisco said that while disabling the affected feature has been proven successful in some test environments, customers should “determine the applicability and effectiveness in their own environment and under their own use conditions.” 

    They also warned that any workaround or mitigation might harm how their network functions or performs. Cisco urged customers to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers.The vulnerability and Cisco’s notice caused a minor stir among IT leaders, some of whom said exploiting it requires the threat actor to have access to an internal network, which can be gained easily through a phishing email or other methods. Jake Williams, CTO at BreachQuest, added that once inside, a threat actor could use this vulnerability to easily take control of the device using an exploit. “The vulnerable devices are widely deployed in smaller business environments. Some larger organizations also use the devices for remote offices. The vulnerability lies in uPnP, which is intended to allow dynamic reconfiguration of firewalls for external services that need to pass traffic inbound from the Internet,” Williams told ZDNet. “While uPnP is an extremely useful feature for home users, it has no place in business environments. Cisco likely leaves the uPnP feature enabled on its small business product line because those environments are less likely to have dedicated support staff who can reconfigure a firewall as needed for a product. Staff in these environments need everything to ‘just work.’ In the security space, we must remember that every feature is also additional attack surface waiting to be exploited.” Williams added that even without the vulnerability, if uPnP is enabled, threat actors inside the environment can use it to open ports on the firewall, allowing in dangerous traffic from the Internet. “Because the vulnerable devices are almost exclusively used in small business environments, with few dedicated technical support staff, they are almost never updated,” he noted.Vulcan Cyber CEO Yaniv Bar-Dayan said UPnP is a much-maligned service used in the majority of internet connected devices, estimating that more than 75% of routers have UPnP enabled. While Cisco’s Product Security Incident Response Team said it was not aware of any malicious use of this vulnerability so far, Bar-Dayan said UPnP has been used by hackers to take control of everything from IP cameras to enterprise network infrastructure. Other experts, like nVisium senior application security consultant Zach Varnell, added that it’s extremely common for the devices to rarely — or never — receive updates. “Users tend to want to leave well enough alone and not touch a device that’s been working well — including when it needs important updates. Many times, users also take advantage of plug-and-play functionality, so they do very little or zero configuration changes, leaving the device at its default status and ultimately, vulnerable,” Varnell said. New Net Technologies global vice president of security research Dirk Schrader added that while UPnP is one of the least known utilities to average consumers, it is used broadly in SOHO networking devices such as DSL or cable router, WLAN devices, even in printers. “UPnP is present in almost all home networking devices and is used by device to find other networked devices. It has been targeted before, and one of the big botnets, Mirai, relied heavily on UPnP. Given that the named Cisco devices are placed in the SOHO and SMB segment, the owners are most likely not aware of UPnP and what it does,” Schrader said. “That and the fact that no workaround or patch are available yet is a quite dangerous combination, as the installed base is certainly not small. Hope can be placed on the fact the — by default — UPnP is not enabled on the WAN interfaces of the affected Cisco device, only on the LAN side. As consumers are not likely to change that, for this vulnerability to be exploited, attackers seem to need a different, already established footprint within the LAN. But attackers will check the vulnerability and see what else can be done with it.” More

  • EyeMed has agreed to $600,000 in penalties to settle the case of a 2020 data breach that exposed the information of roughly 2.1 million consumers. 

    The agreement was announced this week. According to New York Attorney General Letitia James, the data breach exposed sensitive information, including names, mailing addresses, full or partial Social Security numbers, dates of birth, driving licenses, healthcare IDs, diagnoses and condition notes, and treatment information. Out of the 2.1 million individuals involved in the security incident, 98,632 New York state residents.  Based in Cincinnati, Ohio, EyeMed Vision Care is a network provider for independent optometrists, opticians, ophthalmologists, as well as eye doctors in retail settings. The organization caters to over 60 million users.  According to court documents (.PDF), on or around June 24, 2020, an unknown attacker used stolen credentials to access an enrollment email account used by EyeMed. Over the course of a week, the threat actor was able to view correspondence and access sensitive consumer data.  The cybercriminal was able to exfiltrate this data, in theory, but a cyberforensics firm hired to investigate the incident was unable to conclude whether or not they did steal consumer information.  In July, the attacker then used the email account to send roughly 2,000 phishing emails to clients. 

