A serious vulnerability has been found in the Microsoft Office suite that could potentially allow attackers to execute arbitrary code.
She was assigned the number CVE-2022-30190, and among the researchers they gave the name Follina. As noted in Kaspersky Lab, the most unpleasant thing is that there is no fix yet, and in the meantime, the vulnerability is already being actively exploited by attackers. Vulnerability CVE-2022-30190 threatens all operating systems of the Windows family, both regular and server.
While the update is being developed, experts recommend that all Windows users and administrators take advantage of temporary workarounds. As a Microsoft workaround recommends disable the MSDT URL protocol.
The CVE-2022-30190 vulnerability itself is contained in the Microsoft Windows Support Diagnostic Tool (MSDT), but due to the implementation of this tool, a single malicious office document is enough to exploit the vulnerability.
“The issue of protecting national security is more important than short-term profits,” not all US chipmakers are happy with the sanctions, according to Gina Raimondo.
US Commerce Secretary Gina Raimondo admitted that not all American chipmakers are happy with the sanctions against China, since the restrictions lead to a loss of profit.
“I know there are heads of chip companies sitting in the room who are a little annoyed by what I did because [они] lose profits. But that’s life. The issue of protecting national security is more important than short-term profit,” said Gina Raimondo.
She added that mostly representatives of this industry cooperate and help her department, but she also acknowledged the presence of some problems.
We have a good relationship. But of course there is some natural tension. For the first time, we refused an entire country, i.e. China, in access to semiconductors and equipment. We will continue to work in this direction.
She also acknowledged that if Japan and the Netherlands, which have leading positions in semiconductor manufacturing equipment, continue to supply China, then sanctions will make no sense.
iMessage for Android only lasted a few days. Nothing Chats app removed from Google Store and has security issues
The other day, a rather curious event happened on the market quite quietly. Nothing has introduced the Nothing Chats application, which could be called just another instant messenger, but the point is that this application actually allows Android owners to exchange messages with iPhone owners via iMessage. And a few days later, this application was removed from the Google Store.
Nothing initially stated that this was done due to the discovery of several bugs that simply needed to be fixed. However, it seems that the real reason is something else, and it is worse.
Let us remind you that the interaction between the Android messenger and iMessage occurs on a third party. She is represented by the Sunbird company, which provides its platform through which the magic happens. However, it turned out that in terms of data security, this platform is apparently much worse than Sunbird itself stated. In particular, there is no end-to-end encryption.
The Sunbird platform, and therefore the Nothing Chats app, requires a new user of the app to submit their Apple ID credentials to set up syncing. This data is then authenticated on your behalf using a virtual machine running MacOS. The main problem is that the request containing user credentials occurs over an unencrypted channel (HTTP).
The situation as a whole is more complex and is fully described on the Text.Blog website, where several specialists explain how they discovered the problem and what it is. Among other things, they show that they can obtain users’ personal data.
Thus, in fact, Nothing may not be to blame for the situation, but whether the application will now return to the Google Store is an open question.
“Eliminate the password with best-in-class security keys.” New Google Titan Security Keys Unveiled
Google has introduced a new version of the Titan Security Key. The new product is already available for purchase at a price of $30.
In its press release, Google from the very first lines focuses on the fact that this solution allows you to abandon passwords.
Eliminate passwords and prevent attacks with best-in-class security keys that can store up to 250 unique access keys, and learn about our commitment to providing 100,000 keys to high-risk users worldwide by 2024
We are talking about free distribution of 100,000 such devices. Google says it and its partners will distribute the Titan Security Key to users around the world.
The new version of the dongle is available in two versions: USB-A and USB-C. The first one costs 30 dollars, but for some reason they ask for 35 dollars for the second one. Both versions have an NFC module for easy and fast connection to mobile devices.
Google Keys supports FIDO2, so can be used as a two-factor authentication solution.
Fossibot, which recently introduced the Fossibot DT2 rugged tablet, announced that it has gone on sale. The Fossibot DT2 boasts...
Bosch will have to cut 1,500 jobs to adapt to the automotive market
Bosch needs to cut up to 1,500 jobs at its two German plants by 2025 to “adapt workforce levels to...
The remains of a “high-speed” comet can cause a new meteor shower: astronomers expect it tomorrow
The remnants of near-Earth comet 46P/Wirtanen (46P/Wirtanen) may enter the Earth’s atmosphere, causing a new meteor shower called the Lambda-Sculptorids...
Huawei has learned to bypass technological embargoes under sanctions and create its own components
Huawei’s Mate 60 Pro smartphone is showing “significant progress” in circumventing technology embargoes, according to the latest data from research...
Phones5 days ago
New Redmi smartphone, cheap. Redmi 13C 5G presented
News5 days ago
Polaris Slingshot 2024 unveiled
News2 days ago
ChatGPT began to become lazy and refuse to respond, and the developers say that this behavior formed on its own
News6 days ago
“Gateway to Mars,” a huge neon sign appeared on the Starship launch pad