    “The phishing messages purported to be a request for proposal to deceive recipients into providing credentials to the attacker,” the settlement document reads.  EyeMed was alerted to the intrusion once the scam messages were sent and booted the attacker from its system.  It took a further two months before impacted clients began to be notified of the data breach — and as this has been conducted on a rolling basis, customers were still being told up to January 2021. Clients have been offered credit monitoring services, fraud consultation, and identity theft restoration. Minors, too, were affected — and for this group, EyeMed has also offered Social Security Number trace.  The Office of the Attorney General launched its own investigation into the data breach and concluded that the original email account was not protected with multi-factor authentication (MFA).  “Additionally, EyeMed failed to adequately implement sufficient password management requirements for the enrollment email account given that it was accessible via a web browser and contained a large volume of sensitive personal information,” the office says. “The company also failed to maintain adequate logging of its email accounts, which made it difficult to investigate security incidents.” Under the terms of the agreement, EyeMed will pay the state of New York penalties totaling $600,000. In addition, the company must improve its cybersecurity posture maintain “reasonable” account management protocols, including the implementation of MFA in remote and administrative settings, and sensitive information collected from consumers must be encrypted.  If it is no longer necessary to store consumer information, the company is now under orders to permanently delete it.  A penetration testing program must also be implemented to identify any vulnerabilities or further security issues in the EyeMed network.  “New Yorkers should have every assurance that their personal health information will remain private and protected,” commented Attorney General James. “EyeMed betrayed that trust by failing to keep an eye on its own security system, which in turn compromised the personal information of millions of individuals. Let this agreement signal our continued commitment to holding companies accountable and ensuring that they are looking out for New Yorkers’ best interest.” ZDNet has reached out to EyeMed with additional queries, and we will update when we hear back.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • Image: Blake Cheek
    A US judge has sentenced a 22-year-old hacker to eight years in prison for engaging in DDoS extortion schemes, making fake bomb threats against companies and schools across the world, and possession of child pornography materials.

    Identified as Timothy Dalton Vaughn, a resident of Winston-Salem, North Carolina, the hacker was arrested in February 2019, pleaded guilty in November of the same year, and was sentenced to 95 months in prison on Monday, following delays to his sentencing due to the COVID-19 pandemic.
    Vaughn, who went online as “Hacker_R_US” and “WantedbyFeds,” was a member of Apophis Squad, a hacker group who made a splash in the first eight months of 2018 and then fizzled out of existence after a law enforcement crackdown.
    The group was your typical loudmouth hacker squad that bragged about launching DDoS attacks on their Twitter account, but according to court documents, they also extorted some of their targets in private, asking for money to stop their attacks.
    But while they’re not the only hacker group to engage in DDoS extortion, Apophis Squad members went off the rails in the summer of 2018, when, for no apparent reason, they escalated their online nuisance to a whole new level by beginning to make erratic bomb threats against a wide range of targets that included schools, airports, government organizations, and many private companies.
    Obviously, the switch to such brazen tactics didn’t go unanswered and a law enforcement crackdown followed soon after, especially after one of their fake bomb threats forced a plane to make an emergency landing.
    UK police arrested the group’s leader in August 2018, and Vaughn’s arrest followed the next February.

    The group’s leader, who went online by nicknames such as “optcz1,” “DigitalCrimes,” and “7R1D3N7,” was identified as George Duke-Cohan, 19, from Hertfordshire, UK.
    Duke-Cohan was linked to DDoS extortions and fake bomb threats, and the hacker was quickly trialed in the fall of 2018 to receive a three-year prison sentence in December 2018.
    In the follow-up case in the US, authorities similarly linked Vaughn to a $20,000 DDoS extortion against a Long Beach company and bomb threats made against 86 school districts, where he and other co-conspirators claimed to have planted ammonium nitrate and fuel oil bombs in school buildings; rocket-propelled grenade heads under school buses; and land mines on sports fields.
    During a subsequent arrest and house search, the FBI said it also found child pornography materials on Vaughn’s devices and tacked on additional charges.
    Vaughn was sentenced to 95 months for the child pornography possession charge and 60 months for the other charges. The terms will be served concurrently for a sentence of 95 months (7 years and 11 months) in prison. More

Internet of Things

  • Samsung Spotlights Next-generation IoT Innovations for Retailers at National Retail Federation’s BIG Show 2017

    Read More

  • That’s Fantasy! The World’s First Stone Shines And Leads You to The Right Way

    Read More

  • LG Pushes Smart Home Appliances To Another Dimension With ‘Deep Learning’ Technology

    Read More

  • The Port of Hamburg Embarks on IoT: Air Quality Measurement with Sensors

    Read More

Artificial Intelligence

  • in Artificial Intelligence

    Contact-aware robot design

    19 July 2021, 04:00

  • in Artificial Intelligence

    MIT Schwarzman College of Computing awards named professorships to two faculty members

    16 July 2021, 15:45

  • in Artificial Intelligence

    Getting dressed with help from robots

    14 July 2021, 19:15

  • in Artificial Intelligence

    Software to accelerate R&D

    13 July 2021, 04:00

  • in Artificial Intelligence

    Sertac Karaman named director of the Laboratory for Information and Decision Systems

    12 July 2021, 16:00

  • in Artificial Intelligence

    The tenured engineers of 2021

    9 July 2021, 20:00

  • in Artificial Intelligence

    US Air Force pilots get an artificial intelligence assist with scheduling aircrews

    8 July 2021, 18:45

  • in Artificial Intelligence

    Infrared cameras and artificial intelligence provide insight into boiling

    7 July 2021, 20:15

  • in Artificial Intelligence

    Designing exploratory robots that collect data for marine scientists

    7 July 2021, 04:00

Robotics

  • in Robotics

    I replaced my AirPods with these Nothing earbuds, and I’m not going back

    1 July 2025, 14:24

  • in Robotics

    Can AI outdiagnose doctors? Microsoft’s tool is 4 times better for complex cases

    1 July 2025, 14:18

  • in Robotics

    Why I recommend this LG OLED model over competing TVs – especially at $900 off

    1 July 2025, 14:17

  • in Robotics

    Got a suspicious UPS text? Don’t reply – it might be a scam. Here’s how to tell

    1 July 2025, 14:13

  • in Robotics

    4 Linux distros that need your attention when upgrading – and why

    1 July 2025, 14:13

  • in Robotics

    My favorite PC accessory keeps me productive on the go – and it’s 50% off

    1 July 2025, 14:04

  • in Robotics

    Best Prime Day tablet deals: My 22 favorite sales live now

    1 July 2025, 13:57

  • in Robotics

    Finally, I found a compact power station that supports expansion batteries

    1 July 2025, 13:57

  • in Robotics

    Get an Apple Pencil (2nd Gen) for just $107

    1 July 2025, 13:56

Networking

  • Ham radio is alive and well – and still a lifeline in disasters

  • How ham radio endures – and remains a disaster lifeline – in the iPhone era

  • Tonight’s solar storm could dazzle lower US with northern lights – and impact satellite tech

  • How to use Wi-Fi calling on your mobile phone if cellular service is down

  • Starlink’s Hurricane relief offer is not quite as free as advertised

  • How to use your iPhone’s emergency satellite features if you lose cell coverage

  • The life-changing magic of organizing your browsing life – with Arc profiles

Data Management & Statistics

  • Method prevents an AI model from being overconfident about wrong answers

  • Groundbreaking poverty alleviation project expands with new Arnold Ventures, J-PAL North America collaboration

  • Roadmap details how to improve exoplanet exploration using the JWST

  • Study: When allocating scarce resources with AI, randomization can improve fairness

  • AI model identifies certain breast tumor stages likely to progress to invasive cancer

  • How to assess a general-purpose AI model’s reliability before it’s deployed

  • Machine learning and the microscope

ABOUT

The QUATIO - web agency di Torino - is currently composed of 28 thematic-vertical online portals, which average about 2.300.000 pages per month per portal, each with an average visit time of 3:12 minutes and with about 2100 total news per day available for our readers of politics, economy, sports, gossip, entertainment, real estate, wellness, technology, ecology, society and much more themes ...

technology-news.space is one of the portals of the network of:

Quatio di CAPASSO ROMANO - Web Agency di Torino
SEDE LEGALE: CORSO PESCHIERA, 211 - 10141 - ( TORINO )
P.IVA IT07957871218 - REA TO-1268614

ALL RIGHTS RESERVED © 2015 - 2025 | Developed by: Quatio

ITALIAN LANGUAGE

calciolife.cloud | notiziealvino.it | sportingnews.it | sportlife.cloud | ventidicronaca.it | ventidieconomia.it | ventidinews.it | ventidipolitica.it | ventidisocieta.it | ventidispettacolo.it | ventidisport.it

ENGLISH LANGUAGE

art-news.space | eco-news.space | economic-news.space | family-news.space | job-news.space | motor-news.space | myhome-news.space | politic-news.space | realestate-news.space | scientific-news.space | show-news.space | sportlife.news | technology-news.space | traveller-news.space | wellness-news.space | womenworld.eu | foodingnews.it

This portal is not a newspaper as it is updated without periodicity. It cannot be considered an editorial product pursuant to law n. 62 of 7.03.2001. The author of the portal is not responsible for the content of comments to posts, the content of the linked sites. Some texts or images included in this portal are taken from the internet and, therefore, considered to be in the public domain; if their publication is violated, the copyright will be promptly communicated via e-mail. They will be immediately removed.

  • Home
  • Network
  • Terms and Conditions
  • Privacy Policy
  • Cookies
  • Contact
Back to Top
Close
  • Artificial Intelligence
  • Data Management & Statistics
  • Information Technology
  • Internet of Things
  • Networking
  • Robotics
  • Network
    • *** .SPACE NETWORK ***
      • art-news
      • eco-news
      • economic-news
      • family-news
      • job-news
      • motor-news
      • myhome-news
      • politic-news
      • realestate-news
      • scientific-news
      • show-news
      • technology-news
      • traveller-news
      • wellness-news
    • *** .CLOUD NETWORK ***
      • sportlife
      • calciolife
    • *** VENTIDI NETWORK ***
      • ventidinews
      • ventidisocieta
      • ventidispettacolo
      • ventidisport
      • ventidicronaca
      • ventidieconomia
      • ventidipolitica
    • *** MIX NETWORK ***
      • womenworld
      • sportlife
      • foodingnews
      • sportingnews
      • notiziealvino